First round of API additions

Author: DaneEveritt

app/Contracts/Repository/RepositoryInterface.php

@@ -168,9 +168,10 @@ public function massUpdate(array $where, array $fields);
     /**
      * Return all records from the model.
      *
+     * @param null $paginate
      * @return mixed
      */
-    public function all();
+    public function all($paginate = null);
 
     /**
      * Insert a single or multiple records into the database at once skipping

app/Http/Controllers/API/Admin/Users/UserController.php

@@ -0,0 +1,73 @@
+<?php
+
+namespace Pterodactyl\Http\Controllers\API\Admin\Users;
+
+use Spatie\Fractal\Fractal;
+use Illuminate\Http\Request;
+use Pterodactyl\Http\Controllers\Controller;
+use Pterodactyl\Transformers\Admin\UserTransformer;
+use League\Fractal\Pagination\IlluminatePaginatorAdapter;
+use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
+use Illuminate\Contracts\Config\Repository as ConfigRepository;
+
+/**
+ * @SWG\Swagger(
+ *      schemes={"https"},
+ *      basePath="/api/admin/users"
+ * )
+ */
+class UserController extends Controller
+{
+    /**
+     * @var \Spatie\Fractal\Fractal
+     */
+    private $fractal;
+
+    /**
+     * @var \Pterodactyl\Contracts\Repository\UserRepositoryInterface
+     */
+    private $repository;
+    /**
+     * @var \Illuminate\Contracts\Config\Repository
+     */
+    private $config;
+
+    /**
+     * UserController constructor.
+     *
+     * @param \Illuminate\Contracts\Config\Repository                   $config
+     * @param \Spatie\Fractal\Fractal                                   $fractal
+     * @param \Pterodactyl\Contracts\Repository\UserRepositoryInterface $repository
+     */
+    public function __construct(
+        ConfigRepository $config,
+        Fractal $fractal,
+        UserRepositoryInterface $repository
+    ) {
+        $this->fractal = $fractal;
+        $this->repository = $repository;
+        $this->config = $config;
+    }
+
+    /**
+     * Handle request to list all users on the panel.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @return array
+     */
+    public function index(Request $request)
+    {
+        $users = $this->repository->all($this->config->get('pterodactyl.paginate.api.users'));
+
+        $fractal = $this->fractal->collection($users)
+            ->transformWith(new UserTransformer($request))
+            ->withResourceName('user')
+            ->paginateWith(new IlluminatePaginatorAdapter($users));
+
+        if ($this->config->get('pterodactyl.api.include_on_list') && $request->input('include')) {
+            $fractal->parseIncludes(explode(',', $request->input('include')));
+        }
+
+        return $fractal->toArray();
+    }
+}

app/Models/User.php

@@ -89,7 +89,7 @@ class User extends Model implements
      *
      * @var array
      */
-    protected $hidden = ['password', 'remember_token', 'totp_secret'];
+    protected $hidden = ['password', 'remember_token', 'totp_secret', 'totp_authenticated_at'];
 
     /**
      * Parameters for search querying.

app/Repositories/Eloquent/EloquentRepository.php

@@ -184,14 +184,20 @@ public function massUpdate(array $where, array $fields)
     /**
      * {@inheritdoc}
      */
-    public function all()
+    public function all($paginate = null)
     {
+        Assert::nullOrIntegerish($paginate, 'First argument passed to all must be null or integer, received %s.');
+
         $instance = $this->getBuilder();
         if (is_subclass_of(get_called_class(), SearchableInterface::class)) {
             $instance = $instance->search($this->searchTerm);
         }
 
-        return $instance->get($this->getColumns());
+        if (is_null($paginate)) {
+            return $instance->get($this->getColumns());
+        }
+
+        return $instance->paginate($paginate, $this->getColumns());
     }
 
