Massively simplify API binding logic
Changes the API internals to use normal Laravel binding which automatically supports nested-models and can determine their relationships. This removes a lot of confusingly complex internal logic and replaces it with standard Laravel code. This also removes a deprecated "getModel" method and fully replaces it with a "parameter" method that does stricter type-checking.
This commit is contained in:
parent
f1235c7f88
commit
e313dff674
53 changed files with 290 additions and 604 deletions
|
@ -75,9 +75,9 @@ class LocationController extends ApplicationApiController
|
||||||
/**
|
/**
|
||||||
* Return a single location.
|
* Return a single location.
|
||||||
*/
|
*/
|
||||||
public function view(GetLocationRequest $request): array
|
public function view(GetLocationRequest $request, Location $location): array
|
||||||
{
|
{
|
||||||
return $this->fractal->item($request->getModel(Location::class))
|
return $this->fractal->item($location)
|
||||||
->transformWith($this->getTransformer(LocationTransformer::class))
|
->transformWith($this->getTransformer(LocationTransformer::class))
|
||||||
->toArray();
|
->toArray();
|
||||||
}
|
}
|
||||||
|
@ -108,9 +108,9 @@ class LocationController extends ApplicationApiController
|
||||||
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
|
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
|
||||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
||||||
*/
|
*/
|
||||||
public function update(UpdateLocationRequest $request): array
|
public function update(UpdateLocationRequest $request, Location $location): array
|
||||||
{
|
{
|
||||||
$location = $this->updateService->handle($request->getModel(Location::class), $request->validated());
|
$location = $this->updateService->handle($location, $request->validated());
|
||||||
|
|
||||||
return $this->fractal->item($location)
|
return $this->fractal->item($location)
|
||||||
->transformWith($this->getTransformer(LocationTransformer::class))
|
->transformWith($this->getTransformer(LocationTransformer::class))
|
||||||
|
@ -122,9 +122,9 @@ class LocationController extends ApplicationApiController
|
||||||
*
|
*
|
||||||
* @throws \Pterodactyl\Exceptions\Service\Location\HasActiveNodesException
|
* @throws \Pterodactyl\Exceptions\Service\Location\HasActiveNodesException
|
||||||
*/
|
*/
|
||||||
public function delete(DeleteLocationRequest $request): Response
|
public function delete(DeleteLocationRequest $request, Location $location): Response
|
||||||
{
|
{
|
||||||
$this->deletionService->handle($request->getModel(Location::class));
|
$this->deletionService->handle($location);
|
||||||
|
|
||||||
return response('', 204);
|
return response('', 204);
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,7 +4,6 @@ namespace Pterodactyl\Http\Controllers\Api\Application\Nests;
|
||||||
|
|
||||||
use Pterodactyl\Models\Egg;
|
use Pterodactyl\Models\Egg;
|
||||||
use Pterodactyl\Models\Nest;
|
use Pterodactyl\Models\Nest;
|
||||||
use Pterodactyl\Contracts\Repository\EggRepositoryInterface;
|
|
||||||
use Pterodactyl\Transformers\Api\Application\EggTransformer;
|
use Pterodactyl\Transformers\Api\Application\EggTransformer;
|
||||||
use Pterodactyl\Http\Requests\Api\Application\Nests\Eggs\GetEggRequest;
|
use Pterodactyl\Http\Requests\Api\Application\Nests\Eggs\GetEggRequest;
|
||||||
use Pterodactyl\Http\Requests\Api\Application\Nests\Eggs\GetEggsRequest;
|
use Pterodactyl\Http\Requests\Api\Application\Nests\Eggs\GetEggsRequest;
|
||||||
|
@ -12,31 +11,12 @@ use Pterodactyl\Http\Controllers\Api\Application\ApplicationApiController;
|
||||||
|
|
||||||
class EggController extends ApplicationApiController
|
class EggController extends ApplicationApiController
|
||||||
{
|
{
|
||||||
/**
|
|
||||||
* @var \Pterodactyl\Contracts\Repository\EggRepositoryInterface
|
|
||||||
*/
|
|
||||||
private $repository;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* EggController constructor.
|
|
||||||
*/
|
|
||||||
public function __construct(EggRepositoryInterface $repository)
|
|
||||||
{
|
|
||||||
parent::__construct();
|
|
||||||
|
|
||||||
$this->repository = $repository;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return all eggs that exist for a given nest.
|
* Return all eggs that exist for a given nest.
|
||||||
*/
|
*/
|
||||||
public function index(GetEggsRequest $request): array
|
public function index(GetEggsRequest $request, Nest $nest): array
|
||||||
{
|
{
|
||||||
$eggs = $this->repository->findWhere([
|
return $this->fractal->collection($nest->eggs)
|
||||||
['nest_id', '=', $request->getModel(Nest::class)->id],
|
|
||||||
]);
|
|
||||||
|
|
||||||
return $this->fractal->collection($eggs)
|
|
||||||
->transformWith($this->getTransformer(EggTransformer::class))
|
->transformWith($this->getTransformer(EggTransformer::class))
|
||||||
->toArray();
|
->toArray();
|
||||||
}
|
}
|
||||||
|
@ -44,9 +24,9 @@ class EggController extends ApplicationApiController
|
||||||
/**
|
/**
|
||||||
* Return a single egg that exists on the specified nest.
|
* Return a single egg that exists on the specified nest.
|
||||||
*/
|
*/
|
||||||
public function view(GetEggRequest $request): array
|
public function view(GetEggRequest $request, Nest $nest, Egg $egg): array
|
||||||
{
|
{
|
||||||
return $this->fractal->item($request->getModel(Egg::class))
|
return $this->fractal->item($egg)
|
||||||
->transformWith($this->getTransformer(EggTransformer::class))
|
->transformWith($this->getTransformer(EggTransformer::class))
|
||||||
->toArray();
|
->toArray();
|
||||||
}
|
}
|
||||||
|
|
|
@ -40,9 +40,9 @@ class NestController extends ApplicationApiController
|
||||||
/**
|
/**
|
||||||
* Return information about a single Nest model.
|
* Return information about a single Nest model.
|
||||||
*/
|
*/
|
||||||
public function view(GetNestsRequest $request): array
|
public function view(GetNestsRequest $request, Nest $nest): array
|
||||||
{
|
{
|
||||||
return $this->fractal->item($request->getModel(Nest::class))
|
return $this->fractal->item($nest)
|
||||||
->transformWith($this->getTransformer(NestTransformer::class))
|
->transformWith($this->getTransformer(NestTransformer::class))
|
||||||
->toArray();
|
->toArray();
|
||||||
}
|
}
|
||||||
|
|
|
@ -105,12 +105,10 @@ class DatabaseController extends ApplicationApiController
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Handle a request to delete a specific server database from the Panel.
|
* Handle a request to delete a specific server database from the Panel.
|
||||||
*
|
|
||||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
|
||||||
*/
|
*/
|
||||||
public function delete(ServerDatabaseWriteRequest $request): Response
|
public function delete(ServerDatabaseWriteRequest $request, Server $server, Database $database): Response
|
||||||
{
|
{
|
||||||
$this->databaseManagementService->delete($request->getModel(Database::class));
|
$this->databaseManagementService->delete($database);
|
||||||
|
|
||||||
return response('', 204);
|
return response('', 204);
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
namespace Pterodactyl\Http\Controllers\Api\Application\Servers;
|
namespace Pterodactyl\Http\Controllers\Api\Application\Servers;
|
||||||
|
|
||||||
|
use Pterodactyl\Models\Server;
|
||||||
use Pterodactyl\Transformers\Api\Application\ServerTransformer;
|
use Pterodactyl\Transformers\Api\Application\ServerTransformer;
|
||||||
use Pterodactyl\Http\Controllers\Api\Application\ApplicationApiController;
|
use Pterodactyl\Http\Controllers\Api\Application\ApplicationApiController;
|
||||||
use Pterodactyl\Http\Requests\Api\Application\Servers\GetExternalServerRequest;
|
use Pterodactyl\Http\Requests\Api\Application\Servers\GetExternalServerRequest;
|
||||||
|
@ -11,9 +12,11 @@ class ExternalServerController extends ApplicationApiController
|
||||||
/**
|
/**
|
||||||
* Retrieve a specific server from the database using its external ID.
|
* Retrieve a specific server from the database using its external ID.
|
||||||
*/
|
*/
|
||||||
public function index(GetExternalServerRequest $request): array
|
public function index(GetExternalServerRequest $request, string $external_id): array
|
||||||
{
|
{
|
||||||
return $this->fractal->item($request->getServerModel())
|
$server = Server::query()->where('external_id', $external_id)->firstOrFail();
|
||||||
|
|
||||||
|
return $this->fractal->item($server)
|
||||||
->transformWith($this->getTransformer(ServerTransformer::class))
|
->transformWith($this->getTransformer(ServerTransformer::class))
|
||||||
->toArray();
|
->toArray();
|
||||||
}
|
}
|
||||||
|
|
|
@ -86,9 +86,9 @@ class ServerController extends ApplicationApiController
|
||||||
/**
|
/**
|
||||||
* Show a single server transformed for the application API.
|
* Show a single server transformed for the application API.
