StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'develop' into feature/option-scripts

Browse source 
# Conflicts:
#	app/Http/Routes/AdminRoutes.php
#	app/Http/Routes/DaemonRoutes.php
#	app/Models/ServiceOption.php
This commit is contained in:
Dane Everitt 2017-04-20 17:08:08 -04:00
commit 8d24e5f168
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
683 changed files with 8854 additions and 12362 deletions
Download patch file Download diff file Expand all files Collapse all files

38
app/Http/Controllers/API/LocationController.php → app/Http/Controllers/API/Admin/LocationController.php Executable file → Normal file
View file

@ -22,38 +22,30 @@
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API;
namespace Pterodactyl\Http\Controllers\API\Admin;
use Fractal;
use Illuminate\Http\Request;
use Pterodactyl\Models\Location;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Transformers\Admin\LocationTransformer;
/**
* @Resource("Servers")
*/
class LocationController extends BaseController
class LocationController extends Controller
{
public function __construct()
{
//
}
/**
* List All Locations.
* Controller to handle returning all locations on the system.
*
* Lists all locations currently on the system.
*
* @Get("/locations")
* @Versions({"v1"})
* @Response(200)
* @param \Illuminate\Http\Request $request
* @return array
*/
public function lists(Request $request)
public function index(Request $request)
{
return Location::with('nodes')->get()->map(function ($item) {
$item->nodes->transform(function ($item) {
return collect($item)->only(['id', 'name', 'fqdn', 'scheme', 'daemonListen', 'daemonSFTP']);
});
$this->authorize('location-list', $request->apiKey());
return $item;
})->toArray();
return Fractal::create()
->collection(Location::all())
->transformWith(new LocationTransformer($request))
->withResourceName('location')
->toArray();
}
}

173
app/Http/Controllers/API/Admin/NodeController.php Normal file
View file

@ -0,0 +1,173 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API\Admin;
use Fractal;
use Illuminate\Http\Request;
use Pterodactyl\Models\Node;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Repositories\NodeRepository;
use Pterodactyl\Transformers\Admin\NodeTransformer;
use Pterodactyl\Exceptions\DisplayValidationException;
use League\Fractal\Pagination\IlluminatePaginatorAdapter;
class NodeController extends Controller
{
/**
* Controller to handle returning all nodes on the system.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function index(Request $request)
{
$this->authorize('node-list', $request->apiKey());
$nodes = Node::paginate(config('pterodactyl.paginate.api.nodes'));
$fractal = Fractal::create()->collection($nodes)
->transformWith(new NodeTransformer($request))
->withResourceName('user')
->paginateWith(new IlluminatePaginatorAdapter($nodes));
if (config('pterodactyl.api.include_on_list') && $request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->toArray();
}
/**
* Display information about a single node on the system.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return array
*/
public function view(Request $request, $id)
{
$this->authorize('node-view', $request->apiKey());
$fractal = Fractal::create()->item(Node::findOrFail($id));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->transformWith(new NodeTransformer($request))
->withResourceName('node')
->toArray();
}
/**
* Display information about a single node on the system.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\JsonResponse
*/
public function viewConfig(Request $request, $id)
{
$this->authorize('node-view-config', $request->apiKey());
$node = Node::findOrFail($id);
return response()->json(json_decode($node->getConfigurationAsJson()));
}
/**
* Create a new node on the system.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\JsonResponse|array
*/
public function store(Request $request)
{
$this->authorize('node-create', $request->apiKey());
$repo = new NodeRepository;
try {
$node = $repo->create(array_merge(
$request->only([
'public', 'disk_overallocate', 'memory_overallocate',
]),
$request->intersect([
'name', 'location_id', 'fqdn',
'scheme', 'memory', 'disk',
'daemonBase', 'daemonSFTP', 'daemonListen',
])
));
$fractal = Fractal::create()->item($node)->transformWith(new NodeTransformer($request));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->withResourceName('node')->toArray();
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to create this node. Please try again.',
], 500);
}
}
/**
* Delete a node from the system.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function delete(Request $request, $id)
{
$this->authorize('node-delete', $request->apiKey());
$repo = new NodeRepository;
try {
$repo->delete($id);
return response('', 204);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to delete this node. Please try again.',
], 500);
}
}
}

428
app/Http/Controllers/API/Admin/ServerController.php Normal file
View file

@ -0,0 +1,428 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API\Admin;
use Fractal;
use Illuminate\Http\Request;
use Pterodactyl\Models\Server;
use GuzzleHttp\Exception\TransferException;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Repositories\ServerRepository;
use Pterodactyl\Transformers\Admin\ServerTransformer;
use Pterodactyl\Exceptions\DisplayValidationException;
use League\Fractal\Pagination\IlluminatePaginatorAdapter;
class ServerController extends Controller
{
/**
* Controller to handle returning all servers on the system.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function index(Request $request)
{
$this->authorize('server-list', $request->apiKey());
$servers = Server::paginate(config('pterodactyl.paginate.api.servers'));
$fractal = Fractal::create()->collection($servers)
->transformWith(new ServerTransformer($request))
->withResourceName('user')
->paginateWith(new IlluminatePaginatorAdapter($servers));
if (config('pterodactyl.api.include_on_list') && $request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->toArray();
}
/**
* Controller to handle returning information on a single server.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return array
*/
public function view(Request $request, $id)
{
$this->authorize('server-view', $request->apiKey());
$server = Server::findOrFail($id);
$fractal = Fractal::create()->item($server);
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->transformWith(new ServerTransformer($request))
->withResourceName('server')
->toArray();
}
/**
* Create a new server on the system.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\JsonResponse|array
*/
public function store(Request $request)
{
$this->authorize('server-create', $request->apiKey());
$repo = new ServerRepository;
try {
$server = $repo->create($request->all());
$fractal = Fractal::create()->item($server)->transformWith(new ServerTransformer($request));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->withResourceName('server')->toArray();
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (TransferException $ex) {
Log::warning($ex);
return response()->json([
'error' => 'A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.',
], 504);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to add this server. Please try again.',
], 500);
}
}
/**
* Delete a server from the system.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function delete(Request $request, $id)
{
$this->authorize('server-delete', $request->apiKey());
$repo = new ServerRepository;
try {
$repo->delete($id, $request->has('force_delete'));
return response('', 204);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (TransferException $ex) {
Log::warning($ex);
return response()->json([
'error' => 'A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.',
], 504);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to add this server. Please try again.',
], 500);
}
}
/**
* Update the details for a server.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\JsonResponse|array
*/
public function details(Request $request, $id)
{
$this->authorize('server-edit-details', $request->apiKey());
$repo = new ServerRepository;
try {
$server = $repo->updateDetails($id, $request->intersect([
'owner_id', 'name', 'description', 'reset_token',
]));
$fractal = Fractal::create()->item($server)->transformWith(new ServerTransformer($request));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->withResourceName('server')->toArray();
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to modify this server. Please try again.',
], 500);
}
}
/**
* Set the new docker container for a server.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse|array
*/
public function container(Request $request, $id)
{
$this->authorize('server-edit-container', $request->apiKey());
$repo = new ServerRepository;
try {
$server = $repo->updateContainer($id, $request->intersect('docker_image'));
$fractal = Fractal::create()->item($server)->transformWith(new ServerTransformer($request));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->withResourceName('server')->toArray();
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (TransferException $ex) {
Log::warning($ex);
return response()->json([
'error' => 'A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.',
], 504);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to modify this server container. Please try again.',
], 500);
}
}
/**
* Toggles the install status for a server.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function install(Request $request, $id)
{
$this->authorize('server-install', $request->apiKey());
$repo = new ServerRepository;
try {
$repo->toggleInstall($id);
return response('', 204);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to toggle the install status for this server. Please try again.',
], 500);
}
}
/**
* Setup a server to have a container rebuild.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function rebuild(Request $request, $id)
{
$this->authorize('server-rebuild', $request->apiKey());
$server = Server::with('node')->findOrFail($id);
try {
$server->node->guzzleClient([
'X-Access-Server' => $server->uuid,
'X-Access-Token' => $server->node->daemonSecret,
])->request('POST', '/server/rebuild');
return response('', 204);
} catch (TransferException $ex) {
Log::warning($ex);
return response()->json([
'error' => 'A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.',
], 504);
}
}
/**
* Manage the suspension status for a server.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function suspend(Request $request, $id)
{
$this->authorize('server-suspend', $request->apiKey());
$repo = new ServerRepository;
$action = $request->input('action');
if (! in_array($action, ['suspend', 'unsuspend'])) {
return response()->json([
'error' => 'The action provided was invalid. Action should be one of: suspend, unsuspend.',
], 400);
}
try {
$repo->toggleAccess($id, ($action === 'unsuspend'));
return response('', 204);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (TransferException $ex) {
Log::warning($ex);
return response()->json([
'error' => 'A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.',
], 504);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to ' . $action . ' this server. Please try again.',
], 500);
}
}
/**
* Update the build configuration for a server.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\JsonResponse|array
*/
public function build(Request $request, $id)
{
$this->authorize('server-edit-build', $request->apiKey());
$repo = new ServerRepository;
try {
$server = $repo->changeBuild($id, $request->intersect([
'allocation_id', 'add_allocations', 'remove_allocations',
'memory', 'swap', 'io', 'cpu',
]));
$fractal = Fractal::create()->item($server)->transformWith(new ServerTransformer($request));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->withResourceName('server')->toArray();
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (TransferException $ex) {
Log::warning($ex);
return response()->json([
'error' => 'A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.',
], 504);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to modify the build settings for this server. Please try again.',
], 500);
}
}
/**
* Update the startup command as well as variables.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function startup(Request $request, $id)
{
$this->authorize('server-edit-startup', $request->apiKey());
$repo = new ServerRepository;
try {
$repo->updateStartup($id, $request->all(), true);
return response('', 204);
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (TransferException $ex) {
Log::warning($ex);
return response()->json([
'error' => 'A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.',
], 504);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to modify the startup settings for this server. Please try again.',
], 500);
}
}
}

74
app/Http/Controllers/API/Admin/ServiceController.php Normal file
View file

@ -0,0 +1,74 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API\Admin;
use Fractal;
use Illuminate\Http\Request;
use Pterodactyl\Models\Service;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Transformers\Admin\ServiceTransformer;
class ServiceController extends Controller
{
/**
* Controller to handle returning all locations on the system.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function index(Request $request)
{
$this->authorize('service-list', $request->apiKey());
return Fractal::create()
->collection(Service::all())
->transformWith(new ServiceTransformer($request))
->withResourceName('service')
->toArray();
}
/**
* Controller to handle returning information on a single server.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return array
*/
public function view(Request $request, $id)
{
$this->authorize('service-view', $request->apiKey());
$service = Service::findOrFail($id);
$fractal = Fractal::create()->item($service);
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->transformWith(new ServiceTransformer($request))
->withResourceName('service')
->toArray();
}
}

184
app/Http/Controllers/API/Admin/UserController.php Normal file
View file

@ -0,0 +1,184 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API\Admin;
use Fractal;
use Illuminate\Http\Request;
use Pterodactyl\Models\User;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Repositories\UserRepository;
use Pterodactyl\Transformers\Admin\UserTransformer;
use Pterodactyl\Exceptions\DisplayValidationException;
use League\Fractal\Pagination\IlluminatePaginatorAdapter;
class UserController extends Controller
{
/**
* Controller to handle returning all users on the system.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function index(Request $request)
{
$this->authorize('user-list', $request->apiKey());
$users = User::paginate(config('pterodactyl.paginate.api.users'));
$fractal = Fractal::create()->collection($users)
->transformWith(new UserTransformer($request))
->withResourceName('user')
->paginateWith(new IlluminatePaginatorAdapter($users));
if (config('pterodactyl.api.include_on_list') && $request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->toArray();
}
/**
* Display information about a single user on the system.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return array
*/
public function view(Request $request, $id)
{
$this->authorize('user-view', $request->apiKey());
$fractal = Fractal::create()->item(User::findOrFail($id));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->transformWith(new UserTransformer($request))
->withResourceName('user')
->toArray();
}
/**
* Create a new user on the system.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\JsonResponse|array
*/
public function store(Request $request)
{
$this->authorize('user-create', $request->apiKey());
$repo = new UserRepository;
try {
$user = $repo->create($request->only([
'custom_id', 'email', 'password', 'name_first',
'name_last', 'username', 'root_admin',
]));
$fractal = Fractal::create()->item($user)->transformWith(new UserTransformer($request));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->withResourceName('user')->toArray();
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to create this user. Please try again.',
], 500);
}
}
/**
* Update a user.
*
* @param \Illuminate\Http\Request $request
* @param int $user
* @return \Illuminate\Http\RedirectResponse
*/
public function update(Request $request, $user)
{
$this->authorize('user-edit', $request->apiKey());
$repo = new UserRepository;
try {
$user = $repo->update($user, $request->intersect([
'email', 'password', 'name_first',
'name_last', 'username', 'root_admin',
]));
$fractal = Fractal::create()->item($user)->transformWith(new UserTransformer($request));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->withResourceName('user')->toArray();
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to update this user. Please try again.',
], 500);
}
}
/**
* Delete a user from the system.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function delete(Request $request, $id)
{
$this->authorize('user-delete', $request->apiKey());
$repo = new UserRepository;
try {
$repo->delete($id);
return response('', 204);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to delete this user. Please try again.',
], 500);
}
}
}

33
app/Http/Controllers/API/BaseController.php
View file

@ -1,33 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API;
use Dingo\Api\Routing\Helpers;
use Illuminate\Routing\Controller;
class BaseController extends Controller
{
use Helpers;
}

