encrypt API keys
This commit is contained in:
parent
3e595ca856
commit
317698a84a
|
@ -2,6 +2,8 @@
|
||||||
|
|
||||||
namespace Pterodactyl\Http\Middleware;
|
namespace Pterodactyl\Http\Middleware;
|
||||||
|
|
||||||
|
use Crypt;
|
||||||
|
|
||||||
use Pterodactyl\Models\APIKey;
|
use Pterodactyl\Models\APIKey;
|
||||||
use Pterodactyl\Models\APIPermission;
|
use Pterodactyl\Models\APIPermission;
|
||||||
|
|
||||||
|
@ -12,6 +14,7 @@ use Dingo\Api\Auth\Provider\Authorization;
|
||||||
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; // 400
|
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; // 400
|
||||||
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException; // 401
|
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException; // 401
|
||||||
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; // 403
|
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; // 403
|
||||||
|
use Symfony\Component\HttpKernel\Exception\HttpException; //500
|
||||||
|
|
||||||
class APISecretToken extends Authorization
|
class APISecretToken extends Authorization
|
||||||
{
|
{
|
||||||
|
@ -63,7 +66,13 @@ class APISecretToken extends Authorization
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if($this->_generateHMAC($request->fullUrl(), $request->getContent(), $key->secret) !== base64_decode($hashed)) {
|
try {
|
||||||
|
$decrypted = Crypt::decrypt($key->secret);
|
||||||
|
} catch (\Illuminate\Contracts\Encryption\DecryptException $ex) {
|
||||||
|
throw new HttpException('There was an error while attempting to check your secret key.');
|
||||||
|
}
|
||||||
|
|
||||||
|
if($this->_generateHMAC($request->fullUrl(), $request->getContent(), $decrypted) !== base64_decode($hashed)) {
|
||||||
throw new BadRequestHttpException('The hashed body was not valid. Potential modification of contents in route.');
|
throw new BadRequestHttpException('The hashed body was not valid. Potential modification of contents in route.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
namespace Pterodactyl\Repositories;
|
namespace Pterodactyl\Repositories;
|
||||||
|
|
||||||
use DB;
|
use DB;
|
||||||
|
use Crypt;
|
||||||
use Validator;
|
use Validator;
|
||||||
use IPTools\Network;
|
use IPTools\Network;
|
||||||
|
|
||||||
|
@ -100,10 +101,11 @@ class APIRepository
|
||||||
|
|
||||||
DB::beginTransaction();
|
DB::beginTransaction();
|
||||||
|
|
||||||
|
$secretKey = str_random(16) . '.' . str_random(15);
|
||||||
$key = new Models\APIKey;
|
$key = new Models\APIKey;
|
||||||
$key->fill([
|
$key->fill([
|
||||||
'public' => str_random(16),
|
'public' => str_random(16),
|
||||||
'secret' => str_random(16) . '.' . str_random(15),
|
'secret' => Crypt::encrypt($secretKey),
|
||||||
'allowed_ips' => empty($this->allowed) ? null : json_encode($this->allowed)
|
'allowed_ips' => empty($this->allowed) ? null : json_encode($this->allowed)
|
||||||
]);
|
]);
|
||||||
$key->save();
|
$key->save();
|
||||||
|
@ -121,7 +123,7 @@ class APIRepository
|
||||||
|
|
||||||
try {
|
try {
|
||||||
DB::commit();
|
DB::commit();
|
||||||
return $key->secret;
|
return $secretKey;
|
||||||
} catch (\Exception $ex) {
|
} catch (\Exception $ex) {
|
||||||
throw $ex;
|
throw $ex;
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,31 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
use Illuminate\Database\Schema\Blueprint;
|
||||||
|
use Illuminate\Database\Migrations\Migration;
|
||||||
|
|
||||||
|
class ModifyApiKeys extends Migration
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Run the migrations.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function up()
|
||||||
|
{
|
||||||
|
Schema::table('api_keys', function (Blueprint $table) {
|
||||||
|
DB::statement('ALTER TABLE `api_keys` MODIFY `secret` TINYTEXT NOT NULL');
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Reverse the migrations.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function down()
|
||||||
|
{
|
||||||
|
Schema::table('api_keys', function (Blueprint $table) {
|
||||||
|
DB::statement('ALTER TABLE `api_keys` MODIFY `secret` TINYTEXT NOT NULL');
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue