sonot
/
PteroTheme
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #149 from Pterodactyl/feature/better-api 

Implement better API system
This commit is contained in:
Dane Everitt 2016-10-20 18:41:16 -04:00 committed by GitHub
parent b3f078add2 f24347d1bd
commit 8660fcdc60
26 changed files with 1015 additions and 593 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -9,11 +9,13 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
* Return node configuration from remote API by using `/api/nodes/{id}/config` endpoint. Only accepts SSL connections. * Return node configuration from remote API by using `/api/nodes/{id}/config` endpoint. Only accepts SSL connections.
* Support for filtering servers within Admin CP to narrow down results by name, email, allocation, or defined fields. * Support for filtering servers within Admin CP to narrow down results by name, email, allocation, or defined fields.
* Setup scripts (user, mail, env) now support argument flags for use in containers and other non-terminal environments. * Setup scripts (user, mail, env) now support argument flags for use in containers and other non-terminal environments.
* New API endpoints for individual users to control their servers with at `/api/me/*`.
### Changed ### Changed
* Creating a user, server, or node now returns `HTTP/1.1 200` and a JSON element with the user/server/node's ID. * Creating a user, server, or node now returns `HTTP/1.1 200` and a JSON element with the user/server/node's ID.
* Environment setting script is much more user friendly and does not require an excessive amount of clicking and typing. * Environment setting script is much more user friendly and does not require an excessive amount of clicking and typing.
* File upload method switched from BinaryJS to Socket.io implementation to fix bugs as well as be a little speedier and allow upload throttling. * File upload method switched from BinaryJS to Socket.io implementation to fix bugs as well as be a little speedier and allow upload throttling.
* `Server::getbyUUID()` now accepts either the `uuidShort` or full-length `uuid` for server identification.
## v0.5.0-pre.2 (Bodacious Boreopterus) ## v0.5.0-pre.2 (Bodacious Boreopterus)

58
app/Http/Controllers/API/User/InfoController.php Normal file
View File

@ -0,0 +1,58 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2016 Dane Everitt <dane@daneeveritt.com>
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API\User;
use Auth;
use Dingo;
use Pterodactyl\Models;
use Illuminate\Http\Request;
use Pterodactyl\Http\Controllers\API\BaseController;
class InfoController extends BaseController
{
public function me(Request $request)
{
$servers = Models\Server::getUserServers();
$response = [];
foreach($servers as &$server) {
$response = array_merge($response, [[
'id' => $server->uuidShort,
'uuid' => $server->uuid,
'name' => $server->name,
'node' => $server->nodeName,
'ip' => [
'set' => $server->ip,
'alias' => $server->ip_alias
],
'port' => $server->port,
'service' => $server->a_serviceName,
'option' => $server->a_serviceOptionName
]]);
}
return $response;
}
}

117
app/Http/Controllers/API/User/ServerController.php Normal file
View File

@ -0,0 +1,117 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2016 Dane Everitt <dane@daneeveritt.com>
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\API\User;
use Auth;
use Log;
use Pterodactyl\Models;
use Illuminate\Http\Request;
use Pterodactyl\Http\Controllers\API\BaseController;
class ServerController extends BaseController
{
public function info(Request $request, $uuid)
{
$server = Models\Server::getByUUID($uuid);
$node = Models\Node::findOrFail($server->node);
$client = Models\Node::guzzleRequest($node->id);
try {
$response = $client->request('GET', '/server', [
'headers' => [
'X-Access-Token' => $server->daemonSecret,
'X-Access-Server' => $server->uuid
]
]);
$json = json_decode($response->getBody());
$daemon = [
'status' => $json->status,
'stats' => $json->proc,
'query' => $json->query
];
} catch (\Exception $ex) {
$daemon = [
'error' => 'An error was encountered while trying to connect to the daemon to collece information. It might be offline.'
];
Log::error($ex);
}
$allocations = Models\Allocation::select('id', 'ip', 'port', 'ip_alias as alias')->where('assigned_to', $server->id)->get();
foreach($allocations as &$allocation) {
$allocation->default = ($allocation->id === $server->allocation);
unset($allocation->id);
}
return [
'uuidShort' => $server->uuidShort,
'uuid' => $server->uuid,
'name' => $server->name,
'node' => $node->name,
'limits' => [
'memory' => $server->memory,
'swap' => $server->swap,
'disk' => $server->disk,
'io' => $server->io,
'cpu' => $server->cpu,
'oom_disabled' => (bool) $server->oom_disabled
],
'allocations' => $allocations,
'sftp' => [
'username' => (Auth::user()->can('view-sftp', $server)) ? $server->username : null
],
'daemon' => [
'token' => ($request->secure()) ? $server->daemonSecret : false,
'response' => $daemon
]
];
}
public function power(Request $request, $uuid)
{
$server = Models\Server::getByUUID($uuid);
$node = Models\Node::getByID($server->node);
$client = Models\Node::guzzleRequest($server->node);
Auth::user()->can('power-' . $request->input('action'), $server);
$res = $client->request('PUT', '/server/power', [
'headers' => [
'X-Access-Server' => $server->uuid,
'X-Access-Token' => $server->daemonSecret
],
'exceptions' => false,
'json' => [
'action' => $request->input('action')
]
]);
if ($res->getStatusCode() !== 204) {
return $this->response->error(json_decode($res->getBody())->error, $res->getStatusCode());
}
return $this->response->noContent();
}
}

50
app/Http/Controllers/Admin/APIController.php → app/Http/Controllers/Base/APIController.php
View File

@ -2,6 +2,7 @@
/** /**
* Pterodactyl - Panel * Pterodactyl - Panel
* Copyright (c) 2015 - 2016 Dane Everitt <dane@daneeveritt.com> * Copyright (c) 2015 - 2016 Dane Everitt <dane@daneeveritt.com>
* Some Modifications (c) 2015 Dylan Seidt <dylan.seidt@gmail.com>
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -21,74 +22,62 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
*/ */
namespace Pterodactyl\Http\Controllers\Admin; namespace Pterodactyl\Http\Controllers\Base;
use Alert; use Alert;
use Log; use Log;
use Pterodactyl\Models; use Pterodactyl\Models;
use Pterodactyl\Repositories\APIRepository;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Repositories\APIRepository;
use Pterodactyl\Exceptions\DisplayValidationException; use Pterodactyl\Exceptions\DisplayValidationException;
use Pterodactyl\Exceptions\DisplayException; use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Http\Controllers\Controller;
use Illuminate\Http\Request; use Illuminate\Http\Request;
class APIController extends Controller class APIController extends Controller
{ {
public function index(Request $request)
public function __construct()
{ {
// $keys = Models\APIKey::where('user', $request->user()->id)->get();
}
public function getIndex(Request $request)
{
$keys = Models\APIKey::all();
foreach($keys as &$key) { foreach($keys as &$key) {
$key->permissions = Models\APIPermission::where('key_id', $key->id)->get(); $key->permissions = Models\APIPermission::where('key_id', $key->id)->get();
} }
return view('admin.api.index', [ return view('base.api.index', [
'keys' => $keys 'keys' => $keys
]); ]);
} }
public function getNew(Request $request) public function new(Request $request)
{ {
return view('admin.api.new'); return view('base.api.new');
} }
public function postNew(Request $request) public function save(Request $request)
{ {
try { try {
$api = new APIRepository; $repo = new APIRepository($request->user());
$secret = $api->new($request->except(['_token'])); $secret = $repo->new($request->except(['_token']));
// Alert::info('An API Keypair has successfully been generated. The API secret for this public key is shown below and will not be shown again.<br /><br />Secret: <code>' . $secret . '</code>')->flash(); Alert::success('An API Keypair has successfully been generated. The API secret for this public key is shown below and will not be shown again.<br /><br /><code>' . $secret . '</code>')->flash();
Alert::info("<script type='text/javascript'>swal({ return redirect()->route('account.api');
type: 'info',
title: 'Secret Key',
html: true,
text: 'The secret for this keypair is shown below and will not be shown again.<hr /><code style=\'text-align:center;\'>" . $secret . "</code>'
});</script>")->flash();
return redirect()->route('admin.api');
} catch (DisplayValidationException $ex) { } catch (DisplayValidationException $ex) {
return redirect()->route('admin.api.new')->withErrors(json_decode($ex->getMessage()))->withInput(); return redirect()->route('account.api.new')->withErrors(json_decode($ex->getMessage()))->withInput();
} catch (DisplayException $ex) { } catch (DisplayException $ex) {
Alert::danger($ex->getMessage())->flash(); Alert::danger($ex->getMessage())->flash();
} catch (\Exception $ex) { } catch (\Exception $ex) {
Log::error($ex); Log::error($ex);
Alert::danger('An unhandled exception occured while attempting to add this API key.')->flash(); Alert::danger('An unhandled exception occured while attempting to add this API key.')->flash();
} }
return redirect()->route('admin.api.new')->withInput(); return redirect()->route('account.api.new')->withInput();
} }
public function deleteRevokeKey(Request $request, $key) public function revoke(Request $request, $key)
{ {
try { try {
$api = new APIRepository; $repo = new APIRepository($request->user());
$api->revoke($key); $repo->revoke($key);
return response('', 204); return response('', 204);
} catch (\Exception $ex) { } catch (\Exception $ex) {
return response()->json([ return response()->json([
@ -96,5 +85,4 @@ class APIController extends Controller
], 503); ], 503);
} }
} }
} }

