StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #371 from Pterodactyl/feature/fractal-api

Browse source 
Implement new API and Route Updates
This commit is contained in:
Dane Everitt 2017-04-09 19:17:06 -04:00 committed by GitHub
commit db168e34bd
73 changed files with 3914 additions and 2671 deletions
Download patch file Download diff file Expand all files Collapse all files

23
app/Http/Controllers/API/LocationController.php → app/Http/Controllers/API/Admin/LocationController.php Executable file → Normal file
View file

@ -22,27 +22,30 @@
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API;
namespace Pterodactyl\Http\Controllers\API\Admin;
use Fractal;
use Illuminate\Http\Request;
use Pterodactyl\Models\Location;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Transformers\Admin\LocationTransformer;
class LocationController extends BaseController
class LocationController extends Controller
{
/**
* Lists all locations currently on the system.
* Controller to handle returning all locations on the system.
*
* @param Request $request
* @param \Illuminate\Http\Request $request
* @return array
*/
public function index(Request $request)
{
return Location::with('nodes')->get()->map(function ($item) {
$item->nodes->transform(function ($item) {
return collect($item)->only(['id', 'name', 'fqdn', 'scheme', 'daemonListen', 'daemonSFTP']);
});
$this->authorize('location-list', $request->apiKey());
return $item;
})->toArray();
return Fractal::create()
->collection(Location::all())
->transformWith(new LocationTransformer($request))
->withResourceName('location')
->toArray();
}
}

173
app/Http/Controllers/API/Admin/NodeController.php Normal file
View file

@ -0,0 +1,173 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API\Admin;
use Fractal;
use Illuminate\Http\Request;
use Pterodactyl\Models\Node;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Repositories\NodeRepository;
use Pterodactyl\Transformers\Admin\NodeTransformer;
use Pterodactyl\Exceptions\DisplayValidationException;
use League\Fractal\Pagination\IlluminatePaginatorAdapter;
class NodeController extends Controller
{
/**
* Controller to handle returning all nodes on the system.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function index(Request $request)
{
$this->authorize('node-list', $request->apiKey());
$nodes = Node::paginate(config('pterodactyl.paginate.api.nodes'));
$fractal = Fractal::create()->collection($nodes)
->transformWith(new NodeTransformer($request))
->withResourceName('user')
->paginateWith(new IlluminatePaginatorAdapter($nodes));
if (config('pterodactyl.api.include_on_list') && $request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->toArray();
}
/**
* Display information about a single node on the system.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return array
*/
public function view(Request $request, $id)
{
$this->authorize('node-view', $request->apiKey());
$fractal = Fractal::create()->item(Node::findOrFail($id));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->transformWith(new NodeTransformer($request))
->withResourceName('node')
->toArray();
}
/**
* Display information about a single node on the system.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\JsonResponse
*/
public function viewConfig(Request $request, $id)
{
$this->authorize('node-view-config', $request->apiKey());
$node = Node::findOrFail($id);
return response()->json(json_decode($node->getConfigurationAsJson()));
}
/**
* Create a new node on the system.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\JsonResponse|array
*/
public function store(Request $request)
{
$this->authorize('node-create', $request->apiKey());
$repo = new NodeRepository;
try {
$node = $repo->create(array_merge(
$request->only([
'public', 'disk_overallocate', 'memory_overallocate',
]),
$request->intersect([
'name', 'location_id', 'fqdn',
'scheme', 'memory', 'disk',
'daemonBase', 'daemonSFTP', 'daemonListen',
])
));
$fractal = Fractal::create()->item($node)->transformWith(new NodeTransformer($request));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->withResourceName('node')->toArray();
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to create this node. Please try again.',
], 500);
}
}
/**
* Delete a node from the system.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function delete(Request $request, $id)
{
$this->authorize('node-delete', $request->apiKey());
$repo = new NodeRepository;
try {
$repo->delete($id);
return response('', 204);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to delete this node. Please try again.',
], 500);
}
}
}

428
app/Http/Controllers/API/Admin/ServerController.php Normal file
View file

@ -0,0 +1,428 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API\Admin;
use Fractal;
use Illuminate\Http\Request;
use Pterodactyl\Models\Server;
use GuzzleHttp\Exception\TransferException;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Repositories\ServerRepository;
use Pterodactyl\Transformers\Admin\ServerTransformer;
use Pterodactyl\Exceptions\DisplayValidationException;
use League\Fractal\Pagination\IlluminatePaginatorAdapter;
class ServerController extends Controller
{
/**
* Controller to handle returning all servers on the system.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function index(Request $request)
{
$this->authorize('server-list', $request->apiKey());
$servers = Server::paginate(config('pterodactyl.paginate.api.servers'));
$fractal = Fractal::create()->collection($servers)
->transformWith(new ServerTransformer($request))
->withResourceName('user')
->paginateWith(new IlluminatePaginatorAdapter($servers));
if (config('pterodactyl.api.include_on_list') && $request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->toArray();
}
/**
* Controller to handle returning information on a single server.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return array
*/
public function view(Request $request, $id)
{
$this->authorize('server-view', $request->apiKey());
$server = Server::findOrFail($id);
$fractal = Fractal::create()->item($server);
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->transformWith(new ServerTransformer($request))
->withResourceName('server')
->toArray();
}
/**
* Create a new server on the system.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\JsonResponse|array
*/
public function store(Request $request)
{
$this->authorize('server-create', $request->apiKey());
$repo = new ServerRepository;
try {
$server = $repo->create($request->all());
$fractal = Fractal::create()->item($server)->transformWith(new ServerTransformer($request));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->withResourceName('server')->toArray();
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (TransferException $ex) {
Log::warning($ex);
return response()->json([
'error' => 'A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.',
], 504);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to add this server. Please try again.',
], 500);
}
}
/**
* Delete a server from the system.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function delete(Request $request, $id)
{
$this->authorize('server-delete', $request->apiKey());
$repo = new ServerRepository;
try {
$repo->delete($id, $request->has('force_delete'));
return response('', 204);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (TransferException $ex) {
Log::warning($ex);
return response()->json([
'error' => 'A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.',
], 504);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to add this server. Please try again.',
], 500);
}
}
/**
* Update the details for a server.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\JsonResponse|array
*/
public function details(Request $request, $id)
{
$this->authorize('server-edit-details', $request->apiKey());
$repo = new ServerRepository;
try {
$server = $repo->updateDetails($id, $request->intersect([
'owner_id', 'name', 'description', 'reset_token',
]));
$fractal = Fractal::create()->item($server)->transformWith(new ServerTransformer($request));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->withResourceName('server')->toArray();
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to modify this server. Please try again.',
], 500);
}
}
/**
* Set the new docker container for a server.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\RedirectResponse|array
*/
public function container(Request $request, $id)
{
$this->authorize('server-edit-container', $request->apiKey());
$repo = new ServerRepository;
try {
$server = $repo->updateContainer($id, $request->intersect('docker_image'));
$fractal = Fractal::create()->item($server)->transformWith(new ServerTransformer($request));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->withResourceName('server')->toArray();
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (TransferException $ex) {
Log::warning($ex);
return response()->json([
'error' => 'A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.',
], 504);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to modify this server container. Please try again.',
], 500);
}
}
/**
* Toggles the install status for a server.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function install(Request $request, $id)
{
$this->authorize('server-install', $request->apiKey());
$repo = new ServerRepository;
try {
$repo->toggleInstall($id);
return response('', 204);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to toggle the install status for this server. Please try again.',
], 500);
}
}
/**
* Setup a server to have a container rebuild.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function rebuild(Request $request, $id)
{
$this->authorize('server-rebuild', $request->apiKey());
$server = Server::with('node')->findOrFail($id);
try {
$server->node->guzzleClient([
'X-Access-Server' => $server->uuid,
'X-Access-Token' => $server->node->daemonSecret,
])->request('POST', '/server/rebuild');
return response('', 204);
} catch (TransferException $ex) {
Log::warning($ex);
return response()->json([
'error' => 'A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.',
], 504);
}
}
/**
* Manage the suspension status for a server.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function suspend(Request $request, $id)
{
$this->authorize('server-suspend', $request->apiKey());
$repo = new ServerRepository;
$action = $request->input('action');
if (! in_array($action, ['suspend', 'unsuspend'])) {
return response()->json([
'error' => 'The action provided was invalid. Action should be one of: suspend, unsuspend.',
], 400);
}
try {
$repo->$action($id);
return response('', 204);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (TransferException $ex) {
Log::warning($ex);
return response()->json([
'error' => 'A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.',
], 504);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to ' . $action . ' this server. Please try again.',
], 500);
}
}
/**
* Update the build configuration for a server.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\JsonResponse|array
*/
public function build(Request $request, $id)
{
$this->authorize('server-edit-build', $request->apiKey());
$repo = new ServerRepository;
try {
$server = $repo->changeBuild($id, $request->intersect([
'allocation_id', 'add_allocations', 'remove_allocations',
'memory', 'swap', 'io', 'cpu',
]));
$fractal = Fractal::create()->item($server)->transformWith(new ServerTransformer($request));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->withResourceName('server')->toArray();
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (TransferException $ex) {
Log::warning($ex);
return response()->json([
'error' => 'A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.',
], 504);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to modify the build settings for this server. Please try again.',
], 500);
}
}
/**
* Update the startup command as well as variables.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function startup(Request $request, $id)
{
$this->authorize('server-edit-startup', $request->apiKey());
$repo = new ServerRepository;
try {
$repo->updateStartup($id, $request->all(), true);
return response('', 204);
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (TransferException $ex) {
Log::warning($ex);
return response()->json([
'error' => 'A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.',
], 504);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to modify the startup settings for this server. Please try again.',
], 500);
}
}
}

