Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Correctly validation API calls to mark a backup as completed

Browse source 
Also block modifying a backup that is already marked as completed via the endpoint
This commit is contained in:
Dane Everitt 2020-08-27 19:35:22 -07:00
parent e863683582
commit 4b919cabd2
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
2 changed files with 16 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
app/Http/Controllers/Api/Remote/Backups/BackupStatusController.php
View file

@ -7,6 +7,8 @@ use Carbon\CarbonImmutable;
use Illuminate\Http\JsonResponse; use Illuminate\Http\JsonResponse;
use Pterodactyl\Http\Controllers\Controller; use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Repositories\Eloquent\BackupRepository; use Pterodactyl\Repositories\Eloquent\BackupRepository;
use Pterodactyl\Exceptions\Http\HttpForbiddenException;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Pterodactyl\Http\Requests\Api\Remote\ReportBackupCompleteRequest; use Pterodactyl\Http\Requests\Api\Remote\ReportBackupCompleteRequest;
class BackupStatusController extends Controller class BackupStatusController extends Controller
@ -32,10 +34,21 @@ class BackupStatusController extends Controller
* @param \Pterodactyl\Http\Requests\Api\Remote\ReportBackupCompleteRequest $request * @param \Pterodactyl\Http\Requests\Api\Remote\ReportBackupCompleteRequest $request
* @param string $backup * @param string $backup
* @return \Illuminate\Http\JsonResponse * @return \Illuminate\Http\JsonResponse
*
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
*/ */
public function __invoke(ReportBackupCompleteRequest $request, string $backup) public function __invoke(ReportBackupCompleteRequest $request, string $backup)
{ {
$this->repository->updateWhere([['uuid', '=', $backup]], [ /** @var \Pterodactyl\Models\Backup $model */
$model = $this->repository->findFirstWhere([[ 'uuid', '=', $backup ]]);
if (!is_null($model->completed_at)) {
throw new BadRequestHttpException(
'Cannot update the status of a backup that is already marked as completed.'
);
}
$model->update([
'is_successful' => $request->input('successful') ? true : false, 'is_successful' => $request->input('successful') ? true : false,
'checksum' => $request->input('checksum_type') . ':' . $request->input('checksum'), 'checksum' => $request->input('checksum_type') . ':' . $request->input('checksum'),
'bytes' => $request->input('size'), 'bytes' => $request->input('size'),

4
app/Http/Requests/Api/Remote/ReportBackupCompleteRequest.php
View file

@ -12,9 +12,9 @@ class ReportBackupCompleteRequest extends FormRequest
public function rules() public function rules()
{ {
return [ return [
'successful' => 'boolean', 'successful' => 'present|boolean',
'checksum' => 'nullable|string|required_if:successful,true', 'checksum' => 'nullable|string|required_if:successful,true',
'checksum_type' => 'string|required_if:successful,true', 'checksum_type' => 'nullable|string|required_if:successful,true',
'size' => 'nullable|numeric|required_if:successful,true', 'size' => 'nullable|numeric|required_if:successful,true',
]; ];
} }