|
||||||
*/
|
*/
|
||||||
public function view(GetServerRequest $request): array
|
public function view(GetServerRequest $request, Server $server): array
|
||||||
{
|
{
|
||||||
return $this->fractal->item($request->getModel(Server::class))
|
return $this->fractal->item($server)
|
||||||
->transformWith($this->getTransformer(ServerTransformer::class))
|
->transformWith($this->getTransformer(ServerTransformer::class))
|
||||||
->toArray();
|
->toArray();
|
||||||
}
|
}
|
||||||
|
|
|
@ -42,14 +42,14 @@ class ServerDetailsController extends ApplicationApiController
|
||||||
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
|
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
|
||||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
||||||
*/
|
*/
|
||||||
public function details(UpdateServerDetailsRequest $request): array
|
public function details(UpdateServerDetailsRequest $request, Server $server): array
|
||||||
{
|
{
|
||||||
$server = $this->detailsModificationService->returnUpdatedModel()->handle(
|
$updated = $this->detailsModificationService->returnUpdatedModel()->handle(
|
||||||
$request->getModel(Server::class),
|
$server,
|
||||||
$request->validated()
|
$request->validated()
|
||||||
);
|
);
|
||||||
|
|
||||||
return $this->fractal->item($server)
|
return $this->fractal->item($updated)
|
||||||
->transformWith($this->getTransformer(ServerTransformer::class))
|
->transformWith($this->getTransformer(ServerTransformer::class))
|
||||||
->toArray();
|
->toArray();
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,11 +34,11 @@ class StartupController extends ApplicationApiController
|
||||||
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
|
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
|
||||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
||||||
*/
|
*/
|
||||||
public function index(UpdateServerStartupRequest $request): array
|
public function index(UpdateServerStartupRequest $request, Server $server): array
|
||||||
{
|
{
|
||||||
$server = $this->modificationService
|
$server = $this->modificationService
|
||||||
->setUserLevel(User::USER_LEVEL_ADMIN)
|
->setUserLevel(User::USER_LEVEL_ADMIN)
|
||||||
->handle($request->getModel(Server::class), $request->validated());
|
->handle($server, $request->validated());
|
||||||
|
|
||||||
return $this->fractal->item($server)
|
return $this->fractal->item($server)
|
||||||
->transformWith($this->getTransformer(ServerTransformer::class))
|
->transformWith($this->getTransformer(ServerTransformer::class))
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
namespace Pterodactyl\Http\Controllers\Api\Application\Users;
|
namespace Pterodactyl\Http\Controllers\Api\Application\Users;
|
||||||
|
|
||||||
|
use Pterodactyl\Models\User;
|
||||||
use Pterodactyl\Transformers\Api\Application\UserTransformer;
|
use Pterodactyl\Transformers\Api\Application\UserTransformer;
|
||||||
use Pterodactyl\Http\Controllers\Api\Application\ApplicationApiController;
|
use Pterodactyl\Http\Controllers\Api\Application\ApplicationApiController;
|
||||||
use Pterodactyl\Http\Requests\Api\Application\Users\GetExternalUserRequest;
|
use Pterodactyl\Http\Requests\Api\Application\Users\GetExternalUserRequest;
|
||||||
|
@ -11,9 +12,11 @@ class ExternalUserController extends ApplicationApiController
|
||||||
/**
|
/**
|
||||||
* Retrieve a specific user from the database using their external ID.
|
* Retrieve a specific user from the database using their external ID.
|
||||||
*/
|
*/
|
||||||
public function index(GetExternalUserRequest $request): array
|
public function index(GetExternalUserRequest $request, string $external_id): array
|
||||||
{
|
{
|
||||||
return $this->fractal->item($request->getUserModel())
|
$user = User::query()->where('external_id', $external_id)->firstOrFail();
|
||||||
|
|
||||||
|
return $this->fractal->item($user)
|
||||||
->transformWith($this->getTransformer(UserTransformer::class))
|
->transformWith($this->getTransformer(UserTransformer::class))
|
||||||
->toArray();
|
->toArray();
|
||||||
}
|
}
|
||||||
|
|
|
@ -52,8 +52,7 @@ class ScheduleController extends ClientApiController
|
||||||
*/
|
*/
|
||||||
public function index(ViewScheduleRequest $request, Server $server)
|
public function index(ViewScheduleRequest $request, Server $server)
|
||||||
{
|
{
|
||||||
$schedules = $server->schedule;
|
$schedules = $server->schedules->loadMissing('tasks');
|
||||||
$schedules->loadMissing('tasks');
|
|
||||||
|
|
||||||
return $this->fractal->collection($schedules)
|
return $this->fractal->collection($schedules)
|
||||||
->transformWith($this->getTransformer(ScheduleTransformer::class))
|
->transformWith($this->getTransformer(ScheduleTransformer::class))
|
||||||
|
|
|
@ -2,8 +2,8 @@
|
||||||
|
|
||||||
namespace Pterodactyl\Http\Controllers\Api\Remote;
|
namespace Pterodactyl\Http\Controllers\Api\Remote;
|
||||||
|
|
||||||
use Pterodactyl\Models\User;
|
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
|
use Pterodactyl\Models\User;
|
||||||
use Pterodactyl\Models\Server;
|
use Pterodactyl\Models\Server;
|
||||||
use Illuminate\Http\JsonResponse;
|
use Illuminate\Http\JsonResponse;
|
||||||
use Pterodactyl\Models\Permission;
|
use Pterodactyl\Models\Permission;
|
||||||
|
|
|
@ -24,7 +24,6 @@ use Pterodactyl\Http\Middleware\MaintenanceMiddleware;
|
||||||
use Pterodactyl\Http\Middleware\RedirectIfAuthenticated;
|
use Pterodactyl\Http\Middleware\RedirectIfAuthenticated;
|
||||||
use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
|
use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
|
||||||
use Pterodactyl\Http\Middleware\Api\AuthenticateIPAccess;
|
use Pterodactyl\Http\Middleware\Api\AuthenticateIPAccess;
|
||||||
use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings;
|
|
||||||
use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
|
use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
|
||||||
use Pterodactyl\Http\Middleware\Api\HandleStatelessRequest;
|
use Pterodactyl\Http\Middleware\Api\HandleStatelessRequest;
|
||||||
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
|
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
|
||||||
|
@ -32,7 +31,7 @@ use Pterodactyl\Http\Middleware\Api\Daemon\DaemonAuthenticate;
|
||||||
use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;
|
use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;
|
||||||
use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode;
|
use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode;
|
||||||
use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
|
use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
|
||||||
use Pterodactyl\Http\Middleware\Api\Client\SubstituteClientApiBindings;
|
use Pterodactyl\Http\Middleware\Api\Client\SubstituteClientBindings;
|
||||||
use Pterodactyl\Http\Middleware\Api\Application\AuthenticateApplicationUser;
|
use Pterodactyl\Http\Middleware\Api\Application\AuthenticateApplicationUser;
|
||||||
|
|
||||||
class Kernel extends HttpKernel
|
class Kernel extends HttpKernel
|
||||||
|
@ -75,13 +74,13 @@ class Kernel extends HttpKernel
|
||||||
VerifyCsrfToken::class,
|
VerifyCsrfToken::class,
|
||||||
],
|
],
|
||||||
'application-api' => [
|
'application-api' => [
|
||||||
ApiSubstituteBindings::class,
|
SubstituteBindings::class,
|
||||||
'api..key:' . ApiKey::TYPE_APPLICATION,
|
'api..key:' . ApiKey::TYPE_APPLICATION,
|
||||||
AuthenticateApplicationUser::class,
|
AuthenticateApplicationUser::class,
|
||||||
AuthenticateIPAccess::class,
|
AuthenticateIPAccess::class,
|
||||||
],
|
],
|
||||||
'client-api' => [
|
'client-api' => [
|
||||||
SubstituteClientApiBindings::class,
|
SubstituteClientBindings::class,
|
||||||
'api..key:' . ApiKey::TYPE_ACCOUNT,
|
'api..key:' . ApiKey::TYPE_ACCOUNT,
|
||||||
AuthenticateIPAccess::class,
|
AuthenticateIPAccess::class,
|
||||||
// This is perhaps a little backwards with the Client API, but logically you'd be unable
|
// This is perhaps a little backwards with the Client API, but logically you'd be unable
|
||||||
|
|
|
@ -1,87 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
namespace Pterodactyl\Http\Middleware\Api;
|
|
||||||
|
|
||||||
use Closure;
|
|
||||||
use Pterodactyl\Models\Egg;
|
|
||||||
use Pterodactyl\Models\Nest;
|
|
||||||
use Pterodactyl\Models\Node;
|
|
||||||
use Pterodactyl\Models\User;
|
|
||||||
use Pterodactyl\Models\Server;
|
|
||||||
use Pterodactyl\Models\Database;
|
|
||||||
use Pterodactyl\Models\Location;
|
|
||||||
use Pterodactyl\Models\Allocation;
|
|
||||||
use Illuminate\Routing\Middleware\SubstituteBindings;
|
|
||||||
use Illuminate\Database\Eloquent\ModelNotFoundException;
|
|
||||||
|
|
||||||
class ApiSubstituteBindings extends SubstituteBindings
|
|
||||||
{
|
|
||||||
/**
|
|
||||||
* Mappings to automatically assign route parameters to a model.
|
|
||||||
*
|
|
||||||
* @var array
|
|
||||||
*/
|
|
||||||
protected static $mappings = [
|
|
||||||
'allocation' => Allocation::class,
|
|
||||||
'database' => Database::class,
|
|
||||||
'egg' => Egg::class,
|
|
||||||
'location' => Location::class,
|
|
||||||
'nest' => Nest::class,
|
|
||||||
'node' => Node::class,
|
|
||||||
'server' => Server::class,
|
|
||||||
'user' => User::class,
|
|
||||||
];
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @var \Illuminate\Routing\Router
|
|
||||||
*/
|
|
||||||
protected $router;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Perform substitution of route parameters without triggering
|
|
||||||
* a 404 error if a model is not found.
|
|
||||||
*
|
|
||||||
* @param \Illuminate\Http\Request $request
|
|
||||||
*
|
|
||||||
* @return mixed
|
|
||||||
*/
|
|
||||||
public function handle($request, Closure $next)
|
|
||||||
{
|
|
||||||
$route = $request->route();
|
|
||||||
|
|
||||||
foreach (self::$mappings as $key => $model) {
|
|
||||||
if (!is_null($this->router->getBindingCallback($key))) {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
$this->router->model($key, $model, function () use ($request) {
|
|
||||||
$request->attributes->set('is_missing_model', true);
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
$this->router->substituteBindings($route);
|
|
||||||
|
|
||||||
// Attempt to resolve bindings for this route. If one of the models
|
|
||||||
// cannot be resolved do not immediately return a 404 error. Set a request
|
|
||||||
// attribute that can be checked in the base API request class to only
|
|
||||||
// trigger a 404 after validating that the API key making the request is valid
|
|
||||||
// and even has permission to access the requested resource.
|
|
||||||
try {
|
|
||||||
$this->router->substituteImplicitBindings($route);
|
|
||||||
} catch (ModelNotFoundException $exception) {
|
|
||||||
$request->attributes->set('is_missing_model', true);
|
|
||||||
}
|
|
||||||
|
|
||||||
return $next($request);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Return the registered mappings.