41
app/Http/Controllers/API/ServiceController.php → app/Http/Controllers/API/Admin/ServiceController.php Executable file → Normal file
View file

@ -22,22 +22,53 @@
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API;
namespace Pterodactyl\Http\Controllers\API\Admin;
use Fractal;
use Illuminate\Http\Request;
use Pterodactyl\Models\Service;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Transformers\Admin\ServiceTransformer;
class ServiceController extends BaseController
class ServiceController extends Controller
{
/**
* Controller to handle returning all locations on the system.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function index(Request $request)
{
return Service::all()->toArray();
$this->authorize('service-list', $request->apiKey());
return Fractal::create()
->collection(Service::all())
->transformWith(new ServiceTransformer($request))
->withResourceName('service')
->toArray();
}
/**
* Controller to handle returning information on a single server.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return array
*/
public function view(Request $request, $id)
{
$service = Service::with('options.variables', 'options.packs')->findOrFail($id);
$this->authorize('service-view', $request->apiKey());
return $service->toArray();
$service = Service::findOrFail($id);
$fractal = Fractal::create()->item($service);
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->transformWith(new ServiceTransformer($request))
->withResourceName('service')
->toArray();
}
}

184
app/Http/Controllers/API/Admin/UserController.php Normal file
View file

@ -0,0 +1,184 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API\Admin;
use Fractal;
use Illuminate\Http\Request;
use Pterodactyl\Models\User;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Repositories\UserRepository;
use Pterodactyl\Transformers\Admin\UserTransformer;
use Pterodactyl\Exceptions\DisplayValidationException;
use League\Fractal\Pagination\IlluminatePaginatorAdapter;
class UserController extends Controller
{
/**
* Controller to handle returning all users on the system.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function index(Request $request)
{
$this->authorize('user-list', $request->apiKey());
$users = User::paginate(config('pterodactyl.paginate.api.users'));
$fractal = Fractal::create()->collection($users)
->transformWith(new UserTransformer($request))
->withResourceName('user')
->paginateWith(new IlluminatePaginatorAdapter($users));
if (config('pterodactyl.api.include_on_list') && $request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->toArray();
}
/**
* Display information about a single user on the system.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return array
*/
public function view(Request $request, $id)
{
$this->authorize('user-view', $request->apiKey());
$fractal = Fractal::create()->item(User::findOrFail($id));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->transformWith(new UserTransformer($request))
->withResourceName('user')
->toArray();
}
/**
* Create a new user on the system.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\JsonResponse|array
*/
public function store(Request $request)
{
$this->authorize('user-create', $request->apiKey());
$repo = new UserRepository;
try {
$user = $repo->create($request->only([
'custom_id', 'email', 'password', 'name_first',
'name_last', 'username', 'root_admin',
]));
$fractal = Fractal::create()->item($user)->transformWith(new UserTransformer($request));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->withResourceName('user')->toArray();
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to create this user. Please try again.',
], 500);
}
}
/**
* Update a user.
*
* @param \Illuminate\Http\Request $request
* @param int $user
* @return \Illuminate\Http\RedirectResponse
*/
public function update(Request $request, $user)
{
$this->authorize('user-edit', $request->apiKey());
$repo = new UserRepository;
try {
$user = $repo->update($user, $request->intersect([
'email', 'password', 'name_first',
'name_last', 'username', 'root_admin',
]));
$fractal = Fractal::create()->item($user)->transformWith(new UserTransformer($request));
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return $fractal->withResourceName('user')->toArray();
} catch (DisplayValidationException $ex) {
return response()->json([
'error' => json_decode($ex->getMessage()),
], 400);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to update this user. Please try again.',
], 500);
}
}
/**
* Delete a user from the system.
*
* @param \Illuminate\Http\Request $request
* @param int $id
* @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
*/
public function delete(Request $request, $id)
{
$this->authorize('user-delete', $request->apiKey());
$repo = new UserRepository;
try {
$repo->delete($id);
return response('', 204);
} catch (DisplayException $ex) {
return response()->json([
'error' => $ex->getMessage(),
], 400);
} catch (\Exception $ex) {
Log::error($ex);
return response()->json([
'error' => 'An unhandled exception occured while attemping to delete this user. Please try again.',
], 500);
}
}
}

