Get dashboard in a more working state

2018-06-05 23:42:34 -07:00 · 2018-06-05 23:42:34 -07:00 · 5bcabbde35
commit 5bcabbde35
parent e948d81d8a
10 changed files with 69 additions and 47 deletions
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@ -2,7 +2,6 @@

 namespace Pterodactyl\Http;

-use Pterodactyl\Http\Middleware\MaintenanceMiddleware;
 use Pterodactyl\Models\ApiKey;
 use Illuminate\Auth\Middleware\Authorize;
 use Illuminate\Auth\Middleware\Authenticate;
@ -21,6 +20,7 @@ use Illuminate\Routing\Middleware\SubstituteBindings;
 use Pterodactyl\Http\Middleware\AccessingValidServer;
 use Pterodactyl\Http\Middleware\Api\SetSessionDriver;
 use Illuminate\View\Middleware\ShareErrorsFromSession;
+use Pterodactyl\Http\Middleware\MaintenanceMiddleware;
 use Pterodactyl\Http\Middleware\RedirectIfAuthenticated;
 use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
 use Pterodactyl\Http\Middleware\Api\AuthenticateIPAccess;
@ -71,7 +71,7 @@ class Kernel extends HttpKernel
            RequireTwoFactorAuthentication::class,
        ],
        'api' => [
-            'throttle:120,1',
+            'throttle:240,1',
            ApiSubstituteBindings::class,
            SetSessionDriver::class,
            'api..key:' . ApiKey::TYPE_APPLICATION,
@ -79,7 +79,9 @@ class Kernel extends HttpKernel
            AuthenticateIPAccess::class,
        ],
        'client-api' => [
-            'throttle:60,1',
+            'throttle:240,1',
+            EncryptCookies::class,
+            StartSession::class,
            SubstituteClientApiBindings::class,
            SetSessionDriver::class,
            'api..key:' . ApiKey::TYPE_ACCOUNT,
--- a/app/Http/Middleware/Api/AuthenticateKey.php
+++ b/app/Http/Middleware/Api/AuthenticateKey.php
@ -5,6 +5,7 @@ namespace Pterodactyl\Http\Middleware\Api;
 use Closure;
 use Lcobucci\JWT\Parser;
 use Cake\Chronos\Chronos;
+use Illuminate\Support\Str;
 use Illuminate\Http\Request;
 use Pterodactyl\Models\ApiKey;
 use Illuminate\Auth\AuthManager;
@ -63,19 +64,24 @@ class AuthenticateKey
    public function handle(Request $request, Closure $next, int $keyType)
    {
        if (is_null($request->bearerToken())) {
-            throw new HttpException(401, null, null, ['WWW-Authenticate' => 'Bearer']);
+            if (! Str::startsWith($request->route()->getName(), ['api.client']) && ! $request->user()) {
+                throw new HttpException(401, null, null, ['WWW-Authenticate' => 'Bearer']);
+            }
        }

-        $raw = $request->bearerToken();
+        if (is_null($request->bearerToken())) {
+            $model = (new ApiKey)->forceFill([
+                'user_id' => $request->user()->id,
+                'key_type' => ApiKey::TYPE_ACCOUNT,
+            ]);
+        }

-        // This is an internal JWT, treat it differently to get the correct user before passing it along.
-        if (strlen($raw) > ApiKey::IDENTIFIER_LENGTH + ApiKey::KEY_LENGTH) {
-            $model = $this->authenticateJWT($raw);
-        } else {
+        if (! isset($model)) {
+            $raw = $request->bearerToken();
            $model = $this->authenticateApiKey($raw, $keyType);
+            $this->auth->guard()->loginUsingId($model->user_id);
        }

-        $this->auth->guard()->loginUsingId($model->user_id);
        $request->attributes->set('api_key', $model);

        return $next($request);