Finish user portion of API

Author: DaneEveritt

app/Http/Controllers/API/AuthController.php

@@ -21,7 +21,7 @@
 use Pterodactyl\Models;
 
 /**
- * @Resource("Auth", uri="/auth")
+ * @Resource("Auth")
  */
 class AuthController extends BaseController
 {
@@ -57,7 +57,7 @@ public function __construct()
      *
      * Authenticate with the API to recieved a JSON Web Token
      *
-     * @Post("/login")
+     * @Post("/auth/login")
      * @Versions({"v1"})
      * @Request({"email": "e@mail.com", "password": "soopersecret"})
      * @Response(200, body={"token": "<jwt-token>"})
@@ -112,7 +112,7 @@ public function postLogin(Request $request) {
     /**
      * Check if Authenticated
      *
-     * @Post("/validate")
+     * @Post("/auth/validate")
      * @Versions({"v1"})
      * @Request(headers={"Authorization": "Bearer <jwt-token>"})
      * @Response(204)

app/Http/Controllers/API/UserController.php

@@ -6,12 +6,14 @@
 
 use Dingo\Api\Exception\StoreResourceFailedException;
 
-use Pterodactyl\Transformers\UserTransformer;
 use Pterodactyl\Models;
+use Pterodactyl\Transformers\UserTransformer;
 use Pterodactyl\Repositories\UserRepository;
+use Pterodactyl\Exceptions\DisplayValidationException;
+use Pterodactyl\Exceptions\DisplayException;
 
 /**
- * @Resource("Users", uri="/users")
+ * @Resource("Users")
  */
 class UserController extends BaseController
 {
@@ -21,7 +23,7 @@ class UserController extends BaseController
      *
      * Lists all users currently on the system.
      *
-     * @Get("/{?page}")
+     * @Get("/users/{?page}")
      * @Versions({"v1"})
      * @Parameters({
      *      @Parameter("page", type="integer", description="The page of results to view.", default=1)
@@ -39,15 +41,15 @@ public function getUsers(Request $request)
      *
      * Lists specific fields about a user or all fields pertaining to that user.
      *
-     * @Get("/{id}/{fields}")
+     * @Get("/users/{id}/{fields}")
      * @Versions({"v1"})
      * @Parameters({
      *      @Parameter("id", type="integer", required=true, description="The ID of the user to get information on."),
      *      @Parameter("fields", type="string", required=false, description="A comma delimidated list of fields to include.")
      * })
      * @Response(200)
      */
-    public function getUserByID(Request $request, $id, $fields = null)
+    public function getUser(Request $request, $id, $fields = null)
     {
         $query = Models\User::where('id', $id);
 
@@ -65,34 +67,38 @@ public function getUserByID(Request $request, $id, $fields = null)
     /**
      * Create a New User
      *
-     * @Post("/")
+     * @Post("/users")
      * @Versions({"v1"})
      * @Transaction({
      *      @Request({
      *          "email": "foo@example.com",
      *          "password": "foopassword",
      *          "admin": false
      *       }, headers={"Authorization": "Bearer <jwt-token>"}),
-     *       @Response(200, body={"id": 1}),
-     *       @Response(422, body{
+     *       @Response(201),
+     *       @Response(422, body={
      *          "message": "A validation error occured.",
      *          "errors": {
-     *              "email": ["The email field is required."],
-     *              "password": ["The password field is required."],
-     *              "admin": ["The admin field is required."]
+     *              "email": {"The email field is required."},
+     *              "password": {"The password field is required."},
+     *              "admin": {"The admin field is required."}
      *          },
      *          "status_code": 422
      *       })
      * })
      */
-    public function postUsers(Request $request)
+    public function postUser(Request $request)
     {
         try {
             $user = new UserRepository;
             $create = $user->create($request->input('email'), $request->input('password'), $request->input('admin'));
-            return [ 'id' => $create ];
-        } catch (\Pterodactyl\Exceptions\DisplayValidationException $ex) {
+            return $this->response->created(route('api.users.view', [
+                'id' => $create
+            ]));
+        } catch (DisplayValidationException $ex) {
             throw new StoreResourceFailedException('A validation error occured.', json_decode($ex->getMessage(), true));
+        } catch (DisplayException $ex) {
+            throw new StoreResourceFailedException($ex->getMessage());
         } catch (\Exception $ex) {
             throw new StoreResourceFailedException('Unable to create a user on the system due to an error.');
         }
@@ -103,7 +109,7 @@ public function postUsers(Request $request)
      *
      * The data sent in the request will be used to update the existing user on the system.
      *
-     * @Patch("/{id}")
+     * @Patch("/users/{id}")
      * @Versions({"v1"})
      * @Transaction({
      *      @Request({
@@ -118,13 +124,23 @@ public function postUsers(Request $request)
      */
     public function patchUser(Request $request, $id)
     {
-        //
+        try {
+            $user = new UserRepository;
+            $user->update($id, $request->all());
+            return Models\User::findOrFail($id);
+        } catch (DisplayValidationException $ex) {
+            throw new StoreResourceFailedException('A validation error occured.', json_decode($ex->getMessage(), true));
+        } catch (DisplayException $ex) {
+            throw new StoreResourceFailedException($ex->getMessage());
+        } catch (\Exception $ex) {
+            throw new StoreResourceFailedException('Unable to create a user on the system due to an error.');
+        }
     }
 