108
app/Http/Controllers/Base/AccountController.php Normal file
View File

@ -0,0 +1,108 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2016 Dane Everitt <dane@daneeveritt.com>
* Some Modifications (c) 2015 Dylan Seidt <dylan.seidt@gmail.com>
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\Base;
use Alert;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Http\Controllers\Controller;
use Illuminate\Http\Request;
class AccountController extends Controller
{
/**
* Display base account information page.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Contracts\View\View
*/
public function index(Request $request)
{
return view('base.account');
}
/**
* Update an account email.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function email(Request $request)
{
$this->validate($request, [
'new_email' => 'required|email',
'password' => 'required'
]);
$user = $request->user();
if (!password_verify($request->input('password'), $user->password)) {
Alert::danger('The password provided was not valid for this account.')->flash();
return redirect()->route('account');
}
$user->email = $request->input('new_email');
$user->save();
Alert::success('Your email address has successfully been updated.')->flash();
return redirect()->route('account');
}
/**
* Update an account password.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function password(Request $request)
{
$this->validate($request, [
'current_password' => 'required',
'new_password' => 'required|confirmed|different:current_password|regex:((?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,})',
'new_password_confirmation' => 'required'
]);
$user = $request->user();
if (!password_verify($request->input('current_password'), $user->password)) {
Alert::danger('The password provided was not valid for this account.')->flash();
return redirect()->route('account');
}
try {
$user->setPassword($request->input('new_password'));
Alert::success('Your password has successfully been updated.')->flash();
} catch (DisplayException $e) {
Alert::danger($e->getMessage())->flash();
}
return redirect()->route('account');
}
}

177
app/Http/Controllers/Base/IndexController.php
View File

@ -24,15 +24,9 @@
*/ */
namespace Pterodactyl\Http\Controllers\Base; namespace Pterodactyl\Http\Controllers\Base;
use Auth; use Pterodactyl\Models\Server;
use Hash;
use Google2FA;
use Alert;
use Pterodactyl\Models;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Http\Controllers\Controller; use Pterodactyl\Http\Controllers\Controller;
use Illuminate\Http\Request; use Illuminate\Http\Request;
class IndexController extends Controller class IndexController extends Controller
@ -55,7 +49,7 @@ class IndexController extends Controller
public function getIndex(Request $request) public function getIndex(Request $request)
{ {
return view('base.index', [ return view('base.index', [
'servers' => Models\Server::getUserServers(10), 'servers' => Server::getUserServers(10),
]); ]);
} }
@ -71,169 +65,4 @@ class IndexController extends Controller
return str_random($length); return str_random($length);
} }
/**
* Returns Security Management Page.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Contracts\View\View
*/
public function getAccountSecurity(Request $request)
{
return view('base.security', [
'sessions' => Models\Session::where('user_id', Auth::user()->id)->get()
]);
}
/**
* Generates TOTP Secret and returns popup data for user to verify
* that they can generate a valid response.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Contracts\View\View
*/
public function putAccountTotp(Request $request)
{
$user = $request->user();
$user->totp_secret = Google2FA::generateSecretKey();
$user->save();
return response()->json([
'qrImage' => Google2FA::getQRCodeGoogleUrl(
'Pterodactyl',
$user->email,
$user->totp_secret
),
'secret' => $user->totp_secret
]);
}
/**
* Verifies that 2FA token recieved is valid and will work on the account.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function postAccountTotp(Request $request)
{
if (!$request->has('token')) {
return response(null, 500);
}
$user = $request->user();
if($user->toggleTotp($request->input('token'))) {
return response('true');
}
return response('false');
}
/**
* Disables TOTP on an account.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function deleteAccountTotp(Request $request)
{
if (!$request->has('token')) {
Alert::danger('Missing required `token` field in request.')->flash();
return redirect()->route('account.totp');
}
$user = $request->user();
if($user->toggleTotp($request->input('token'))) {
return redirect()->route('account.totp');
}
Alert::danger('The TOTP token provided was invalid.')->flash();
return redirect()->route('account.totp');
}
/**
* Display base account information page.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Contracts\View\View
*/
public function getAccount(Request $request)
{
return view('base.account');
}
/**
* Update an account email.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function postAccountEmail(Request $request)
{
$this->validate($request, [
'new_email' => 'required|email',
'password' => 'required'
]);
$user = $request->user();
if (!password_verify($request->input('password'), $user->password)) {
Alert::danger('The password provided was not valid for this account.')->flash();
return redirect()->route('account');
}
$user->email = $request->input('new_email');
$user->save();
Alert::success('Your email address has successfully been updated.')->flash();
return redirect()->route('account');
}
/**
* Update an account password.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function postAccountPassword(Request $request)
{
$this->validate($request, [
'current_password' => 'required',
'new_password' => 'required|confirmed|different:current_password|regex:((?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,})',
'new_password_confirmation' => 'required'
]);
$user = $request->user();
if (!password_verify($request->input('current_password'), $user->password)) {
Alert::danger('The password provided was not valid for this account.')->flash();
return redirect()->route('account');
}
try {
$user->setPassword($request->input('new_password'));
Alert::success('Your password has successfully been updated.')->flash();
} catch (DisplayException $e) {
Alert::danger($e->getMessage())->flash();
}
return redirect()->route('account');
}
public function getRevokeSession(Request $request, $id)
{
$session = Models\Session::where('id', $id)->where('user_id', Auth::user()->id)->firstOrFail();
$session->delete();
return redirect()->route('account.security');
}
} }

130
app/Http/Controllers/Base/SecurityController.php Normal file
View File

@ -0,0 +1,130 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2016 Dane Everitt <dane@daneeveritt.com>
* Some Modifications (c) 2015 Dylan Seidt <dylan.seidt@gmail.com>
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\Base;
use Google2FA;
use Alert;
use Pterodactyl\Models\Session;
use Pterodactyl\Http\Controllers\Controller;
use Illuminate\Http\Request;
class SecurityController extends Controller
{
/**
* Returns Security Management Page.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Contracts\View\View
*/
public function index(Request $request)
{
return view('base.security', [
'sessions' => Session::where('user_id', $request->user()->id)->get()
]);
}
/**
* Generates TOTP Secret and returns popup data for user to verify
* that they can generate a valid response.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Contracts\View\View
*/
public function generateTotp(Request $request)
{
$user = $request->user();
$user->totp_secret = Google2FA::generateSecretKey();
$user->save();
return response()->json([
'qrImage' => Google2FA::getQRCodeGoogleUrl(
'Pterodactyl',
$user->email,
$user->totp_secret
),
'secret' => $user->totp_secret
]);
}
/**
* Verifies that 2FA token recieved is valid and will work on the account.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function setTotp(Request $request)
{
if (!$request->has('token')) {
return response(null, 500);
}
$user = $request->user();
if($user->toggleTotp($request->input('token'))) {
return response('true');
}
return response('false');
}
/**
* Disables TOTP on an account.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function disableTotp(Request $request)
{
if (!$request->has('token')) {
Alert::danger('Missing required `token` field in request.')->flash();
return redirect()->route('account.totp');
}
$user = $request->user();
if($user->toggleTotp($request->input('token'))) {
return redirect()->route('account.security');
}
Alert::danger('The TOTP token provided was invalid.')->flash();
return redirect()->route('account.security');
}
public function revoke(Request $request, $id)
{
$session = Session::where('id', $id)->where('user_id', $request->user()->id)->firstOrFail();
$session->delete();
return redirect()->route('account.security');
}
}

