very basic initial push of API

DaneEveritt · DaneEveritt · commit 98b3355158b8 · 2016-01-12T01:05:44.000-05:00
diff --git a/.env.example b/.env.example
@@ -1,6 +1,7 @@
 APP_ENV=local
 APP_DEBUG=true
 APP_KEY=SomeRandomString
+JWT_SECRET=ChangeMe
 
 DB_HOST=localhost
 DB_PORT=3306
@@ -22,3 +23,7 @@ MAIL_PORT=2525
 MAIL_USERNAME=null
 MAIL_PASSWORD=null
 MAIL_ENCRYPTION=null
+
+API_PREFIX=api
+API_VERSION=v1
+API_DEBUG=false
diff --git a/app/Exceptions/Handler.php b/app/Exceptions/Handler.php
@@ -55,7 +55,7 @@ public function render($request, Exception $e)
             $e = new NotFoundHttpException($e->getMessage(), $e);
         }
 
-        if ($request->isXmlHttpRequest() || $request->ajax() || $request->is('api/*') || $request->is('remote/*')) {
+        if ($request->isXmlHttpRequest() || $request->ajax() || $request->is('remote/*')) {
 
             $exception = 'An exception occured while attempting to perform this action, please try again.';
 
diff --git a/app/Http/Controllers/API/AuthController.php b/app/Http/Controllers/API/AuthController.php
@@ -0,0 +1,64 @@
+<?php
+
+namespace Pterodactyl\Http\Controllers\API;
+
+use JWTAuth;
+use Tymon\JWTAuth\Exceptions\JWTException;
+
+use Illuminate\Http\Request;
+use \Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
+use \Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
+
+use Pterodactyl\Transformers\UserTransformer;
+use Pterodactyl\Models;
+
+/**
+ * @Resource("Auth", uri="/auth")
+ */
+class AuthController extends BaseController
+{
+
+    /**
+     * Authenticate
+     *
+     * Authenticate with the API to recieved a JSON Web Token
+     *
+     * @Post("/login")
+     * @Versions({"v1"})
+     * @Request({"email": "e@mail.com", "password": "soopersecret"})
+     * @Response(200, body={"token": "<jwt-token>"})
+     */
+    public function postLogin(Request $request) {
+        $credentials = $request->only('email', 'password');
+
+        try {
+            $token = JWTAuth::attempt($credentials, [
+                'permissions' => [
+                    'view_users' => true,
+                    'edit_users' => true,
+                    'delete_users' => false,
+                ]
+            ]);
+            if (!$token) {
+                throw new UnauthorizedHttpException('');
+            }
+        } catch (JWTException $ex) {
+            throw new ServiceUnavailableHttpException('');
+        }
+
+        return compact('token');
+    }
+
+    /**
+     * Check if Authenticated
+     *
+     * @Post("/validate")
+     * @Versions({"v1"})
+     * @Request(headers={"Authorization": "Bearer <jwt-token>"})
+     * @Response(204);
+     */
+    public function postValidate(Request $request) {
+        return $this->response->noContent();
+    }
+
+}
diff --git a/app/Http/Controllers/API/BaseController.php b/app/Http/Controllers/API/BaseController.php
@@ -0,0 +1,11 @@
+<?php
+
+namespace Pterodactyl\Http\Controllers\API;
+
+use Dingo\Api\Routing\Helpers;
+use Illuminate\Routing\Controller;
+
+class BaseController extends Controller
+{
+    use Helpers;
+}
diff --git a/app/Http/Controllers/API/UserController.php b/app/Http/Controllers/API/UserController.php
@@ -2,82 +2,32 @@
 
 namespace Pterodactyl\Http\Controllers\API;
 
-use Gate;
-use Log;
-use Debugbar;
-use Pterodactyl\Models\API;
-use Pterodactyl\Models\User;
-
-use Pterodactyl\Http\Controllers\Controller;
 use Illuminate\Http\Request;
 
-class UserController extends Controller
-{
-
-    /**
-     * Constructor
-     */
-    public function __construct()
-    {
-        //
-    }
-
-    public function getAllUsers(Request $request)
-    {
-
-        // Policies don't work if the user isn't logged in for whatever reason in Laravel...
-        if(!API::checkPermission($request->header('X-Authorization'), 'get-users')) {
-            return API::noPermissionError();
-        }
+use Pterodactyl\Transformers\UserTransformer;
+use Pterodactyl\Models;
 
-        return response()->json([
-            'users' => User::all()
-        ]);
-    }
+/**
+ * @Resource("Users", uri="/users")
+ */
+class UserController extends BaseController
+{
 