216
app/Http/Controllers/API/NodeController.php
View file

@ -1,216 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API;
use Log;
use Pterodactyl\Models;
use Illuminate\Http\Request;
use Dingo\Api\Exception\ResourceException;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Repositories\NodeRepository;
use Pterodactyl\Exceptions\DisplayValidationException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
/**
* @Resource("Servers")
*/
class NodeController extends BaseController
{
public function __construct()
{
//
}
/**
* List All Nodes.
*
* Lists all nodes currently on the system.
*
* @Get("/nodes/{?page}")
* @Versions({"v1"})
* @Parameters({
* @Parameter("page", type="integer", description="The page of results to view.", default=1)
* })
* @Response(200)
*/
public function lists(Request $request)
{
return Models\Node::all()->toArray();
}
/**
* Create a New Node.
*
* @Post("/nodes")
* @Versions({"v1"})
* @Transaction({
* @Request({
* 'name' => 'My API Node',
* 'location' => 1,
* 'public' => 1,
* 'fqdn' => 'daemon.wuzzle.woo',
* 'scheme' => 'https',
* 'memory' => 10240,
* 'memory_overallocate' => 100,
* 'disk' => 204800,
* 'disk_overallocate' => -1,
* 'daemonBase' => '/srv/daemon-data',
* 'daemonSFTP' => 2022,
* 'daemonListen' => 8080
* }, headers={"Authorization": "Bearer <jwt-token>"}),
* @Response(200),
* @Response(422, body={
* "message": "A validation error occured.",
* "errors": {},
* "status_code": 422
* }),
* @Response(503, body={
* "message": "There was an error while attempting to add this node to the system.",
* "status_code": 503
* })
* })
*/
public function create(Request $request)
{
try {
$repo = new NodeRepository;
$node = $repo->create($request->only([
'name', 'location_id', 'public', 'fqdn',
'scheme', 'memory', 'memory_overallocate',
'disk', 'disk_overallocate', 'daemonBase',
'daemonSFTP', 'daemonListen',
]));
return ['id' => $repo->id];
} catch (DisplayValidationException $ex) {
throw new ResourceException('A validation error occured.', json_decode($ex->getMessage(), true));
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
Log::error($ex);
throw new BadRequestHttpException('There was an error while attempting to add this node to the system.');
}
}
/**
* List Specific Node.
*
* Lists specific fields about a server or all fields pertaining to that node.
*
* @Get("/nodes/{id}/{?fields}")
* @Versions({"v1"})
* @Parameters({
* @Parameter("id", type="integer", required=true, description="The ID of the node to get information on."),
* @Parameter("fields", type="string", required=false, description="A comma delimidated list of fields to include.")
* })
* @Response(200)
*/
public function view(Request $request, $id, $fields = null)
{
$node = Models\Node::with('allocations')->where('id', $id)->first();
if (! $node) {
throw new NotFoundHttpException('No node by that ID was found.');
}
$node->allocations->transform(function ($item) {
return collect($item)->only([
'id', 'ip', 'ip_alias', 'port', 'server_id',
]);
});
if (! is_null($request->input('fields'))) {
$fields = explode(',', $request->input('fields'));
if (! empty($fields) && is_array($fields)) {
return collect($node)->only($fields);
}
}
return $node;
}
public function config(Request $request, $id)
{
$node = Models\Node::where('id', $id)->first();
if (! $node) {
throw new NotFoundHttpException('No node by that ID was found.');
}
return $node->getConfigurationAsJson();
}
/**
* List all Node Allocations.
*
* Returns a listing of all allocations for every node.
*
* @Get("/nodes/allocations")
* @Versions({"v1"})
* @Response(200)
*/
public function allocations(Request $request)
{
return Models\Allocation::all()->toArray();
}
/**
* List Node Allocation based on assigned to ID.
*
* Returns a listing of the allocation for the specified server id.
*
* @Get("/nodes/allocations/{id}")
* @Versions({"v1"})
* @Response(200)
*/
public function allocationsView(Request $request, $id)
{
return Models\Allocation::where('server_id', $id)->get()->toArray();
}
/**
* Delete Node.
*
* @Delete("/nodes/{id}")
* @Versions({"v1"})
* @Parameters({
* @Parameter("id", type="integer", required=true, description="The ID of the node."),
* })
* @Response(204)
*/
public function delete(Request $request, $id)
{
try {
$node = new NodeRepository;
$node->delete($id);
return $this->response->noContent();
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $e) {
throw new ServiceUnavailableHttpException('An error occured while attempting to delete this node.');
}
}
}

296
app/Http/Controllers/API/ServerController.php
View file

@ -1,296 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API;
use Log;
use Pterodactyl\Models;
use Illuminate\Http\Request;
use Dingo\Api\Exception\ResourceException;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Repositories\ServerRepository;
use Pterodactyl\Exceptions\DisplayValidationException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
/**
* @Resource("Servers")
*/
class ServerController extends BaseController
{
public function __construct()
{
//
}
/**
* List All Servers.
*
* Lists all servers currently on the system.
*
* @Get("/servers/{?page}")
* @Versions({"v1"})
* @Parameters({
* @Parameter("page", type="integer", description="The page of results to view.", default=1)
* })
* @Response(200)
*/
public function lists(Request $request)
{
return Models\Server::all()->toArray();
}
/**
* Create Server.
*
* @Post("/servers")
* @Versions({"v1"})
* @Response(201)
*/
public function create(Request $request)
{
try {
$repo = new ServerRepository;
$server = $repo->create($request->all());
return ['id' => $server->id];
} catch (DisplayValidationException $ex) {
throw new ResourceException('A validation error occured.', json_decode($ex->getMessage(), true));
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
Log::error($ex);
throw new BadRequestHttpException('There was an error while attempting to add this server to the system.');
}
}
/**
* List Specific Server.
*
* Lists specific fields about a server or all fields pertaining to that server.
*
* @Get("/servers/{id}{?fields}")
* @Versions({"v1"})
* @Parameters({
* @Parameter("id", type="integer", required=true, description="The ID of the server to get information on."),
* @Parameter("fields", type="string", required=false, description="A comma delimidated list of fields to include.")
* })
* @Response(200)
*/
public function view(Request $request, $id)
{
$server = Models\Server::with('node', 'allocations', 'pack')->where('id', $id)->first();
if (! $server) {
throw new NotFoundHttpException('No server by that ID was found.');
}
if (! is_null($request->input('fields'))) {
$fields = explode(',', $request->input('fields'));
if (! empty($fields) && is_array($fields)) {
return collect($server)->only($fields);
}
}
if ($request->input('daemon') === 'true') {
try {
$response = $server->node->guzzleClient([
'X-Access-Token' => $server->node->daemonSecret,
])->request('GET', '/servers');
$server->daemon = json_decode($response->getBody())->{$server->uuid};
} catch (\GuzzleHttp\Exception\TransferException $ex) {
// Couldn't hit the daemon, return what we have though.
$server->daemon = [
'error' => 'There was an error encountered while attempting to connect to the remote daemon.',
];
}
}
$server->allocations->transform(function ($item) {
return collect($item)->except(['created_at', 'updated_at']);
});
return $server->toArray();
}
/**
* Update Server configuration.
*
* Updates display information on panel.
*
* @Patch("/servers/{id}/config")
* @Versions({"v1"})
* @Transaction({
* @Request({
* "owner": "new@email.com",
* "name": "New Name",
* "reset_token": true
* }, headers={"Authorization": "Bearer <token>"}),
* @Response(200, body={"name": "New Name"}),
* @Response(422)
* })
* @Parameters({
* @Parameter("id", type="integer", required=true, description="The ID of the server to modify.")
* })
*/
public function config(Request $request, $id)
{
try {
$server = new ServerRepository;
$server->updateDetails($id, $request->only([
'owner', 'name', 'reset_token',
]));
return Models\Server::findOrFail($id);
} catch (DisplayValidationException $ex) {
throw new ResourceException('A validation error occured.', json_decode($ex->getMessage(), true));
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
throw new ServiceUnavailableHttpException('Unable to update server on system due to an error.');
}
}
/**
* Update Server Build Configuration.
*
* Updates server build information on panel and on node.
*
* @Patch("/servers/{id}/build")
* @Versions({"v1"})
* @Transaction({
* @Request({
* "default": "192.168.0.1:25565",
* "add_additional": [
* "192.168.0.1:25566",
* "192.168.0.1:25567",
* "192.168.0.1:25568"
* ],
* "remove_additional": [],
* "memory": 1024,
* "swap": 0,
* "io": 500,
* "cpu": 0,
* "disk": 1024
* }, headers={"Authorization": "Bearer <token>"}),
* @Response(200, body={"name": "New Name"}),
* @Response(422)
* })
* @Parameters({
* @Parameter("id", type="integer", required=true, description="The ID of the server to modify.")
* })
*/
public function build(Request $request, $id)
{
try {
$server = new ServerRepository;
$server->changeBuild($id, $request->only([
'default', 'add_additional', 'remove_additional',
'memory', 'swap', 'io', 'cpu', 'disk',
]));
return Models\Server::findOrFail($id);
} catch (DisplayValidationException $ex) {
throw new ResourceException('A validation error occured.', json_decode($ex->getMessage(), true));
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
throw new ServiceUnavailableHttpException('Unable to update server on system due to an error.');
}
}
/**
* Suspend Server.
*
* @Post("/servers/{id}/suspend")
* @Versions({"v1"})
* @Parameters({
* @Parameter("id", type="integer", required=true, description="The ID of the server."),
* })
* @Response(204)
*/
public function suspend(Request $request, $id)
{
try {
$server = new ServerRepository;
$server->suspend($id);
return $this->response->noContent();
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
throw new ServiceUnavailableHttpException('An error occured while attempting to suspend this server instance.');
}
}
/**
* Unsuspend Server.
*
* @Post("/servers/{id}/unsuspend")
* @Versions({"v1"})
* @Parameters({
* @Parameter("id", type="integer", required=true, description="The ID of the server."),
* })
* @Response(204)
*/
public function unsuspend(Request $request, $id)
{
try {
$server = new ServerRepository;
$server->unsuspend($id);
return $this->response->noContent();
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
throw new ServiceUnavailableHttpException('An error occured while attempting to unsuspend this server instance.');
}
}
/**
* Delete Server.
*
* @Delete("/servers/{id}/{force}")
* @Versions({"v1"})
* @Parameters({
* @Parameter("id", type="integer", required=true, description="The ID of the server."),
* @Parameter("force", type="string", required=false, description="Use 'force' if the server should be removed regardless of daemon response."),
* })
* @Response(204)
*/
public function delete(Request $request, $id, $force = null)
{
try {
$server = new ServerRepository;
$server->deleteServer($id, $force);
return $this->response->noContent();
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $e) {
throw new ServiceUnavailableHttpException('An error occured while attempting to delete this server.');
}
}
}

55
app/Http/Controllers/API/ServiceController.php
View file

@ -1,55 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API;
use Pterodactyl\Models;
use Illuminate\Http\Request;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
/**
* @Resource("Services")
*/
class ServiceController extends BaseController
{
public function __construct()
{
//
}
public function lists(Request $request)
{
return Models\Service::all()->toArray();
}
public function view(Request $request, $id)
{
$service = Models\Service::with('options.variables', 'options.packs')->find($id);
if (! $service) {
throw new NotFoundHttpException('No service by that ID was found.');
}
return $service->toArray();
}
}

34
app/Http/Controllers/API/User/InfoController.php → app/Http/Controllers/API/User/CoreController.php
View file

@ -24,24 +24,28 @@
namespace Pterodactyl\Http\Controllers\API\User;
use Fractal;
use Illuminate\Http\Request;
use Pterodactyl\Http\Controllers\API\BaseController;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Transformers\User\OverviewTransformer;
class InfoController extends BaseController
class CoreController extends Controller
{
public function me(Request $request)
/**
* Controller to handle base user request for all of their servers.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function index(Request $request)
{
return $request->user()->serverAccessCollection()->load('allocation', 'option')->map(function ($server) {
return [
'id' => $server->uuidShort,
'uuid' => $server->uuid,
'name' => $server->name,
'node' => $server->node->name,
'ip' => $server->allocation->alias,
'port' => $server->allocation->port,
'service' => $server->service->name,
'option' => $server->option->name,
];
})->all();
$this->authorize('user.server-list', $request->apiKey());
$servers = $request->user()->access('service', 'node', 'allocation', 'option')->get();
return Fractal::collection($servers)
->transformWith(new OverviewTransformer)
->withResourceName('server')
->toArray();
}
}

114
app/Http/Controllers/API/User/ServerController.php
View file

@ -24,78 +24,76 @@
namespace Pterodactyl\Http\Controllers\API\User;
use Log;
use Pterodactyl\Models;
use Fractal;
use Illuminate\Http\Request;
use Pterodactyl\Http\Controllers\API\BaseController;
use Pterodactyl\Models\Server;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Repositories\Daemon\PowerRepository;
use Pterodactyl\Transformers\User\ServerTransformer;
use Pterodactyl\Repositories\Daemon\CommandRepository;
class ServerController extends BaseController
class ServerController extends Controller
{
public function info(Request $request, $uuid)
/**
* Controller to handle base request for individual server information.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return array
*/
public function index(Request $request, $uuid)
{
$server = Models\Server::byUuid($uuid)->load('allocations');
$this->authorize('user.server-view', $request->apiKey());
try {
$response = $server->guzzleClient()->request('GET', '/server');
$server = Server::byUuid($uuid);
$fractal = Fractal::create()->item($server);
$json = json_decode($response->getBody());
$daemon = [
'status' => $json->status,
'stats' => $json->proc,
];
} catch (\Exception $ex) {
$daemon = [
'error' => 'An error was encountered while trying to connect to the daemon to collect information. It might be offline.',
];
Log::error($ex);
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return [
'uuidShort' => $server->uuidShort,
'uuid' => $server->uuid,
'name' => $server->name,
'node' => $server->node->name,
'limits' => [
'memory' => $server->memory,
'swap' => $server->swap,
'disk' => $server->disk,
'io' => $server->io,
'cpu' => $server->cpu,
'oom_disabled' => (bool) $server->oom_disabled,
],
'allocations' => $server->allocations->map(function ($item) use ($server) {
return [
'ip' => $item->alias,
'port' => $item->port,
'default' => ($item->id === $server->allocation_id),
];
}),
'sftp' => [
'username' => ($request->user()->can('view-sftp', $server)) ? $server->username : null,
],
'daemon' => [
'token' => $server->daemonSecret,
'response' => $daemon,
],
];
return $fractal->transformWith(new ServerTransformer)
->withResourceName('server')
->toArray();
}
/**
* Controller to handle request for server power toggle.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\Http\Response
*/
public function power(Request $request, $uuid)
{
$server = Models\Server::byUuid($uuid);
Auth::user()->can('power-' . $request->input('action'), $server);
$this->authorize('user.server-power', $request->apiKey());
$res = $server->guzzleClient()->request('PUT', '/server/power', [
'exceptions' => false,
'json' => [
'action' => $request->input('action'),
],
]);
$server = Server::byUuid($uuid);
$request->user()->can('power-' . $request->input('action'), $server);
if ($res->getStatusCode() !== 204) {
return $this->response->error(json_decode($res->getBody())->error, $res->getStatusCode());
}
$repo = new PowerRepository($server, $request->user());
$repo->do($request->input('action'));
return $this->response->noContent();
return response('', 204)->header('Content-Type', 'application/json');
}
/**
* Controller to handle base request for individual server information.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\Http\Response
*/
public function command(Request $request, $uuid)
{
$this->authorize('user.server-command', $request->apiKey());
$server = Server::byUuid($uuid);
$request->user()->can('send-command', $server);
$repo = new CommandRepository($server, $request->user());
$repo->send($request->input('command'));
return response('', 204)->header('Content-Type', 'application/json');
}
}

