1
<?php
2

3
namespace Pterodactyl\Models;
4

5
use Pterodactyl\Rules\Username;
6
use Pterodactyl\Facades\Activity;
7
use Illuminate\Support\Collection;
8
use Illuminate\Validation\Rules\In;
9
use Illuminate\Auth\Authenticatable;
10
use Illuminate\Notifications\Notifiable;
11
use Illuminate\Database\Eloquent\Builder;
12
use Pterodactyl\Models\Traits\HasAccessTokens;
13
use Illuminate\Auth\Passwords\CanResetPassword;
14
use Pterodactyl\Traits\Helpers\AvailableLanguages;
15
use Illuminate\Database\Eloquent\Relations\HasMany;
16
use Illuminate\Foundation\Auth\Access\Authorizable;
17
use Illuminate\Database\Eloquent\Factories\HasFactory;
18
use Illuminate\Database\Eloquent\Relations\MorphToMany;
19
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
20
use Illuminate\Contracts\Auth\Access\Authorizable as AuthorizableContract;
21
use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;
22
use Pterodactyl\Notifications\SendPasswordReset as ResetPasswordNotification;
23

24
/**
25
 * Pterodactyl\Models\User.
26
 *
27
 * @property int $id
28
 * @property string|null $external_id
29
 * @property string $uuid
30
 * @property string $username
31
 * @property string $email
32
 * @property string|null $name_first
33
 * @property string|null $name_last
34
 * @property string $password
35
 * @property string|null $remember_token
36
 * @property string $language
37
 * @property bool $root_admin
38
 * @property bool $use_totp
39
 * @property string|null $totp_secret
40
 * @property \Illuminate\Support\Carbon|null $totp_authenticated_at
41
 * @property bool $gravatar
42
 * @property \Illuminate\Support\Carbon|null $created_at
43
 * @property \Illuminate\Support\Carbon|null $updated_at
44
 * @property \Illuminate\Database\Eloquent\Collection|\Pterodactyl\Models\ApiKey[] $apiKeys
45
 * @property int|null $api_keys_count
46
 * @property string $name
47
 * @property \Illuminate\Notifications\DatabaseNotificationCollection|\Illuminate\Notifications\DatabaseNotification[] $notifications
48
 * @property int|null $notifications_count
49
 * @property \Illuminate\Database\Eloquent\Collection|\Pterodactyl\Models\RecoveryToken[] $recoveryTokens
50
 * @property int|null $recovery_tokens_count
51
 * @property \Illuminate\Database\Eloquent\Collection|\Pterodactyl\Models\Server[] $servers
52
 * @property int|null $servers_count
53
 * @property \Illuminate\Database\Eloquent\Collection|\Pterodactyl\Models\UserSSHKey[] $sshKeys
54
 * @property int|null $ssh_keys_count
55
 * @property \Illuminate\Database\Eloquent\Collection|\Pterodactyl\Models\ApiKey[] $tokens
56
 * @property int|null $tokens_count
57
 *
58
 * @method static \Database\Factories\UserFactory factory(...$parameters)
59
 * @method static Builder|User newModelQuery()
60
 * @method static Builder|User newQuery()
61
 * @method static Builder|User query()
62
 * @method static Builder|User whereCreatedAt($value)
63
 * @method static Builder|User whereEmail($value)
64
 * @method static Builder|User whereExternalId($value)
65
 * @method static Builder|User whereGravatar($value)
66
 * @method static Builder|User whereId($value)
67
 * @method static Builder|User whereLanguage($value)
68
 * @method static Builder|User whereNameFirst($value)
69
 * @method static Builder|User whereNameLast($value)
70
 * @method static Builder|User wherePassword($value)
71
 * @method static Builder|User whereRememberToken($value)
72
 * @method static Builder|User whereRootAdmin($value)
73
 * @method static Builder|User whereTotpAuthenticatedAt($value)
74
 * @method static Builder|User whereTotpSecret($value)
75
 * @method static Builder|User whereUpdatedAt($value)
76
 * @method static Builder|User whereUseTotp($value)
77
 * @method static Builder|User whereUsername($value)
78
 * @method static Builder|User whereUuid($value)
79
 *
80
 * @mixin \Eloquent
81
 */
82
class User extends Model implements
83
    AuthenticatableContract,
84
    AuthorizableContract,
85
    CanResetPasswordContract
86
{
87
    use Authenticatable;
88
    use Authorizable;
89
    use AvailableLanguages;
90
    use CanResetPassword;
91
    use HasAccessTokens;
92
    use Notifiable;
93
    /** @use HasFactory<\Database\Factories\UserFactory> */
94
    use HasFactory;
95

96
    public const USER_LEVEL_USER = 0;
97
    public const USER_LEVEL_ADMIN = 1;
98

99
    /**
100
     * The resource name for this model when it is transformed into an
101
     * API representation using fractal.
102
     */
103
    public const RESOURCE_NAME = 'user';
104

105
    /**
106
     * Level of servers to display when using access() on a user.
107
     */
108
    protected string $accessLevel = 'all';
109

