Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'develop' into permissions

Browse source
This commit is contained in:
Dane Everitt 2020-11-08 11:47:45 -08:00 committed by GitHub
commit 802f88fc78
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
21 changed files with 181 additions and 57 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
app/Http/Controllers/Api/Client/Servers/FileController.php
View file

@ -6,6 +6,7 @@ use Carbon\CarbonImmutable;
use Illuminate\Http\Response; use Illuminate\Http\Response;
use Pterodactyl\Models\Server; use Pterodactyl\Models\Server;
use Illuminate\Http\JsonResponse; use Illuminate\Http\JsonResponse;
use Illuminate\Support\Collection;
use Pterodactyl\Services\Nodes\NodeJWTService; use Pterodactyl\Services\Nodes\NodeJWTService;
use Illuminate\Contracts\Routing\ResponseFactory; use Illuminate\Contracts\Routing\ResponseFactory;
use Pterodactyl\Repositories\Wings\DaemonFileRepository; use Pterodactyl\Repositories\Wings\DaemonFileRepository;
@ -70,7 +71,7 @@ class FileController extends ClientApiController
{ {
$contents = $this->fileRepository $contents = $this->fileRepository
->setServer($server) ->setServer($server)
->getDirectory(urlencode(urldecode($request->get('directory') ?? '/'))); ->getDirectory($this->encode($request->get('directory') ?? '/'));
return $this->fractal->collection($contents) return $this->fractal->collection($contents)
->transformWith($this->getTransformer(FileObjectTransformer::class)) ->transformWith($this->getTransformer(FileObjectTransformer::class))
@ -91,7 +92,7 @@ class FileController extends ClientApiController
{ {
return new Response( return new Response(
$this->fileRepository->setServer($server)->getContent( $this->fileRepository->setServer($server)->getContent(
urlencode(urldecode($request->get('file'))), config('pterodactyl.files.max_edit_size') $this->encode($request->get('file')), config('pterodactyl.files.max_edit_size')
), ),
Response::HTTP_OK, Response::HTTP_OK,
['Content-Type' => 'text/plain'] ['Content-Type' => 'text/plain']
@ -113,7 +114,7 @@ class FileController extends ClientApiController
$token = $this->jwtService $token = $this->jwtService
->setExpiresAt(CarbonImmutable::now()->addMinutes(15)) ->setExpiresAt(CarbonImmutable::now()->addMinutes(15))
->setClaims([ ->setClaims([
'file_path' => $request->get('file'), 'file_path' => rawurldecode($request->get('file')),
'server_uuid' => $server->uuid, 'server_uuid' => $server->uuid,
]) ])
->handle($server->node, $request->user()->id . $server->uuid); ->handle($server->node, $request->user()->id . $server->uuid);
@ -142,7 +143,7 @@ class FileController extends ClientApiController
public function write(WriteFileContentRequest $request, Server $server): JsonResponse public function write(WriteFileContentRequest $request, Server $server): JsonResponse
{ {
$this->fileRepository->setServer($server)->putContent( $this->fileRepository->setServer($server)->putContent(
$request->get('file'), $this->encode($request->get('file')),
$request->getContent() $request->getContent()
); );
@ -261,4 +262,18 @@ class FileController extends ClientApiController
return new JsonResponse([], Response::HTTP_NO_CONTENT); return new JsonResponse([], Response::HTTP_NO_CONTENT);
} }
/**
* Encodes a given file name & path in a format that should work for a good majority
* of file names without too much confusing logic.
*
* @param string $path
* @return string
*/
private function encode(string $path): string
{
return Collection::make(explode('/', rawurldecode($path)))->map(function ($value) {
return rawurlencode($value);
})->join('/');
}
} }