202
app/Http/Controllers/API/UserController.php
View file

@ -1,202 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API;
use Pterodactyl\Models;
use Illuminate\Http\Request;
use Dingo\Api\Exception\ResourceException;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Repositories\UserRepository;
use Pterodactyl\Exceptions\DisplayValidationException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
/**
* @Resource("Users")
*/
class UserController extends BaseController
{
public function __construct()
{
}
/**
* List All Users.
*
* Lists all users currently on the system.
*
* @Get("/users/{?page}")
* @Versions({"v1"})
* @Parameters({
* @Parameter("page", type="integer", description="The page of results to view.", default=1)
* })
* @Response(200)
*/
public function lists(Request $request)
{
return Models\User::all()->toArray();
}
/**
* List Specific User.
*
* Lists specific fields about a user or all fields pertaining to that user.
*
* @Get("/users/{id}/{fields}")
* @Versions({"v1"})
* @Parameters({
* @Parameter("id", type="integer", required=true, description="The ID of the user to get information on."),
* @Parameter("fields", type="string", required=false, description="A comma delimidated list of fields to include.")
* })
* @Response(200)
*/
public function view(Request $request, $id)
{
$user = Models\User::with('servers')->where((is_numeric($id) ? 'id' : 'email'), $id)->first();
if (! $user->first()) {
throw new NotFoundHttpException('No user by that ID was found.');
}
$user->servers->transform(function ($item) {
return collect($item)->only([
'id', 'node_id', 'uuidShort',
'uuid', 'name', 'suspended',
'owner_id',
]);
});
if (! is_null($request->input('fields'))) {
$fields = explode(',', $request->input('fields'));
if (! empty($fields) && is_array($fields)) {
return collect($user)->only($fields);
}
}
return $user->toArray();
}
/**
* Create a New User.
*
* @Post("/users")
* @Versions({"v1"})
* @Transaction({
* @Request({
* "email": "foo@example.com",
* "password": "foopassword",
* "admin": false,
* "custom_id": 123
* }, headers={"Authorization": "Bearer <token>"}),
* @Response(201),
* @Response(422)
* })
*/
public function create(Request $request)
{
try {
$user = new UserRepository;
$create = $user->create($request->only([
'email', 'username', 'name_first',
'name_last', 'password',
'root_admin', 'custom_id',
]));
$create = $user->create($request->input('email'), $request->input('password'), $request->input('admin'), $request->input('custom_id'));
return ['id' => $create];
} catch (DisplayValidationException $ex) {
throw new ResourceException('A validation error occured.', json_decode($ex->getMessage(), true));
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
throw new ServiceUnavailableHttpException('Unable to create a user on the system due to an error.');
}
}
/**
* Update an Existing User.
*
* The data sent in the request will be used to update the existing user on the system.
*
* @Patch("/users/{id}")
* @Versions({"v1"})
* @Transaction({
* @Request({
* "email": "new@email.com"
* }, headers={"Authorization": "Bearer <token>"}),
* @Response(200, body={"email": "new@email.com"}),
* @Response(422)
* })
* @Parameters({
* @Parameter("id", type="integer", required=true, description="The ID of the user to modify.")
* })
*/
public function update(Request $request, $id)
{
try {
$user = new UserRepository;
$user->update($id, $request->only([
'username', 'email', 'name_first',
'name_last', 'password',
'root_admin', 'language',
]));
return Models\User::findOrFail($id);
} catch (DisplayValidationException $ex) {
throw new ResourceException('A validation error occured.', json_decode($ex->getMessage(), true));
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
throw new ServiceUnavailableHttpException('Unable to update a user on the system due to an error.');
}
}
/**
* Delete a User.
*
* @Delete("/users/{id}")
* @Versions({"v1"})
* @Transaction({
* @Request(headers={"Authorization": "Bearer <token>"}),
* @Response(204),
* @Response(422)
* })
* @Parameters({
* @Parameter("id", type="integer", required=true, description="The ID of the user to delete.")
* })
*/
public function delete(Request $request, $id)
{
try {
$user = new UserRepository;
$user->delete($id);
return $this->response->noContent();
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
throw new ServiceUnavailableHttpException('Unable to delete this user due to an error.');
}
}
}

26
app/Http/Controllers/Admin/BaseController.php
View file

@ -33,30 +33,38 @@ use Pterodactyl\Http\Controllers\Controller;
class BaseController extends Controller
{
/**
* Controller Constructor.
* Return the admin index view.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function __construct()
{
//
}
public function getIndex(Request $request)
{
return view('admin.index');
}
/**
* Return the admin settings view.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function getSettings(Request $request)
{
return view('admin.settings');
}
/**
* Handle settings post request.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse
*/
public function postSettings(Request $request)
{
$validator = Validator::make($request->all(), [
'company' => 'required|between:1,256',
'default_language' => 'required|alpha_dash|min:2|max:5',
'email_from' => 'required|email',
'email_sender_name' => 'required|between:1,256',
]);
if ($validator->fails()) {
@ -65,8 +73,6 @@ class BaseController extends Controller
Settings::set('company', $request->input('company'));
Settings::set('default_language', $request->input('default_language'));
Settings::set('email_from', $request->input('email_from'));
Settings::set('email_sender_name', $request->input('email_sender_name'));
Alert::success('Settings have been successfully updated.')->flash();

16
app/Http/Controllers/Admin/DatabaseController.php
View file

@ -40,7 +40,7 @@ class DatabaseController extends Controller
/**
* Display database host index.
*
* @param Request $request
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function index(Request $request)
@ -54,8 +54,8 @@ class DatabaseController extends Controller
/**
* Display database host to user.
*
* @param Request $request
* @param int $id
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\View\View
*/
public function view(Request $request, $id)
@ -69,8 +69,8 @@ class DatabaseController extends Controller
/**
* Handle post request to create database host.
*
* @param Request $request
* @return \Illuminate\Response\RedirectResponse
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse
*/
public function create(Request $request)
{
@ -99,9 +99,9 @@ class DatabaseController extends Controller
/**
* Handle post request to update a database host.
*
* @param Request $request
* @param int $id
* @return \Illuminate\Response\RedirectResponse
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function update(Request $request, $id)
{

16
app/Http/Controllers/Admin/LocationController.php
View file

@ -38,7 +38,7 @@ class LocationController extends Controller
/**
* Return the location overview page.
*
* @param Request $request
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function index(Request $request)
@ -51,8 +51,8 @@ class LocationController extends Controller
/**
* Return the location view page.
*
* @param Request $request
* @param int $id
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\View\View
*/
public function view(Request $request, $id)
@ -63,8 +63,8 @@ class LocationController extends Controller
/**
* Handle request to create new location.
*
* @param Request $request
* @return \Illuminate\Response\RedirectResponse
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse
*/
public function create(Request $request)
{
@ -88,9 +88,9 @@ class LocationController extends Controller
/**
* Handle request to update or delete location.
*
* @param Request $request
* @param int $id
* @return \Illuminate\Response\RedirectResponse
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function update(Request $request, $id)
{

70
app/Http/Controllers/Admin/NodesController.php
View file

@ -40,7 +40,7 @@ class NodesController extends Controller
/**
* Displays the index page listing all nodes on the panel.
*
* @param Request $request
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function index(Request $request)
@ -57,10 +57,10 @@ class NodesController extends Controller
/**
* Displays create new node page.
*
* @param Request $request
* @return \Illuminate\View\View|\Illuminate\Response\RedirectResponse
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View|\Illuminate\Http\RedirectResponse
*/
public function new(Request $request)
public function create(Request $request)
{
$locations = Models\Location::all();
if (! $locations->count()) {
@ -75,10 +75,10 @@ class NodesController extends Controller
/**
* Post controller to create a new node on the system.
*
* @param Request $request
* @return \Illuminate\Response\RedirectResponse
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse
*/
public function create(Request $request)
public function store(Request $request)
{
try {
$repo = new NodeRepository;
@ -110,9 +110,8 @@ class NodesController extends Controller
/**
* Shows the index overview page for a specific node.
*
* @param Request $request
* @param int $id The ID of the node to display information for.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\View\View
*/
public function viewIndex(Request $request, $id)
@ -138,9 +137,8 @@ class NodesController extends Controller
/**
* Shows the settings page for a specific node.
*
* @param Request $request
* @param int $id The ID of the node to display information for.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\View\View
*/
public function viewSettings(Request $request, $id)
@ -154,9 +152,8 @@ class NodesController extends Controller
/**
* Shows the configuration page for a specific node.
*
* @param Request $request
* @param int $id The ID of the node to display information for.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\View\View
*/
public function viewConfiguration(Request $request, $id)
@ -169,9 +166,8 @@ class NodesController extends Controller
/**
* Shows the allocation page for a specific node.
*
* @param Request $request
* @param int $id The ID of the node to display information for.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\View\View
*/
public function viewAllocation(Request $request, $id)
@ -189,9 +185,8 @@ class NodesController extends Controller
/**
* Shows the server listing page for a specific node.
*
* @param Request $request
* @param int $id The ID of the node to display information for.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\View\View
*/
public function viewServers(Request $request, $id)
@ -209,8 +204,8 @@ class NodesController extends Controller
/**
* Updates settings for a node.
*
* @param Request $request
* @param int $node
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function updateSettings(Request $request, $id)
@ -244,9 +239,9 @@ class NodesController extends Controller
/**
* Removes a single allocation from a node.
*
* @param Request $request
* @param int $node
* @param int $allocation [description]
* @param \Illuminate\Http\Request $request
* @param int $node
* @param int $allocation
* @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function allocationRemoveSingle(Request $request, $node, $allocation)
@ -264,8 +259,8 @@ class NodesController extends Controller
/**
* Remove all allocations for a specific IP at once on a node.
*
* @param Request $request
* @param int $node
* @param \Illuminate\Http\Request $request
* @param int $node
* @return \Illuminate\Http\RedirectResponse
*/
public function allocationRemoveBlock(Request $request, $node)
@ -283,10 +278,9 @@ class NodesController extends Controller
/**
* Sets an alias for a specific allocation on a node.
*
* @param Request $request
* @param int $node
* @param \Illuminate\Http\Request $request
* @param int $node
* @return \Illuminate\Http\Response
* @throws \Exception
*/
public function allocationSetAlias(Request $request, $node)
{
@ -308,8 +302,8 @@ class NodesController extends Controller
/**
* Creates new allocations on a node.
*
* @param Request $request
* @param int $node
* @param \Illuminate\Http\Request $request
* @param int $node
* @return \Illuminate\Http\RedirectResponse
*/
public function createAllocation(Request $request, $node)
@ -334,8 +328,8 @@ class NodesController extends Controller
/**
* Deletes a node from the system.
*
* @param Request $request
* @param int $id
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function delete(Request $request, $id)
@ -360,8 +354,8 @@ class NodesController extends Controller
/**
* Returns the configuration token to auto-deploy a node.
*
* @param Request $request
* @param int $id
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\JsonResponse
*/
public function setToken(Request $request, $id)

35
app/Http/Controllers/Admin/OptionController.php
View file

@ -41,10 +41,10 @@ class OptionController extends Controller
/**
* Handles request to view page for adding new option.
*
* @param Request $request
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function new(Request $request)
public function create(Request $request)
{
$services = Service::with('options')->get();
Javascript::put(['services' => $services->keyBy('id')]);
@ -55,10 +55,10 @@ class OptionController extends Controller
/**
* Handles POST request to create a new option.
*
* @param Request $request
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Response\RedirectResponse
*/
public function create(Request $request)
public function store(Request $request)
{
$repo = new OptionRepository;
@ -86,9 +86,9 @@ class OptionController extends Controller
/**
* Handles POST request to create a new option variable.
*
* @param Request $request
* @param int $id The ID of the service option to assign this variable to.
* @return \Illuminate\Response\RedirectResponse
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function createVariable(Request $request, $id)
{
@ -116,8 +116,8 @@ class OptionController extends Controller
/**
* Display option overview page.
*
* @param Request $request
* @param int $id
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\View\View
*/
public function viewConfiguration(Request $request, $id)
@ -128,8 +128,8 @@ class OptionController extends Controller
/**
* Display variable overview page for a service option.
*
* @param Request $request
* @param int $id
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\View\View
*/
public function viewVariables(Request $request, $id)
@ -152,8 +152,9 @@ class OptionController extends Controller
/**
* Handles POST when editing a configration for a service option.
*
* @param Request $request
* @return \Illuminate\Response\RedirectResponse
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function editConfiguration(Request $request, $id)
{
@ -188,10 +189,10 @@ class OptionController extends Controller
/**
* Handles POST when editing a configration for a service option.
*
* @param Request $request
* @param int $option
* @param int $variable
* @return \Illuminate\Response\RedirectResponse
* @param \Illuminate\Http\Request $request
* @param int $option
* @param int $variable
* @return \Illuminate\Http\RedirectResponse
*/
public function editVariable(Request $request, $option, $variable)
{

