Add base routes for managing servers as a client

DaneEveritt · DaneEveritt · commit cef3e4ced4cb · 2018-02-27T21:28:43.000-06:00
diff --git a/app/Http/Controllers/Api/Application/ApplicationApiController.php b/app/Http/Controllers/Api/Application/ApplicationApiController.php
@@ -3,12 +3,12 @@
 namespace Pterodactyl\Http\Controllers\Api\Application;
 
 use Illuminate\Http\Request;
+use Webmozart\Assert\Assert;
 use Illuminate\Http\Response;
 use Illuminate\Container\Container;
 use Pterodactyl\Http\Controllers\Controller;
 use Pterodactyl\Extensions\Spatie\Fractalistic\Fractal;
 use Pterodactyl\Transformers\Api\Application\BaseTransformer;
-use Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException;
 
 abstract class ApplicationApiController extends Controller
 {
@@ -56,18 +56,14 @@ public function loadDependencies(Fractal $fractal, Request $request)
      *
      * @param string $abstract
      * @return \Pterodactyl\Transformers\Api\Application\BaseTransformer
-     *
-     * @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
      */
     public function getTransformer(string $abstract)
     {
         /** @var \Pterodactyl\Transformers\Api\Application\BaseTransformer $transformer */
         $transformer = Container::getInstance()->make($abstract);
         $transformer->setKey($this->request->attributes->get('api_key'));
 
-        if (! $transformer instanceof BaseTransformer) {
-            throw new InvalidTransformerLevelException('Calls to ' . __METHOD__ . ' must return a transformer that is an instance of ' . __CLASS__);
-        }
+        Assert::isInstanceOf($transformer, BaseTransformer::class);
 
         return $transformer;
     }
diff --git a/app/Http/Controllers/Api/Client/ClientApiController.php b/app/Http/Controllers/Api/Client/ClientApiController.php
@@ -1,9 +1,11 @@
 <?php
 
-namespace Pterodactyl\Http\Controllers\Api\Application;
+namespace Pterodactyl\Http\Controllers\Api\Client;
 
+use Webmozart\Assert\Assert;
 use Illuminate\Container\Container;
-use Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException;
+use Pterodactyl\Transformers\Api\Client\BaseClientTransformer;
+use Pterodactyl\Http\Controllers\Api\Application\ApplicationApiController;
 
 abstract class ClientApiController extends ApplicationApiController
 {
@@ -12,18 +14,15 @@ abstract class ClientApiController extends ApplicationApiController
      *
      * @param string $abstract
      * @return \Pterodactyl\Transformers\Api\Client\BaseClientTransformer
-     *
-     * @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
      */
     public function getTransformer(string $abstract)
     {
         /** @var \Pterodactyl\Transformers\Api\Client\BaseClientTransformer $transformer */
         $transformer = Container::getInstance()->make($abstract);
-        $transformer->setKey($this->request->attributes->get('api_key'));
+        Assert::isInstanceOf($transformer, BaseClientTransformer::class);
 
-        if (! $transformer instanceof self) {
-            throw new InvalidTransformerLevelException('Calls to ' . __METHOD__ . ' must return a transformer that is an instance of ' . __CLASS__);
-        }
+        $transformer->setKey($this->request->attributes->get('api_key'));
+        $transformer->setUser($this->request->user());
 
         return $transformer;
     }
diff --git a/app/Http/Controllers/Api/Client/ClientController.php b/app/Http/Controllers/Api/Client/ClientController.php
@@ -2,8 +2,43 @@
 
 namespace Pterodactyl\Http\Controllers\Api\Client;
 
-use Pterodactyl\Http\Controllers\Api\Application\ClientApiController;
+use Pterodactyl\Models\User;
+use Pterodactyl\Transformers\Api\Client\ServerTransformer;
+use Pterodactyl\Http\Requests\Api\Client\GetServersRequest;
+use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
 