|
|
||||||
*
|
|
||||||
* @return array
|
|
||||||
*/
|
|
||||||
public static function getMappings()
|
|
||||||
{
|
|
||||||
return self::$mappings;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,62 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
namespace Pterodactyl\Http\Middleware\Api\Client;
|
|
||||||
|
|
||||||
use Closure;
|
|
||||||
use Pterodactyl\Models\User;
|
|
||||||
use Pterodactyl\Models\Backup;
|
|
||||||
use Pterodactyl\Models\Database;
|
|
||||||
use Illuminate\Container\Container;
|
|
||||||
use Pterodactyl\Contracts\Extensions\HashidsInterface;
|
|
||||||
use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings;
|
|
||||||
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
|
|
||||||
use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
|
|
||||||
|
|
||||||
class SubstituteClientApiBindings extends ApiSubstituteBindings
|
|
||||||
{
|
|
||||||
/**
|
|
||||||
* Perform substitution of route parameters without triggering
|
|
||||||
* a 404 error if a model is not found.
|
|
||||||
*
|
|
||||||
* @param \Illuminate\Http\Request $request
|
|
||||||
*
|
|
||||||
* @return mixed
|
|
||||||
*/
|
|
||||||
public function handle($request, Closure $next)
|
|
||||||
{
|
|
||||||
// Override default behavior of the model binding to use a specific table
|
|
||||||
// column rather than the default 'id'.
|
|
||||||
$this->router->bind('server', function ($value) use ($request) {
|
|
||||||
try {
|
|
||||||
$column = 'uuidShort';
|
|
||||||
if (preg_match('/^[0-9A-F]{8}-[0-9A-F]{4}-4[0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$/i', $value)) {
|
|
||||||
$column = 'uuid';
|
|
||||||
}
|
|
||||||
|
|
||||||
return Container::getInstance()->make(ServerRepositoryInterface::class)->findFirstWhere([
|
|
||||||
[$column, '=', $value],
|
|
||||||
]);
|
|
||||||
} catch (RecordNotFoundException $ex) {
|
|
||||||
$request->attributes->set('is_missing_model', true);
|
|
||||||
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
$this->router->bind('database', function ($value) {
|
|
||||||
$id = Container::getInstance()->make(HashidsInterface::class)->decodeFirst($value);
|
|
||||||
|
|
||||||
return Database::query()->where('id', $id)->firstOrFail();
|
|
||||||
});
|
|
||||||
|
|
||||||
$this->router->bind('backup', function ($value) {
|
|
||||||
return Backup::query()->where('uuid', $value)->firstOrFail();
|
|
||||||
});
|
|
||||||
|
|
||||||
$this->router->bind('user', function ($value) {
|
|
||||||
return User::query()->where('uuid', $value)->firstOrFail();
|
|
||||||
});
|
|
||||||
|
|
||||||
return parent::handle($request, $next);
|
|
||||||
}
|
|
||||||
}
|
|
36
app/Http/Middleware/Api/Client/SubstituteClientBindings.php
Normal file
36
app/Http/Middleware/Api/Client/SubstituteClientBindings.php
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Pterodactyl\Http\Middleware\Api\Client;
|
||||||
|
|
||||||
|
use Closure;
|
||||||
|
use Pterodactyl\Models\Server;
|
||||||
|
use Illuminate\Routing\Middleware\SubstituteBindings;
|
||||||
|
|
||||||
|
class SubstituteClientBindings extends SubstituteBindings
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* @param \Illuminate\Http\Request $request
|
||||||
|
*
|
||||||
|
* @return mixed
|
||||||
|
*/
|
||||||
|
public function handle($request, Closure $next)
|
||||||
|
{
|
||||||
|
// Override default behavior of the model binding to use a specific table
|
||||||
|
// column rather than the default 'id'.
|
||||||
|
$this->router->bind('server', function ($value) {
|
||||||
|
return Server::query()->where(strlen($value) === 8 ? 'uuidShort' : 'uuid', $value)->firstOrFail();
|
||||||
|
});
|
||||||
|
|
||||||
|
$this->router->bind('user', function ($value, $route) {
|
||||||
|
/** @var \Pterodactyl\Models\Subuser $match */
|
||||||
|
$match = $route->parameter('server')
|
||||||
|
->subusers()
|
||||||
|
->whereRelation('user', 'uuid', '=', $value)
|
||||||
|
->firstOrFail();
|
||||||
|
|
||||||
|
return $match->user;
|
||||||
|
});
|
||||||
|
|
||||||
|
return parent::handle($request, $next);
|
||||||
|
}
|
||||||
|
}
|
|
@ -3,6 +3,7 @@
|
||||||
namespace Pterodactyl\Http\Middleware\Api;
|
namespace Pterodactyl\Http\Middleware\Api;
|
||||||
|
|
||||||
use Closure;
|
use Closure;
|
||||||
|
use JsonException;
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
|
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
|
||||||
|
|
||||||
|
@ -18,10 +19,10 @@ class IsValidJson
|
||||||
public function handle(Request $request, Closure $next)
|
public function handle(Request $request, Closure $next)
|
||||||
{
|
{
|
||||||
if ($request->isJson() && !empty($request->getContent())) {
|
if ($request->isJson() && !empty($request->getContent())) {
|
||||||
json_decode($request->getContent(), true);
|
try {
|
||||||
|
json_decode($request->getContent(), true, 512, JSON_THROW_ON_ERROR);
|
||||||
if (json_last_error() !== JSON_ERROR_NONE) {
|
} catch (JsonException $exception) {
|
||||||
throw new BadRequestHttpException(sprintf('The JSON data passed in the request appears to be malformed. err_code: %d err_message: "%s"', json_last_error(), json_last_error_msg()));
|
throw new BadRequestHttpException('The JSON data passed in the request appears to be malformed: ' . $exception->getMessage());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2,8 +2,6 @@
|
||||||
|
|
||||||
namespace Pterodactyl\Http\Requests\Api\Application\Allocations;
|
namespace Pterodactyl\Http\Requests\Api\Application\Allocations;
|
||||||
|
|
||||||
use Pterodactyl\Models\Node;
|
|
||||||
use Pterodactyl\Models\Allocation;
|
|
||||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||||
|
|
||||||
|
@ -18,22 +16,4 @@ class DeleteAllocationRequest extends ApplicationApiRequest
|
||||||
* @var int
|
* @var int
|
||||||
*/
|
*/
|
||||||
protected $permission = AdminAcl::WRITE;
|
protected $permission = AdminAcl::WRITE;
|
||||||
|
|
||||||
/**
|
|
||||||
* Determine if the requested allocation exists and belongs to the node that
|
|
||||||
* is being passed in the URL.
|
|
||||||
*/
|
|
||||||
public function resourceExists(): bool
|
|
||||||
{
|
|
||||||
$node = $this->route()->parameter('node');
|
|
||||||
$allocation = $this->route()->parameter('allocation');
|
|
||||||
|
|
||||||
if ($node instanceof Node && $node->exists) {
|
|
||||||
if ($allocation instanceof Allocation && $allocation->exists && $allocation->node_id === $node->id) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,7 +2,6 @@
|
||||||
|
|
||||||
namespace Pterodactyl\Http\Requests\Api\Application\Allocations;
|
namespace Pterodactyl\Http\Requests\Api\Application\Allocations;
|
||||||
|
|
||||||
use Pterodactyl\Models\Node;
|
|
||||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||||
|
|
||||||
|
@ -17,15 +16,4 @@ class GetAllocationsRequest extends ApplicationApiRequest
|
||||||
* @var int
|
* @var int
|
||||||
*/
|
*/
|
||||||
protected $permission = AdminAcl::READ;
|
protected $permission = AdminAcl::READ;
|
||||||
|
|
||||||
/**
|
|
||||||
* Determine if the node that we are requesting the allocations
|
|
||||||
* for exists on the Panel.
|
|
||||||
*/
|
|
||||||
public function resourceExists(): bool
|
|
||||||
{
|
|
||||||
$node = $this->route()->parameter('node');
|
|
||||||
|
|
||||||
return $node instanceof Node && $node->exists;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,14 +2,12 @@
|
||||||
|
|
||||||
namespace Pterodactyl\Http\Requests\Api\Application;
|
namespace Pterodactyl\Http\Requests\Api\Application;
|
||||||
|
|
||||||
use Pterodactyl\Models\ApiKey;
|
use Webmozart\Assert\Assert;
|
||||||
use Illuminate\Validation\Validator;
|
use Illuminate\Validation\Validator;
|
||||||
|
use Illuminate\Database\Eloquent\Model;
|
||||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||||
use Illuminate\Foundation\Http\FormRequest;
|
use Illuminate\Foundation\Http\FormRequest;
|
||||||
use Pterodactyl\Exceptions\PterodactylException;
|
use Pterodactyl\Exceptions\PterodactylException;
|
||||||
use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings;
|
|
||||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
|
||||||
use Symfony\Component\Routing\Exception\InvalidParameterException;
|
|
||||||
|
|
||||||
abstract class ApplicationApiRequest extends FormRequest
|
abstract class ApplicationApiRequest extends FormRequest
|
||||||
{
|
{
|
||||||
|
@ -49,15 +47,7 @@ abstract class ApplicationApiRequest extends FormRequest
|
||||||
throw new PterodactylException('An ACL resource must be defined on API requests.');
|
throw new PterodactylException('An ACL resource must be defined on API requests.');
|
||||||
}
|
}
|
||||||
|
|
||||||
return AdminAcl::check($this->key(), $this->resource, $this->permission);
|
return AdminAcl::check($this->attributes->get('api_key'), $this->resource, $this->permission);
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Determine if the requested resource exists on the server.
|
|
||||||
*/
|
|
||||||
public function resourceExists(): bool
|
|
||||||
{
|
|
||||||
return true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -68,35 +58,6 @@ abstract class ApplicationApiRequest extends FormRequest
|
||||||
return [];
|
return [];
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Return the API key being used for the request.
|
|
||||||
*/
|
|
||||||
public function key(): ApiKey
|
|
||||||
{
|
|
||||||
return $this->attributes->get('api_key');
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Grab a model from the route parameters. If no model is found in the
|
|
||||||
* binding mappings an exception will be thrown.
