StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Should wrap up the base landing page stuff for accounts, next step is server rendering

Browse source
This commit is contained in:
Dane Everitt 2017-08-30 21:11:14 -05:00
parent 67ac36f5ce
commit e045ef443a
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
32 changed files with 1223 additions and 317 deletions
Download patch file Download diff file Expand all files Collapse all files

59
app/Http/Controllers/Base/APIController.php
View file

@ -27,12 +27,11 @@ namespace Pterodactyl\Http\Controllers\Base;
use Illuminate\Http\Request;
use Prologue\Alerts\AlertsMessageBag;
use Pterodactyl\Http\Requests\Base\ApiKeyFormRequest;
use Pterodactyl\Models\APIPermission;
use Pterodactyl\Services\ApiKeyService;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Http\Requests\ApiKeyRequest;
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
use Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface;
use Pterodactyl\Services\Api\KeyCreationService;
class APIController extends Controller
{
@ -41,31 +40,31 @@ class APIController extends Controller
*/
protected $alert;
/**
* @var \Pterodactyl\Services\Api\KeyCreationService
*/
protected $keyService;
/**
* @var \Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface
*/
protected $repository;
/**
* @var \Pterodactyl\Services\ApiKeyService
*/
protected $service;
/**
* APIController constructor.
*
* @param \Prologue\Alerts\AlertsMessageBag $alert
* @param \Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface $repository
* @param \Pterodactyl\Services\ApiKeyService $service
* @param \Pterodactyl\Services\Api\KeyCreationService $keyService
*/
public function __construct(
AlertsMessageBag $alert,
ApiKeyRepositoryInterface $repository,
ApiKeyService $service
KeyCreationService $keyService
) {
$this->alert = $alert;
$this->keyService = $keyService;
$this->repository = $repository;
$this->service = $service;
}
/**
@ -73,6 +72,8 @@ class APIController extends Controller
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
*/
public function index(Request $request)
{
@ -84,14 +85,15 @@ class APIController extends Controller
/**
* Display API key creation page.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function create()
public function create(Request $request)
{
return view('base.api.new', [
'permissions' => [
'user' => collect(APIPermission::CONST_PERMISSIONS)->pull('_user'),
'admin' => collect(APIPermission::CONST_PERMISSIONS)->except('_user')->toArray(),
'admin' => ! $request->user()->root_admin ?: collect(APIPermission::CONST_PERMISSIONS)->except('_user')->toArray(),
],
]);
}
@ -99,30 +101,25 @@ class APIController extends Controller
/**
* Handle saving new API key.
*
* @param \Pterodactyl\Http\Requests\ApiKeyRequest $request
* @param \Pterodactyl\Http\Requests\Base\ApiKeyFormRequest $request
* @return \Illuminate\Http\RedirectResponse
*
* @throws \Exception
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
*/
public function store(ApiKeyRequest $request)
public function store(ApiKeyFormRequest $request)
{
$adminPermissions = [];
if ($request->user()->isRootAdmin()) {
if ($request->user()->root_admin) {
$adminPermissions = $request->input('admin_permissions') ?? [];
}
$secret = $this->service->create([
$secret = $this->keyService->handle([
'user_id' => $request->user()->id,
'allowed_ips' => $request->input('allowed_ips'),
'memo' => $request->input('memo'),
], $request->input('permissions') ?? [], $adminPermissions);
], $request->input('permissions', []), $adminPermissions);
$this->alert->success(
"An API Key-Pair has successfully been generated. The API secret
for this public key is shown below and will not be shown again.
<br /><br /><code>{$secret}</code>"
)->flash();
$this->alert->success(trans('base.api.index.keypair_created', ['token' => $secret]))->flash();
return redirect()->route('account.api');
}
@ -136,16 +133,10 @@ class APIController extends Controller
*/
public function revoke(Request $request, $key)
{
try {
$key = $this->repository->withColumns('id')->findFirstWhere([
['user_id', '=', $request->user()->id],
['public', $key],
]);
$this->service->revoke($key->id);
} catch (RecordNotFoundException $ex) {
return abort(404);
}
$this->repository->deleteWhere([
['user_id', '=', $request->user()->id],
['public', '=', $key],
]);
return response('', 204);
}