52
app/Http/Controllers/Api/Client/Servers/SubuserController.php
View file

@ -3,15 +3,16 @@
namespace Pterodactyl\Http\Controllers\Api\Client\Servers; namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Pterodactyl\Models\User;
use Pterodactyl\Models\Server; use Pterodactyl\Models\Server;
use Pterodactyl\Models\Subuser;
use Illuminate\Http\JsonResponse; use Illuminate\Http\JsonResponse;
use Pterodactyl\Models\Permission; use Pterodactyl\Models\Permission;
use Illuminate\Support\Facades\Log;
use Pterodactyl\Repositories\Eloquent\SubuserRepository; use Pterodactyl\Repositories\Eloquent\SubuserRepository;
use Pterodactyl\Services\Subusers\SubuserCreationService; use Pterodactyl\Services\Subusers\SubuserCreationService;
use Pterodactyl\Repositories\Wings\DaemonServerRepository;
use Pterodactyl\Transformers\Api\Client\SubuserTransformer; use Pterodactyl\Transformers\Api\Client\SubuserTransformer;
use Pterodactyl\Http\Controllers\Api\Client\ClientApiController; use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
use Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException;
use Pterodactyl\Http\Requests\Api\Client\Servers\Subusers\GetSubuserRequest; use Pterodactyl\Http\Requests\Api\Client\Servers\Subusers\GetSubuserRequest;
use Pterodactyl\Http\Requests\Api\Client\Servers\Subusers\StoreSubuserRequest; use Pterodactyl\Http\Requests\Api\Client\Servers\Subusers\StoreSubuserRequest;
use Pterodactyl\Http\Requests\Api\Client\Servers\Subusers\DeleteSubuserRequest; use Pterodactyl\Http\Requests\Api\Client\Servers\Subusers\DeleteSubuserRequest;
@ -29,20 +30,28 @@ class SubuserController extends ClientApiController
*/ */
private $creationService; private $creationService;
/**
* @var \Pterodactyl\Repositories\Wings\DaemonServerRepository
*/
private $serverRepository;
/** /**
* SubuserController constructor. * SubuserController constructor.
* *
* @param \Pterodactyl\Repositories\Eloquent\SubuserRepository $repository * @param \Pterodactyl\Repositories\Eloquent\SubuserRepository $repository
* @param \Pterodactyl\Services\Subusers\SubuserCreationService $creationService * @param \Pterodactyl\Services\Subusers\SubuserCreationService $creationService
* @param \Pterodactyl\Repositories\Wings\DaemonServerRepository $serverRepository
*/ */
public function __construct( public function __construct(
SubuserRepository $repository, SubuserRepository $repository,
SubuserCreationService $creationService SubuserCreationService $creationService,
DaemonServerRepository $serverRepository
) { ) {
parent::__construct(); parent::__construct();
$this->repository = $repository; $this->repository = $repository;
$this->creationService = $creationService; $this->creationService = $creationService;
$this->serverRepository = $serverRepository;
} }
/** /**
@ -101,19 +110,38 @@ class SubuserController extends ClientApiController
* Update a given subuser in the system for the server. * Update a given subuser in the system for the server.
* *
* @param \Pterodactyl\Http\Requests\Api\Client\Servers\Subusers\UpdateSubuserRequest $request * @param \Pterodactyl\Http\Requests\Api\Client\Servers\Subusers\UpdateSubuserRequest $request
* @param \Pterodactyl\Models\Server $server
* @return array * @return array
* *
* @throws \Pterodactyl\Exceptions\Model\DataValidationException * @throws \Pterodactyl\Exceptions\Model\DataValidationException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
*/ */
public function update(UpdateSubuserRequest $request): array public function update(UpdateSubuserRequest $request, Server $server): array
{ {
/** @var \Pterodactyl\Models\Subuser $subuser */ /** @var \Pterodactyl\Models\Subuser $subuser */
$subuser = $request->attributes->get('subuser'); $subuser = $request->attributes->get('subuser');
$this->repository->update($subuser->id, [ $permissions = $this->getDefaultPermissions($request);
'permissions' => $this->getDefaultPermissions($request), $current = $subuser->permissions;
]);
sort($permissions);
sort($current);
// Only update the database and hit up the Wings instance to invalidate JTI's if the permissions
// have actually changed for the user.
if ($permissions !== $current) {
$this->repository->update($subuser->id, [
'permissions' => $this->getDefaultPermissions($request),
]);
try {
$this->serverRepository->setServer($server)->revokeJTIs([md5($subuser->user_id . $server->uuid)]);
} catch (DaemonConnectionException $exception) {
// Don't block this request if we can't connect to the Wings instance. Chances are it is
// offline in this event and the token will be invalid anyways once Wings boots back.
Log::warning($exception, ['user_id' => $subuser->user_id, 'server_id' => $server->id]);
}
}
return $this->fractal->item($subuser->refresh()) return $this->fractal->item($subuser->refresh())
->transformWith($this->getTransformer(SubuserTransformer::class)) ->transformWith($this->getTransformer(SubuserTransformer::class))
@ -124,15 +152,23 @@ class SubuserController extends ClientApiController
* Removes a subusers from a server's assignment. * Removes a subusers from a server's assignment.
* *
* @param \Pterodactyl\Http\Requests\Api\Client\Servers\Subusers\DeleteSubuserRequest $request * @param \Pterodactyl\Http\Requests\Api\Client\Servers\Subusers\DeleteSubuserRequest $request
* @param \Pterodactyl\Models\Server $server
* @return \Illuminate\Http\JsonResponse * @return \Illuminate\Http\JsonResponse
*/ */
public function delete(DeleteSubuserRequest $request) public function delete(DeleteSubuserRequest $request, Server $server)
{ {
/** @var \Pterodactyl\Models\Subuser $subuser */ /** @var \Pterodactyl\Models\Subuser $subuser */
$subuser = $request->attributes->get('subuser'); $subuser = $request->attributes->get('subuser');
$this->repository->delete($subuser->id); $this->repository->delete($subuser->id);
try {
$this->serverRepository->setServer($server)->revokeJTIs([md5($subuser->user_id . $server->uuid)]);
} catch (DaemonConnectionException $exception) {
// Don't block this request if we can't connect to the Wings instance.
Log::warning($exception, ['user_id' => $subuser->user_id, 'server_id' => $server->id]);
}
return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT); return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
} }

