mirror of
				https://github.com/pelican-dev/panel.git
				synced 2025-10-25 01:26:51 +02:00 
			
		
		
		
	Ensure we don't cause a mess with the auth providers
This commit is contained in:
		
							parent
							
								
									3ae70efc14
								
							
						
					
					
						commit
						dca53611ff
					
				| @ -2,6 +2,7 @@ | |||||||
| 
 | 
 | ||||||
| namespace Pterodactyl\Http; | namespace Pterodactyl\Http; | ||||||
| 
 | 
 | ||||||
|  | use Fruitcake\Cors\HandleCors; | ||||||
| use Illuminate\Auth\Middleware\Authorize; | use Illuminate\Auth\Middleware\Authorize; | ||||||
| use Illuminate\Auth\Middleware\Authenticate; | use Illuminate\Auth\Middleware\Authenticate; | ||||||
| use Illuminate\Http\Middleware\TrustProxies; | use Illuminate\Http\Middleware\TrustProxies; | ||||||
| @ -26,9 +27,9 @@ use Illuminate\Foundation\Http\Middleware\ValidatePostSize; | |||||||
| use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse; | use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse; | ||||||
| use Pterodactyl\Http\Middleware\Api\Daemon\DaemonAuthenticate; | use Pterodactyl\Http\Middleware\Api\Daemon\DaemonAuthenticate; | ||||||
| use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication; | use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication; | ||||||
| use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode; |  | ||||||
| use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull; | use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull; | ||||||
| use Pterodactyl\Http\Middleware\Api\Client\SubstituteClientBindings; | use Pterodactyl\Http\Middleware\Api\Client\SubstituteClientBindings; | ||||||
|  | use Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance; | ||||||
| use Pterodactyl\Http\Middleware\Api\Application\AuthenticateApplicationUser; | use Pterodactyl\Http\Middleware\Api\Application\AuthenticateApplicationUser; | ||||||
| 
 | 
 | ||||||
| class Kernel extends HttpKernel | class Kernel extends HttpKernel | ||||||
| @ -39,12 +40,12 @@ class Kernel extends HttpKernel | |||||||
|      * @var array |      * @var array | ||||||
|      */ |      */ | ||||||
|     protected $middleware = [ |     protected $middleware = [ | ||||||
|         CheckForMaintenanceMode::class, |         TrustProxies::class, | ||||||
|         EncryptCookies::class, |         HandleCors::class, | ||||||
|  |         PreventRequestsDuringMaintenance::class, | ||||||
|         ValidatePostSize::class, |         ValidatePostSize::class, | ||||||
|         TrimStrings::class, |         TrimStrings::class, | ||||||
|         ConvertEmptyStringsToNull::class, |         ConvertEmptyStringsToNull::class, | ||||||
|         TrustProxies::class, |  | ||||||
|     ]; |     ]; | ||||||
| 
 | 
 | ||||||
|     /** |     /** | ||||||
| @ -54,14 +55,13 @@ class Kernel extends HttpKernel | |||||||
|      */ |      */ | ||||||
|     protected $middlewareGroups = [ |     protected $middlewareGroups = [ | ||||||
|         'web' => [ |         'web' => [ | ||||||
|  |             EncryptCookies::class, | ||||||
|             AddQueuedCookiesToResponse::class, |             AddQueuedCookiesToResponse::class, | ||||||
|             StartSession::class, |             StartSession::class, | ||||||
|             AuthenticateSession::class, |  | ||||||
|             ShareErrorsFromSession::class, |             ShareErrorsFromSession::class, | ||||||
|             VerifyCsrfToken::class, |             VerifyCsrfToken::class, | ||||||
|             SubstituteBindings::class, |             SubstituteBindings::class, | ||||||
|             LanguageMiddleware::class, |             LanguageMiddleware::class, | ||||||
|             RequireTwoFactorAuthentication::class, |  | ||||||
|         ], |         ], | ||||||
|         'api' => [ |         'api' => [ | ||||||
|             EnsureStatefulRequests::class, |             EnsureStatefulRequests::class, | ||||||
