Add base logic to support sending a request to restore a backup for a server

This commit is contained in:
Dane Everitt 2021-01-17 17:51:09 -08:00
parent 805952ac38
commit 87371901c0
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
9 changed files with 229 additions and 237 deletions

View file

@ -2,18 +2,21 @@
namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
use Illuminate\Http\Request;
use Pterodactyl\Models\Backup;
use Pterodactyl\Models\Server;
use Pterodactyl\Models\AuditLog;
use Illuminate\Http\JsonResponse;
use Pterodactyl\Models\Permission;
use Illuminate\Validation\UnauthorizedException;
use Pterodactyl\Services\Backups\DeleteBackupService;
use Pterodactyl\Repositories\Eloquent\BackupRepository;
use Pterodactyl\Services\Backups\DownloadLinkService;
use Pterodactyl\Services\Backups\InitiateBackupService;
use Pterodactyl\Transformers\Api\Client\BackupTransformer;
use Pterodactyl\Repositories\Wings\DaemonBackupRepository;
use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
use Pterodactyl\Http\Requests\Api\Client\Servers\Backups\GetBackupsRequest;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Pterodactyl\Http\Requests\Api\Client\Servers\Backups\StoreBackupRequest;
use Pterodactyl\Http\Requests\Api\Client\Servers\Backups\DeleteBackupRequest;
class BackupController extends ClientApiController
{
@ -28,39 +31,51 @@ class BackupController extends ClientApiController
private $deleteBackupService;
/**
* @var \Pterodactyl\Repositories\Eloquent\BackupRepository
* @var \Pterodactyl\Services\Backups\DownloadLinkService
*/
private $downloadLinkService;
/**
* @var \Pterodactyl\Repositories\Wings\DaemonBackupRepository
*/
private $repository;
/**
* BackupController constructor.
*
* @param \Pterodactyl\Repositories\Eloquent\BackupRepository $repository
* @param \Pterodactyl\Repositories\Wings\DaemonBackupRepository $repository
* @param \Pterodactyl\Services\Backups\DeleteBackupService $deleteBackupService
* @param \Pterodactyl\Services\Backups\InitiateBackupService $initiateBackupService
* @param \Pterodactyl\Services\Backups\DownloadLinkService $downloadLinkService
*/
public function __construct(
BackupRepository $repository,
DaemonBackupRepository $repository,
DeleteBackupService $deleteBackupService,
InitiateBackupService $initiateBackupService
InitiateBackupService $initiateBackupService,
DownloadLinkService $downloadLinkService
) {
parent::__construct();
$this->repository = $repository;
$this->initiateBackupService = $initiateBackupService;
$this->deleteBackupService = $deleteBackupService;
$this->repository = $repository;
$this->downloadLinkService = $downloadLinkService;
}
/**
* Returns all of the backups for a given server instance in a paginated
* result set.
*
* @param \Pterodactyl\Http\Requests\Api\Client\Servers\Backups\GetBackupsRequest $request
* @param \Illuminate\Http\Request $request
* @param \Pterodactyl\Models\Server $server
* @return array
*/
public function index(GetBackupsRequest $request, Server $server)
public function index(Request $request, Server $server)
{
if (! $request->user()->can(Permission::ACTION_BACKUP_READ, $server)) {
throw new UnauthorizedException;
}
$limit = min($request->query('per_page') ?? 20, 50);
return $this->fractal->collection($server->backups()->paginate($limit))
@ -100,13 +115,17 @@ class BackupController extends ClientApiController
/**
* Returns information about a single backup.
*
* @param \Pterodactyl\Http\Requests\Api\Client\Servers\Backups\GetBackupsRequest $request
* @param \Illuminate\Http\Request $request
* @param \Pterodactyl\Models\Server $server
* @param \Pterodactyl\Models\Backup $backup
* @return array
*/
public function view(GetBackupsRequest $request, Server $server, Backup $backup)
public function view(Request $request, Server $server, Backup $backup)
{
if (! $request->user()->can(Permission::ACTION_BACKUP_READ, $server)) {