2
app/Http/Controllers/Api/Client/Servers/WebsocketController.php
View file

@ -59,7 +59,7 @@ class WebsocketController extends ClientApiController
} }
$token = $this->jwtService $token = $this->jwtService
->setExpiresAt(CarbonImmutable::now()->addMinutes(15)) ->setExpiresAt(CarbonImmutable::now()->addMinutes(10))
->setClaims([ ->setClaims([
'user_id' => $request->user()->id, 'user_id' => $request->user()->id,
'server_uuid' => $server->uuid, 'server_uuid' => $server->uuid,

2
app/Models/Permission.php
View file

@ -163,7 +163,7 @@ class Permission extends Model
'allocation' => [ 'allocation' => [
'description' => 'Permissions that control a user\'s ability to modify the port allocations for this server.', 'description' => 'Permissions that control a user\'s ability to modify the port allocations for this server.',
'keys' => [ 'keys' => [
'read' => 'Allows a user to view the allocations assigned to this server.', 'read' => 'Allows a user to view all allocations currently assigned to this server. Users with any level of access to this server can always view the primary allocation.',
'create' => 'Allows a user to assign additional allocations to the server.', 'create' => 'Allows a user to assign additional allocations to the server.',
'update' => 'Allows a user to change the primary server allocation and attach notes to each allocation.', 'update' => 'Allows a user to change the primary server allocation and attach notes to each allocation.',
'delete' => 'Allows a user to delete an allocation from the server.', 'delete' => 'Allows a user to delete an allocation from the server.',

