banquise/pelican-panel-mirror
13
0
Fork 1
mirror of https://github.com/pelican-dev/panel.git synced 2025-11-04 09:26:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
pelican-panel-mirror/app/Http/Controllers/Api/Client/Servers/WebsocketController.php
Boy132 9f35f1c3ee
Enable "ordered imports" (#1746)
2025-09-24 13:34:19 +02:00

78 lines
2.8 KiB
PHP
Raw Blame History

<?php
namespace App\Http\Controllers\Api\Client\Servers;
use App\Exceptions\Http\HttpForbiddenException;
use App\Http\Controllers\Api\Client\ClientApiController;
use App\Http\Requests\Api\Client\ClientApiRequest;
use App\Models\Permission;
use App\Models\Server;
use App\Services\Nodes\NodeJWTService;
use App\Services\Servers\GetUserPermissionsService;
use Carbon\CarbonImmutable;
use Dedoc\Scramble\Attributes\Group;
use Illuminate\Http\JsonResponse;
#[Group('Server - Websocket')]
class WebsocketController extends ClientApiController
{
/**
* WebsocketController constructor.
*/
public function __construct(
private NodeJWTService $jwtService,
private GetUserPermissionsService $permissionsService
) {
parent::__construct();
}
/**
* Get websocket token
*
* Generates a one-time token that is sent along in every websocket call to the Daemon.
* This is a signed JWT that the Daemon then uses to verify the user's identity, and
* allows us to continually renew this token and avoid users maintaining sessions wrongly,
* as well as ensure that user's only perform actions they're allowed to.
*/
public function __invoke(ClientApiRequest $request, Server $server): JsonResponse
{
$user = $request->user();
if ($user->cannot(Permission::ACTION_WEBSOCKET_CONNECT, $server)) {
throw new HttpForbiddenException('You do not have permission to connect to this server\'s websocket.');
}
$permissions = $this->permissionsService->handle($server, $user);
$node = $server->node;
if (!is_null($server->transfer)) {
// Check if the user has permissions to receive transfer logs.
if (!in_array('admin.websocket.transfer', $permissions)) {
throw new HttpForbiddenException('You do not have permission to view server transfer logs.');
}
// Redirect the websocket request to the new node if the server has been archived.
if ($server->transfer->archived) {
$node = $server->transfer->newNode;
}
}
$token = $this->jwtService
->setExpiresAt(CarbonImmutable::now()->addMinutes(10))
->setUser($request->user())
->setClaims([
'server_uuid' => $server->uuid,
'permissions' => $permissions,
])
->handle($node, $user->id . $server->uuid);
$socket = str_replace(['https://', 'http://'], ['wss://', 'ws://'], $node->getConnectionAddress());
return new JsonResponse([
'data' => [
'token' => $token->toString(),
'socket' => $socket . sprintf('/api/servers/%s/ws', $server->uuid),
],
]);
}
}
Reference in New Issue View Git Blame Copy Permalink