Final adjustments to Daemon <-> Panel communication change

Author: DaneEveritt

app/Console/Commands/Server/RebuildServerCommand.php

@@ -104,10 +104,7 @@ public function handle()
             ];
 
             try {
-                $this->daemonRepository->setNode($server->node_id)
-                    ->setAccessServer($server->uuid)
-                    ->setAccessToken($server->node->daemonSecret)
-                    ->update($json);
+                $this->daemonRepository->setNode($server->node_id)->setAccessServer($server->uuid)->update($json);
             } catch (RequestException $exception) {
                 $this->output->error(trans('command/messages.server.rebuild_failed', [
                     'name' => $server->name,

app/Contracts/Repository/Daemon/ServerRepositoryInterface.php

@@ -36,15 +36,6 @@ interface ServerRepositoryInterface extends BaseRepositoryInterface
      */
     public function create($id, array $overrides = [], $start = false);
 
-    /**
-     * Set an access token and associated permissions for a server.
-     *
-     * @param string $key
-     * @param array  $permissions
-     * @return \Psr\Http\Message\ResponseInterface
-     */
-    public function setSubuserKey($key, array $permissions);
-
     /**
      * Update server details on the daemon.
      *
@@ -95,4 +86,12 @@ public function delete();
      * @return \Psr\Http\Message\ResponseInterface
      */
     public function details();
+
+    /**
+     * Revoke an access key on the daemon before the time is expired.
+     *
+     * @param string $key
+     * @return \Psr\Http\Message\ResponseInterface
+     */
+    public function revokeAccessKey($key);
 }

app/Contracts/Repository/DaemonKeyRepositoryInterface.php

@@ -26,6 +26,11 @@
 
 interface DaemonKeyRepositoryInterface extends RepositoryInterface
 {
+    /**
+     * String prepended to keys to identify that they are managed internally and not part of the user API.
+     */
+    const INTERNAL_KEY_IDENTIFIER = 'i_';
+
     /**
      * Gets the daemon keys associated with a specific server.
      *

app/Contracts/Repository/SubuserRepositoryInterface.php

@@ -30,7 +30,7 @@ interface SubuserRepositoryInterface extends RepositoryInterface
      * Return a subuser with the associated server relationship.
      *
      * @param int $id
-     * @return \Illuminate\Database\Eloquent\Collection
+     * @return \Pterodactyl\Models\Subuser
      *
      * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
      */

app/Exceptions/Service/Server/UserNotLinkedToServerException.php

@@ -30,7 +30,6 @@
 use Illuminate\Foundation\Testing\HttpException;
 use League\Fractal\Serializer\JsonApiSerializer;
 use Pterodactyl\Transformers\Daemon\ApiKeyTransformer;
-use Pterodactyl\Services\DaemonKeys\DaemonKeyUpdateService;
 use Pterodactyl\Contracts\Repository\DaemonKeyRepositoryInterface;
 
 class ValidateKeyController extends Controller
@@ -78,7 +77,7 @@ public function __construct(
      */
     public function index($token)
     {
-        if (! starts_with($token, DaemonKeyUpdateService::INTERNAL_TOKEN_IDENTIFIER)) {
+        if (! starts_with($token, DaemonKeyRepositoryInterface::INTERNAL_KEY_IDENTIFIER)) {
             throw new HttpException(501);
         }
 

app/Http/Controllers/API/Remote/ValidateKeyController.php

@@ -29,21 +29,21 @@
 use GuzzleHttp\Exception\RequestException;
 use Pterodactyl\Http\Controllers\Controller;
 use Symfony\Component\HttpKernel\Exception\HttpException;
-use Pterodactyl\Services\Servers\ServerAccessHelperService;
+use Pterodactyl\Services\DaemonKeys\DaemonKeyProviderService;
 use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
 use Pterodactyl\Contracts\Repository\Daemon\ServerRepositoryInterface as DaemonServerRepositoryInterface;
 
 class IndexController extends Controller
 {
     /**
-     * @var \Pterodactyl\Services\Servers\ServerAccessHelperService
+     * @var \Pterodactyl\Contracts\Repository\Daemon\ServerRepositoryInterface
      */
-    protected $serverAccessHelper;
+    protected $daemonRepository;
 
     /**
-     * @var \Pterodactyl\Contracts\Repository\Daemon\ServerRepositoryInterface
+     * @var \Pterodactyl\Services\DaemonKeys\DaemonKeyProviderService
      */
-    protected $daemonRepository;
+    protected $keyProviderService;
 
     /**
      * @var \Pterodactyl\Contracts\Repository\ServerRepositoryInterface
@@ -53,17 +53,17 @@ class IndexController extends Controller
     /**
      * IndexController constructor.
      *
+     * @param \Pterodactyl\Services\DaemonKeys\DaemonKeyProviderService          $keyProviderService
      * @param \Pterodactyl\Contracts\Repository\Daemon\ServerRepositoryInterface $daemonRepository
-     * @param \Pterodactyl\Services\Servers\ServerAccessHelperService            $serverAccessHelper
      * @param \Pterodactyl\Contracts\Repository\ServerRepositoryInterface        $repository
      */
     public function __construct(
+        DaemonKeyProviderService $keyProviderService,
         DaemonServerRepositoryInterface $daemonRepository,
-        ServerAccessHelperService $serverAccessHelper,
         ServerRepositoryInterface $repository
     ) {
-        $this->serverAccessHelper = $serverAccessHelper;
         $this->daemonRepository = $daemonRepository;
+        $this->keyProviderService = $keyProviderService;
         $this->repository = $repository;
     }
 