|
|
||||||
*
|
|
||||||
* @return mixed
|
|
||||||
*
|
|
||||||
* @deprecated
|
|
||||||
*
|
|
||||||
* @throws \Symfony\Component\Routing\Exception\InvalidParameterException
|
|
||||||
*/
|
|
||||||
public function getModel(string $model)
|
|
||||||
{
|
|
||||||
$parameterKey = array_get(array_flip(ApiSubstituteBindings::getMappings()), $model);
|
|
||||||
|
|
||||||
if (is_null($parameterKey)) {
|
|
||||||
throw new InvalidParameterException();
|
|
||||||
}
|
|
||||||
|
|
||||||
return $this->route()->parameter($parameterKey);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Helper method allowing a developer to easily hook into this logic without having
|
* Helper method allowing a developer to easily hook into this logic without having
|
||||||
* to remember what the method name is called or where to use it. By default this is
|
* to remember what the method name is called or where to use it. By default this is
|
||||||
|
@ -108,50 +69,26 @@ abstract class ApplicationApiRequest extends FormRequest
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Validate that the resource exists and can be accessed prior to booting
|
* Returns the named route parameter and asserts that it is a real model that
|
||||||
* the validator and attempting to use the data.
|
* exists in the database.
|
||||||
*
|
*
|
||||||
* @throws \Illuminate\Auth\Access\AuthorizationException
|
* @template T of \Illuminate\Database\Eloquent\Model
|
||||||
|
*
|
||||||
|
* @param class-string<T> $expect
|
||||||
|
*
|
||||||
|
* @return T
|
||||||
|
* @noinspection PhpUndefinedClassInspection
|
||||||
|
* @noinspection PhpDocSignatureInspection
|
||||||
*/
|
*/
|
||||||
protected function prepareForValidation()
|
public function parameter(string $key, string $expect)
|
||||||
{
|
{
|
||||||
if (!$this->passesAuthorization()) {
|
$value = $this->route()->parameter($key);
|
||||||
$this->failedAuthorization();
|
|
||||||
}
|
|
||||||
|
|
||||||
$this->hasValidated = true;
|
Assert::isInstanceOf($value, $expect);
|
||||||
}
|
Assert::isInstanceOf($value, Model::class);
|
||||||
|
Assert::true($value->exists);
|
||||||
|
|
||||||
/*
|
/* @var T $value */
|
||||||
* Determine if the request passes the authorization check as well
|
return $value;
|
||||||
* as the exists check.
|
|
||||||
*
|
|
||||||
* @return bool
|
|
||||||
*
|
|
||||||
* @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
|
|
||||||
*/
|
|
||||||
protected function passesAuthorization()
|
|
||||||
{
|
|
||||||
// If we have already validated we do not need to call this function
|
|
||||||
// again. This is needed to work around Laravel's normal auth validation
|
|
||||||
// that occurs after validating the request params since we are doing auth
|
|
||||||
// validation in the prepareForValidation() function.
|
|
||||||
if ($this->hasValidated) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!parent::passesAuthorization()) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Only let the user know that a resource does not exist if they are
|
|
||||||
// authenticated to access the endpoint. This avoids exposing that
|
|
||||||
// an item exists (or does not exist) to the user until they can prove
|
|
||||||
// that they have permission to know about it.
|
|
||||||
if ($this->attributes->get('is_missing_model', false) || !$this->resourceExists()) {
|
|
||||||
throw new NotFoundHttpException(trans('exceptions.api.resource_not_found'));
|
|
||||||
}
|
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,7 +2,6 @@
|
||||||
|
|
||||||
namespace Pterodactyl\Http\Requests\Api\Application\Locations;
|
namespace Pterodactyl\Http\Requests\Api\Application\Locations;
|
||||||
|
|
||||||
use Pterodactyl\Models\Location;
|
|
||||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||||
|
|
||||||
|
@ -17,14 +16,4 @@ class DeleteLocationRequest extends ApplicationApiRequest
|
||||||
* @var int
|
* @var int
|
||||||
*/
|
*/
|
||||||
protected $permission = AdminAcl::WRITE;
|
protected $permission = AdminAcl::WRITE;
|
||||||
|
|
||||||
/**
|
|
||||||
* Determine if the requested location exists on the Panel.
|
|
||||||
*/
|
|
||||||
public function resourceExists(): bool
|
|
||||||
{
|
|
||||||
$location = $this->route()->parameter('location');
|
|
||||||
|
|
||||||
return $location instanceof Location && $location->exists;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,17 +2,6 @@
|
||||||
|
|
||||||
namespace Pterodactyl\Http\Requests\Api\Application\Locations;
|
namespace Pterodactyl\Http\Requests\Api\Application\Locations;
|
||||||
|
|
||||||
use Pterodactyl\Models\Location;
|
|
||||||
|
|
||||||
class GetLocationRequest extends GetLocationsRequest
|
class GetLocationRequest extends GetLocationsRequest
|
||||||
{
|
{
|
||||||
/**
|
|
||||||
* Determine if the requested location exists on the Panel.
|
|
||||||
*/
|
|
||||||
public function resourceExists(): bool
|
|
||||||
{
|
|
||||||
$location = $this->route()->parameter('location');
|
|
||||||
|
|
||||||
return $location instanceof Location && $location->exists;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,16 +6,6 @@ use Pterodactyl\Models\Location;
|
||||||
|
|
||||||
class UpdateLocationRequest extends StoreLocationRequest
|
class UpdateLocationRequest extends StoreLocationRequest
|
||||||
{
|
{
|
||||||
/**
|
|
||||||
* Determine if the requested location exists on the Panel.
|
|
||||||
*/
|
|
||||||
public function resourceExists(): bool
|
|
||||||
{
|
|
||||||
$location = $this->route()->parameter('location');
|
|
||||||
|
|
||||||
return $location instanceof Location && $location->exists;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Rules to validate this request against.
|
* Rules to validate this request against.
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -2,8 +2,6 @@
|
||||||
|
|
||||||
namespace Pterodactyl\Http\Requests\Api\Application\Nests\Eggs;
|
namespace Pterodactyl\Http\Requests\Api\Application\Nests\Eggs;
|
||||||
|
|
||||||
use Pterodactyl\Models\Egg;
|
|
||||||
use Pterodactyl\Models\Nest;
|
|
||||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||||
|
|
||||||
|
@ -18,12 +16,4 @@ class GetEggRequest extends ApplicationApiRequest
|
||||||
* @var int
|
* @var int
|
||||||
*/
|
*/
|
||||||
protected $permission = AdminAcl::READ;
|
protected $permission = AdminAcl::READ;
|
||||||
|
|
||||||
/**
|
|
||||||
* Determine if the requested egg exists for the selected nest.
|
|
||||||
*/
|
|
||||||
public function resourceExists(): bool
|
|
||||||
{
|
|
||||||
return $this->getModel(Nest::class)->id === $this->getModel(Egg::class)->nest_id;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,7 +2,6 @@
|
||||||
|
|
||||||
namespace Pterodactyl\Http\Requests\Api\Application\Nodes;
|
namespace Pterodactyl\Http\Requests\Api\Application\Nodes;
|
||||||
|
|
||||||
use Pterodactyl\Models\Node;
|
|
||||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||||
|
|
||||||
|
@ -17,15 +16,4 @@ class DeleteNodeRequest extends ApplicationApiRequest
|
||||||
* @var int
|
* @var int
|
||||||
*/
|
*/
|
||||||
protected $permission = AdminAcl::WRITE;
|
protected $permission = AdminAcl::WRITE;
|
||||||
|
|
||||||
/**
|
|
||||||
* Determine if the node being requested for editing exists
|
|
||||||
* on the Panel before validating the data.
|
|
||||||
*/
|
|
||||||
public function resourceExists(): bool
|
|
||||||
{
|
|
||||||
$node = $this->route()->parameter('node');
|
|
||||||
|
|
||||||
return $node instanceof Node && $node->exists;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,17 +2,6 @@
|
||||||
|
|
||||||
namespace Pterodactyl\Http\Requests\Api\Application\Nodes;
|
namespace Pterodactyl\Http\Requests\Api\Application\Nodes;
|
||||||
|
|
||||||
use Pterodactyl\Models\Node;
|
|
||||||
|
|
||||||
class GetNodeRequest extends GetNodesRequest
|
class GetNodeRequest extends GetNodesRequest
|
||||||
{
|
{
|
||||||
/**
|
|
||||||
* Determine if the requested node exists on the Panel.
|
|
||||||
*/
|
|
||||||
public function resourceExists(): bool
|
|
||||||
{
|
|
||||||
$node = $this->route()->parameter('node');
|
|
||||||
|
|
||||||
return $node instanceof Node && $node->exists;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,8 +12,8 @@ class UpdateNodeRequest extends StoreNodeRequest
|
||||||
*/
|
*/
|
||||||
public function rules(array $rules = null): array
|
public function rules(array $rules = null): array
|
||||||
{
|
{
|
||||||
$nodeId = $this->getModel(Node::class)->id;
|
$node = $this->route()->parameter('node')->id;
|
||||||
|
|
||||||
return parent::rules(Node::getRulesForUpdate($nodeId));
|
return parent::rules(Node::getRulesForUpdate($node));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,15 +16,4 @@ class GetServerDatabaseRequest extends ApplicationApiRequest
|
||||||
* @var int
|
* @var int
|
||||||
*/
|
*/
|
||||||
protected $permission = AdminAcl::READ;
|
protected $permission = AdminAcl::READ;
|
||||||
|
|
||||||
/**
|
|
||||||
* Determine if the requested server database exists.