33
app/Http/Controllers/API/BaseController.php
View file

@ -1,33 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API;
use Dingo\Api\Routing\Helpers;
use Illuminate\Routing\Controller;
class BaseController extends Controller
{
use Helpers;
}

172
app/Http/Controllers/API/NodeController.php
View file

@ -1,172 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API;
use Log;
use Illuminate\Http\Request;
use Pterodactyl\Models\Node;
use Pterodactyl\Models\Allocation;
use Dingo\Api\Exception\ResourceException;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Repositories\NodeRepository;
use Pterodactyl\Exceptions\DisplayValidationException;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
class NodeController extends BaseController
{
/**
* Lists all nodes currently on the system.
*
* @param Request $request
* @return array
*/
public function index(Request $request)
{
return Node::all()->toArray();
}
/**
* Create a new node.
*
* @param Request $request
* @return array
*
* @throws \Pterodactyl\Exceptions\DisplayException
* @throws \Pterodactyl\Exceptions\DisplayValidationException
*/
public function create(Request $request)
{
$repo = new NodeRepository;
try {
$node = $repo->create(array_merge(
$request->only([
'public', 'disk_overallocate', 'memory_overallocate',
]),
$request->intersect([
'name', 'location_id', 'fqdn',
'scheme', 'memory', 'disk',
'daemonBase', 'daemonSFTP', 'daemonListen',
])
));
return ['id' => $node->id];
} catch (DisplayValidationException $ex) {
throw new ResourceException('A validation error occured.', json_decode($ex->getMessage(), true));
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
Log::error($ex);
throw new BadRequestHttpException('There was an error while attempting to add this node to the system. This error has been logged.');
}
}
/**
* Lists specific fields about a server or all fields pertaining to that node.
*
* @param Request $request
* @param int $id
* @param string $fields
* @return array
*/
public function view(Request $request, $id, $fields = null)
{
$node = Node::with('allocations')->findOrFail($id);
$node->allocations->transform(function ($item) {
return collect($item)->only([
'id', 'ip', 'ip_alias', 'port', 'server_id',
]);
});
if (! empty($request->input('fields'))) {
$fields = explode(',', $request->input('fields'));
if (! empty($fields) && is_array($fields)) {
return collect($node)->only($fields);
}
}
return $node->toArray();
}
/**
* Returns a configuration file for a given node.
*
* @param Request $request
* @param int $id
* @return array
*/
public function config(Request $request, $id)
{
$node = Node::findOrFail($id);
return $node->getConfigurationAsJson();
}
/**
* Returns a listing of all allocations for every node.
*
* @param Request $request
* @return array
*/
public function allocations(Request $request)
{
return Allocation::all()->toArray();
}
/**
* Returns a listing of the allocation for the specified server id.
*
* @param Request $request
* @param int $id
* @return array
*/
public function allocationsView(Request $request, $id)
{
return Allocation::where('server_id', $id)->get()->toArray();
}
/**
* Delete a node.
*
* @param Request $request
* @param int $id
* @return void
*/
public function delete(Request $request, $id)
{
$repo = new NodeRepository;
try {
$repo->delete($id);
return $this->response->noContent();
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $e) {
throw new ServiceUnavailableHttpException('An error occured while attempting to delete this node.');
}
}
}

231
app/Http/Controllers/API/ServerController.php
View file

@ -1,231 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API;
use Log;
use Illuminate\Http\Request;
use Pterodactyl\Models\Server;
use Dingo\Api\Exception\ResourceException;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Repositories\ServerRepository;
use Pterodactyl\Exceptions\DisplayValidationException;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
class ServerController extends BaseController
{
/**
* Lists all servers currently on the system.
*
* @param Request $request
* @return array
*/
public function index(Request $request)
{
return Server::all()->toArray();
}
/**
* Create Server.
*
* @param Request $request
* @return array
*/
public function create(Request $request)
{
$repo = new ServerRepository;
try {
$server = $repo->create($request->all());
return ['id' => $server->id];
} catch (DisplayValidationException $ex) {
throw new ResourceException('A validation error occured.', json_decode($ex->getMessage(), true));
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
Log::error($ex);
throw new BadRequestHttpException('There was an error while attempting to add this server to the system.');
}
}
/**
* List Specific Server.
*
* @param Request $request
* @param int $id
* @return array
*/
public function view(Request $request, $id)
{
$server = Server::with('node', 'allocations', 'pack')->where('id', $id)->firstOrFail();
if (! is_null($request->input('fields'))) {
$fields = explode(',', $request->input('fields'));
if (! empty($fields) && is_array($fields)) {
return collect($server)->only($fields);
}
}
if ($request->input('daemon') === 'true') {
try {
$response = $server->node->guzzleClient([
'X-Access-Token' => $server->node->daemonSecret,
])->request('GET', '/servers');
$server->daemon = json_decode($response->getBody())->{$server->uuid};
} catch (\GuzzleHttp\Exception\TransferException $ex) {
// Couldn't hit the daemon, return what we have though.
$server->daemon = [
'error' => 'There was an error encountered while attempting to connect to the remote daemon.',
];
}
}
$server->allocations->transform(function ($item) {
return collect($item)->except(['created_at', 'updated_at']);
});
return $server->toArray();
}
/**
* Update Server configuration.
*
* @param Request $request
* @param int $id
* @return array
*/
public function config(Request $request, $id)
{
$repo = new ServerRepository;
try {
$server = $repo->updateDetails($id, $request->intersect([
'owner_id', 'name', 'reset_token',
]));
return ['id' => $id];
} catch (DisplayValidationException $ex) {
throw new ResourceException('A validation error occured.', json_decode($ex->getMessage(), true));
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
throw new ServiceUnavailableHttpException('Unable to update server on system due to an error.');
}
}
/**
* Update Server Build Configuration.
*
* @param Request $request
* @param int $id
* @return array
*/
public function build(Request $request, $id)
{
$repo = new ServerRepository;
try {
$server = $repo->changeBuild($id, $request->intersect([
'allocation_id', 'add_allocations', 'remove_allocations',
'memory', 'swap', 'io', 'cpu',
]));
return ['id' => $id];
} catch (DisplayValidationException $ex) {
throw new ResourceException('A validation error occured.', json_decode($ex->getMessage(), true));
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
throw new ServiceUnavailableHttpException('Unable to update server on system due to an error.');
}
}
/**
* Suspend Server.
*
* @param Request $request
* @param int $id
* @return void
*/
public function suspend(Request $request, $id)
{
try {
$repo = new ServerRepository;
$repo->suspend($id);
return $this->response->noContent();
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
throw new ServiceUnavailableHttpException('An error occured while attempting to suspend this server instance.');
}
}
/**
* Unsuspend Server.
*
* @param Request $request
* @param int $id
* @return void
*/
public function unsuspend(Request $request, $id)
{
try {
$repo = new ServerRepository;
$repo->unsuspend($id);
return $this->response->noContent();
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
throw new ServiceUnavailableHttpException('An error occured while attempting to unsuspend this server instance.');
}
}
/**
* Delete Server.
*
* @param Request $request
* @param int $id
* @param string|null $force
* @return void
*/
public function delete(Request $request, $id, $force = null)
{
$repo = new ServerRepository;
try {
$repo->delete($id, is_null($force));
return $this->response->noContent();
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $e) {
throw new ServiceUnavailableHttpException('An error occured while attempting to delete this server.');
}
}
}

34
app/Http/Controllers/API/User/InfoController.php → app/Http/Controllers/API/User/CoreController.php
View file

@ -24,24 +24,28 @@
namespace Pterodactyl\Http\Controllers\API\User;
use Fractal;
use Illuminate\Http\Request;
use Pterodactyl\Http\Controllers\API\BaseController;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Transformers\User\OverviewTransformer;
class InfoController extends BaseController
class CoreController extends Controller
{
public function me(Request $request)
/**
* Controller to handle base user request for all of their servers.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function index(Request $request)
{
return $request->user()->access('service', 'node', 'allocation', 'option')->get()->map(function ($server) {
return [
'id' => $server->uuidShort,
'uuid' => $server->uuid,
'name' => $server->name,
'node' => $server->node->name,
'ip' => $server->allocation->alias,
'port' => $server->allocation->port,
'service' => $server->service->name,
'option' => $server->option->name,
];
})->all();
$this->authorize('user.server-list', $request->apiKey());
$servers = $request->user()->access('service', 'node', 'allocation', 'option')->get();
return Fractal::collection($servers)
->transformWith(new OverviewTransformer)
->withResourceName('server')
->toArray();
}
}

124
app/Http/Controllers/API/User/ServerController.php
View file

@ -24,109 +24,75 @@
namespace Pterodactyl\Http\Controllers\API\User;
use Log;
use Fractal;
use Illuminate\Http\Request;
use Pterodactyl\Models\Server;
use Pterodactyl\Http\Controllers\API\BaseController;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Repositories\Daemon\PowerRepository;
use Pterodactyl\Transformers\User\ServerTransformer;
class ServerController extends BaseController
class ServerController extends Controller
{
public function info(Request $request, $uuid)
/**
* Controller to handle base request for individual server information.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return array
*/
public function index(Request $request, $uuid)
{
$server = Server::byUuid($uuid)->load('allocations');
$this->authorize('user.server-view', $request->apiKey());
try {
$response = $server->guzzleClient()->request('GET', '/server');
$server = Server::byUuid($uuid);
$fractal = Fractal::create()->item($server);
$json = json_decode($response->getBody());
$daemon = [
'status' => $json->status,
'stats' => $json->proc,
];
} catch (\Exception $ex) {
$daemon = [
'error' => 'An error was encountered while trying to connect to the daemon to collect information. It might be offline.',
];
Log::error($ex);
if ($request->input('include')) {
$fractal->parseIncludes(explode(',', $request->input('include')));
}
return [
'uuidShort' => $server->uuidShort,
'uuid' => $server->uuid,
'name' => $server->name,
'node' => $server->node->name,
'limits' => [
'memory' => $server->memory,
'swap' => $server->swap,
'disk' => $server->disk,
'io' => $server->io,
'cpu' => $server->cpu,
'oom_disabled' => (bool) $server->oom_disabled,
],
'allocations' => $server->allocations->map(function ($item) use ($server) {
return [
'ip' => $item->alias,
'port' => $item->port,
'default' => ($item->id === $server->allocation_id),
];
}),
'sftp' => [
'username' => ($request->user()->can('view-sftp', $server)) ? $server->username : null,
],
'daemon' => [
'token' => $server->daemonSecret,
'response' => $daemon,
],
];
return $fractal->transformWith(new ServerTransformer)
->withResourceName('server')
->toArray();
}
/**
* Controller to handle request for server power toggle.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\Http\Response
*/
public function power(Request $request, $uuid)
{
$this->authorize('user.server-power', $request->apiKey());
$server = Server::byUuid($uuid);
$request->user()->can('power-' . $request->input('action'), $server);
if (empty($request->input('action'))) {
return $this->response()->error([
'error' => 'An action must be passed to this request.',
], 422);
}
$repo = new PowerRepository($server);
$repo->do($request->input('action'));
$res = $server->guzzleClient()->request('PUT', '/server/power', [
'exceptions' => false,
'json' => [
'action' => $request->input('action'),
],
]);
if ($res->getStatusCode() !== 204) {
return $this->response->error(json_decode($res->getBody())->error, $res->getStatusCode());
}
return $this->response->noContent();
return response('', 204)->header('Content-Type', 'application/json');
}
/**
* Controller to handle base request for individual server information.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\Http\Response
*/
public function command(Request $request, $uuid)
{
$this->authorize('user.server-command', $request->apiKey());
$server = Server::byUuid($uuid);
$request->user()->can('send-command', $server);
if (empty($request->input('command'))) {
return $this->response()->error([
'error' => 'A command must be passed to this request.',
], 422);
}
$repo = new CommandRepository($server);
$repo->send($request->input('command'));
$res = $server->guzzleClient()->request('POST', '/server/command', [
'exceptions' => false,
'json' => [
'command' => $request->input('command'),
],
]);
if ($res->getStatusCode() !== 204) {
return $this->response->error(json_decode($res->getBody())->error, $res->getStatusCode());
}
return $this->response->noContent();
return response('', 204)->header('Content-Type', 'application/json');
}
}

151
app/Http/Controllers/API/UserController.php
View file

@ -1,151 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API;
use Illuminate\Http\Request;
use Pterodactyl\Models\User;
use Dingo\Api\Exception\ResourceException;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Repositories\UserRepository;
use Pterodactyl\Exceptions\DisplayValidationException;
use Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
class UserController extends BaseController
{
/**
* Lists all users currently on the system.
*
* @param Request $request
* @return array
*/
public function index(Request $request)
{
return User::all()->toArray();
}
/**
* Lists specific fields about a user or all fields pertaining to that user.
*
* @param Request $request
* @param int $id
* @return array
*/
public function view(Request $request, $id)
{
$user = User::with('servers')->where((is_numeric($id) ? 'id' : 'email'), $id)->firstOrFail();
$user->servers->transform(function ($item) {
return collect($item)->only([
'id', 'node_id', 'uuidShort',
'uuid', 'name', 'suspended',
'owner_id',
]);
});
if (! is_null($request->input('fields'))) {
$fields = explode(',', $request->input('fields'));
if (! empty($fields) && is_array($fields)) {
return collect($user)->only($fields);
}
}
return $user->toArray();
}
/**
* Create a New User.
*
* @param Request $request
* @return array
*/
public function create(Request $request)
{
$repo = new UserRepository;
try {
$user = $user->create($request->only([
'email', 'password', 'name_first',
'name_last', 'username', 'root_admin',
]));
return ['id' => $user->id];
} catch (DisplayValidationException $ex) {
throw new ResourceException('A validation error occured.', json_decode($ex->getMessage(), true));
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
throw new ServiceUnavailableHttpException('Unable to create a user on the system due to an error.');
}
}
/**
* Update an Existing User.
*
* @param Request $request
* @param int $id
* @return array
*/
public function update(Request $request, $id)
{
$repo = new UserRepository;
try {
$user = $repo->update($id, $request->only([
'email', 'password', 'name_first',
'name_last', 'username', 'root_admin',
]));
return ['id' => $id];
} catch (DisplayValidationException $ex) {
throw new ResourceException('A validation error occured.', json_decode($ex->getMessage(), true));
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
throw new ServiceUnavailableHttpException('Unable to update a user on the system due to an error.');
}
}
/**
* Delete a User.
*
* @param Request $request
* @param int $id
* @return void
*/
public function delete(Request $request, $id)
{
$repo = new UserRepository;
try {
$repo->delete($id);
return $this->response->noContent();
} catch (DisplayException $ex) {
throw new ResourceException($ex->getMessage());
} catch (\Exception $ex) {
throw new ServiceUnavailableHttpException('Unable to delete this user due to an error.');
}
}
}

