From 7aa540b8952dd6db92559f64becbd7d943f3b272 Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sun, 14 Jan 2018 12:05:18 -0600 Subject: [PATCH] Remove api permissions table --- app/Http/Controllers/Base/APIController.php | 7 - app/Models/APIPermission.php | 126 ------------------ app/Policies/APIKeyPolicy.php | 57 -------- app/Providers/AuthServiceProvider.php | 1 - app/Providers/RepositoryServiceProvider.php | 30 +---- .../Eloquent/ApiPermissionRepository.php | 19 --- app/Services/Api/PermissionService.php | 58 -------- ...1_11_213943_AddApiKeyPermissionColumns.php | 10 ++ ...1_13_142012_SetupTableForKeyEncryption.php | 18 --- .../2018_01_13_145209_AddLastUsedAtColumn.php | 3 +- .../themes/pterodactyl/base/api/new.blade.php | 64 --------- spec/admin/swagger.yaml | 73 ---------- 12 files changed, 17 insertions(+), 449 deletions(-) delete mode 100644 app/Models/APIPermission.php delete mode 100644 app/Policies/APIKeyPolicy.php delete mode 100644 app/Repositories/Eloquent/ApiPermissionRepository.php delete mode 100644 app/Services/Api/PermissionService.php delete mode 100644 spec/admin/swagger.yaml diff --git a/app/Http/Controllers/Base/APIController.php b/app/Http/Controllers/Base/APIController.php index cedba896..d2e74a66 100644 --- a/app/Http/Controllers/Base/APIController.php +++ b/app/Http/Controllers/Base/APIController.php @@ -4,7 +4,6 @@ namespace Pterodactyl\Http\Controllers\Base; use Illuminate\Http\Request; use Prologue\Alerts\AlertsMessageBag; -use Pterodactyl\Models\APIPermission; use Pterodactyl\Http\Controllers\Controller; use Pterodactyl\Services\Api\KeyCreationService; use Pterodactyl\Http\Requests\Base\ApiKeyFormRequest; @@ -65,12 +64,6 @@ class APIController extends Controller */ public function create(Request $request) { - return view('base.api.new', [ - 'permissions' => [ - 'user' => collect(APIPermission::CONST_PERMISSIONS)->pull('_user'), - 'admin' => ! $request->user()->root_admin ? null : collect(APIPermission::CONST_PERMISSIONS)->except('_user')->toArray(), - ], - ]); } /** diff --git a/app/Models/APIPermission.php b/app/Models/APIPermission.php deleted file mode 100644 index 1b2eb05e..00000000 --- a/app/Models/APIPermission.php +++ /dev/null @@ -1,126 +0,0 @@ -. - * - * This software is licensed under the terms of the MIT license. - * https://opensource.org/licenses/MIT - */ - -namespace Pterodactyl\Models; - -use Sofa\Eloquence\Eloquence; -use Sofa\Eloquence\Validable; -use Illuminate\Database\Eloquent\Model; -use Sofa\Eloquence\Contracts\CleansAttributes; -use Sofa\Eloquence\Contracts\Validable as ValidableContract; - -class APIPermission extends Model implements CleansAttributes, ValidableContract -{ - use Eloquence, Validable; - - /** - * List of permissions available for the API. - */ - const CONST_PERMISSIONS = [ - // Items within this block are available to non-adminitrative users. - '_user' => [ - 'server' => [ - 'list', - 'view', - 'power', - 'command', - ], - ], - - // All other pemissions below are administrative actions. - 'server' => [ - 'list', - 'create', - 'view', - 'edit-details', - 'edit-container', - 'edit-build', - 'edit-startup', - 'suspend', - 'install', - 'rebuild', - 'delete', - ], - 'location' => [ - 'list', - ], - 'node' => [ - 'list', - 'view', - 'view-config', - 'create', - 'delete', - ], - 'user' => [ - 'list', - 'view', - 'create', - 'edit', - 'delete', - ], - 'service' => [ - 'list', - 'view', - ], - 'option' => [ - 'list', - 'view', - ], - 'pack' => [ - 'list', - 'view', - ], - ]; - - /** - * The table