misc_pterodactyl-panel/app/Http/Middleware/Api/Client/SubstituteClientApiBindings.php

<?php

namespace Pterodactyl\Http\Middleware\Api\Client;

use Closure;
use Illuminate\Support\Str;
use Illuminate\Routing\Route;
use Pterodactyl\Models\Server;
use Illuminate\Container\Container;
use Illuminate\Database\Query\JoinClause;
use Illuminate\Contracts\Routing\Registrar;
use Pterodactyl\Contracts\Extensions\HashidsInterface;
use Illuminate\Database\Eloquent\ModelNotFoundException;

class SubstituteClientApiBindings
{
    private Registrar $router;

    public function __construct(Registrar $router)
    {
        $this->router = $router;
    }

    /**
     * Perform substitution of route parameters for the Client API.
     *
     * @param \Illuminate\Http\Request
     * @param \Closure $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        $this->router->bind('server', function ($value) {
            return Server::query()->where(Str::length($value) === 8 ? 'uuidShort' : 'uuid', $value)->firstOrFail();
        });

        $this->router->bind('allocation', function ($value, $route) {
            return $this->server($route)->allocations()->where('id', $value)->firstOrFail();
        });

        $this->router->bind('schedule', function ($value, $route) {
            return $this->server($route)->schedule()->where('id', $value)->firstOrFail();
        });

        $this->router->bind('database', function ($value, $route) {
            $id = Container::getInstance()->make(HashidsInterface::class)->decodeFirst($value);

            return $this->server($route)->where('id', $id)->firstOrFail();
        });

        $this->router->bind('backup', function ($value, $route) {
            return $this->server($route)->backups()->where('uuid', $value)->firstOrFail();
        });

        $this->router->bind('user', function ($value, $route) {
            // TODO: is this actually a valid binding for users on the server?
            return $this->server($route)->subusers()
                ->join('users', function (JoinClause $join) {
                    $join->on('subusers.user_id', 'users.id')
                        ->where('subusers.server_id', 'servers.id');
                })
                ->where('users.uuid', $value)
                ->firstOrFail();
        });

        try {
            /** @var \Illuminate\Routing\Route $route */
            $this->router->substituteBindings($route = $request->route());
        } catch (ModelNotFoundException $exception) {
            if (isset($route) && $route->getMissing()) {
                $route->getMissing()($request);
            }

            throw $exception;
        }

        return $next($request);
    }

    /**
     * Plucks the server model off the route. If no server model is present a
     * ModelNotFound exception will be thrown.
     *
     * @throws \Illuminate\Database\Eloquent\ModelNotFoundException
     */
    private function server(Route $route): Server
    {
        $server = $route->parameter('server');
        if (!$server instanceof Server) {
            throw (new ModelNotFoundException())->setModel(Server::class, [$route->parameter('server')]);
        }

        return $server;
    }
}
Add base routes for managing servers as a client 2018-02-28 03:28:43 +00:00			`<?php`

			`namespace Pterodactyl\Http\Middleware\Api\Client;`

			`use Closure;`
Improve client API route model binding and prevent accidental route access without valid model binds 2021-08-05 05:20:43 +00:00			`use Illuminate\Support\Str;`
			`use Illuminate\Routing\Route;`
			`use Pterodactyl\Models\Server;`
Add base routes for managing servers as a client 2018-02-28 03:28:43 +00:00			`use Illuminate\Container\Container;`
Improve client API route model binding and prevent accidental route access without valid model binds 2021-08-05 05:20:43 +00:00			`use Illuminate\Database\Query\JoinClause;`
			`use Illuminate\Contracts\Routing\Registrar;`
Push beginning of DB deletion stuff 2018-08-25 21:43:21 +00:00			`use Pterodactyl\Contracts\Extensions\HashidsInterface;`
Improve client API route model binding and prevent accidental route access without valid model binds 2021-08-05 05:20:43 +00:00			`use Illuminate\Database\Eloquent\ModelNotFoundException;`
Add base routes for managing servers as a client 2018-02-28 03:28:43 +00:00
Improve client API route model binding and prevent accidental route access without valid model binds 2021-08-05 05:20:43 +00:00			`class SubstituteClientApiBindings`
Add base routes for managing servers as a client 2018-02-28 03:28:43 +00:00			`{`
Improve client API route model binding and prevent accidental route access without valid model binds 2021-08-05 05:20:43 +00:00			`private Registrar $router;`

