Move everything around as needed to get things setup for the client API

This commit is contained in:
Dane Everitt 2018-02-25 15:30:56 -06:00
parent 8daf97021a
commit e28973bcae
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
17 changed files with 199 additions and 46 deletions

View file

@ -0,0 +1,9 @@
<?php
namespace Pterodactyl\Exceptions\Transformer;
use Pterodactyl\Exceptions\PterodactylException;
class InvalidTransformerLevelException extends PterodactylException
{
}

View file

@ -7,13 +7,15 @@ use Illuminate\Http\Response;
use Illuminate\Container\Container; use Illuminate\Container\Container;
use Pterodactyl\Http\Controllers\Controller; use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Extensions\Spatie\Fractalistic\Fractal; use Pterodactyl\Extensions\Spatie\Fractalistic\Fractal;
use Pterodactyl\Transformers\Api\Application\BaseTransformer;
use Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException;
abstract class ApplicationApiController extends Controller abstract class ApplicationApiController extends Controller
{ {
/** /**
* @var \Illuminate\Http\Request * @var \Illuminate\Http\Request
*/ */
private $request; protected $request;
/** /**
* @var \Pterodactyl\Extensions\Spatie\Fractalistic\Fractal * @var \Pterodactyl\Extensions\Spatie\Fractalistic\Fractal
@ -54,6 +56,8 @@ abstract class ApplicationApiController extends Controller
* *
* @param string $abstract * @param string $abstract
* @return \Pterodactyl\Transformers\Api\Application\BaseTransformer * @return \Pterodactyl\Transformers\Api\Application\BaseTransformer
*
* @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
*/ */
public function getTransformer(string $abstract) public function getTransformer(string $abstract)
{ {
@ -61,6 +65,10 @@ abstract class ApplicationApiController extends Controller
$transformer = Container::getInstance()->make($abstract); $transformer = Container::getInstance()->make($abstract);
$transformer->setKey($this->request->attributes->get('api_key')); $transformer->setKey($this->request->attributes->get('api_key'));
if (! $transformer instanceof BaseTransformer) {
throw new InvalidTransformerLevelException('Calls to ' . __METHOD__ . ' must return a transformer that is an instance of ' . __CLASS__);
}
return $transformer; return $transformer;
} }

View file

@ -0,0 +1,30 @@
<?php
namespace Pterodactyl\Http\Controllers\Api\Application;
use Illuminate\Container\Container;
use Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException;
abstract class ClientApiController extends ApplicationApiController
{
/**
* Return an instance of an application transformer.
*
* @param string $abstract
* @return \Pterodactyl\Transformers\Api\Client\BaseClientTransformer
*
* @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
*/
public function getTransformer(string $abstract)
{
/** @var \Pterodactyl\Transformers\Api\Client\BaseClientTransformer $transformer */
$transformer = Container::getInstance()->make($abstract);
$transformer->setKey($this->request->attributes->get('api_key'));
if (! $transformer instanceof self) {
throw new InvalidTransformerLevelException('Calls to ' . __METHOD__ . ' must return a transformer that is an instance of ' . __CLASS__);
}
return $transformer;
}
}

View file

@ -0,0 +1,9 @@
<?php
namespace Pterodactyl\Http\Controllers\Api\Client;
use Pterodactyl\Http\Controllers\Api\Application\ClientApiController;
class ClientController extends ClientApiController
{
}

