Add support for storing SSH keys on user accounts
This commit is contained in:
DaneEveritt
parent
5705d7dbdd
commit
97280a62a2
20 changed files with 678 additions and 6 deletions
48
app/Http/Controllers/Api/Client/SSHKeyController.php
Normal file
48
app/Http/Controllers/Api/Client/SSHKeyController.php
Normal file
|
|
@ -0,0 +1,48 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Controllers\Api\Client;
|
||||
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
use Pterodactyl\Transformers\Api\Client\SSHKeyTransformer;
|
||||
use Pterodactyl\Http\Requests\Api\Client\Account\StoreSSHKeyRequest;
|
||||
|
||||
class SSHKeyController extends ClientApiController
|
||||
{
|
||||
/**
|
||||
* Returns all of the SSH keys that have been configured for the logged in
|
||||
* user account.
|
||||
*/
|
||||
public function index(ClientApiRequest $request): array
|
||||
{
|
||||
return $this->fractal->collection($request->user()->sshKeys)
|
||||
->transformWith($this->getTransformer(SSHKeyTransformer::class))
|
||||
->toArray();
|
||||
}
|
||||
|
||||
/**
|
||||
* Stores a new SSH key for the authenticated user's account.
|
||||
*/
|
||||
public function store(StoreSSHKeyRequest $request): array
|
||||
{
|
||||
$model = $request->user()->sshKeys()->create([
|
||||
'name' => $request->input('name'),
|
||||
'public_key' => $request->input('public_key'),
|
||||
'fingerprint' => $request->getKeyFingerprint(),
|
||||
]);
|
||||
|
||||
return $this->fractal->item($model)
|
||||
->transformWith($this->getTransformer(SSHKeyTransformer::class))
|
||||
->toArray();
|
||||
}
|
||||
|
||||
/**
|
||||
* Deletes an SSH key from the user's account.
|
||||
*/
|
||||
public function delete(ClientApiRequest $request, string $identifier): JsonResponse
|
||||
{
|
||||
$request->user()->sshKeys()->where('fingerprint', $identifier)->delete();
|
||||
|
||||
return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
|
||||
}
|
||||
}
|
||||
|
|
@ -3,6 +3,7 @@
|
|||
namespace Pterodactyl\Http\Requests\Api\Application;
|
||||
|
||||
use Pterodactyl\Models\ApiKey;
|
||||
use Illuminate\Validation\Validator;
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Pterodactyl\Exceptions\PterodactylException;
|
||||
|
|
@ -96,6 +97,16 @@ abstract class ApplicationApiRequest extends FormRequest
|
|||
return $this->route()->parameter($parameterKey);
|
||||
}
|
||||
|
||||
/**
|
||||
* Helper method allowing a developer to easily hook into this logic without having
|
||||
* to remember what the method name is called or where to use it. By default this is
|
||||
* a no-op.
|
||||
*/
|
||||
public function withValidator(Validator $validator): void
|
||||
{
|
||||
// do nothing
|
||||
}
|
||||
|
||||
/**
|
||||
* Validate that the resource exists and can be accessed prior to booting
|
||||
* the validator and attempting to use the data.
|
||||
|
|
|
|||
71
app/Http/Requests/Api/Client/Account/StoreSSHKeyRequest.php
Normal file
71
app/Http/Requests/Api/Client/Account/StoreSSHKeyRequest.php
Normal file
|
|
@ -0,0 +1,71 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Account;
|
||||
|
||||
use Exception;
|
||||
use phpseclib3\Crypt\DSA;
|
||||
use phpseclib3\Crypt\RSA;
|
||||
use Pterodactyl\Models\UserSSHKey;
|
||||
use Illuminate\Validation\Validator;
|
||||
use phpseclib3\Crypt\PublicKeyLoader;
|
||||
use phpseclib3\Crypt\Common\PublicKey;
|
||||
use phpseclib3\Exception\NoKeyLoadedException;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
class StoreSSHKeyRequest extends ClientApiRequest
|
||||
{
|
||||
protected ?PublicKey $key;
|
||||
|
||||
/**
|
||||
* Returns the rules for this request.
|
||||
*/
|
||||
public function rules(): array
|
||||
{
|
||||
return [
|
||||
'name' => UserSSHKey::getRulesForField('name'),
|
||||
'public_key' => UserSSHKey::getRulesForField('public_key'),
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* Check to see if this SSH key has already been added to the user's account
|
||||
* and if so return an error.
|
||||
*/
|
||||
public function withValidator(Validator $validator): void
|
||||
{
|
||||
$validator->after(function () {
|
||||
try {
|
||||
$this->key = PublicKeyLoader::loadPublicKey($this->input('public_key'));
|
||||
} catch (NoKeyLoadedException $exception) {
|
||||
$this->validator->errors()->add('public_key', 'The public key provided is not valid.');
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
if ($this->key instanceof DSA) {
|
||||
$this->validator->errors()->add('public_key', 'DSA public keys are not supported.');
|
||||
}
|
||||
|
||||
if ($this->key instanceof RSA && $this->key->getLength() < 2048) {
|
||||
$this->validator->errors()->add('public_key', 'RSA keys must be at 2048 bytes.');
|
||||
}
|
||||
|
||||
$fingerprint = $this->key->getFingerprint('sha256');
|
||||
if ($this->user()->sshKeys()->where('fingerprint', $fingerprint)->exists()) {
|
||||
$this->validator->errors()->add('public_key', 'The public key provided already exists on your account.');
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the SHA256 fingerprint of the key provided.
|
||||
*/
|
||||
public function getKeyFingerprint(): string
|
||||
{
|
||||
if (!$this->key) {
|
||||
throw new Exception('The public key was not properly loaded for this request.');
|
||||
}
|
||||
|
||||
return $this->key->getFingerprint('sha256');
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue