mirror of
https://github.com/pterodactyl/panel.git
synced 2026-04-13 02:25:38 -05:00
a81c3b4d52
This is a partial implementation to begin moving towards stripe-style identifiers for resources in the system. Any models with an existing `uuid` column can easily be updated to return an identifier in the format of `prfx_xyz` where `prfx` is a four character prefix, and `xyz` is the UUID, encoded using base-32. These are quite easy to use within the API layer because we just need to do one quick transformation to extract the UUID for those models. This PR implements that logic for servers in the `SubstituteClientBindings` logic. A future PR will need to come through and handle identifiers for models that _don't_ currently use UUIDs for reference that we want to expose to clients. In those cases it is easier to just generate base-32 encoded UUID7s that get stored in the database and indexed. They follow the same base approach, but you don't need to do any transformations in the code (other than stripping the prefix, unless we decide to store the prefix). There is also now a `PTERODACTYL_USE_SERVER_IDENTIFIERS` environment variable, that when set to true, updates the front-end and API response to use this new identifier in place of the `uuidShort` value.
300 lines
9.9 KiB
PHP
300 lines
9.9 KiB
PHP
<?php
|
|
|
|
namespace Pterodactyl\Models;
|
|
|
|
use Pterodactyl\Rules\Username;
|
|
use Pterodactyl\Facades\Activity;
|
|
use Illuminate\Support\Collection;
|
|
use Illuminate\Validation\Rules\In;
|
|
use Illuminate\Auth\Authenticatable;
|
|
use Illuminate\Notifications\Notifiable;
|
|
use Illuminate\Database\Eloquent\Builder;
|
|
use Pterodactyl\Contracts\Models\Identifiable;
|
|
use Pterodactyl\Models\Traits\HasAccessTokens;
|
|
use Illuminate\Auth\Passwords\CanResetPassword;
|
|
use Pterodactyl\Traits\Helpers\AvailableLanguages;
|
|
use Illuminate\Database\Eloquent\Relations\HasMany;
|
|
use Illuminate\Foundation\Auth\Access\Authorizable;
|
|
use Pterodactyl\Models\Traits\HasRealtimeIdentifier;
|
|
use Illuminate\Database\Eloquent\Factories\HasFactory;
|
|
use Illuminate\Database\Eloquent\Relations\MorphToMany;
|
|
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
|
|
use Illuminate\Contracts\Auth\Access\Authorizable as AuthorizableContract;
|
|
use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;
|
|
use Pterodactyl\Notifications\SendPasswordReset as ResetPasswordNotification;
|
|
|
|
/**
|
|
* Pterodactyl\Models\User.
|
|
*
|
|
* @property int $id
|
|
* @property string|null $external_id
|
|
* @property string $uuid
|
|
* @property string $username
|
|
* @property string $email
|
|
* @property string|null $name_first
|
|
* @property string|null $name_last
|
|
* @property string $password
|
|
* @property string|null $remember_token
|
|
* @property string $language
|
|
* @property bool $root_admin
|
|
* @property bool $use_totp
|
|
* @property string|null $totp_secret
|
|
* @property \Illuminate\Support\Carbon|null $totp_authenticated_at
|
|
* @property bool $gravatar
|
|
* @property \Illuminate\Support\Carbon|null $created_at
|
|
* @property \Illuminate\Support\Carbon|null $updated_at
|
|
* @property \Illuminate\Database\Eloquent\Collection|\Pterodactyl\Models\ApiKey[] $apiKeys
|
|
* @property int|null $api_keys_count
|
|
* @property string $name
|
|
* @property \Illuminate\Notifications\DatabaseNotificationCollection|\Illuminate\Notifications\DatabaseNotification[] $notifications
|
|
* @property int|null $notifications_count
|
|
* @property \Illuminate\Database\Eloquent\Collection|\Pterodactyl\Models\RecoveryToken[] $recoveryTokens
|
|
* @property int|null $recovery_tokens_count
|
|
* @property \Illuminate\Database\Eloquent\Collection|\Pterodactyl\Models\Server[] $servers
|
|
* @property int|null $servers_count
|
|
* @property \Illuminate\Database\Eloquent\Collection|\Pterodactyl\Models\UserSSHKey[] $sshKeys
|
|
* @property int|null $ssh_keys_count
|
|
* @property \Illuminate\Database\Eloquent\Collection|\Pterodactyl\Models\ApiKey[] $tokens
|
|
* @property int|null $tokens_count