     /**

app/Transformers/Admin/UserTransformer.php

@@ -1,86 +1,59 @@
 <?php
-/**
- * Pterodactyl - Panel
- * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
- *
- * This software is licensed under the terms of the MIT license.
- * https://opensource.org/licenses/MIT
- */
 
 namespace Pterodactyl\Transformers\Admin;
 
 use Illuminate\Http\Request;
 use Pterodactyl\Models\User;
-use League\Fractal\TransformerAbstract;
+use Pterodactyl\Transformers\ApiTransformer;
 
-class UserTransformer extends TransformerAbstract
+class UserTransformer extends ApiTransformer
 {
     /**
      * List of resources that can be included.
      *
      * @var array
      */
-    protected $availableIncludes = [
-        'access',
-        'servers',
-    ];
-
-    /**
-     * The Illuminate Request object if provided.
-     *
-     * @var \Illuminate\Http\Request|bool
-     */
-    protected $request;
+    protected $availableIncludes = ['servers'];
 
     /**
      * Setup request object for transformer.
      *
-     * @param \Illuminate\Http\Request|bool $request
+     * @param \Illuminate\Http\Request $request
      */
-    public function __construct($request = false)
+    public function __construct(Request $request)
     {
-        if (! $request instanceof Request && $request !== false) {
-            throw new DisplayException('Request passed to constructor must be of type Request or false.');
-        }
-
         $this->request = $request;
     }
 
     /**
      * Return a generic transformed subuser array.
      *
+     * @param \Pterodactyl\Models\User $user
      * @return array
      */
-    public function transform(User $user)
+    public function transform(User $user): array
     {
         return $user->toArray();
     }
 
     /**
      * Return the servers associated with this user.
      *
-     * @return \Leauge\Fractal\Resource\Collection
+     * @param \Pterodactyl\Models\User $user
+     * @return bool|\League\Fractal\Resource\Collection
+     *
+     * @throws \Pterodactyl\Exceptions\PterodactylException
      */
     public function includeServers(User $user)
     {
-        if ($this->request && ! $this->request->apiKeyHasPermission('server-list')) {
-            return;
+        if ($this->authorize('server-list')) {
+            return false;
         }
 
-        return $this->collection($user->servers, new ServerTransformer($this->request), 'server');
-    }
-
-    /**
-     * Return the servers that this user can access.
-     *
-     * @return \Leauge\Fractal\Resource\Collection
-     */
-    public function includeAccess(User $user)
-    {
-        if ($this->request && ! $this->request->apiKeyHasPermission('server-list')) {
-            return;
+        if (! $user->relationLoaded('servers')) {
+            $user->load('servers');
         }
 
-        return $this->collection($user->access()->get(), new ServerTransformer($this->request), 'server');
+        return $this->collection($user->getRelation('servers'), new ServerTransformer($this->request), 'server');
     }
 }

app/Transformers/ApiTransformer.php

@@ -0,0 +1,39 @@
+<?php
+
+namespace Pterodactyl\Transformers;
+
+use League\Fractal\TransformerAbstract;
+use Pterodactyl\Exceptions\PterodactylException;
+
+abstract class ApiTransformer extends TransformerAbstract
+{
+    /**
+     * @var \Illuminate\Http\Request
+     */
+    protected $request;
+
+    /**
+     * Determine if an API key from the request has permission to access
+     * a resource. This is used when loading includes on the transformed
+     * models.
+     *
+     * @param string $permission
+     * @return bool
+     *
+     * @throws \Pterodactyl\Exceptions\PterodactylException
+     */
+    protected function authorize(string $permission): bool
+    {
+        /** @var \Pterodactyl\Models\APIKey $model */
+        $model = $this->request->attributes->get('api_key');
+        if (! $model->relationLoaded('permissions')) {
+            throw new PterodactylException('Permissions must be loaded onto a model before passing to transformer authorize function.');
+        }
+
+        $count = $model->getRelation('permissions')->filter(function ($model) use ($permission) {
+            return $model->permission === $permission;
+        })->count();
+
+        return $count > 0;
+    }
+}