4
app/Http/Controllers/Admin/NodesController.php
View file

@ -60,7 +60,7 @@ class NodesController extends Controller
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View|\Illuminate\Http\RedirectResponse
*/
public function new(Request $request)
public function create(Request $request)
{
$locations = Models\Location::all();
if (! $locations->count()) {
@ -78,7 +78,7 @@ class NodesController extends Controller
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse
*/
public function create(Request $request)
public function store(Request $request)
{
try {
$repo = new NodeRepository;

4
app/Http/Controllers/Admin/OptionController.php
View file

@ -44,7 +44,7 @@ class OptionController extends Controller
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function new(Request $request)
public function create(Request $request)
{
$services = Service::with('options')->get();
Javascript::put(['services' => $services->keyBy('id')]);
@ -58,7 +58,7 @@ class OptionController extends Controller
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Response\RedirectResponse
*/
public function create(Request $request)
public function store(Request $request)
{
$repo = new OptionRepository;

4
app/Http/Controllers/Admin/PackController.php
View file

@ -60,7 +60,7 @@ class PackController extends Controller
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function new(Request $request)
public function create(Request $request)
{
return view('admin.packs.new', [
'services' => Service::with('options')->get(),
@ -86,7 +86,7 @@ class PackController extends Controller
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function create(Request $request)
public function store(Request $request)
{
$repo = new PackRepository;

22
app/Http/Controllers/Admin/ServersController.php
View file

@ -63,7 +63,7 @@ class ServersController extends Controller
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function new(Request $request)
public function create(Request $request)
{
$services = Models\Service::with('options.packs', 'options.variables')->get();
Javascript::put([
@ -86,7 +86,7 @@ class ServersController extends Controller
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Response\RedirectResponse
*/
public function create(Request $request)
public function store(Request $request)
{
try {
$repo = new ServerRepository;
@ -97,6 +97,9 @@ class ServersController extends Controller
return redirect()->route('admin.servers.new')->withErrors(json_decode($ex->getMessage()))->withInput();
} catch (DisplayException $ex) {
Alert::danger($ex->getMessage())->flash();
} catch (TransferException $ex) {
Log::warning($ex);
Alert::danger('A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.')->flash();
} catch (\Exception $ex) {
Log::error($ex);
Alert::danger('An unhandled exception occured while attemping to add this server. Please try again.')->flash();
@ -111,7 +114,7 @@ class ServersController extends Controller
* @param \Illuminate\Http\Request $request
* @return array
*/
public function newServerNodes(Request $request)
public function nodes(Request $request)
{
$nodes = Models\Node::with('allocations')->where('location_id', $request->input('location'))->get();
@ -284,8 +287,9 @@ class ServersController extends Controller
Alert::success('Successfully updated this server\'s docker image.')->flash();
} catch (DisplayValidationException $ex) {
return redirect()->route('admin.servers.view.details', $id)->withErrors(json_decode($ex->getMessage()))->withInput();
} catch (DisplayException $ex) {
Alert::danger($ex->getMessage())->flash();
} catch (TransferException $ex) {
Log::warning($ex);
Alert::danger('A TransferException occured while attempting to update the container image. Is the daemon online? This error has been logged.');
} catch (\Exception $ex) {
Log::error($ex);
Alert::danger('An unhandled exception occured while attemping to update this server\'s docker image. This error has been logged.')->flash();
@ -366,8 +370,9 @@ class ServersController extends Controller
$repo->$action($id);
Alert::success('Server has been ' . $action . 'ed.');
} catch (DisplayException $ex) {
Alert::danger($ex->getMessage())->flash();
} catch (TransferException $ex) {
Log::warning($ex);
Alert::danger('A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.')->flash();
} catch (\Exception $ex) {
Log::error($ex);
Alert::danger('An unhandled exception occured while attemping to ' . $action . ' this server. This error has been logged.')->flash();
@ -398,6 +403,9 @@ class ServersController extends Controller
return redirect()->route('admin.servers.view.build', $id)->withErrors(json_decode($ex->getMessage()))->withInput();
} catch (DisplayException $ex) {
Alert::danger($ex->getMessage())->flash();
} catch (TransferException $ex) {
Log::warning($ex);
Alert::danger('A TransferException was encountered while trying to contact the daemon, please ensure it is online and accessible. This error has been logged.')->flash();
} catch (\Exception $ex) {
Log::error($ex);
Alert::danger('An unhandled exception occured while attemping to add this server. This error has been logged.')->flash();

4
app/Http/Controllers/Admin/ServiceController.php
View file

@ -54,7 +54,7 @@ class ServiceController extends Controller
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function new(Request $request)
public function create(Request $request)
{
return view('admin.services.new');
}
@ -91,7 +91,7 @@ class ServiceController extends Controller
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse
*/
public function create(Request $request)
public function store(Request $request)
{
$repo = new ServiceRepository;

