Add support for storing SSH keys on user accounts

2022-05-14 17:31:53 -04:00 · 2022-05-14 17:31:53 -04:00 · 97280a62a2
commit 97280a62a2
parent 5705d7dbdd
20 changed files with 678 additions and 6 deletions
--- a/app/Http/Controllers/Api/Client/SSHKeyController.php
+++ b/app/Http/Controllers/Api/Client/SSHKeyController.php
@ -0,0 +1,48 @@
+<?php
+
+namespace Pterodactyl\Http\Controllers\Api\Client;
+
+use Illuminate\Http\JsonResponse;
+use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
+use Pterodactyl\Transformers\Api\Client\SSHKeyTransformer;
+use Pterodactyl\Http\Requests\Api\Client\Account\StoreSSHKeyRequest;
+
+class SSHKeyController extends ClientApiController
+{
+    /**
+     * Returns all of the SSH keys that have been configured for the logged in
+     * user account.
+     */
+    public function index(ClientApiRequest $request): array
+    {
+        return $this->fractal->collection($request->user()->sshKeys)
+            ->transformWith($this->getTransformer(SSHKeyTransformer::class))
+            ->toArray();
+    }
+
+    /**
+     * Stores a new SSH key for the authenticated user's account.
+     */
+    public function store(StoreSSHKeyRequest $request): array
+    {
+        $model = $request->user()->sshKeys()->create([
+            'name' => $request->input('name'),
+            'public_key' => $request->input('public_key'),
+            'fingerprint' => $request->getKeyFingerprint(),
+        ]);
+
+        return $this->fractal->item($model)
+            ->transformWith($this->getTransformer(SSHKeyTransformer::class))
+            ->toArray();
+    }
+
+    /**
+     * Deletes an SSH key from the user's account.
+     */
+    public function delete(ClientApiRequest $request, string $identifier): JsonResponse
+    {
+        $request->user()->sshKeys()->where('fingerprint', $identifier)->delete();
+
+        return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
+    }
+}
--- a/app/Http/Requests/Api/Application/ApplicationApiRequest.php
+++ b/app/Http/Requests/Api/Application/ApplicationApiRequest.php
@ -3,6 +3,7 @@
 namespace Pterodactyl\Http\Requests\Api\Application;

 use Pterodactyl\Models\ApiKey;
+use Illuminate\Validation\Validator;
 use Pterodactyl\Services\Acl\Api\AdminAcl;
 use Illuminate\Foundation\Http\FormRequest;
 use Pterodactyl\Exceptions\PterodactylException;
@ -96,6 +97,16 @@ abstract class ApplicationApiRequest extends FormRequest
        return $this->route()->parameter($parameterKey);
    }