View file

@ -2,6 +2,7 @@
namespace Pterodactyl\Http; namespace Pterodactyl\Http;
use Pterodactyl\Models\ApiKey;
use Illuminate\Auth\Middleware\Authorize; use Illuminate\Auth\Middleware\Authorize;
use Illuminate\Auth\Middleware\Authenticate; use Illuminate\Auth\Middleware\Authenticate;
use Pterodactyl\Http\Middleware\TrimStrings; use Pterodactyl\Http\Middleware\TrimStrings;
@ -14,11 +15,14 @@ use Pterodactyl\Http\Middleware\AdminAuthenticate;
use Illuminate\Routing\Middleware\ThrottleRequests; use Illuminate\Routing\Middleware\ThrottleRequests;
use Pterodactyl\Http\Middleware\LanguageMiddleware; use Pterodactyl\Http\Middleware\LanguageMiddleware;
use Illuminate\Foundation\Http\Kernel as HttpKernel; use Illuminate\Foundation\Http\Kernel as HttpKernel;
use Pterodactyl\Http\Middleware\Api\AuthenticateKey;
use Illuminate\Routing\Middleware\SubstituteBindings; use Illuminate\Routing\Middleware\SubstituteBindings;
use Pterodactyl\Http\Middleware\AccessingValidServer; use Pterodactyl\Http\Middleware\AccessingValidServer;
use Pterodactyl\Http\Middleware\Api\SetSessionDriver;
use Illuminate\View\Middleware\ShareErrorsFromSession; use Illuminate\View\Middleware\ShareErrorsFromSession;
use Pterodactyl\Http\Middleware\RedirectIfAuthenticated; use Pterodactyl\Http\Middleware\RedirectIfAuthenticated;
use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth; use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
use Pterodactyl\Http\Middleware\Api\AuthenticateIPAccess;
use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings; use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings;
use Illuminate\Foundation\Http\Middleware\ValidatePostSize; use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse; use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
@ -28,12 +32,9 @@ use Pterodactyl\Http\Middleware\Server\SubuserBelongsToServer;
use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication; use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;
use Pterodactyl\Http\Middleware\Server\DatabaseBelongsToServer; use Pterodactyl\Http\Middleware\Server\DatabaseBelongsToServer;
use Pterodactyl\Http\Middleware\Server\ScheduleBelongsToServer; use Pterodactyl\Http\Middleware\Server\ScheduleBelongsToServer;
use Pterodactyl\Http\Middleware\Api\Application\AuthenticateKey;
use Pterodactyl\Http\Middleware\Api\Application\AuthenticateUser;
use Pterodactyl\Http\Middleware\Api\Application\SetSessionDriver;
use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode; use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode;
use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull; use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
use Pterodactyl\Http\Middleware\Api\Application\AuthenticateIPAccess; use Pterodactyl\Http\Middleware\Api\Application\AuthenticateApplicationUser;
use Pterodactyl\Http\Middleware\DaemonAuthenticate as OldDaemonAuthenticate; use Pterodactyl\Http\Middleware\DaemonAuthenticate as OldDaemonAuthenticate;
class Kernel extends HttpKernel class Kernel extends HttpKernel
@ -71,8 +72,15 @@ class Kernel extends HttpKernel
'throttle:120,1', 'throttle:120,1',
ApiSubstituteBindings::class, ApiSubstituteBindings::class,
SetSessionDriver::class, SetSessionDriver::class,
AuthenticateKey::class, 'api..key:' . ApiKey::TYPE_APPLICATION,
AuthenticateUser::class, AuthenticateApplicationUser::class,
AuthenticateIPAccess::class,
],
'client-api' => [
'throttle:60,1',
ApiSubstituteBindings::class,
SetSessionDriver::class,
'api..key:' . ApiKey::TYPE_ACCOUNT,
AuthenticateIPAccess::class, AuthenticateIPAccess::class,
], ],
'daemon' => [ 'daemon' => [
@ -107,5 +115,8 @@ class Kernel extends HttpKernel
'server..database' => DatabaseBelongsToServer::class, 'server..database' => DatabaseBelongsToServer::class,
'server..subuser' => SubuserBelongsToServer::class, 'server..subuser' => SubuserBelongsToServer::class,
'server..schedule' => ScheduleBelongsToServer::class, 'server..schedule' => ScheduleBelongsToServer::class,
// API Specific Middleware
'api..key' => AuthenticateKey::class,
]; ];
} }

View file

@ -6,7 +6,7 @@ use Closure;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
class AuthenticateUser class AuthenticateApplicationUser
{ {
/** /**
* Authenticate that the currently authenticated user is an administrator * Authenticate that the currently authenticated user is an administrator

View file

@ -1,6 +1,6 @@
<?php <?php
namespace Pterodactyl\Http\Middleware\Api\Application; namespace Pterodactyl\Http\Middleware\Api;
use Closure; use Closure;
use IPTools\IP; use IPTools\IP;

