Merge branch 'feature/vuejs' into feature/vue-serverview

Author: schrej

.dev/vagrant/provision.sh

@@ -21,6 +21,12 @@ debconf-set-selections <<< 'mariadb-server-5.5 mysql-server/root_password_again
 # actually install
 apt-get install -y php7.2 php7.2-cli php7.2-gd php7.2-mysql php7.2-pdo php7.2-mbstring php7.2-tokenizer php7.2-bcmath php7.2-xml php7.2-fpm php7.2-memcached php7.2-curl php7.2-zip php-xdebug mariadb-server nginx curl tar unzip git memcached > /dev/null
 
+echo "Install nodejs and yarn"
+curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
+echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
+curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
+apt-get -y install nodejs yarn > /dev/null
+
 echo "Install composer"
 curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
 

BUILDING.md

@@ -1,10 +1,57 @@
-# Building Assets
+# Local Development
+Pterodactyl is now powered by Vuejs and Tailwindcss and uses webpack at its core to generate compiled assets. Release
+versions of Pterodactyl will include pre-compiled, minified, and hashed assets ready-to-go.
 
-```
+However, if you are interested in running custom themes or making modifications to the Vue files you'll need a build
+system in place to generate these compiled assets. To get your environment setup, you'll first need to install at least Nodejs
+`8`, and it is _highly_ recommended that you also install [Yarn](https://yarnpkg.com) to manage your `node_modules`.
+
+### Install Dependencies
+```bash
 yarn install
+```
+
+The command above will download all of the dependencies necessary to get Pterodactyl assets building. After that, its as
+simple as running the command below to generate assets while you're developing.
+
+```bash
+# build the compiled assets for development
+yarn run build
+
+# build the assets automatically when files are modified
+yarn run watch
+```
+
 
-php artisan vue-i18n:generate
-php artisan ziggy:generate resources/assets/scripts/helpers/ziggy.js
+### Hot Module Reloading
+For more advanced users, we also support 'Hot Module Reloading', allowing you to quickly see changes you're making
+to the Vue template files without having to reload the page you're on. To Get started with this, you just need
+to run the command below.
 