| @ -91,6 +91,7 @@ class Kernel extends HttpKernel | |||||||
|     protected $routeMiddleware = [ |     protected $routeMiddleware = [ | ||||||
|         'auth' => Authenticate::class, |         'auth' => Authenticate::class, | ||||||
|         'auth.basic' => AuthenticateWithBasicAuth::class, |         'auth.basic' => AuthenticateWithBasicAuth::class, | ||||||
|  |         'auth.session' => AuthenticateSession::class, | ||||||
|         'guest' => RedirectIfAuthenticated::class, |         'guest' => RedirectIfAuthenticated::class, | ||||||
|         'csrf' => VerifyCsrfToken::class, |         'csrf' => VerifyCsrfToken::class, | ||||||
|         'throttle' => ThrottleRequests::class, |         'throttle' => ThrottleRequests::class, | ||||||
|  | |||||||
| @ -9,6 +9,7 @@ use Illuminate\Cache\RateLimiting\Limit; | |||||||
| use Illuminate\Support\Facades\RateLimiter; | use Illuminate\Support\Facades\RateLimiter; | ||||||
| use Pterodactyl\Http\Middleware\TrimStrings; | use Pterodactyl\Http\Middleware\TrimStrings; | ||||||
| use Pterodactyl\Http\Middleware\AdminAuthenticate; | use Pterodactyl\Http\Middleware\AdminAuthenticate; | ||||||
|  | use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication; | ||||||
| use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider; | use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider; | ||||||
| 
 | 
 | ||||||
| class RouteServiceProvider extends ServiceProvider | class RouteServiceProvider extends ServiceProvider | ||||||
| @ -35,12 +36,17 @@ class RouteServiceProvider extends ServiceProvider | |||||||
| 
 | 
 | ||||||
|         $this->routes(function () { |         $this->routes(function () { | ||||||
|             Route::middleware('web')->group(function () { |             Route::middleware('web')->group(function () { | ||||||
|                 Route::middleware('auth')->group(base_path('routes/base.php')); |                 Route::middleware(['auth.session', RequireTwoFactorAuthentication::class]) | ||||||
|  |                     ->group(base_path('routes/base.php')); | ||||||
|  | 
 | ||||||
|  |                 Route::middleware(['auth.session', RequireTwoFactorAuthentication::class, AdminAuthenticate::class]) | ||||||
|  |                     ->prefix('/admin') | ||||||
|  |                     ->group(base_path('routes/admin.php')); | ||||||
|  | 
 | ||||||
|                 Route::middleware('guest')->prefix('/auth')->group(base_path('routes/auth.php')); |                 Route::middleware('guest')->prefix('/auth')->group(base_path('routes/auth.php')); | ||||||
|                 Route::middleware(['auth', AdminAuthenticate::class])->prefix('/admin')->group(base_path('routes/admin.php')); |  | ||||||
|             }); |             }); | ||||||
| 
 | 
 | ||||||
|             Route::middleware('api')->group(function () { |             Route::middleware(['api', RequireTwoFactorAuthentication::class])->group(function () { | ||||||
|                 Route::middleware(['application-api', 'throttle:api.application']) |                 Route::middleware(['application-api', 'throttle:api.application']) | ||||||
|                     ->prefix('/api/application') |                     ->prefix('/api/application') | ||||||
|                     ->scopeBindings() |                     ->scopeBindings() | ||||||
|  | |||||||
| @ -19,6 +19,7 @@ | |||||||
|         "ext-zip": "*", |         "ext-zip": "*", | ||||||
|         "aws/aws-sdk-php": "^3.171", |         "aws/aws-sdk-php": "^3.171", | ||||||
|         "doctrine/dbal": "~2.13.9", |         "doctrine/dbal": "~2.13.9", | ||||||
|  |         "fruitcake/laravel-cors": "~3.0.0", | ||||||
|         "guzzlehttp/guzzle": "~7.4.2", |         "guzzlehttp/guzzle": "~7.4.2", | ||||||
|         "hashids/hashids": "~4.1.0", |         "hashids/hashids": "~4.1.0", | ||||||
|         "laracasts/utilities": "~3.2.1", |         "laracasts/utilities": "~3.2.1", | ||||||
|  | |||||||
							
								
								