|
|
||||||
*/
|
|
||||||
public function resourceExists(): bool
|
|
||||||
{
|
|
||||||
$server = $this->route()->parameter('server');
|
|
||||||
$database = $this->route()->parameter('database');
|
|
||||||
|
|
||||||
return $database->server_id === $server->id;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,19 +2,11 @@
|
||||||
|
|
||||||
namespace Pterodactyl\Http\Requests\Api\Application\Servers;
|
namespace Pterodactyl\Http\Requests\Api\Application\Servers;
|
||||||
|
|
||||||
use Pterodactyl\Models\Server;
|
|
||||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||||
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
|
|
||||||
use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
|
|
||||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||||
|
|
||||||
class GetExternalServerRequest extends ApplicationApiRequest
|
class GetExternalServerRequest extends ApplicationApiRequest
|
||||||
{
|
{
|
||||||
/**
|
|
||||||
* @var \Pterodactyl\Models\Server
|
|
||||||
*/
|
|
||||||
private $serverModel;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var string
|
* @var string
|
||||||
*/
|
*/
|
||||||
|
@ -24,30 +16,4 @@ class GetExternalServerRequest extends ApplicationApiRequest
|
||||||
* @var int
|
* @var int
|
||||||
*/
|
*/
|
||||||
protected $permission = AdminAcl::READ;
|
protected $permission = AdminAcl::READ;
|
||||||
|
|
||||||
/**
|
|
||||||
* Determine if the requested external user exists.
|
|
||||||
*/
|
|
||||||
public function resourceExists(): bool
|
|
||||||
{
|
|
||||||
$repository = $this->container->make(ServerRepositoryInterface::class);
|
|
||||||
|
|
||||||
try {
|
|
||||||
$this->serverModel = $repository->findFirstWhere([
|
|
||||||
['external_id', '=', $this->route()->parameter('external_id')],
|
|
||||||
]);
|
|
||||||
} catch (RecordNotFoundException $exception) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Return the server model for the requested external server.
|
|
||||||
*/
|
|
||||||
public function getServerModel(): Server
|
|
||||||
{
|
|
||||||
return $this->serverModel;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,7 +12,7 @@ class UpdateServerBuildConfigurationRequest extends ServerWriteRequest
|
||||||
*/
|
*/
|
||||||
public function rules(): array
|
public function rules(): array
|
||||||
{
|
{
|
||||||
$rules = Server::getRulesForUpdate($this->getModel(Server::class));
|
$rules = Server::getRulesForUpdate($this->parameter('server', Server::class));
|
||||||
|
|
||||||
return [
|
return [
|
||||||
'allocation' => $rules['allocation_id'],
|
'allocation' => $rules['allocation_id'],
|
||||||
|
|
|
@ -11,7 +11,7 @@ class UpdateServerDetailsRequest extends ServerWriteRequest
|
||||||
*/
|
*/
|
||||||
public function rules(): array
|
public function rules(): array
|
||||||
{
|
{
|
||||||
$rules = Server::getRulesForUpdate($this->getModel(Server::class));
|
$rules = Server::getRulesForUpdate($this->parameter('server', Server::class));
|
||||||
|
|
||||||
return [
|
return [
|
||||||
'external_id' => $rules['external_id'],
|
'external_id' => $rules['external_id'],
|
||||||
|
|
|
@ -23,7 +23,7 @@ class UpdateServerStartupRequest extends ApplicationApiRequest
|
||||||
*/
|
*/
|
||||||
public function rules(): array
|
public function rules(): array
|
||||||
{
|
{
|
||||||
$data = Server::getRulesForUpdate($this->getModel(Server::class));
|
$data = Server::getRulesForUpdate($this->parameter('server', Server::class));
|
||||||
|
|
||||||
return [
|
return [
|
||||||
'startup' => $data['startup'],
|
'startup' => $data['startup'],
|
||||||
|
|
|
@ -2,7 +2,6 @@
|
||||||
|
|
||||||
namespace Pterodactyl\Http\Requests\Api\Application\Users;
|
namespace Pterodactyl\Http\Requests\Api\Application\Users;
|
||||||
|
|
||||||
use Pterodactyl\Models\User;
|
|
||||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||||
|
|
||||||
|
@ -17,14 +16,4 @@ class DeleteUserRequest extends ApplicationApiRequest
|
||||||
* @var int
|
* @var int
|
||||||
*/
|
*/
|
||||||
protected $permission = AdminAcl::WRITE;
|
protected $permission = AdminAcl::WRITE;
|
||||||
|
|
||||||
/**
|
|
||||||
* Determine if the requested user exists on the Panel.
|
|
||||||
*/
|
|
||||||
public function resourceExists(): bool
|
|
||||||
{
|
|
||||||
$user = $this->route()->parameter('user');
|
|
||||||
|
|
||||||
return $user instanceof User && $user->exists;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,19 +2,11 @@
|
||||||
|
|
||||||
namespace Pterodactyl\Http\Requests\Api\Application\Users;
|
namespace Pterodactyl\Http\Requests\Api\Application\Users;
|
||||||
|
|
||||||
use Pterodactyl\Models\User;
|
|
||||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||||
use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
|
|
||||||
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
|
|
||||||
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
|
||||||
|
|
||||||
class GetExternalUserRequest extends ApplicationApiRequest
|
class GetExternalUserRequest extends ApplicationApiRequest
|
||||||
{
|
{
|
||||||
/**
|
|
||||||
* @var User
|
|
||||||
*/
|
|
||||||
private $userModel;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var string
|
* @var string
|
||||||
*/
|
*/
|
||||||
|
@ -24,30 +16,4 @@ class GetExternalUserRequest extends ApplicationApiRequest
|
||||||
* @var int
|
* @var int
|
||||||
*/
|
*/
|
||||||
protected $permission = AdminAcl::READ;
|
protected $permission = AdminAcl::READ;
|
||||||
|
|
||||||
/**
|
|
||||||
* Determine if the requested external user exists.
|
|
||||||
*/
|
|
||||||
public function resourceExists(): bool
|
|
||||||
{
|
|
||||||
$repository = $this->container->make(UserRepositoryInterface::class);
|
|
||||||
|
|
||||||
try {
|
|
||||||
$this->userModel = $repository->findFirstWhere([
|
|
||||||
['external_id', '=', $this->route()->parameter('external_id')],
|
|
||||||
]);
|
|
||||||
} catch (RecordNotFoundException $exception) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Return the user model for the requested external user.
|
|
||||||
*/
|
|
||||||
public function getUserModel(): User
|
|
||||||
{
|
|
||||||
return $this->userModel;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,7 +11,7 @@ class UpdateUserRequest extends StoreUserRequest
|
||||||
*/
|
*/
|
||||||
public function rules(array $rules = null): array
|
public function rules(array $rules = null): array
|
||||||
{
|
{
|
||||||
$userId = $this->getModel(User::class)->id;
|
$userId = $this->parameter('user', User::class)->id;
|
||||||
|
|
||||||
return parent::rules(User::getRulesForUpdate($userId));
|
return parent::rules(User::getRulesForUpdate($userId));
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,8 +2,6 @@
|
||||||
|
|
||||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Databases;
|
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Databases;
|
||||||
|
|
||||||
use Pterodactyl\Models\Server;
|
|
||||||
use Pterodactyl\Models\Database;
|
|
||||||
use Pterodactyl\Models\Permission;
|
use Pterodactyl\Models\Permission;
|
||||||
use Pterodactyl\Contracts\Http\ClientPermissionsRequest;
|
use Pterodactyl\Contracts\Http\ClientPermissionsRequest;
|
||||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||||
|
@ -14,9 +12,4 @@ class DeleteDatabaseRequest extends ClientApiRequest implements ClientPermission
|
||||||
{
|
{
|
||||||
return Permission::ACTION_DATABASE_DELETE;
|
return Permission::ACTION_DATABASE_DELETE;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function resourceExists(): bool
|
|
||||||
{
|
|
||||||
return $this->getModel(Server::class)->id === $this->getModel(Database::class)->server_id;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -13,6 +13,6 @@ class DownloadFileRequest extends ClientApiRequest
|
||||||
*/
|
*/
|
||||||
public function authorize(): bool
|
public function authorize(): bool
|
||||||
{
|
{
|
||||||
return $this->user()->can('file.read', $this->getModel(Server::class));
|
return $this->user()->can('file.read', $this->parameter('server', Server::class));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -80,6 +80,14 @@ class Allocation extends Model
|
||||||
'notes' => 'nullable|string|max:256',
|
'notes' => 'nullable|string|max:256',
|
||||||
];
|
];
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@inheritDoc}
|
||||||
|
*/
|
||||||
|
public function getRouteKeyName(): string
|
||||||
|
{
|
||||||
|
return $this->getKeyName();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return a hashid encoded string to represent the ID of the allocation.
|
* Return a hashid encoded string to represent the ID of the allocation.
|
||||||
*
|
*
|
||||||
|
|
|
@ -2,6 +2,9 @@
|
||||||
|
|
||||||
namespace Pterodactyl\Models;
|
namespace Pterodactyl\Models;
|
||||||
|
|
||||||
|
use Illuminate\Container\Container;
|
||||||
|
use Pterodactyl\Contracts\Extensions\HashidsInterface;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @property int $id
|
* @property int $id
|
||||||
* @property int $server_id
|
* @property int $server_id
|
||||||
|
@ -71,6 +74,36 @@ class Database extends Model
|
||||||
'password' => 'string',
|
'password' => 'string',
|
||||||
];
|
];
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@inheritDoc}
|
||||||
|
*/
|
||||||
|
public function getRouteKeyName(): string
|
||||||
|
{
|
||||||
|
return $this->getKeyName();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Resolves the database using the ID by checking if the value provided is a HashID
|
||||||
|
* string value, or just the ID to the database itself.
|
||||||
|
*
|
||||||
|
* @param mixed $value
|
||||||
|
* @param string|null $field
|
||||||
|
*
|
||||||
|
* @return \Illuminate\Database\Eloquent\Model|null
|
||||||
|
*
|
||||||
|
* @throws \Illuminate\Contracts\Container\BindingResolutionException
|
||||||
|
*/
|
||||||
|
public function resolveRouteBinding($value, $field = null)
|
||||||
|
{
|
||||||
|
if (is_scalar($value) && ($field ?? $this->getRouteKeyName()) === 'id') {
|
||||||
|
$value = ctype_digit((string) $value)
|
||||||
|
? $value
|
||||||
|
: Container::getInstance()->make(HashidsInterface::class)->decodeFirst($value);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $this->where($field ?? $this->getRouteKeyName(), $value)->firstOrFail();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the host database server associated with a database.
|
* Gets the host database server associated with a database.