30
app/Http/Controllers/Admin/PackController.php
View file

@ -40,7 +40,7 @@ class PackController extends Controller
/**
* Display listing of all packs on the system.
*
* @param Request $request
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function index(Request $request)
@ -57,10 +57,10 @@ class PackController extends Controller
/**
* Display new pack creation form.
*
* @param Request $request
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function new(Request $request)
public function create(Request $request)
{
return view('admin.packs.new', [
'services' => Service::with('options')->get(),
@ -70,7 +70,7 @@ class PackController extends Controller
/**
* Display new pack creation modal for use with template upload.
*
* @param Request $request
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function newTemplate(Request $request)
@ -83,10 +83,10 @@ class PackController extends Controller
/**
* Handle create pack request and route user to location.
*
* @param Request $request
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function create(Request $request)
public function store(Request $request)
{
$repo = new PackRepository;
@ -117,8 +117,8 @@ class PackController extends Controller
/**
* Display pack view template to user.
*
* @param Request $request
* @param int $id
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\View\View
*/
public function view(Request $request, $id)
@ -132,9 +132,9 @@ class PackController extends Controller
/**
* Handle updating or deleting pack information.
*
* @param Request $request
* @param int $id
* @return \Illuminate\Response\RedirectResponse
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function update(Request $request, $id)
{
@ -168,10 +168,10 @@ class PackController extends Controller
/**
* Creates an archive of the pack and downloads it to the browser.
*
* @param Request $request
* @param int $id
* @param bool $files
* @return \Illuminate\Response\BinaryFileResponse
* @param \Illuminate\Http\Request $request
* @param int $id
* @param bool $files
* @return \Symfony\Component\HttpFoundation\BinaryFileResponse
*/
public function export(Request $request, $id, $files = false)
{

184
app/Http/Controllers/Admin/ServersController.php
View file

@ -41,14 +41,12 @@ class ServersController extends Controller
/**
* Display the index page with all servers currently on the system.
*
* @param Request $request
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function index(Request $request)
{
$servers = Models\Server::withTrashed()->with(
'node', 'user', 'allocation'
);
$servers = Models\Server::with('node', 'user', 'allocation');
if (! is_null($request->input('query'))) {
$servers->search($request->input('query'));
@ -62,10 +60,10 @@ class ServersController extends Controller
/**
* Display create new server page.
*
* @param Request $request
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function new(Request $request)
public function create(Request $request)
{
$services = Models\Service::with('options.packs', 'options.variables')->get();
Javascript::put([
@ -85,10 +83,10 @@ class ServersController extends Controller
/**
* Create server controller method.
*
* @param Request $request
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Response\RedirectResponse
*/
public function create(Request $request)
public function store(Request $request)
{
try {
$repo = new ServerRepository;
@ -99,6 +97,9 @@ class ServersController extends Controller
return redirect()->route('admin.servers.new')->withErrors(json_decode($ex->getMessage()))->withInput();
} catch (DisplayException $ex) {
Alert::danger($ex->getMessage())->flash();
} catch (TransferException $ex) {
Log::warning($ex);
Alert::danger('A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.')->flash();
} catch (\Exception $ex) {
Log::error($ex);
Alert::danger('An unhandled exception occured while attemping to add this server. Please try again.')->flash();
@ -110,10 +111,10 @@ class ServersController extends Controller
/**
* Returns a tree of all avaliable nodes in a given location.
*
* @param Request $request
* @param \Illuminate\Http\Request $request
* @return array
*/
public function newServerNodes(Request $request)
public function nodes(Request $request)
{
$nodes = Models\Node::with('allocations')->where('location_id', $request->input('location'))->get();
@ -140,20 +141,20 @@ class ServersController extends Controller
/**
* Display the index when viewing a specific server.
*
* @param Request $request
* @param int $id
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\View\View
*/
public function viewIndex(Request $request, $id)
{
return view('admin.servers.view.index', ['server' => Models\Server::withTrashed()->findOrFail($id)]);
return view('admin.servers.view.index', ['server' => Models\Server::findOrFail($id)]);
}
/**
* Display the details page when viewing a specific server.
*
* @param Request $request
* @param int $id
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\View\View
*/
public function viewDetails(Request $request, $id)
@ -166,8 +167,8 @@ class ServersController extends Controller
/**
* Display the build details page when viewing a specific server.
*
* @param Request $request
* @param int $id
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\View\View
*/
public function viewBuild(Request $request, $id)
@ -184,8 +185,8 @@ class ServersController extends Controller
/**
* Display startup configuration page for a server.
*
* @param Request $request
* @param int $id
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\View\View
*/
public function viewStartup(Request $request, $id)
@ -203,8 +204,8 @@ class ServersController extends Controller
/**
* Display the database management page for a specific server.
*
* @param Request $request
* @param int $id
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\View\View
*/
public function viewDatabase(Request $request, $id)
@ -220,8 +221,8 @@ class ServersController extends Controller
/**
* Display the management page when viewing a specific server.
*
* @param Request $request
* @param int $id
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\View\View
*/
public function viewManage(Request $request, $id)
@ -232,28 +233,28 @@ class ServersController extends Controller
/**
* Display the deletion page for a server.
*
* @param Request $request
* @param int $id
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\View\View
*/
public function viewDelete(Request $request, $id)
{
return view('admin.servers.view.delete', ['server' => Models\Server::withTrashed()->findOrFail($id)]);
return view('admin.servers.view.delete', ['server' => Models\Server::findOrFail($id)]);
}
/**
* Update the details for a server.
*
* @param Request $request
* @param int $id
* @return \Illuminate\Response\RedirectResponse
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function setDetails(Request $request, $id)
{
$repo = new ServerRepository;
try {
$repo->updateDetails($id, $request->intersect([
'owner_id', 'name', 'reset_token',
'owner_id', 'name', 'description', 'reset_token',
]));
Alert::success('Server details were successfully updated.')->flash();
@ -272,9 +273,9 @@ class ServersController extends Controller
/**
* Set the new docker container for a server.
*
* @param Request $request
* @param int $id
* @return \Illuminate\Response\RedirectResponse
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function setContainer(Request $request, $id)
{
@ -286,8 +287,9 @@ class ServersController extends Controller
Alert::success('Successfully updated this server\'s docker image.')->flash();
} catch (DisplayValidationException $ex) {
return redirect()->route('admin.servers.view.details', $id)->withErrors(json_decode($ex->getMessage()))->withInput();
} catch (DisplayException $ex) {
Alert::danger($ex->getMessage())->flash();
} catch (TransferException $ex) {
Log::warning($ex);
Alert::danger('A TransferException occured while attempting to update the container image. Is the daemon online? This error has been logged.');
} catch (\Exception $ex) {
Log::error($ex);
Alert::danger('An unhandled exception occured while attemping to update this server\'s docker image. This error has been logged.')->flash();
@ -299,9 +301,9 @@ class ServersController extends Controller
/**
* Toggles the install status for a server.
*
* @param Request $request
* @param int $id
* @return \Illuminate\Response\RedirectResponse
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function toggleInstall(Request $request, $id)
{
@ -323,9 +325,9 @@ class ServersController extends Controller
/**
* Setup a server to have a container rebuild.
*
* @param Request $request
* @param int $id
* @return \Illuminate\Response\RedirectResponse
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function rebuildContainer(Request $request, $id)
{
@ -349,9 +351,9 @@ class ServersController extends Controller
/**
* Manage the suspension status for a server.
*
* @param Request $request
* @param int $id
* @return \Illuminate\Response\RedirectResponse
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function manageSuspension(Request $request, $id)
{
@ -365,11 +367,12 @@ class ServersController extends Controller
}
try {
$repo->$action($id);
$repo->toggleAccess($id, ($action === 'unsuspend'));
Alert::success('Server has been ' . $action . 'ed.');
} catch (DisplayException $ex) {
Alert::danger($ex->getMessage())->flash();
} catch (TransferException $ex) {
Log::warning($ex);
Alert::danger('A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.')->flash();
} catch (\Exception $ex) {
Log::error($ex);
Alert::danger('An unhandled exception occured while attemping to ' . $action . ' this server. This error has been logged.')->flash();
@ -381,9 +384,9 @@ class ServersController extends Controller
/**
* Update the build configuration for a server.
*
* @param Request $request
* @param int $id
* @return \Illuminate\Response\RedirectResponse
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function updateBuild(Request $request, $id)
{
@ -400,6 +403,9 @@ class ServersController extends Controller
return redirect()->route('admin.servers.view.build', $id)->withErrors(json_decode($ex->getMessage()))->withInput();
} catch (DisplayException $ex) {
Alert::danger($ex->getMessage())->flash();
} catch (TransferException $ex) {
Log::warning($ex);
Alert::danger('A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.')->flash();
} catch (\Exception $ex) {
Log::error($ex);
Alert::danger('An unhandled exception occured while attemping to add this server. This error has been logged.')->flash();
@ -411,58 +417,16 @@ class ServersController extends Controller
/**
* Start the server deletion process.
*
* @param Request $request
* @param int $id
* @return \Illuminate\Response\RedirectResponse
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function delete(Request $request, $id)
{
$repo = new ServerRepository;
try {
$repo->queueDeletion($id, ($request->input('is_force') > 0));
Alert::success('Server has been marked for deletion on the system.')->flash();
} catch (DisplayException $ex) {
Alert::danger($ex->getMessage())->flash();
} catch (\Exception $ex) {
Log::error($ex);
Alert::danger('An unhandled exception occured while attemping to delete this server. This error has been logged.')->flash();
}
return redirect()->route('admin.servers.view.delete', $id);
}
/**
* Cancels a pending server deletion request.
*
* @param Request $request
* @param int $id
* @return \Illuminate\Response\RedirectResponse
*/
public function cancelDeletion(Request $request, $id)
{
$repo = new ServerRepository;
$repo->cancelDeletion($id);
Alert::success('Server deletion has been cancelled. This server will remain suspended until you unsuspend it.')->flash();
return redirect()->route('admin.servers.view.delete', $id);
}
/**
* Skips the queue and continues the server deletion process.
*
* @param Request $request
* @param int $id
* @param string $method
* @return \Illuminate\Response\RedirectResponse
*/
public function continueDeletion(Request $request, $id, $method = 'safe')
{
$repo = new ServerRepository;
try {
$repo->delete($id, (isset($method) && $method === 'force'));
$repo->delete($id, $request->has('force_delete'));
Alert::success('Server was successfully deleted from the system.')->flash();
return redirect()->route('admin.servers');
@ -482,9 +446,9 @@ class ServersController extends Controller
/**
* Update the startup command as well as variables.
*
* @param Request $request
* @param int $id
* @return \Illuminate\Response\RedirectResponse
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function saveStartup(Request $request, $id)
{
@ -511,9 +475,10 @@ class ServersController extends Controller
/**
* Creates a new database assigned to a specific server.
* @param Request $request
* @param int $id
* @return \Illuminate\Response\RedirectResponse
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function newDatabase(Request $request, $id)
{
@ -537,9 +502,10 @@ class ServersController extends Controller
/**
* Resets the database password for a specific database on this server.
* @param Request $request
* @param int $id
* @return \Illuminate\Response\RedirectResponse
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function resetDatabasePassword(Request $request, $id)
{
@ -559,9 +525,11 @@ class ServersController extends Controller
/**
* Deletes a database from a server.
* @param Request $request
* @param int $id
* @return \Illuminate\Response\RedirectResponse
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @param int $database
* @return \Illuminate\Http\RedirectResponse
*/
public function deleteDatabase(Request $request, $id, $database)
{

26
app/Http/Controllers/Admin/ServiceController.php
View file

@ -38,7 +38,7 @@ class ServiceController extends Controller
/**
* Display service overview page.
*
* @param Request $request
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function index(Request $request)
@ -51,10 +51,10 @@ class ServiceController extends Controller
/**
* Display create service page.
*
* @param Request $request
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function new(Request $request)
public function create(Request $request)
{
return view('admin.services.new');
}
@ -62,8 +62,8 @@ class ServiceController extends Controller
/**
* Return base view for a service.
*
* @param Request $request
* @param int $id
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\View\View
*/
public function view(Request $request, $id)
@ -76,8 +76,8 @@ class ServiceController extends Controller
/**
* Return function editing view for a service.
*
* @param Request $request
* @param int $id
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\View\View
*/
public function viewFunctions(Request $request, $id)
@ -88,10 +88,10 @@ class ServiceController extends Controller
/**
* Handle post action for new service.
*
* @param Request $request
* @return \Illuminate\Response\RedirectResponse
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse
*/
public function create(Request $request)
public function store(Request $request)
{
$repo = new ServiceRepository;
@ -117,9 +117,9 @@ class ServiceController extends Controller
/**
* Edits configuration for a specific service.
*
* @param Request $request
* @param int $id
* @return \Illuminate\Response\RedirectResponse
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function edit(Request $request, $id)
{