associated with the model. - * - * @var string - */ - protected $table = 'api_permissions'; - - /** - * Fields that are not mass assignable. - * - * @var array - */ - protected $guarded = ['id']; - - /** - * Cast values to correct type. - * - * @var array - */ - protected $casts = [ - 'key_id' => 'integer', - ]; - - protected static $dataIntegrityRules = [ - 'key_id' => 'required|numeric', - 'permission' => 'required|string|max:200', - ]; - - /** - * Disable timestamps for this table. - * - * @var bool - */ - public $timestamps = false; - - /** - * Return permissions for API. - * - * @return array - * @deprecated - */ - public static function permissions() - { - return []; - } -} diff --git a/app/Policies/APIKeyPolicy.php b/app/Policies/APIKeyPolicy.php deleted file mode 100644 index e8556ca9..00000000 --- a/app/Policies/APIKeyPolicy.php +++ /dev/null @@ -1,57 +0,0 @@ -. - * - * This software is licensed under the terms of the MIT license. - * https://opensource.org/licenses/MIT - */ - -namespace Pterodactyl\Policies; - -use Cache; -use Carbon; -use Pterodactyl\Models\User; -use Pterodactyl\Models\APIKey as Key; - -class APIKeyPolicy -{ - /** - * Checks if the API key has permission to perform an action. - * - * @param \Pterodactyl\Models\User $user - * @param \Pterodactyl\Models\APIKey $key - * @param string $permission - * @return bool - */ - protected function checkPermission(User $user, Key $key, $permission) - { - // Non-administrative users cannot use administrative routes. - if (! starts_with($key, 'user.') && ! $user->root_admin) { - return false; - } - - // We don't tag this cache key with the user uuid because the key is already unique, - // and multiple users are not defiend for a single key. - $permissions = Cache::remember('APIKeyPolicy.' . $key->public, Carbon::now()->addSeconds(5), function () use ($key) { - return $key->permissions()->get()->transform(function ($item) { - return $item->permission; - })->values(); - }); - - return $permissions->setSearchTerm($permission, true) !== false; - } - - /** - * Determine if a user has permission to perform this action against the system. - * - * @param \Pterodactyl\Models\User $user - * @param string $permission - * @param \Pterodactyl\Models\APIKey $key - * @return bool - */ - public function before(User $user, $permission, Key $key) - { - return $this->checkPermission($user, $key, $permission); - } -} diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php index 0cdb82a2..947750ae 100644 --- a/app/Providers/AuthServiceProvider.php +++ b/app/Providers/AuthServiceProvider.php @@ -13,7 +13,6 @@ class AuthServiceProvider extends ServiceProvider */ protected $policies = [ 'Pterodactyl\Models\Server' => 'Pterodactyl\Policies\ServerPolicy', - 'Pterodactyl\Models\APIKey' => 'Pterodactyl\Policies\APIKeyPolicy', ]; /** diff --git a/app/Providers/RepositoryServiceProvider.php b/app/Providers/RepositoryServiceProvider.php index e3452096..aa5fbbaa 100644 --- a/app/Providers/RepositoryServiceProvider.php +++ b/app/Providers/RepositoryServiceProvider.php @@ -1,11 +1,4 @@ . - * - * This software is licensed under the terms of the MIT license. - * https://opensource.org/licenses/MIT - */ namespace Pterodactyl\Providers; @@ -39,7 +32,6 @@ use Pterodactyl\Contracts\Repository\PackRepositoryInterface; use Pterodactyl\Contracts\Repository\TaskRepositoryInterface; use Pterodactyl\Contracts\Repository\UserRepositoryInterface; use Pterodactyl\Repositories\Eloquent\DatabaseHostRepository; -use