diff --git a/CHANGELOG.md b/CHANGELOG.md index 3cf63cf354..97f3d51e44 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,6 +28,9 @@ This project follows [Semantic Versioning](http://semver.org) guidelines. * Administrators are now listed first when viewing a list of all users on the system. * Websocket no longer endlessly polls when connection issues are encountered, or when Wings disconnects the user for a reason that should not be re-attempted. +### Added +* Administrators can now view all of the application API keys that have been created. They cannot view the full key unless they are the owner. + ## v1.11.10 ### Fixed * Update Laravel to address [CVE-2024-52301](https://github.com/advisories/GHSA-gv7v-rgg6-548h) diff --git a/app/Contracts/Repository/ApiKeyRepositoryInterface.php b/app/Contracts/Repository/ApiKeyRepositoryInterface.php index bfebbddb60..0ed8b247c4 100644 --- a/app/Contracts/Repository/ApiKeyRepositoryInterface.php +++ b/app/Contracts/Repository/ApiKeyRepositoryInterface.php @@ -12,18 +12,8 @@ interface ApiKeyRepositoryInterface extends RepositoryInterface */ public function getAccountKeys(User $user): Collection; - /** - * Get all the application API keys that exist for a specific user. - */ - public function getApplicationKeys(User $user): Collection; - /** * Delete an account API key from the panel for a specific user. */ public function deleteAccountKey(User $user, string $identifier): int; - - /** - * Delete an application API key from the panel for a specific user. - */ - public function deleteApplicationKey(User $user, string $identifier): int; } diff --git a/app/Http/Controllers/Admin/ApiController.php b/app/Http/Controllers/Admin/ApiController.php index 6aa7571e3a..a8f87bf536 100644 --- a/app/Http/Controllers/Admin/ApiController.php +++ b/app/Http/Controllers/Admin/ApiController.php @@ -11,7 +11,6 @@ use Pterodactyl\Services\Acl\Api\AdminAcl; use Pterodactyl\Http\Controllers\Controller; use Pterodactyl\Services\Api\KeyCreationService; -use Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface; use Pterodactyl\Http\Requests\Admin\Api\StoreApplicationApiKeyRequest; class ApiController extends Controller @@ -21,7 +20,6 @@ class ApiController extends Controller */ public function __construct( private AlertsMessageBag $alert, - private ApiKeyRepositoryInterface $repository, private KeyCreationService $keyCreationService, ) { } @@ -32,7 +30,7 @@ public function __construct( public function index(Request $request): View { return view('admin.api.index', [ - 'keys' => $this->repository->getApplicationKeys($request->user()), + 'keys' => ApiKey::query()->where('key_type', ApiKey::TYPE_APPLICATION)->get(), ]); } @@ -78,7 +76,10 @@ public function store(StoreApplicationApiKeyRequest $request): RedirectResponse */ public function delete(Request $request, string $identifier): Response { - $this->repository->deleteApplicationKey($request->user(), $identifier); + ApiKey::query() + ->where('key_type', ApiKey::TYPE_APPLICATION) + ->where('identifier', $identifier) + ->delete(); return response('', 204); } diff --git a/app/Http/Controllers/Admin/NodeAutoDeployController.php b/app/Http/Controllers/Admin/NodeAutoDeployController.php index c53d8b9a40..2be1a9111a 100644 --- a/app/Http/Controllers/Admin/NodeAutoDeployController.php +++ b/app/Http/Controllers/Admin/NodeAutoDeployController.php @@ -9,7 +9,6 @@ use Pterodactyl\Http\Controllers\Controller; use Illuminate\Contracts\Encryption\Encrypter; use Pterodactyl\Services\Api\KeyCreationService; -use Pterodactyl\Repositories\Eloquent\ApiKeyRepository; class NodeAutoDeployController extends Controller { @@ -17,7 +16,6 @@ class NodeAutoDeployController extends Controller * NodeAutoDeployController constructor. */ public function __construct( - private ApiKeyRepository $repository, private Encrypter $encrypter, private KeyCreationService $keyCreationService, ) { @@ -31,17 +29,10 @@ public function __construct( */ public function __invoke(Request $request, Node $node): JsonResponse { - /** @var ApiKey|null $key */ - $key = $this->repository->getApplicationKeys($request->user()) - ->filter(function (ApiKey $key) { - foreach ($key->getAttributes() as $permission => $value) { - if ($permission === 'r_nodes' && $value === 1) { - return true; - } - } - - return false; - }) + $key = ApiKey::query() + ->where('user_id', $request->user()->id) + ->where('key_type', ApiKey::TYPE_APPLICATION) + ->where('r_nodes', 1) ->first(); // We couldn't find a key that exists for this user with only permission for diff --git a/app/Repositories/Eloquent/ApiKeyRepository.php b/app/Repositories/Eloquent/ApiKeyRepository.php index eb1a362aed..5a63514fe0 100644 --- a/app/Repositories/Eloquent/ApiKeyRepository.php +++ b/app/Repositories/Eloquent/ApiKeyRepository.php @@ -27,16 +27,6 @@ public function getAccountKeys(User $user): Collection ->get($this->getColumns()); } - /** - * Get all the application API keys that exist for a specific user. - */ - public function getApplicationKeys(User $user): Collection - { - return $this->getBuilder()->where('user_id', $user->id) - ->where('key_type', ApiKey::TYPE_APPLICATION) - ->get($this->getColumns()); - } - /** * Delete an account API key from the panel for a specific user. */ @@ -47,15 +37,4 @@ public function deleteAccountKey(User $user, string $identifier): int ->where('identifier', $identifier) ->delete(); } - - /** - * Delete an application API key from the panel for a specific user. - */ - public function deleteApplicationKey(User $user, string $identifier): int - { - return $this->getBuilder()->where('user_id', $user->id) - ->where('key_type', ApiKey::TYPE_APPLICATION) - ->where('identifier', $identifier) - ->delete(); - } } diff --git a/resources/views/admin/api/index.blade.php b/resources/views/admin/api/index.blade.php index d863c5779a..4658ee9c8e 100644 --- a/resources/views/admin/api/index.blade.php +++ b/resources/views/admin/api/index.blade.php @@ -29,11 +29,18 @@ Memo Last Used Created + Created by @foreach($keys as $key) - {{ $key->identifier }}{{ decrypt($key->token) }} + + @if (Auth::user()->is($key->user)) + {{ $key->identifier . decrypt($key->token) }} + @else + {{ $key->identifier . '****' }} + @endif + {{ $key->memo }} @if(!is_null($key->last_used_at)) @@ -43,6 +50,9 @@ @endif @datetimeHuman($key->created_at) + + {{ $key->user->username }} +