Add active session management

Author: DaneEveritt

app/Http/Controllers/Base/IndexController.php

@@ -29,7 +29,7 @@
 use Google2FA;
 use Alert;
 
-use Pterodactyl\Models\Server;
+use Pterodactyl\Models;
 use Pterodactyl\Exceptions\DisplayException;
 
 use Pterodactyl\Http\Controllers\Controller;
@@ -55,7 +55,7 @@ public function __construct()
     public function getIndex(Request $request)
     {
         return view('base.index', [
-            'servers' => Server::getUserServers(10),
+            'servers' => Models\Server::getUserServers(10),
         ]);
     }
 
@@ -72,14 +72,16 @@ public function getPassword(Request $request, $length = 16)
     }
 
     /**
-     * Returns TOTP Management Page.
+     * Returns Security Management Page.
      *
      * @param  \Illuminate\Http\Request $request
      * @return \Illuminate\Contracts\View\View
      */
-    public function getAccountTotp(Request $request)
+    public function getAccountSecurity(Request $request)
     {
-        return view('base.totp');
+        return view('base.security', [
+            'sessions' => Models\Session::where('user_id', Auth::user()->id)->get()
+        ]);
     }
 
     /**
@@ -227,4 +229,11 @@ public function postAccountPassword(Request $request)
 
     }
 
+    public function getRevokeSession(Request $request, $id)
+    {
+        $session = Models\Session::where('id', $id)->where('user_id', Auth::user()->id)->firstOrFail();
+        $session->delete();
+        return redirect()->route('account.security');
+    }
+
 }

app/Http/Routes/BaseRoutes.php

@@ -71,15 +71,19 @@ public function map(Router $router) {
 
         // TOTP Routes
         $router->group([
-            'prefix' => 'account/totp',
+            'prefix' => 'account/security',
             'middleware' => [
                 'auth',
                 'csrf'
             ]
         ], function () use ($router) {
             $router->get('/', [
-                'as' => 'account.totp',
-                'uses' => 'Base\IndexController@getAccountTotp'
+                'as' => 'account.security',
+                'uses' => 'Base\IndexController@getAccountSecurity'
+            ]);
+            $router->get('/revoke/{id}', [
+                'as' => 'account.security.revoke',
+                'uses' => 'Base\IndexController@getRevokeSession'
             ]);
             $router->put('/', [
                 'uses' => 'Base\IndexController@putAccountTotp'

app/Models/Session.php

@@ -0,0 +1,48 @@
+<?php
+/**
+ * Pterodactyl - Panel
+ * Copyright (c) 2015 - 2016 Dane Everitt <dane@daneeveritt.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+namespace Pterodactyl\Models;
+
+use Illuminate\Database\Eloquent\Model;
+
+class Session extends Model
+{
+
+    /**
+     * The table associated with the model.
+     *
+     * @var string
+     */
+    protected $table = 'sessions';
+
+    /**
+     * Cast values to correct type.
+     *
+     * @var array
+     */
+     protected $casts = [
+         'id' => 'string',
+         'user_id' => 'integer',
+     ];
+
+}

resources/views/base/totp.blade.php resources/views/base/security.blade.phpresources/views/base/totp.blade.php renamed to resources/views/base/security.blade.php

@@ -19,7 +19,7 @@
 {{-- SOFTWARE. --}}
 @extends('layouts.master')
 
-@section('title', 'Account TOTP Settings')
+@section('title', 'Account Security')
 
 @section('sidebar-server')
 @endsection
@@ -34,7 +34,46 @@
             </div>
         @endforeach
     @endforeach
-    <h3 style="margin-top:0;">{{ trans('base.account.totp_header') }} <small>@if (Auth::user()->use_totp === 1){{ trans('strings.enabled') }}@else{{ trans('strings.disabled') }}@endif</small></h3><hr />
+    <h3 style="margin-top:0;">Active Sessions</h3><hr />
+    <table class="table table-bordered table-hover" style="margin-bottom:0;">
+        <thead>
+            <tr>
+                <th>Session ID</th>
+                <th>IP Address</th>
+                <th>User Agent</th>
+                <th>Last Location</th>
+                <th>Last Activity</th>
+                <th></th>
+            </th>
+        </thead>
+        <tbody>
+            @foreach($sessions as $session)
+                <tr>
+                    <?php $prev = unserialize(base64_decode($session->payload)) ?>
+                    <td><code>{{ substr($session->id, 0, 8) }}</code></td>
+                    <td>{{ $session->ip_address }}</td>
+                    <td><small>{{ $session->user_agent }}</small></td>
+                    <td>
+                        @if(isset($prev['_previous']['url']))
+                            {{ str_replace(env('APP_URL'), '', $prev['_previous']['url']) }}
+                        @else
+                            <em>unknwon</em>
+                        @endif
+                    </td>
+                    <td>
+                        @if((time() - $session->last_activity < 10))
+                            <em>just now</em>
+                        @else
+                            {{ date('D, M j \a\t H:i:s', $session->last_activity) }}
+                        @endif
+                    </td>
+                    <td><a href="{{ route('account.security.revoke', $session->id) }}"><i class="fa fa-trash-o"></i></a></td>
+                </tr>
+            @endforeach
+        </tbody>
+    </table>
+
+    <h3>{{ trans('base.account.totp_header') }} <small>@if (Auth::user()->use_totp === 1){{ trans('strings.enabled') }}@else{{ trans('strings.disabled') }}@endif</small></h3><hr />
     @if (Auth::user()->use_totp === 1)
         <div class="panel panel-default">
             <div class="panel-heading">{{ trans('base.account.totp_disable') }}</div>
@@ -112,7 +151,7 @@
 </div>
 <script>
 $(document).ready(function () {
-    $('#sidebar_links').find('a[href=\'/account/totp\']').addClass('active');
+    $('#sidebar_links').find('a[href=\'/account/security\']').addClass('active');
 
     $('#close_reload').click(function () {
         location.reload();

resources/views/layouts/master.blade.php

@@ -182,7 +182,7 @@
                             <a href="#" class="dropdown-toggle" data-toggle="dropdown">{{ trans('pagination.sidebar.account_controls') }} <b class="caret"></b></a>
                             <ul class="dropdown-menu">
                                 <li><a href="/account">{{ trans('pagination.sidebar.account_settings') }}</a></li>
-                                <li><a href="/account/totp">{{ trans('pagination.sidebar.account_security') }}</a></li>
+                                <li><a href="/account/security">{{ trans('pagination.sidebar.account_security') }}</a></li>
                                 <li><a href="/index">{{ trans('pagination.sidebar.servers') }}</a></li>
                             </ul>
                         </li>
@@ -239,7 +239,7 @@
                     <div class="list-group">
                         <a href="#" class="list-group-item list-group-item-heading"><strong>{{ trans('pagination.sidebar.account_controls') }}</strong></a>
                         <a href="/account" class="list-group-item">{{ trans('pagination.sidebar.account_settings') }}</a>
-                        <a href="/account/totp" class="list-group-item">{{ trans('pagination.sidebar.account_security') }}</a>
+                        <a href="/account/security" class="list-group-item">{{ trans('pagination.sidebar.account_security') }}</a>
                         <a href="/" class="list-group-item">{{ trans('pagination.sidebar.servers') }}</a>
                     </div>
                     @section('sidebar-server')