25
app/Http/Middleware/APISecretToken.php
View File

@ -23,12 +23,15 @@
*/ */
namespace Pterodactyl\Http\Middleware; namespace Pterodactyl\Http\Middleware;
use Auth;
use Crypt; use Crypt;
use Config;
use IPTools\IP; use IPTools\IP;
use IPTools\Range; use IPTools\Range;
use Pterodactyl\Models\APIKey; use Pterodactyl\Models\APIKey;
use Pterodactyl\Models\APIPermission; use Pterodactyl\Models\APIPermission;
use Pterodactyl\Models\User;
use Pterodactyl\Services\APILogService; use Pterodactyl\Services\APILogService;
use Illuminate\Http\Request; use Illuminate\Http\Request;
@ -51,7 +54,7 @@ class APISecretToken extends Authorization
public function __construct() public function __construct()
{ {
// Config::set('session.driver', 'array');
} }
public function getAuthorizationMethod() public function getAuthorizationMethod()
@ -90,16 +93,18 @@ class APISecretToken extends Authorization
} }
} }
foreach(APIPermission::where('key_id', $key->id)->get() as &$row) { $permission = APIPermission::where('key_id', $key->id)->where('permission', $request->route()->getName());
if ($row->permission === '*' || $row->permission === $request->route()->getName()) {
$this->permissionAllowed = true; // Suport Wildcards
continue; if (starts_with($request->route()->getName(), 'api.user')) {
} $permission->orWhere('permission', 'api.user.*');
} else if(starts_with($request->route()->getName(), 'api.admin')) {
$permission->orWhere('permission', 'api.admin.*');
} }
if (!$this->permissionAllowed) { if (!$permission->first()) {
APILogService::log($request, 'You do not have permission to access this resource.'); APILogService::log($request, 'You do not have permission to access this resource. This API Key requires the ' . $request->route()->getName() . ' permission node.');
throw new AccessDeniedHttpException('You do not have permission to access this resource.'); throw new AccessDeniedHttpException('You do not have permission to access this resource. This API Key requires the ' . $request->route()->getName() . ' permission node.');
} }
} }
@ -118,7 +123,7 @@ class APISecretToken extends Authorization
// Log the Route Access // Log the Route Access
APILogService::log($request, null, true); APILogService::log($request, null, true);
return true; return Auth::loginUsingId($key->user);
} }

1
app/Http/Middleware/VerifyCsrfToken.php
View File

@ -13,5 +13,6 @@ class VerifyCsrfToken extends BaseVerifier
*/ */
protected $except = [ protected $except = [
'remote/*', 'remote/*',
'api/*'
]; ];
} }

63
app/Http/Routes/APIRoutes.php
View File

@ -32,33 +32,50 @@ class APIRoutes
public function map(Router $router) { public function map(Router $router) {
$api = app('Dingo\Api\Routing\Router'); $api = app('Dingo\Api\Routing\Router');
$api->version('v1', ['middleware' => 'api.auth'], function ($api) { $api->version('v1', ['prefix' => 'api/me', 'middleware' => 'api.auth'], function ($api) {
$api->get('/', [
'as' => 'api.user.me',
'uses' => 'Pterodactyl\Http\Controllers\API\User\InfoController@me'
]);
$api->get('/server/{uuid}', [
'as' => 'api.user.server',
'uses' => 'Pterodactyl\Http\Controllers\API\User\ServerController@info'
]);
$api->put('/server/{uuid}', [
'as' => 'api.user.server.power',
'uses' => 'Pterodactyl\Http\Controllers\API\User\ServerController@power'
]);
});
$api->version('v1', ['prefix' => 'api', 'middleware' => 'api.auth'], function ($api) {
/** /**
* User Routes * User Routes
*/ */
$api->get('users', [ $api->get('users', [
'as' => 'api.users.list', 'as' => 'api.admin.users.list',
'uses' => 'Pterodactyl\Http\Controllers\API\UserController@list' 'uses' => 'Pterodactyl\Http\Controllers\API\UserController@list'
]); ]);
$api->post('users', [ $api->post('users', [
'as' => 'api.users.create', 'as' => 'api.admin.users.create',
'uses' => 'Pterodactyl\Http\Controllers\API\UserController@create' 'uses' => 'Pterodactyl\Http\Controllers\API\UserController@create'
]); ]);
$api->get('users/{id}', [ $api->get('users/{id}', [
'as' => 'api.users.view', 'as' => 'api.admin.users.view',
'uses' => 'Pterodactyl\Http\Controllers\API\UserController@view' 'uses' => 'Pterodactyl\Http\Controllers\API\UserController@view'
]); ]);
$api->patch('users/{id}', [ $api->patch('users/{id}', [
'as' => 'api.users.update', 'as' => 'api.admin.users.update',
'uses' => 'Pterodactyl\Http\Controllers\API\UserController@update' 'uses' => 'Pterodactyl\Http\Controllers\API\UserController@update'
]); ]);
$api->delete('users/{id}', [ $api->delete('users/{id}', [
'as' => 'api.users.delete', 'as' => 'api.admin.users.delete',
'uses' => 'Pterodactyl\Http\Controllers\API\UserController@delete' 'uses' => 'Pterodactyl\Http\Controllers\API\UserController@delete'
]); ]);
@ -66,42 +83,42 @@ class APIRoutes
* Server Routes * Server Routes
*/ */
$api->get('servers', [ $api->get('servers', [
'as' => 'api.servers.list', 'as' => 'api.admin.servers.list',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@list' 'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@list'
]); ]);
$api->post('servers', [ $api->post('servers', [
'as' => 'api.servers.create', 'as' => 'api.admin.servers.create',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@create' 'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@create'
]); ]);
$api->get('servers/{id}', [ $api->get('servers/{id}', [
'as' => 'api.servers.view', 'as' => 'api.admin.servers.view',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@view' 'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@view'
]); ]);
$api->patch('servers/{id}/config', [ $api->patch('servers/{id}/config', [
'as' => 'api.servers.config', 'as' => 'api.admin.servers.config',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@config' 'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@config'
]); ]);
$api->patch('servers/{id}/build', [ $api->patch('servers/{id}/build', [
'as' => 'api.servers.build', 'as' => 'api.admin.servers.build',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@build' 'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@build'
]); ]);
$api->post('servers/{id}/suspend', [ $api->post('servers/{id}/suspend', [
'as' => 'api.servers.suspend', 'as' => 'api.admin.servers.suspend',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@suspend' 'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@suspend'
]); ]);
$api->post('servers/{id}/unsuspend', [ $api->post('servers/{id}/unsuspend', [
'as' => 'api.servers.unsuspend', 'as' => 'api.admin.servers.unsuspend',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@unsuspend' 'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@unsuspend'
]); ]);
$api->delete('servers/{id}/{force?}', [ $api->delete('servers/{id}/{force?}', [
'as' => 'api.servers.delete', 'as' => 'api.admin.servers.delete',
'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@delete' 'uses' => 'Pterodactyl\Http\Controllers\API\ServerController@delete'
]); ]);
@ -109,32 +126,32 @@ class APIRoutes
* Node Routes * Node Routes
*/ */
$api->get('nodes', [ $api->get('nodes', [
'as' => 'api.nodes.list', 'as' => 'api.admin.nodes.list',
'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@list' 'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@list'
]); ]);
$api->post('nodes', [ $api->post('nodes', [
'as' => 'api.nodes.create', 'as' => 'api.admin.nodes.create',
'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@create' 'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@create'
]); ]);
$api->get('nodes/allocations', [ $api->get('nodes/allocations', [
'as' => 'api.nodes.allocations', 'as' => 'api.admin.nodes.allocations',
'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@allocations' 'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@allocations'
]); ]);
$api->get('nodes/{id}', [ $api->get('nodes/{id}', [
'as' => 'api.nodes.view', 'as' => 'api.admin.nodes.view',
'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@view' 'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@view'
]); ]);
$api->get('nodes/{id}/config', [ $api->get('nodes/{id}/config', [
'as' => 'api.nodes.view', 'as' => 'api.admin.nodes.view',
'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@config' 'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@config'
]); ]);
$api->delete('nodes/{id}', [ $api->delete('nodes/{id}', [
'as' => 'api.nodes.delete', 'as' => 'api.admin.nodes.delete',
'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@delete' 'uses' => 'Pterodactyl\Http\Controllers\API\NodeController@delete'
]); ]);
@ -142,7 +159,7 @@ class APIRoutes
* Location Routes * Location Routes
*/ */
$api->get('locations', [ $api->get('locations', [
'as' => 'api.locations.list', 'as' => 'api.admin.locations.list',
'uses' => 'Pterodactyl\Http\Controllers\API\LocationController@list' 'uses' => 'Pterodactyl\Http\Controllers\API\LocationController@list'
]); ]);
@ -150,12 +167,12 @@ class APIRoutes
* Service Routes * Service Routes
*/ */
$api->get('services', [ $api->get('services', [
'as' => 'api.services.list', 'as' => 'api.admin.services.list',
'uses' => 'Pterodactyl\Http\Controllers\API\ServiceController@list' 'uses' => 'Pterodactyl\Http\Controllers\API\ServiceController@list'
]); ]);
$api->get('services/{id}', [ $api->get('services/{id}', [
'as' => 'api.services.view', 'as' => 'api.admin.services.view',
'uses' => 'Pterodactyl\Http\Controllers\API\ServiceController@view' 'uses' => 'Pterodactyl\Http\Controllers\API\ServiceController@view'
]); ]);