routes/api-admin.php

@@ -1,97 +1,19 @@
 <?php
+
 /*
- * Pterodactyl - Panel
- * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
- *
- * This software is licensed under the terms of the MIT license.
- * https://opensource.org/licenses/MIT
- */
-//Route::get('/', 'CoreController@index');
-//
-///*
-//|--------------------------------------------------------------------------
-//| Server Controller Routes
-//|--------------------------------------------------------------------------
-//|
-//| Endpoint: /api/admin/servers
-//|
-//*/
-//Route::group(['prefix' => '/servers'], function () {
-//    Route::get('/', 'ServerController@index');
-//    Route::get('/{id}', 'ServerController@view');
-//
-//    Route::post('/', 'ServerController@store');
-//
-//    Route::put('/{id}/details', 'ServerController@details');
-//    Route::put('/{id}/container', 'ServerController@container');
-//    Route::put('/{id}/build', 'ServerController@build');
-//    Route::put('/{id}/startup', 'ServerController@startup');
-//
-//    Route::patch('/{id}/install', 'ServerController@install');
-//    Route::patch('/{id}/rebuild', 'ServerController@rebuild');
-//    Route::patch('/{id}/suspend', 'ServerController@suspend');
-//
-//    Route::delete('/{id}', 'ServerController@delete');
-//});
-//
-///*
-//|--------------------------------------------------------------------------
-//| Location Controller Routes
-//|--------------------------------------------------------------------------
-//|
-//| Endpoint: /api/admin/locations
-//|
-//*/
-//Route::group(['prefix' => '/locations'], function () {
-//    Route::get('/', 'LocationController@index');
-//});
-//
-///*
-//|--------------------------------------------------------------------------
-//| Node Controller Routes
-//|--------------------------------------------------------------------------
-//|
-//| Endpoint: /api/admin/nodes
-//|
-//*/
-//Route::group(['prefix' => '/nodes'], function () {
-//    Route::get('/', 'NodeController@index');
-//    Route::get('/{id}', 'NodeController@view');
-//    Route::get('/{id}/config', 'NodeController@viewConfig');
-//
-//    Route::post('/', 'NodeController@store');
-//
-//    Route::delete('/{id}', 'NodeController@delete');
-//});
-//
-///*
-//|--------------------------------------------------------------------------
-//| User Controller Routes
-//|--------------------------------------------------------------------------
-//|
-//| Endpoint: /api/admin/users
-//|
-//*/
-//Route::group(['prefix' => '/users'], function () {
-//    Route::get('/', 'UserController@index');
-//    Route::get('/{id}', 'UserController@view');
-//
-//    Route::post('/', 'UserController@store');
-//
-//    Route::put('/{id}', 'UserController@update');
-//
-//    Route::delete('/{id}', 'UserController@delete');
-//});
-//
-///*
-//|--------------------------------------------------------------------------
-//| Service Controller Routes
-//|--------------------------------------------------------------------------
-//|
-//| Endpoint: /api/admin/services
-//|
-//*/
-//Route::group(['prefix' => '/services'], function () {
-//    Route::get('/', 'ServiceController@index');
-//    Route::get('/{id}', 'ServiceController@view');
-//});
+|--------------------------------------------------------------------------
+| User Controller Routes
+|--------------------------------------------------------------------------
+|
+| Endpoint: /api/admin/users
+|
+*/
+Route::group(['prefix' => '/users'], function () {
+    Route::get('/', 'Users\UserController@index')->name('api.admin.user.list');
+    Route::get('/{id}', 'Users\UserController@view');
+
+    Route::post('/', 'Users\UserController@store');
+    Route::put('/{id}', 'Users\UserController@update');
+
+    Route::delete('/{id}', 'Users\UserController@delete');
+});