This PR closes Issue #5175.
For context, I am aware that Application API Keys are deprecated in
favour of Client API Keys however they are still operational within
Pterodactyl and thus, not fully removed.
Currently in Pterodactyl, as an Admin, you can only view your
Application API Keys on the Admin Panel. In this PR, I made it so all
Application Keys are visible and deletable. The key strings are
obfuscated if the key does not belong to the user viewing.
The reason for adding this is primarily so other admin users can be
aware of and delete another admin user's Application API keys from the
UI. This functionality is useful in the event of a malicious user
compromising an admin account, creating some API Keys to continue their
attacks and the owner of the compromised admin account being unaware of
Application API Keys. In this instance, even after a password reset, the
attack could continue via the Application API without the admin
realising it.
I've tested the creation and deleting of keys along with using keys via
the Application API to ensure no breakages have occurred.
---------
Co-authored-by: DaneEveritt <dane@daneeveritt.com>
Main difference is permissions, cleaner UI for normal users, and account keys use permissions assigned to servers and subusers while application keys use R/W ACLs stored in the key table.
