67 lines
2.1 KiB
Go
67 lines
2.1 KiB
Go
|
package router
|
||
|
|
||
|
import (
|
||
|
"github.com/gin-gonic/gin"
|
||
|
"github.com/google/uuid"
|
||
|
"github.com/pterodactyl/wings/config"
|
||
|
"github.com/pterodactyl/wings/server"
|
||
|
"net/http"
|
||
|
"strings"
|
||
|
)
|
||
|
|
||
|
// Set the access request control headers on all of the requests.
|
||
|
func SetAccessControlHeaders(c *gin.Context) {
|
||
|
c.Header("Access-Control-Allow-Origin", config.Get().PanelLocation)
|
||
|
c.Header("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
|
||
|
c.Next()
|
||
|
}
|
||
|
|
||
|
// Authenticates the request token against the given permission string, ensuring that
|
||
|
// if it is a server permission, the token has control over that server. If it is a global
|
||
|
// token, this will ensure that the request is using a properly signed global token.
|
||
|
func AuthorizationMiddleware(c *gin.Context) {
|
||
|
auth := strings.SplitN(c.GetHeader("Authorization"), " ", 2)
|
||
|
|
||
|
if len(auth) != 2 || auth[0] != "Bearer" {
|
||
|
c.Header("WWW-Authenticate", "Bearer")
|
||
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
|
||
|
"error": "The required authorization heads were not present in the request.",
|
||
|
})
|
||
|
|
||
|
return
|
||
|
}
|
||
|
|
||
|
// Try to match the request against the global token for the Daemon, regardless
|
||
|
// of the permission type. If nothing is matched we will fall through to the Panel
|
||
|
// API to try and validate permissions for a server.
|
||
|
if auth[1] == config.Get().AuthenticationToken {
|
||
|
c.Next()
|
||
|
|
||
|
return
|
||
|
}
|
||
|
|
||
|
c.AbortWithStatusJSON(http.StatusForbidden, gin.H{
|
||
|
"error": "You are not authorized to access this endpoint.",
|
||
|
})
|
||
|
}
|
||
|
|
||
|
// Helper function to fetch a server out of the servers collection stored in memory.
|
||
|
func GetServer (uuid string) *server.Server {
|
||
|
return server.GetServers().Find(func(s *server.Server) bool {
|
||
|
return uuid == s.Uuid
|
||
|
})
|
||
|
}
|
||
|
|
||
|
// Ensure that the requested server exists in this setup. Returns a 404 if we cannot
|
||
|
// locate it.
|
||
|
func ServerExists(c *gin.Context) {
|
||
|
u, err := uuid.Parse(c.Param("server"))
|
||
|
if err != nil || GetServer(u.String()) == nil {
|
||
|
c.AbortWithStatusJSON(http.StatusNotFound, gin.H{
|
||
|
"error": "The requested server does not exist.",
|
||
|
})
|
||
|
return
|
||
|
}
|
||
|
|
||
|
c.Next()
|
||
|
}
|