76
app/Http/Controllers/Admin/UserController.php
View file

@ -37,17 +37,14 @@ use Pterodactyl\Exceptions\DisplayValidationException;
class UserController extends Controller
{
/**
* Controller Constructor.
* Display user index page.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function __construct()
public function index(Request $request)
{
//
}
// @TODO: implement nicolaslopezj/searchable to clean up this disaster.
public function getIndex(Request $request)
{
$users = User::withCount('servers');
$users = User::withCount('servers', 'subuserOf');
if (! is_null($request->input('query'))) {
$users->search($request->input('query'));
@ -58,19 +55,39 @@ class UserController extends Controller
]);
}
public function getNew(Request $request)
/**
* Display new user page.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function create(Request $request)
{
return view('admin.users.new');
}
public function getView(Request $request, $id)
/**
* Display user view page.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\View\View
*/
public function view(Request $request, $id)
{
return view('admin.users.view', [
'user' => User::with('servers.node')->findOrFail($id),
]);
}
public function deleteUser(Request $request, $id)
/**
* Delete a user.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function delete(Request $request, $id)
{
try {
$repo = new UserRepository;
@ -88,7 +105,13 @@ class UserController extends Controller
return redirect()->route('admin.users.view', $id);
}
public function postNew(Request $request)
/**
* Create a user.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse
*/
public function store(Request $request)
{
try {
$user = new UserRepository;
@ -109,26 +132,39 @@ class UserController extends Controller
}
}
public function updateUser(Request $request, $user)
/**
* Update a user.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function update(Request $request, $id)
{
try {
$repo = new UserRepository;
$repo->update($user, $request->only([
$user = $repo->update($id, $request->intersect([
'email', 'password', 'name_first',
'name_last', 'username', 'root_admin',
]));
Alert::success('User account was successfully updated.')->flash();
} catch (DisplayValidationException $ex) {
return redirect()->route('admin.users.view', $user)->withErrors(json_decode($ex->getMessage()));
} catch (\Exception $e) {
Log::error($e);
return redirect()->route('admin.users.view', $id)->withErrors(json_decode($ex->getMessage()));
} catch (\Exception $ex) {
Log::error($ex);
Alert::danger('An error occured while attempting to update this user.')->flash();
}
return redirect()->route('admin.users.view', $user);
return redirect()->route('admin.users.view', $id);
}
public function getJson(Request $request)
/**
* Get a JSON response of users on the system.
*
* @param \Illuminate\Http\Request $request
* @return \Pterodactyl\Models\User
*/
public function json(Request $request)
{
return User::select('id', 'email', 'username', 'name_first', 'name_last')
->search($request->input('q'))

42
app/Http/Controllers/Auth/ForgotPasswordController.php
View file

@ -1,8 +1,33 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\Auth;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Password;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Events\Auth\FailedPasswordReset;
use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
class ForgotPasswordController extends Controller
@ -29,4 +54,21 @@ class ForgotPasswordController extends Controller
{
$this->middleware('guest');
}
/**
* Get the response for a failed password reset link.
*
* @param \Illuminate\Http\Request
* @param string $response
* @return \Illuminate\Http\RedirectResponse
*/
protected function sendResetLinkFailedResponse(Request $request, $response)
{
// As noted in #358 we will return success even if it failed
// to avoid pointing out that an account does or does not
// exist on the system.
event(new FailedPasswordReset($request->ip(), $request->only('email')));
return $this->sendResetLinkResponse(Password::RESET_LINK_SENT);
}
}

149
app/Http/Controllers/Auth/LoginController.php
View file

@ -28,9 +28,11 @@ namespace Pterodactyl\Http\Controllers\Auth;
use Auth;
use Alert;
use Cache;
use Crypt;
use Illuminate\Http\Request;
use Pterodactyl\Models\User;
use PragmaRX\Google2FA\Google2FA;
use Pterodactyl\Events\Auth\FailedLogin;
use Pterodactyl\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
@ -79,95 +81,152 @@ class LoginController extends Controller
$this->middleware('guest', ['except' => 'logout']);
}
/**
* Get the failed login response instance.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse
*/
protected function sendFailedLoginResponse(Request $request)
{
$this->incrementLoginAttempts($request);
$errors = [$this->username() => trans('auth.failed')];
if ($request->expectsJson()) {
return response()->json($errors, 422);
}
return redirect()->route('auth.login')
->withInput($request->only($this->username(), 'remember'))
->withErrors($errors);
}
/**
* Handle a login request to the application.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
* @return \Illuminate\Http\Response|\Illuminate\Response\RedirectResponse
*/
public function login(Request $request)
{
// Check wether the user identifier is an email address or a username
$isEmail = str_contains($request->input('user'), '@');
$checkField = str_contains($request->input('user'), '@') ? 'email' : 'username';
$this->validate($request, [
'user' => $isEmail ? 'required|email' : 'required|string',
'password' => 'required',
]);
if ($lockedOut = $this->hasTooManyLoginAttempts($request)) {
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
// Is the user (email or username) & password valid?
if (! Auth::once([
$isEmail ? 'email' : 'username' => $request->input('user'),
'password' => $request->input('password'),
], $request->has('remember'))) {
if (! $lockedOut) {
$this->incrementLoginAttempts($request);
}
// Determine if the user even exists.
$user = User::where($checkField, $request->input($this->username()))->first();
if (! $user) {
return $this->sendFailedLoginResponse($request);
}
// Verify TOTP Token was Valid
if (Auth::user()->use_totp) {
$verifyKey = str_random(64);
Cache::put($verifyKey, Auth::user()->id, 5);
// If user uses 2FA, redirect to that page.
if ($user->use_totp) {
$token = str_random(64);
Cache::put($token, [
'user_id' => $user->id,
'credentials' => Crypt::encrypt(serialize([
$checkField => $request->input($this->username()),
'password' => $request->input('password'),
])),
], 5);
return redirect()->route('auth.totp')->with('authentication_token', $verifyKey);
} else {
Auth::login(Auth::user(), $request->has('remember'));
return redirect()->route('auth.totp')->with('authentication_token', $token);
}
$attempt = Auth::attempt([
$checkField => $request->input($this->username()),
'password' => $request->input('password'),
'use_totp' => 0,
], $request->has('remember'));
if ($attempt) {
return $this->sendLoginResponse($request);
}
// Login failed, send response.
return $this->sendFailedLoginResponse($request);
}
/**
* Handle a TOTP implementation page.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse|\Illuminate\View\View
*/
public function totp(Request $request)
{
$verifyKey = $request->session()->get('authentication_token');
$token = $request->session()->get('authentication_token');
if (is_null($verifyKey) || Auth::user()) {
if (is_null($token) || Auth::user()) {
return redirect()->route('auth.login');
}
return view('auth.totp', [
'verify_key' => $verifyKey,
'verify_key' => $token,
'remember' => $request->has('remember'),
]);
}
/**
* Handle a TOTP input.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse
*/
public function totpCheckpoint(Request $request)
{
$G2FA = new Google2FA();
if (is_null($request->input('verify_token'))) {
$this->incrementLoginAttempts($request);
Alert::danger(trans('auth.totp_failed'))->flash();
return redirect()->route('auth.login');
return $this->sendFailedLoginResponse($request);
}
$user = User::where('id', Cache::pull($request->input('verify_token')))->first();
if (! $user) {
$this->incrementLoginAttempts($request);
Alert::danger(trans('auth.totp_failed'))->flash();
$cache = Cache::pull($request->input('verify_token'));
$user = User::where('id', $cache['user_id'])->first();
return redirect()->route('auth.login');
if (! $user || ! $cache) {
$this->sendFailedLoginResponse($request);
}
if (! is_null($request->input('2fa_token')) && $G2FA->verifyKey($user->totp_secret, $request->input('2fa_token'), 1)) {
Auth::login($user, $request->has('remember'));
return redirect()->intended($this->redirectPath());
} else {
$this->incrementLoginAttempts($request);
Alert::danger(trans('auth.2fa_failed'))->flash();
return redirect()->route('auth.login');
if (is_null($request->input('2fa_token'))) {
return $this->sendFailedLoginResponse($request);
}
try {
$credentials = unserialize(Crypt::decrypt($cache['credentials']));
} catch (\Illuminate\Contracts\Encryption\DecryptException $ex) {
return $this->sendFailedLoginResponse($request);
}
if (! $G2FA->verifyKey($user->totp_secret, $request->input('2fa_token'), 2)) {
event(new \Illuminate\Auth\Events\Failed($user, $credentials));
return $this->sendFailedLoginResponse($request);
}
$attempt = Auth::attempt($credentials, $request->has('remember'));
if ($attempt) {
return $this->sendLoginResponse($request);
}
// Login failed, send response.
return $this->sendFailedLoginResponse($request);
}
/**
* Get the login username to be used by the controller.
*
* @return string
*/
public function username()
{
return 'user';
}
}

10
app/Http/Controllers/Auth/ResetPasswordController.php
View file

@ -21,6 +21,11 @@ class ResetPasswordController extends Controller
use ResetsPasswords;
/**
* The URL to redirect users to after password reset.
*
* @var string
*/
public $redirectTo = '/';
/**
@ -33,6 +38,11 @@ class ResetPasswordController extends Controller
$this->middleware('guest');
}
/**
* Return the rules used when validating password reset.
*
* @return array
*/
protected function rules()
{
return [

41
app/Http/Controllers/Base/APIController.php
View file

@ -27,8 +27,9 @@ namespace Pterodactyl\Http\Controllers\Base;
use Log;
use Alert;
use Pterodactyl\Models;
use Illuminate\Http\Request;
use Pterodactyl\Models\APIKey;
use Pterodactyl\Models\APIPermission;
use Pterodactyl\Repositories\APIRepository;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Http\Controllers\Controller;
@ -36,25 +37,48 @@ use Pterodactyl\Exceptions\DisplayValidationException;
class APIController extends Controller
{
/**
* Display base API index page.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function index(Request $request)
{
return view('base.api.index', [
'keys' => Models\APIKey::where('user_id', $request->user()->id)->get(),
'keys' => APIKey::where('user_id', $request->user()->id)->get(),
]);
}
/**
* Display API key creation page.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function create(Request $request)
{
return view('base.api.new');
return view('base.api.new', [
'permissions' => [
'user' => collect(APIPermission::permissions())->pull('_user'),
'admin' => collect(APIPermission::permissions())->except('_user')->toArray(),
],
]);
}
public function save(Request $request)
/**
* Handle saving new API key.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse
*/
public function store(Request $request)
{
try {
$repo = new APIRepository($request->user());
$secret = $repo->create($request->intersect([
'memo', 'allowed_ips',
'adminPermissions', 'permissions',
'admin_permissions', 'permissions',
]));
Alert::success('An API Key-Pair has successfully been generated. The API secret for this public key is shown below and will not be shown again.<br /><br /><code>' . $secret . '</code>')->flash();
@ -71,6 +95,13 @@ class APIController extends Controller
return redirect()->route('account.api.new')->withInput();
}
/**
* Handle revoking API key.
*
* @param \Illuminate\Http\Request $request
* @param string $key
* @return \Illuminate\Http\JsonResponse|\Illuminate\Http\Response
*/
public function revoke(Request $request, $key)
{
try {

12
app/Http/Controllers/Base/AccountController.php
View file

@ -38,8 +38,8 @@ class AccountController extends Controller
/**
* Display base account information page.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Contracts\View\View
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function index(Request $request)
{
@ -48,8 +48,10 @@ class AccountController extends Controller
/**
* Update details for a users account.
* @param \Illuminate\Http\Request $request
* @return void
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse
* @throws \Symfony\Component\HttpKernel\Exception\HttpException
*/
public function update(Request $request)
{
@ -80,7 +82,7 @@ class AccountController extends Controller
if (
in_array($request->input('do_action'), ['email', 'password'])
&& ! password_verify($request->input('password'), $request->user()->password)
&& ! password_verify($request->input('current_password'), $request->user()->password)
) {
Alert::danger(trans('base.account.invalid_pass'))->flash();

24
app/Http/Controllers/Base/IndexController.php
View file

@ -30,32 +30,32 @@ use Pterodactyl\Http\Controllers\Controller;
class IndexController extends Controller
{
/**
* Controller Constructor.
*/
public function __construct()
{
//
}
/**
* Returns listing of user's servers.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Contracts\View\View
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function getIndex(Request $request)
{
$servers = $request->user()->access()->with('user');
if (! is_null($request->input('query'))) {
$servers->search($request->input('query'));
}
return view('base.index', [
'servers' => $request->user()->serverAccessCollection(config('pterodactyl.paginate.frontend.servers')),
'servers' => $servers->paginate(config('pterodactyl.paginate.frontend.servers')),
]);
}
/**
* Generate a random string.
*
* @param \Illuminate\Http\Request $request
* @param \Illuminate\Http\Request $request
* @param int $length
* @return string
* @deprecated
*/
public function getPassword(Request $request, $length = 16)
{

18
app/Http/Controllers/Base/LanguageController.php
View file

@ -32,6 +32,11 @@ use Pterodactyl\Http\Controllers\Controller;
class LanguageController extends Controller
{
/**
* A list of supported languages on the panel.
*
* @var array
*/
protected $languages = [
'de' => 'German',
'en' => 'English',
@ -44,13 +49,12 @@ class LanguageController extends Controller
];
/**
* Controller Constructor.
* Sets the language for a user.
*
* @param \Illuminate\Http\Request $request
* @param string $language
* @return \Illuminate\Http\RedirectResponse
*/
public function __construct()
{
//
}
public function setLanguage(Request $request, $language)
{
if (array_key_exists($language, $this->languages)) {
@ -59,7 +63,7 @@ class LanguageController extends Controller
$user->language = $language;
$user->save();
}
Session::set('applocale', $language);
Session::put('applocale', $language);
}
return redirect()->back();

21
app/Http/Controllers/Base/SecurityController.php
View file

@ -36,8 +36,8 @@ class SecurityController extends Controller
/**
* Returns Security Management Page.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Contracts\View\View
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function index(Request $request)
{
@ -50,8 +50,8 @@ class SecurityController extends Controller
* Generates TOTP Secret and returns popup data for user to verify
* that they can generate a valid response.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Contracts\View\View
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\JsonResponse
*/
public function generateTotp(Request $request)
{
@ -73,7 +73,7 @@ class SecurityController extends Controller
/**
* Verifies that 2FA token recieved is valid and will work on the account.
*
* @param \Illuminate\Http\Request $request
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function setTotp(Request $request)
@ -95,8 +95,8 @@ class SecurityController extends Controller
/**
* Disables TOTP on an account.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse
*/
public function disableTotp(Request $request)
{
@ -116,6 +116,13 @@ class SecurityController extends Controller
return redirect()->route('account.security');
}
/**
* Revokes a user session.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function revoke(Request $request, $id)
{
Session::where('user_id', $request->user()->id)->findOrFail($id)->delete();