			`public function __construct(Registrar $router)`
			`{`
			`$this->router = $router;`
			`}`

Add base routes for managing servers as a client 2018-02-28 03:28:43 +00:00			`/**`
Improve client API route model binding and prevent accidental route access without valid model binds 2021-08-05 05:20:43 +00:00			`* Perform substitution of route parameters for the Client API.`
Use more standardized phpcs 2021-01-23 20:33:34 +00:00			`*`
Improve client API route model binding and prevent accidental route access without valid model binds 2021-08-05 05:20:43 +00:00			`* @param \Illuminate\Http\Request`
			`* @param \Closure $next`
Add base routes for managing servers as a client 2018-02-28 03:28:43 +00:00			`* @return mixed`
			`*/`
			`public function handle($request, Closure $next)`
			`{`
Improve client API route model binding and prevent accidental route access without valid model binds 2021-08-05 05:20:43 +00:00			`$this->router->bind('server', function ($value) {`
			`return Server::query()->where(Str::length($value) === 8 ? 'uuidShort' : 'uuid', $value)->firstOrFail();`
			`});`

			`$this->router->bind('allocation', function ($value, $route) {`
			`return $this->server($route)->allocations()->where('id', $value)->firstOrFail();`
			`});`

			`$this->router->bind('schedule', function ($value, $route) {`
			`return $this->server($route)->schedule()->where('id', $value)->firstOrFail();`
Add base routes for managing servers as a client 2018-02-28 03:28:43 +00:00			`});`

Improve client API route model binding and prevent accidental route access without valid model binds 2021-08-05 05:20:43 +00:00			`$this->router->bind('database', function ($value, $route) {`
Update allocations to support ids; protect endpoints; support notes 2020-07-10 03:36:08 +00:00			`$id = Container::getInstance()->make(HashidsInterface::class)->decodeFirst($value);`
Push beginning of DB deletion stuff 2018-08-25 21:43:21 +00:00
Improve client API route model binding and prevent accidental route access without valid model binds 2021-08-05 05:20:43 +00:00			`return $this->server($route)->where('id', $id)->firstOrFail();`
Push beginning of DB deletion stuff 2018-08-25 21:43:21 +00:00			`});`

Improve client API route model binding and prevent accidental route access without valid model binds 2021-08-05 05:20:43 +00:00			`$this->router->bind('backup', function ($value, $route) {`
			`return $this->server($route)->backups()->where('uuid', $value)->firstOrFail();`
Add support for generating a signed URL for downloading a file from the daemon 2020-04-05 02:54:59 +00:00			`});`

Improve client API route model binding and prevent accidental route access without valid model binds 2021-08-05 05:20:43 +00:00			`$this->router->bind('user', function ($value, $route) {`
			`// TODO: is this actually a valid binding for users on the server?`
			`return $this->server($route)->subusers()`
			`->join('users', function (JoinClause $join) {`
			`$join->on('subusers.user_id', 'users.id')`
			`->where('subusers.server_id', 'servers.id');`
			`})`
			`->where('users.uuid', $value)`
			`->firstOrFail();`
Code cleanup for subuser API endpoints; closes #2247 2020-08-20 03:21:12 +00:00			`});`

Improve client API route model binding and prevent accidental route access without valid model binds 2021-08-05 05:20:43 +00:00			`try {`
			`/** @var \Illuminate\Routing\Route $route */`
			`$this->router->substituteBindings($route = $request->route());`
			`} catch (ModelNotFoundException $exception) {`
			`if (isset($route) && $route->getMissing()) {`
			`$route->getMissing()($request);`
			`}`

			`throw $exception;`
			`}`

			`return $next($request);`
			`}`

			`/**`
			`* Plucks the server model off the route. If no server model is present a`
			`* ModelNotFound exception will be thrown.`
			`*`
			`* @throws \Illuminate\Database\Eloquent\ModelNotFoundException`
			`*/`
			`private function server(Route $route): Server`
			`{`
			`$server = $route->parameter('server');`
			`if (!$server instanceof Server) {`
			`throw (new ModelNotFoundException())->setModel(Server::class, [$route->parameter('server')]);`
			`}`

			`return $server;`
Add base routes for managing servers as a client 2018-02-28 03:28:43 +00:00			`}`
			`}`