throw new UnauthorizedException;
}
return $this->fractal->item($backup)
->transformWith($this->getTransformer(BackupTransformer::class))
->toArray();
@ -116,15 +135,19 @@ class BackupController extends ClientApiController
* Deletes a backup from the panel as well as the remote source where it is currently
* being stored.
*
* @param \Pterodactyl\Http\Requests\Api\Client\Servers\Backups\DeleteBackupRequest $request
* @param \Illuminate\Http\Request $request
* @param \Pterodactyl\Models\Server $server
* @param \Pterodactyl\Models\Backup $backup
* @return \Illuminate\Http\JsonResponse
*
* @throws \Throwable
*/
public function delete(DeleteBackupRequest $request, Server $server, Backup $backup)
public function delete(Request $request, Server $server, Backup $backup)
{
if (! $request->user()->can(Permission::ACTION_BACKUP_DELETE, $server)) {
throw new UnauthorizedException;
}
$server->audit(AuditLog::SERVER__BACKUP_DELETED, function (AuditLog $audit) use ($backup) {
$audit->metadata = ['backup_uuid' => $backup->uuid];
@ -133,4 +156,79 @@ class BackupController extends ClientApiController
return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
}
/**
* Download the backup for a given server instance. For daemon local files, the file
* will be streamed back through the Panel. For AWS S3 files, a signed URL will be generated
* which the user is redirected to.
*
* @param \Illuminate\Http\Request $request
* @param \Pterodactyl\Models\Server $server
* @param \Pterodactyl\Models\Backup $backup
* @return \Illuminate\Http\JsonResponse
*/
public function download(Request $request, Server $server, Backup $backup)
{
if (! $request->user()->can(Permission::ACTION_BACKUP_DOWNLOAD, $server)) {
throw new UnauthorizedException;
}
switch ($backup->disk) {
case Backup::ADAPTER_WINGS:
case Backup::ADAPTER_AWS_S3:
return new JsonResponse([
'object' => 'signed_url',
'attributes' => ['url' => ''],
]);
default:
throw new BadRequestHttpException;
}
}
/**
* Handles restoring a backup by making a request to the Wings instance telling it
* to begin the process of finding (or downloading) the backup and unpacking it
* over the server files.
*
* If the "truncate" flag is passed through in this request then all of the
* files that currently exist on the server will be deleted before restoring.
* Otherwise the archive will simply be unpacked over the existing files.
*
* @param \Illuminate\Http\Request $request
* @param \Pterodactyl\Models\Server $server
* @param \Pterodactyl\Models\Backup $backup
* @return \Illuminate\Http\JsonResponse
*
* @throws \Throwable
*/
public function restore(Request $request, Server $server, Backup $backup)
{
if (! $request->user()->can(Permission::ACTION_BACKUP_RESTORE, $server)) {
throw new UnauthorizedException;
}
// Cannot restore a backup unless a server is fully installed and not currently
// processing a different backup restoration request.
if (! is_null($server->status)) {
throw new BadRequestHttpException('This server is not currently in a state that allows for a backup to be restored.');
}
$server->audit(AuditLog::SERVER__BACKUP_RESTORE_STARTED, function (AuditLog $audit, Server $server) use ($backup, $request) {
$audit->metadata = ['backup_uuid' => $backup->uuid];
// If the backup is for an S3 file we need to generate a unique Download link for
// it that will allow Wings to actually access the file.
if ($backup->disk === Backup::ADAPTER_AWS_S3) {
$url = $this->downloadLinkService->handle($backup, $request->user());
}
// Update the status right away for the server so that we know not to allow certain
// actions against it via the Panel API.
$server->update(['status' => Server::STATUS_RESTORING_BACKUP]);
$this->repository->restore($backup, $url ?? null, $request->input('truncate') === 'true');
});
return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
}
}

