misc_pterodactyl-panel/app/Http/Controllers/Api/Remote/SftpAuthenticationController.php

97 lines
3.3 KiB
PHP
Raw Normal View History

<?php
2018-01-20 01:58:57 +00:00
namespace Pterodactyl\Http\Controllers\Api\Remote;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
use Illuminate\Http\JsonResponse;
use Pterodactyl\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
use Pterodactyl\Services\Sftp\AuthenticateUsingPasswordService;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
2018-01-20 02:01:56 +00:00
use Pterodactyl\Http\Requests\Api\Remote\SftpAuthenticationFormRequest;
2019-12-08 00:14:04 +00:00
class SftpAuthenticationController extends Controller
{
use ThrottlesLogins;
/**
* @var \Pterodactyl\Services\Sftp\AuthenticateUsingPasswordService
*/
private $authenticationService;
/**
* SftpController constructor.
*
* @param \Pterodactyl\Services\Sftp\AuthenticateUsingPasswordService $authenticationService
*/
public function __construct(AuthenticateUsingPasswordService $authenticationService)
{
$this->authenticationService = $authenticationService;
}
/**
* Authenticate a set of credentials and return the associated server details
* for a SFTP connection on the daemon.
*
2018-01-20 02:01:56 +00:00
* @param \Pterodactyl\Http\Requests\Api\Remote\SftpAuthenticationFormRequest $request
* @return \Illuminate\Http\JsonResponse
*
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
*/
2019-12-08 00:14:04 +00:00
public function __invoke(SftpAuthenticationFormRequest $request): JsonResponse
{
2019-12-08 00:14:04 +00:00
// Reverse the string to avoid issues with usernames that contain periods.
$parts = explode('.', strrev($request->input('username')), 2);
2019-12-08 00:14:04 +00:00
// Unreverse the strings after parsing them apart.
$connection = [
'username' => strrev(array_get($parts, 1)),
'server' => strrev(array_get($parts, 0)),
];
$this->incrementLoginAttempts($request);
if ($this->hasTooManyLoginAttempts($request)) {
return response()->json([
'error' => 'Logins throttled.',
], Response::HTTP_TOO_MANY_REQUESTS);
}
try {
$data = $this->authenticationService->handle(
$connection['username'],
$request->input('password'),
object_get($request->attributes->get('node'), 'id', 0),
empty($connection['server']) ? null : $connection['server']
);
$this->clearLoginAttempts($request);
} catch (BadRequestHttpException $exception) {
return response()->json([
'error' => 'The server you are trying to access is not installed or is suspended.',
], Response::HTTP_BAD_REQUEST);
} catch (RecordNotFoundException $exception) {
return response()->json([
'error' => 'Unable to locate a resource using the username and password provided.',
], Response::HTTP_NOT_FOUND);
}
return response()->json($data);
}
/**
* Get the throttle key for the given request.
*
* @param \Illuminate\Http\Request $request
* @return string
*/
protected function throttleKey(Request $request)
{
2019-12-08 00:14:04 +00:00
$username = explode('.', strrev($request->input('username', '')));
return strtolower(strrev($username[0] ?? '') . '|' . $request->ip());
}
}