28
app/Repositories/Wings/DaemonServerRepository.php
View file

@ -126,11 +126,10 @@ class DaemonServerRepository extends DaemonRepository
} }
/** /**
* Requests the daemon to create a full archive of the server. * Requests the daemon to create a full archive of the server. Once the daemon is finished
* Once the daemon is finished they will send a POST request to * they will send a POST request to "/api/remote/servers/{uuid}/archive" with a boolean.
* "/api/remote/servers/{uuid}/archive" with a boolean.
* *
* @throws DaemonConnectionException * @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException
*/ */
public function requestArchive(): void public function requestArchive(): void
{ {
@ -144,4 +143,25 @@ class DaemonServerRepository extends DaemonRepository
throw new DaemonConnectionException($exception); throw new DaemonConnectionException($exception);
} }
} }
/**
* Revokes an array of JWT JTI's by marking any token generated before the current time on
* the Wings instance as being invalid.
*
* @param array $jtis
* @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException
*/
public function revokeJTIs(array $jtis): void
{
Assert::isInstanceOf($this->server, Server::class);
try {
$this->getHttpClient()
->post(sprintf('/api/servers/%s/ws/deny', $this->server->uuid), [
'json' => ['jtis' => $jtis],
]);
} catch (TransferException $exception) {
throw new DaemonConnectionException($exception);
}
}
} }

2
app/Services/Nodes/NodeJWTService.php
View file

@ -55,7 +55,7 @@ class NodeJWTService
$builder = (new Builder)->issuedBy(config('app.url')) $builder = (new Builder)->issuedBy(config('app.url'))
->permittedFor($node->getConnectionAddress()) ->permittedFor($node->getConnectionAddress())
->identifiedBy(hash('sha256', $identifiedBy), true) ->identifiedBy(md5($identifiedBy), true)
->issuedAt(CarbonImmutable::now()->getTimestamp()) ->issuedAt(CarbonImmutable::now()->getTimestamp())
->canOnlyBeUsedAfter(CarbonImmutable::now()->subMinutes(5)->getTimestamp()); ->canOnlyBeUsedAfter(CarbonImmutable::now()->subMinutes(5)->getTimestamp());

20
app/Transformers/Api/Client/ServerTransformer.php
View file

@ -83,15 +83,23 @@ class ServerTransformer extends BaseClientTransformer
*/ */
public function includeAllocations(Server $server) public function includeAllocations(Server $server)
{ {
$transformer = $this->makeTransformer(AllocationTransformer::class);
// While we include this permission, we do need to actually handle it slightly different here
// for the purpose of keeping things functionally working. If the user doesn't have read permissions
// for the allocations we'll only return the primary server allocation, and any notes associated
// with it will be hidden.
//
// This allows us to avoid too much permission regression, without also hiding information that
// is generally needed for the frontend to make sense when browsing or searching results.
if (! $this->getUser()->can(Permission::ACTION_ALLOCATION_READ, $server)) { if (! $this->getUser()->can(Permission::ACTION_ALLOCATION_READ, $server)) {
return $this->null(); $primary = clone $server->allocation;
$primary->notes = null;
return $this->collection([$primary], $transformer, Allocation::RESOURCE_NAME);
} }
return $this->collection( return $this->collection($server->allocations, $transformer, Allocation::RESOURCE_NAME);
$server->allocations,
$this->makeTransformer(AllocationTransformer::class),
Allocation::RESOURCE_NAME
);
} }
/** /**

13
docker/entrypoint.sh
View file

@ -20,10 +20,15 @@ else
touch /app/var/.env touch /app/var/.env
## manually generate a key because key generate --force fails ## manually generate a key because key generate --force fails
echo -e "Generating key." if [ -z $APP_KEY ]; then
APP_KEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) echo -e "Generating key."
echo -e "Generated app key: $APP_KEY" APP_KEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
echo -e "APP_KEY=$APP_KEY" > /app/var/.env echo -e "Generated app key: $APP_KEY"
echo -e "APP_KEY=$APP_KEY" > /app/var/.env
else
echo -e "APP_KEY exists in environment, using that."
echo -e "APP_KEY=$APP_KEY" > /app/var/.env
fi
ln -s /app/var/.env /app/ ln -s /app/var/.env /app/
fi fi

2
resources/scripts/api/server/files/getFileContents.ts
View file

@ -3,7 +3,7 @@ import http from '@/api/http';
export default (server: string, file: string): Promise<string> => { export default (server: string, file: string): Promise<string> => {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
http.get(`/api/client/servers/${server}/files/contents`, { http.get(`/api/client/servers/${server}/files/contents`, {
params: { file: file.split('/').map(item => encodeURIComponent(item)).join('/') }, params: { file: encodeURI(decodeURI(file)) },
transformResponse: res => res, transformResponse: res => res,
responseType: 'text', responseType: 'text',
}) })