26
app/Http/Routes/AdminRoutes.php
View File

@ -303,32 +303,6 @@ class AdminRoutes {
]); ]);
}); });
// API Routes
$router->group([
'prefix' => 'admin/api',
'middleware' => [
'auth',
'admin',
'csrf'
]
], function () use ($router) {
$router->get('/', [
'as' => 'admin.api',
'uses' => 'Admin\APIController@getIndex'
]);
$router->get('/new', [
'as' => 'admin.api.new',
'uses' => 'Admin\APIController@getNew'
]);
$router->post('/new', [
'uses' => 'Admin\APIController@postNew'
]);
$router->delete('/revoke/{key?}', [
'as' => 'admin.api.revoke',
'uses' => 'Admin\APIController@deleteRevokeKey'
]);
});
// Database Routes // Database Routes
$router->group([ $router->group([
'prefix' => 'admin/databases', 'prefix' => 'admin/databases',

55
app/Http/Routes/BaseRoutes.php
View File

@ -51,21 +51,46 @@ class BaseRoutes {
// Account Routes // Account Routes
$router->group([ $router->group([
'profix' => 'account', 'prefix' => 'account',
'middleware' => [ 'middleware' => [
'auth', 'auth',
'csrf' 'csrf'
] ]
], function () use ($router) { ], function () use ($router) {
$router->get('account', [ $router->get('/', [
'as' => 'account', 'as' => 'account',
'uses' => 'Base\IndexController@getAccount' 'uses' => 'Base\AccountController@index'
]); ]);
$router->post('/account/password', [ $router->post('/password', [
'uses' => 'Base\IndexController@postAccountPassword' 'uses' => 'Base\AccountController@password'
]); ]);
$router->post('/account/email', [ $router->post('/email', [
'uses' => 'Base\IndexController@postAccountEmail' 'uses' => 'Base\AccountController@email'
]);
});
// API Management Routes
$router->group([
'prefix' => 'account/api',
'middleware' => [
'auth',
'csrf'
]
], function () use ($router) {
$router->get('/', [
'as' => 'account.api',
'uses' => 'Base\APIController@index'
]);
$router->get('/new', [
'as' => 'account.api.new',
'uses' => 'Base\APIController@new'
]);
$router->post('/new', [
'uses' => 'Base\APIController@save'
]);
$router->delete('/revoke/{key}', [
'uses' => 'Base\APIController@revoke'
]); ]);
}); });
@ -79,20 +104,20 @@ class BaseRoutes {
], function () use ($router) { ], function () use ($router) {
$router->get('/', [ $router->get('/', [
'as' => 'account.security', 'as' => 'account.security',
'uses' => 'Base\IndexController@getAccountSecurity' 'uses' => 'Base\SecurityController@index'
]); ]);
$router->get('/revoke/{id}', [ $router->get('/revoke/{id}', [
'as' => 'account.security.revoke', 'as' => 'account.security.revoke',
'uses' => 'Base\IndexController@getRevokeSession' 'uses' => 'Base\SecurityController@revoke'
]); ]);
$router->put('/', [ $router->put('/totp', [
'uses' => 'Base\IndexController@putAccountTotp' 'uses' => 'Base\SecurityController@generateTotp'
]); ]);
$router->post('/', [ $router->post('/totp', [
'uses' => 'Base\IndexController@postAccountTotp' 'uses' => 'Base\SecurityController@setTotp'
]); ]);
$router->delete('/', [ $router->delete('/totp', [
'uses' => 'Base\IndexController@deleteAccountTotp' 'uses' => 'Base\SecurityController@disableTotp'
]); ]);
}); });

2
app/Http/Routes/ServerRoutes.php
View File

@ -28,6 +28,7 @@ use Illuminate\Routing\Router;
class ServerRoutes { class ServerRoutes {
public function map(Router $router) { public function map(Router $router) {
$router->group([ $router->group([
'prefix' => 'server/{server}', 'prefix' => 'server/{server}',
'middleware' => [ 'middleware' => [
@ -36,6 +37,7 @@ class ServerRoutes {
'csrf' 'csrf'
] ]
], function ($server) use ($router) { ], function ($server) use ($router) {
// Index View for Server // Index View for Server
$router->get('/', [ $router->get('/', [
'as' => 'server.index', 'as' => 'server.index',

18
app/Models/Server.php
View File

@ -24,10 +24,11 @@
namespace Pterodactyl\Models; namespace Pterodactyl\Models;
use Auth; use Auth;
use Pterodactyl\Models\Subuser; use Pterodactyl\Models\Subuser;
use Illuminate\Database\Eloquent\Model; use Illuminate\Database\Eloquent\Model;
use Pterodactyl\Exceptions\DisplayException;
class Server extends Model class Server extends Model
{ {
@ -101,7 +102,7 @@ class Server extends Model
* @param Illuminate\Database\Eloquent\Model\Server $server * @param Illuminate\Database\Eloquent\Model\Server $server
* @return string * @return string
*/ */
protected static function getUserDaemonSecret(Server $server) public static function getUserDaemonSecret(Server $server)
{ {
if (self::$user->id === $server->owner || self::$user->root_admin === 1) { if (self::$user->id === $server->owner || self::$user->root_admin === 1) {
@ -133,9 +134,13 @@ class Server extends Model
'locations.short as a_locationShort', 'locations.short as a_locationShort',
'allocations.ip', 'allocations.ip',
'allocations.ip_alias', 'allocations.ip_alias',
'allocations.port' 'allocations.port',
'services.name as a_serviceName',
'service_options.name as a_serviceOptionName'
)->join('nodes', 'servers.node', '=', 'nodes.id') )->join('nodes', 'servers.node', '=', 'nodes.id')
->join('locations', 'nodes.location', '=', 'locations.id') ->join('locations', 'nodes.location', '=', 'locations.id')
->join('services', 'servers.service', '=', 'services.id')
->join('service_options', 'servers.option', '=', 'service_options.id')
->join('allocations', 'servers.allocation', '=', 'allocations.id'); ->join('allocations', 'servers.allocation', '=', 'allocations.id');
if (self::$user->root_admin !== 1) { if (self::$user->root_admin !== 1) {
@ -167,7 +172,8 @@ class Server extends Model
$query = self::select('servers.*', 'services.file as a_serviceFile') $query = self::select('servers.*', 'services.file as a_serviceFile')
->join('services', 'services.id', '=', 'servers.service') ->join('services', 'services.id', '=', 'servers.service')
->where('uuidShort', $uuid); ->where('uuidShort', $uuid)
->orWhere('uuid', $uuid);
if (self::$user->root_admin !== 1) { if (self::$user->root_admin !== 1) {
$query->whereIn('servers.id', Subuser::accessServers()); $query->whereIn('servers.id', Subuser::accessServers());
@ -175,6 +181,10 @@ class Server extends Model
$result = $query->first(); $result = $query->first();
if (!$result) {
throw new DisplayException('No server was found belonging to this user.');
}
if(!is_null($result)) { if(!is_null($result)) {
$result->daemonSecret = self::getUserDaemonSecret($result); $result->daemonSecret = self::getUserDaemonSecret($result);
} }