26
app/Http/Controllers/Admin/UserController.php
View file

@ -42,7 +42,7 @@ class UserController extends Controller
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function getIndex(Request $request)
public function index(Request $request)
{
$users = User::withCount('servers');
@ -61,7 +61,7 @@ class UserController extends Controller
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function getNew(Request $request)
public function create(Request $request)
{
return view('admin.users.new');
}
@ -73,7 +73,7 @@ class UserController extends Controller
* @param int $id
* @return \Illuminate\View\View
*/
public function getView(Request $request, $id)
public function view(Request $request, $id)
{
return view('admin.users.view', [
'user' => User::with('servers.node')->findOrFail($id),
@ -87,7 +87,7 @@ class UserController extends Controller
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function deleteUser(Request $request, $id)
public function delete(Request $request, $id)
{
try {
$repo = new UserRepository;
@ -111,7 +111,7 @@ class UserController extends Controller
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse
*/
public function postNew(Request $request)
public function store(Request $request)
{
try {
$user = new UserRepository;
@ -136,26 +136,26 @@ class UserController extends Controller
* Update a user.
*
* @param \Illuminate\Http\Request $request
* @param int $user
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function updateUser(Request $request, $user)
public function update(Request $request, $id)
{
try {
$repo = new UserRepository;
$repo->update($user, $request->only([
$user = $repo->update($user, $request->intersect([
'email', 'password', 'name_first',
'name_last', 'username', 'root_admin',
]));
Alert::success('User account was successfully updated.')->flash();
} catch (DisplayValidationException $ex) {
return redirect()->route('admin.users.view', $user)->withErrors(json_decode($ex->getMessage()));
} catch (\Exception $e) {
Log::error($e);
return redirect()->route('admin.users.view', $id)->withErrors(json_decode($ex->getMessage()));
} catch (\Exception $ex) {
Log::error($ex);
Alert::danger('An error occured while attempting to update this user.')->flash();
}
return redirect()->route('admin.users.view', $user);
return redirect()->route('admin.users.view', $id);
}
/**
@ -164,7 +164,7 @@ class UserController extends Controller
* @param \Illuminate\Http\Request $request
* @return \Pterodactyl\Models\User
*/
public function getJson(Request $request)
public function json(Request $request)
{
return User::select('id', 'email', 'username', 'name_first', 'name_last')
->search($request->input('q'))

16
app/Http/Controllers/Base/APIController.php
View file

@ -27,8 +27,9 @@ namespace Pterodactyl\Http\Controllers\Base;
use Log;
use Alert;
use Pterodactyl\Models;
use Illuminate\Http\Request;
use Pterodactyl\Models\APIKey;
use Pterodactyl\Models\APIPermission;
use Pterodactyl\Repositories\APIRepository;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Http\Controllers\Controller;
@ -45,7 +46,7 @@ class APIController extends Controller
public function index(Request $request)
{
return view('base.api.index', [
'keys' => Models\APIKey::where('user_id', $request->user()->id)->get(),
'keys' => APIKey::where('user_id', $request->user()->id)->get(),
]);
}
@ -57,7 +58,12 @@ class APIController extends Controller
*/
public function create(Request $request)
{
return view('base.api.new');
return view('base.api.new', [
'permissions' => [
'user' => collect(APIPermission::permissions())->pull('_user'),
'admin' => collect(APIPermission::permissions())->except('_user')->toArray(),
],
]);
}
/**
@ -66,13 +72,13 @@ class APIController extends Controller
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\RedirectResponse
*/
public function save(Request $request)
public function store(Request $request)
{
try {
$repo = new APIRepository($request->user());
$secret = $repo->create($request->intersect([
'memo', 'allowed_ips',
'adminPermissions', 'permissions',
'admin_permissions', 'permissions',
]));
Alert::success('An API Key-Pair has successfully been generated. The API secret for this public key is shown below and will not be shown again.<br /><br /><code>' . $secret . '</code>')->flash();

12
app/Http/Controllers/Server/SubuserController.php
View file

@ -43,7 +43,7 @@ class SubuserController extends Controller
* @param string $uuid
* @return \Illuminate\View\View
*/
public function getIndex(Request $request, $uuid)
public function index(Request $request, $uuid)
{
$server = Models\Server::byUuid($uuid)->load('subusers.user');
$this->authorize('list-subusers', $server);
@ -65,7 +65,7 @@ class SubuserController extends Controller
* @param int $id
* @return \Illuminate\View\View
*/
public function getView(Request $request, $uuid, $id)
public function view(Request $request, $uuid, $id)
{
$server = Models\Server::byUuid($uuid)->load('node');
$this->authorize('view-subuser', $server);
@ -94,7 +94,7 @@ class SubuserController extends Controller
* @param int $id
* @return \Illuminate\Http\RedirectResponse
*/
public function postView(Request $request, $uuid, $id)
public function update(Request $request, $uuid, $id)
{
$server = Models\Server::byUuid($uuid);
$this->authorize('edit-subuser', $server);
@ -139,7 +139,7 @@ class SubuserController extends Controller
* @param string $uuid
* @return \Illuminate\View\View
*/
public function getNew(Request $request, $uuid)
public function create(Request $request, $uuid)
{
$server = Models\Server::byUuid($uuid);
$this->authorize('create-subuser', $server);
@ -159,7 +159,7 @@ class SubuserController extends Controller
* @param string $uuid
* @return \Illuminate\Http\RedirectResponse
*/
public function postNew(Request $request, $uuid)
public function store(Request $request, $uuid)
{
$server = Models\Server::byUuid($uuid);
$this->authorize('create-subuser', $server);
@ -195,7 +195,7 @@ class SubuserController extends Controller
* @param int $id
* @return \Illuminate\Http\JsonResponse|\Illuminate\Http\Response
*/
public function deleteSubuser(Request $request, $uuid, $id)
public function delete(Request $request, $uuid, $id)
{
$server = Models\Server::byUuid($uuid);
$this->authorize('delete-subuser', $server);

10
app/Http/Controllers/Server/TaskController.php
View file

@ -42,7 +42,7 @@ class TaskController extends Controller
* @param string $uuid
* @return \Illuminate\View\View
*/
public function getIndex(Request $request, $uuid)
public function index(Request $request, $uuid)
{
$server = Models\Server::byUuid($uuid)->load('tasks');
$this->authorize('list-tasks', $server);
@ -66,7 +66,7 @@ class TaskController extends Controller
* @param string $uuid
* @return \Illuminate\View\View
*/
public function getNew(Request $request, $uuid)
public function create(Request $request, $uuid)
{
$server = Models\Server::byUuid($uuid);
$this->authorize('create-task', $server);
@ -85,7 +85,7 @@ class TaskController extends Controller
* @param string $uuid
* @return \Illuminate\Http\RedirectResponse
*/
public function postNew(Request $request, $uuid)
public function store(Request $request, $uuid)
{
$server = Models\Server::byUuid($uuid);
$this->authorize('create-task', $server);
@ -117,7 +117,7 @@ class TaskController extends Controller
* @param int $id
* @return \Illuminate\Http\JsonResponse
*/
public function deleteTask(Request $request, $uuid, $id)
public function delete(Request $request, $uuid, $id)
{
$server = Models\Server::byUuid($uuid)->load('tasks');
$this->authorize('delete-task', $server);
@ -151,7 +151,7 @@ class TaskController extends Controller
* @param int $id
* @return \Illuminate\Http\JsonResponse
*/
public function toggleTask(Request $request, $uuid, $id)
public function toggle(Request $request, $uuid, $id)
{
$server = Models\Server::byUuid($uuid)->load('tasks');
$this->authorize('toggle-task', $server);

