Client API Key

Development

app/Classes/Settings/System.php

@@ -36,6 +36,7 @@ class System
             "server-limit-purchase" => "required|min:0|integer",
             "pterodactyl-api-key" => "required|string",
             "pterodactyl-url" => "required|string",
+            "pterodactyl-admin-api-key" => "required|string",
 
         ]);
         if ($validator->fails()) {
@@ -65,6 +66,7 @@ class System
             "SETTINGS::SYSTEM:PTERODACTYL:URL" => "pterodactyl-url",
             "SETTINGS::SYSTEM:PTERODACTYL:TOKEN" => "pterodactyl-api-key",
             "SETTINGS::SYSTEM:ENABLE_LOGIN_LOGO" => "enable-login-logo",
+            "SETTINGS::SYSTEM:PTERODACTYL:ADMIN_USER_TOKEN" => "pterodactyl-admin-api-key",
         ];
 
 

database/migrations/2022_08_11_125502_ptero_client_key.php

@@ -0,0 +1,36 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Schema;
+
+class PteroClientKey extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        // Insert some stuff
+        DB::table('settings')->insert(
+            array(
+                'key' => 'SETTINGS::SYSTEM:PTERODACTYL:ADMIN_USER_TOKEN',
+                'type' => 'string',
+                'description' => 'The Client API Key of an Pterodactyl Admin Account',
+            )
+        );
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        //
+    }
+}

public/install/forms.php

@@ -149,11 +149,28 @@ if (isset($_POST['checkSMTP'])) {
 if (isset($_POST['checkPtero'])) {
     $url = $_POST['url'];
     $key = $_POST['key'];
+    $clientkey = $_POST['clientkey'];
 
     if (substr($url, -1) === "/") {
         $url = substr_replace($url, "", -1);
     }
 
+    $callpteroURL = $url . "/api/client/account";
+    $call = curl_init();
+
+    curl_setopt($call, CURLOPT_URL, $callpteroURL);
+    curl_setopt($call, CURLOPT_RETURNTRANSFER, true);
+    curl_setopt($call, CURLOPT_HTTPHEADER, array(
+        "Accept: application/json",
+        "Content-Type: application/json",
+        "Authorization: Bearer " . $clientkey
+    ));
+    $callresponse = curl_exec($call);
+    $callresult = json_decode($callresponse, true);
+    curl_close($call); // Close the connection
+
+
+
 
     $pteroURL = $url . "/api/application/users";
     $ch = curl_init();
@@ -172,11 +189,17 @@ if (isset($_POST['checkPtero'])) {
 
     if (!is_array($result) or in_array($result["errors"][0]["code"], $result)) {
         header("LOCATION: index.php?step=5&message=Couldnt connect to Pterodactyl. Make sure your API key has all read and write permissions!");
+        wh_log("API CALL ERROR: ".$result["errors"][0]["code"]);
+        die();
+    }elseif (!is_array($callresult) or in_array($result["errors"][0]["code"], $result) or $callresult["attributes"]["admin"] == false) {
+        header("LOCATION: index.php?step=5&message=Your ClientAPI Key is wrong or the account is not an admin!");
+        wh_log("API CALL ERROR: ".$result["errors"][0]["code"]);
         die();
     } else {
 
         $query1 = "UPDATE `" . getEnvironmentValue("DB_DATABASE") . "`.`settings` SET `value` = '$url' WHERE (`key` = 'SETTINGS::SYSTEM:PTERODACTYL:URL')";
         $query2 = "UPDATE `" . getEnvironmentValue("DB_DATABASE") . "`.`settings` SET `value` = '$key' WHERE (`key` = 'SETTINGS::SYSTEM:PTERODACTYL:TOKEN')";
+        $query3 = "UPDATE `" . getEnvironmentValue("DB_DATABASE") . "`.`settings` SET `value` = '$clientkey' WHERE (`key` = 'SETTINGS::SYSTEM:PTERODACTYL:ADMIN_USER_TOKEN')";
 
 
         $db = new mysqli(getEnvironmentValue("DB_HOST"), getEnvironmentValue("DB_USERNAME"), getEnvironmentValue("DB_PASSWORD"), getEnvironmentValue("DB_DATABASE"), getEnvironmentValue("DB_PORT"));
@@ -186,7 +209,7 @@ if (isset($_POST['checkPtero'])) {
             die();
         }
 
-        if ($db->query($query1) && $db->query($query2)) {
+        if ($db->query($query1) && $db->query($query2) && $db->query($query3)) {
             header("LOCATION: index.php?step=6");
         } else {
             wh_log($db->error);

public/install/index.php

@@ -365,13 +365,22 @@ echo $cardheader;
                             </div>
                             <div class="form-group">
                                 <div class="custom-control mb-3">
-                                    <label for="key">Pterodactyl API-Key</label>
+                                    <label for="key">Pterodactyl API-Key (found here: https://your.ptero.com/admin/api)</label>
                                     <input id="key" name="key" type="text"
                                            required
                                            value="" class="form-control"
                                            placeholder="The Key needs ALL read&write Permissions!">
                                 </div>
                             </div>
+                            <div class="form-group">
+                                <div class="custom-control mb-3">
+                                    <label for="clientkey">Pterodactyl Admin-User API-Key (https://your.ptero.com/account/api)</label>
+                                    <input id="clientkey" name="clientkey" type="text"
+                                           required
+                                           value="" class="form-control"
+                                           placeholder="Your Account needs to be an Admin!">
+                                </div>
+                            </div>
 
 
                         </div>

resources/views/admin/settings/tabs/system.blade.php

@@ -81,7 +81,17 @@
                             type="text" value="{{ config('SETTINGS::SYSTEM:PTERODACTYL:TOKEN') }}"
                             class="form-control @error('pterodactyl-api-key') is-invalid @enderror" required>
                     </div>
-
+                    <div class="custom-control p-0 mb-3">
+                        <div class="col m-0 p-0 d-flex justify-content-between align-items-center">
+                            <label for="pterodactyl-admin-api-key">{{ __('Pterodactyl Admin-Account API Key') }}</label>
+                            <i data-toggle="popover" data-trigger="hover" data-html="true"
+                               data-content="{{ __('Enter the Client-API Key to a Pterodactyl-Admin-User here.') }}"
+                               class="fas fa-info-circle"></i>
+                        </div>
+                        <input x-model="pterodactyl-admin-api-key" id="pterodactyl-admin-api-key" name="pterodactyl-admin-api-key"
+                               type="text" value="{{ config('SETTINGS::SYSTEM:PTERODACTYL:ADMIN_USER_TOKEN') }}"
+                               class="form-control @error('pterodactyl-admin-api-key') is-invalid @enderror" required>
+                    </div>
                 </div>
 
             </div>