cache = $cache; $this->serverRepository = $serverRepository; $this->userRepository = $userRepository; } /** * Route allowing the Wings daemon to validate that a websocket route request is * valid and that the given user has permission to access the resource. * * @param \Pterodactyl\Http\Requests\Api\Remote\AuthenticateWebsocketDetailsRequest $request * @param string $token * @return \Illuminate\Http\Response * * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException */ public function __invoke(AuthenticateWebsocketDetailsRequest $request, string $token) { $server = $this->serverRepository->getByUuid($request->input('server_uuid')); if (! $data = $this->cache->pull('ws:' . $token)) { throw new NotFoundHttpException; } /** @var \Pterodactyl\Models\User $user */ $user = $this->userRepository->find($data['user_id']); if (! $user->can('connect-to-ws', $server)) { throw new HttpException(Response::HTTP_FORBIDDEN, 'You do not have permission to access this resource.'); } /** @var \Pterodactyl\Models\Node $node */ $node = $request->attributes->get('node'); if ( $data['server_id'] !== $server->id || $node->id !== $server->node_id // @todo this doesn't work well in dev currently, need to look into this way more. // @todo stems from some issue with the way requests are being proxied. // || $data['request_ip'] !== $request->input('originating_request_ip') ) { throw new HttpException(Response::HTTP_BAD_REQUEST, 'The token provided is not valid for the requested resource.'); } return Response::create('', Response::HTTP_NO_CONTENT); } }