									
										152
									
								
								composer.lock
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										152
									
								
								composer.lock
									
									
									
										generated
									
									
									
								
							| @ -4,7 +4,7 @@ | |||||||
|         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", |         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", | ||||||
|         "This file is @generated automatically" |         "This file is @generated automatically" | ||||||
|     ], |     ], | ||||||
|     "content-hash": "0368e946c40456bcd1fb007bfc3e7bf0", |     "content-hash": "3bd4e0acecbf871892a813141facfaea", | ||||||
|     "packages": [ |     "packages": [ | ||||||
|         { |         { | ||||||
|             "name": "aws/aws-crt-php", |             "name": "aws/aws-crt-php", | ||||||
| @ -923,6 +923,156 @@ | |||||||
|             ], |             ], | ||||||
|             "time": "2020-12-29T14:50:06+00:00" |             "time": "2020-12-29T14:50:06+00:00" | ||||||
|         }, |         }, | ||||||
|  |         { | ||||||
|  |             "name": "fruitcake/laravel-cors", | ||||||
|  |             "version": "v3.0.0", | ||||||
|  |             "source": { | ||||||
|  |                 "type": "git", | ||||||
|  |                 "url": "https://github.com/fruitcake/laravel-cors.git", | ||||||
|  |                 "reference": "7c036ec08972d8d5d9db637e772af6887828faf5" | ||||||
|  |             }, | ||||||
|  |             "dist": { | ||||||
|  |                 "type": "zip", | ||||||
|  |                 "url": "https://api.github.com/repos/fruitcake/laravel-cors/zipball/7c036ec08972d8d5d9db637e772af6887828faf5", | ||||||
|  |                 "reference": "7c036ec08972d8d5d9db637e772af6887828faf5", | ||||||
|  |                 "shasum": "" | ||||||
|  |             }, | ||||||
|  |             "require": { | ||||||
|  |                 "fruitcake/php-cors": "^1.2", | ||||||
|  |                 "illuminate/contracts": "^6|^7|^8|^9", | ||||||
|  |                 "illuminate/support": "^6|^7|^8|^9", | ||||||
|  |                 "php": "^7.4|^8.0" | ||||||
|  |             }, | ||||||
|  |             "require-dev": { | ||||||
|  |                 "laravel/framework": "^6|^7.24|^8", | ||||||
|  |                 "orchestra/testbench-dusk": "^4|^5|^6|^7", | ||||||
|  |                 "phpunit/phpunit": "^9", | ||||||
|  |                 "squizlabs/php_codesniffer": "^3.5" | ||||||
|  |             }, | ||||||
|  |             "type": "library", | ||||||
|  |             "extra": { | ||||||
|  |                 "branch-alias": { | ||||||
|  |                     "dev-master": "3.0-dev" | ||||||
|  |                 }, | ||||||
|  |                 "laravel": { | ||||||
|  |                     "providers": [ | ||||||
|  |                         "Fruitcake\\Cors\\CorsServiceProvider" | ||||||
|  |                     ] | ||||||
|  |                 } | ||||||
|  |             }, | ||||||
|  |             "autoload": { | ||||||
|  |                 "psr-4": { | ||||||
|  |                     "Fruitcake\\Cors\\": "src/" | ||||||
|  |                 } | ||||||
|  |             }, | ||||||
|  |             "notification-url": "https://packagist.org/downloads/", | ||||||
|  |             "license": [ | ||||||
|  |                 "MIT" | ||||||
|  |             ], | ||||||
|  |             "authors": [ | ||||||
|  |                 { | ||||||
|  |                     "name": "Fruitcake", | ||||||
|  |                     "homepage": "https://fruitcake.nl" | ||||||
|  |                 }, | ||||||
|  |                 { | ||||||
|  |                     "name": "Barry vd. Heuvel", | ||||||
|  |                     "email": "barryvdh@gmail.com" | ||||||
|  |                 } | ||||||
|  |             ], | ||||||
|  |             "description": "Adds CORS (Cross-Origin Resource Sharing) headers support in your Laravel application", | ||||||
|  |             "keywords": [ | ||||||
|  |                 "api", | ||||||
|  |                 "cors", | ||||||
|  |                 "crossdomain", | ||||||
|  |                 "laravel" | ||||||
|  |             ], | ||||||
|  |             "support": { | ||||||
|  |                 "issues": "https://github.com/fruitcake/laravel-cors/issues", | ||||||