1
app/Http/Kernel.php
View file

@ -39,6 +39,7 @@ class Kernel extends HttpKernel
\Pterodactyl\Http\Middleware\LanguageMiddleware::class,
],
'api' => [
\Pterodactyl\Http\Middleware\HMACAuthorization::class,
'throttle:60,1',
'bindings',
],

133
app/Http/Middleware/APISecretToken.php
View file

@ -1,133 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Middleware;
use Auth;
use Crypt;
use Config;
use IPTools\IP;
use IPTools\Range;
use Dingo\Api\Routing\Route;
use Illuminate\Http\Request;
use Pterodactyl\Models\User;
use Pterodactyl\Models\APIKey;
use Pterodactyl\Models\APIPermission;
use Pterodactyl\Services\APILogService;
use Dingo\Api\Auth\Provider\Authorization;
use Symfony\Component\HttpKernel\Exception\HttpException; // 400
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; // 401
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; // 403
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException; //500
class APISecretToken extends Authorization
{
protected $algo = 'sha256';
protected $permissionAllowed = false;
protected $url = '';
public function __construct()
{
Config::set('session.driver', 'array');
}
public function getAuthorizationMethod()
{
return 'Authorization';
}
public function authenticate(Request $request, Route $route)
{
if (! $request->bearerToken() || empty($request->bearerToken())) {
APILogService::log($request, 'The authentication header was missing or malformed.');
throw new UnauthorizedHttpException('The authentication header was missing or malformed.');
}
list($public, $hashed) = explode('.', $request->bearerToken());
$key = APIKey::where('public', $public)->first();
if (! $key) {
APILogService::log($request, 'Invalid API Key.');
throw new AccessDeniedHttpException('Invalid API Key.');
}
// Check for Resource Permissions
if (! empty($request->route()->getName())) {
if (! is_null($key->allowed_ips)) {
$inRange = false;
foreach (json_decode($key->allowed_ips) as $ip) {
if (Range::parse($ip)->contains(new IP($request->ip()))) {
$inRange = true;
break;
}
}
if (! $inRange) {
APILogService::log($request, 'This IP address <' . $request->ip() . '> does not have permission to use this API key.');
throw new AccessDeniedHttpException('This IP address <' . $request->ip() . '> does not have permission to use this API key.');
}
}
$permission = APIPermission::where('key_id', $key->id)->where('permission', $request->route()->getName());
// Suport Wildcards
if (starts_with($request->route()->getName(), 'api.user')) {
$permission->orWhere('permission', 'api.user.*');
} elseif (starts_with($request->route()->getName(), 'api.admin')) {
$permission->orWhere('permission', 'api.admin.*');
}
if (! $permission->first()) {
APILogService::log($request, 'You do not have permission to access this resource. This API Key requires the ' . $request->route()->getName() . ' permission node.');
throw new AccessDeniedHttpException('You do not have permission to access this resource. This API Key requires the ' . $request->route()->getName() . ' permission node.');
}
}
try {
$decrypted = Crypt::decrypt($key->secret);
} catch (\Illuminate\Contracts\Encryption\DecryptException $ex) {
APILogService::log($request, 'There was an error while attempting to check your secret key.');
throw new HttpException('There was an error while attempting to check your secret key.');
}
$this->url = urldecode($request->fullUrl());
if ($this->_generateHMAC($request->getContent(), $decrypted) !== base64_decode($hashed)) {
APILogService::log($request, 'The hashed body was not valid. Potential modification of contents in route.');
throw new BadRequestHttpException('The hashed body was not valid. Potential modification of contents in route.');
}
// Log the Route Access
APILogService::log($request, null, true);
return Auth::loginUsingId($key->user_id);
}
protected function _generateHMAC($body, $key)
{
$data = $this->url . $body;
return hash_hmac($this->algo, $data, $key, true);
}
}

77
app/Http/Middleware/CheckServer.php
View file

@ -28,9 +28,26 @@ use Auth;
use Closure;
use Illuminate\Http\Request;
use Pterodactyl\Models\Server;
use Illuminate\Auth\AuthenticationException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
class CheckServer
{
/**
* The elquent model for the server.
*
* @var \Pterodactyl\Models\Server
*/
protected $server;
/**
* The request object.
*
* @var \Illuminate\Http\Request
*/
protected $request;
/**
* Handle an incoming request.
*
@ -41,22 +58,72 @@ class CheckServer
public function handle(Request $request, Closure $next)
{
if (! Auth::user()) {
return redirect()->guest('auth/login');
throw new AuthenticationException();
}
$server = Server::byUuid($request->route()->server);
if (! $server) {
$this->request = $request;
$this->server = Server::byUuid($request->route()->server);
if (! $this->exists()) {
return response()->view('errors.404', [], 404);
}
if ($server->suspended) {
if ($this->suspended()) {
return response()->view('errors.suspended', [], 403);
}
if (! $server->installed) {
if (! $this->installed()) {
return response()->view('errors.installing', [], 403);
}
return $next($request);
}
/**
* Determine if the server was found on the system.
*
* @return bool
*/
protected function exists()
{
if (! $this->server) {
if ($this->request->expectsJson() || $this->request->is(...config('pterodactyl.json_routes'))) {
throw new NotFoundHttpException('The requested server was not found on the system.');
}
}
return (! $this->server) ? false : true;
}
/**
* Determine if the server is suspended.
*
* @return bool
*/
protected function suspended()
{
if ($this->server->suspended) {
if ($this->request->expectsJson() || $this->request->is(...config('pterodactyl.json_routes'))) {
throw new AccessDeniedHttpException('Server is suspended.');
}
}
return $this->server->suspended;
}
/**
* Determine if the server is installed.
*
* @return bool
*/
protected function installed()
{
if ($this->server->installed !== 1) {
if ($this->request->expectsJson() || $this->request->is(...config('pterodactyl.json_routes'))) {
throw new AccessDeniedHttpException('Server is completing install process.');
}
}
return $this->server->installed === 1;
}
}