|
|
*
|
|
* @method static \Database\Factories\UserFactory factory(...$parameters)
|
|
* @method static Builder|User newModelQuery()
|
|
* @method static Builder|User newQuery()
|
|
* @method static Builder|User query()
|
|
* @method static Builder|User whereCreatedAt($value)
|
|
* @method static Builder|User whereEmail($value)
|
|
* @method static Builder|User whereExternalId($value)
|
|
* @method static Builder|User whereGravatar($value)
|
|
* @method static Builder|User whereId($value)
|
|
* @method static Builder|User whereLanguage($value)
|
|
* @method static Builder|User whereNameFirst($value)
|
|
* @method static Builder|User whereNameLast($value)
|
|
* @method static Builder|User wherePassword($value)
|
|
* @method static Builder|User whereRememberToken($value)
|
|
* @method static Builder|User whereRootAdmin($value)
|
|
* @method static Builder|User whereTotpAuthenticatedAt($value)
|
|
* @method static Builder|User whereTotpSecret($value)
|
|
* @method static Builder|User whereUpdatedAt($value)
|
|
* @method static Builder|User whereUseTotp($value)
|
|
* @method static Builder|User whereUsername($value)
|
|
* @method static Builder|User whereUuid($value)
|
|
*
|
|
* @mixin \Eloquent
|
|
*/
|
|
#[Attributes\Identifiable('user')]
|
|
class User extends Model implements
|
|
AuthenticatableContract,
|
|
AuthorizableContract,
|
|
CanResetPasswordContract,
|
|
Identifiable
|
|
{
|
|
use Authenticatable;
|
|
use Authorizable;
|
|
use AvailableLanguages;
|
|
use CanResetPassword;
|
|
/** @use \Pterodactyl\Models\Traits\HasAccessTokens<\Pterodactyl\Models\ApiKey> */
|
|
use HasAccessTokens;
|
|
use Notifiable;
|
|
/** @use \Illuminate\Database\Eloquent\Factories\HasFactory<\Database\Factories\UserFactory> */
|
|
use HasFactory;
|
|
use HasRealtimeIdentifier;
|
|
|
|
public const USER_LEVEL_USER = 0;
|
|
public const USER_LEVEL_ADMIN = 1;
|
|
|
|
/**
|
|
* The resource name for this model when it is transformed into an
|
|
* API representation using fractal.
|
|
*/
|
|
public const RESOURCE_NAME = 'user';
|
|
|
|
/**
|
|
* Level of servers to display when using access() on a user.
|
|
*/
|
|
protected string $accessLevel = 'all';
|
|
|
|
/**
|
|
* The table associated with the model.
|
|
*/
|
|
protected $table = 'users';
|
|
|
|
/**
|
|
* A list of mass-assignable variables.
|
|
*/
|
|
protected $fillable = [
|
|
'external_id',
|
|
'username',
|
|
'email',
|
|
'name_first',
|
|
'name_last',
|
|
'password',
|
|
'language',
|
|
'use_totp',
|
|
'totp_secret',
|
|
'totp_authenticated_at',
|
|
'gravatar',
|
|
'root_admin',
|
|
];
|
|
|
|
/**
|
|
* Cast values to correct type.
|
|
*/
|
|
protected $casts = [
|
|
'root_admin' => 'boolean',
|
|
'use_totp' => 'boolean',
|
|
'gravatar' => 'boolean',
|
|
'totp_authenticated_at' => 'datetime',
|
|
];
|
|
|
|
/**
|
|
* The attributes excluded from the model's JSON form.
|
|
*/
|
|
protected $hidden = ['password', 'remember_token', 'totp_secret', 'totp_authenticated_at'];
|
|
|
|
/**
|
|
* Default values for specific fields in the database.
|
|
*/
|
|
protected $attributes = [
|
|
'external_id' => null,
|
|
'root_admin' => false,
|
|
'language' => 'en',
|
|
'use_totp' => false,
|
|
'totp_secret' => null,
|
|
];
|
|
|
|
/**
|
|
* Rules verifying that the data being stored matches the expectations of the database.
|
|
*/
|
|
public static array $validationRules = [
|
|
'uuid' => 'required|string|size:36|unique:users,uuid',
|
|
'email' => 'required|email|between:1,191|unique:users,email',
|
|
'external_id' => 'sometimes|nullable|string|max:191|unique:users,external_id',
|
|
'username' => 'required|between:1,191|unique:users,username',
|
|
'name_first' => 'required|string|between:1,191',
|
|
'name_last' => 'required|string|between:1,191',
|
|
'password' => 'sometimes|nullable|string',
|
|
'root_admin' => 'boolean',
|
|
'language' => 'string',
|
|
'use_totp' => 'boolean',
|
|
'totp_secret' => 'nullable|string',
|
|
];
|
|
|
|
/**
|
|
* Implement language verification by overriding Eloquence's gather
|
|
* rules function.