 class ClientController extends ClientApiController
 {
+    /**
+     * @var \Pterodactyl\Contracts\Repository\ServerRepositoryInterface
+     */
+    private $repository;
+
+    /**
+     * ClientController constructor.
+     *
+     * @param \Pterodactyl\Contracts\Repository\ServerRepositoryInterface $repository
+     */
+    public function __construct(ServerRepositoryInterface $repository)
+    {
+        parent::__construct();
+
+        $this->repository = $repository;
+    }
+
+    /**
+     * Return all of the servers available to the client making the API
+     * request, including servers the user has access to as a subuser.
+     *
+     * @param \Pterodactyl\Http\Requests\Api\Client\GetServersRequest $request
+     * @return array
+     */
+    public function index(GetServersRequest $request): array
+    {
+        $servers = $this->repository->filterUserAccessServers($request->user(), User::FILTER_LEVEL_SUBUSER);
+
+        return $this->fractal->collection($servers)
+            ->transformWith($this->getTransformer(ServerTransformer::class))
+            ->toArray();
+    }
 }
diff --git a/app/Http/Controllers/Api/Client/Servers/ServerController.php b/app/Http/Controllers/Api/Client/Servers/ServerController.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
+
+use Pterodactyl\Models\Server;
+use Pterodactyl\Transformers\Api\Client\ServerTransformer;
+use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
+use Pterodactyl\Http\Requests\Api\Client\Servers\GetServerRequest;
+
+class ServerController extends ClientApiController
+{
+    /**
+     * Transform an individual server into a response that can be consumed by a
+     * client using the API.
+     *
+     * @param \Pterodactyl\Http\Requests\Api\Client\Servers\GetServerRequest $request
+     * @return array
+     */
+    public function index(GetServerRequest $request): array
+    {
+        return $this->fractal->item($request->getModel(Server::class))
+            ->transformWith($this->getTransformer(ServerTransformer::class))
+            ->toArray();
+    }
+}
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
@@ -34,6 +34,7 @@
 use Pterodactyl\Http\Middleware\Server\ScheduleBelongsToServer;
 use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode;
 use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
+use Pterodactyl\Http\Middleware\Api\Client\SubstituteClientApiBindings;
 use Pterodactyl\Http\Middleware\Api\Application\AuthenticateApplicationUser;
 use Pterodactyl\Http\Middleware\DaemonAuthenticate as OldDaemonAuthenticate;
 
@@ -78,7 +79,7 @@ class Kernel extends HttpKernel
         ],
         'client-api' => [
             'throttle:60,1',
-            ApiSubstituteBindings::class,
+            SubstituteClientApiBindings::class,
             SetSessionDriver::class,
             'api..key:' . ApiKey::TYPE_ACCOUNT,
             AuthenticateIPAccess::class,
diff --git a/app/Http/Middleware/Api/ApiSubstituteBindings.php b/app/Http/Middleware/Api/ApiSubstituteBindings.php
@@ -32,6 +32,11 @@ class ApiSubstituteBindings extends SubstituteBindings
         'user' => User::class,
     ];
 
+    /**
+     * @var \Illuminate\Routing\Router
+     */
+    protected $router;
+
     /**
      * Perform substitution of route parameters without triggering
      * a 404 error if a model is not found.
@@ -45,6 +50,10 @@ public function handle($request, Closure $next)
         $route = $request->route();
 
         foreach (self::$mappings as $key => $model) {
+            if (! is_null($this->router->getBindingCallback($key))) {
+                continue;
+            }
+
             $this->router->model($key, $model, function () use ($request) {
                 $request->attributes->set('is_missing_model', true);
             });
diff --git a/app/Http/Middleware/Api/Client/SubstituteClientApiBindings.php b/app/Http/Middleware/Api/Client/SubstituteClientApiBindings.php
@@ -0,0 +1,39 @@
+<?php
+
+namespace Pterodactyl\Http\Middleware\Api\Client;
+
+use Closure;
+use Illuminate\Container\Container;
+use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings;
+use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
+use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
+
+class SubstituteClientApiBindings extends ApiSubstituteBindings
+{
+    /**
+     * Perform substitution of route parameters without triggering
+     * a 404 error if a model is not found.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure                 $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        // Override default behavior of the model binding to use a specific table
+        // column rather than the default 'id'.
+        $this->router->bind('server', function ($value) use ($request) {
+            try {
+                return Container::getInstance()->make(ServerRepositoryInterface::class)->findFirstWhere([
+                    ['uuidShort', '=', $value],
+                ]);
+            } catch (RecordNotFoundException $ex) {
+                $request->attributes->set('is_missing_model', true);
+
+                return null;
+            }
+        });
+
+        return parent::handle($request, $next);
+    }
+}
diff --git a/app/Http/Requests/Api/Client/ClientApiRequest.php b/app/Http/Requests/Api/Client/ClientApiRequest.php
@@ -0,0 +1,19 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Client;
+
+use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
+
+abstract class ClientApiRequest extends ApplicationApiRequest
+{
+    /**
+     * Determine if the current user is authorized to perform
+     * the requested action aganist the API.
+     *
+     * @return bool
+     */
+    public function authorize(): bool
+    {
+        return true;
+    }
+}
diff --git a/app/Http/Requests/Api/Client/GetServersRequest.php b/app/Http/Requests/Api/Client/GetServersRequest.php
@@ -0,0 +1,14 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Client;
+
+class GetServersRequest extends ClientApiRequest
+{
+    /**
+     * @return bool
+     */
+    public function authorize(): bool
+    {
+        return true;
+    }
+}
diff --git a/app/Http/Requests/Api/Client/Servers/GetServerRequest.php b/app/Http/Requests/Api/Client/Servers/GetServerRequest.php
@@ -0,0 +1,31 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Client\Servers;
+
+use Pterodactyl\Models\Server;
+use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
+
+class GetServerRequest extends ClientApiRequest
+{
+    /**
+     * Determine if a client has permission to view this server on the API. This
+     * should never be false since this would be checking the same permission as
+     * resourceExists().
+     *
+     * @return bool
+     */
+    public function authorize(): bool
+    {
+        return true;
+    }
+
+    /**
+     * Determine if the user should even know that this server exists.
+     *
+     * @return bool
+     */
+    public function resourceExists(): bool
+    {
+        return $this->user()->can('view-server', $this->getModel(Server::class));
+    }
+}
diff --git a/app/Transformers/Api/Client/BaseClientTransformer.php b/app/Transformers/Api/Client/BaseClientTransformer.php
@@ -2,23 +2,53 @@
 
