Skip to content

Commit dc90d8b

Browse files
committed
Include the "user_uuid" claim on JWTs for easier Wings user tracking
1 parent 74c3b00 commit dc90d8b

File tree

5 files changed

+32
-12
lines changed

5 files changed

+32
-12
lines changed

app/Http/Controllers/Api/Client/Servers/FileController.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -93,6 +93,7 @@ public function download(GetFileContentsRequest $request, Server $server)
9393
{
9494
$token = $this->jwtService
9595
->setExpiresAt(CarbonImmutable::now()->addMinutes(15))
96+
->setUser($request->user())
9697
->setClaims([
9798
'file_path' => rawurldecode($request->get('file')),
9899
'server_uuid' => $server->uuid,

app/Http/Controllers/Api/Client/Servers/FileUploadController.php

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -55,9 +55,8 @@ protected function getUploadUrl(Server $server, User $user)
5555
{
5656
$token = $this->jwtService
5757
->setExpiresAt(CarbonImmutable::now()->addMinutes(15))
58-
->setClaims([
59-
'server_uuid' => $server->uuid,
60-
])
58+
->setUser($user)
59+
->setClaims(['server_uuid' => $server->uuid])
6160
->handle($server->node, $user->id . $server->uuid);
6261

6362
return sprintf(

app/Http/Controllers/Api/Client/Servers/WebsocketController.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -69,8 +69,8 @@ public function __invoke(ClientApiRequest $request, Server $server)
6969

7070
$token = $this->jwtService
7171
->setExpiresAt(CarbonImmutable::now()->addMinutes(10))
72+
->setUser($request->user())
7273
->setClaims([
73-
'user_id' => $request->user()->id,
7474
'server_uuid' => $server->uuid,
7575
'permissions' => $permissions,
7676
])

app/Services/Backups/DownloadLinkService.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,7 @@ public function handle(Backup $backup, User $user): string
4141

4242
$token = $this->jwtService
4343
->setExpiresAt(CarbonImmutable::now()->addMinutes(15))
44+
->setUser($user)
4445
->setClaims([
4546
'backup_uuid' => $backup->uuid,
4647
'server_uuid' => $backup->server->uuid,

app/Services/Nodes/NodeJWTService.php

Lines changed: 27 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -6,27 +6,24 @@
66
use Carbon\CarbonImmutable;
77
use Illuminate\Support\Str;
88
use Pterodactyl\Models\Node;
9+
use Pterodactyl\Models\User;
910
use Lcobucci\JWT\Configuration;
1011
use Lcobucci\JWT\Signer\Hmac\Sha256;
1112
use Lcobucci\JWT\Signer\Key\InMemory;
1213
use Pterodactyl\Extensions\Lcobucci\JWT\Encoding\TimestampDates;
1314

1415
class NodeJWTService
1516
{
16-
/**
17-
* @var array
18-
*/
19-
private $claims = [];
17+
private array $claims = [];
18+
19+
private ?User $user = null;
2020

2121
/**
2222
* @var \DateTimeImmutable|null
2323
*/
2424
private $expiresAt;
2525

26-
/**
27-
* @var string|null
28-
*/
29-
private $subject;
26+
private ?string $subject = null;
3027

3128
/**
3229
* Set the claims to include in this JWT.
@@ -40,6 +37,17 @@ public function setClaims(array $claims)
4037
return $this;
4138
}
4239

40+
/**
41+
* Attaches a user to the JWT being created and will automatically inject the
42+
* "user_uuid" key into the final claims array with the user's UUID.
43+
*/
44+
public function setUser(User $user): self
45+
{
46+
$this->user = $user;
47+
48+
return $this;
49+
}
50+
4351
/**
4452
* @return $this
4553
*/
@@ -92,6 +100,17 @@ public function handle(Node $node, string $identifiedBy, string $algo = 'md5')
92100
$builder = $builder->withClaim($key, $value);
93101
}
94102

103+
if (!is_null($this->user)) {
104+
$builder = $builder
105+
->withClaim('user_uuid', $this->user->uuid)
106+
// The "user_id" claim is deprecated and should not be referenced — it remains
107+
// here solely to ensure older versions of Wings are unaffected when the Panel
108+
// is updated.
109+
//
110+
// This claim will be removed in Panel@1.11 or later.
111+
->withClaim('user_id', $this->user->id);
112+
}
113+
95114
return $builder
96115
->withClaim('unique_id', Str::random(16))
97116
->getToken($config->signer(), $config->signingKey());

0 commit comments

Comments
 (0)