21
app/Http/Controllers/Daemon/PackController.php
View file

@ -31,19 +31,12 @@ use Pterodactyl\Http\Controllers\Controller;
class PackController extends Controller
{
/**
* Controller Constructor.
*/
public function __construct()
{
//
}
/**
* Pulls an install pack archive from the system.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\Http\JsonResponse|\Symfony\Component\HttpFoundation\BinaryFileResponse
*/
public function pull(Request $request, $uuid)
{
@ -63,8 +56,9 @@ class PackController extends Controller
/**
* Returns the hash information for a pack.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\Http\JsonResponse
*/
public function hash(Request $request, $uuid)
{
@ -87,9 +81,10 @@ class PackController extends Controller
* Pulls an update pack archive from the system.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
* @return void
*/
public function pullUpdate(Request $request)
{
//
}
}

4
app/Http/Controllers/Daemon/ServiceController.php
View file

@ -36,7 +36,7 @@ class ServiceController extends Controller
* as well as the associated files and the file hashes for
* caching purposes.
*
* @param \Illuminate\Http\Request $request
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\JsonResponse
*/
public function list(Request $request)
@ -77,7 +77,7 @@ class ServiceController extends Controller
* Returns a `main.json` file based on the configuration
* of each service option.
*
* @param int $id
* @param int $id
* @return \Illuminate\Support\Collection
*/
protected function getConfiguration($id)

32
app/Http/Controllers/Remote/RemoteController.php
View file

@ -32,13 +32,11 @@ use Pterodactyl\Http\Controllers\Controller;
class RemoteController extends Controller
{
/**
* Controller Constructor.
* Handles download request from daemon.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\JsonResponse
*/
public function __construct()
{
// No middleware for this route.
}
public function postDownload(Request $request)
{
$download = Models\Download::where('token', $request->input('token'))->first();
@ -56,6 +54,12 @@ class RemoteController extends Controller
]);
}
/**
* Handles install toggle request from daemon.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\JsonResponse
*/
public function postInstall(Request $request)
{
$server = Models\Server::where('uuid', $request->input('server'))->with('node')->first();
@ -82,6 +86,13 @@ class RemoteController extends Controller
], 200);
}
/**
* Handles event from daemon.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\JsonResponse|\Illuminate\Http\Response
* @deprecated
*/
public function event(Request $request)
{
$server = Models\Server::where('uuid', $request->input('server'))->with('node')->first();
@ -101,6 +112,13 @@ class RemoteController extends Controller
return response('', 201);
}
/**
* Handles configuration data request from daemon.
*
* @param \Illuminate\Http\Request $request
* @param string $token
* @return \Illuminate\Http\JsonResponse|\Illuminate\Http\Response
*/
public function getConfiguration(Request $request, $token)
{
// Try to query the token and the node from the database
@ -111,7 +129,7 @@ class RemoteController extends Controller
}
// Check if token is expired
if ($model->created_at->lt(Carbon::now())) {
if ($model->created_at->addMinutes(5)->lt(Carbon::now())) {
$model->delete();
return response()->json(['error' => 'token_expired'], 403);

42
app/Http/Controllers/Server/AjaxController.php
View file

@ -50,20 +50,12 @@ class AjaxController extends Controller
*/
protected $directory;
/**
* Controller Constructor.
*/
public function __construct()
{
//
}
/**
* Returns true or false depending on the power status of the requested server.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\Contracts\View\View
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\Http\JsonResponse
*/
public function getStatus(Request $request, $uuid)
{
@ -96,9 +88,9 @@ class AjaxController extends Controller
/**
* Returns a listing of files in a given directory for a server.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid`
* @return \Illuminate\Contracts\View\View
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\View\View|\Illuminate\Http\Response
*/
public function postDirectoryList(Request $request, $uuid)
{
@ -147,8 +139,8 @@ class AjaxController extends Controller
/**
* Handles a POST request to save a file.
*
* @param Request $request
* @param string $uuid
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\Http\Response
*/
public function postSaveFile(Request $request, $uuid)
@ -172,10 +164,12 @@ class AjaxController extends Controller
}
/**
* [postSetPrimary description].
* @param Request $request
* @param string $uuid
* @return \Illuminate\Http\Response
* Sets the primary allocation for a server.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\Http\JsonResponse
* @deprecated
*/
public function postSetPrimary(Request $request, $uuid)
{
@ -219,6 +213,14 @@ class AjaxController extends Controller
}
}
/**
* Resets a database password for a server.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\Http\JsonResponse
* @deprecated
*/
public function postResetDatabasePassword(Request $request, $uuid)
{
$server = Models\Server::byUuid($uuid);

112
app/Http/Controllers/Server/ServerController.php
View file

@ -37,21 +37,12 @@ use Pterodactyl\Exceptions\DisplayValidationException;
class ServerController extends Controller
{
/**
* Controller Constructor.
*
* @return void
*/
public function __construct()
{
//
}
/**
* Renders server index page for specified server.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Contracts\View\View
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\View\View
*/
public function getIndex(Request $request, $uuid)
{
@ -62,6 +53,10 @@ class ServerController extends Controller
'saveFile' => route('server.files.save', $server->uuidShort),
'csrfToken' => csrf_token(),
],
'config' => [
'console_count' => config('pterodactyl.console.count'),
'console_freq' => config('pterodactyl.console.frequency'),
],
]);
return view('server.index', [
@ -70,11 +65,37 @@ class ServerController extends Controller
]);
}
/**
* Renders server console as an individual item.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\View\View
*/
public function getConsole(Request $request, $uuid)
{
\Debugbar::disable();
$server = Models\Server::byUuid($uuid);
$server->js([
'config' => [
'console_count' => config('pterodactyl.console.count'),
'console_freq' => config('pterodactyl.console.frequency'),
],
]);
return view('server.console', [
'server' => $server,
'node' => $server->node,
]);
}
/**
* Renders file overview page.
*
* @param Request $request
* @return \Illuminate\Contracts\View\View
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\View\View
*/
public function getFiles(Request $request, $uuid)
{
@ -106,8 +127,9 @@ class ServerController extends Controller
/**
* Renders add file page.
*
* @param Request $request
* @return \Illuminate\Contracts\View\View
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\View\View
*/
public function getAddFile(Request $request, $uuid)
{
@ -126,10 +148,10 @@ class ServerController extends Controller
/**
* Renders edit file page for a given file.
*
* @param Request $request
* @param string $uuid
* @param string $file
* @return \Illuminate\Contracts\View\View
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @param string $file
* @return \Illuminate\View\View
*/
public function getEditFile(Request $request, $uuid, $file)
{
@ -169,10 +191,10 @@ class ServerController extends Controller
/**
* Handles downloading a file for the user.
*
* @param Request $request
* @param string $uuid
* @param string $file
* @return \Illuminate\Contracts\View\View
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @param string $file
* @return \Illuminate\View\View
*/
public function getDownloadFile(Request $request, $uuid, $file)
{
@ -190,6 +212,13 @@ class ServerController extends Controller
return redirect($server->node->scheme . '://' . $server->node->fqdn . ':' . $server->node->daemonListen . '/server/file/download/' . $download->token);
}
/**
* Returns the allocation overview for a server.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\View\View
*/
public function getAllocation(Request $request, $uuid)
{
$server = Models\Server::byUuid($uuid);
@ -205,6 +234,13 @@ class ServerController extends Controller
]);
}
/**
* Returns the startup overview for a server.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\View\View
*/
public function getStartup(Request $request, $uuid)
{
$server = Models\Server::byUuid($uuid);
@ -235,6 +271,13 @@ class ServerController extends Controller
]);
}
/**
* Returns the database overview for a server.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\View\View
*/
public function getDatabases(Request $request, $uuid)
{
$server = Models\Server::byUuid($uuid);
@ -250,6 +293,13 @@ class ServerController extends Controller
]);
}
/**
* Returns the SFTP overview for a server.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\View\View
*/
public function getSFTP(Request $request, $uuid)
{
$server = Models\Server::byUuid($uuid);
@ -262,6 +312,13 @@ class ServerController extends Controller
]);
}
/**
* Handles changing the SFTP password for a server.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\Http\RedirectResponse
*/
public function postSettingsSFTP(Request $request, $uuid)
{
$server = Models\Server::byUuid($uuid);
@ -283,6 +340,13 @@ class ServerController extends Controller
return redirect()->route('server.settings.sftp', $uuid);
}
/**
* Handles changing the startup settings for a server.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\Http\RedirectResponse
*/
public function postSettingsStartup(Request $request, $uuid)
{
$server = Models\Server::byUuid($uuid);

63
app/Http/Controllers/Server/SubuserController.php
View file

@ -37,16 +37,13 @@ use Pterodactyl\Exceptions\DisplayValidationException;
class SubuserController extends Controller
{
/**
* Controller Constructor.
* Displays the subuser overview index.
*
* @return void
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\View\View
*/
public function __construct()
{
//
}
public function getIndex(Request $request, $uuid)
public function index(Request $request, $uuid)
{
$server = Models\Server::byUuid($uuid)->load('subusers.user');
$this->authorize('list-subusers', $server);
@ -60,7 +57,15 @@ class SubuserController extends Controller
]);
}
public function getView(Request $request, $uuid, $id)
/**
* Displays the a single subuser overview.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @param int $id
* @return \Illuminate\View\View
*/
public function view(Request $request, $uuid, $id)
{
$server = Models\Server::byUuid($uuid)->load('node');
$this->authorize('view-subuser', $server);
@ -74,13 +79,22 @@ class SubuserController extends Controller
'server' => $server,
'node' => $server->node,
'subuser' => $subuser,
'permlist' => Models\Permission::list(),
'permissions' => $subuser->permissions->mapWithKeys(function ($item, $key) {
return [$item->permission => true];
}),
]);
}
public function postView(Request $request, $uuid, $id)
/**
* Handles editing a subuser.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function update(Request $request, $uuid, $id)
{
$server = Models\Server::byUuid($uuid);
$this->authorize('edit-subuser', $server);
@ -118,7 +132,14 @@ class SubuserController extends Controller
]);
}
public function getNew(Request $request, $uuid)
/**
* Display new subuser creation page.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\View\View
*/
public function create(Request $request, $uuid)
{
$server = Models\Server::byUuid($uuid);
$this->authorize('create-subuser', $server);
@ -126,11 +147,19 @@ class SubuserController extends Controller
return view('server.users.new', [
'server' => $server,
'permissions' => Models\Permission::list(),
'node' => $server->node,
]);
}
public function postNew(Request $request, $uuid)
/**
* Handles creating a new subuser.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\Http\RedirectResponse
*/
public function store(Request $request, $uuid)
{
$server = Models\Server::byUuid($uuid);
$this->authorize('create-subuser', $server);
@ -158,7 +187,15 @@ class SubuserController extends Controller
return redirect()->route('server.subusers.new', $uuid)->withInput();
}
public function deleteSubuser(Request $request, $uuid, $id)
/**
* Handles deleting a subuser.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @param int $id
* @return \Illuminate\Http\JsonResponse|\Illuminate\Http\Response
*/
public function delete(Request $request, $uuid, $id)
{
$server = Models\Server::byUuid($uuid);
$this->authorize('delete-subuser', $server);

74
app/Http/Controllers/Server/TaskController.php
View file

@ -26,23 +26,25 @@ namespace Pterodactyl\Http\Controllers\Server;
use Log;
use Alert;
use Pterodactyl\Models;
use Illuminate\Http\Request;
use Pterodactyl\Repositories;
use Pterodactyl\Models\Server;
use Pterodactyl\Repositories\TaskRepository;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Exceptions\DisplayValidationException;
class TaskController extends Controller
{
public function __constructor()
/**
* Display task index page.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\View\View
*/
public function index(Request $request, $uuid)
{
//
}
public function getIndex(Request $request, $uuid)
{
$server = Models\Server::byUuid($uuid)->load('tasks');
$server = Server::byUuid($uuid)->load('tasks');
$this->authorize('list-tasks', $server);
$server->js();
@ -57,9 +59,16 @@ class TaskController extends Controller
]);
}
public function getNew(Request $request, $uuid)
/**
* Display new task page.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\View\View
*/
public function create(Request $request, $uuid)
{
$server = Models\Server::byUuid($uuid);
$server = Server::byUuid($uuid);
$this->authorize('create-task', $server);
$server->js();
@ -69,14 +78,21 @@ class TaskController extends Controller
]);
}
public function postNew(Request $request, $uuid)
/**
* Handle creation of new task.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\Http\RedirectResponse
*/
public function store(Request $request, $uuid)
{
$server = Models\Server::byUuid($uuid);
$server = Server::byUuid($uuid);
$this->authorize('create-task', $server);
$repo = new TaskRepository;
try {
$repo = new Repositories\TaskRepository;
$repo->create($server->id, $request->except([
$repo->create($server->id, $request->user()->id, $request->except([
'_token',
]));
@ -93,9 +109,17 @@ class TaskController extends Controller
return redirect()->route('server.tasks.new', $uuid);
}
public function deleteTask(Request $request, $uuid, $id)
/**
* Handle deletion of a task.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @param int $id
* @return \Illuminate\Http\JsonResponse
*/
public function delete(Request $request, $uuid, $id)
{
$server = Models\Server::byUuid($uuid)->load('tasks');
$server = Server::byUuid($uuid)->load('tasks');
$this->authorize('delete-task', $server);
$task = $server->tasks->where('id', $id)->first();
@ -105,8 +129,8 @@ class TaskController extends Controller
], 404);
}
$repo = new TaskRepository;
try {
$repo = new Repositories\TaskRepository;
$repo->delete($id);
return response()->json([], 204);
@ -119,9 +143,17 @@ class TaskController extends Controller
}
}
public function toggleTask(Request $request, $uuid, $id)
/**
* Toggle the status of a task.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @param int $id
* @return \Illuminate\Http\JsonResponse
*/
public function toggle(Request $request, $uuid, $id)
{
$server = Models\Server::byUuid($uuid)->load('tasks');
$server = Server::byUuid($uuid)->load('tasks');
$this->authorize('toggle-task', $server);
$task = $server->tasks->where('id', $id)->first();
@ -131,8 +163,8 @@ class TaskController extends Controller
], 404);
}
$repo = new TaskRepository;
try {
$repo = new Repositories\TaskRepository;
$resp = $repo->toggle($id);
return response()->json([

10
app/Http/Kernel.php
View file

@ -15,10 +15,11 @@ class Kernel extends HttpKernel
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\Pterodactyl\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\Pterodactyl\Http\Middleware\TrimStrings::class,
\Pterodactyl\Http\Middleware\LanguageMiddleware::class,
/*
* Custom middleware applied to all routes.
*/
\Fideloper\Proxy\TrustProxies::class,
];
@ -35,8 +36,10 @@ class Kernel extends HttpKernel
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\Pterodactyl\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
\Pterodactyl\Http\Middleware\LanguageMiddleware::class,
],
'api' => [
\Pterodactyl\Http\Middleware\HMACAuthorization::class,
'throttle:60,1',
'bindings',
],
@ -58,5 +61,6 @@ class Kernel extends HttpKernel
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'recaptcha' => \Pterodactyl\Http\Middleware\VerifyReCaptcha::class,
];
}

133
app/Http/Middleware/APISecretToken.php
View file

@ -1,133 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Middleware;
use Auth;
use Crypt;
use Config;
use IPTools\IP;
use IPTools\Range;
use Dingo\Api\Routing\Route;
use Illuminate\Http\Request;
use Pterodactyl\Models\User;
use Pterodactyl\Models\APIKey;
use Pterodactyl\Models\APIPermission;
use Pterodactyl\Services\APILogService;
use Dingo\Api\Auth\Provider\Authorization;
use Symfony\Component\HttpKernel\Exception\HttpException; // 400
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; // 401
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; // 403
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException; //500
class APISecretToken extends Authorization
{
protected $algo = 'sha256';
protected $permissionAllowed = false;
protected $url = '';
public function __construct()
{
Config::set('session.driver', 'array');
}
public function getAuthorizationMethod()
{
return 'Authorization';
}
public function authenticate(Request $request, Route $route)
{
if (! $request->bearerToken() || empty($request->bearerToken())) {
APILogService::log($request, 'The authentication header was missing or malformed.');
throw new UnauthorizedHttpException('The authentication header was missing or malformed.');
}
list($public, $hashed) = explode('.', $request->bearerToken());
$key = APIKey::where('public', $public)->first();
if (! $key) {
APILogService::log($request, 'Invalid API Key.');
throw new AccessDeniedHttpException('Invalid API Key.');
}
// Check for Resource Permissions
if (! empty($request->route()->getName())) {
if (! is_null($key->allowed_ips)) {
$inRange = false;
foreach (json_decode($key->allowed_ips) as $ip) {
if (Range::parse($ip)->contains(new IP($request->ip()))) {
$inRange = true;
break;
}
}
if (! $inRange) {
APILogService::log($request, 'This IP address <' . $request->ip() . '> does not have permission to use this API key.');
throw new AccessDeniedHttpException('This IP address <' . $request->ip() . '> does not have permission to use this API key.');
}
}
$permission = APIPermission::where('key_id', $key->id)->where('permission', $request->route()->getName());
// Suport Wildcards
if (starts_with($request->route()->getName(), 'api.user')) {
$permission->orWhere('permission', 'api.user.*');
} elseif (starts_with($request->route()->getName(), 'api.admin')) {
$permission->orWhere('permission', 'api.admin.*');
}
if (! $permission->first()) {
APILogService::log($request, 'You do not have permission to access this resource. This API Key requires the ' . $request->route()->getName() . ' permission node.');
throw new AccessDeniedHttpException('You do not have permission to access this resource. This API Key requires the ' . $request->route()->getName() . ' permission node.');
}
}
try {
$decrypted = Crypt::decrypt($key->secret);
} catch (\Illuminate\Contracts\Encryption\DecryptException $ex) {
APILogService::log($request, 'There was an error while attempting to check your secret key.');
throw new HttpException('There was an error while attempting to check your secret key.');
}
$this->url = urldecode($request->fullUrl());
if ($this->_generateHMAC($request->getContent(), $decrypted) !== base64_decode($hashed)) {
APILogService::log($request, 'The hashed body was not valid. Potential modification of contents in route.');
throw new BadRequestHttpException('The hashed body was not valid. Potential modification of contents in route.');
}
// Log the Route Access
APILogService::log($request, null, true);
return Auth::loginUsingId($key->user_id);
}
protected function _generateHMAC($body, $key)
{
$data = $this->url . $body;
return hash_hmac($this->algo, $data, $key, true);
}
}

6
app/Http/Middleware/AdminAuthenticate.php
View file

@ -32,14 +32,14 @@ class AdminAuthenticate
/**
* The Guard implementation.
*
* @var Guard
* @var \Illuminate\Contracts\Auth\Guard
*/
protected $auth;
/**
* Create a new filter instance.
*
* @param Guard $auth
* @param \Illuminate\Contracts\Auth\Guard $auth
* @return void
*/
public function __construct(Guard $auth)
@ -51,7 +51,7 @@ class AdminAuthenticate
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)

6
app/Http/Middleware/Authenticate.php
View file

@ -10,14 +10,14 @@ class Authenticate
/**
* The Guard implementation.
*
* @var Guard
* @var \Illuminate\Contracts\Auth\Guard
*/
protected $auth;
/**
* Create a new filter instance.
*
* @param Guard $auth
* @param \Illuminate\Contracts\Auth\Guard $auth
* @return void
*/
public function __construct(Guard $auth)
@ -29,7 +29,7 @@ class Authenticate
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)

79
app/Http/Middleware/CheckServer.php
View file

@ -28,35 +28,102 @@ use Auth;
use Closure;
use Illuminate\Http\Request;
use Pterodactyl\Models\Server;
use Illuminate\Auth\AuthenticationException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
class CheckServer
{
/**
* The elquent model for the server.
*
* @var \Pterodactyl\Models\Server
*/
protected $server;
/**
* The request object.
*
* @var \Illuminate\Http\Request
*/
protected $request;
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param \Closure $next
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
if (! Auth::user()) {
return redirect()->guest('auth/login');
throw new AuthenticationException();
}
$server = Server::byUuid($request->route()->server);
if (! $server) {
$this->request = $request;
$this->server = Server::byUuid($request->route()->server);
if (! $this->exists()) {
return response()->view('errors.404', [], 404);
}
if ($server->suspended) {
if ($this->suspended()) {
return response()->view('errors.suspended', [], 403);
}
if (! $server->installed) {
if (! $this->installed()) {
return response()->view('errors.installing', [], 403);
}
return $next($request);
}
/**
* Determine if the server was found on the system.
*
* @return bool
*/
protected function exists()
{
if (! $this->server) {
if ($this->request->expectsJson() || $this->request->is(...config('pterodactyl.json_routes'))) {
throw new NotFoundHttpException('The requested server was not found on the system.');
}
}
return (! $this->server) ? false : true;
}
/**
* Determine if the server is suspended.
*
* @return bool
*/
protected function suspended()
{
if ($this->server->suspended) {
if ($this->request->expectsJson() || $this->request->is(...config('pterodactyl.json_routes'))) {
throw new AccessDeniedHttpException('Server is suspended.');
}
}
return $this->server->suspended;
}
/**
* Determine if the server is installed.
*
* @return bool
*/
protected function installed()
{
if ($this->server->installed !== 1) {
if ($this->request->expectsJson() || $this->request->is(...config('pterodactyl.json_routes'))) {
throw new AccessDeniedHttpException('Server is completing install process.');
}
}
return $this->server->installed === 1;
}
}

6
app/Http/Middleware/DaemonAuthenticate.php
View file

@ -33,14 +33,14 @@ class DaemonAuthenticate
/**
* The Guard implementation.
*
* @var Guard
* @var \Illuminate\Contracts\Auth\Guard
*/
protected $auth;
/**
* Create a new filter instance.
*
* @param Guard $auth
* @param \Illuminate\Contracts\Auth\Guard $auth
* @return void
*/
public function __construct(Guard $auth)
@ -52,7 +52,7 @@ class DaemonAuthenticate
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)

229
app/Http/Middleware/HMACAuthorization.php Normal file
View file

@ -0,0 +1,229 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Middleware;
use Auth;
use Crypt;
use Config;
use Closure;
use Debugbar;
use IPTools\IP;
use IPTools\Range;
use Illuminate\Http\Request;
use Pterodactyl\Models\APIKey;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; // 400
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; // 403
class HMACAuthorization
{
/**
* The algorithm to use for handling HMAC encryption.
*
* @var string
*/
const HMAC_ALGORITHM = 'sha256';
/**
* Stored values from the Authorization header.
*
* @var array
*/
protected $token = [];
/**
* The eloquent model for the API key.
*
* @var \Pterodactyl\Models\APIKey
*/
protected $key;
/**
* The illuminate request object.
*
* @var \Illuminate\Http\Request
*/
private $request;
/**
* Construct class instance.
*
* @return void
*/
public function __construct()
{
Debugbar::disable();
Config::set('session.driver', 'array');
}
/**
* Handle an incoming request for the API.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
$this->request = $request;
$this->checkBearer();
$this->validateRequest();
$this->validateIPAccess();
$this->validateContents();
Auth::loginUsingId($this->key()->user_id);
return $next($request);
}
/**
* Checks that the Bearer token is provided and in a valid format.
*
* @return void
*
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
*/
protected function checkBearer()
{
if (empty($this->request()->bearerToken())) {
throw new BadRequestHttpException('Request was missing required Authorization header.');
}
$token = explode('.', $this->request()->bearerToken());
if (count($token) !== 2) {
throw new BadRequestHttpException('The Authorization header passed was not in a validate public/private key format.');
}
$this->token = [
'public' => $token[0],
'hash' => $token[1],
];
}
/**
* Determine if the request contains a valid public API key
* as well as permissions for the resource.
*
* @return void
*
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
*/
protected function validateRequest()
{
$this->key = APIKey::where('public', $this->public())->first();
if (! $this->key) {
throw new AccessDeniedHttpException('Unable to identify requester. Authorization token is invalid.');
}
}
/**
* Determine if the requesting IP address is allowed to use this API key.
*
* @return bool
*
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
*/
protected function validateIPAccess()
{
if (! is_null($this->key()->allowed_ips)) {
foreach ($this->key()->allowed_ips as $ip) {
if (Range::parse($ip)->contains(new IP($this->request()->ip()))) {
return true;
}
}
throw new AccessDeniedHttpException('This IP address does not have permission to access the API using these credentials.');
}
return true;
}
/**
* Determine if the HMAC sent in the request matches the one generated
* on the panel side.
*
* @return void
*
* @throws \Symfony\Component\HttpKernel\Exception\BadRequestHttpException
*/
protected function validateContents()
{
if (base64_decode($this->hash()) !== $this->generateSignature()) {
throw new BadRequestHttpException('The HMAC for the request was invalid.');
}
}
/**
* Generate a HMAC from the request and known API secret key.
*
* @return string
*/
protected function generateSignature()
{
$content = urldecode($this->request()->fullUrl()) . $this->request()->getContent();
return hash_hmac(self::HMAC_ALGORITHM, $content, Crypt::decrypt($this->key()->secret), true);
}
/**
* Return the public key passed in the Authorization header.
*
* @return string
*/
protected function public()
{
return $this->token['public'];
}
/**
* Return the base64'd HMAC sent in the Authorization header.
*
* @return string
*/
protected function hash()
{
return $this->token['hash'];
}
/**
* Return the API Key model.
*
* @return \Pterodactyl\Models\APIKey
*/
protected function key()
{
return $this->key;
}
/**
* Return the Illuminate Request object.
*
* @return \Illuminate\Http\Request
*/
private function request()
{
return $this->request;
}
}

9
app/Http/Middleware/LanguageMiddleware.php
View file

@ -32,16 +32,11 @@ use Illuminate\Support\Facades\App;
class LanguageMiddleware
{
public function __construct()
{
//
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
@ -49,7 +44,7 @@ class LanguageMiddleware
if (Session::has('applocale')) {
App::setLocale(Session::get('applocale'));
} elseif (Auth::check() && isset(Auth::user()->language)) {
Session::set('applocale', Auth::user()->language);
Session::put('applocale', Auth::user()->language);
App::setLocale(Auth::user()->language);
} else {
App::setLocale(Settings::get('default_language', 'en'));

6
app/Http/Middleware/RedirectIfAuthenticated.php
View file

@ -11,14 +11,14 @@ class RedirectIfAuthenticated
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string|null $guard
* @param \Closure $next
* @param string|null $guard
* @return mixed
*/
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->check()) {
return redirect('/');
return redirect(route('index'));
}
return $next($request);

18
app/Http/Middleware/TrimStrings.php Normal file
View file

@ -0,0 +1,18 @@
<?php
namespace Pterodactyl\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\TrimStrings as BaseTrimmer;
class TrimStrings extends BaseTrimmer
{
/**
* The names of the attributes that should not be trimmed.
*
* @var array
*/
protected $except = [
'password',
'password_confirmation',
];
}