2
resources/scripts/api/server/files/loadDirectory.ts
View file

@ -17,7 +17,7 @@ export interface FileObject {
export default async (uuid: string, directory?: string): Promise<FileObject[]> => { export default async (uuid: string, directory?: string): Promise<FileObject[]> => {
const { data } = await http.get(`/api/client/servers/${uuid}/files/list`, { const { data } = await http.get(`/api/client/servers/${uuid}/files/list`, {
params: { directory: directory?.split('/').map(item => encodeURIComponent(item)).join('/') }, params: { directory: encodeURI(directory ?? '/') },
}); });
return (data.data || []).map(rawDataToFileObject); return (data.data || []).map(rawDataToFileObject);

2
resources/scripts/api/server/files/saveFileContents.ts
View file

@ -2,7 +2,7 @@ import http from '@/api/http';
export default async (uuid: string, file: string, content: string): Promise<void> => { export default async (uuid: string, file: string, content: string): Promise<void> => {
await http.post(`/api/client/servers/${uuid}/files/write`, content, { await http.post(`/api/client/servers/${uuid}/files/write`, content, {
params: { file }, params: { file: encodeURI(decodeURI(file)) },
headers: { headers: {
'Content-Type': 'text/plain', 'Content-Type': 'text/plain',
}, },

9
resources/scripts/components/server/WebsocketHandler.tsx
View file

@ -7,6 +7,11 @@ import { CSSTransition } from 'react-transition-group';
import Spinner from '@/components/elements/Spinner'; import Spinner from '@/components/elements/Spinner';
import tw from 'twin.macro'; import tw from 'twin.macro';
const reconnectErrors = [
'jwt: exp claim is invalid',
'jwt: created too far in past (denylist)',
];
export default () => { export default () => {
let updatingToken = false; let updatingToken = false;
const [ error, setError ] = useState<'connecting' | string>(''); const [ error, setError ] = useState<'connecting' | string>('');
@ -64,7 +69,7 @@ export default () => {
setConnectionState(false); setConnectionState(false);
console.warn('JWT validation error from wings:', error); console.warn('JWT validation error from wings:', error);
if (error === 'jwt: exp claim is invalid') { if (reconnectErrors.find(v => error.toLowerCase().indexOf(v) >= 0)) {
updateToken(uuid, socket); updateToken(uuid, socket);
} else { } else {
setError('There was an error validating the credentials provided for the websocket. Please refresh the page.'); setError('There was an error validating the credentials provided for the websocket. Please refresh the page.');
@ -95,7 +100,7 @@ export default () => {
</p> </p>
</> </>
: :
<p css={tw`ml-2 text-sm text-red-100`}> <p css={tw`ml-2 text-sm text-white`}>
{error} {error}
</p> </p>
} }

2
resources/scripts/components/server/files/FileEditContainer.tsx
View file

@ -61,7 +61,7 @@ export default () => {
setLoading(true); setLoading(true);
clearFlashes('files:view'); clearFlashes('files:view');
fetchFileContent() fetchFileContent()
.then(content => saveFileContents(uuid, encodeURIComponent(name || hash.replace(/^#/, '')), content)) .then(content => saveFileContents(uuid, name || hash.replace(/^#/, ''), content))
.then(() => { .then(() => {
if (name) { if (name) {
history.push(`/server/${id}/files/edit#/${name}`); history.push(`/server/${id}/files/edit#/${name}`);

