Upgrade to Laravel 9 (#4413)
Co-authored-by: DaneEveritt <dane@daneeveritt.com>
This commit is contained in:
Matthew Penner
GitHub
parent
95e15d2c8a
commit
cbcf62086f
573 changed files with 4387 additions and 9411 deletions
|
|
@ -11,10 +11,8 @@ class AuthenticateApplicationUser
|
|||
/**
|
||||
* Authenticate that the currently authenticated user is an administrator
|
||||
* and should be allowed to proceed through the application API.
|
||||
*
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
public function handle(Request $request, Closure $next): mixed
|
||||
{
|
||||
/** @var \Pterodactyl\Models\User|null $user */
|
||||
$user = $request->user();
|
||||
|
|
|
|||
|
|
@ -15,12 +15,10 @@ class AuthenticateIPAccess
|
|||
/**
|
||||
* Determine if a request IP has permission to access the API.
|
||||
*
|
||||
* @return mixed
|
||||
*
|
||||
* @throws \Exception
|
||||
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
public function handle(Request $request, Closure $next): mixed
|
||||
{
|
||||
/** @var \Laravel\Sanctum\TransientToken|\Pterodactyl\Models\ApiKey $token */
|
||||
$token = $request->user()->currentAccessToken();
|
||||
|
|
|
|||
|
|
@ -11,10 +11,8 @@ class RequireClientApiKey
|
|||
/**
|
||||
* Blocks a request to the Client API endpoints if the user is providing an API token
|
||||
* that was created for the application API.
|
||||
*
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle(Request $request, \Closure $next)
|
||||
public function handle(Request $request, \Closure $next): mixed
|
||||
{
|
||||
$token = $request->user()->currentAccessToken();
|
||||
|
||||
|
|
|
|||
|
|
@ -5,40 +5,29 @@ namespace Pterodactyl\Http\Middleware\Api\Client\Server;
|
|||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
use Pterodactyl\Exceptions\Http\Server\ServerStateConflictException;
|
||||
|
||||
class AuthenticateServerAccess
|
||||
{
|
||||
/**
|
||||
* @var \Pterodactyl\Contracts\Repository\ServerRepositoryInterface
|
||||
*/
|
||||
private $repository;
|
||||
|
||||
/**
|
||||
* Routes that this middleware should not apply to if the user is an admin.
|
||||
*
|
||||
* @var string[]
|
||||
*/
|
||||
protected $except = [
|
||||
protected array $except = [
|
||||
'api:client:server.ws',
|
||||
];
|
||||
|
||||
/**
|
||||
* AuthenticateServerAccess constructor.
|
||||
*/
|
||||
public function __construct(ServerRepositoryInterface $repository)
|
||||
public function __construct()
|
||||
{
|
||||
$this->repository = $repository;
|
||||
}
|
||||
|
||||
/**
|
||||
* Authenticate that this server exists and is not suspended or marked as installing.
|
||||
*
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
public function handle(Request $request, Closure $next): mixed
|
||||
{
|
||||
/** @var \Pterodactyl\Models\User $user */
|
||||
$user = $request->user();
|
||||
|
|
|
|||
|
|
@ -25,10 +25,8 @@ class ResourceBelongsToServer
|
|||
* This is critical to ensuring that all subsequent logic is using exactly the
|
||||
* server that is expected, and that we're not accessing a resource completely
|
||||
* unrelated to the server provided in the request.
|
||||
*
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
public function handle(Request $request, Closure $next): mixed
|
||||
{
|
||||
$params = $request->route()->parameters();
|
||||
if (is_null($params) || !$params['server'] instanceof Server) {
|
||||
|
|
@ -59,8 +57,8 @@ class ResourceBelongsToServer
|
|||
throw $exception;
|
||||
}
|
||||
break;
|
||||
// Regular users are a special case here as we need to make sure they're
|
||||
// currently assigned as a subuser on the server.
|
||||
// Regular users are a special case here as we need to make sure they're
|
||||
// currently assigned as a subuser on the server.
|
||||
case User::class:
|
||||
$subuser = $server->subusers()->where('user_id', $model->id)->first();
|
||||
if (is_null($subuser)) {
|
||||
|
|
@ -70,8 +68,8 @@ class ResourceBelongsToServer
|
|||
// in the underlying logic.
|
||||
$request->attributes->set('subuser', $subuser);
|
||||
break;
|
||||
// Tasks are special since they're (currently) the only item in the API
|
||||
// that requires something in addition to the server in order to be accessed.
|
||||
// Tasks are special since they're (currently) the only item in the API
|
||||
// that requires something in addition to the server in order to be accessed.
|
||||
case Task::class:
|
||||
$schedule = $request->route()->parameter('schedule');
|
||||
if ($model->schedule_id !== $schedule->id || $schedule->server_id !== $server->id) {
|
||||
|
|
|
|||
|
|
@ -10,10 +10,8 @@ class SubstituteClientBindings extends SubstituteBindings
|
|||
{
|
||||
/**
|
||||
* @param \Illuminate\Http\Request $request
|
||||
*
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle($request, Closure $next)
|
||||
public function handle($request, Closure $next): mixed
|
||||
{
|
||||
// Override default behavior of the model binding to use a specific table
|
||||
// column rather than the default 'id'.
|
||||
|
|
|
|||
|
|
@ -13,42 +13,26 @@ use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
|||
|
||||
class DaemonAuthenticate
|
||||
{
|
||||
/**
|
||||
* @var \Pterodactyl\Repositories\Eloquent\NodeRepository
|
||||
*/
|
||||
private $repository;
|
||||
|
||||
/**
|
||||
* @var \Illuminate\Contracts\Encryption\Encrypter
|
||||
*/
|
||||
private $encrypter;
|
||||
|
||||
/**
|
||||
* Daemon routes that this middleware should be skipped on.
|
||||
*
|
||||
* @var array
|
||||
*/
|
||||
protected $except = [
|
||||
protected array $except = [
|
||||
'daemon.configuration',
|
||||
];
|
||||
|
||||
/**
|
||||
* DaemonAuthenticate constructor.
|
||||
*/
|
||||
public function __construct(Encrypter $encrypter, NodeRepository $repository)
|
||||
public function __construct(private Encrypter $encrypter, private NodeRepository $repository)
|
||||
{
|
||||
$this->repository = $repository;
|
||||
$this->encrypter = $encrypter;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a request from the daemon can be properly attributed back to a single node instance.
|
||||
*
|
||||
* @return mixed
|
||||
*
|
||||
* @throws \Symfony\Component\HttpKernel\Exception\HttpException
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
public function handle(Request $request, Closure $next): mixed
|
||||
{
|
||||
if (in_array($request->route()->getName(), $this->except)) {
|
||||
return $next($request);
|
||||
|
|
|
|||
|
|
@ -13,10 +13,8 @@ class IsValidJson
|
|||
* Throw an exception if the request should be valid JSON data but there is an error while
|
||||
* parsing the data. This avoids confusing validation errors where every field is flagged and
|
||||
* it is not immediately clear that there is an issue with the JSON being passed.
|
||||
*
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
public function handle(Request $request, Closure $next): mixed
|
||||
{
|
||||
if ($request->isJson() && !empty($request->getContent())) {
|
||||
try {
|
||||
|
|
|
|||
Reference in a new issue