     /**
-     * Returns JSON response about a user given their ID.
-     * If fields are provided only those fields are returned.
+     * List All Users
      *
-     * Does not return protected fields (i.e. password & totp_secret)
+     * Lists all users currently on the system.
      *
-     * @param  Request $request
-     * @param  int     $id
-     * @param  string  $fields
-     * @return Response
+     * @Get("/{?page}")
+     * @Versions({"v1"})
+     * @Parameters({
+     * 		@Parameter("page", type="integer", description="The page of results to view.", default=1)
+     * })
+     * @Response(200)
      */
-    public function getUser(Request $request, $id, $fields = null)
-    {
-
-        // Policies don't work if the user isn't logged in for whatever reason in Laravel...
-        if(!API::checkPermission($request->header('X-Authorization'), 'get-users')) {
-            return API::noPermissionError();
-        }
-
-        if (is_null($fields)) {
-            return response()->json(User::find($id));
-        }
-
-        $query = User::where('id', $id);
-        $explode = explode(',', $fields);
-
-        foreach($explode as &$exploded) {
-            if(!empty($exploded)) {
-                $query->addSelect($exploded);
-            }
-        }
-
-        try {
-            return response()->json($query->get());
-        } catch (\Exception $e) {
-            if ($e instanceof \Illuminate\Database\QueryException) {
-                return response()->json([
-                    'error' => 'One of the fields provided in your argument list is invalid.'
-                ], 500);
-            }
-            throw $e;
-        }
-
+    public function getUsers(Request $request) {
+        $users = Models\User::paginate(15);
+        return $this->response->paginator($users, new UserTransformer);
     }
 
 }
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
@@ -17,7 +17,6 @@ class Kernel extends HttpKernel
         \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
         \Illuminate\Session\Middleware\StartSession::class,
         \Illuminate\View\Middleware\ShareErrorsFromSession::class,
-        \Pterodactyl\Http\Middleware\VerifyCsrfToken::class,
     ];
 
     /**
@@ -30,7 +29,7 @@ class Kernel extends HttpKernel
         'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
         'guest' => \Pterodactyl\Http\Middleware\RedirectIfAuthenticated::class,
         'server' => \Pterodactyl\Http\Middleware\CheckServer::class,
-        'api' => \Pterodactyl\Http\Middleware\APIAuthenticate::class,
         'admin' => \Pterodactyl\Http\Middleware\AdminAuthenticate::class,
+        'csrf' => \Pterodactyl\Http\Middleware\VerifyCsrfToken::class,
     ];
 }
diff --git a/app/Http/Middleware/APIAuthenticate.php b/app/Http/Middleware/APIAuthenticate.php
diff --git a/app/Http/Routes/APIRoutes.php b/app/Http/Routes/APIRoutes.php
@@ -0,0 +1,47 @@
+<?php
+
+namespace Pterodactyl\Http\Routes;
+
+use Pterodactyl\Models;
+use Illuminate\Routing\Router;
+
+class APIRoutes
+{
+
+    public function map(Router $router) {
+
+        app('Dingo\Api\Auth\Auth')->extend('jwt', function ($app) {
+            return new \Dingo\Api\Auth\Provider\JWT($app['Tymon\JWTAuth\JWTAuth']);
+        });
+
+        $api = app('Dingo\Api\Routing\Router');
+
+        $api->version('v1', function ($api) {
+            $api->post('auth/login', [
+                'as' => 'api.auth.login',
+                'uses' => 'Pterodactyl\Http\Controllers\API\AuthController@postLogin'
+            ]);
+
+            $api->post('auth/validate', [
+                'middleware' => 'api.auth',
+                'as' => 'api.auth.validate',
+                'uses' => 'Pterodactyl\Http\Controllers\API\AuthController@postValidate'
+            ]);
+        });
+
+        $api->version('v1', ['middleware' => 'api.auth'], function ($api) {
+
+            $api->get('users', [
+                'as' => 'api.auth.validate',
+                'uses' => 'Pterodactyl\Http\Controllers\API\UserController@getUsers'
+            ]);
+
+            $api->get('users/{id}', function($id) {
+                return Models\User::findOrFail($id);
+            });
+
+
+        });
+    }
+
+}
diff --git a/app/Transformers/UserTransformer.php b/app/Transformers/UserTransformer.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace Pterodactyl\Transformers;
+
+use Pterodactyl\Models\User;
+use League\Fractal\TransformerAbstract;
+
+class UserTransformer extends TransformerAbstract
+{
+
+    /**
+     * Turn this item object into a generic array
+     *
+     * @return array
+     */
+    public function transform(User $user)
+    {
+        return $user;
+    }
+
+}
diff --git a/composer.json b/composer.json
@@ -8,12 +8,14 @@
         "php": ">=5.5.9",
         "laravel/framework": "5.2.*",
         "barryvdh/laravel-debugbar": "^2.0",
+        "dingo/api": "1.0.*@dev",
         "doctrine/dbal": "^2.5",
         "guzzlehttp/guzzle": "^6.1",
         "pragmarx/google2fa": "^0.7.1",
         "webpatser/laravel-uuid": "^2.0",
         "prologue/alerts": "^0.4.0",
-        "s1lentium/iptools": "^1.0"
+        "s1lentium/iptools": "^1.0",
+        "tymon/jwt-auth": "^0.5.6"
     },
     "require-dev": {
         "fzaninotto/faker": "~1.4",
diff --git a/config/api.php b/config/api.php
diff --git a/config/app.php b/config/app.php
diff --git a/config/jwt.php b/config/jwt.php

Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,7 @@ public function render($request, Exception $e)`
`55`	`55`	`$e = new NotFoundHttpException($e->getMessage(), $e);`
`56`	`56`	`}`
`57`	`57`
`58`		`- if ($request->isXmlHttpRequest() \|\| $request->ajax() \|\| $request->is('api/') \|\| $request->is('remote/')) {`
	`58`	`+ if ($request->isXmlHttpRequest() \|\| $request->ajax() \|\| $request->is('remote/*')) {`
`59`	`59`
`60`	`60`	`$exception = 'An exception occured while attempting to perform this action, please try again.';`
`61`	`61`