6
resources/scripts/components/server/files/FileManagerBreadcrumbs.tsx
View file

@ -33,10 +33,10 @@ export default ({ withinFileEditor, isNewFile }: Props) => {
.filter(directory => !!directory) .filter(directory => !!directory)
.map((directory, index, dirs) => { .map((directory, index, dirs) => {
if (!withinFileEditor && index === dirs.length - 1) { if (!withinFileEditor && index === dirs.length - 1) {
return { name: decodeURIComponent(encodeURIComponent(directory)) }; return { name: directory };
} }
return { name: decodeURIComponent(encodeURIComponent(directory)), path: `/${dirs.slice(0, index + 1).join('/')}` }; return { name: directory, path: `/${dirs.slice(0, index + 1).join('/')}` };
}); });
const onSelectAllClick = (e: React.ChangeEvent<HTMLInputElement>) => { const onSelectAllClick = (e: React.ChangeEvent<HTMLInputElement>) => {
@ -79,7 +79,7 @@ export default ({ withinFileEditor, isNewFile }: Props) => {
} }
{file && {file &&
<React.Fragment> <React.Fragment>
<span css={tw`px-1 text-neutral-300`}>{decodeURIComponent(encodeURIComponent(file))}</span> <span css={tw`px-1 text-neutral-300`}>{decodeURI(file)}</span>
</React.Fragment> </React.Fragment>
} }
</div> </div>

2
resources/scripts/components/server/files/FileManagerContainer.tsx
View file

@ -36,7 +36,7 @@ export default () => {
useEffect(() => { useEffect(() => {
clearFlashes('files'); clearFlashes('files');
setSelectedFiles([]); setSelectedFiles([]);
setDirectory(hash.length > 0 ? hash : '/'); setDirectory(hash.length > 0 ? decodeURI(hash) : '/');
}, [ hash ]); }, [ hash ]);
useEffect(() => { useEffect(() => {

6
resources/scripts/components/server/files/FileObjectRow.tsx
View file

@ -24,6 +24,8 @@ const Clickable: React.FC<{ file: FileObject }> = memo(({ file, children }) => {
const history = useHistory(); const history = useHistory();
const match = useRouteMatch(); const match = useRouteMatch();
const destination = cleanDirectoryPath(`${directory}/${file.name}`).split('/').map(v => encodeURI(v)).join('/');
const onRowClick = (e: React.MouseEvent<HTMLAnchorElement, MouseEvent>) => { const onRowClick = (e: React.MouseEvent<HTMLAnchorElement, MouseEvent>) => {
// Don't rely on the onClick to work with the generated URL. Because of the way this // Don't rely on the onClick to work with the generated URL. Because of the way this
// component re-renders you'll get redirected into a nested directory structure since // component re-renders you'll get redirected into a nested directory structure since
@ -32,7 +34,7 @@ const Clickable: React.FC<{ file: FileObject }> = memo(({ file, children }) => {
// Just trust me future me, leave this be. // Just trust me future me, leave this be.
if (!file.isFile) { if (!file.isFile) {
e.preventDefault(); e.preventDefault();
history.push(`#${cleanDirectoryPath(`${directory}/${file.name}`)}`); history.push(`#${destination}`);
} }
}; };
@ -43,7 +45,7 @@ const Clickable: React.FC<{ file: FileObject }> = memo(({ file, children }) => {
</div> </div>
: :
<NavLink <NavLink
to={`${match.url}/${file.isFile ? 'edit/' : ''}#${cleanDirectoryPath(`${directory}/${file.name}`)}`} to={`${match.url}/${file.isFile ? 'edit/' : ''}#${destination}`}
css={tw`flex flex-1 text-neutral-300 no-underline p-3 overflow-hidden truncate`} css={tw`flex flex-1 text-neutral-300 no-underline p-3 overflow-hidden truncate`}
onClick={onRowClick} onClick={onRowClick}
> >

4
resources/scripts/components/server/files/NewDirectoryButton.tsx
View file

@ -92,9 +92,7 @@ export default ({ className }: WithClassname) => {
<span css={tw`text-neutral-200`}>This directory will be created as</span> <span css={tw`text-neutral-200`}>This directory will be created as</span>
&nbsp;/home/container/ &nbsp;/home/container/
<span css={tw`text-cyan-200`}> <span css={tw`text-cyan-200`}>
{decodeURIComponent(encodeURIComponent( {join(directory, values.directoryName).replace(/^(\.\.\/|\/)+/, '')}
join(directory, values.directoryName).replace(/^(\.\.\/|\/)+/, ''),
))}
</span> </span>
</p> </p>
<div css={tw`flex justify-end`}> <div css={tw`flex justify-end`}>