229
app/Http/Middleware/HMACAuthorization.php Normal file
View file

@ -0,0 +1,229 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Middleware;
use Auth;
use Crypt;
use Config;
use Closure;
use Debugbar;
use IPTools\IP;
use IPTools\Range;
use Illuminate\Http\Request;
use Pterodactyl\Models\APIKey;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; // 400
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; // 403
class HMACAuthorization
{
/**
* The algorithm to use for handling HMAC encryption.
*
* @var string
*/
const HMAC_ALGORITHM = 'sha256';
/**
* Stored values from the Authorization header.
*
* @var array
*/
protected $token = [];
/**
* The eloquent model for the API key.
*
* @var \Pterodactyl\Models\APIKey
*/
protected $key;
/**
* The illuminate request object.
*
* @var \Illuminate\Http\Request
*/
private $request;
/**
* Construct class instance.
*
* @return void
*/
public function __construct()
{
Debugbar::disable();
Config::set('session.driver', 'array');
}
/**
* Handle an incoming request for the API.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
$this->request = $request;
$this->checkBearer();
$this->validateRequest();
$this->validateIPAccess();
$this->validateContents();
Auth::loginUsingId($this->key()->user_id);
return $next($request);
}
/**
* Checks that the Bearer token is provided and in a valid format.
*
* @return void
*
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
*/
protected function checkBearer()
{
if (empty($this->request()->bearerToken())) {
throw new BadRequestHttpException('Request was missing required Authorization header.');
}
$token = explode('.', $this->request()->bearerToken());
if (count($token) !== 2) {
throw new BadRequestHttpException('The Authorization header passed was not in a validate public/private key format.');
}
$this->token = [
'public' => $token[0],
'hash' => $token[1],
];
}
/**
* Determine if the request contains a valid public API key
* as well as permissions for the resource.
*
* @return void
*
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
*/
protected function validateRequest()
{
$this->key = APIKey::where('public', $this->public())->first();
if (! $this->key) {
throw new AccessDeniedHttpException('Unable to identify requester. Authorization token is invalid.');
}
}
/**
* Determine if the requesting IP address is allowed to use this API key.
*
* @return bool
*
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
*/
protected function validateIPAccess()
{
if (! is_null($this->key()->allowed_ips)) {
foreach ($this->key()->allowed_ips as $ip) {
if (Range::parse($ip)->contains(new IP($this->request()->ip()))) {
return true;
}
}
throw new AccessDeniedHttpException('This IP address does not have permission to access the API using these credentials.');
}
return true;
}
/**
* Determine if the HMAC sent in the request matches the one generated
* on the panel side.
*
* @return void
*
* @throws \Symfony\Component\HttpKernel\Exception\BadRequestHttpException
*/
protected function validateContents()
{
if (base64_decode($this->hash()) !== $this->generateSignature()) {
throw new BadRequestHttpException('The HMAC for the request was invalid.');
}
}
/**
* Generate a HMAC from the request and known API secret key.
*
* @return string
*/
protected function generateSignature()
{
$content = urldecode($this->request()->fullUrl()) . $this->request()->getContent();
return hash_hmac(self::HMAC_ALGORITHM, $content, Crypt::decrypt($this->key()->secret), true);
}
/**
* Return the public key passed in the Authorization header.
*
* @return string
*/
protected function public()
{
return $this->token['public'];
}
/**
* Return the base64'd HMAC sent in the Authorization header.
*
* @return string
*/
protected function hash()
{
return $this->token['hash'];
}
/**
* Return the API Key model.
*
* @return \Pterodactyl\Models\APIKey
*/
protected function key()
{
return $this->key;
}
/**
* Return the Illuminate Request object.
*
* @return \Illuminate\Http\Request
*/
private function request()
{
return $this->request;
}
}

192
app/Http/Routes/ServerRoutes.php
View file

@ -1,192 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Routes;
use Illuminate\Routing\Router;
class ServerRoutes
{
/**
* Server routes.
*
* @param \Illuminate\Routing\Router $router
* @return void
*/
public function map(Router $router)
{
// Returns Server Status
$router->get('/server/{server}/ajax/status', [
'middleware' => ['auth', 'csrf'],
'as' => 'server.ajax.status',
'uses' => 'Server\AjaxController@getStatus',
]);
$router->group([
'prefix' => 'server/{server}',
'middleware' => [
'auth',
'server',
'csrf',
],
], function ($server) use ($router) {
// Index View for Server
$router->get('/', [
'as' => 'server.index',
'uses' => 'Server\ServerController@getIndex',
]);
$router->get('/settings/databases', [
'as' => 'server.settings.databases',
'uses' => 'Server\ServerController@getDatabases',
]);
$router->get('/settings/sftp', [
'as' => 'server.settings.sftp',
'uses' => 'Server\ServerController@getSFTP',
]);
$router->post('/settings/sftp', [
'uses' => 'Server\ServerController@postSettingsSFTP',
]);
$router->get('/settings/startup', [
'as' => 'server.settings.startup',
'uses' => 'Server\ServerController@getStartup',
]);
$router->post('/settings/startup', [
'uses' => 'Server\ServerController@postSettingsStartup',
]);
$router->get('/settings/allocation', [
'as' => 'server.settings.allocation',
'uses' => 'Server\ServerController@getAllocation',
]);
// File Manager Routes
$router->get('/files', [
'as' => 'server.files.index',
'uses' => 'Server\ServerController@getFiles',
]);
$router->get('/files/edit/{file}', [
'as' => 'server.files.edit',
'uses' => 'Server\ServerController@getEditFile',
])->where('file', '.*');
$router->get('/files/download/{file}', [
'as' => 'server.files.download',
'uses' => 'Server\ServerController@getDownloadFile',
])->where('file', '.*');
$router->get('/files/add', [
'as' => 'server.files.add',
'uses' => 'Server\ServerController@getAddFile',
]);
$router->post('files/directory-list', [
'as' => 'server.files.directory-list',
'uses' => 'Server\AjaxController@postDirectoryList',
]);
$router->post('files/save', [
'as' => 'server.files.save',
'uses' => 'Server\AjaxController@postSaveFile',
]);
// Sub-User Routes
$router->get('users', [
'as' => 'server.subusers',
'uses' => 'Server\SubuserController@getIndex',
]);
$router->get('users/new', [
'as' => 'server.subusers.new',
'uses' => 'Server\SubuserController@getNew',
]);
$router->post('users/new', [
'uses' => 'Server\SubuserController@postNew',
]);
$router->get('users/view/{id}', [
'as' => 'server.subusers.view',
'uses' => 'Server\SubuserController@getView',
]);
$router->post('users/view/{id}', [
'uses' => 'Server\SubuserController@postView',
]);
$router->delete('users/delete/{id}', [
'as' => 'server.subusers.delete',
'uses' => 'Server\SubuserController@deleteSubuser',
]);
$router->get('tasks/', [
'as' => 'server.tasks',
'uses' => 'Server\TaskController@getIndex',
]);
$router->get('tasks/view/{id}', [
'as' => 'server.tasks.view',
'uses' => 'Server\TaskController@getView',
]);
$router->get('tasks/new', [
'as' => 'server.tasks.new',
'uses' => 'Server\TaskController@getNew',
]);
$router->post('tasks/new', [
'uses' => 'Server\TaskController@postNew',
]);
$router->delete('tasks/delete/{id}', [
'as' => 'server.tasks.delete',
'uses' => 'Server\TaskController@deleteTask',
]);
$router->post('tasks/toggle/{id}', [
'as' => 'server.tasks.toggle',
'uses' => 'Server\TaskController@toggleTask',
]);
// Assorted AJAX Routes
$router->group(['prefix' => 'ajax'], function ($server) use ($router) {
// Sets the Default Connection for the Server
$router->post('set-primary', [
'uses' => 'Server\AjaxController@postSetPrimary',
]);
$router->post('settings/reset-database-password', [
'as' => 'server.ajax.reset-database-password',
'uses' => 'Server\AjaxController@postResetDatabasePassword',
]);
});
});
}
}