110
    /**
111
     * The table associated with the model.
112
     */
113
    protected $table = 'users';
114

115
    /**
116
     * A list of mass-assignable variables.
117
     */
118
    protected $fillable = [
119
        'external_id',
120
        'username',
121
        'email',
122
        'name_first',
123
        'name_last',
124
        'password',
125
        'language',
126
        'use_totp',
127
        'totp_secret',
128
        'totp_authenticated_at',
129
        'gravatar',
130
        'root_admin',
131
    ];
132

133
    /**
134
     * Cast values to correct type.
135
     */
136
    protected $casts = [
137
        'root_admin' => 'boolean',
138
        'use_totp' => 'boolean',
139
        'gravatar' => 'boolean',
140
        'totp_authenticated_at' => 'datetime',
141
    ];
142

143
    /**
144
     * The attributes excluded from the model's JSON form.
145
     */
146
    protected $hidden = ['password', 'remember_token', 'totp_secret', 'totp_authenticated_at'];
147

148
    /**
149
     * Default values for specific fields in the database.
150
     */
151
    protected $attributes = [
152
        'external_id' => null,
153
        'root_admin' => false,
154
        'language' => 'en',
155
        'use_totp' => false,
156
        'totp_secret' => null,
157
    ];
158

159
    /**
160
     * Rules verifying that the data being stored matches the expectations of the database.
161
     */
162
    public static array $validationRules = [
163
        'uuid' => 'required|string|size:36|unique:users,uuid',
164
        'email' => 'required|email|between:1,191|unique:users,email',
165
        'external_id' => 'sometimes|nullable|string|max:191|unique:users,external_id',
166
        'username' => 'required|between:1,191|unique:users,username',
167
        'name_first' => 'required|string|between:1,191',
168
        'name_last' => 'required|string|between:1,191',
169
        'password' => 'sometimes|nullable|string',
170
        'root_admin' => 'boolean',
171
        'language' => 'string',
172
        'use_totp' => 'boolean',
173
        'totp_secret' => 'nullable|string',
174
    ];
175

176
    /**
177
     * Implement language verification by overriding Eloquence's gather
178
     * rules function.
179
     */
180
    public static function getRules(): array
181
    {
182
        $rules = parent::getRules();
183

184
        $rules['language'][] = new In(array_keys((new self())->getAvailableLanguages()));
185
        $rules['username'][] = new Username();
186

187
        return $rules;
188
    }
189

190
    /**
191
     * Return the user model in a format that can be passed over to Vue templates.
192
     */
193
    public function toVueObject(): array
194
    {
195
        return Collection::make($this->toArray())->except(['id', 'external_id'])->toArray();
196
    }
197

198
    /**
199
     * Send the password reset notification.
200
     *
201
     * @param string $token
202
     */
203
    public function sendPasswordResetNotification($token)
204
    {
205
        Activity::event('auth:reset-password')
206
            ->withRequestMetadata()
207
            ->subject($this)
208
            ->log('sending password reset email');
209

210
        $this->notify(new ResetPasswordNotification($token));
211
    }
212

213
    /**
214
     * Store the username as a lowercase string.
215
     */
216
    public function setUsernameAttribute(string $value)
217
    {
218
        $this->attributes['username'] = mb_strtolower($value);
219
    }
220

221
    /**
222
     * Return a concatenated result for the accounts full name.
223
     */
224
    public function getNameAttribute(): string
225
    {
226
        return trim($this->name_first . ' ' . $this->name_last);
227
    }
228

229
    /**
230
     * Returns all servers that a user owns.
231
     */
232
    public function servers(): HasMany
233
    {
234
        return $this->hasMany(Server::class, 'owner_id');
235
    }
236

237
    public function apiKeys(): HasMany
238
    {
239
        return $this->hasMany(ApiKey::class)
240
            ->where('key_type', ApiKey::TYPE_ACCOUNT);
241
    }
242

243
    public function recoveryTokens(): HasMany
244
    {
245
        return $this->hasMany(RecoveryToken::class);
246
    }
247

248
    public function sshKeys(): HasMany
249
    {
250
        return $this->hasMany(UserSSHKey::class);
251
    }
252

253
    /**
254
     * Returns all the activity logs where this user is the subject — not to
255
     * be confused by activity logs where this user is the _actor_.
256
     */
257
    public function activity(): MorphToMany
258
    {
259
        return $this->morphToMany(ActivityLog::class, 'subject', 'activity_log_subjects');
260
    }
261

262
    /**
263
     * Returns all the servers that a user can access by way of being the owner of the
264
     * server, or because they are assigned as a subuser for that server.
265
     */
266
    public function accessibleServers(): Builder
267
    {
268
        return Server::query()
269
            ->select('servers.*')
270
            ->leftJoin('subusers', 'subusers.server_id', '=', 'servers.id')
271
            ->where(function (Builder $builder) {
272
                $builder->where('servers.owner_id', $this->id)->orWhere('subusers.user_id', $this->id);
273
            })
274
            ->groupBy('servers.id');
275
    }
276
}
277

278