StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

very basic initial push of API

Browse source
This commit is contained in:
Dane Everitt 2016-01-12 01:05:44 -05:00
parent c080025bab
commit 98b3355158
13 changed files with 555 additions and 118 deletions
Download patch file Download diff file Expand all files Collapse all files

64
app/Http/Controllers/API/AuthController.php Normal file
View file

@ -0,0 +1,64 @@
<?php
namespace Pterodactyl\Http\Controllers\API;
use JWTAuth;
use Tymon\JWTAuth\Exceptions\JWTException;
use Illuminate\Http\Request;
use \Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
use \Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
use Pterodactyl\Transformers\UserTransformer;
use Pterodactyl\Models;
/**
* @Resource("Auth", uri="/auth")
*/
class AuthController extends BaseController
{
/**
* Authenticate
*
* Authenticate with the API to recieved a JSON Web Token
*
* @Post("/login")
* @Versions({"v1"})
* @Request({"email": "e@mail.com", "password": "soopersecret"})
* @Response(200, body={"token": "<jwt-token>"})
*/
public function postLogin(Request $request) {
$credentials = $request->only('email', 'password');
try {
$token = JWTAuth::attempt($credentials, [
'permissions' => [
'view_users' => true,
'edit_users' => true,
'delete_users' => false,
]
]);
if (!$token) {
throw new UnauthorizedHttpException('');
}
} catch (JWTException $ex) {
throw new ServiceUnavailableHttpException('');
}
return compact('token');
}
/**
* Check if Authenticated
*
* @Post("/validate")
* @Versions({"v1"})
* @Request(headers={"Authorization": "Bearer <jwt-token>"})
* @Response(204);
*/
public function postValidate(Request $request) {
return $this->response->noContent();
}
}

11
app/Http/Controllers/API/BaseController.php Normal file
View file

@ -0,0 +1,11 @@
<?php
namespace Pterodactyl\Http\Controllers\API;
use Dingo\Api\Routing\Helpers;
use Illuminate\Routing\Controller;
class BaseController extends Controller
{
use Helpers;
}

86
app/Http/Controllers/API/UserController.php
View file

@ -2,82 +2,32 @@
namespace Pterodactyl\Http\Controllers\API;
use Gate;
use Log;
use Debugbar;
use Pterodactyl\Models\API;
use Pterodactyl\Models\User;
use Pterodactyl\Http\Controllers\Controller;
use Illuminate\Http\Request;
class UserController extends Controller
use Pterodactyl\Transformers\UserTransformer;
use Pterodactyl\Models;
/**
* @Resource("Users", uri="/users")
*/
class UserController extends BaseController
{
/**
* Constructor
*/
public function __construct()
{
//
}
public function getAllUsers(Request $request)
{
// Policies don't work if the user isn't logged in for whatever reason in Laravel...
if(!API::checkPermission($request->header('X-Authorization'), 'get-users')) {
return API::noPermissionError();
}
return response()->json([
'users' => User::all()
]);
}
/**
* Returns JSON response about a user given their ID.
* If fields are provided only those fields are returned.
* List All Users
*
* Does not return protected fields (i.e. password & totp_secret)
* Lists all users currently on the system.
*
* @param Request $request
* @param int $id
* @param string $fields
* @return Response
* @Get("/{?page}")
* @Versions({"v1"})
* @Parameters({
* @Parameter("page", type="integer", description="The page of results to view.", default=1)
* })
* @Response(200)
*/
public function getUser(Request $request, $id, $fields = null)
{
// Policies don't work if the user isn't logged in for whatever reason in Laravel...
if(!API::checkPermission($request->header('X-Authorization'), 'get-users')) {
return API::noPermissionError();
}
if (is_null($fields)) {
return response()->json(User::find($id));
}
$query = User::where('id', $id);
$explode = explode(',', $fields);
foreach($explode as &$exploded) {
if(!empty($exploded)) {
$query->addSelect($exploded);
}
}
try {
return response()->json($query->get());
} catch (\Exception $e) {
if ($e instanceof \Illuminate\Database\QueryException) {
return response()->json([
'error' => 'One of the fields provided in your argument list is invalid.'
], 500);
}
throw $e;
}
public function getUsers(Request $request) {
$users = Models\User::paginate(15);
return $this->response->paginator($users, new UserTransformer);
}
}

3
app/Http/Kernel.php
View file

@ -17,7 +17,6 @@ class Kernel extends HttpKernel
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\Pterodactyl\Http\Middleware\VerifyCsrfToken::class,
];
/**
@ -30,7 +29,7 @@ class Kernel extends HttpKernel
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'guest' => \Pterodactyl\Http\Middleware\RedirectIfAuthenticated::class,
'server' => \Pterodactyl\Http\Middleware\CheckServer::class,
'api' => \Pterodactyl\Http\Middleware\APIAuthenticate::class,
'admin' => \Pterodactyl\Http\Middleware\AdminAuthenticate::class,
'csrf' => \Pterodactyl\Http\Middleware\VerifyCsrfToken::class,
];
}

46
app/Http/Middleware/APIAuthenticate.php
View file

@ -1,46 +0,0 @@
<?php
namespace Pterodactyl\Http\Middleware;
use Closure;
use Debugbar;
use Pterodactyl\Models\API;
class APIAuthenticate
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if(!$request->header('X-Authorization')) {
return response()->json([
'error' => 'Authorization header was missing with this request. Please pass the \'X-Authorization\' header with your request.'
], 403);
}
$api = API::where('key', $request->header('X-Authorization'))->first();
if (!$api) {
return response()->json([
'error' => 'Invalid API key was provided in the request.'
], 403);
}
if (!is_null($api->allowed_ips)) {
if (!in_array($request->ip(), json_decode($api->allowed_ips, true))) {
return response()->json([
'error' => 'This IP (' . $request->ip() . ') is not permitted to access the API with that token.'
], 403);
}
}
return $next($request);
}
}

47
app/Http/Routes/APIRoutes.php Normal file
View file

@ -0,0 +1,47 @@
<?php
namespace Pterodactyl\Http\Routes;
use Pterodactyl\Models;
use Illuminate\Routing\Router;
class APIRoutes
{
public function map(Router $router) {
app('Dingo\Api\Auth\Auth')->extend('jwt', function ($app) {
return new \Dingo\Api\Auth\Provider\JWT($app['Tymon\JWTAuth\JWTAuth']);
});
$api = app('Dingo\Api\Routing\Router');
$api->version('v1', function ($api) {
$api->post('auth/login', [
'as' => 'api.auth.login',
'uses' => 'Pterodactyl\Http\Controllers\API\AuthController@postLogin'
]);
$api->post('auth/validate', [
'middleware' => 'api.auth',
'as' => 'api.auth.validate',
'uses' => 'Pterodactyl\Http\Controllers\API\AuthController@postValidate'
]);
});
$api->version('v1', ['middleware' => 'api.auth'], function ($api) {
$api->get('users', [
'as' => 'api.auth.validate',
'uses' => 'Pterodactyl\Http\Controllers\API\UserController@getUsers'
]);
$api->get('users/{id}', function($id) {
return Models\User::findOrFail($id);
});
});
}
}