60
app/Http/Middleware/VerifyReCaptcha.php Normal file
View file

@ -0,0 +1,60 @@
<?php
namespace Pterodactyl\Http\Middleware;
use Closure;
use Pterodactyl\Events\Auth\FailedCaptcha;
class VerifyReCaptcha
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return \Illuminate\Http\RediectResponse
*/
public function handle($request, Closure $next)
{
if (! config('recaptcha.enabled')) {
return $next($request);
}
if ($request->has('g-recaptcha-response')) {
$client = new \GuzzleHttp\Client();
$res = $client->post(config('recaptcha.domain'), [
'form_params' => [
'secret' => config('recaptcha.secret_key'),
'response' => $request->input('g-recaptcha-response'),
],
]);
if ($res->getStatusCode() === 200) {
$result = json_decode($res->getBody());
$verified = function ($result, $request) {
if (! config('recaptcha.verify_domain')) {
return false;
}
$url = parse_url($request->url());
if (! array_key_exists('host', $url)) {
return false;
}
return $result->hostname === $url['host'];
};
if ($result->success && (! config('recaptcha.verify_domain') || $verified($result, $request))) {
return $next($request);
}
}
}
// Emit an event and return to the previous view with an error (only the captcha error will be shown!)
event(new FailedCaptcha($request->ip(), (! isset($result->hostname) ?: $result->hostname)));
return back()->withErrors(['g-recaptcha-response' => trans('strings.captcha_invalid')])->withInput();
}
}

184
app/Http/Routes/APIRoutes.php
View file

@ -1,184 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Routes;
use Illuminate\Routing\Router;
class APIRoutes
{
public function map(Router $router)
{
$api = app('Dingo\Api\Routing\Router');
$api->version('v1', ['prefix' => 'api/me', 'middleware' => 'api.auth'], function ($api) {
$api->get('/', [
'as' => 'api.user.me',
'uses' => 'Pterodactyl\Http\Controllers\API\User\InfoController@me',
]);
$api->get('/server/{uuid}', [
'as' => 'api.user.server',
'uses' => 'Pterodactyl\Http\Controllers\API\User\ServerController@info',
]);
$api->put('/server/{uuid}', [
'as' => 'api.user.server.power',
'uses' => 'Pterodactyl\Http\Controllers\API\User\ServerController@power',
]);
});
$api->version('v1', ['prefix' => 'api', 'middleware' => 'api.auth'], function ($api) {
/*
* User Routes
*/
$api->get('users', [
'as' => 'api.admin.users.list',
'uses' => 'Pterodactyl\Http\Controllers\API\UserController@lists',
]);
$api->post('users', [
'as' => 'api.admin.users.create',
'uses' => 'Pterodactyl\Http\Controllers\API\UserController@create',
]);
$api->get('users/{id}', [
'as' => 'api.admin.users.view',
'uses' => 'Pterodactyl\Http\Controllers\API\UserController@view',
]);
$api->patch('users/{id}', [
'as' => 'api.admin.users.update',
'uses' => 'Pterodactyl\Http\Controllers\API\UserController@update',
]);
$api->delete('users/{id}', [
'as' => 'api.admin.users.delete',
'uses' => 'Pterodactyl\Http\Controllers\API\UserController@delete',
]);
/*
* Server Routes
*/
$api->get('servers', [
'as' => 'api.admin.servers.list',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@lists',
]);
$api->post('servers', [
'as' => 'api.admin.servers.create',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@create',
]);
$api->get('servers/{id}', [
'as' => 'api.admin.servers.view',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@view',
]);
$api->patch('servers/{id}/config', [
'as' => 'api.admin.servers.config',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@config',
]);
$api->patch('servers/{id}/build', [
'as' => 'api.admin.servers.build',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@build',
]);
$api->post('servers/{id}/suspend', [
'as' => 'api.admin.servers.suspend',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@suspend',
]);
$api->post('servers/{id}/unsuspend', [
'as' => 'api.admin.servers.unsuspend',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@unsuspend',
]);
$api->delete('servers/{id}/{force?}', [
'as' => 'api.admin.servers.delete',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@delete',
]);
/*
* Node Routes
*/
$api->get('nodes', [
'as' => 'api.admin.nodes.list',
'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@lists',
]);
$api->post('nodes', [
'as' => 'api.admin.nodes.create',
'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@create',
]);
$api->get('nodes/allocations', [
'as' => 'api.admin.nodes.allocations',
'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@allocations',
]);
$api->get('nodes/allocations/{id}', [
'as' => 'api.admin.nodes.allocations',
'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@allocationsView',
]);
$api->get('nodes/{id}', [
'as' => 'api.admin.nodes.view',
'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@view',
]);
$api->get('nodes/{id}/config', [
'as' => 'api.admin.nodes.view',
'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@config',
]);
$api->delete('nodes/{id}', [
'as' => 'api.admin.nodes.delete',
'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@delete',
]);
/*
* Location Routes
*/
$api->get('locations', [
'as' => 'api.admin.locations.list',
'uses' => 'Pterodactyl\Http\Controllers\API\LocationController@lists',
]);
/*
* Service Routes
*/
$api->get('services', [
'as' => 'api.admin.services.list',
'uses' => 'Pterodactyl\Http\Controllers\API\ServiceController@lists',
]);
$api->get('services/{id}', [
'as' => 'api.admin.services.view',
'uses' => 'Pterodactyl\Http\Controllers\API\ServiceController@view',
]);
});
}
}

94
app/Http/Routes/AuthRoutes.php
View file

@ -1,94 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>
* Some Modifications (c) 2015 Dylan Seidt <dylan.seidt@gmail.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Routes;
use Auth;
use Illuminate\Routing\Router;
class AuthRoutes
{
public function map(Router $router)
{
$router->group([
'prefix' => 'auth',
'middleware' => [
'guest',
'csrf',
],
], function () use ($router) {
// Display Login Page
$router->get('login', [
'as' => 'auth.login',
'uses' => 'Auth\LoginController@showLoginForm',
]);
// Handle Login
$router->post('login', [
'uses' => 'Auth\LoginController@login',
]);
$router->get('login/totp', [
'as' => 'auth.totp',
'uses' => 'Auth\LoginController@totp',
]);
$router->post('login/totp', [
'uses' => 'Auth\LoginController@totpCheckpoint',
]);
// Show Password Reset Form
$router->get('password', [
'as' => 'auth.password',
'uses' => 'Auth\ForgotPasswordController@showLinkRequestForm',
]);
// Handle Password Reset
$router->post('password', [
'uses' => 'Auth\ForgotPasswordController@sendResetLinkEmail',
]);
// Show Verification Checkpoint
$router->get('password/reset/{token}', [
'as' => 'auth.reset',
'uses' => 'Auth\ResetPasswordController@showResetForm',
]);
// Handle Verification
$router->post('password/reset', [
'as' => 'auth.reset.post',
'uses' => 'Auth\ResetPasswordController@reset',
]);
});
// Not included above because we don't want the guest middleware
$router->get('auth/logout', [
'as' => 'auth.logout',
'middleware' => 'auth',
'uses' => 'Auth\LoginController@logout',
]);
}
}

125
app/Http/Routes/BaseRoutes.php
View file

@ -1,125 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>
* Some Modifications (c) 2015 Dylan Seidt <dylan.seidt@gmail.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Routes;
use Illuminate\Routing\Router;
class BaseRoutes
{
public function map(Router $router)
{
// Index of Panel
$router->get('/', [
'as' => 'index',
'middleware' => 'auth',
'uses' => 'Base\IndexController@getIndex',
]);
// Handle Index. Redirect /index to /
$router->get('/index', function () {
return redirect()->route('index');
});
// Password Generation
$router->get('/password-gen/{length}', [
'as' => 'password-gen',
'middleware' => 'auth',
'uses' => 'Base\IndexController@getPassword',
]);
// Account Routes
$router->group([
'prefix' => 'account',
'middleware' => [
'auth',
'csrf',
],
], function () use ($router) {
$router->get('/', [
'as' => 'account',
'uses' => 'Base\AccountController@index',
]);
$router->post('/', [
'uses' => 'Base\AccountController@update',
]);
});
// API Management Routes
$router->group([
'prefix' => 'account/api',
'middleware' => [
'auth',
'csrf',
],
], function () use ($router) {
$router->get('/', [
'as' => 'account.api',
'uses' => 'Base\APIController@index',
]);
$router->get('/new', [
'as' => 'account.api.new',
'uses' => 'Base\APIController@create',
]);
$router->post('/new', [
'uses' => 'Base\APIController@save',
]);
$router->delete('/revoke/{key}', [
'as' => 'account.api.revoke',
'uses' => 'Base\APIController@revoke',
]);
});
// TOTP Routes
$router->group([
'prefix' => 'account/security',
'middleware' => [
'auth',
'csrf',
],
], function () use ($router) {
$router->get('/', [
'as' => 'account.security',
'uses' => 'Base\SecurityController@index',
]);
$router->get('/revoke/{id}', [
'as' => 'account.security.revoke',
'uses' => 'Base\SecurityController@revoke',
]);
$router->put('/totp', [
'as' => 'account.security.totp',
'uses' => 'Base\SecurityController@generateTotp',
]);
$router->post('/totp', [
'uses' => 'Base\SecurityController@setTotp',
]);
$router->delete('/totp', [
'uses' => 'Base\SecurityController@disableTotp',
]);
});
}
}

38
app/Http/Routes/LanguageRoutes.php
View file

@ -1,38 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Routes;
use Illuminate\Routing\Router;
class LanguageRoutes
{
public function map(Router $router)
{
$router->get('language/{lang}', [
'as' => 'langauge.set',
'uses' => 'Base\LanguageController@setLanguage',
]);
}
}

51
app/Http/Routes/RemoteRoutes.php
View file

@ -1,51 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Routes;
use Illuminate\Routing\Router;
class RemoteRoutes
{
public function map(Router $router)
{
$router->group(['prefix' => 'remote'], function () use ($router) {
// Handles Remote Download Authentication Requests
$router->post('download', [
'as' => 'remote.download',
'uses' => 'Remote\RemoteController@postDownload',
]);
$router->post('install', [
'as' => 'remote.install',
'uses' => 'Remote\RemoteController@postInstall',
]);
$router->get('configuration/{token}', [
'as' => 'remote.configuration',
'uses' => 'Remote\RemoteController@getConfiguration',
]);
});
}
}

186
app/Http/Routes/ServerRoutes.php
View file

@ -1,186 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Routes;
use Illuminate\Routing\Router;
class ServerRoutes
{
public function map(Router $router)
{
// Returns Server Status
$router->get('/server/{server}/ajax/status', [
'middleware' => ['auth', 'csrf'],
'as' => 'server.ajax.status',
'uses' => 'Server\AjaxController@getStatus',
]);
$router->group([
'prefix' => 'server/{server}',
'middleware' => [
'auth',
'server',
'csrf',
],
], function ($server) use ($router) {
// Index View for Server
$router->get('/', [
'as' => 'server.index',
'uses' => 'Server\ServerController@getIndex',
]);
$router->get('/settings/databases', [
'as' => 'server.settings.databases',
'uses' => 'Server\ServerController@getDatabases',
]);
$router->get('/settings/sftp', [
'as' => 'server.settings.sftp',
'uses' => 'Server\ServerController@getSFTP',
]);
$router->post('/settings/sftp', [
'uses' => 'Server\ServerController@postSettingsSFTP',
]);
$router->get('/settings/startup', [
'as' => 'server.settings.startup',
'uses' => 'Server\ServerController@getStartup',
]);
$router->post('/settings/startup', [
'uses' => 'Server\ServerController@postSettingsStartup',
]);
$router->get('/settings/allocation', [
'as' => 'server.settings.allocation',
'uses' => 'Server\ServerController@getAllocation',
]);
// File Manager Routes
$router->get('/files', [
'as' => 'server.files.index',
'uses' => 'Server\ServerController@getFiles',
]);
$router->get('/files/edit/{file}', [
'as' => 'server.files.edit',
'uses' => 'Server\ServerController@getEditFile',
])->where('file', '.*');
$router->get('/files/download/{file}', [
'as' => 'server.files.download',
'uses' => 'Server\ServerController@getDownloadFile',
])->where('file', '.*');
$router->get('/files/add', [
'as' => 'server.files.add',
'uses' => 'Server\ServerController@getAddFile',
]);
$router->post('files/directory-list', [
'as' => 'server.files.directory-list',
'uses' => 'Server\AjaxController@postDirectoryList',
]);
$router->post('files/save', [
'as' => 'server.files.save',
'uses' => 'Server\AjaxController@postSaveFile',
]);
// Sub-User Routes
$router->get('users', [
'as' => 'server.subusers',
'uses' => 'Server\SubuserController@getIndex',
]);
$router->get('users/new', [
'as' => 'server.subusers.new',
'uses' => 'Server\SubuserController@getNew',
]);
$router->post('users/new', [
'uses' => 'Server\SubuserController@postNew',
]);
$router->get('users/view/{id}', [
'as' => 'server.subusers.view',
'uses' => 'Server\SubuserController@getView',
]);
$router->post('users/view/{id}', [
'uses' => 'Server\SubuserController@postView',
]);
$router->delete('users/delete/{id}', [
'as' => 'server.subusers.delete',
'uses' => 'Server\SubuserController@deleteSubuser',
]);
$router->get('tasks/', [
'as' => 'server.tasks',
'uses' => 'Server\TaskController@getIndex',
]);
$router->get('tasks/view/{id}', [
'as' => 'server.tasks.view',
'uses' => 'Server\TaskController@getView',
]);
$router->get('tasks/new', [
'as' => 'server.tasks.new',
'uses' => 'Server\TaskController@getNew',
]);
$router->post('tasks/new', [
'uses' => 'Server\TaskController@postNew',
]);
$router->delete('tasks/delete/{id}', [
'as' => 'server.tasks.delete',
'uses' => 'Server\TaskController@deleteTask',
]);
$router->post('tasks/toggle/{id}', [
'as' => 'server.tasks.toggle',
'uses' => 'Server\TaskController@toggleTask',
]);
// Assorted AJAX Routes
$router->group(['prefix' => 'ajax'], function ($server) use ($router) {
// Sets the Default Connection for the Server
$router->post('set-primary', [
'uses' => 'Server\AjaxController@postSetPrimary',
]);
$router->post('settings/reset-database-password', [
'as' => 'server.ajax.reset-database-password',
'uses' => 'Server\AjaxController@postResetDatabasePassword',
]);
});
});
}
}