136
app/Repositories/APIRepository.php
View File

@ -23,6 +23,7 @@
*/ */
namespace Pterodactyl\Repositories; namespace Pterodactyl\Repositories;
use Auth;
use DB; use DB;
use Crypt; use Crypt;
use Validator; use Validator;
@ -40,38 +41,51 @@ class APIRepository
* @var array * @var array
*/ */
protected $permissions = [ protected $permissions = [
'*', 'admin' => [
'*',
// User Management Routes // User Management Routes
'api.users.list', 'users.list',
'api.users.create', 'users.create',
'api.users.view', 'users.view',
'api.users.update', 'users.update',
'api.users.delete', 'users.delete',
// Server Manaement Routes // Server Manaement Routes
'api.servers.list', 'servers.list',
'api.servers.create', 'servers.create',
'api.servers.view', 'servers.view',
'api.servers.config', 'servers.config',
'api.servers.build', 'servers.build',
'api.servers.suspend', 'servers.suspend',
'api.servers.unsuspend', 'servers.unsuspend',
'api.servers.delete', 'servers.delete',
// Node Management Routes // Node Management Routes
'api.nodes.list', 'nodes.list',
'api.nodes.create', 'nodes.create',
'api.nodes.list', 'nodes.list',
'api.nodes.allocations', 'nodes.allocations',
'api.nodes.delete', 'nodes.delete',
// Service Routes // Service Routes
'api.services.list', 'services.list',
'api.services.view', 'services.view',
// Location Routes // Location Routes
'api.locations.list', 'locations.list',
],
'user' => [
'*',
// Informational
'me',
// Server Control
'server',
'server.power',
],
]; ];
/** /**
@ -80,12 +94,17 @@ class APIRepository
*/ */
protected $allowed = []; protected $allowed = [];
protected $user;
/** /**
* Constructor * Constructor
*/ */
public function __construct() public function __construct(Models\User $user = null)
{ {
// $this->user = is_null($user) ? Auth::user() : $user;
if (is_null($this->user)) {
throw new \Exception('Cannot access API Repository without passing a user to __construct().');
}
} }
/** /**
@ -101,7 +120,9 @@ class APIRepository
public function new(array $data) public function new(array $data)
{ {
$validator = Validator::make($data, [ $validator = Validator::make($data, [
'permissions' => 'required|array' 'memo' => 'string|max:500',
'permissions' => 'sometimes|required|array',
'adminPermissions' => 'sometimes|required|array'
]); ]);
$validator->after(function($validator) use ($data) { $validator->after(function($validator) use ($data) {
@ -125,31 +146,62 @@ class APIRepository
} }
DB::beginTransaction(); DB::beginTransaction();
try { try {
$secretKey = str_random(16) . '.' . str_random(15); $secretKey = str_random(16) . '.' . str_random(7) . '.' . str_random(7);
$key = new Models\APIKey; $key = new Models\APIKey;
$key->fill([ $key->fill([
'user' => $this->user->id,
'public' => str_random(16), 'public' => str_random(16),
'secret' => Crypt::encrypt($secretKey), 'secret' => Crypt::encrypt($secretKey),
'allowed_ips' => empty($this->allowed) ? null : json_encode($this->allowed) 'allowed_ips' => empty($this->allowed) ? null : json_encode($this->allowed),
'memo' => $data['memo'],
'expires_at' => null
]); ]);
$key->save(); $key->save();
foreach($data['permissions'] as $permission) { $totalPermissions = 0;
if (in_array($permission, $this->permissions)) { if (isset($data['permissions'])) {
$model = new Models\APIPermission; foreach($data['permissions'] as $permNode) {
$model->fill([ if (!strpos($permNode, ':')) continue;
'key_id' => $key->id,
'permission' => $permission list($toss, $permission) = explode(':', $permNode);
]); if (in_array($permission, $this->permissions['user'])) {
$model->save(); $totalPermissions++;
$model = new Models\APIPermission;
$model->fill([
'key_id' => $key->id,
'permission' => 'api.user.' . $permission
]);
$model->save();
}
} }
} }
if ($this->user->root_admin === 1 && isset($data['adminPermissions'])) {
foreach($data['adminPermissions'] as $permNode) {
if (!strpos($permNode, ':')) continue;
list($toss, $permission) = explode(':', $permNode);
if (in_array($permission, $this->permissions['admin'])) {
$totalPermissions++;
$model = new Models\APIPermission;
$model->fill([
'key_id' => $key->id,
'permission' => 'api.admin.' . $permission
]);
$model->save();
}
}
}
if ($totalPermissions < 1) {
throw new DisplayException('No valid permissions were passed.');
}
DB::commit(); DB::commit();
return $secretKey; return $secretKey;
} catch (\Exception $ex) { } catch (\Exception $ex) {
DB::rollBack();
throw $ex; throw $ex;
} }
@ -169,7 +221,7 @@ class APIRepository
DB::beginTransaction(); DB::beginTransaction();
try { try {
$model = Models\APIKey::where('public', $key)->firstOrFail(); $model = Models\APIKey::where('public', $key)->where('user', $this->user->id)->firstOrFail();
$permissions = Models\APIPermission::where('key_id', $model->id)->delete(); $permissions = Models\APIPermission::where('key_id', $model->id)->delete();
$model->delete(); $model->delete();

3
app/Repositories/UserRepository.php
View File

@ -162,7 +162,8 @@ class UserRepository
throw new DisplayException('Cannot delete a user with active servers attached to thier account.'); throw new DisplayException('Cannot delete a user with active servers attached to thier account.');
} }
if(Auth::user()->id === $id) { // @TODO: this should probably be checked outside of this method because we won't always have Auth::user()
if(!is_null(Auth::user()) && Auth::user()->id === $id) {
throw new DisplayException('Cannot delete your own account.'); throw new DisplayException('Cannot delete your own account.');
} }

2
config/app.php
View File

@ -188,6 +188,8 @@ return [
'Crypt' => Illuminate\Support\Facades\Crypt::class, 'Crypt' => Illuminate\Support\Facades\Crypt::class,
'DB' => Illuminate\Support\Facades\DB::class, 'DB' => Illuminate\Support\Facades\DB::class,
'Debugbar' => Barryvdh\Debugbar\Facade::class, 'Debugbar' => Barryvdh\Debugbar\Facade::class,
'Dingo' => Dingo\Api\Facade\API::class,
'DingoRoute'=> Dingo\Api\Facade\Route::class,
'Eloquent' => Illuminate\Database\Eloquent\Model::class, 'Eloquent' => Illuminate\Database\Eloquent\Model::class,
'Event' => Illuminate\Support\Facades\Event::class, 'Event' => Illuminate\Support\Facades\Event::class,
'File' => Illuminate\Support\Facades\File::class, 'File' => Illuminate\Support\Facades\File::class,

4
config/session.php
View File

@ -29,9 +29,9 @@ return [
| |
*/ */
'lifetime' => 120, 'lifetime' => 30,
'expire_on_close' => false, 'expire_on_close' => true,
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------

36
database/migrations/2016_10_14_164802_update_api_keys.php Normal file
View File

@ -0,0 +1,36 @@
<?php
use Illuminate\Support\Facades\Schema;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
class UpdateApiKeys extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::table('api_keys', function (Blueprint $table) {
$table->unsignedInteger('user')->after('id');
$table->text('memo')->after('allowed_ips')->nullable();
$table->timestamp('expires_at')->after('memo')->nullable();
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::table('api_keys', function (Blueprint $table) {
$table->dropColumn('user');
$table->dropColumn('memo');
$table->dropColumn('expires_at');
});
}
}

8
public/themes/default/css/pterodactyl.css
View File

@ -263,3 +263,11 @@ li.btn.btn-default.pill:active,li.btn.btn-default.pill:focus,li.btn.btn-default.
.left-icon + td { .left-icon + td {
border-left: 0px !important; border-left: 0px !important;
} }
.fuelux .wizard .step-content > .alert {
margin-bottom: 0 !important;
}
.fuelux .wizard .steps-container {
background-color: #eee;
}

