Should wrap up the base landing page stuff for accounts, next step is server rendering

Author: DaneEveritt

.php_cs

@@ -25,6 +25,10 @@ return PhpCsFixer\Config::create()
         'declare_equal_normalize' => ['space' => 'single'],
         'heredoc_to_nowdoc' => true,
         'linebreak_after_opening_tag' => true,
+        'method_argument_space' => [
+            'ensure_fully_multiline' => false,
+            'keep_multiple_spaces_after_comma' => false,
+        ],
         'new_with_braces' => false,
         'no_alias_functions' => true,
         'no_multiline_whitespace_before_semicolons' => true,

app/Contracts/Repository/Daemon/ServerRepositoryInterface.php

@@ -88,4 +88,11 @@ public function unsuspend();
      * @return \Psr\Http\Message\ResponseInterface
      */
     public function delete();
+
+    /**
+     * Return detials on a specific server.
+     *
+     * @return \Psr\Http\Message\ResponseInterface
+     */
+    public function details();
 }

app/Contracts/Repository/RepositoryInterface.php

@@ -74,11 +74,12 @@ public function withoutFresh();
      *
      * @param array $fields
      * @param bool  $validate
+     * @param bool  $force
      * @return mixed
      *
      * @throws \Pterodactyl\Exceptions\Model\DataValidationException
      */
-    public function create(array $fields, $validate = true);
+    public function create(array $fields, $validate = true, $force = false);
 
     /**
      * Delete a given record from the database.

app/Contracts/Repository/ServerRepositoryInterface.php

@@ -87,4 +87,33 @@ public function getWithDatabases($id);
      * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
      */
     public function getDaemonServiceData($id);
+
+    /**
+     * Return an array of server IDs that a given user can access based on owner and subuser permissions.
+     *
+     * @param int $user
+     * @return array
+     */
+    public function getUserAccessServers($user);
+
+    /**
+     * Return a paginated list of servers that a user can access at a given level.
+     *
+     * @param int    $user
+     * @param string $level
+     * @param bool   $admin
+     * @param array  $relations
+     * @return \Illuminate\Pagination\LengthAwarePaginator
+     */
+    public function filterUserAccessServers($user, $admin = false, $level = 'all', array $relations = []);
+
+    /**
+     * Return a server by UUID.
+     *
+     * @param string $uuid
+     * @return \Illuminate\Database\Eloquent\Collection
+     *
+     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
+     */
+    public function getByUuid($uuid);
 }

…/Controllers/Base/LanguageController.php …epository/SessionRepositoryInterface.phpapp/Http/Controllers/Base/LanguageController.php renamed to app/Contracts/Repository/SessionRepositoryInterface.php app/Http/Controllers/Base/LanguageController.php renamed to app/Contracts/Repository/SessionRepositoryInterface.php

@@ -1,5 +1,5 @@
 <?php
-/**
+/*
  * Pterodactyl - Panel
  * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
  *
@@ -22,50 +22,24 @@
  * SOFTWARE.
  */
 
-namespace Pterodactyl\Http\Controllers\Base;
+namespace Pterodactyl\Contracts\Repository;
 
-use Auth;
-use Session;
-use Illuminate\Http\Request;
-use Pterodactyl\Models\User;
-use Pterodactyl\Http\Controllers\Controller;
-
-class LanguageController extends Controller
+interface SessionRepositoryInterface extends RepositoryInterface
 {
     /**
-     * A list of supported languages on the panel.
+     * Delete a session for a given user.
      *
-     * @var array
+     * @param int $user
+     * @param int $session
+     * @return null|int
      */
-    protected $languages = [
-        'de' => 'German',
-        'en' => 'English',
-        'et' => 'Estonian',
-        'nb' => 'Norwegian',
-        'nl' => 'Dutch',
-        'pt' => 'Portuguese',
-        'ro' => 'Romanian',
-        'ru' => 'Russian',
-    ];
+    public function deleteUserSession($user, $session);
 
     /**
-     * Sets the language for a user.
+     * Return all of the active sessions for a user.
      *
-     * @param \Illuminate\Http\Request $request
-     * @param string                   $language
-     * @return \Illuminate\Http\RedirectResponse
+     * @param int $user
+     * @return \Illuminate\Support\Collection
      */
-    public function setLanguage(Request $request, $language)
-    {
-        if (array_key_exists($language, $this->languages)) {
-            if (Auth::check()) {
-                $user = User::findOrFail(Auth::user()->id);
-                $user->language = $language;
-                $user->save();
-            }
-            Session::put('applocale', $language);
-        }
-
-        return redirect()->back();
-    }
+    public function getUserSessions($user);
 }

app/Exceptions/Http/Base/InvalidPasswordProvidedException.php

@@ -0,0 +1,31 @@
+<?php
+/*
+ * Pterodactyl - Panel
+ * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+namespace Pterodactyl\Exceptions\Http\Base;
+
+use Pterodactyl\Exceptions\DisplayException;
+
+class InvalidPasswordProvidedException extends DisplayException
+{
+}

app/Exceptions/Service/User/TwoFactorAuthenticationTokenInvalid.php

@@ -0,0 +1,29 @@
+<?php
+/*
+ * Pterodactyl - Panel
+ * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+namespace Pterodactyl\Exceptions\Service\User;
+
+class TwoFactorAuthenticationTokenInvalid extends \Exception
+{
+}

app/Http/Controllers/Base/APIController.php

@@ -27,12 +27,11 @@
 
 use Illuminate\Http\Request;
 use Prologue\Alerts\AlertsMessageBag;
+use Pterodactyl\Http\Requests\Base\ApiKeyFormRequest;
 use Pterodactyl\Models\APIPermission;
-use Pterodactyl\Services\ApiKeyService;
 use Pterodactyl\Http\Controllers\Controller;
-use Pterodactyl\Http\Requests\ApiKeyRequest;
-use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
 use Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface;
+use Pterodactyl\Services\Api\KeyCreationService;
 
 class APIController extends Controller
 {
@@ -42,37 +41,39 @@ class APIController extends Controller
     protected $alert;
 
     /**
-     * @var \Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface
+     * @var \Pterodactyl\Services\Api\KeyCreationService
      */
-    protected $repository;
+    protected $keyService;
 
     /**
-     * @var \Pterodactyl\Services\ApiKeyService
+     * @var \Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface
      */
-    protected $service;
+    protected $repository;
 
     /**
      * APIController constructor.
      *
      * @param \Prologue\Alerts\AlertsMessageBag                           $alert
      * @param \Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface $repository
-     * @param \Pterodactyl\Services\ApiKeyService                         $service
+     * @param \Pterodactyl\Services\Api\KeyCreationService                $keyService
      */
     public function __construct(
         AlertsMessageBag $alert,
         ApiKeyRepositoryInterface $repository,
-        ApiKeyService $service
+        KeyCreationService $keyService
     ) {
         $this->alert = $alert;
+        $this->keyService = $keyService;
         $this->repository = $repository;
-        $this->service = $service;
     }
 
     /**
      * Display base API index page.
      *
      * @param \Illuminate\Http\Request $request
      * @return \Illuminate\View\View
+     *
+     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
      */
     public function index(Request $request)
     {
@@ -84,45 +85,41 @@ public function index(Request $request)
     /**
      * Display API key creation page.
      *
+     * @param \Illuminate\Http\Request $request
      * @return \Illuminate\View\View
      */
-    public function create()
+    public function create(Request $request)
     {
         return view('base.api.new', [
             'permissions' => [
                 'user' => collect(APIPermission::CONST_PERMISSIONS)->pull('_user'),
-                'admin' => collect(APIPermission::CONST_PERMISSIONS)->except('_user')->toArray(),
+                'admin' => ! $request->user()->root_admin ?: collect(APIPermission::CONST_PERMISSIONS)->except('_user')->toArray(),
             ],
         ]);
     }
 
     /**
      * Handle saving new API key.
      *
-     * @param \Pterodactyl\Http\Requests\ApiKeyRequest $request
+     * @param \Pterodactyl\Http\Requests\Base\ApiKeyFormRequest $request
      * @return \Illuminate\Http\RedirectResponse
-     *
      * @throws \Exception
      * @throws \Pterodactyl\Exceptions\Model\DataValidationException
      */
-    public function store(ApiKeyRequest $request)
+    public function store(ApiKeyFormRequest $request)
     {
         $adminPermissions = [];
-        if ($request->user()->isRootAdmin()) {
+        if ($request->user()->root_admin) {
             $adminPermissions = $request->input('admin_permissions') ?? [];
         }
 
-        $secret = $this->service->create([
+        $secret = $this->keyService->handle([
             'user_id' => $request->user()->id,
             'allowed_ips' => $request->input('allowed_ips'),
             'memo' => $request->input('memo'),
-        ], $request->input('permissions') ?? [], $adminPermissions);
+        ], $request->input('permissions', []), $adminPermissions);
 
-        $this->alert->success(
-            "An API Key-Pair has successfully been generated. The API secret
-            for this public key is shown below and will not be shown again.
-            <br /><br /><code>{$secret}</code>"
-        )->flash();
+        $this->alert->success(trans('base.api.index.keypair_created', ['token' => $secret]))->flash();
 
         return redirect()->route('account.api');
     }
@@ -136,16 +133,10 @@ public function store(ApiKeyRequest $request)
      */
     public function revoke(Request $request, $key)
     {
-        try {
-            $key = $this->repository->withColumns('id')->findFirstWhere([
-                ['user_id', '=', $request->user()->id],
-                ['public', $key],
-            ]);
-
-            $this->service->revoke($key->id);
-        } catch (RecordNotFoundException $ex) {
-            return abort(404);
-        }
+        $this->repository->deleteWhere([
+            ['user_id', '=', $request->user()->id],
+            ['public', '=', $key],
+        ]);
 
         return response('', 204);
     }