@@ -93,7 +93,7 @@ public function getIndex(Request $request)
     public function status(Request $request, $uuid)
     {
         $server = $this->repository->findFirstWhere([['uuidShort', '=', $uuid]]);
-        $token = $this->serverAccessHelper->handle($server, $request->user());
+        $token = $this->keyProviderService->handle($server->id, $request->user()->id);
 
         if (! $server->installed) {
             return response()->json(['status' => 20]);

app/Http/Controllers/Base/IndexController.php

@@ -28,15 +28,15 @@
 use Illuminate\Http\Request;
 use Illuminate\Contracts\Session\Session;
 use Illuminate\Auth\AuthenticationException;
-use Pterodactyl\Services\Servers\ServerAccessHelperService;
-use Pterodactyl\Exceptions\Service\Server\UserNotLinkedToServerException;
+use Pterodactyl\Services\DaemonKeys\DaemonKeyProviderService;
+use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
 
 class SubuserAccessAuthenticate
 {
     /**
-     * @var \Pterodactyl\Services\Servers\ServerAccessHelperService
+     * @var \Pterodactyl\Services\DaemonKeys\DaemonKeyProviderService
      */
-    protected $accessHelperService;
+    protected $keyProviderService;
 
     /**
      * @var \Illuminate\Contracts\Session\Session
@@ -46,33 +46,36 @@ class SubuserAccessAuthenticate
     /**
      * SubuserAccessAuthenticate constructor.
      *
-     * @param \Pterodactyl\Services\Servers\ServerAccessHelperService $accessHelperService
-     * @param \Illuminate\Contracts\Session\Session                   $session
+     * @param \Pterodactyl\Services\DaemonKeys\DaemonKeyProviderService $keyProviderService
+     * @param \Illuminate\Contracts\Session\Session                     $session
      */
     public function __construct(
-        ServerAccessHelperService $accessHelperService,
+        DaemonKeyProviderService $keyProviderService,
         Session $session
     ) {
-        $this->accessHelperService = $accessHelperService;
+        $this->keyProviderService = $keyProviderService;
         $this->session = $session;
     }
 
     /**
+     * Determine if a subuser has permissions to access a server, if so set thier access token.
+     *
      * @param \Illuminate\Http\Request $request
      * @param \Closure                 $next
      * @return mixed
      *
      * @throws \Illuminate\Auth\AuthenticationException
+     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
      * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
      */
     public function handle(Request $request, Closure $next)
     {
         $server = $this->session->get('server_data.model');
 
         try {
-            $token = $this->accessHelperService->handle($server, $request->user());
+            $token = $this->keyProviderService->handle($server->id, $request->user()->id);
             $this->session->now('server_data.token', $token);
-        } catch (UserNotLinkedToServerException $exception) {
+        } catch (RecordNotFoundException $exception) {
             throw new AuthenticationException('This account does not have permission to access this server.');
         }
 

app/Http/Middleware/SubuserAccessAuthenticate.php

@@ -110,13 +110,13 @@ public function handle(
             case 'power':
                 $this->powerRepository->setNode($server->node_id)
                     ->setAccessServer($server->uuid)
-                    ->setAccessToken($server->daemonSecret)
+                    ->setAccessToken($server->accessToken->secret)
                     ->sendSignal($task->payload);
                 break;
             case 'command':
                 $this->commandRepository->setNode($server->node_id)
                     ->setAccessServer($server->uuid)
-                    ->setAccessToken($server->daemonSecret)
+                    ->setAccessToken($server->accessToken->secret)
                     ->send($task->payload);
                 break;
             default:

app/Jobs/Schedule/RunTaskJob.php

@@ -25,12 +25,14 @@
 namespace Pterodactyl\Models;
 
 use Sofa\Eloquence\Eloquence;
+use Sofa\Eloquence\Validable;
 use Illuminate\Database\Eloquent\Model;
 use Sofa\Eloquence\Contracts\CleansAttributes;
+use Sofa\Eloquence\Contracts\Validable as ValidableContract;
 
-class Permission extends Model implements CleansAttributes
+class Permission extends Model implements CleansAttributes, ValidableContract
 {
-    use Eloquence;
+    use Eloquence, Validable;
 
     /**
      * Should timestamps be used on this model.
@@ -62,6 +64,22 @@ class Permission extends Model implements CleansAttributes
         'subuser_id' => 'integer',
     ];
 
+    /**
+     * @var array
+     */
+    protected static $applicationRules = [
+        'subuser_id' => 'required',
+        'permission' => 'required',
+    ];
+
+    /**
+     * @var array
+     */
+    protected static $dataIntegrityRules = [
+        'subuser_id' => 'numeric|min:1',
+        'permission' => 'string',
+    ];
+
     /**
      * A list of all permissions available for a user.
      *