213
resources/views/admin/api/new.blade.php
View File

@ -1,213 +0,0 @@
{{-- Copyright (c) 2015 - 2016 Dane Everitt <dane@daneeveritt.com> --}}
{{-- Permission is hereby granted, free of charge, to any person obtaining a copy --}}
{{-- of this software and associated documentation files (the "Software"), to deal --}}
{{-- in the Software without restriction, including without limitation the rights --}}
{{-- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell --}}
{{-- copies of the Software, and to permit persons to whom the Software is --}}
{{-- furnished to do so, subject to the following conditions: --}}
{{-- The above copyright notice and this permission notice shall be included in all --}}
{{-- copies or substantial portions of the Software. --}}
{{-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR --}}
{{-- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, --}}
{{-- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE --}}
{{-- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER --}}
{{-- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, --}}
{{-- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE --}}
{{-- SOFTWARE. --}}
@extends('layouts.admin')
@section('title')
API Management
@endsection
@section('content')
<div class="col-md-12">
<ul class="breadcrumb">
<li><a href="/admin">Admin Control</a></li>
<li><a href="/admin/api">API Management</a></li>
<li class="active">New</li>
</ul>
<h3>Add New API Key</h3><hr />
<form action="{{ route('admin.api.new') }}" method="POST">
<div class="row">
<div class="col-md-12 fuelux">
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="*"> <strong>*</strong>
<p class="text-muted"><small><span class="label label-danger">Danger</span> Allows performing any action aganist the API.</small><p>
</label>
</div>
</div>
</div>
<div class="row">
<div class="col-md-6 fuelux">
<h4>User Management</h4><hr />
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.users.list"> <strong><span class="label label-default">GET</span> /users</strong>
<p class="text-muted"><small>Allows listing of all users currently on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.users.create"> <strong><span class="label label-default">POST</span> /users</strong>
<p class="text-muted"><small>Allows creating a new user on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.users.view"> <strong><span class="label label-default">GET</span> /users/{id}</strong>
<p class="text-muted"><small>Allows viewing details about a specific user including active services.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.users.update"> <strong><span class="label label-default">PATCH</span> /users/{id}</strong>
<p class="text-muted"><small>Allows modifying user details (email, password, TOTP information).</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.users.delete"> <strong><span class="label label-danger">DELETE</span> /users/{id}</strong>
<p class="text-muted"><small>Allows deleting a user.</small><p>
</label>
</div>
</div>
<div class="col-md-6 fuelux">
<h4>Server Management</h4><hr />
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.servers.list"> <strong><span class="label label-default">GET</span> /servers</strong>
<p class="text-muted"><small>Allows listing of all servers currently on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.servers.create"> <strong><span class="label label-default">POST</span> /servers</strong>
<p class="text-muted"><small>Allows creating a new server on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.servers.view"> <strong><span class="label label-default">GET</span> /servers/{id}</strong>
<p class="text-muted"><small><span class="label label-danger">Danger</span> Allows viewing details about a specific server including the <code>daemon_token</code> as current process information.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.servers.config"> <strong><span class="label label-default">PATCH</span> /servers/{id}/config</strong>
<p class="text-muted"><small>Allows modifying server config (name, owner, and access token).</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.servers.build"> <strong><span class="label label-default">PATCH</span> /servers/{id}/build</strong>
<p class="text-muted"><small>Allows modifying a server's build parameters such as memory, CPU, and disk space along with assigned and default IPs.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.servers.suspend"> <strong><span class="label label-default">POST</span> /servers/{id}/suspend</strong>
<p class="text-muted"><small>Allows suspending a server instance.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.servers.unsuspend"> <strong><span class="label label-default">POST</span> /servers/{id}/unsuspend</strong>
<p class="text-muted"><small>Allows unsuspending a server instance.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.servers.delete"> <strong><span class="label label-danger">DELETE</span> /servers/{id}</strong>
<p class="text-muted"><small>Allows deleting a server.</small><p>
</label>
</div>
</div>
</div>
<div class="row">
<div class="col-md-6 fuelux">
<h4>Node Management</h4><hr />
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.nodes.list"> <strong><span class="label label-default">GET</span> /nodes</strong>
<p class="text-muted"><small>Allows listing of all nodes currently on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.nodes.create"> <strong><span class="label label-default">POST</span> /nodes</strong>
<p class="text-muted"><small>Allows creating a new node on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.nodes.view"> <strong><span class="label label-default">GET</span> /nodes/{id}</strong>
<p class="text-muted"><small>Allows viewing details about a specific node including active services.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.nodes.allocations"> <strong><span class="label label-default">GET</span> /nodes/allocations</strong>
<p class="text-muted"><small>Allows viewing all allocations on the panel for all nodes.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.nodes.delete"> <strong><span class="label label-danger">DELETE</span> /nodes/{id}</strong>
<p class="text-muted"><small>Allows deleting a node.</small><p>
</label>
</div>
</div>
<div class="col-md-6 fuelux">
<h4>Service Management</h4><hr />
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.services.list"> <strong><span class="label label-default">GET</span> /services</strong>
<p class="text-muted"><small>Allows listing of all services configured on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.services.view"> <strong><span class="label label-default">GET</span> /services/{id}</strong>
<p class="text-muted"><small>Allows listing details about each service on the system including service options and variables.</small><p>
</label>
</div>
<h4>Location Management</h4><hr />
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="api.locations.list"> <strong><span class="label label-default">GET</span> /locations</strong>
<p class="text-muted"><small>Allows listing all locations and thier associated nodes.</small><p>
</label>
</div>
</div>
</div>
<div class="well">
<div class="row">
<div class="form-group col-md-12">
<label for="allowed_ips" class="control-label">Allowed IPs</label>
<div>
<textarea name="allowed_ips" class="form-control" rows="5">{{ old('allowed_ips') }}</textarea>
<p class="text-muted"><small>Enter a line delimitated list of IPs that are allowed to access the API using this key. CIDR notation is allowed. Leave blank to allow any IP.</small></p>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
{!! csrf_field() !!}
<input type="submit" class="btn btn-sm btn-primary" value="Create New Key" />
</div>
</div>
</div>
</form>
</div>
<script>
$(document).ready(function () {
$('#sidebar_links').find("a[href='/admin/api']").addClass('active');
$('[data-initialize="checkbox"]').checkbox();
});
</script>
@endsection

50
resources/views/admin/api/index.blade.php → resources/views/base/api/index.blade.php
View File

@ -17,60 +17,56 @@
{{-- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, --}} {{-- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, --}}
{{-- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE --}} {{-- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE --}}
{{-- SOFTWARE. --}} {{-- SOFTWARE. --}}
@extends('layouts.admin') @extends('layouts.master')
@section('title') @section('title', 'API Access')
API Management
@section('sidebar-server')
@endsection
@section('scripts')
@parent
{!! Theme::css('css/vendor/sweetalert/sweetalert.min.css') !!}
{!! Theme::js('js/vendor/sweetalert/sweetalert.min.js') !!}
@endsection @endsection
@section('content') @section('content')
<div class="col-md-12"> <div class="col-md-12">
<ul class="breadcrumb">
<li><a href="/admin">Admin Control</a></li>
<li class="active">API Management</li>
</ul>
<h3>API Key Information</h3><hr />
<table class="table table-bordered table-hover"> <table class="table table-bordered table-hover">
<thead> <thead>
<tr> <tr>
<th>API Public Key</th> <th>Public Key</th>
<th>Allowed IPs</th> <th>Memo</th>
<th>Permissions</th>
<th class="text-center">Created</th> <th class="text-center">Created</th>
<th class="text-center">Expires</th>
<th class="text-center"></th> <th class="text-center"></th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
@foreach ($keys as $key) @foreach ($keys as $key)
<tr> <tr class="align-middle">
<td><code>{{ $key->public }}</code></td> <td><code>{{ $key->public }}</code></td>
<td> <td>{{ $key->memo }}</td>
@if (is_null($key->allowed_ips)) <td class="text-center">{{ (new Carbon($key->created_at))->toDayDateTimeString() }}</td>
<code>*</code> <td class="text-center">
@if(is_null($key->expires_at))
<span class="label label-default">Never</span>
@else @else
@foreach(json_decode($key->allowed_ips) as $ip) {{ (new Carbon($key->expires_at))->toDayDateTimeString() }}
<code style="line-height:2;">{{ $ip }}</code><br />
@endforeach
@endif @endif
</td> </td>
<td>
@foreach(json_decode($key->permissions) as &$perm)
<code style="line-height:2;">{{ $perm->permission }}</code><br />
@endforeach
</td>
<td class="text-center">{{ (new Carbon($key->created_at))->toDayDateTimeString() }}</td>
<td class="text-center"><a href="#delete" class="text-danger" data-action="delete" data-attr="{{ $key->public }}"><i class="fa fa-trash"></i></a></td> <td class="text-center"><a href="#delete" class="text-danger" data-action="delete" data-attr="{{ $key->public }}"><i class="fa fa-trash"></i></a></td>
</tr> </tr>
@endforeach @endforeach
</tbody> </tbody>
</table> </table>
<div class="well"> <div class="well">
<a href="{{ route('admin.api.new') }}"><button class="btn btn-success btn-sm">Create New API Key</button></a> <a href="{{ route('account.api.new') }}"><button class="btn btn-success btn-sm">Create New API Key</button></a>
</div> </div>
</div> </div>
<script> <script>
$(document).ready(function () { $(document).ready(function () {
$('#sidebar_links').find("a[href='/admin/api']").addClass('active'); $('#sidebar_links').find('a[href="/account/api"]').addClass('active');
$('[data-action="delete"]').click(function (event) { $('[data-action="delete"]').click(function (event) {
var self = $(this); var self = $(this);
event.preventDefault(); event.preventDefault();
@ -87,7 +83,7 @@ $(document).ready(function () {
}, function () { }, function () {
$.ajax({ $.ajax({
method: 'DELETE', method: 'DELETE',
url: '{{ route('admin.api.revoke') }}/' + self.data('attr'), url: '{{ route('account.api') }}/revoke/' + self.data('attr'),
headers: { headers: {
'X-CSRF-TOKEN': '{{ csrf_token() }}' 'X-CSRF-TOKEN': '{{ csrf_token() }}'
} }