|
||||||
*
|
*
|
||||||
|
|
|
@ -43,6 +43,14 @@ class Location extends Model
|
||||||
'long' => 'string|nullable|between:1,191',
|
'long' => 'string|nullable|between:1,191',
|
||||||
];
|
];
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@inheritDoc}
|
||||||
|
*/
|
||||||
|
public function getRouteKeyName(): string
|
||||||
|
{
|
||||||
|
return $this->getKeyName();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the nodes in a specified location.
|
* Gets the nodes in a specified location.
|
||||||
*
|
*
|
||||||
|
|
|
@ -68,6 +68,20 @@ abstract class Model extends IlluminateModel
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the model key to use for route model binding. By default we'll
|
||||||
|
* assume every model uses a UUID field for this. If the model does not have
|
||||||
|
* a UUID and is using a different key it should be specified on the model
|
||||||
|
* itself.
|
||||||
|
*
|
||||||
|
* You may also optionally override this on a per-route basis by declaring
|
||||||
|
* the key name in the URL definition, like "{user:id}".
|
||||||
|
*/
|
||||||
|
public function getRouteKeyName(): string
|
||||||
|
{
|
||||||
|
return 'uuid';
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Set the model to skip validation when saving.
|
* Set the model to skip validation when saving.
|
||||||
*
|
*
|
||||||
|
|
|
@ -123,6 +123,14 @@ class Schedule extends Model
|
||||||
'next_run_at' => 'nullable|date',
|
'next_run_at' => 'nullable|date',
|
||||||
];
|
];
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@inheritDoc}
|
||||||
|
*/
|
||||||
|
public function getRouteKeyName(): string
|
||||||
|
{
|
||||||
|
return $this->getKeyName();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the schedule's execution crontab entry as a string.
|
* Returns the schedule's execution crontab entry as a string.
|
||||||
*
|
*
|
||||||
|
|
|
@ -9,6 +9,8 @@ use Znck\Eloquent\Traits\BelongsToThrough;
|
||||||
use Pterodactyl\Exceptions\Http\Server\ServerStateConflictException;
|
use Pterodactyl\Exceptions\Http\Server\ServerStateConflictException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* Pterodactyl\Models\Server.
|
||||||
|
*
|
||||||
* @property int $id
|
* @property int $id
|
||||||
* @property string|null $external_id
|
* @property string|null $external_id
|
||||||
* @property string $uuid
|
* @property string $uuid
|
||||||
|
@ -24,33 +26,75 @@ use Pterodactyl\Exceptions\Http\Server\ServerStateConflictException;
|
||||||
* @property int $disk
|
* @property int $disk
|
||||||
* @property int $io
|
* @property int $io
|
||||||
* @property int $cpu
|
* @property int $cpu
|
||||||
* @property string $threads
|
* @property string|null $threads
|
||||||
* @property bool $oom_disabled
|
* @property bool $oom_disabled
|
||||||
* @property int $allocation_id
|
* @property int $allocation_id
|
||||||
* @property int $nest_id
|
* @property int $nest_id
|
||||||
* @property int $egg_id
|
* @property int $egg_id
|
||||||
* @property string $startup
|
* @property string $startup
|
||||||
* @property string $image
|
* @property string $image
|
||||||
* @property int $allocation_limit
|
* @property int|null $allocation_limit
|
||||||
* @property int $database_limit
|
* @property int|null $database_limit
|
||||||
* @property int $backup_limit
|
* @property int $backup_limit
|
||||||
* @property \Carbon\Carbon $created_at
|
* @property \Illuminate\Support\Carbon|null $created_at
|
||||||
* @property \Carbon\Carbon $updated_at
|
* @property \Illuminate\Support\Carbon|null $updated_at
|
||||||
* @property \Pterodactyl\Models\User $user
|
* @property \Pterodactyl\Models\Allocation|null $allocation
|
||||||
* @property \Pterodactyl\Models\Subuser[]|\Illuminate\Database\Eloquent\Collection $subusers
|
* @property \Illuminate\Database\Eloquent\Collection|\Pterodactyl\Models\Allocation[] $allocations
|
||||||
* @property \Pterodactyl\Models\Allocation $allocation
|
* @property int|null $allocations_count
|
||||||
* @property \Pterodactyl\Models\Allocation[]|\Illuminate\Database\Eloquent\Collection $allocations
|
* @property \Illuminate\Database\Eloquent\Collection|\Pterodactyl\Models\AuditLog[] $audits
|
||||||
* @property \Pterodactyl\Models\Node $node
|
* @property int|null $audits_count
|
||||||
|
* @property \Illuminate\Database\Eloquent\Collection|\Pterodactyl\Models\Backup[] $backups
|
||||||
|
* @property int|null $backups_count
|
||||||
|
* @property \Illuminate\Database\Eloquent\Collection|\Pterodactyl\Models\Database[] $databases
|
||||||
|
* @property int|null $databases_count
|
||||||
|
* @property \Pterodactyl\Models\Egg|null $egg
|
||||||
|
* @property \Illuminate\Database\Eloquent\Collection|\Pterodactyl\Models\Mount[] $mounts
|
||||||
|
* @property int|null $mounts_count
|
||||||
* @property \Pterodactyl\Models\Nest $nest
|
* @property \Pterodactyl\Models\Nest $nest
|
||||||
* @property \Pterodactyl\Models\Egg $egg
|
* @property \Pterodactyl\Models\Node $node
|
||||||
* @property \Pterodactyl\Models\EggVariable[]|\Illuminate\Database\Eloquent\Collection $variables
|
* @property \Illuminate\Notifications\DatabaseNotificationCollection|\Illuminate\Notifications\DatabaseNotification[] $notifications
|
||||||
* @property \Pterodactyl\Models\Schedule[]|\Illuminate\Database\Eloquent\Collection $schedule
|
* @property int|null $notifications_count
|
||||||
* @property \Pterodactyl\Models\Database[]|\Illuminate\Database\Eloquent\Collection $databases
|
* @property \Illuminate\Database\Eloquent\Collection|\Pterodactyl\Models\Schedule[] $schedules
|
||||||
* @property \Pterodactyl\Models\Location $location
|
* @property int|null $schedules_count
|
||||||
* @property \Pterodactyl\Models\ServerTransfer $transfer
|
* @property \Illuminate\Database\Eloquent\Collection|\Pterodactyl\Models\Subuser[] $subusers
|
||||||
* @property \Pterodactyl\Models\Backup[]|\Illuminate\Database\Eloquent\Collection $backups
|
* @property int|null $subusers_count
|
||||||
* @property \Pterodactyl\Models\Mount[]|\Illuminate\Database\Eloquent\Collection $mounts
|
* @property \Pterodactyl\Models\ServerTransfer|null $transfer
|
||||||
* @property \Pterodactyl\Models\AuditLog[] $audits
|
* @property \Pterodactyl\Models\User $user
|
||||||
|
* @property \Illuminate\Database\Eloquent\Collection|\Pterodactyl\Models\EggVariable[] $variables
|
||||||
|
* @property int|null $variables_count
|
||||||
|
*
|
||||||
|
* @method static \Database\Factories\ServerFactory factory(...$parameters)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server newModelQuery()
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server newQuery()
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server query()
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereAllocationId($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereAllocationLimit($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereBackupLimit($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereCpu($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereCreatedAt($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereDatabaseLimit($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereDescription($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereDisk($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereEggId($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereExternalId($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereId($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereImage($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereIo($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereMemory($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereName($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereNestId($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereNodeId($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereOomDisabled($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereOwnerId($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereSkipScripts($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereStartup($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereStatus($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereSwap($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereThreads($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereUpdatedAt($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereUuid($value)
|
||||||
|
* @method static \Illuminate\Database\Eloquent\Builder|Server whereUuidShort($value)
|
||||||
|
* @mixin \Eloquent
|
||||||
*/
|
*/
|
||||||
class Server extends Model
|
class Server extends Model
|
||||||
{
|
{
|
||||||
|
@ -273,7 +317,7 @@ class Server extends Model
|
||||||
*
|
*
|
||||||
* @return \Illuminate\Database\Eloquent\Relations\HasMany
|
* @return \Illuminate\Database\Eloquent\Relations\HasMany
|
||||||
*/
|
*/
|
||||||
public function schedule()
|
public function schedules()
|
||||||
{
|
{
|
||||||
return $this->hasMany(Schedule::class);
|
return $this->hasMany(Schedule::class);
|
||||||
}
|
}
|
||||||
|
|
|
@ -105,6 +105,14 @@ class Task extends Model
|
||||||
'continue_on_failure' => 'boolean',
|
'continue_on_failure' => 'boolean',
|
||||||
];
|
];
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@inheritDoc}
|
||||||
|
*/
|
||||||
|
public function getRouteKeyName(): string
|
||||||
|
{
|
||||||
|
return $this->getKeyName();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return a hashid encoded string to represent the ID of the task.
|
* Return a hashid encoded string to represent the ID of the task.
|
||||||
*
|
*
|
||||||
|
|
|
@ -201,7 +201,7 @@ class User extends Model implements
|
||||||
*/
|
*/
|
||||||
public function toVueObject(): array
|
public function toVueObject(): array
|
||||||
{
|
{
|
||||||
return (new Collection($this->toArray()))->except(['id', 'external_id'])->toArray();
|
return Collection::make($this->toArray())->except(['id', 'external_id'])->toArray();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -17,6 +17,7 @@ use Illuminate\Database\Eloquent\Relations\BelongsTo;
|
||||||
* @property \Illuminate\Support\Carbon|null $updated_at
|
* @property \Illuminate\Support\Carbon|null $updated_at
|
||||||
* @property \Illuminate\Support\Carbon|null $deleted_at
|
* @property \Illuminate\Support\Carbon|null $deleted_at
|
||||||
* @property \Pterodactyl\Models\User $user
|
* @property \Pterodactyl\Models\User $user
|
||||||
|
*
|
||||||
* @method static \Illuminate\Database\Eloquent\Builder|UserSSHKey newModelQuery()
|
* @method static \Illuminate\Database\Eloquent\Builder|UserSSHKey newModelQuery()
|
||||||
* @method static \Illuminate\Database\Eloquent\Builder|UserSSHKey newQuery()
|
* @method static \Illuminate\Database\Eloquent\Builder|UserSSHKey newQuery()
|
||||||
* @method static \Illuminate\Database\Query\Builder|UserSSHKey onlyTrashed()
|
* @method static \Illuminate\Database\Query\Builder|UserSSHKey onlyTrashed()
|
||||||
|
@ -32,6 +33,7 @@ use Illuminate\Database\Eloquent\Relations\BelongsTo;
|
||||||
* @method static \Illuminate\Database\Query\Builder|UserSSHKey withTrashed()
|
* @method static \Illuminate\Database\Query\Builder|UserSSHKey withTrashed()
|
||||||
* @method static \Illuminate\Database\Query\Builder|UserSSHKey withoutTrashed()
|
* @method static \Illuminate\Database\Query\Builder|UserSSHKey withoutTrashed()
|
||||||
* @mixin \Eloquent
|
* @mixin \Eloquent
|
||||||
|
*
|
||||||
* @method static \Database\Factories\UserSSHKeyFactory factory(...$parameters)
|
* @method static \Database\Factories\UserSSHKeyFactory factory(...$parameters)
|
||||||
*/
|
*/
|
||||||
class UserSSHKey extends Model
|
class UserSSHKey extends Model
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
namespace Pterodactyl\Providers;
|
namespace Pterodactyl\Providers;
|
||||||
|
|
||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
|
use Pterodactyl\Models\Database;
|
||||||
use Illuminate\Support\Facades\Route;
|
use Illuminate\Support\Facades\Route;
|
||||||
use Illuminate\Cache\RateLimiting\Limit;
|
use Illuminate\Cache\RateLimiting\Limit;
|
||||||
use Illuminate\Support\Facades\RateLimiter;
|
use Illuminate\Support\Facades\RateLimiter;
|
||||||
|
@ -26,6 +27,11 @@ class RouteServiceProvider extends ServiceProvider
|
||||||
return preg_match(self::FILE_PATH_REGEX, $request->getPathInfo()) === 1;
|
return preg_match(self::FILE_PATH_REGEX, $request->getPathInfo()) === 1;
|
||||||
});
|
});
|
||||||
|
|
||||||
|
// This is needed to make use of the "resolveRouteBinding" functionality in the
|
||||||
|
// model. Without it you'll never trigger that logic flow thus resulting in a 404
|
||||||
|
// error because we request databases with a HashID, and not with a normal ID.
|
||||||
|
Route::model('database', Database::class);
|
||||||
|
|
||||||
$this->routes(function () {
|
$this->routes(function () {
|
||||||
Route::middleware(['web', 'csrf'])->group(function () {
|
Route::middleware(['web', 'csrf'])->group(function () {
|
||||||
Route::middleware('auth')->group(base_path('routes/base.php'));
|
Route::middleware('auth')->group(base_path('routes/base.php'));
|
||||||
|
@ -36,14 +42,18 @@ class RouteServiceProvider extends ServiceProvider
|
||||||
Route::middleware('api')->group(function () {
|
Route::middleware('api')->group(function () {
|
||||||
Route::middleware(['application-api', 'throttle:api.application'])
|
Route::middleware(['application-api', 'throttle:api.application'])
|
||||||
->prefix('/api/application')
|
->prefix('/api/application')
|
||||||
|
->scopeBindings()
|
||||||
->group(base_path('routes/api-application.php'));
|
->group(base_path('routes/api-application.php'));
|
||||||
|
|
||||||
Route::middleware(['client-api', 'throttle:api.client'])
|
Route::middleware(['client-api', 'throttle:api.client'])
|
||||||
->prefix('/api/client')
|
->prefix('/api/client')
|
||||||
|
->scopeBindings()
|
||||||
->group(base_path('routes/api-client.php'));
|
->group(base_path('routes/api-client.php'));
|
||||||
});
|
});
|
||||||
|
|
||||||
Route::middleware('daemon')->prefix('/api/remote')
|
Route::middleware('daemon')
|
||||||
|
->prefix('/api/remote')
|
||||||
|
->scopeBindings()
|
||||||
->group(base_path('routes/api-remote.php'));
|
->group(base_path('routes/api-remote.php'));
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,13 +14,13 @@ use Pterodactyl\Http\Controllers\Api\Application;
|
||||||
|
|
||||||
Route::group(['prefix' => '/users'], function () {
|
Route::group(['prefix' => '/users'], function () {
|
||||||
Route::get('/', [Application\Users\UserController::class, 'index'])->name('api.application.users');
|
Route::get('/', [Application\Users\UserController::class, 'index'])->name('api.application.users');
|
||||||
Route::get('/{user}', [Application\Users\UserController::class, 'view'])->name('api.application.users.view');
|
Route::get('/{user:id}', [Application\Users\UserController::class, 'view'])->name('api.application.users.view');
|
||||||
Route::get('/external/{external_id}', [Application\Users\ExternalUserController::class, 'index'])->name('api.application.users.external');
|
Route::get('/external/{external_id}', [Application\Users\ExternalUserController::class, 'index'])->name('api.application.users.external');
|
||||||
|
|
||||||
Route::post('/', [Application\Users\UserController::class, 'store']);
|
Route::post('/', [Application\Users\UserController::class, 'store']);
|
||||||
Route::patch('/{user}', [Application\Users\UserController::class, 'update']);
|
Route::patch('/{user:id}', [Application\Users\UserController::class, 'update']);
|
||||||
|
|
||||||
Route::delete('/{user}', [Application\Users\UserController::class, 'delete']);
|
Route::delete('/{user:id}', [Application\Users\UserController::class, 'delete']);
|
||||||
});
|
});
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -34,18 +34,18 @@ Route::group(['prefix' => '/users'], function () {
|
||||||
Route::group(['prefix' => '/nodes'], function () {
|
Route::group(['prefix' => '/nodes'], function () {
|
||||||
Route::get('/', [Application\Nodes\NodeController::class, 'index'])->name('api.application.nodes');
|
Route::get('/', [Application\Nodes\NodeController::class, 'index'])->name('api.application.nodes');
|
||||||
Route::get('/deployable', Application\Nodes\NodeDeploymentController::class);
|
Route::get('/deployable', Application\Nodes\NodeDeploymentController::class);
|
||||||
Route::get('/{node}', [Application\Nodes\NodeController::class, 'view'])->name('api.application.nodes.view');
|
Route::get('/{node:id}', [Application\Nodes\NodeController::class, 'view'])->name('api.application.nodes.view');
|
||||||
Route::get('/{node}/configuration', Application\Nodes\NodeConfigurationController::class);
|
Route::get('/{node:id}/configuration', Application\Nodes\NodeConfigurationController::class);
|
||||||
|
|
||||||
Route::post('/', [Application\Nodes\NodeController::class, 'store']);
|
Route::post('/', [Application\Nodes\NodeController::class, 'store']);
|
||||||
Route::patch('/{node}', [Application\Nodes\NodeController::class, 'update']);
|
Route::patch('/{node:id}', [Application\Nodes\NodeController::class, 'update']);
|
||||||
|
|
||||||
Route::delete('/{node}', [Application\Nodes\NodeController::class, 'delete']);
|
Route::delete('/{node:id}', [Application\Nodes\NodeController::class, 'delete']);
|
||||||
|
|
||||||
Route::group(['prefix' => '/{node}/allocations'], function () {
|
Route::group(['prefix' => '/{node:id}/allocations'], function () {
|
||||||
Route::get('/', [Application\Nodes\AllocationController::class, 'index'])->name('api.application.allocations');
|
Route::get('/', [Application\Nodes\AllocationController::class, 'index'])->name('api.application.allocations');
|
||||||
Route::post('/', [Application\Nodes\AllocationController::class, 'store']);
|
Route::post('/', [Application\Nodes\AllocationController::class, 'store']);
|
||||||
Route::delete('/{allocation}', [Application\Nodes\AllocationController::class, 'delete'])->name('api.application.allocations.view');
|
Route::delete('/{allocation:id}', [Application\Nodes\AllocationController::class, 'delete'])->name('api.application.allocations.view');
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -59,12 +59,12 @@ Route::group(['prefix' => '/nodes'], function () {
|
||||||
*/
|
*/
|
||||||
Route::group(['prefix' => '/locations'], function () {
|
Route::group(['prefix' => '/locations'], function () {
|
||||||
Route::get('/', [Application\Locations\LocationController::class, 'index'])->name('api.applications.locations');
|
Route::get('/', [Application\Locations\LocationController::class, 'index'])->name('api.applications.locations');
|
||||||
Route::get('/{location}', [Application\Locations\LocationController::class, 'view'])->name('api.application.locations.view');
|
Route::get('/{location:id}', [Application\Locations\LocationController::class, 'view'])->name('api.application.locations.view');
|
||||||
|
|
||||||
Route::post('/', [Application\Locations\LocationController::class, 'store']);
|
Route::post('/', [Application\Locations\LocationController::class, 'store']);
|
||||||
Route::patch('/{location}', [Application\Locations\LocationController::class, 'update']);
|
Route::patch('/{location:id}', [Application\Locations\LocationController::class, 'update']);
|
||||||
|
|
||||||
Route::delete('/{location}', [Application\Locations\LocationController::class, 'delete']);
|
Route::delete('/{location:id}', [Application\Locations\LocationController::class, 'delete']);
|
||||||
});
|
});
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -77,30 +77,30 @@ Route::group(['prefix' => '/locations'], function () {
|
||||||
*/
|
*/
|
||||||
Route::group(['prefix' => '/servers'], function () {
|
Route::group(['prefix' => '/servers'], function () {
|
||||||
Route::get('/', [Application\Servers\ServerController::class, 'index'])->name('api.application.servers');
|
Route::get('/', [Application\Servers\ServerController::class, 'index'])->name('api.application.servers');
|
||||||
Route::get('/{server}', [Application\Servers\ServerController::class, 'view'])->name('api.application.servers.view');
