StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add API Management to admin CP

Browse source
This commit is contained in:
Dane Everitt 2016-01-16 19:56:48 -05:00
parent ade16e64c8
commit 3e595ca856
9 changed files with 395 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

43
app/Http/Controllers/Admin/APIController.php
View file

@ -4,9 +4,14 @@ namespace Pterodactyl\Http\Controllers\Admin;
use Alert;
use Log;
use Pterodactyl\Models;
use Pterodactyl\Models;
use Pterodactyl\Repositories\APIRepository;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Exceptions\DisplayValidationException;
use Pterodactyl\Exceptions\DisplayException;
use Illuminate\Http\Request;
class APIController extends Controller
@ -29,4 +34,40 @@ class APIController extends Controller
]);
}
public function getNew(Request $request)
{
return view('admin.api.new');
}
public function postNew(Request $request)
{
try {
$api = new APIRepository;
$secret = $api->new($request->except(['_token']));
Alert::info('An API Keypair has successfully been generated. The API secret for this public key is shown below and will not be shown again.<br /><br />Secret: <code>' . $secret . '</code>')->flash();
return redirect()->route('admin.api');
} catch (DisplayValidationException $ex) {
return redirect()->route('admin.api.new')->withErrors(json_decode($ex->getMessage()))->withInput();
} catch (DisplayException $ex) {
Alert::danger($ex->getMessage())->flash();
} catch (\Exception $ex) {
Log::error($ex);
Alert::danger('An unhandled exception occured while attempting to add this API key.')->flash();
}
return redirect()->route('admin.api.new')->withInput();
}
public function deleteRevokeKey(Request $request, $key)
{
try {
$api = new APIRepository;
$api->revoke($key);
return response('', 204);
} catch (\Exception $ex) {
return response()->json([
'error' => 'An error occured while attempting to remove this key.'
], 503);
}
}
}

5
app/Http/Routes/AdminRoutes.php
View file

@ -235,9 +235,12 @@ class AdminRoutes {
'as' => 'admin.api.new',
'uses' => 'Admin\APIController@getNew'
]);
$router->post('/new', [
'uses' => 'Admin\APIController@postNew'
]);
$router->delete('/revoke/{key?}', [
'as' => 'admin.api.revoke',
'uses' => 'Admin\APIController@deleteKey'
'uses' => 'Admin\APIController@deleteRevokeKey'
]);
});

6
app/Models/APIPermission.php
View file

@ -21,5 +21,11 @@ class APIPermission extends Model
*/
protected $guarded = ['id'];
/**
* Disable timestamps for this table.
*
* @var boolean
*/
public $timestamps = false;
}

151
app/Repositories/APIRepository.php Normal file
View file

@ -0,0 +1,151 @@
<?php
namespace Pterodactyl\Repositories;
use DB;
use Validator;
use IPTools\Network;
use Pterodactyl\Models;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Exceptions\DisplayValidationException;
class APIRepository
{
/**
* Valid API permissions.
* @var array
*/
protected $permissions = [
'*',
// User Management Routes
'api.users',
'api.users.view',
'api.users.post',
'api.users.delete',
'api.users.patch',
// Server Manaement Routes
'api.servers',
'api.servers.view',
'api.servers.post',
'api.servers.suspend',
'api.servers.unsuspend',
'api.servers.delete',
// Node Management Routes
'api.nodes',
'api.nodes.view',
'api.nodes.post',
'api.nodes.view_allocations',
'api.nodes.delete',
// Assorted Routes
'api.services',
'api.services.view',
'api.locations',
];
/**
* Holder for listing of allowed IPs when creating a new key.
* @var array
*/
protected $allowed = [];
/**
* Constructor
*/
public function __construct()
{
//
}
/**
* Create a New API Keypair on the system.
*
* @param array $data An array with a permissions and allowed_ips key.
*
* @throws Pterodactyl\Exceptions\DisplayException if there was an error that can be safely displayed to end-users.
* @throws Pterodactyl\Exceptions\DisplayValidationException if there was a validation error.
*
* @return string Returns the generated secret token.
*/
public function new(array $data)
{
$validator = Validator::make($data, [
'permissions' => 'required|array'
]);
$validator->after(function($validator) use ($data) {
if (array_key_exists('allowed_ips', $data) && !empty($data['allowed_ips'])) {
foreach(explode("\n", $data['allowed_ips']) as $ip) {
$ip = trim($ip);
try {
Network::parse($ip);
array_push($this->allowed, $ip);
} catch (\Exception $ex) {
$validator->errors()->add('allowed_ips', 'Could not parse IP <' . $ip . '> because it is in an invalid format.');
}
}
}
});
// Run validator, throw catchable and displayable exception if it fails.
// Exception includes a JSON result of failed validation rules.
if ($validator->fails()) {
throw new DisplayValidationException($validator->errors());
}
DB::beginTransaction();
$key = new Models\APIKey;
$key->fill([
'public' => str_random(16),
'secret' => str_random(16) . '.' . str_random(15),
'allowed_ips' => empty($this->allowed) ? null : json_encode($this->allowed)
]);
$key->save();
foreach($data['permissions'] as $permission) {
if (in_array($permission, $this->permissions)) {
$model = new Models\APIPermission;
$model->fill([
'key_id' => $key->id,
'permission' => $permission
]);
$model->save();
}
}
try {
DB::commit();
return $key->secret;
} catch (\Exception $ex) {
throw $ex;
}
}
/**
* Revokes an API key and associated permissions.
*
* @param string $key The public key.
*
* @throws Illuminate\Database\Eloquent\ModelNotFoundException
*
* @return void
*/
public function revoke(string $key)
{
DB::beginTransaction();
$model = Models\APIKey::where('public', $key)->firstOrFail();
$permissions = Models\APIPermission::where('key_id', $model->id)->delete();
$model->delete();
DB::commit();
}
}