View file

@ -1,144 +0,0 @@
<?php
namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
use Carbon\CarbonImmutable;
use Pterodactyl\Models\User;
use Pterodactyl\Models\Backup;
use Pterodactyl\Models\Server;
use Illuminate\Http\JsonResponse;
use Pterodactyl\Services\Nodes\NodeJWTService;
use Illuminate\Contracts\Routing\ResponseFactory;
use Pterodactyl\Extensions\Backups\BackupManager;
use Pterodactyl\Repositories\Wings\DaemonBackupRepository;
use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Pterodactyl\Http\Requests\Api\Client\Servers\Backups\DownloadBackupRequest;
class DownloadBackupController extends ClientApiController
{
/**
* @var \Pterodactyl\Repositories\Wings\DaemonBackupRepository
*/
private $daemonBackupRepository;
/**
* @var \Illuminate\Contracts\Routing\ResponseFactory
*/
private $responseFactory;
/**
* @var \Pterodactyl\Services\Nodes\NodeJWTService
*/
private $jwtService;
/**
* @var \Pterodactyl\Extensions\Backups\BackupManager
*/
private $backupManager;
/**
* DownloadBackupController constructor.
*
* @param \Pterodactyl\Repositories\Wings\DaemonBackupRepository $daemonBackupRepository
* @param \Pterodactyl\Services\Nodes\NodeJWTService $jwtService
* @param \Pterodactyl\Extensions\Backups\BackupManager $backupManager
* @param \Illuminate\Contracts\Routing\ResponseFactory $responseFactory
*/
public function __construct(
DaemonBackupRepository $daemonBackupRepository,
NodeJWTService $jwtService,
BackupManager $backupManager,
ResponseFactory $responseFactory
) {
parent::__construct();
$this->daemonBackupRepository = $daemonBackupRepository;
$this->responseFactory = $responseFactory;
$this->jwtService = $jwtService;
$this->backupManager = $backupManager;
}
/**
* Download the backup for a given server instance. For daemon local files, the file
* will be streamed back through the Panel. For AWS S3 files, a signed URL will be generated
* which the user is redirected to.
*
* @param \Pterodactyl\Http\Requests\Api\Client\Servers\Backups\DownloadBackupRequest $request
* @param \Pterodactyl\Models\Server $server
* @param \Pterodactyl\Models\Backup $backup
* @return \Illuminate\Http\JsonResponse
*/
public function __invoke(DownloadBackupRequest $request, Server $server, Backup $backup)
{
switch ($backup->disk) {
case Backup::ADAPTER_WINGS:
$url = $this->getLocalBackupUrl($backup, $server, $request->user());
break;
case Backup::ADAPTER_AWS_S3:
$url = $this->getS3BackupUrl($backup, $server);
break;
default:
throw new BadRequestHttpException;
}
return new JsonResponse([
'object' => 'signed_url',
'attributes' => [
'url' => $url,
],
]);
}
/**
* Returns a signed URL that allows us to download a file directly out of a non-public
* S3 bucket by using a signed URL.
*
* @param \Pterodactyl\Models\Backup $backup
* @param \Pterodactyl\Models\Server $server
* @return string
*/
protected function getS3BackupUrl(Backup $backup, Server $server)
{
/** @var \League\Flysystem\AwsS3v3\AwsS3Adapter $adapter */
$adapter = $this->backupManager->adapter(Backup::ADAPTER_AWS_S3);
$client = $adapter->getClient();
$request = $client->createPresignedRequest(
$client->getCommand('GetObject', [
'Bucket' => $adapter->getBucket(),
'Key' => sprintf('%s/%s.tar.gz', $server->uuid, $backup->uuid),
'ContentType' => 'application/x-gzip',
]),
CarbonImmutable::now()->addMinutes(5)
);
return $request->getUri()->__toString();
}
/**
* Returns a download link a backup stored on a wings instance.
*
* @param \Pterodactyl\Models\Backup $backup
* @param \Pterodactyl\Models\Server $server
* @param \Pterodactyl\Models\User $user
* @return string
*/
protected function getLocalBackupUrl(Backup $backup, Server $server, User $user)
{
$token = $this->jwtService
->setExpiresAt(CarbonImmutable::now()->addMinutes(15))
->setClaims([
'backup_uuid' => $backup->uuid,
'server_uuid' => $server->uuid,
])
->handle($server->node, $user->id . $server->uuid);
return sprintf(
'%s/download/backup?token=%s',
$server->node->getConnectionAddress(),
$token->__toString()
);
}
}

View file

@ -1,17 +0,0 @@
<?php
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Backups;
use Pterodactyl\Models\Permission;
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
class DeleteBackupRequest extends ClientApiRequest
{
/**
* @return string
*/
public function permission()
{
return Permission::ACTION_BACKUP_DELETE;
}
}

View file

@ -1,41 +0,0 @@
<?php
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Backups;
use Pterodactyl\Models\Backup;
use Pterodactyl\Models\Server;
use Pterodactyl\Models\Permission;
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
class DownloadBackupRequest extends ClientApiRequest
{
/**
* @return string
*/
public function permission()
{
return Permission::ACTION_BACKUP_DOWNLOAD;
}
/**
* Ensure that this backup belongs to the server that is also present in the
* request.
*
* @return bool
*/
public function resourceExists(): bool
{
/** @var \Pterodactyl\Models\Server|mixed $server */
$server = $this->route()->parameter('server');
/** @var \Pterodactyl\Models\Backup|mixed $backup */
$backup = $this->route()->parameter('backup');
if ($server instanceof Server && $backup instanceof Backup) {
if ($server->exists && $backup->exists && $server->id === $backup->server_id) {
return true;
}
}
return false;
}
}

View file

@ -1,17 +0,0 @@
<?php
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Backups;
use Pterodactyl\Models\Permission;
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
class GetBackupsRequest extends ClientApiRequest
{
/**
* @return string
*/
public function permission()
{
return Permission::ACTION_BACKUP_READ;
}
}

