StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update transformers and controllers to no longer pull an API key attribute

Browse source
This commit is contained in:
DaneEveritt 2022-05-22 15:37:39 -04:00
parent bd37978a98
commit e9c633fd03
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
9 changed files with 91 additions and 173 deletions
Download patch file Download diff file Expand all files Collapse all files

17
app/Http/Controllers/Api/Application/ApplicationApiController.php
View file

@ -55,17 +55,20 @@ abstract class ApplicationApiController extends Controller
/**
* Return an instance of an application transformer.
*
* @return \Pterodactyl\Transformers\Api\Application\BaseTransformer
* @template T of \Pterodactyl\Transformers\Api\Application\BaseTransformer
*
* @param class-string<T> $abstract
*
* @return T
*
* @noinspection PhpDocSignatureInspection
* @noinspection PhpUndefinedClassInspection
*/
public function getTransformer(string $abstract)
{
/** @var \Pterodactyl\Transformers\Api\Application\BaseTransformer $transformer */
$transformer = Container::getInstance()->make($abstract);
$transformer->setKey($this->request->attributes->get('api_key'));
Assert::subclassOf($abstract, BaseTransformer::class);
Assert::isInstanceOf($transformer, BaseTransformer::class);
return $transformer;
return $abstract::fromRequest($this->request);
}
/**

25
app/Http/Controllers/Api/Client/ClientApiController.php
View file

@ -3,7 +3,6 @@
namespace Pterodactyl\Http\Controllers\Api\Client;
use Webmozart\Assert\Assert;
use Illuminate\Container\Container;
use Pterodactyl\Transformers\Daemon\BaseDaemonTransformer;
use Pterodactyl\Transformers\Api\Client\BaseClientTransformer;
use Pterodactyl\Http\Controllers\Api\Application\ApplicationApiController;
@ -45,21 +44,23 @@ abstract class ClientApiController extends ApplicationApiController
/**
* Return an instance of an application transformer.
*
* @return \Pterodactyl\Transformers\Api\Client\BaseClientTransformer
* @template T of \Pterodactyl\Transformers\Api\Client\BaseClientTransformer
*
* @param class-string<T> $abstract
*
* @return T
*
* @noinspection PhpUndefinedClassInspection
* @noinspection PhpDocSignatureInspection
*/
public function getTransformer(string $abstract)
{
/** @var \Pterodactyl\Transformers\Api\Client\BaseClientTransformer $transformer */
$transformer = Container::getInstance()->make($abstract);
Assert::isInstanceOfAny($transformer, [
BaseClientTransformer::class,
BaseDaemonTransformer::class,
]);
Assert::methodExists($abstract, 'fromRequest');
if ($transformer instanceof BaseClientTransformer) {
$transformer->setKey($this->request->attributes->get('api_key'));
$transformer->setUser($this->request->user());
}
/** @var T $transformer */
$transformer = $abstract::fromRequest($this->request);
Assert::isInstanceOfAny($transformer, [BaseClientTransformer::class, BaseDaemonTransformer::class]);
return $transformer;
}

16
app/Http/Requests/Api/Application/ApplicationApiRequest.php
View file

@ -3,6 +3,7 @@
namespace Pterodactyl\Http\Requests\Api\Application;
use Webmozart\Assert\Assert;
use Laravel\Sanctum\TransientToken;
use Illuminate\Validation\Validator;
use Illuminate\Database\Eloquent\Model;
use Pterodactyl\Services\Acl\Api\AdminAcl;
@ -11,14 +12,6 @@ use Pterodactyl\Exceptions\PterodactylException;
abstract class ApplicationApiRequest extends FormRequest
{
/**
* Tracks if the request has been validated internally or not to avoid
* making duplicate validation calls.
*
* @var bool
*/
private $hasValidated = false;
/**
* The resource that should be checked when performing the authorization
* function for this request.
@ -47,7 +40,12 @@ abstract class ApplicationApiRequest extends FormRequest
throw new PterodactylException('An ACL resource must be defined on API requests.');
}
return AdminAcl::check($this->attributes->get('api_key'), $this->resource, $this->permission);
$token = $this->user()->currentAccessToken();
if ($token instanceof TransientToken) {
return true;
}
return AdminAcl::check($token, $this->resource, $this->permission);
}
/**