-npm run build
+```bash
+PUBLIC_PATH=http://192.168.1.1:8080 yarn run serve --host 192.168.1.1
 ```
+
+There are two _very important_ parts of this command to take note of and change for your specific environment. The first
+is the `--host` flag, which is required and should point to the machine where the `webpack-serve` server will be running.
+The second is the `PUBLIC_PATH` environment variable which is the URL pointing to the HMR server and is appended to all of
+the asset URLs used in Pterodactyl.
+
+#### Vagrant
+If you want to use HMR with our Vagrant image, you can use `yarn run v:serve` as a shortcut for the correct parameters.
+In order to have proper file change detection you can use the [`vagrant-notify-forwarder`](https://github.com/mhallin/vagrant-notify-forwarder) to notify file events from the host to the VM.
+```sh
+vagrant plugin install vagrant-notify-forwarder
+vagrant reload
+```
+
+### Building for Production
+Once you have your files squared away and ready for the live server, you'll be needing to generate compiled, minified, and
+hashed assets to push live. To do so, run the command below:
+
+```bash
+yarn run build:production
+```
+
+This will generate a production ready `bundle.js` and `bundle.css` as well as a `manifest.json` and store them in
+the `/public/assets` directory where they can then be access by clients, and read by the Panel.

app/Http/Controllers/Api/Client/AccountController.php

@@ -0,0 +1,16 @@
+<?php
+
+namespace Pterodactyl\Http\Controllers\Api\Client;
+
+use Illuminate\Http\Request;
+use Pterodactyl\Transformers\Api\Client\AccountTransformer;
+
+class AccountController extends ClientApiController
+{
+    public function index(Request $request): array
+    {
+        return $this->fractal->item($request->user())
+            ->transformWith($this->getTransformer(AccountTransformer::class))
+            ->toArray();
+    }
+}

app/Http/Controllers/Auth/AbstractLoginController.php

@@ -16,6 +16,7 @@
 use Illuminate\Contracts\Encryption\Encrypter;
 use Illuminate\Foundation\Auth\AuthenticatesUsers;
 use Pterodactyl\Traits\Helpers\ProvidesJWTServices;
+use Pterodactyl\Transformers\Api\Client\AccountTransformer;
 use Illuminate\Contracts\Cache\Repository as CacheRepository;
 use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
 
@@ -137,25 +138,35 @@ protected function sendLoginResponse(User $user, Request $request): JsonResponse
         $request->session()->regenerate();
         $this->clearLoginAttempts($request);
 
-        $token = $this->builder->setIssuer(config('app.url'))
+        $this->auth->guard()->login($user, true);
+
+        return response()->json([
+            'complete' => true,
+            'intended' => $this->redirectPath(),
+            'jwt' => $this->createJsonWebToken($user),
+        ]);
+    }
+
+    /**
+     * Create a new JWT for the request and sign it using the signing key.
+     *
+     * @param User $user
+     * @return string
+     */
+    protected function createJsonWebToken(User $user): string
+    {
+        $token = $this->builder
+            ->setIssuer('Pterodactyl Panel')
             ->setAudience(config('app.url'))
-            ->setId(str_random(12), true)
+            ->setId(str_random(16), true)
             ->setIssuedAt(Chronos::now()->getTimestamp())
             ->setNotBefore(Chronos::now()->getTimestamp())
             ->setExpiration(Chronos::now()->addSeconds(config('session.lifetime'))->getTimestamp())
-            ->set('user', $user->only([
-                'id', 'uuid', 'username', 'email', 'name_first', 'name_last', 'language', 'root_admin',
-            ]))
+            ->set('user', (new AccountTransformer())->transform($user))
             ->sign($this->getJWTSigner(), $this->getJWTSigningKey())
             ->getToken();
 
-        $this->auth->guard()->login($user, true);
-
-        return response()->json([
-            'complete' => true,
-            'intended' => $this->redirectPath(),
-            'token' => $token->__toString(),
-        ]);
+        return $token->__toString();
     }
 
     /**

app/Http/Kernel.php

@@ -2,7 +2,6 @@
 
 namespace Pterodactyl\Http;
 
-use Pterodactyl\Http\Middleware\MaintenanceMiddleware;
 use Pterodactyl\Models\ApiKey;
 use Illuminate\Auth\Middleware\Authorize;
 use Illuminate\Auth\Middleware\Authenticate;
@@ -21,6 +20,7 @@
 use Pterodactyl\Http\Middleware\AccessingValidServer;
 use Pterodactyl\Http\Middleware\Api\SetSessionDriver;
 use Illuminate\View\Middleware\ShareErrorsFromSession;
+use Pterodactyl\Http\Middleware\MaintenanceMiddleware;
 use Pterodactyl\Http\Middleware\RedirectIfAuthenticated;
 use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
 use Pterodactyl\Http\Middleware\Api\AuthenticateIPAccess;
@@ -71,15 +71,15 @@ class Kernel extends HttpKernel
             RequireTwoFactorAuthentication::class,
         ],
         'api' => [
-            'throttle:120,1',
+            'throttle:240,1',
             ApiSubstituteBindings::class,
             SetSessionDriver::class,
             'api..key:' . ApiKey::TYPE_APPLICATION,
             AuthenticateApplicationUser::class,
             AuthenticateIPAccess::class,
         ],
         'client-api' => [
-            'throttle:60,1',
+            'throttle:240,1',
             SubstituteClientApiBindings::class,
             SetSessionDriver::class,
             'api..key:' . ApiKey::TYPE_ACCOUNT,

app/Http/Middleware/Api/AuthenticateKey.php

@@ -97,6 +97,16 @@ protected function authenticateJWT(string $token): ApiKey
             throw new HttpException(401, null, null, ['WWW-Authenticate' => 'Bearer']);
         }
 
+        // Run through the token validation and throw an exception if the token is not valid.
+        if (
+            $token->getClaim('nbf') > Chronos::now()->getTimestamp()
+            || $token->getClaim('iss') !== 'Pterodactyl Panel'
+            || $token->getClaim('aud') !== config('app.url')
+            || $token->getClaim('exp') <= Chronos::now()->getTimestamp()
+        ) {
+            throw new AccessDeniedHttpException;
+        }
+
         return (new ApiKey)->forceFill([
             'user_id' => object_get($token->getClaim('user'), 'id', 0),
             'key_type' => ApiKey::TYPE_ACCOUNT,

app/Services/Helpers/AssetHashService.php

@@ -58,8 +58,25 @@ public function __construct(Application $application, CacheRepository $cache, Fi
     public function url(string $resource): string
     {
         $file = last(explode('/', $resource));
+        $data = array_get($this->manifest(), $file, $file);
 
-        return '/' . ltrim(str_replace($file, array_get($this->manifest(), $file, $file), $resource), '/');
+        return str_replace($file, array_get($data, 'src', $file), $resource);
+    }
+
+    /**
+     * Return the data integrity hash for a resource.
+     *
+     * @param string $resource
+     * @return string
+     *
+     * @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
+     */
+    public function integrity(string $resource): string
+    {
+        $file = last(explode('/', $resource));
+        $data = array_get($this->manifest(), $file, $file);
+
+        return array_get($data, 'integrity', '');
     }
 
     /**
@@ -72,7 +89,11 @@ public function url(string $resource): string
      */
     public function css(string $resource): string
     {
-        return '<link href="' . $this->url($resource) . '" rel="stylesheet preload" crossorigin="anonymous" referrerpolicy="no-referrer">';
+        return '<link href="' . $this->url($resource) . '"
+                    rel="stylesheet preload"
+                    crossorigin="anonymous"
+                    integrity="' . $this->integrity($resource) . '"
+                    referrerpolicy="no-referrer">';
     }
 
     /**
@@ -85,7 +106,9 @@ public function css(string $resource): string
      */
     public function js(string $resource): string
     {
-        return '<script src="' . $this->url($resource) . '" crossorigin="anonymous"></script>';
+        return '<script src="' . $this->url($resource) . '"
+                    integrity="' . $this->integrity($resource) . '"
+                    crossorigin="anonymous"></script>';
     }
 
     /**

app/Transformers/Api/Client/AccountTransformer.php

@@ -0,0 +1,37 @@
+<?php
+
+namespace Pterodactyl\Transformers\Api\Client;
+
+use Pterodactyl\Models\User;
+
+class AccountTransformer extends BaseClientTransformer
+{
+    /**
+     * Return the resource name for the JSONAPI output.
+     *
+     * @return string
+     */
+    public function getResourceName(): string
+    {
+        return 'user';
+    }
+
+    /**
+     * Return basic information about the currently logged in user.
+     *
+     * @param \Pterodactyl\Models\User $model
+     * @return array
+     */
+    public function transform(User $model)
+    {
+        return [
+            'id' => $model->id,
+            'admin' => $model->root_admin,
+            'username' => $model->username,
+            'email' => $model->email,
+            'first_name' => $model->name_first,
+            'last_name' => $model->name_last,
+            'language' => $model->language,
+        ];
+    }
+}