View file

@ -39,9 +39,9 @@ class Permission extends Model
const ACTION_BACKUP_READ = 'backup.read';
const ACTION_BACKUP_CREATE = 'backup.create';
const ACTION_BACKUP_UPDATE = 'backup.update';
const ACTION_BACKUP_DELETE = 'backup.delete';
const ACTION_BACKUP_DOWNLOAD = 'backup.download';
const ACTION_BACKUP_RESTORE = 'backup.restore';
const ACTION_ALLOCATION_READ = 'allocation.read';
const ACTION_ALLOCATION_CREATE = 'allocation.create';
@ -154,9 +154,9 @@ class Permission extends Model
'keys' => [
'create' => 'Allows a user to create new backups for this server.',
'read' => 'Allows a user to view all backups that exist for this server.',
'update' => '',
'delete' => 'Allows a user to remove backups from the system.',
'download' => 'Allows a user to download backups.',
'download' => 'Allows a user to download a backup for the server. Danger: this allows a user to access all files for the server in the backup.',
'restore' => 'Allows a user to restore a backup for the server. Danger: this allows the user to delete all of the server files in the process.'
],
],

View file

@ -66,6 +66,7 @@ class Server extends Model
const STATUS_INSTALLING = 'installing';
const STATUS_INSTALL_FAILED = 'install_failed';
const STATUS_SUSPENDED = 'suspended';
const STATUS_RESTORING_BACKUP = 'restoring_backup';
/**
* The table associated with the model.

View file

@ -2,7 +2,6 @@
namespace Pterodactyl\Repositories\Wings;
use Illuminate\Support\Arr;
use Webmozart\Assert\Assert;
use Pterodactyl\Models\Backup;
use Pterodactyl\Models\Server;
@ -58,6 +57,36 @@ class DaemonBackupRepository extends DaemonRepository
}
}
/**
* Sends a request to Wings to begin restoring a backup for a server.
*
* @param \Pterodactyl\Models\Backup $backup
* @param string|null $url
* @param bool $truncate
* @return \Psr\Http\Message\ResponseInterface
*
* @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException
*/
public function restore(Backup $backup, string $url = null, bool $truncate = false): ResponseInterface
{
Assert::isInstanceOf($this->server, Server::class);
try {
return $this->getHttpClient()->post(
sprintf('/api/servers/%s/backup/%s/restore', $this->server->uuid, $backup->uuid),
[
'json' => [
'adapter' => $backup->disk,
'truncate_directory' => $truncate,
'download_url' => $url ?? '',
],
]
);
} catch (TransferException $exception) {
throw new DaemonConnectionException($exception);
}
}
/**
* Deletes a backup from the daemon.
*

View file

@ -0,0 +1,83 @@
<?php
namespace Pterodactyl\Services\Backups;
use Carbon\CarbonImmutable;
use Pterodactyl\Models\User;
use Pterodactyl\Models\Backup;
use Pterodactyl\Services\Nodes\NodeJWTService;
use Pterodactyl\Extensions\Backups\BackupManager;
class DownloadLinkService
{
/**
* @var \Pterodactyl\Extensions\Backups\BackupManager
*/
private $backupManager;
/**
* @var \Pterodactyl\Services\Nodes\NodeJWTService
*/
private $jwtService;
/**
* DownloadLinkService constructor.
*
* @param \Pterodactyl\Extensions\Backups\BackupManager $backupManager
* @param \Pterodactyl\Services\Nodes\NodeJWTService $jwtService
*/
public function __construct(BackupManager $backupManager, NodeJWTService $jwtService)
{
$this->backupManager = $backupManager;
$this->jwtService = $jwtService;
}
/**
* Returns the URL that allows for a backup to be downloaded by an individual
* user, or by the Wings control software.
*
* @param \Pterodactyl\Models\Backup $backup
* @param \Pterodactyl\Models\User $user
* @return string
*/
public function handle(Backup $backup, User $user): string
{
if ($backup->disk === Backup::ADAPTER_AWS_S3) {
return $this->getS3BackupUrl($backup);
}
$token = $this->jwtService
->setExpiresAt(CarbonImmutable::now()->addMinutes(15))
->setClaims([
'backup_uuid' => $backup->uuid,
'server_uuid' => $backup->server->uuid,
])
->handle($backup->server->node, $user->id . $backup->server->uuid);
return sprintf('%s/download/backup?token=%s', $backup->server->node->getConnectionAddress(), $token->__toString());
}
/**
* Returns a signed URL that allows us to download a file directly out of a non-public
* S3 bucket by using a signed URL.
*
* @param \Pterodactyl\Models\Backup $backup
* @return string
*/
protected function getS3BackupUrl(Backup $backup)
{
/** @var \League\Flysystem\AwsS3v3\AwsS3Adapter $adapter */
$adapter = $this->backupManager->adapter(Backup::ADAPTER_AWS_S3);
$request = $adapter->getClient()->createPresignedRequest(
$adapter->getClient()->getCommand('GetObject', [
'Bucket' => $adapter->getBucket(),
'Key' => sprintf('%s/%s.tar.gz', $backup->server->uuid, $backup->uuid),
'ContentType' => 'application/x-gzip',
]),
CarbonImmutable::now()->addMinutes(5)
);
return $request->getUri()->__toString();
}
}