|  |                 "source": "https://github.com/fruitcake/laravel-cors/tree/v3.0.0" | ||||||
|  |             }, | ||||||
|  |             "funding": [ | ||||||
|  |                 { | ||||||
|  |                     "url": "https://fruitcake.nl", | ||||||
|  |                     "type": "custom" | ||||||
|  |                 }, | ||||||
|  |                 { | ||||||
|  |                     "url": "https://github.com/barryvdh", | ||||||
|  |                     "type": "github" | ||||||
|  |                 } | ||||||
|  |             ], | ||||||
|  |             "time": "2022-02-23T14:53:22+00:00" | ||||||
|  |         }, | ||||||
|  |         { | ||||||
|  |             "name": "fruitcake/php-cors", | ||||||
|  |             "version": "v1.2.0", | ||||||
|  |             "source": { | ||||||
|  |                 "type": "git", | ||||||
|  |                 "url": "https://github.com/fruitcake/php-cors.git", | ||||||
|  |                 "reference": "58571acbaa5f9f462c9c77e911700ac66f446d4e" | ||||||
|  |             }, | ||||||
|  |             "dist": { | ||||||
|  |                 "type": "zip", | ||||||
|  |                 "url": "https://api.github.com/repos/fruitcake/php-cors/zipball/58571acbaa5f9f462c9c77e911700ac66f446d4e", | ||||||
|  |                 "reference": "58571acbaa5f9f462c9c77e911700ac66f446d4e", | ||||||
|  |                 "shasum": "" | ||||||
|  |             }, | ||||||
|  |             "require": { | ||||||
|  |                 "php": "^7.4|^8.0", | ||||||
|  |                 "symfony/http-foundation": "^4.4|^5.4|^6" | ||||||
|  |             }, | ||||||
|  |             "require-dev": { | ||||||
|  |                 "phpstan/phpstan": "^1.4", | ||||||
|  |                 "phpunit/phpunit": "^9", | ||||||
|  |                 "squizlabs/php_codesniffer": "^3.5" | ||||||
|  |             }, | ||||||
|  |             "type": "library", | ||||||
|  |             "extra": { | ||||||
|  |                 "branch-alias": { | ||||||
|  |                     "dev-main": "1.1-dev" | ||||||
|  |                 } | ||||||
|  |             }, | ||||||
|  |             "autoload": { | ||||||
|  |                 "psr-4": { | ||||||
|  |                     "Fruitcake\\Cors\\": "src/" | ||||||
|  |                 } | ||||||
|  |             }, | ||||||
|  |             "notification-url": "https://packagist.org/downloads/", | ||||||
|  |             "license": [ | ||||||
|  |                 "MIT" | ||||||
|  |             ], | ||||||
|  |             "authors": [ | ||||||
|  |                 { | ||||||
|  |                     "name": "Fruitcake", | ||||||
|  |                     "homepage": "https://fruitcake.nl" | ||||||
|  |                 }, | ||||||
|  |                 { | ||||||
|  |                     "name": "Barryvdh", | ||||||
|  |                     "email": "barryvdh@gmail.com" | ||||||
|  |                 } | ||||||
|  |             ], | ||||||
|  |             "description": "Cross-origin resource sharing library for the Symfony HttpFoundation", | ||||||
|  |             "homepage": "https://github.com/fruitcake/php-cors", | ||||||
|  |             "keywords": [ | ||||||
|  |                 "cors", | ||||||
|  |                 "laravel", | ||||||
|  |                 "symfony" | ||||||
|  |             ], | ||||||
|  |             "support": { | ||||||
|  |                 "issues": "https://github.com/fruitcake/php-cors/issues", | ||||||
|  |                 "source": "https://github.com/fruitcake/php-cors/tree/v1.2.0" | ||||||
|  |             }, | ||||||
|  |             "funding": [ | ||||||
|  |                 { | ||||||
|  |                     "url": "https://fruitcake.nl", | ||||||
|  |                     "type": "custom" | ||||||
|  |                 }, | ||||||
|  |                 { | ||||||
|  |                     "url": "https://github.com/barryvdh", | ||||||
|  |                     "type": "github" | ||||||
|  |                 } | ||||||
|  |             ], | ||||||
|  |             "time": "2022-02-20T15:07:15+00:00" | ||||||
|  |         }, | ||||||
|         { |         { | ||||||
|             "name": "graham-campbell/result-type", |             "name": "graham-campbell/result-type", | ||||||
|             "version": "v1.0.4", |             "version": "v1.0.4", | ||||||
|  | |||||||
							