Pterodactyl\Repositories\Eloquent\ApiPermissionRepository; use Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface; use Pterodactyl\Contracts\Repository\ServerRepositoryInterface; use Pterodactyl\Repositories\Eloquent\ServerVariableRepository; @@ -56,7 +48,6 @@ use Pterodactyl\Contracts\Repository\Daemon\FileRepositoryInterface; use Pterodactyl\Contracts\Repository\EggVariableRepositoryInterface; use Pterodactyl\Contracts\Repository\Daemon\PowerRepositoryInterface; use Pterodactyl\Contracts\Repository\DatabaseHostRepositoryInterface; -use Pterodactyl\Contracts\Repository\ApiPermissionRepositoryInterface; use Pterodactyl\Contracts\Repository\Daemon\CommandRepositoryInterface; use Pterodactyl\Contracts\Repository\ServerVariableRepositoryInterface; use Pterodactyl\Contracts\Repository\Daemon\ConfigurationRepositoryInterface; @@ -73,7 +64,6 @@ class RepositoryServiceProvider extends ServiceProvider // Eloquent Repositories $this->app->bind(AllocationRepositoryInterface::class, AllocationRepository::class); $this->app->bind(ApiKeyRepositoryInterface::class, ApiKeyRepository::class); - $this->app->bind(ApiPermissionRepositoryInterface::class, ApiPermissionRepository::class); $this->app->bind(DaemonKeyRepositoryInterface::class, DaemonKeyRepository::class); $this->app->bind(DatabaseRepositoryInterface::class, DatabaseRepository::class); $this->app->bind(DatabaseHostRepositoryInterface::class, DatabaseHostRepository::class); @@ -93,21 +83,11 @@ class RepositoryServiceProvider extends ServiceProvider $this->app->bind(TaskRepositoryInterface::class, TaskRepository::class); $this->app->bind(UserRepositoryInterface::class, UserRepository::class); - $this->app->alias(SettingsRepositoryInterface::class, 'settings'); - // Daemon Repositories - if ($this->app->make('config')->get('pterodactyl.daemon.use_new_daemon')) { - $this->app->bind(ConfigurationRepositoryInterface::class, \Pterodactyl\Repositories\Wings\ConfigurationRepository::class); - $this->app->bind(CommandRepositoryInterface::class, \Pterodactyl\Repositories\Wings\CommandRepository::class); - $this->app->bind(DaemonServerRepositoryInterface::class, \Pterodactyl\Repositories\Wings\ServerRepository::class); - $this->app->bind(FileRepositoryInterface::class, \Pterodactyl\Repositories\Wings\FileRepository::class); - $this->app->bind(PowerRepositoryInterface::class, \Pterodactyl\Repositories\Wings\PowerRepository::class); - } else { - $this->app->bind(ConfigurationRepositoryInterface::class, ConfigurationRepository::class); - $this->app->bind(CommandRepositoryInterface::class, CommandRepository::class); - $this->app->bind(DaemonServerRepositoryInterface::class, DaemonServerRepository::class); - $this->app->bind(FileRepositoryInterface::class, FileRepository::class); - $this->app->bind(PowerRepositoryInterface::class, PowerRepository::class); - } + $this->app->bind(ConfigurationRepositoryInterface::class, ConfigurationRepository::class); + $this->app->bind(CommandRepositoryInterface::class, CommandRepository::class); + $this->app->bind(DaemonServerRepositoryInterface::class, DaemonServerRepository::class); + $this->app->bind(FileRepositoryInterface::class, FileRepository::class); + $this->app->bind(PowerRepositoryInterface::class, PowerRepository::class); } } diff --git a/app/Repositories/Eloquent/ApiPermissionRepository.php b/app/Repositories/Eloquent/ApiPermissionRepository.php deleted file mode 100644 index d9477132..00000000 --- a/app/Repositories/Eloquent/ApiPermissionRepository.php +++ /dev/null @@ -1,19 +0,0 @@ -. - * - * This software is licensed under