+    /**
+     * Helper method allowing a developer to easily hook into this logic without having
+     * to remember what the method name is called or where to use it. By default this is
+     * a no-op.
+     */
+    public function withValidator(Validator $validator): void
+    {
+        // do nothing
+    }
+
    /**
     * Validate that the resource exists and can be accessed prior to booting
     * the validator and attempting to use the data.
--- a/app/Http/Requests/Api/Client/Account/StoreSSHKeyRequest.php
+++ b/app/Http/Requests/Api/Client/Account/StoreSSHKeyRequest.php
@ -0,0 +1,71 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Client\Account;
+
+use Exception;
+use phpseclib3\Crypt\DSA;
+use phpseclib3\Crypt\RSA;
+use Pterodactyl\Models\UserSSHKey;
+use Illuminate\Validation\Validator;
+use phpseclib3\Crypt\PublicKeyLoader;
+use phpseclib3\Crypt\Common\PublicKey;
+use phpseclib3\Exception\NoKeyLoadedException;
+use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
+
+class StoreSSHKeyRequest extends ClientApiRequest
+{
+    protected ?PublicKey $key;
+
+    /**
+     * Returns the rules for this request.
+     */
+    public function rules(): array
+    {
+        return [
+            'name' => UserSSHKey::getRulesForField('name'),
+            'public_key' => UserSSHKey::getRulesForField('public_key'),
+        ];
+    }
+
+    /**
+     * Check to see if this SSH key has already been added to the user's account
+     * and if so return an error.
+     */
+    public function withValidator(Validator $validator): void
+    {
+        $validator->after(function () {
+            try {
+                $this->key = PublicKeyLoader::loadPublicKey($this->input('public_key'));
+            } catch (NoKeyLoadedException $exception) {
+                $this->validator->errors()->add('public_key', 'The public key provided is not valid.');
+
+                return;
+            }
+
+            if ($this->key instanceof DSA) {
+                $this->validator->errors()->add('public_key', 'DSA public keys are not supported.');
+            }
+
+            if ($this->key instanceof RSA && $this->key->getLength() < 2048) {
+                $this->validator->errors()->add('public_key', 'RSA keys must be at 2048 bytes.');
+            }
+
+            $fingerprint = $this->key->getFingerprint('sha256');
+            if ($this->user()->sshKeys()->where('fingerprint', $fingerprint)->exists()) {
+                $this->validator->errors()->add('public_key', 'The public key provided already exists on your account.');
+            }
+        });
+    }
+
+    /**
+     * Returns the SHA256 fingerprint of the key provided.
+     */
+    public function getKeyFingerprint(): string
+    {
+        if (!$this->key) {
+            throw new Exception('The public key was not properly loaded for this request.');
+        }
+
+        return $this->key->getFingerprint('sha256');
+    }
+}
--- a/app/Models/User.php
+++ b/app/Models/User.php
@ -10,6 +10,7 @@ use Illuminate\Notifications\Notifiable;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Auth\Passwords\CanResetPassword;
 use Pterodactyl\Traits\Helpers\AvailableLanguages;
+use Illuminate\Database\Eloquent\Relations\HasMany;
 use Illuminate\Foundation\Auth\Access\Authorizable;
 use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
 use Illuminate\Contracts\Auth\Access\Authorizable as AuthorizableContract;
@ -17,6 +18,8 @@ use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;
 use Pterodactyl\Notifications\SendPasswordReset as ResetPasswordNotification;

 /**
+ * \Pterodactyl\Models\User.
+ *
 * @property int $id
 * @property string|null $external_id
 * @property string $uuid
@ -38,6 +41,37 @@ use Pterodactyl\Notifications\SendPasswordReset as ResetPasswordNotification;
 * @property \Pterodactyl\Models\ApiKey[]|\Illuminate\Database\Eloquent\Collection $apiKeys
 * @property \Pterodactyl\Models\Server[]|\Illuminate\Database\Eloquent\Collection $servers
 * @property \Pterodactyl\Models\RecoveryToken[]|\Illuminate\Database\Eloquent\Collection $recoveryTokens
+ * @property string|null $remember_token
+ * @property int|null $api_keys_count
+ * @property \Illuminate\Notifications\DatabaseNotificationCollection|\Illuminate\Notifications\DatabaseNotification[] $notifications
+ * @property int|null $notifications_count
+ * @property int|null $recovery_tokens_count
+ * @property int|null $servers_count
+ * @property \Illuminate\Database\Eloquent\Collection|\Pterodactyl\Models\UserSSHKey[] $sshKeys
+ * @property int|null $ssh_keys_count
+ *
+ * @method static \Database\Factories\UserFactory factory(...$parameters)
+ * @method static Builder|User newModelQuery()
+ * @method static Builder|User newQuery()
+ * @method static Builder|User query()
+ * @method static Builder|User whereCreatedAt($value)
+ * @method static Builder|User whereEmail($value)
+ * @method static Builder|User whereExternalId($value)
+ * @method static Builder|User whereGravatar($value)
+ * @method static Builder|User whereId($value)
+ * @method static Builder|User whereLanguage($value)
+ * @method static Builder|User whereNameFirst($value)
+ * @method static Builder|User whereNameLast($value)
+ * @method static Builder|User wherePassword($value)
+ * @method static Builder|User whereRememberToken($value)
+ * @method static Builder|User whereRootAdmin($value)
+ * @method static Builder|User whereTotpAuthenticatedAt($value)
+ * @method static Builder|User whereTotpSecret($value)
+ * @method static Builder|User whereUpdatedAt($value)
+ * @method static Builder|User whereUseTotp($value)
+ * @method static Builder|User whereUsername($value)
+ * @method static Builder|User whereUuid($value)
+ * @mixin \Eloquent
 */
 class User extends Model implements
    AuthenticatableContract,
@ -225,6 +259,11 @@ class User extends Model implements
        return $this->hasMany(RecoveryToken::class);
    }

