From 050075b8359536996a32badb2f86c54d5ef131c4 Mon Sep 17 00:00:00 2001
From: Matthew Penner <me@matthewp.io>
Date: Sat, 17 Oct 2020 14:37:18 -0600
Subject: [PATCH] Cleanup code in MountController.php

---
 .../Controllers/Admin/MountController.php     | 54 ++++++++-----------
 app/Models/Mount.php                          | 20 +++++++
 2 files changed, 41 insertions(+), 33 deletions(-)

diff --git a/app/Http/Controllers/Admin/MountController.php b/app/Http/Controllers/Admin/MountController.php
index 1985f9396..ce5dbc859 100644
--- a/app/Http/Controllers/Admin/MountController.php
+++ b/app/Http/Controllers/Admin/MountController.php
@@ -3,6 +3,7 @@
 namespace Pterodactyl\Http\Controllers\Admin;
 
 use Ramsey\Uuid\Uuid;
+use Illuminate\Support\Str;
 use Illuminate\Http\Request;
 use Pterodactyl\Models\Nest;
 use Pterodactyl\Models\Mount;
@@ -101,28 +102,21 @@ class MountController extends Controller
      */
     public function create(MountFormRequest $request)
     {
-        /** @var \Pterodactyl\Models\Mount $mount */
         $model = (new Mount())->fill($request->validated());
         $model->forceFill(['uuid' => Uuid::uuid4()->toString()]);
 
-        if (str_starts_with($model->source, '/etc/pterodactyl')) {
-            $this->alert->danger('Invalid source path: "/etc/pterodactyl" cannot be used as a source path.')->flash();
-            return redirect()->route('admin.mounts');
+        foreach (Mount::$invalidSourcePaths as $path) {
+            if (Str::startsWith($model->source, $path)) {
+                $this->alert->danger('"' . $path . '" cannot be used as a source path.')->flash();
+                return redirect()->route('admin.mounts');
+            }
         }
 
-        if (str_starts_with($model->source, '/var/lib/pterodactyl/volumes')) {
-            $this->alert->danger('Invalid source path: "/var/lib/pterodactyl/volumes" cannot be used as a source path.')->flash();
-            return redirect()->route('admin.mounts');
-        }
-
-        if (str_starts_with($model->source, '/srv/daemon-data')) {
-            $this->alert->danger('Invalid source path: "/srv/daemon-data" cannot be used as a source path.')->flash();
-            return redirect()->route('admin.mounts');
-        }
-
-        if (str_starts_with($model->target, '/home/container')) {
-            $this->alert->danger('Invalid target path: "/home/container" cannot be used as a target path.')->flash();
-            return redirect()->route('admin.mounts');
+        foreach (Mount::$invalidTargetPaths as $path) {
+            if (Str::startsWith($model->target, $path)) {
+                $this->alert->danger('"' . $path . '" cannot be used as a target path.')->flash();
+                return redirect()->route('admin.mounts');
+            }
         }
 
         $model->saveOrFail();
@@ -150,24 +144,18 @@ class MountController extends Controller
 
         $mount->forceFill($request->validated());
 
-        if (str_starts_with($mount->source, '/etc/pterodactyl')) {
-            $this->alert->danger('Invalid source path: "/etc/pterodactyl" cannot be used as a source path.')->flash();
-            return redirect()->route('admin.mounts.view', $mount->id);
+        foreach (Mount::$invalidSourcePaths as $path) {
+            if (Str::startsWith($mount->source, $path)) {
+                $this->alert->danger('"' . $path . '" cannot be used as a source path.')->flash();
+                return redirect()->route('admin.mounts.view', $mount->id);
+            }
         }
 
-        if (str_starts_with($mount->source, '/var/lib/pterodactyl/volumes')) {
-            $this->alert->danger('Invalid source path: "/var/lib/pterodactyl/volumes" cannot be used as a source path.')->flash();
-            return redirect()->route('admin.mounts.view', $mount->id);
-        }
-
-        if (str_starts_with($mount->source, '/srv/daemon-data')) {
-            $this->alert->danger('Invalid source path: "/srv/daemon-data" cannot be used as a source path.')->flash();
-            return redirect()->route('admin.mounts.view', $mount->id);
-        }
-
-        if (str_starts_with($mount->target, '/home/container')) {
-            $this->alert->danger('Invalid target path: "/home/container" cannot be used as a target path.')->flash();
-            return redirect()->route('admin.mounts.view', $mount->id);
+        foreach (Mount::$invalidTargetPaths as $path) {
+            if (Str::startsWith($mount->target, $path)) {
+                $this->alert->danger('"' . $path . '" cannot be used as a target path.')->flash();
+                return redirect()->route('admin.mounts.view', $mount->id);
+            }
         }
 
         $mount->save();
diff --git a/app/Models/Mount.php b/app/Models/Mount.php
index b69c0c78d..a77181d8e 100644
--- a/app/Models/Mount.php
+++ b/app/Models/Mount.php
@@ -70,6 +70,26 @@ class Mount extends Model
      */
     public $timestamps = false;
 
+    /**
+     * Blacklisted source paths
+     *
+     * @var string[]
+     */
+    public static $invalidSourcePaths = [
+        '/etc/pterodactyl',
+        '/var/lib/pterodactyl/volumes',
+        '/srv/daemon-data',
+    ];
+
+    /**
+     * Blacklisted target paths
+     *
+     * @var string[]
+     */
+    public static $invalidTargetPaths = [
+        '/home/container',
+    ];
+
     /**
      * Returns all eggs that have this mount assigned.
      *