|
Route::get('/{server:id}', [Application\Servers\ServerController::class, 'view'])->name('api.application.servers.view');
|
||||||
Route::get('/external/{external_id}', [Application\Servers\ExternalServerController::class, 'index'])->name('api.application.servers.external');
|
Route::get('/external/{external_id}', [Application\Servers\ExternalServerController::class, 'index'])->name('api.application.servers.external');
|
||||||
|
|
||||||
Route::patch('/{server}/details', [Application\Servers\ServerDetailsController::class, 'details'])->name('api.application.servers.details');
|
Route::patch('/{server:id}/details', [Application\Servers\ServerDetailsController::class, 'details'])->name('api.application.servers.details');
|
||||||
Route::patch('/{server}/build', [Application\Servers\ServerDetailsController::class, 'build'])->name('api.application.servers.build');
|
Route::patch('/{server:id}/build', [Application\Servers\ServerDetailsController::class, 'build'])->name('api.application.servers.build');
|
||||||
Route::patch('/{server}/startup', [Application\Servers\StartupController::class, 'index'])->name('api.application.servers.startup');
|
Route::patch('/{server:id}/startup', [Application\Servers\StartupController::class, 'index'])->name('api.application.servers.startup');
|
||||||
|
|
||||||
Route::post('/', [Application\Servers\ServerController::class, 'store']);
|
Route::post('/', [Application\Servers\ServerController::class, 'store']);
|
||||||
Route::post('/{server}/suspend', [Application\Servers\ServerManagementController::class, 'suspend'])->name('api.application.servers.suspend');
|
Route::post('/{server:id}/suspend', [Application\Servers\ServerManagementController::class, 'suspend'])->name('api.application.servers.suspend');
|
||||||
Route::post('/{server}/unsuspend', [Application\Servers\ServerManagementController::class, 'unsuspend'])->name('api.application.servers.unsuspend');
|
Route::post('/{server:id}/unsuspend', [Application\Servers\ServerManagementController::class, 'unsuspend'])->name('api.application.servers.unsuspend');
|
||||||
Route::post('/{server}/reinstall', [Application\Servers\ServerManagementController::class, 'reinstall'])->name('api.application.servers.reinstall');
|
Route::post('/{server:id}/reinstall', [Application\Servers\ServerManagementController::class, 'reinstall'])->name('api.application.servers.reinstall');
|
||||||
|
|
||||||
Route::delete('/{server}', [Application\Servers\ServerController::class, 'delete']);
|
Route::delete('/{server:id}', [Application\Servers\ServerController::class, 'delete']);
|
||||||
Route::delete('/{server}/{force?}', [Application\Servers\ServerController::class, 'delete']);
|
Route::delete('/{server:id}/{force?}', [Application\Servers\ServerController::class, 'delete']);
|
||||||
|
|
||||||
// Database Management Endpoint
|
// Database Management Endpoint
|
||||||
Route::group(['prefix' => '/{server}/databases'], function () {
|
Route::group(['prefix' => '/{server:id}/databases'], function () {
|
||||||
Route::get('/', [Application\Servers\DatabaseController::class, 'index'])->name('api.application.servers.databases');
|
Route::get('/', [Application\Servers\DatabaseController::class, 'index'])->name('api.application.servers.databases');
|
||||||
Route::get('/{database}', [Application\Servers\DatabaseController::class, 'view'])->name('api.application.servers.databases.view');
|
Route::get('/{database:id}', [Application\Servers\DatabaseController::class, 'view'])->name('api.application.servers.databases.view');
|
||||||
|
|
||||||
Route::post('/', [Application\Servers\DatabaseController::class, 'store']);
|
Route::post('/', [Application\Servers\DatabaseController::class, 'store']);
|
||||||
Route::post('/{database}/reset-password', [Application\Servers\DatabaseController::class, 'resetPassword']);
|
Route::post('/{database:id}/reset-password', [Application\Servers\DatabaseController::class, 'resetPassword']);
|
||||||
|
|
||||||
Route::delete('/{database}', [Application\Servers\DatabaseController::class, 'delete']);
|
Route::delete('/{database:id}', [Application\Servers\DatabaseController::class, 'delete']);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -114,11 +114,11 @@ Route::group(['prefix' => '/servers'], function () {
|
||||||
*/
|
*/
|
||||||
Route::group(['prefix' => '/nests'], function () {
|
Route::group(['prefix' => '/nests'], function () {
|
||||||
Route::get('/', [Application\Nests\NestController::class, 'index'])->name('api.application.nests');
|
Route::get('/', [Application\Nests\NestController::class, 'index'])->name('api.application.nests');
|
||||||
Route::get('/{nest}', [Application\Nests\NestController::class, 'view'])->name('api.application.nests.view');
|
Route::get('/{nest:id}', [Application\Nests\NestController::class, 'view'])->name('api.application.nests.view');
|
||||||
|
|
||||||
// Egg Management Endpoint
|
// Egg Management Endpoint
|
||||||
Route::group(['prefix' => '/{nest}/eggs'], function () {
|
Route::group(['prefix' => '/{nest:id}/eggs'], function () {
|
||||||
Route::get('/', [Application\Nests\EggController::class, 'index'])->name('api.application.nests.eggs');
|
Route::get('/', [Application\Nests\EggController::class, 'index'])->name('api.application.nests.eggs');
|
||||||
Route::get('/{egg}', [Application\Nests\EggController::class, 'view'])->name('api.application.nests.eggs.view');
|
Route::get('/{egg:id}', [Application\Nests\EggController::class, 'view'])->name('api.application.nests.eggs.view');
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
|
@ -265,16 +265,4 @@ class LocationControllerTest extends ApplicationApiIntegrationTestCase
|
||||||
$response = $this->getJson('/api/application/locations/' . $location->id);
|
$response = $this->getJson('/api/application/locations/' . $location->id);
|
||||||
$this->assertAccessDeniedJson($response);
|
$this->assertAccessDeniedJson($response);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Test that a location's existence is not exposed unless an API key has permission
|
|
||||||
* to access the resource.
|
|
||||||
*/
|
|
||||||
public function testResourceIsNotExposedWithoutPermissions()
|
|
||||||
{
|
|
||||||
$this->createNewDefaultApiKey($this->getApiUser(), ['r_locations' => 0]);
|
|
||||||
|
|
||||||
$response = $this->getJson('/api/application/locations/nil');
|
|
||||||
$this->assertAccessDeniedJson($response);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -120,17 +120,4 @@ class EggControllerTest extends ApplicationApiIntegrationTestCase
|
||||||
$response = $this->getJson('/api/application/nests/' . $egg->nest_id . '/eggs');
|
$response = $this->getJson('/api/application/nests/' . $egg->nest_id . '/eggs');
|
||||||
$this->assertAccessDeniedJson($response);
|
$this->assertAccessDeniedJson($response);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Test that a nests's existence is not exposed unless an API key has permission
|
|
||||||
* to access the resource.
|
|
||||||
*/
|
|
||||||
public function testResourceIsNotExposedWithoutPermissions()
|
|
||||||
{
|
|
||||||
$egg = Egg::query()->findOrFail(1);
|
|
||||||
$this->createNewDefaultApiKey($this->getApiUser(), ['r_eggs' => 0]);
|
|
||||||
|
|
||||||
$response = $this->getJson('/api/application/nests/' . $egg->nest_id . '/eggs/nil');
|
|
||||||
$this->assertAccessDeniedJson($response);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -127,17 +127,4 @@ class NestControllerTest extends ApplicationApiIntegrationTestCase
|
||||||
$response = $this->getJson('/api/application/nests/' . $nest->id);
|
$response = $this->getJson('/api/application/nests/' . $nest->id);
|
||||||
$this->assertAccessDeniedJson($response);
|
$this->assertAccessDeniedJson($response);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Test that a nest's existence is not exposed unless an API key has permission
|
|
||||||
* to access the resource.
|
|
||||||
*/
|
|
||||||
public function testResourceIsNotExposedWithoutPermissions()
|
|
||||||
{
|
|
||||||
$nest = $this->repository->find(1);
|
|
||||||
$this->createNewDefaultApiKey($this->getApiUser(), ['r_nests' => 0]);
|
|
||||||
|
|
||||||
$response = $this->getJson('/api/application/nests/' . $nest->id);
|
|
||||||
$this->assertAccessDeniedJson($response);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -66,16 +66,4 @@ class ExternalUserControllerTest extends ApplicationApiIntegrationTestCase
|
||||||
$response = $this->getJson('/api/application/users/external/' . $user->external_id);
|
$response = $this->getJson('/api/application/users/external/' . $user->external_id);
|
||||||
$this->assertAccessDeniedJson($response);
|
$this->assertAccessDeniedJson($response);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Test that a users's existence is not exposed unless an API key has permission
|
|
||||||
* to access the resource.
|
|
||||||
*/
|
|
||||||
public function testResourceIsNotExposedWithoutPermissions()
|
|
||||||
{
|
|
||||||
$this->createNewDefaultApiKey($this->getApiUser(), ['r_users' => 0]);
|
|
||||||
|
|
||||||
$response = $this->getJson('/api/application/users/external/nil');
|
|
||||||
$this->assertAccessDeniedJson($response);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -201,18 +201,6 @@ class UserControllerTest extends ApplicationApiIntegrationTestCase
|
||||||
$this->assertAccessDeniedJson($response);
|
$this->assertAccessDeniedJson($response);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Test that a users's existence is not exposed unless an API key has permission
|
|
||||||
* to access the resource.
|
|
||||||
*/
|
|
||||||
public function testResourceIsNotExposedWithoutPermissions()
|
|
||||||
{
|
|
||||||
$this->createNewDefaultApiKey($this->getApiUser(), ['r_users' => 0]);
|
|
||||||
|
|
||||||
$response = $this->getJson('/api/application/users/nil');
|
|
||||||
$this->assertAccessDeniedJson($response);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Test that a user can be created.
|
* Test that a user can be created.
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -20,7 +20,7 @@ trait IntegrationJsonRequestAssertions
|
||||||
[
|
[
|
||||||
'code' => 'NotFoundHttpException',
|
'code' => 'NotFoundHttpException',
|
||||||
'status' => '404',
|
'status' => '404',
|
||||||
'detail' => 'The requested resource does not exist on this server.',
|
'detail' => 'The requested resource could not be found on the server.',
|
||||||
],
|
],
|
||||||
],
|
],
|
||||||
], true);
|
], true);
|
||||||
|
|
Loading…
Reference in a new issue