Move everything around as needed to get things setup for the client API

DaneEveritt · DaneEveritt · commit e28973bcaedc · 2018-02-25T15:30:56.000-06:00
diff --git a/app/Exceptions/Transformer/InvalidTransformerLevelException.php b/app/Exceptions/Transformer/InvalidTransformerLevelException.php
@@ -0,0 +1,9 @@
+<?php
+
+namespace Pterodactyl\Exceptions\Transformer;
+
+use Pterodactyl\Exceptions\PterodactylException;
+
+class InvalidTransformerLevelException extends PterodactylException
+{
+}
diff --git a/app/Http/Controllers/Api/Application/ApplicationApiController.php b/app/Http/Controllers/Api/Application/ApplicationApiController.php
@@ -7,13 +7,15 @@
 use Illuminate\Container\Container;
 use Pterodactyl\Http\Controllers\Controller;
 use Pterodactyl\Extensions\Spatie\Fractalistic\Fractal;
+use Pterodactyl\Transformers\Api\Application\BaseTransformer;
+use Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException;
 
 abstract class ApplicationApiController extends Controller
 {
     /**
      * @var \Illuminate\Http\Request
      */
-    private $request;
+    protected $request;
 
     /**
      * @var \Pterodactyl\Extensions\Spatie\Fractalistic\Fractal
@@ -54,13 +56,19 @@ public function loadDependencies(Fractal $fractal, Request $request)
      *
      * @param string $abstract
      * @return \Pterodactyl\Transformers\Api\Application\BaseTransformer
+     *
+     * @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
      */
     public function getTransformer(string $abstract)
     {
         /** @var \Pterodactyl\Transformers\Api\Application\BaseTransformer $transformer */
         $transformer = Container::getInstance()->make($abstract);
         $transformer->setKey($this->request->attributes->get('api_key'));
 
+        if (! $transformer instanceof BaseTransformer) {
+            throw new InvalidTransformerLevelException('Calls to ' . __METHOD__ . ' must return a transformer that is an instance of ' . __CLASS__);
+        }
+
         return $transformer;
     }
 
diff --git a/app/Http/Controllers/Api/Client/ClientApiController.php b/app/Http/Controllers/Api/Client/ClientApiController.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace Pterodactyl\Http\Controllers\Api\Application;
+
+use Illuminate\Container\Container;
+use Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException;
+
+abstract class ClientApiController extends ApplicationApiController
+{
+    /**
+     * Return an instance of an application transformer.
+     *
+     * @param string $abstract
+     * @return \Pterodactyl\Transformers\Api\Client\BaseClientTransformer
+     *
+     * @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
+     */
+    public function getTransformer(string $abstract)
+    {
+        /** @var \Pterodactyl\Transformers\Api\Client\BaseClientTransformer $transformer */
+        $transformer = Container::getInstance()->make($abstract);
+        $transformer->setKey($this->request->attributes->get('api_key'));
+
+        if (! $transformer instanceof self) {
+            throw new InvalidTransformerLevelException('Calls to ' . __METHOD__ . ' must return a transformer that is an instance of ' . __CLASS__);
+        }
+
+        return $transformer;
+    }
+}
diff --git a/app/Http/Controllers/Api/Client/ClientController.php b/app/Http/Controllers/Api/Client/ClientController.php
@@ -0,0 +1,9 @@
+<?php
+
+namespace Pterodactyl\Http\Controllers\Api\Client;
+
+use Pterodactyl\Http\Controllers\Api\Application\ClientApiController;
+
+class ClientController extends ClientApiController
+{
+}
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
@@ -2,6 +2,7 @@
 
 namespace Pterodactyl\Http;
 
+use Pterodactyl\Models\ApiKey;
 use Illuminate\Auth\Middleware\Authorize;
 use Illuminate\Auth\Middleware\Authenticate;
 use Pterodactyl\Http\Middleware\TrimStrings;
@@ -14,11 +15,14 @@
 use Illuminate\Routing\Middleware\ThrottleRequests;
 use Pterodactyl\Http\Middleware\LanguageMiddleware;
 use Illuminate\Foundation\Http\Kernel as HttpKernel;
+use Pterodactyl\Http\Middleware\Api\AuthenticateKey;
 use Illuminate\Routing\Middleware\SubstituteBindings;
 use Pterodactyl\Http\Middleware\AccessingValidServer;
+use Pterodactyl\Http\Middleware\Api\SetSessionDriver;
 use Illuminate\View\Middleware\ShareErrorsFromSession;
 use Pterodactyl\Http\Middleware\RedirectIfAuthenticated;
 use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
+use Pterodactyl\Http\Middleware\Api\AuthenticateIPAccess;
 use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings;
 use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
 use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
@@ -28,12 +32,9 @@
 use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;
 use Pterodactyl\Http\Middleware\Server\DatabaseBelongsToServer;
 use Pterodactyl\Http\Middleware\Server\ScheduleBelongsToServer;
-use Pterodactyl\Http\Middleware\Api\Application\AuthenticateKey;
-use Pterodactyl\Http\Middleware\Api\Application\AuthenticateUser;
-use Pterodactyl\Http\Middleware\Api\Application\SetSessionDriver;
 use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode;
 use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
-use Pterodactyl\Http\Middleware\Api\Application\AuthenticateIPAccess;
+use Pterodactyl\Http\Middleware\Api\Application\AuthenticateApplicationUser;
 use Pterodactyl\Http\Middleware\DaemonAuthenticate as OldDaemonAuthenticate;
 