278
resources/views/base/api/new.blade.php Normal file
View File

@ -0,0 +1,278 @@
{{-- Copyright (c) 2015 - 2016 Dane Everitt <dane@daneeveritt.com> --}}
{{-- Permission is hereby granted, free of charge, to any person obtaining a copy --}}
{{-- of this software and associated documentation files (the "Software"), to deal --}}
{{-- in the Software without restriction, including without limitation the rights --}}
{{-- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell --}}
{{-- copies of the Software, and to permit persons to whom the Software is --}}
{{-- furnished to do so, subject to the following conditions: --}}
{{-- The above copyright notice and this permission notice shall be included in all --}}
{{-- copies or substantial portions of the Software. --}}
{{-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR --}}
{{-- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, --}}
{{-- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE --}}
{{-- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER --}}
{{-- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, --}}
{{-- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE --}}
{{-- SOFTWARE. --}}
@extends('layouts.master')
@section('title', 'API Access')
@section('sidebar-server')
@endsection
@section('content')
<div class="col-md-12 fuelux">
<div class="wizard" data-initialize="wizard" id="apiWizard">
<div class="steps-container">
<ul class="steps">
<li data-step="1" data-name="user" class="active">
<span class="badge">1</span>Permissions
<span class="chevron"></span>
</li>
@if(Auth::user()->root_admin === 1)
<li data-step="2" data-name="admin">
<span class="badge">2</span>Admin
<span class="chevron"></span>
</li>
@endif
<li data-step="3" data-name="ips">
<span class="badge">@if(Auth::user()->root_admin === 1)3 @else 2 @endif</span>Security
<span class="chevron"></span>
</li>
</ul>
</div>
<div class="actions">
<button type="button" class="btn btn-sm btn-default btn-prev">
<span class="fa fa-arrow-left"></span>Prev</button>
<button type="button" class="btn btn-sm btn-primary btn-next" data-last="Complete">Next
<span class="fa fa-arrow-right"></span>
</button>
</div>
<form action="{{ route('account.api.new') }}" method="POST" id="perms_form">
<div class="step-content">
<div class="step-pane active alert" data-step="1">
<div class="well">Any servers that you are a subuser for will be accessible through this API with the same permissions that you currently have.</div>
<div class="row">
<div class="col-md-6 fuelux">
<h4>Base Information</h4><hr />
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="user:*"> <strong>User:*</strong>
<p class="text-muted"><small><span class="label label-danger">Danger</span> Allows performing any action aganist the User API.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="user:me"> <strong><span class="label label-default">GET</span> Base Information</strong>
<p class="text-muted"><small>Returns a listing of all servers that this account has access to.</small><p>
</label>
</div>
</div>
<div class="col-md-6 fuelux">
<h4>Server Management</h4><hr />
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="user:server"> <strong><span class="label label-default">GET</span> Server Info</strong>
<p class="text-muted"><small>Allows access to viewing information about a single server including current stats and allocations.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="permissions[]" type="checkbox" value="user:server.power"> <strong><span class="label label-default">PUT</span> Server Power</strong>
<p class="text-muted"><small>Allows access to control server power status.</small><p>
</label>
</div>
</div>
</div>
</div>
@if(Auth::user()->root_admin === 1)
<div class="step-pane alert" data-step="2">
<div class="row">
<div class="col-md-12 fuelux">
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="admin:*"> <strong>Admin:*</strong>
<p class="text-muted"><small><span class="label label-danger">Danger</span> Allows performing any action aganist the Admin API.</small><p>
</label>
</div>
</div>
</div>
<div class="row">
<div class="col-md-6 fuelux">
<h4>User Management</h4><hr />
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="admin:users.list"> <strong><span class="label label-default">GET</span> List Users</strong>
<p class="text-muted"><small>Allows listing of all users currently on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="admin:users.create"> <strong><span class="label label-default">POST</span> Create User</strong>
<p class="text-muted"><small>Allows creating a new user on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="admin:users.view"> <strong><span class="label label-default">GET</span> List Single User</strong>
<p class="text-muted"><small>Allows viewing details about a specific user including active services.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="admin:users.update"> <strong><span class="label label-default">PATCH</span> Update User</strong>
<p class="text-muted"><small>Allows modifying user details (email, password, TOTP information).</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="admin:users.delete"> <strong><span class="label label-danger">DELETE</span> Delete User</strong>
<p class="text-muted"><small>Allows deleting a user.</small><p>
</label>
</div>
</div>
<div class="col-md-6 fuelux">
<h4>Server Management</h4><hr />
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="admin:servers.list"> <strong><span class="label label-default">GET</span> List Servers</strong>
<p class="text-muted"><small>Allows listing of all servers currently on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="admin:servers.create"> <strong><span class="label label-default">POST</span> Create Server</strong>
<p class="text-muted"><small>Allows creating a new server on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="admin:servers.view"> <strong><span class="label label-default">GET</span> List Single Server</strong>
<p class="text-muted"><small><span class="label label-danger">Danger</span> Allows viewing details about a specific server including the <code>daemon_token</code> as current process information.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="admin:servers.config"> <strong><span class="label label-default">PATCH</span> Update Configuration</strong>
<p class="text-muted"><small>Allows modifying server config (name, owner, and access token).</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="admin:servers.build"> <strong><span class="label label-default">PATCH</span> Update Build</strong>
<p class="text-muted"><small>Allows modifying a server's build parameters such as memory, CPU, and disk space along with assigned and default IPs.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="admin:servers.suspend"> <strong><span class="label label-default">POST</span> Suspend</strong>
<p class="text-muted"><small>Allows suspending a server instance.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="admin:servers.unsuspend"> <strong><span class="label label-default">POST</span> Unsuspend</strong>
<p class="text-muted"><small>Allows unsuspending a server instance.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="admin:servers.delete"> <strong><span class="label label-danger">DELETE</span> Delete Server</strong>
<p class="text-muted"><small>Allows deleting a server.</small><p>
</label>
</div>
</div>
</div>
<div class="row">
<div class="col-md-6 fuelux">
<h4>Node Management</h4><hr />
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="admin:nodes.list"> <strong><span class="label label-default">GET</span> List Nodes</strong>
<p class="text-muted"><small>Allows listing of all nodes currently on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="admin:nodes.create"> <strong><span class="label label-default">POST</span> Create Node</strong>
<p class="text-muted"><small>Allows creating a new node on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="admin:nodes.view"> <strong><span class="label label-default">GET</span> List Single Node</strong>
<p class="text-muted"><small>Allows viewing details about a specific node including active services.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="admin:nodes.allocations"> <strong><span class="label label-default">GET</span> List Allocations</strong>
<p class="text-muted"><small>Allows viewing all allocations on the panel for all nodes.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="admin:nodes.delete"> <strong><span class="label label-danger">DELETE</span> Delete Node</strong>
<p class="text-muted"><small>Allows deleting a node.</small><p>
</label>
</div>
</div>
<div class="col-md-6 fuelux">
<h4>Service Management</h4><hr />
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="admin:services.list"> <strong><span class="label label-default">GET</span> List Services</strong>
<p class="text-muted"><small>Allows listing of all services configured on the system.</small><p>
</label>
</div>
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="admin:services.view"> <strong><span class="label label-default">GET</span> List Single Service</strong>
<p class="text-muted"><small>Allows listing details about each service on the system including service options and variables.</small><p>
</label>
</div>
<h4>Location Management</h4><hr />
<div class="checkbox highlight">
<label class="checkbox-custom highlight" data-initialize="checkbox">
<input class="sr-only" name="adminPermissions[]" type="checkbox" value="admin:locations.list"> <strong><span class="label label-default">GET</span> List Locations</strong>
<p class="text-muted"><small>Allows listing all locations and thier associated nodes.</small><p>
</label>
</div>
</div>
</div>
</div>
@endif
<div class="step-pane alert" data-step="3">
<div class="form-group">
<label for="allowed_ips" class="control-label">Descriptive Memo</label>
<div>
<input type="text" name="memo" class="form-control" value="{{ old('memo') }}" />
<p class="text-muted">Enter a breif description of what this API key will be used for.</p>
</div>
</div>
<div class="form-group">
<label for="allowed_ips" class="control-label">Allowed IPs</label>
<div>
<textarea name="allowed_ips" class="form-control" rows="5">{{ old('allowed_ips') }}</textarea>
<p class="text-muted">Enter a line delimitated list of IPs that are allowed to access the API using this key. CIDR notation is allowed. Leave blank to allow any IP.</p>
</div>
</div>
</div>
</div>
{!! csrf_field() !!}
</form>
</div>
</div>
<script>
$(document).ready(function () {
$('#sidebar_links').find('a[href="/account/api"]').addClass('active');
$('#apiWizard').on('finished.fu.wizard', function (evt, data) {
$('#perms_form').submit();
});
});
</script>
@endsection