the terms of the MIT license. - * https://opensource.org/licenses/MIT - */ - -namespace Pterodactyl\Services\Api; - -use Pterodactyl\Contracts\Repository\ApiPermissionRepositoryInterface; - -class PermissionService -{ - /** - * @var \Pterodactyl\Contracts\Repository\ApiPermissionRepositoryInterface - */ - protected $repository; - - /** - * ApiPermissionService constructor. - * - * @param \Pterodactyl\Contracts\Repository\ApiPermissionRepositoryInterface $repository - */ - public function __construct(ApiPermissionRepositoryInterface $repository) - { - $this->repository = $repository; - } - - /** - * Store a permission key in the database. - * - * @param string $key - * @param string $permission - * @return bool - * - * @throws \Pterodactyl\Exceptions\Model\DataValidationException - */ - public function create($key, $permission) - { - // @todo handle an array of permissions to do a mass assignment? - return $this->repository->withoutFreshModel()->create([ - 'key_id' => $key, - 'permission' => $permission, - ]); - } - - /** - * Return all of the permissions available for an API Key. - * - * @return array - */ - public function getPermissions() - { - return $this->repository->getModel()::CONST_PERMISSIONS; - } -} diff --git a/database/migrations/2018_01_11_213943_AddApiKeyPermissionColumns.php b/database/migrations/2018_01_11_213943_AddApiKeyPermissionColumns.php index e2c78d2e..3948972c 100644 --- a/database/migrations/2018_01_11_213943_AddApiKeyPermissionColumns.php +++ b/database/migrations/2018_01_11_213943_AddApiKeyPermissionColumns.php @@ -13,6 +13,8 @@ class AddApiKeyPermissionColumns extends Migration */ public function up() { + Schema::dropIfExists('api_permissions'); + Schema::table('api_keys', function (Blueprint $table) { $table->unsignedTinyInteger('r_servers')->default(0); $table->unsignedTinyInteger('r_nodes')->default(0); @@ -33,6 +35,14 @@ class AddApiKeyPermissionColumns extends Migration */ public function down() { + Schema::create('api_permissions', function (Blueprint $table) { + $table->increments('id'); + $table->unsignedInteger('key_id'); + $table->string('permission'); + + $table->foreign('key_id')->references('id')->on('keys')->onDelete('cascade'); + }); + Schema::table('api_keys', function (Blueprint $table) { $table->dropColumn([ 'r_servers', diff --git a/database/migrations/2018_01_13_142012_SetupTableForKeyEncryption.php b/database/migrations/2018_01_13_142012_SetupTableForKeyEncryption.php index 10f620df..db7dcb0a 100644 --- a/database/migrations/2018_01_13_142012_SetupTableForKeyEncryption.php +++ b/database/migrations/2018_01_13_142012_SetupTableForKeyEncryption.php @@ -25,15 +25,6 @@ class SetupTableForKeyEncryption extends Migration Schema::table('api_keys', function (Blueprint $table) { $table->text('token')->change(); }); - - DB::transaction(function () { - foreach (DB::table('api_keys')->cursor() as $key) { - DB::table('api_keys')->where('id', $key->id)->update([ - 'identifier' => str_random(16), - 'token' => Crypt::encrypt($key->token), - ]); - } - }); } /** @@ -45,15 +36,6 @@ class SetupTableForKeyEncryption extends Migration */ public function down() { - /* @var \Pterodactyl\Models\APIKey $key */ - DB::transaction(function () { - foreach (DB::table('api_keys')->cursor() as $key) { - DB::table('api_keys')->where('id', $key->id)->update([ - 'token' => Crypt::decrypt($key->token), - ]); - } - }); - Schema::table('api_keys', function (Blueprint $table) { $table->dropColumn('identifier'); $table->string('token', 32)->unique()->change(); diff --git a/database/migrations/2018_01_13_145209_AddLastUsedAtColumn.php b/database/migrations/2018_01_13_145209_AddLastUsedAtColumn.php index 83d39442..27e723a0 100644 --- a/database/migrations/2018_01_13_145209_AddLastUsedAtColumn.php +++ b/database/migrations/2018_01_13_145209_AddLastUsedAtColumn.php @@ -14,6 +14,7 @@ class AddLastUsedAtColumn extends Migration public function up() { Schema::table('api_keys', function (Blueprint $table) { + $table->unsignedTinyInteger('key_type')->after('user_id')->default(0); $table->timestamp('last_used_at')->after('memo')->nullable(); $table->dropColumn('expires_at'); }); @@ -28,7 +29,7 @@ class AddLastUsedAtColumn extends Migration { Schema::table('api_keys', function (Blueprint $table) { $table->timestamp('expires_at')->after('memo')->nullable(); - $table->dropColumn('last_used_at'); + $table->dropColumn('last_used_at', 'key_type'); }); } } diff --git a/resources/themes/pterodactyl/base/api/new.blade.php b/resources/themes/pterodactyl/base/api/new.blade.php index 1efe75e8..0551feb9 100644 --- a/resources/themes/pterodactyl/base/api/new.blade.php +++ b/resources/themes/pterodactyl/base/api/new.blade.php @@ -1,8 +1,3 @@ -{{-- Pterodactyl - Panel --}} -{{-- Copyright (c) 2015 - 2017 Dane Everitt --}} - -{{-- This software is licensed under the terms of the MIT license. --}} -{{-- https://opensource.org/licenses/MIT --}} @extends('layouts.master') @section('title') @@ -69,64 +64,5 @@ -
- @foreach($permissions['user'] as $block => $perms) -
-
-
-

@lang('base.api.permissions.user.' . $block . '_header')

-
-
- @foreach($perms as $permission) -
-
- - -
-

@lang('base.api.permissions.user.' . $block . '.' . $permission . '.desc')

-
- @endforeach -
-
-
- @if ($loop->iteration % 2 === 0) -
- @endif - @endforeach -
- @if(Auth::user()->root_admin) -
- @foreach($permissions['admin'] as $block => $perms) -
-
-
-

@lang('base.api.permissions.admin.' . $block . '_header')

-
-
- @foreach($perms as $permission) -
-
- - -
-

@lang('base.api.permissions.admin.' . $block . '.' . $permission . '.desc')

-
- @endforeach -
-
-
- @if ($loop->iteration % 3 === 0) -
- @endif - @if ($loop->iteration % 2 === 0) -
- @endif - @endforeach -
- @endif @endsection diff --git a/spec/admin/swagger.yaml b/spec/admin/swagger.yaml deleted file mode 100644 index d0503997..00000000 --- a/spec/admin/swagger.yaml +++ /dev/null @@ -1,73 +0,0 @@ -swagger: "2.0" -info: - version: 1.0.0 - title: Pterodactyl Admin API Reference - description: Pterodactyl Panel API Documentation - contact: - name: Dane Everitt - url: https://pterodactyl.io - email: support@pterodactyl.io - license: - name: MIT -host: example.com -basePath: /api/admin -schemes: - - http - - https -consumes: - - application/vnd.pterodactyl.v1+json -produces: - - application/json -paths: - /users: - get: - description: | - Returns all users that exist on the Panel. - operationId: findUsers - responses: - "200": - description: OK - schema: - type: object - required: ["data"] - properties: - data: - type: array - items: - $ref: '#/definitions/User' - properties: - id: - type: integer - attributes: - type: object -definitions: - User: - allOf: - - required: - - email - - username - - uuid - properties: - external_id: - type: string - uuid: - type: string - email: - type: string - username: - type: string - name_first: - type: string - name_last: - type: string - language: - type: string - root_admin: - type: boolean - use_totp: - type: boolean - updated_at: - type: string - created_at: - type: string -