								
								
									
										59
									
								
								config/cors.php
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										59
									
								
								config/cors.php
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,59 @@ | |||||||
|  | <?php | ||||||
|  | 
 | ||||||
|  | return [ | ||||||
|  |     /* | ||||||
|  |     |-------------------------------------------------------------------------- | ||||||
|  |     | Laravel CORS Options | ||||||
|  |     |-------------------------------------------------------------------------- | ||||||
|  |     | | ||||||
|  |     | The allowed_methods and allowed_headers options are case-insensitive. | ||||||
|  |     | | ||||||
|  |     | You don't need to provide both allowed_origins and allowed_origins_patterns. | ||||||
|  |     | If one of the strings passed matches, it is considered a valid origin. | ||||||
|  |     | | ||||||
|  |     | If ['*'] is provided to allowed_methods, allowed_origins or allowed_headers | ||||||
|  |     | all methods / origins / headers are allowed. | ||||||
|  |     | | ||||||
|  |     */ | ||||||
|  | 
 | ||||||
|  |     /* | ||||||
|  |      * You can enable CORS for 1 or multiple paths. | ||||||
|  |      * Example: ['api/*'] | ||||||
|  |      */ | ||||||
|  |     'paths' => ['/api/client', '/api/application', '/api/client/*', '/api/application/*'], | ||||||
|  | 
 | ||||||
|  |     /* | ||||||
|  |      * Matches the request method. `['*']` allows all methods. | ||||||
|  |      */ | ||||||
|  |     'allowed_methods' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD'], | ||||||
|  | 
 | ||||||
|  |     /* | ||||||
|  |      * Matches the request origin. `['*']` allows all origins. Wildcards can be used, eg `*.mydomain.com` | ||||||
|  |      */ | ||||||
|  |     'allowed_origins' => explode(',', env('APP_CORS_ALLOWED_ORIGINS') ?? ''), | ||||||
|  | 
 | ||||||
|  |     /* | ||||||
|  |      * Patterns that can be used with `preg_match` to match the origin. | ||||||
|  |      */ | ||||||
|  |     'allowed_origins_patterns' => [], | ||||||
|  | 
 | ||||||
|  |     /* | ||||||
|  |      * Sets the Access-Control-Allow-Headers response header. `['*']` allows all headers. | ||||||
|  |      */ | ||||||
|  |     'allowed_headers' => ['*'], | ||||||
|  | 
 | ||||||
|  |     /* | ||||||
|  |      * Sets the Access-Control-Expose-Headers response header with these headers. | ||||||
|  |      */ | ||||||
|  |     'exposed_headers' => [], | ||||||
|  | 
 | ||||||
|  |     /* | ||||||
|  |      * Sets the Access-Control-Max-Age response header when > 0. | ||||||
|  |      */ | ||||||
|  |     'max_age' => 0, | ||||||
|  | 
 | ||||||
|  |     /* | ||||||
|  |      * Sets the Access-Control-Allow-Credentials header. | ||||||
|  |      */ | ||||||
|  |     'supports_credentials' => true, | ||||||
|  | ]; | ||||||
| @ -14,11 +14,12 @@ export interface LoginData { | |||||||
| 
 | 
 | ||||||
| export default ({ username, password, recaptchaData }: LoginData): Promise<LoginResponse> => { | export default ({ username, password, recaptchaData }: LoginData): Promise<LoginResponse> => { | ||||||
|     return new Promise((resolve, reject) => { |     return new Promise((resolve, reject) => { | ||||||
|         http.post('/auth/login', { |         http.get('/sanctum/csrf-cookie') | ||||||
|             user: username, |             .then(() => http.post('/auth/login', { | ||||||
|             password, |                 user: username, | ||||||
|             'g-recaptcha-response': recaptchaData, |                 password, | ||||||
|         }) |                 'g-recaptcha-response': recaptchaData, | ||||||
|  |             })) | ||||||
|             .then(response => { |             .then(response => { | ||||||
|                 if (!(response.data instanceof Object)) { |                 if (!(response.data instanceof Object)) { | ||||||
|                     return reject(new Error('An error occurred while processing the login request.')); |                     return reject(new Error('An error occurred while processing the login request.')); | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	 DaneEveritt
						DaneEveritt