6
resources/views/base/security.blade.php
View File

@ -72,7 +72,7 @@
<div class="panel-body"> <div class="panel-body">
<p>{{ trans('base.account.totp_disable_help') }}</p> <p>{{ trans('base.account.totp_disable_help') }}</p>
<br /> <br />
<form action="/account/totp" method="post"> <form action="/account/security/totp" method="post">
<div class="form-group"> <div class="form-group">
<div class="input-group"> <div class="input-group">
<span class="input-group-addon">{{ trans('base.account.totp_token') }}</span> <span class="input-group-addon">{{ trans('base.account.totp_token') }}</span>
@ -155,7 +155,7 @@ $(document).ready(function () {
$.ajax({ $.ajax({
type: 'PUT', type: 'PUT',
url: '/account/totp', url: '/account/security/totp',
headers: { 'X-CSRF-Token': '{{ csrf_token() }}' } headers: { 'X-CSRF-Token': '{{ csrf_token() }}' }
}).done(function (data) { }).done(function (data) {
var image = new Image(); var image = new Image();
@ -180,7 +180,7 @@ $(document).ready(function () {
$.ajax({ $.ajax({
type: 'POST', type: 'POST',
url:'/account/totp', url:'/account/security/totp',
headers: { 'X-CSRF-Token': '{{ csrf_token() }}' }, headers: { 'X-CSRF-Token': '{{ csrf_token() }}' },
data: { data: {
token: $('#totp_token').val() token: $('#totp_token').val()

2
resources/views/layouts/admin.blade.php
View File

@ -60,7 +60,6 @@
<ul class="dropdown-menu"> <ul class="dropdown-menu">
<li><a href="/admin">Admin Index</a></li> <li><a href="/admin">Admin Index</a></li>
<li><a href="/admin/settings">General Settings</a></li> <li><a href="/admin/settings">General Settings</a></li>
<li><a href="/admin/api">API Management</a></li>
<li><a href="/admin/databases">Database Management</a></li> <li><a href="/admin/databases">Database Management</a></li>
</ul> </ul>
</li> </li>
@ -128,7 +127,6 @@
<a href="#" class="list-group-item list-group-item-heading"><strong>Management</strong></a> <a href="#" class="list-group-item list-group-item-heading"><strong>Management</strong></a>
<a href="/admin" id="sidenav_admin-index" class="list-group-item">Admin Index</a> <a href="/admin" id="sidenav_admin-index" class="list-group-item">Admin Index</a>
<a href="/admin/settings" class="list-group-item">General Settings</a> <a href="/admin/settings" class="list-group-item">General Settings</a>
<a href="/admin/api" class="list-group-item">API Management</a>
<a href="/admin/databases" class="list-group-item">Database Management</a> <a href="/admin/databases" class="list-group-item">Database Management</a>
</div> </div>
<div class="list-group"> <div class="list-group">

38
resources/views/layouts/master.blade.php
View File

@ -184,6 +184,7 @@
<ul class="dropdown-menu"> <ul class="dropdown-menu">
<li><a href="/account">{{ trans('pagination.sidebar.account_settings') }}</a></li> <li><a href="/account">{{ trans('pagination.sidebar.account_settings') }}</a></li>
<li><a href="/account/security">{{ trans('pagination.sidebar.account_security') }}</a></li> <li><a href="/account/security">{{ trans('pagination.sidebar.account_security') }}</a></li>
<li><a href="/account/api">API Settings</a></li>
<li><a href="/index">{{ trans('pagination.sidebar.servers') }}</a></li> <li><a href="/index">{{ trans('pagination.sidebar.servers') }}</a></li>
</ul> </ul>
</li> </li>
@ -237,6 +238,7 @@
<a href="#" class="list-group-item list-group-item-heading"><strong>{{ trans('pagination.sidebar.account_controls') }}</strong></a> <a href="#" class="list-group-item list-group-item-heading"><strong>{{ trans('pagination.sidebar.account_controls') }}</strong></a>
<a href="/account" class="list-group-item">{{ trans('pagination.sidebar.account_settings') }}</a> <a href="/account" class="list-group-item">{{ trans('pagination.sidebar.account_settings') }}</a>
<a href="/account/security" class="list-group-item">{{ trans('pagination.sidebar.account_security') }}</a> <a href="/account/security" class="list-group-item">{{ trans('pagination.sidebar.account_security') }}</a>
<a href="/account/api" class="list-group-item">API Access</a>
<a href="/" class="list-group-item">{{ trans('pagination.sidebar.servers') }}</a> <a href="/" class="list-group-item">{{ trans('pagination.sidebar.servers') }}</a>
</div> </div>
@section('sidebar-server') @section('sidebar-server')
@ -258,29 +260,25 @@
<div class="col-md-9"> <div class="col-md-9">
<div class="row"> <div class="row">
<div class="col-md-12" id="tpl_messages"> <div class="col-md-12" id="tpl_messages">
@section('resp-errors') @if (count($errors) > 0)
@if (count($errors) > 0) <div class="alert alert-danger">
<div class="alert alert-danger"> <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<strong>{{ trans('strings.whoops') }}!</strong> {{ trans('auth.errorencountered') }}<br><br>
<ul>
@foreach ($errors->all() as $error)
<li>{{ $error }}</li>
@endforeach
</ul>
</div>
@endif
@foreach (Alert::getMessages() as $type => $messages)
@foreach ($messages as $message)
<div class="alert alert-{{ $type }} alert-dismissable" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button> <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<strong>{{ trans('strings.whoops') }}!</strong> {{ trans('auth.errorencountered') }}<br><br> {!! $message !!}
<ul>
@foreach ($errors->all() as $error)
<li>{{ $error }}</li>
@endforeach
</ul>
</div> </div>
@endif
@show
@section('resp-alerts')
@foreach (Alert::getMessages() as $type => $messages)
@foreach ($messages as $message)
<div class="alert alert-{{ $type }} alert-dismissable" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>
{!! $message !!}
</div>
@endforeach
@endforeach @endforeach
@show @endforeach
</div> </div>
</div> </div>
<div class="row"> <div class="row">