Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
pterodactyl
GitHub Repository: pterodactyl/panel
 Path: blob/1.0-develop/app/Http/Requests/Api/Application/ApplicationApiRequest.php
10266 views
1
<?php

2


3
namespace Pterodactyl\Http\Requests\Api\Application;

4


5
use Webmozart\Assert\Assert;

6
use Pterodactyl\Models\ApiKey;

7
use Laravel\Sanctum\TransientToken;

8
use Illuminate\Validation\Validator;

9
use Illuminate\Database\Eloquent\Model;

10
use Pterodactyl\Services\Acl\Api\AdminAcl;

11
use Illuminate\Foundation\Http\FormRequest;

12
use Pterodactyl\Exceptions\PterodactylException;

13


14
abstract class ApplicationApiRequest extends FormRequest

15
{

16
    /**

17
     * The resource that should be checked when performing the authorization

18
     * function for this request.

19
     */

20
    protected ?string $resource;

21


22
    /**

23
     * The permission level that a given API key should have for accessing

24
     * the defined $resource during the request cycle.

25
     */

26
    protected int $permission = AdminAcl::NONE;

27


28
    /**

29
     * Determine if the current user is authorized to perform

30
     * the requested action against the API.

31
     *

32
     * @throws PterodactylException

33
     */

34
    public function authorize(): bool

35
    {

36
        if (is_null($this->resource)) {

37
            throw new PterodactylException('An ACL resource must be defined on API requests.');

38
        }

39


40
        $token = $this->user()->currentAccessToken();

41
        if ($token instanceof TransientToken) { // @phpstan-ignore instanceof.alwaysFalse

42
            return true;

43
        }

44


45
        if ($token->key_type === ApiKey::TYPE_ACCOUNT) {

46
            return true;

47
        }

48


49
        return AdminAcl::check($token, $this->resource, $this->permission);

50
    }

51


52
    /**

53
     * Default set of rules to apply to API requests.

54
     */

55
    public function rules(): array

56
    {

57
        return [];

58
    }

59


60
    /**

61
     * Helper method allowing a developer to easily hook into this logic without having

62
     * to remember what the method name is called or where to use it. By default this is

63
     * a no-op.

64
     */

65
    public function withValidator(Validator $validator): void

66
    {

67
        // do nothing

68
    }

69


70
    /**

71
     * Returns the named route parameter and asserts that it is a real model that

72
     * exists in the database.

73
     *

74
     * @template T of \Illuminate\Database\Eloquent\Model

75
     *

76
     * @param class-string<T> $expect

77
     *

78
     * @return T

79
     *

80
     * @noinspection PhpDocSignatureInspection

81
     */

82
    public function parameter(string $key, string $expect)

83
    {

84
        $value = $this->route()->parameter($key);

85


86
        Assert::isInstanceOf($value, $expect);

87
        Assert::isInstanceOf($value, Model::class); // @phpstan-ignore staticMethod.alreadyNarrowedType

88
        Assert::true($value->exists);

89


90
        /* @var T $value */

91
        return $value;

92
    }

93
}

94


95