View file

@ -1,6 +1,6 @@
<?php <?php
namespace Pterodactyl\Http\Middleware\Api\Application; namespace Pterodactyl\Http\Middleware\Api;
use Closure; use Closure;
use Cake\Chronos\Chronos; use Cake\Chronos\Chronos;
@ -50,12 +50,13 @@ class AuthenticateKey
* *
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @param \Closure $next * @param \Closure $next
* @param int $keyType
* @return mixed * @return mixed
* *
* @throws \Pterodactyl\Exceptions\Model\DataValidationException * @throws \Pterodactyl\Exceptions\Model\DataValidationException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
*/ */
public function handle(Request $request, Closure $next) public function handle(Request $request, Closure $next, int $keyType)
{ {
if (is_null($request->bearerToken())) { if (is_null($request->bearerToken())) {
throw new HttpException(401, null, null, ['WWW-Authenticate' => 'Bearer']); throw new HttpException(401, null, null, ['WWW-Authenticate' => 'Bearer']);
@ -68,7 +69,7 @@ class AuthenticateKey
try { try {
$model = $this->repository->findFirstWhere([ $model = $this->repository->findFirstWhere([
['identifier', '=', $identifier], ['identifier', '=', $identifier],
['key_type', '=', ApiKey::TYPE_APPLICATION], ['key_type', '=', $keyType],
]); ]);
} catch (RecordNotFoundException $exception) { } catch (RecordNotFoundException $exception) {
throw new AccessDeniedHttpException; throw new AccessDeniedHttpException;

View file

@ -0,0 +1,27 @@
<?php
namespace Pterodactyl\Http\Middleware\Api\Client;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
class AuthenticateClientAccess
{
/**
* Authenticate that the currently authenticated user has permission
* to access the specified server.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
if (is_null($request->user())) {
throw new AccessDeniedHttpException('This account does not have permission to access this resource.');
}
return $next($request);
}
}

View file

@ -1,6 +1,6 @@
<?php <?php
namespace Pterodactyl\Http\Middleware\Api\Application; namespace Pterodactyl\Http\Middleware\Api;
use Closure; use Closure;
use Illuminate\Http\Request; use Illuminate\Http\Request;

View file

@ -41,6 +41,10 @@ class RouteServiceProvider extends ServiceProvider
->namespace($this->namespace . '\Api\Application') ->namespace($this->namespace . '\Api\Application')
->group(base_path('routes/api-application.php')); ->group(base_path('routes/api-application.php'));
Route::middleware(['client-api'])->prefix('/api/client')
->namespace($this->namespace . '\Api\Client')
->group(base_path('routes/api-client.php'));
Route::middleware(['daemon'])->prefix('/api/remote') Route::middleware(['daemon'])->prefix('/api/remote')
->namespace($this->namespace . '\Api\Remote') ->namespace($this->namespace . '\Api\Remote')
->group(base_path('routes/api-remote.php')); ->group(base_path('routes/api-remote.php'));

View file

@ -7,6 +7,7 @@ use Pterodactyl\Models\ApiKey;
use Illuminate\Container\Container; use Illuminate\Container\Container;
use League\Fractal\TransformerAbstract; use League\Fractal\TransformerAbstract;
use Pterodactyl\Services\Acl\Api\AdminAcl; use Pterodactyl\Services\Acl\Api\AdminAcl;
use Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException;
abstract class BaseTransformer extends TransformerAbstract abstract class BaseTransformer extends TransformerAbstract
{ {
@ -78,13 +79,19 @@ abstract class BaseTransformer extends TransformerAbstract
* @param string $abstract * @param string $abstract
* @param array $parameters * @param array $parameters
* @return \Pterodactyl\Transformers\Api\Application\BaseTransformer * @return \Pterodactyl\Transformers\Api\Application\BaseTransformer
*
* @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
*/ */
protected function makeTransformer(string $abstract, array $parameters = []): self protected function makeTransformer(string $abstract, array $parameters = [])
{ {
/** @var \Pterodactyl\Transformers\Api\Application\BaseTransformer $transformer */ /** @var \Pterodactyl\Transformers\Api\Application\BaseTransformer $transformer */
$transformer = Container::getInstance()->makeWith($abstract, $parameters); $transformer = Container::getInstance()->makeWith($abstract, $parameters);
$transformer->setKey($this->getKey()); $transformer->setKey($this->getKey());
if (! $transformer instanceof self) {
throw new InvalidTransformerLevelException('Calls to ' . __METHOD__ . ' must return a transformer that is an instance of ' . __CLASS__);
}
return $transformer; return $transformer;
} }