+    public function sshKeys(): HasMany
+    {
+        return $this->hasMany(UserSSHKey::class);
+    }
+
    /**
     * Returns all of the servers that a user can access by way of being the owner of the
     * server, or because they are assigned as a subuser for that server.
--- a/app/Models/UserSSHKey.php
+++ b/app/Models/UserSSHKey.php
@ -0,0 +1,61 @@
+<?php
+
+namespace Pterodactyl\Models;
+
+use Illuminate\Database\Eloquent\SoftDeletes;
+use Illuminate\Database\Eloquent\Relations\BelongsTo;
+
+/**
+ * \Pterodactyl\Models\UserSSHKey.
+ *
+ * @property int $id
+ * @property int $user_id
+ * @property string $name
+ * @property string $fingerprint
+ * @property string $public_key
+ * @property \Illuminate\Support\Carbon|null $created_at
+ * @property \Illuminate\Support\Carbon|null $updated_at
+ * @property \Illuminate\Support\Carbon|null $deleted_at
+ * @property \Pterodactyl\Models\User $user
+ *
+ * @method static \Illuminate\Database\Eloquent\Builder|UserSSHKey newModelQuery()
+ * @method static \Illuminate\Database\Eloquent\Builder|UserSSHKey newQuery()
+ * @method static \Illuminate\Database\Query\Builder|UserSSHKey onlyTrashed()
+ * @method static \Illuminate\Database\Eloquent\Builder|UserSSHKey query()
+ * @method static \Illuminate\Database\Eloquent\Builder|UserSSHKey whereCreatedAt($value)
+ * @method static \Illuminate\Database\Eloquent\Builder|UserSSHKey whereDeletedAt($value)
+ * @method static \Illuminate\Database\Eloquent\Builder|UserSSHKey whereFingerprint($value)
+ * @method static \Illuminate\Database\Eloquent\Builder|UserSSHKey whereId($value)
+ * @method static \Illuminate\Database\Eloquent\Builder|UserSSHKey whereName($value)
+ * @method static \Illuminate\Database\Eloquent\Builder|UserSSHKey wherePublicKey($value)
+ * @method static \Illuminate\Database\Eloquent\Builder|UserSSHKey whereUpdatedAt($value)
+ * @method static \Illuminate\Database\Eloquent\Builder|UserSSHKey whereUserId($value)
+ * @method static \Illuminate\Database\Query\Builder|UserSSHKey withTrashed()
+ * @method static \Illuminate\Database\Query\Builder|UserSSHKey withoutTrashed()
+ * @mixin \Eloquent
+ */
+class UserSSHKey extends Model
+{
+    use SoftDeletes;
+
+    public const RESOURCE_NAME = 'ssh_key';
+
+    protected $table = 'user_ssh_keys';
+
+    protected $fillable = [
+        'name',
+        'public_key',
+        'fingerprint',
+    ];
+
+    public static $validationRules = [
+        'name' => ['required', 'string'],
+        'fingerprint' => ['required', 'string'],
+        'public_key' => ['required', 'string'],
+    ];
+
+    public function user(): BelongsTo
+    {
+        return $this->belongsTo(User::class);
+    }
+}
--- a/app/Transformers/Api/Client/SSHKeyTransformer.php
+++ b/app/Transformers/Api/Client/SSHKeyTransformer.php
@ -0,0 +1,26 @@
+<?php
+
+namespace Pterodactyl\Transformers\Api\Client;
+
+use Pterodactyl\Models\UserSSHKey;
+
+class SSHKeyTransformer extends BaseClientTransformer
+{
+    public function getResourceName(): string
+    {
+        return UserSSHKey::RESOURCE_NAME;
+    }
+
+    /**
+     * Return's a user's SSH key in an API response format.
+     */
+    public function transform(UserSSHKey $model): array
+    {
+        return [
+            'name' => $model->name,
+            'fingerprint' => $model->fingerprint,
+            'public_key' => $model->public_key,
+            'created_at' => $model->created_at->toIso8601String(),
+        ];
+    }
+}