28
tests/Integration/Api/Client/ClientControllerTest.php
View file

@ -304,6 +304,34 @@ class ClientControllerTest extends ClientApiIntegrationTestCase
$response->assertJsonCount(0, 'data'); $response->assertJsonCount(0, 'data');
} }
/**
* Test that a subuser without the allocation.read permission is only able to see the primary
* allocation for the server.
*/
public function testOnlyPrimaryAllocationIsReturnedToSubuser()
{
/** @var \Pterodactyl\Models\Server $server */
[$user, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
$server->allocation->notes = 'Test notes';
$server->allocation->save();
factory(Allocation::class)->times(2)->create([
'node_id' => $server->node_id,
'server_id' => $server->id,
]);
$server->refresh();
$response = $this->actingAs($user)->getJson('/api/client');
$response->assertOk();
$response->assertJsonCount(1, 'data');
$response->assertJsonPath('data.0.attributes.server_owner', false);
$response->assertJsonPath('data.0.attributes.uuid', $server->uuid);
$response->assertJsonCount(1, 'data.0.attributes.relationships.allocations.data');
$response->assertJsonPath('data.0.attributes.relationships.allocations.data.0.attributes.id', $server->allocation->id);
$response->assertJsonPath('data.0.attributes.relationships.allocations.data.0.attributes.notes', null);
}
/** /**
* @return array * @return array
*/ */

12
tests/Integration/Api/Client/Server/Subuser/DeleteSubuserTest.php
View file

@ -2,10 +2,12 @@
namespace Pterodactyl\Tests\Integration\Api\Client\Server\Subuser; namespace Pterodactyl\Tests\Integration\Api\Client\Server\Subuser;
use Mockery;
use Ramsey\Uuid\Uuid; use Ramsey\Uuid\Uuid;
use Pterodactyl\Models\User; use Pterodactyl\Models\User;
use Pterodactyl\Models\Subuser; use Pterodactyl\Models\Subuser;
use Pterodactyl\Models\Permission; use Pterodactyl\Models\Permission;
use Pterodactyl\Repositories\Wings\DaemonServerRepository;
use Pterodactyl\Tests\Integration\Api\Client\ClientApiIntegrationTestCase; use Pterodactyl\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
class DeleteSubuserTest extends ClientApiIntegrationTestCase class DeleteSubuserTest extends ClientApiIntegrationTestCase
@ -23,6 +25,8 @@ class DeleteSubuserTest extends ClientApiIntegrationTestCase
*/ */
public function testCorrectSubuserIsDeletedFromServer() public function testCorrectSubuserIsDeletedFromServer()
{ {
$this->swap(DaemonServerRepository::class, $mock = Mockery::mock(DaemonServerRepository::class));
[$user, $server] = $this->generateTestAccount(); [$user, $server] = $this->generateTestAccount();
/** @var \Pterodactyl\Models\User $differentUser */ /** @var \Pterodactyl\Models\User $differentUser */
@ -37,9 +41,11 @@ class DeleteSubuserTest extends ClientApiIntegrationTestCase
Subuser::query()->forceCreate([ Subuser::query()->forceCreate([
'user_id' => $subuser->id, 'user_id' => $subuser->id,
'server_id' => $server->id, 'server_id' => $server->id,
'permissions' => [ Permission::ACTION_WEBSOCKET_CONNECT ], 'permissions' => [Permission::ACTION_WEBSOCKET_CONNECT],
]); ]);
$mock->expects('setServer->revokeJTIs')->with([md5($subuser->id . $server->uuid)])->andReturnUndefined();
$this->actingAs($user)->deleteJson($this->link($server) . "/users/{$subuser->uuid}")->assertNoContent(); $this->actingAs($user)->deleteJson($this->link($server) . "/users/{$subuser->uuid}")->assertNoContent();
// Try the same test, but this time with a UUID that if cast to an int (shouldn't) line up with // Try the same test, but this time with a UUID that if cast to an int (shouldn't) line up with
@ -51,9 +57,11 @@ class DeleteSubuserTest extends ClientApiIntegrationTestCase
Subuser::query()->forceCreate([ Subuser::query()->forceCreate([
'user_id' => $subuser->id, 'user_id' => $subuser->id,
'server_id' => $server->id, 'server_id' => $server->id,
'permissions' => [ Permission::ACTION_WEBSOCKET_CONNECT ], 'permissions' => [Permission::ACTION_WEBSOCKET_CONNECT],
]); ]);
$mock->expects('setServer->revokeJTIs')->with([md5($subuser->id . $server->uuid)])->andReturnUndefined();
$this->actingAs($user)->deleteJson($this->link($server) . "/users/{$subuser->uuid}")->assertNoContent(); $this->actingAs($user)->deleteJson($this->link($server) . "/users/{$subuser->uuid}")->assertNoContent();
} }
} }