View file

@ -97,6 +97,8 @@ class ServerTransformer extends BaseTransformer
* *
* @param \Pterodactyl\Models\Server $server * @param \Pterodactyl\Models\Server $server
* @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource * @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource
*
* @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
*/ */
public function includeAllocations(Server $server) public function includeAllocations(Server $server)
{ {

View file

@ -0,0 +1,44 @@
<?php
namespace Pterodactyl\Transformers\Api\Client;
use Pterodactyl\Services\Acl\Api\AdminAcl;
use Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException;
use Pterodactyl\Transformers\Api\Application\BaseTransformer as BaseApplicationTransformer;
abstract class BaseClientTransformer extends BaseApplicationTransformer
{
/**
* Determine if the API key loaded onto the transformer has permission
* to access a different resource. This is used when including other
* models on a transformation request.
*
* @param string $resource
* @return bool
*/
protected function authorize(string $resource): bool
{
return AdminAcl::check($this->getKey(), $resource, AdminAcl::READ);
}
/**
* Create a new instance of the transformer and pass along the currently
* set API key.
*
* @param string $abstract
* @param array $parameters
* @return self
*
* @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
*/
protected function makeTransformer(string $abstract, array $parameters = [])
{
$transformer = parent::makeTransformer($abstract, $parameters);
if (! $transformer instanceof self) {
throw new InvalidTransformerLevelException('Calls to ' . __METHOD__ . ' must return a transformer that is an instance of ' . __CLASS__);
}
return $transformer;
}
}

28
routes/api-client.php Normal file
View file

@ -0,0 +1,28 @@
<?php
use Pterodactyl\Http\Middleware\Api\Client\AuthenticateClientAccess;
/*
|--------------------------------------------------------------------------
| Client Control API
|--------------------------------------------------------------------------
|
| Endpoint: /api/client
|
*/
Route::get('/', 'ClientController@index')->name('api.client.index');
/*
|--------------------------------------------------------------------------
| Client Control API
|--------------------------------------------------------------------------
|
| Endpoint: /api/client/servers/{server}
|
*/
Route::group(['prefix' => '/servers/{server}', 'middleware' => [AuthenticateClientAccess::class]], function () {
Route::get('/', 'Server\ServerController@index')->name('api.client.servers.view');
Route::post('/command', 'Server\CommandController@index')->name('api.client.servers.command');
Route::post('/power', 'Server\PowerController@index')->name('api.client.servers.power');
});

View file

@ -1,27 +0,0 @@
<?php
/*
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* This software is licensed under the terms of the MIT license.
* https://opensource.org/licenses/MIT
*/
//Route::get('/', 'CoreController@index')->name('api.user');
//
///*
//|--------------------------------------------------------------------------
//| Server Controller Routes
//|--------------------------------------------------------------------------
//|
//| Endpoint: /api/user/server/{server}
//|
//*/
//Route::group([
// 'prefix' => '/server/{server}',
// 'middleware' => 'server',
//], function () {
// Route::get('/', 'ServerController@index')->name('api.user.server');
//
// Route::post('/power', 'ServerController@power')->name('api.user.server.power');
// Route::post('/command', 'ServerController@command')->name('api.user.server.command');
//});

View file

@ -1,9 +1,9 @@
<?php <?php
namespace Tests\Unit\Http\Middleware\Api\Application; namespace Tests\Unit\Http\Middleware\API\Application;
use Tests\Unit\Http\Middleware\MiddlewareTestCase; use Tests\Unit\Http\Middleware\MiddlewareTestCase;
use Pterodactyl\Http\Middleware\Api\Application\AuthenticateUser; use Pterodactyl\Http\Middleware\Api\Application\AuthenticateApplicationUser;
class AuthenticateUserTest extends MiddlewareTestCase class AuthenticateUserTest extends MiddlewareTestCase
{ {
@ -44,10 +44,10 @@ class AuthenticateUserTest extends MiddlewareTestCase
/** /**
* Return an instance of the middleware for testing. * Return an instance of the middleware for testing.
* *
* @return \Pterodactyl\Http\Middleware\Api\Application\AuthenticateUser * @return \Pterodactyl\Http\Middleware\Api\Application\AuthenticateApplicationUser
*/ */
private function getMiddleware(): AuthenticateUser private function getMiddleware(): AuthenticateApplicationUser
{ {
return new AuthenticateUser; return new AuthenticateApplicationUser;
} }
} }