|
|
*/
|
|
public static function getRules(): array
|
|
{
|
|
$rules = parent::getRules();
|
|
|
|
$rules['language'][] = new In(array_keys((new self())->getAvailableLanguages()));
|
|
$rules['username'][] = new Username();
|
|
|
|
return $rules;
|
|
}
|
|
|
|
/**
|
|
* Return the user model in a format that can be passed over to Vue templates.
|
|
*/
|
|
public function toVueObject(): array
|
|
{
|
|
return Collection::make($this->toArray())->except(['id', 'external_id'])
|
|
->merge(['identifier' => $this->identifier])
|
|
->toArray();
|
|
}
|
|
|
|
/**
|
|
* Send the password reset notification.
|
|
*
|
|
* @param string $token
|
|
*/
|
|
public function sendPasswordResetNotification($token)
|
|
{
|
|
Activity::event('auth:reset-password')
|
|
->withRequestMetadata()
|
|
->subject($this)
|
|
->log('sending password reset email');
|
|
|
|
$this->notify(new ResetPasswordNotification($token));
|
|
}
|
|
|
|
/**
|
|
* Store the username as a lowercase string.
|
|
*/
|
|
public function setUsernameAttribute(string $value)
|
|
{
|
|
$this->attributes['username'] = mb_strtolower($value);
|
|
}
|
|
|
|
/**
|
|
* Return a concatenated result for the accounts full name.
|
|
*/
|
|
public function getNameAttribute(): string
|
|
{
|
|
return trim($this->name_first . ' ' . $this->name_last);
|
|
}
|
|
|
|
/**
|
|
* Returns all servers that a user owns.
|
|
*
|
|
* @return \Illuminate\Database\Eloquent\Relations\HasMany<\Pterodactyl\Models\Server, $this>
|
|
*/
|
|
public function servers(): HasMany
|
|
{
|
|
return $this->hasMany(Server::class, 'owner_id');
|
|
}
|
|
|
|
/**
|
|
* @return \Illuminate\Database\Eloquent\Relations\HasMany<\Pterodactyl\Models\ApiKey, $this>
|
|
*/
|
|
public function apiKeys(): HasMany
|
|
{
|
|
return $this->hasMany(ApiKey::class)
|
|
->where('key_type', ApiKey::TYPE_ACCOUNT);
|
|
}
|
|
|
|
/**
|
|
* @return \Illuminate\Database\Eloquent\Relations\HasMany<\Pterodactyl\Models\RecoveryToken, $this>
|
|
*/
|
|
public function recoveryTokens(): HasMany
|
|
{
|
|
return $this->hasMany(RecoveryToken::class);
|
|
}
|
|
|
|
/**
|
|
* @return \Illuminate\Database\Eloquent\Relations\HasMany<\Pterodactyl\Models\UserSSHKey, $this>
|
|
*/
|
|
public function sshKeys(): HasMany
|
|
{
|
|
return $this->hasMany(UserSSHKey::class);
|
|
}
|
|
|
|
/**
|
|
* Returns all the activity logs where this user is the subject — not to
|
|
* be confused by activity logs where this user is the _actor_.
|
|
*
|
|
* @return \Illuminate\Database\Eloquent\Relations\MorphToMany<\Pterodactyl\Models\ActivityLog, $this>
|
|
*/
|
|
public function activity(): MorphToMany
|
|
{
|
|
return $this->morphToMany(ActivityLog::class, 'subject', 'activity_log_subjects');
|
|
}
|
|
|
|
/**
|
|
* Returns all the servers that a user can access by way of being the owner of the
|
|
* server, or because they are assigned as a subuser for that server.
|
|
*
|
|
* @return \Illuminate\Database\Eloquent\Builder<\Pterodactyl\Models\Server>
|
|
*/
|
|
public function accessibleServers(): Builder
|
|
{
|
|
return Server::query()
|
|
->select('servers.*')
|
|
->leftJoin('subusers', 'subusers.server_id', '=', 'servers.id')
|
|
->where(function (Builder $builder) {
|
|
$builder->where('servers.owner_id', $this->id)->orWhere('subusers.user_id', $this->id);
|
|
})
|
|
->groupBy('servers.id');
|
|
}
|
|
}
|