Finish API routes for users.

Author: DaneEveritt

app/Http/Controllers/API/User/CoreController.php

@@ -31,6 +31,12 @@
 
 class CoreController extends Controller
 {
+    /**
+     * Controller to handle base user request for all of their servers.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return array
+     */
     public function index(Request $request)
     {
         $servers = $request->user()->access('service', 'node', 'allocation', 'option')->get();

app/Http/Controllers/API/User/ServerController.php

@@ -27,11 +27,20 @@
 use Fractal;
 use Illuminate\Http\Request;
 use Pterodactyl\Models\Server;
+use GuzzleHttp\Exception\ConnectException;
 use Pterodactyl\Http\Controllers\Controller;
 use Pterodactyl\Transformers\User\ServerTransformer;
+use Pterodactyl\Repositories\Daemon\PowerRepository;
 
 class ServerController extends Controller
 {
+    /**
+     * Controller to handle base request for individual server information.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  string                    $uuid
+     * @return array
+     */
     public function index(Request $request, $uuid)
     {
         $server = Server::byUuid($uuid);
@@ -46,13 +55,39 @@ public function index(Request $request, $uuid)
         return $fractal->transformWith(new ServerTransformer)->toArray();
     }
 
+    /**
+     * Controller to handle request for server power toggle.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  string                    $uuid
+     * @return \Illuminate\Http\Response
+     */
     public function power(Request $request, $uuid)
     {
+        $server = Server::byUuid($uuid);
+        $request->user()->can('power-' . $request->input('action'), $server);
+
+        $repo = new PowerRepository($server);
+        $repo->do($request->input('action'));
 
+        return response('', 204)->header('Content-Type', 'application/json');
     }
 
+    /**
+     * Controller to handle base request for individual server information.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  string                    $uuid
+     * @return \Illuminate\Http\Response
+     */
     public function command(Request $request, $uuid)
     {
+        $server = Server::byUuid($uuid);
+        $request->user()->can('send-command', $server);
+
+        $repo = new CommandRepository($server);
+        $repo->send($request->input('command'));
 
+        return response('', 204)->header('Content-Type', 'application/json');
     }
 }

app/Http/Middleware/HMACAuthorization.php

@@ -29,6 +29,7 @@
 use Config;
 use Closure;
 use Response;
+use Debugbar;
 use IPTools\IP;
 use IPTools\Range;
 use Illuminate\Http\Request;
@@ -74,6 +75,7 @@ class HMACAuthorization
      */
     public function __construct()
     {
+        Debugbar::disable();
         Config::set('session.driver', 'array');
     }
 

app/Repositories/Daemon/CommandRepository.php

@@ -25,6 +25,7 @@
 namespace Pterodactyl\Repositories\Daemon;
 
 use Pterodactyl\Models;
+use GuzzleHttp\Exception\ConnectException;
 use Pterodactyl\Exceptions\DisplayException;
 
 class CommandRepository
@@ -60,20 +61,20 @@ public function send($command)
     {
         // We don't use the user's specific daemon secret here since we
         // are assuming that a call to this function has been validated.
-        // Additionally not all calls to this will be from a logged in user.
-        // (e.g. task queue or API)
         try {
-            $response = $this->server->node->guzzleClient([
-                'X-Access-Token' => $this->server->daemonSecret,
-                'X-Access-Server' => $this->server->uuid,
-            ])->request('POST', '/server/command', ['json' => ['command' => $command]]);
+            $response = $this->server->guzzleClient()->request('PUT', '/server/command', [
+                'http_errors' => false,
+                'json' => [
+                    'command' => $command,
+                ],
+            ]);
 
             if ($response->getStatusCode() < 200 || $response->getStatusCode() >= 300) {
-                throw new DisplayException('Command sending responded with a non-200 error code.');
+                throw new DisplayException('Command sending responded with a non-200 error code (HTTP/' . $response->getStatusCode() . ').');
             }
 
             return $response->getBody();
-        } catch (\Exception $ex) {
+        } catch (ConnectException $ex) {
             throw $ex;
         }
     }

app/Repositories/Daemon/PowerRepository.php

@@ -25,6 +25,7 @@
 namespace Pterodactyl\Repositories\Daemon;
 
 use Pterodactyl\Models;
+use GuzzleHttp\Exception\ConnectException;
 use Pterodactyl\Exceptions\DisplayException;
 
 class PowerRepository
@@ -60,20 +61,20 @@ public function do($action)
     {
         // We don't use the user's specific daemon secret here since we
         // are assuming that a call to this function has been validated.
-        // Additionally not all calls to this will be from a logged in user.
-        // (e.g. task queue or API)
         try {
-            $response = $this->server->node->guzzleClient([
-                'X-Access-Token' => $this->server->daemonSecret,
-                'X-Access-Server' => $this->server->uuid,
-            ])->request('PUT', '/server/power', ['json' => ['action' => $action]]);
+            $response = $this->server->guzzleClient()->request('PUT', '/server/power', [
+                'http_errors' => false,
+                'json' => [
+                    'action' => $action,
+                ],
+            ]);
 
             if ($response->getStatusCode() < 200 || $response->getStatusCode() >= 300) {
-                throw new DisplayException('Power status responded with a non-200 error code.');
+                throw new DisplayException('Power toggle endpoint responded with a non-200 error code (HTTP/' . $response->getStatusCode() . ').');
             }
 
             return $response->getBody();
-        } catch (\Exception $ex) {
+        } catch (ConnectException $ex) {
             throw $ex;
         }
     }