 class Kernel extends HttpKernel
@@ -71,8 +72,15 @@ class Kernel extends HttpKernel
             'throttle:120,1',
             ApiSubstituteBindings::class,
             SetSessionDriver::class,
-            AuthenticateKey::class,
-            AuthenticateUser::class,
+            'api..key:' . ApiKey::TYPE_APPLICATION,
+            AuthenticateApplicationUser::class,
+            AuthenticateIPAccess::class,
+        ],
+        'client-api' => [
+            'throttle:60,1',
+            ApiSubstituteBindings::class,
+            SetSessionDriver::class,
+            'api..key:' . ApiKey::TYPE_ACCOUNT,
             AuthenticateIPAccess::class,
         ],
         'daemon' => [
@@ -107,5 +115,8 @@ class Kernel extends HttpKernel
         'server..database' => DatabaseBelongsToServer::class,
         'server..subuser' => SubuserBelongsToServer::class,
         'server..schedule' => ScheduleBelongsToServer::class,
+
+        // API Specific Middleware
+        'api..key' => AuthenticateKey::class,
     ];
 }
diff --git a/app/Http/Middleware/Api/Application/AuthenticateApplicationUser.php b/app/Http/Middleware/Api/Application/AuthenticateApplicationUser.php
@@ -6,7 +6,7 @@
 use Illuminate\Http\Request;
 use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 
-class AuthenticateUser
+class AuthenticateApplicationUser
 {
     /**
      * Authenticate that the currently authenticated user is an administrator
diff --git a/app/Http/Middleware/Api/AuthenticateIPAccess.php b/app/Http/Middleware/Api/AuthenticateIPAccess.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace Pterodactyl\Http\Middleware\Api\Application;
+namespace Pterodactyl\Http\Middleware\Api;
 
 use Closure;
 use IPTools\IP;
diff --git a/app/Http/Middleware/Api/AuthenticateKey.php b/app/Http/Middleware/Api/AuthenticateKey.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace Pterodactyl\Http\Middleware\Api\Application;
+namespace Pterodactyl\Http\Middleware\Api;
 
 use Closure;
 use Cake\Chronos\Chronos;
@@ -50,12 +50,13 @@ public function __construct(ApiKeyRepositoryInterface $repository, AuthManager $
      *
      * @param \Illuminate\Http\Request $request
      * @param \Closure                 $next
+     * @param int                      $keyType
      * @return mixed
      *
      * @throws \Pterodactyl\Exceptions\Model\DataValidationException
      * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
      */
-    public function handle(Request $request, Closure $next)
+    public function handle(Request $request, Closure $next, int $keyType)
     {
         if (is_null($request->bearerToken())) {
             throw new HttpException(401, null, null, ['WWW-Authenticate' => 'Bearer']);
@@ -68,7 +69,7 @@ public function handle(Request $request, Closure $next)
         try {
             $model = $this->repository->findFirstWhere([
                 ['identifier', '=', $identifier],
-                ['key_type', '=', ApiKey::TYPE_APPLICATION],
+                ['key_type', '=', $keyType],
             ]);
         } catch (RecordNotFoundException $exception) {
             throw new AccessDeniedHttpException;
diff --git a/app/Http/Middleware/Api/Client/AuthenticateClientAccess.php b/app/Http/Middleware/Api/Client/AuthenticateClientAccess.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace Pterodactyl\Http\Middleware\Api\Client;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+
+class AuthenticateClientAccess
+{
+    /**
+     * Authenticate that the currently authenticated user has permission
+     * to access the specified server.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure                 $next
+     * @return mixed
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        if (is_null($request->user())) {
+            throw new AccessDeniedHttpException('This account does not have permission to access this resource.');
+        }
+
+        return $next($request);
+    }
+}
diff --git a/app/Http/Middleware/Api/SetSessionDriver.php b/app/Http/Middleware/Api/SetSessionDriver.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace Pterodactyl\Http\Middleware\Api\Application;
+namespace Pterodactyl\Http\Middleware\Api;
 
 use Closure;
 use Illuminate\Http\Request;
diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php
@@ -41,6 +41,10 @@ public function map()
             ->namespace($this->namespace . '\Api\Application')
             ->group(base_path('routes/api-application.php'));
 