 namespace Pterodactyl\Transformers\Api\Client;
 
-use Pterodactyl\Services\Acl\Api\AdminAcl;
+use Pterodactyl\Models\User;
+use Webmozart\Assert\Assert;
+use Pterodactyl\Models\Server;
 use Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException;
 use Pterodactyl\Transformers\Api\Application\BaseTransformer as BaseApplicationTransformer;
 
 abstract class BaseClientTransformer extends BaseApplicationTransformer
 {
+    /**
+     * @var \Pterodactyl\Models\User
+     */
+    private $user;
+
+    /**
+     * Return the user model of the user requesting this transformation.
+     *
+     * @return \Pterodactyl\Models\User
+     */
+    public function getUser(): User
+    {
+        return $this->user;
+    }
+
+    /**
+     * Set the user model of the user requesting this transformation.
+     *
+     * @param \Pterodactyl\Models\User $user
+     */
+    public function setUser(User $user)
+    {
+        $this->user = $user;
+    }
+
     /**
      * Determine if the API key loaded onto the transformer has permission
      * to access a different resource. This is used when including other
      * models on a transformation request.
      *
-     * @param string $resource
+     * @param string                     $ability
+     * @param \Pterodactyl\Models\Server $server
      * @return bool
      */
-    protected function authorize(string $resource): bool
+    protected function authorize(string $ability, Server $server = null): bool
     {
-        return AdminAcl::check($this->getKey(), $resource, AdminAcl::READ);
+        Assert::isInstanceOf($server, Server::class);
+
+        return $this->getUser()->can($ability, [$server]);
     }
 
     /**
diff --git a/app/Transformers/Api/Client/ServerTransformer.php b/app/Transformers/Api/Client/ServerTransformer.php
@@ -0,0 +1,41 @@
+<?php
+
+namespace Pterodactyl\Transformers\Api\Client;
+
+use Pterodactyl\Models\Server;
+
+class ServerTransformer extends BaseClientTransformer
+{
+    /**
+     * @return string
+     */
+    public function getResourceName(): string
+    {
+        return Server::RESOURCE_NAME;
+    }
+
+    /**
+     * Transform a server model into a representation that can be returned
+     * to a client.
+     *
+     * @param \Pterodactyl\Models\Server $server
+     * @return array
+     */
+    public function transform(Server $server): array
+    {
+        return [
+            'server_owner' => $this->getKey()->user_id === $server->owner_id,
+            'identifier' => $server->uuidShort,
+            'uuid' => $server->uuid,
+            'name' => $server->name,
+            'description' => $server->description,
+            'limits' => [
+                'memory' => $server->memory,
+                'swap' => $server->swap,
+                'disk' => $server->disk,
+                'io' => $server->io,
+                'cpu' => $server->cpu,
+            ],
+        ];
+    }
+}
diff --git a/app/Transformers/User/AllocationTransformer.php b/app/Transformers/User/AllocationTransformer.php
diff --git a/app/Transformers/User/OverviewTransformer.php b/app/Transformers/User/OverviewTransformer.php
diff --git a/app/Transformers/User/ServerTransformer.php b/app/Transformers/User/ServerTransformer.php
diff --git a/app/Transformers/User/StatsTransformer.php b/app/Transformers/User/StatsTransformer.php
diff --git a/app/Transformers/User/SubuserTransformer.php b/app/Transformers/User/SubuserTransformer.php
diff --git a/routes/api-client.php b/routes/api-client.php
