2019-09-09 01:48:37 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
|
|
|
|
|
2020-04-07 05:03:00 +01:00
|
|
|
use Carbon\CarbonImmutable;
|
2019-09-09 01:48:37 +01:00
|
|
|
use Illuminate\Http\Response;
|
|
|
|
use Pterodactyl\Models\Server;
|
|
|
|
use Illuminate\Http\JsonResponse;
|
2020-03-22 22:31:25 +00:00
|
|
|
use Pterodactyl\Models\Permission;
|
2020-04-07 05:03:00 +01:00
|
|
|
use Pterodactyl\Services\Nodes\NodeJWTService;
|
2019-09-09 01:48:37 +01:00
|
|
|
use Symfony\Component\HttpKernel\Exception\HttpException;
|
2020-03-22 22:31:25 +00:00
|
|
|
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
2020-04-17 18:21:15 +01:00
|
|
|
use Pterodactyl\Services\Servers\GetUserPermissionsService;
|
2019-09-09 01:48:37 +01:00
|
|
|
use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
|
|
|
|
|
|
|
|
class WebsocketController extends ClientApiController
|
|
|
|
{
|
2020-04-07 05:03:00 +01:00
|
|
|
/**
|
|
|
|
* @var \Pterodactyl\Services\Nodes\NodeJWTService
|
|
|
|
*/
|
|
|
|
private $jwtService;
|
|
|
|
|
2020-04-17 18:21:15 +01:00
|
|
|
/**
|
|
|
|
* @var \Pterodactyl\Services\Servers\GetUserPermissionsService
|
|
|
|
*/
|
|
|
|
private $permissionsService;
|
|
|
|
|
2019-09-09 01:48:37 +01:00
|
|
|
/**
|
|
|
|
* WebsocketController constructor.
|
|
|
|
*
|
2020-04-07 05:03:00 +01:00
|
|
|
* @param \Pterodactyl\Services\Nodes\NodeJWTService $jwtService
|
2020-04-17 18:21:15 +01:00
|
|
|
* @param \Pterodactyl\Services\Servers\GetUserPermissionsService $permissionsService
|
2019-09-09 01:48:37 +01:00
|
|
|
*/
|
2020-04-17 18:21:15 +01:00
|
|
|
public function __construct(
|
|
|
|
NodeJWTService $jwtService,
|
2020-06-28 18:16:15 +01:00
|
|
|
GetUserPermissionsService $permissionsService
|
2020-04-17 18:21:15 +01:00
|
|
|
) {
|
2019-09-09 01:48:37 +01:00
|
|
|
parent::__construct();
|
|
|
|
|
2020-04-07 05:03:00 +01:00
|
|
|
$this->jwtService = $jwtService;
|
2020-04-17 18:21:15 +01:00
|
|
|
$this->permissionsService = $permissionsService;
|
2019-09-09 01:48:37 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2019-09-25 04:20:29 +01:00
|
|
|
* Generates a one-time token that is sent along in every websocket call to the Daemon.
|
|
|
|
* This is a signed JWT that the Daemon then uses the verify the user's identity, and
|
|
|
|
* allows us to continually renew this token and avoid users mainitaining sessions wrongly,
|
|
|
|
* as well as ensure that user's only perform actions they're allowed to.
|
2019-09-09 01:48:37 +01:00
|
|
|
*
|
2020-03-22 22:31:25 +00:00
|
|
|
* @param \Pterodactyl\Http\Requests\Api\Client\ClientApiRequest $request
|
2019-09-09 01:48:37 +01:00
|
|
|
* @param \Pterodactyl\Models\Server $server
|
|
|
|
* @return \Illuminate\Http\JsonResponse
|
|
|
|
*/
|
2020-03-22 22:31:25 +00:00
|
|
|
public function __invoke(ClientApiRequest $request, Server $server)
|
2019-09-09 01:48:37 +01:00
|
|
|
{
|
2020-04-07 05:03:00 +01:00
|
|
|
$user = $request->user();
|
2020-04-17 18:21:15 +01:00
|
|
|
if ($user->cannot(Permission::ACTION_WEBSOCKET_CONNECT, $server)) {
|
2020-04-07 05:03:00 +01:00
|
|
|
throw new HttpException(Response::HTTP_FORBIDDEN, 'You do not have permission to connect to this server\'s websocket.');
|
2019-09-09 01:48:37 +01:00
|
|
|
}
|
|
|
|
|
2020-12-16 23:55:44 +00:00
|
|
|
$permissions = $this->permissionsService->handle($server, $user);
|
|
|
|
|
|
|
|
$node = null;
|
|
|
|
|
|
|
|
// Check if there is a transfer query param asking to connect to the target node's websocket.
|
|
|
|
if ($request->query('transfer', 'false') === 'true') {
|
|
|
|
// Check if the user has permissions to receive transfer logs.
|
|
|
|
if (! in_array('admin.websocket.transfer', $permissions)) {
|
|
|
|
throw new HttpException(Response::HTTP_FORBIDDEN, 'You do not have permission to get transfer logs');
|
|
|
|
}
|
|
|
|
|
|
|
|
$node = $server->transfer->newNode;
|
|
|
|
} else {
|
|
|
|
$node = $server->node;
|
|
|
|
}
|
|
|
|
|
2020-04-07 05:03:00 +01:00
|
|
|
$token = $this->jwtService
|
2020-11-04 05:01:15 +00:00
|
|
|
->setExpiresAt(CarbonImmutable::now()->addMinutes(10))
|
2020-04-07 05:03:00 +01:00
|
|
|
->setClaims([
|
|
|
|
'user_id' => $request->user()->id,
|
|
|
|
'server_uuid' => $server->uuid,
|
2020-12-16 23:55:44 +00:00
|
|
|
'permissions' => $permissions,
|
2020-04-07 05:03:00 +01:00
|
|
|
])
|
2020-12-16 23:55:44 +00:00
|
|
|
->handle($node, $user->id . $server->uuid);
|
2019-09-09 01:48:37 +01:00
|
|
|
|
2020-12-16 23:55:44 +00:00
|
|
|
$socket = str_replace(['https://', 'http://'], ['wss://', 'ws://'], $node->getConnectionAddress());
|
2019-09-09 01:48:37 +01:00
|
|
|
|
2020-06-28 18:16:15 +01:00
|
|
|
return new JsonResponse([
|
2019-09-09 01:48:37 +01:00
|
|
|
'data' => [
|
2019-09-25 04:20:29 +01:00
|
|
|
'token' => $token->__toString(),
|
|
|
|
'socket' => $socket . sprintf('/api/servers/%s/ws', $server->uuid),
|
2019-09-09 01:48:37 +01:00
|
|
|
],
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
}
|