+        Route::middleware(['client-api'])->prefix('/api/client')
+            ->namespace($this->namespace . '\Api\Client')
+            ->group(base_path('routes/api-client.php'));
+
         Route::middleware(['daemon'])->prefix('/api/remote')
             ->namespace($this->namespace . '\Api\Remote')
             ->group(base_path('routes/api-remote.php'));
diff --git a/app/Transformers/Api/Application/BaseTransformer.php b/app/Transformers/Api/Application/BaseTransformer.php
@@ -7,6 +7,7 @@
 use Illuminate\Container\Container;
 use League\Fractal\TransformerAbstract;
 use Pterodactyl\Services\Acl\Api\AdminAcl;
+use Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException;
 
 abstract class BaseTransformer extends TransformerAbstract
 {
@@ -78,13 +79,19 @@ protected function authorize(string $resource): bool
      * @param string $abstract
      * @param array  $parameters
      * @return \Pterodactyl\Transformers\Api\Application\BaseTransformer
+     *
+     * @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
      */
-    protected function makeTransformer(string $abstract, array $parameters = []): self
+    protected function makeTransformer(string $abstract, array $parameters = [])
     {
         /** @var \Pterodactyl\Transformers\Api\Application\BaseTransformer $transformer */
         $transformer = Container::getInstance()->makeWith($abstract, $parameters);
         $transformer->setKey($this->getKey());
 
+        if (! $transformer instanceof self) {
+            throw new InvalidTransformerLevelException('Calls to ' . __METHOD__ . ' must return a transformer that is an instance of ' . __CLASS__);
+        }
+
         return $transformer;
     }
 
diff --git a/app/Transformers/Api/Application/ServerTransformer.php b/app/Transformers/Api/Application/ServerTransformer.php
@@ -97,6 +97,8 @@ public function transform(Server $server): array
      *
      * @param \Pterodactyl\Models\Server $server
      * @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource
+     *
+     * @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
      */
     public function includeAllocations(Server $server)
     {
diff --git a/app/Transformers/Api/Client/BaseClientTransformer.php b/app/Transformers/Api/Client/BaseClientTransformer.php
@@ -0,0 +1,44 @@
+<?php
+
+namespace Pterodactyl\Transformers\Api\Client;
+
+use Pterodactyl\Services\Acl\Api\AdminAcl;
+use Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException;
+use Pterodactyl\Transformers\Api\Application\BaseTransformer as BaseApplicationTransformer;
+
+abstract class BaseClientTransformer extends BaseApplicationTransformer
+{
+    /**
+     * Determine if the API key loaded onto the transformer has permission
+     * to access a different resource. This is used when including other
+     * models on a transformation request.
+     *
+     * @param string $resource
+     * @return bool
+     */
+    protected function authorize(string $resource): bool
+    {
+        return AdminAcl::check($this->getKey(), $resource, AdminAcl::READ);
+    }
+
+    /**
+     * Create a new instance of the transformer and pass along the currently
+     * set API key.
+     *
+     * @param string $abstract
+     * @param array  $parameters
+     * @return self
+     *
+     * @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
+     */
+    protected function makeTransformer(string $abstract, array $parameters = [])
+    {
+        $transformer = parent::makeTransformer($abstract, $parameters);
+
+        if (! $transformer instanceof self) {
+            throw new InvalidTransformerLevelException('Calls to ' . __METHOD__ . ' must return a transformer that is an instance of ' . __CLASS__);
+        }
+
+        return $transformer;
+    }
+}
diff --git a/routes/api-client.php b/routes/api-client.php
@@ -0,0 +1,28 @@
+<?php
+
+use Pterodactyl\Http\Middleware\Api\Client\AuthenticateClientAccess;
+
+/*
+|--------------------------------------------------------------------------
+| Client Control API
+|--------------------------------------------------------------------------
+|
+| Endpoint: /api/client
+|
+*/
+Route::get('/', 'ClientController@index')->name('api.client.index');
+
+/*
+|--------------------------------------------------------------------------
+| Client Control API
+|--------------------------------------------------------------------------
+|
+| Endpoint: /api/client/servers/{server}
+|
+*/
+Route::group(['prefix' => '/servers/{server}', 'middleware' => [AuthenticateClientAccess::class]], function () {
+    Route::get('/', 'Server\ServerController@index')->name('api.client.servers.view');
+
+    Route::post('/command', 'Server\CommandController@index')->name('api.client.servers.command');
+    Route::post('/power', 'Server\PowerController@index')->name('api.client.servers.power');
+});
diff --git a/routes/api.php b/routes/api.php
diff --git a/tests/Unit/Http/Middleware/Api/Application/AuthenticateUserTest.php b/tests/Unit/Http/Middleware/Api/Application/AuthenticateUserTest.php

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@`
`6`	`6`	`use Illuminate\Http\Request;`
`7`	`7`	`use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;`
`8`	`8`
`9`		`-class AuthenticateUser`
	`9`	`+class AuthenticateApplicationUser`
`10`	`10`	`{`
`11`	`11`	`/**`
`12`	`12`	`* Authenticate that the currently authenticated user is an administrator`