Move everything around as needed to get things setup for the client API

2018-02-25 15:30:56 -06:00 · 2018-02-25 15:30:56 -06:00 · e28973bcae
commit e28973bcae
parent 8daf97021a
17 changed files with 199 additions and 46 deletions
--- a/app/Http/Middleware/Api/Application/AuthenticateApplicationUser.php
+++ b/app/Http/Middleware/Api/Application/AuthenticateApplicationUser.php
@ -6,7 +6,7 @@ use Closure;
 use Illuminate\Http\Request;
 use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;

-class AuthenticateUser
+class AuthenticateApplicationUser
 {
    /**
     * Authenticate that the currently authenticated user is an administrator
--- a/app/Http/Middleware/Api/Application/AuthenticateIPAccess.php
+++ b/app/Http/Middleware/Api/Application/AuthenticateIPAccess.php
@ -1,6 +1,6 @@
 <?php

-namespace Pterodactyl\Http\Middleware\Api\Application;
+namespace Pterodactyl\Http\Middleware\Api;

 use Closure;
 use IPTools\IP;
--- a/app/Http/Middleware/Api/Application/AuthenticateKey.php
+++ b/app/Http/Middleware/Api/Application/AuthenticateKey.php
@ -1,6 +1,6 @@
 <?php

-namespace Pterodactyl\Http\Middleware\Api\Application;
+namespace Pterodactyl\Http\Middleware\Api;

 use Closure;
 use Cake\Chronos\Chronos;
@ -50,12 +50,13 @@ class AuthenticateKey
     *
     * @param \Illuminate\Http\Request $request
     * @param \Closure                 $next
+     * @param int                      $keyType
     * @return mixed
     *
     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
     */
-    public function handle(Request $request, Closure $next)
+    public function handle(Request $request, Closure $next, int $keyType)
    {
        if (is_null($request->bearerToken())) {
            throw new HttpException(401, null, null, ['WWW-Authenticate' => 'Bearer']);
@ -68,7 +69,7 @@ class AuthenticateKey
        try {
            $model = $this->repository->findFirstWhere([
                ['identifier', '=', $identifier],
-                ['key_type', '=', ApiKey::TYPE_APPLICATION],
+                ['key_type', '=', $keyType],
            ]);
        } catch (RecordNotFoundException $exception) {
            throw new AccessDeniedHttpException;
--- a/app/Http/Middleware/Api/Client/AuthenticateClientAccess.php
+++ b/app/Http/Middleware/Api/Client/AuthenticateClientAccess.php
@ -0,0 +1,27 @@
+<?php
+
+namespace Pterodactyl\Http\Middleware\Api\Client;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+
+class AuthenticateClientAccess
+{
+    /**
+     * Authenticate that the currently authenticated user has permission
+     * to access the specified server.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure                 $next
+     * @return mixed
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        if (is_null($request->user())) {
+            throw new AccessDeniedHttpException('This account does not have permission to access this resource.');
+        }
+
+        return $next($request);
+    }
+}
--- a/app/Http/Middleware/Api/Application/SetSessionDriver.php
+++ b/app/Http/Middleware/Api/Application/SetSessionDriver.php
@ -1,6 +1,6 @@
 <?php

-namespace Pterodactyl\Http\Middleware\Api\Application;
+namespace Pterodactyl\Http\Middleware\Api;

 use Closure;
 use Illuminate\Http\Request;