StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add support for base API logging of all requests

Browse source 
ref #31
This commit is contained in:
Dane Everitt 2016-10-07 16:06:09 -04:00
parent 0fe0f750c4
commit af68dbed8f
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
4 changed files with 172 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
app/Http/Middleware/APISecretToken.php
View file

@ -29,6 +29,7 @@ use IPTools\Range;
use Pterodactyl\Models\APIKey;
use Pterodactyl\Models\APIPermission;
use Pterodactyl\Services\APILogService;
use Illuminate\Http\Request;
use Dingo\Api\Routing\Route;
@ -61,6 +62,7 @@ class APISecretToken extends Authorization
public function authenticate(Request $request, Route $route)
{
if (!$request->bearerToken() || empty($request->bearerToken())) {
APILogService::log($request);
throw new UnauthorizedHttpException('The authentication header was missing or malformed');
}
@ -68,6 +70,7 @@ class APISecretToken extends Authorization
$key = APIKey::where('public', $public)->first();
if (!$key) {
APILogService::log($request);
throw new AccessDeniedHttpException('Invalid API Key.');
}
@ -82,6 +85,7 @@ class APISecretToken extends Authorization
}
}
if (!$inRange) {
APILogService::log($request);
throw new AccessDeniedHttpException('This IP address <' . $request->ip() . '> does not have permission to use this API key.');
}
}
@ -94,6 +98,7 @@ class APISecretToken extends Authorization
}
if (!$this->permissionAllowed) {
APILogService::log($request);
throw new AccessDeniedHttpException('You do not have permission to access this resource.');
}
}
@ -101,14 +106,18 @@ class APISecretToken extends Authorization
try {
$decrypted = Crypt::decrypt($key->secret);
} catch (\Illuminate\Contracts\Encryption\DecryptException $ex) {
APILogService::log($request);
throw new HttpException('There was an error while attempting to check your secret key.');
}
$this->url = urldecode($request->fullUrl());
if($this->_generateHMAC($request->getContent(), $decrypted) !== base64_decode($hashed)) {
APILogService::log($request);
throw new BadRequestHttpException('The hashed body was not valid. Potential modification of contents in route.');
}
// Log the Route Access
APILogService::log($request, true);
return true;
}