Merge branch 'feature/vuejs-serverlist' into feature/vue-serverview

app/Http/Controllers/Api/Client/ClientController.php

@@ -35,7 +35,9 @@ class ClientController extends ClientApiController
      */
     public function index(GetServersRequest $request): array
     {
-        $servers = $this->repository->filterUserAccessServers($request->user(), User::FILTER_LEVEL_SUBUSER);
+        $servers = $this->repository
+            ->setSearchTerm($request->input('query'))
+            ->filterUserAccessServers($request->user(), User::FILTER_LEVEL_ALL);
 
         return $this->fractal->collection($servers)
             ->transformWith($this->getTransformer(ServerTransformer::class))

app/Http/Controllers/Auth/LoginController.php

@@ -2,9 +2,11 @@
 
 namespace Pterodactyl\Http\Controllers\Auth;
 
+use Lcobucci\JWT\Builder;
 use Illuminate\Http\Request;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Contracts\View\View;
+use Lcobucci\JWT\Signer\Hmac\Sha256;
 use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
 
 class LoginController extends AbstractLoginController
@@ -63,11 +65,26 @@ class LoginController extends AbstractLoginController
                 'request_ip' => $request->ip(),
             ], 5);
 
-            return response()->json(['complete' => false, 'token' => $token]);
+            return response()->json(['complete' => false, 'login_token' => $token]);
         }
 
+        $signer = new Sha256();
+        $token = (new Builder)->setIssuer('http://pterodactyl.local')
+            ->setAudience('http://pterodactyl.local')
+            ->setId(str_random(12), true)
+            ->setIssuedAt(time())
+            ->setNotBefore(time())
+            ->setExpiration(time() + 3600)
+            ->set('uid', $user->id)
+            ->sign($signer, env('APP_JWT_KEY'))
+            ->getToken();
+
         $this->auth->guard()->login($user, true);
 
-        return response()->json(['complete' => true]);
+        return response()->json([
+            'complete' => true,
+            'intended' => $this->redirectPath(),
+            'token' => $token->__toString(),
+        ]);
     }
 }

app/Http/Middleware/Api/AuthenticateKey.php

@@ -3,6 +3,7 @@
 namespace Pterodactyl\Http\Middleware\Api;
 
 use Closure;
+use Lcobucci\JWT\Parser;
 use Cake\Chronos\Chronos;
 use Illuminate\Http\Request;
 use Pterodactyl\Models\ApiKey;
@@ -63,6 +64,23 @@ class AuthenticateKey
         }
 
         $raw = $request->bearerToken();
+
+        // This is an internal JWT, treat it differently to get the correct user
+        // before passing it along.
+        if (strlen($raw) > ApiKey::IDENTIFIER_LENGTH + ApiKey::KEY_LENGTH) {
+            $token = (new Parser)->parse($raw);
+
+            $model = (new ApiKey)->fill([
+                'user_id' => $token->getClaim('uid'),
+                'key_type' => ApiKey::TYPE_ACCOUNT,
+            ]);
+
+            $this->auth->guard()->loginUsingId($token->getClaim('uid'));
+            $request->attributes->set('api_key', $model);
+
+            return $next($request);
+        }
+
         $identifier = substr($raw, 0, ApiKey::IDENTIFIER_LENGTH);
         $token = substr($raw, ApiKey::IDENTIFIER_LENGTH);
 

app/Http/Middleware/Api/SetSessionDriver.php

@@ -4,7 +4,6 @@ namespace Pterodactyl\Http\Middleware\Api;
 
 use Closure;
 use Illuminate\Http\Request;
-use Barryvdh\Debugbar\LaravelDebugbar;
 use Illuminate\Contracts\Foundation\Application;
 use Illuminate\Contracts\Config\Repository as ConfigRepository;
 
@@ -41,10 +40,6 @@ class SetSessionDriver
      */
     public function handle(Request $request, Closure $next)
     {
-        if ($this->config->get('app.debug')) {
-            $this->app->make(LaravelDebugbar::class)->disable();
-        }
-
         $this->config->set('session.driver', 'array');
 
         return $next($request);