Include the "user_uuid" claim on JWTs for easier Wings user tracking

This commit is contained in:
DaneEveritt 2022-07-04 17:34:56 -04:00
parent 74c3b00828
commit dc90d8b505
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
5 changed files with 32 additions and 12 deletions

View file

@ -93,6 +93,7 @@ class FileController extends ClientApiController
{ {
$token = $this->jwtService $token = $this->jwtService
->setExpiresAt(CarbonImmutable::now()->addMinutes(15)) ->setExpiresAt(CarbonImmutable::now()->addMinutes(15))
->setUser($request->user())
->setClaims([ ->setClaims([
'file_path' => rawurldecode($request->get('file')), 'file_path' => rawurldecode($request->get('file')),
'server_uuid' => $server->uuid, 'server_uuid' => $server->uuid,

View file

@ -55,9 +55,8 @@ class FileUploadController extends ClientApiController
{ {
$token = $this->jwtService $token = $this->jwtService
->setExpiresAt(CarbonImmutable::now()->addMinutes(15)) ->setExpiresAt(CarbonImmutable::now()->addMinutes(15))
->setClaims([ ->setUser($user)
'server_uuid' => $server->uuid, ->setClaims(['server_uuid' => $server->uuid])
])
->handle($server->node, $user->id . $server->uuid); ->handle($server->node, $user->id . $server->uuid);
return sprintf( return sprintf(

View file

@ -69,8 +69,8 @@ class WebsocketController extends ClientApiController
$token = $this->jwtService $token = $this->jwtService
->setExpiresAt(CarbonImmutable::now()->addMinutes(10)) ->setExpiresAt(CarbonImmutable::now()->addMinutes(10))
->setUser($request->user())
->setClaims([ ->setClaims([
'user_id' => $request->user()->id,
'server_uuid' => $server->uuid, 'server_uuid' => $server->uuid,
'permissions' => $permissions, 'permissions' => $permissions,
]) ])

View file

@ -41,6 +41,7 @@ class DownloadLinkService
$token = $this->jwtService $token = $this->jwtService
->setExpiresAt(CarbonImmutable::now()->addMinutes(15)) ->setExpiresAt(CarbonImmutable::now()->addMinutes(15))
->setUser($user)
->setClaims([ ->setClaims([
'backup_uuid' => $backup->uuid, 'backup_uuid' => $backup->uuid,
'server_uuid' => $backup->server->uuid, 'server_uuid' => $backup->server->uuid,

View file

@ -6,6 +6,7 @@ use DateTimeImmutable;
use Carbon\CarbonImmutable; use Carbon\CarbonImmutable;
use Illuminate\Support\Str; use Illuminate\Support\Str;
use Pterodactyl\Models\Node; use Pterodactyl\Models\Node;
use Pterodactyl\Models\User;
use Lcobucci\JWT\Configuration; use Lcobucci\JWT\Configuration;
use Lcobucci\JWT\Signer\Hmac\Sha256; use Lcobucci\JWT\Signer\Hmac\Sha256;
use Lcobucci\JWT\Signer\Key\InMemory; use Lcobucci\JWT\Signer\Key\InMemory;
@ -13,20 +14,16 @@ use Pterodactyl\Extensions\Lcobucci\JWT\Encoding\TimestampDates;
class NodeJWTService class NodeJWTService
{ {
/** private array $claims = [];
* @var array
*/ private ?User $user = null;
private $claims = [];
/** /**
* @var \DateTimeImmutable|null * @var \DateTimeImmutable|null
*/ */
private $expiresAt; private $expiresAt;
/** private ?string $subject = null;
* @var string|null
*/
private $subject;
/** /**
* Set the claims to include in this JWT. * Set the claims to include in this JWT.
@ -40,6 +37,17 @@ class NodeJWTService
return $this; return $this;
} }
/**
* Attaches a user to the JWT being created and will automatically inject the
* "user_uuid" key into the final claims array with the user's UUID.
*/
public function setUser(User $user): self
{
$this->user = $user;
return $this;
}
/** /**
* @return $this * @return $this
*/ */
@ -92,6 +100,17 @@ class NodeJWTService
$builder = $builder->withClaim($key, $value); $builder = $builder->withClaim($key, $value);
} }
if (!is_null($this->user)) {
$builder = $builder
->withClaim('user_uuid', $this->user->uuid)
// The "user_id" claim is deprecated and should not be referenced — it remains
// here solely to ensure older versions of Wings are unaffected when the Panel
// is updated.
//
// This claim will be removed in Panel@1.11 or later.
->withClaim('user_id', $this->user->id);
}
return $builder return $builder
->withClaim('unique_id', Str::random(16)) ->withClaim('unique_id', Str::random(16))
->getToken($config->signer(), $config->signingKey()); ->getToken($config->signer(), $config->signingKey());