82
app/Http/Controllers/Base/AccountController.php
View file

@ -25,83 +25,69 @@
namespace Pterodactyl\Http\Controllers\Base;
use Log;
use Alert;
use Illuminate\Http\Request;
use Pterodactyl\Models\User;
use Prologue\Alerts\AlertsMessageBag;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Exceptions\DisplayValidationException;
use Pterodactyl\Http\Requests\Base\AccountDataFormRequest;
use Pterodactyl\Services\Users\UserUpdateService;
class AccountController extends Controller
{
public function __construct()
{
/**
* @var \Prologue\Alerts\AlertsMessageBag
*/
protected $alert;
/**
* @var \Pterodactyl\Services\Users\UserUpdateService
*/
protected $updateService;
/**
* AccountController constructor.
*
* @param \Prologue\Alerts\AlertsMessageBag $alert
* @param \Pterodactyl\Services\Users\UserUpdateService $updateService
*/
public function __construct(
AlertsMessageBag $alert,
UserUpdateService $updateService
) {
$this->alert = $alert;
$this->updateService = $updateService;
}
/**
* Display base account information page.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\View\View
*/
public function index(Request $request)
public function index()
{
return view('base.account');
}
/**
* Update details for a users account.
* Update details for a user's account.
*
* @param \Illuminate\Http\Request $request
* @param \Pterodactyl\Http\Requests\Base\AccountDataFormRequest $request
* @return \Illuminate\Http\RedirectResponse
* @throws \Symfony\Component\HttpKernel\Exception\HttpException
*
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
*/
public function update(Request $request)
public function update(AccountDataFormRequest $request)
{
$data = [];
// Request to update account Password
if ($request->input('do_action') === 'password') {
$this->validate($request, [
'current_password' => 'required',
'new_password' => 'required|confirmed|' . User::PASSWORD_RULES,
'new_password_confirmation' => 'required',
]);
$data['password'] = $request->input('new_password');
// Request to update account Email
} elseif ($request->input('do_action') === 'email') {
$data['email'] = $request->input('new_email');
// Request to update account Identity
} elseif ($request->input('do_action') === 'identity') {
$data = $request->only(['name_first', 'name_last', 'username']);
// Unknown, hit em with a 404
} else {
return abort(404);
}
if (
in_array($request->input('do_action'), ['email', 'password'])
&& ! password_verify($request->input('current_password'), $request->user()->password)
) {
Alert::danger(trans('base.account.invalid_pass'))->flash();
return redirect()->route('account');
}
try {
$repo = new oldUserRepository;
$repo->update($request->user()->id, $data);
Alert::success('Your account details were successfully updated.')->flash();
} catch (DisplayValidationException $ex) {
return redirect()->route('account')->withErrors(json_decode($ex->getMessage()));
} catch (\Exception $ex) {
Log::error($ex);
Alert::danger(trans('base.account.exception'))->flash();
}
$this->updateService->handle($request->user()->id, $data);
$this->alert->success(trans('base.account.details_updated'))->flash();
return redirect()->route('account');
}

95
app/Http/Controllers/Base/IndexController.php
View file

@ -26,11 +26,45 @@
namespace Pterodactyl\Http\Controllers\Base;
use Illuminate\Http\Request;
use Pterodactyl\Models\Server;
use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Services\Servers\ServerAccessHelperService;
use Pterodactyl\Contracts\Repository\Daemon\ServerRepositoryInterface as DaemonServerRepositoryInterface;
class IndexController extends Controller
{
/**
* @var \Pterodactyl\Services\Servers\ServerAccessHelperService
*/
protected $access;
/**
* @var \Pterodactyl\Contracts\Repository\Daemon\ServerRepositoryInterface
*/
protected $daemonRepository;
/**
* @var \Pterodactyl\Contracts\Repository\ServerRepositoryInterface
*/
protected $repository;
/**
* IndexController constructor.
*
* @param \Pterodactyl\Contracts\Repository\Daemon\ServerRepositoryInterface $daemonRepository
* @param \Pterodactyl\Services\Servers\ServerAccessHelperService $access
* @param \Pterodactyl\Contracts\Repository\ServerRepositoryInterface $repository
*/
public function __construct(
DaemonServerRepositoryInterface $daemonRepository,
ServerAccessHelperService $access,
ServerRepositoryInterface $repository
) {
$this->access = $access;
$this->daemonRepository = $daemonRepository;
$this->repository = $repository;
}
/**
* Returns listing of user's servers.
*
@ -39,38 +73,11 @@ class IndexController extends Controller
*/
public function getIndex(Request $request)
{
$servers = $request->user()->access()->with('user');
$servers = $this->repository->search($request->input('query'))->filterUserAccessServers(
$request->user()->id, $request->user()->root_admin, 'all', ['user']
);
if (! is_null($request->input('query'))) {
$servers->search($request->input('query'));
}
return view('base.index', [
'servers' => $servers->paginate(config('pterodactyl.paginate.frontend.servers')),
]);
}
/**
* Generate a random string.
*
* @param \Illuminate\Http\Request $request
* @param int $length
* @return string
* @deprecated
*/
public function getPassword(Request $request, $length = 16)
{
$length = ($length < 8) ? 8 : $length;
$returnable = false;
while (! $returnable) {
$generated = str_random($length);
if (preg_match('/[A-Z]+[a-z]+[0-9]+/', $generated)) {
$returnable = true;
}
}
return $generated;
return view('base.index', ['servers' => $servers]);
}
/**
@ -79,31 +86,23 @@ class IndexController extends Controller
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\Http\JsonResponse
* @throws \Exception
*/
public function status(Request $request, $uuid)
{
$server = Server::byUuid($uuid);
if (! $server) {
return response()->json([], 404);
}
$server = $this->access->handle($uuid, $request->user());
if (! $server->installed) {
return response()->json(['status' => 20]);
}
if ($server->suspended) {
} elseif ($server->suspended) {
return response()->json(['status' => 30]);
}
try {
$res = $server->guzzleClient()->request('GET', '/server');
if ($res->getStatusCode() === 200) {
return response()->json(json_decode($res->getBody()));
}
} catch (\Exception $e) {
}
$response = $this->daemonRepository->setNode($server->node_id)
->setAccessServer($server->uuid)
->setAccessToken($server->daemonSecret)
->details();
return response()->json([]);
return response()->json(json_decode($response->getBody()));
}
}

71
app/Http/Controllers/Base/LanguageController.php
View file

@ -1,71 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\Base;
use Auth;
use Session;
use Illuminate\Http\Request;
use Pterodactyl\Models\User;
use Pterodactyl\Http\Controllers\Controller;
class LanguageController extends Controller
{
/**
* A list of supported languages on the panel.
*
* @var array
*/
protected $languages = [
'de' => 'German',
'en' => 'English',
'et' => 'Estonian',
'nb' => 'Norwegian',
'nl' => 'Dutch',
'pt' => 'Portuguese',
'ro' => 'Romanian',
'ru' => 'Russian',
];
/**
* Sets the language for a user.
*
* @param \Illuminate\Http\Request $request
* @param string $language
* @return \Illuminate\Http\RedirectResponse
*/
public function setLanguage(Request $request, $language)
{
if (array_key_exists($language, $this->languages)) {
if (Auth::check()) {
$user = User::findOrFail(Auth::user()->id);
$user->language = $language;
$user->save();
}
Session::put('applocale', $language);
}
return redirect()->back();
}
}

109
app/Http/Controllers/Base/SecurityController.php
View file

@ -25,14 +25,64 @@
namespace Pterodactyl\Http\Controllers\Base;
use Alert;
use Google2FA;
use Illuminate\Contracts\Config\Repository as ConfigRepository;
use Illuminate\Contracts\Session\Session;
use Illuminate\Http\Request;
use Pterodactyl\Models\Session;
use Prologue\Alerts\AlertsMessageBag;
use Pterodactyl\Contracts\Repository\SessionRepositoryInterface;
use Pterodactyl\Exceptions\Service\User\TwoFactorAuthenticationTokenInvalid;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Services\Users\ToggleTwoFactorService;
use Pterodactyl\Services\Users\TwoFactorSetupService;
class SecurityController extends Controller
{
/**
* @var \Prologue\Alerts\AlertsMessageBag
*/
protected $alert;
/**
* @var \Illuminate\Contracts\Config\Repository
*/
protected $config;
/**
* @var \Pterodactyl\Contracts\Repository\SessionRepositoryInterface
*/
protected $repository;
/**
* @var \Illuminate\Contracts\Session\Session
*/
protected $session;
/**
* @var \Pterodactyl\Services\Users\ToggleTwoFactorService
*/
protected $toggleTwoFactorService;
/**
* @var \Pterodactyl\Services\Users\TwoFactorSetupService
*/
protected $twoFactorSetupService;
public function __construct(
AlertsMessageBag $alert,
ConfigRepository $config,
Session $session,
SessionRepositoryInterface $repository,
ToggleTwoFactorService $toggleTwoFactorService,
TwoFactorSetupService $twoFactorSetupService
) {
$this->alert = $alert;
$this->config = $config;
$this->repository = $repository;
$this->session = $session;
$this->toggleTwoFactorService = $toggleTwoFactorService;
$this->twoFactorSetupService = $twoFactorSetupService;
}
/**
* Returns Security Management Page.
*
@ -41,8 +91,12 @@ class SecurityController extends Controller
*/
public function index(Request $request)
{
if ($this->config->get('session.driver') === 'database') {
$activeSessions = $this->repository->getUserSessions($request->user()->id);
}
return view('base.security', [
'sessions' => Session::where('user_id', $request->user()->id)->get(),
'sessions' => $activeSessions ?? null,
]);
}
@ -52,22 +106,13 @@ class SecurityController extends Controller
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\JsonResponse
*
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
*/
public function generateTotp(Request $request)
{
$user = $request->user();
$user->totp_secret = Google2FA::generateSecretKey();
$user->save();
return response()->json([
'qrImage' => Google2FA::getQRCodeGoogleUrl(
'Pterodactyl',
$user->email,
$user->totp_secret
),
'secret' => $user->totp_secret,
]);
return response()->json($this->twoFactorSetupService->handle($request->user()));
}
/**
@ -78,18 +123,13 @@ class SecurityController extends Controller
*/
public function setTotp(Request $request)
{
if (! $request->has('token')) {
return response()->json([
'error' => 'Request is missing token parameter.',
], 500);
}
try {
$this->toggleTwoFactorService->handle($request->user(), $request->input('token'));
$user = $request->user();
if ($user->toggleTotp($request->input('token'))) {
return response('true');
} catch (TwoFactorAuthenticationTokenInvalid $exception) {
return response('false');
}
return response('false');
}
/**
@ -100,19 +140,12 @@ class SecurityController extends Controller
*/
public function disableTotp(Request $request)
{
if (! $request->has('token')) {
Alert::danger('Missing required `token` field in request.')->flash();
return redirect()->route('account.security');
try {
$this->toggleTwoFactorService->handle($request->user(), $request->input('token'), false);
} catch (TwoFactorAuthenticationTokenInvalid $exception) {
$this->alert->danger(trans('base.security.2fa_disable_error'))->flash();
}
$user = $request->user();
if ($user->toggleTotp($request->input('token'))) {
return redirect()->route('account.security');
}
Alert::danger('The TOTP token provided was invalid.')->flash();
return redirect()->route('account.security');
}
@ -125,7 +158,7 @@ class SecurityController extends Controller
*/
public function revoke(Request $request, $id)
{
Session::where('user_id', $request->user()->id)->findOrFail($id)->delete();
$this->repository->deleteUserSession($request->user()->id, $id);
return redirect()->route('account.security');
}

85
app/Http/Requests/Base/AccountDataFormRequest.php Normal file
View file

@ -0,0 +1,85 @@
<?php
/*
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Requests\Base;
use Pterodactyl\Exceptions\Http\Base\InvalidPasswordProvidedException;
use Pterodactyl\Models\User;
use Pterodactyl\Http\Requests\FrontendUserFormRequest;
class AccountDataFormRequest extends FrontendUserFormRequest
{
/**
* @return bool
* @throws \Pterodactyl\Exceptions\Http\Base\InvalidPasswordProvidedException
*/
public function authorize()
{
if (! parent::authorize()) {
return false;
}
// Verify password matches when changing password or email.
if (in_array($this->input('do_action'), ['password', 'email'])) {
if (! password_verify($this->input('current_password'), $this->user()->password)) {
throw new InvalidPasswordProvidedException(trans('base.account.invalid_password'));
}
}
return true;
}
/**
* @return array
*/
public function rules()
{
$modelRules = User::getUpdateRulesForId($this->user()->id);
switch ($this->input('do_action')) {
case 'email':
$rules = [
'new_email' => array_get($modelRules, 'email'),
];
break;
case 'password':
$rules = [
'new_password' => 'required|confirmed|string|min:8',
'new_password_confirmation' => 'required',
];
break;
case 'identity':
$rules = [
'name_first' => array_get($modelRules, 'name_first'),
'name_last' => array_get($modelRules, 'name_last'),
'username' => array_get($modelRules, 'username'),
];
break;
default:
abort(422);
}
return $rules;
}
}

10
app/Http/Requests/ApiKeyRequest.php → app/Http/Requests/Base/ApiKeyFormRequest.php
View file

@ -22,11 +22,12 @@
* SOFTWARE.
*/
namespace Pterodactyl\Http\Requests;
namespace Pterodactyl\Http\Requests\Base;
use IPTools\Network;
use Pterodactyl\Http\Requests\FrontendUserFormRequest;
class ApiKeyRequest extends BaseFormRequest
class ApiKeyFormRequest extends FrontendUserFormRequest
{
/**
* Rules applied to data passed in this request.
@ -58,7 +59,7 @@ class ApiKeyRequest extends BaseFormRequest
}
}
$this->merge(['allowed_ips' => $loop], $this->except('allowed_ips'));
$this->merge(['allowed_ips' => $loop]);
}
/**
@ -69,12 +70,11 @@ class ApiKeyRequest extends BaseFormRequest
public function withValidator($validator)
{
$validator->after(function ($validator) {
/* @var \Illuminate\Validation\Validator $validator */
if (empty($this->input('permissions')) && empty($this->input('admin_permissions'))) {
$validator->errors()->add('permissions', 'At least one permission must be selected.');
}
});
$validator->after(function ($validator) {
foreach ($this->input('allowed_ips') as $ip) {
$ip = trim($ip);

4
app/Http/Requests/BaseFormRequest.php → app/Http/Requests/FrontendUserFormRequest.php
View file

@ -26,8 +26,10 @@ namespace Pterodactyl\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
class BaseFormRequest extends FormRequest
abstract class FrontendUserFormRequest extends FormRequest
{
abstract public function rules();
/**
* Determine if a user is authorized to access this endpoint.
*