     /**
      * Delete a User
      *
-     * @Delete("/{id}")
+     * @Delete("/users/{id}")
      * @Versions({"v1"})
      * @Transaction({
      *      @Request(headers={"Authorization": "Bearer <jwt-token>"}),
@@ -137,7 +153,15 @@ public function patchUser(Request $request, $id)
      */
     public function deleteUser(Request $request, $id)
     {
-        //
+        try {
+            $user = new UserRepository;
+            $user->delete($id);
+            return $this->response->noContent();
+        } catch (DisplayException $ex) {
+            throw new StoreResourceFailedException($ex->getMessage());
+        } catch (\Exception $ex) {
+            throw new StoreResourceFailedException('Unable to delete this user due to an error.');
+        }
     }
 
 }

app/Http/Routes/APIRoutes.php

@@ -30,22 +30,30 @@ public function map(Router $router) {
         });
 
         $api->version('v1', ['middleware' => 'api.auth'], function ($api) {
-
             $api->get('users', [
                 'as' => 'api.users',
                 'uses' => 'Pterodactyl\Http\Controllers\API\UserController@getUsers'
             ]);
 
             $api->post('users', [
                 'as' => 'api.users.post',
-                'uses' => 'Pterodactyl\Http\Controllers\API\UserController@postUsers'
+                'uses' => 'Pterodactyl\Http\Controllers\API\UserController@postUser'
             ]);
 
             $api->get('users/{id}/{fields?}', [
                 'as' => 'api.users.view',
-                'uses' => 'Pterodactyl\Http\Controllers\API\UserController@getUserByID'
+                'uses' => 'Pterodactyl\Http\Controllers\API\UserController@getUser'
+            ]);
+
+            $api->patch('users/{id}/', [
+                'as' => 'api.users.patch',
+                'uses' => 'Pterodactyl\Http\Controllers\API\UserController@patchUser'
             ]);
 
+            $api->delete('users/{id}/', [
+                'as' => 'api.users.delete',
+                'uses' => 'Pterodactyl\Http\Controllers\API\UserController@deleteUser'
+            ]);
         });
     }
 

app/Models/User.php

@@ -34,7 +34,7 @@ class User extends Model implements AuthenticatableContract,
      *
      * @var array
      */
-    protected $fillable = ['name', 'email', 'password'];
+    protected $fillable = ['name', 'email', 'password', 'use_totp', 'totp_secret', 'language'];
 
     /**
      * The attributes excluded from the model's JSON form.

app/Repositories/UserRepository.php

@@ -2,13 +2,15 @@
 
 namespace Pterodactyl\Repositories;
 
-use Validator;
+use DB;
 use Hash;
+use Validator;
 
-use Pterodactyl\Models\User;
+use Pterodactyl\Models;
 use Pterodactyl\Services\UuidService;
 
 use Pterodactyl\Exceptions\DisplayValidationException;
+use Pterodactyl\Exceptions\DisplayException;
 
 class UserRepository
 {
@@ -27,15 +29,14 @@ public function __construct()
      */
     public function create($email, $password, $admin = false)
     {
-
         $validator = Validator::make([
             'email' => $email,
             'password' => $password,
-            'admin' => $admin
+            'root_admin' => $admin
         ], [
             'email' => 'required|email|unique:users,email',
             'password' => 'required|regex:((?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,})',
-            'admin' => 'required|boolean'
+            'root_admin' => 'required|boolean'
         ]);
 
         // Run validator, throw catchable and displayable exception if it fails.
@@ -44,7 +45,7 @@ public function create($email, $password, $admin = false)
             throw new DisplayValidationException($validator->errors());
         }
 
-        $user = new User;
+        $user = new Models\User;
         $uuid = new UuidService;
 
         $user->uuid = $uuid->generate('users', 'uuid');
@@ -64,16 +65,25 @@ public function create($email, $password, $admin = false)
      * Updates a user on the panel.
      *
      * @param  integer $id
-     * @param  array $user An array of columns and their associated values to update for the user.
+     * @param  array $data An array of columns and their associated values to update for the user.
      * @return boolean
      */
-    public function update($id, array $user)
+    public function update($id, array $data)
     {
-        if(array_key_exists('password', $user)) {
-            $user['password'] = Hash::make($user['password']);
+        $validator = Validator::make($data, [
+            'email' => 'email|unique:users,email,' . $id,
+            'password' => 'regex:((?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,})',
+            'root_admin' => 'boolean',
+            'language' => 'string|min:1|max:5',
+            'use_totp' => 'boolean',
+            'totp_secret' => 'size:16'
+        ]);
+
+        if(array_key_exists('password', $data)) {
+            $user['password'] = Hash::make($data['password']);
         }
 
-        return User::find($id)->update($user);
+        return Models\User::find($id)->update($data);
     }
 
     /**
@@ -84,9 +94,22 @@ public function update($id, array $user)
      */
     public function delete($id)
     {
-        // @TODO cannot delete user with associated servers!
-        // clean up subusers!
-        return User::destroy($id);
+        if(Models\Server::where('owner', $id)->count() > 0) {
+            throw new DisplayException('Cannot delete a user with active servers attached to thier account.');
+        }
+
+        DB::beginTransaction();
+
+        Models\Permission::where('user_id', $id)->delete();
+        Models\Subuser::where('user_id', $id)->delete();
+        Models\User::destroy($id);
+
+        try {
+            DB::commit();
+            return true;
+        } catch (\Exception $ex) {
+            throw $ex;
+        }
     }
 
 }