2
tests/Integration/Api/Client/Server/WebsocketControllerTest.php
View file

@ -63,7 +63,7 @@ class WebsocketControllerTest extends ClientApiIntegrationTestCase
$this->assertSame($server->node->getConnectionAddress(), $token->getClaim('aud')); $this->assertSame($server->node->getConnectionAddress(), $token->getClaim('aud'));
$this->assertSame(CarbonImmutable::now()->getTimestamp(), $token->getClaim('iat')); $this->assertSame(CarbonImmutable::now()->getTimestamp(), $token->getClaim('iat'));
$this->assertSame(CarbonImmutable::now()->subMinutes(5)->getTimestamp(), $token->getClaim('nbf')); $this->assertSame(CarbonImmutable::now()->subMinutes(5)->getTimestamp(), $token->getClaim('nbf'));
$this->assertSame(CarbonImmutable::now()->addMinutes(15)->getTimestamp(), $token->getClaim('exp')); $this->assertSame(CarbonImmutable::now()->addMinutes(10)->getTimestamp(), $token->getClaim('exp'));
$this->assertSame($user->id, $token->getClaim('user_id')); $this->assertSame($user->id, $token->getClaim('user_id'));
$this->assertSame($server->uuid, $token->getClaim('server_uuid')); $this->assertSame($server->uuid, $token->getClaim('server_uuid'));
$this->assertSame(['*'], $token->getClaim('permissions')); $this->assertSame(['*'], $token->getClaim('permissions'));

17
tests/Integration/Services/Servers/BuildModificationServiceTest.php
View file

@ -3,15 +3,12 @@
namespace Pterodactyl\Tests\Integration\Services\Servers; namespace Pterodactyl\Tests\Integration\Services\Servers;
use Mockery; use Mockery;
use Exception;
use Pterodactyl\Models\Server; use Pterodactyl\Models\Server;
use Pterodactyl\Models\Allocation; use Pterodactyl\Models\Allocation;
use Pterodactyl\Exceptions\DisplayException; use Pterodactyl\Exceptions\DisplayException;
use GuzzleHttp\Exception\BadResponseException;
use Pterodactyl\Tests\Integration\IntegrationTestCase; use Pterodactyl\Tests\Integration\IntegrationTestCase;
use Pterodactyl\Repositories\Wings\DaemonServerRepository; use Pterodactyl\Repositories\Wings\DaemonServerRepository;
use Pterodactyl\Services\Servers\BuildModificationService; use Pterodactyl\Services\Servers\BuildModificationService;
use Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException;
class BuildModificationServiceTest extends IntegrationTestCase class BuildModificationServiceTest extends IntegrationTestCase
{ {
@ -114,12 +111,14 @@ class BuildModificationServiceTest extends IntegrationTestCase
$this->daemonServerRepository->expects('update')->with(Mockery::on(function ($data) { $this->daemonServerRepository->expects('update')->with(Mockery::on(function ($data) {
$this->assertEquals([ $this->assertEquals([
'memory_limit' => 256, 'build' => [
'swap' => 128, 'memory_limit' => 256,
'io_weight' => 600, 'swap' => 128,
'cpu_limit' => 150, 'io_weight' => 600,
'threads' => '1,2', 'cpu_limit' => 150,
'disk_space' => 1024, 'threads' => '1,2',
'disk_space' => 1024,
],
], $data); ], $data);
return true; return true;