Skynet/misc_pterodactyl-panel
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'develop' into feature/react-admin

Browse source
This commit is contained in:
Matthew Penner 2021-02-07 16:16:22 -07:00
commit a87fef37ec
77 changed files with 1082 additions and 839 deletions
Download patch file Download diff file Expand all files Collapse all files

155
app/Http/Controllers/Api/Client/Servers/BackupController.php
View file

@ -2,17 +2,21 @@
namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
use Illuminate\Http\Request;
use Pterodactyl\Models\Backup;
use Pterodactyl\Models\Server;
use Pterodactyl\Models\AuditLog;
use Illuminate\Http\JsonResponse;
use Pterodactyl\Models\Permission;
use Illuminate\Auth\Access\AuthorizationException;
use Pterodactyl\Services\Backups\DeleteBackupService;
use Pterodactyl\Repositories\Eloquent\BackupRepository;
use Pterodactyl\Services\Backups\DownloadLinkService;
use Pterodactyl\Services\Backups\InitiateBackupService;
use Pterodactyl\Repositories\Wings\DaemonBackupRepository;
use Pterodactyl\Transformers\Api\Client\BackupTransformer;
use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
use Pterodactyl\Http\Requests\Api\Client\Servers\Backups\GetBackupsRequest;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Pterodactyl\Http\Requests\Api\Client\Servers\Backups\StoreBackupRequest;
use Pterodactyl\Http\Requests\Api\Client\Servers\Backups\DeleteBackupRequest;
class BackupController extends ClientApiController
{
@ -27,7 +31,12 @@ class BackupController extends ClientApiController
private $deleteBackupService;
/**
* @var \Pterodactyl\Repositories\Eloquent\BackupRepository
* @var \Pterodactyl\Services\Backups\DownloadLinkService
*/
private $downloadLinkService;
/**
* @var \Pterodactyl\Repositories\Wings\DaemonBackupRepository
*/
private $repository;
@ -35,25 +44,33 @@ class BackupController extends ClientApiController
* BackupController constructor.
*/
public function __construct(
BackupRepository $repository,
DaemonBackupRepository $repository,
DeleteBackupService $deleteBackupService,
InitiateBackupService $initiateBackupService
InitiateBackupService $initiateBackupService,
DownloadLinkService $downloadLinkService
) {
parent::__construct();
$this->repository = $repository;
$this->initiateBackupService = $initiateBackupService;
$this->deleteBackupService = $deleteBackupService;
$this->repository = $repository;
$this->downloadLinkService = $downloadLinkService;
}
/**
* Returns all of the backups for a given server instance in a paginated
* result set.
*
* @return array
* @throws \Spatie\Fractalistic\Exceptions\InvalidTransformation
* @throws \Spatie\Fractalistic\Exceptions\NoTransformerSpecified
* @throws \Illuminate\Auth\Access\AuthorizationException
*/
public function index(GetBackupsRequest $request, Server $server)
public function index(Request $request, Server $server): array
{
if (!$request->user()->can(Permission::ACTION_BACKUP_READ, $server)) {
throw new AuthorizationException();
}
$limit = min($request->query('per_page') ?? 20, 50);
return $this->fractal->collection($server->backups()->paginate($limit))
@ -64,17 +81,24 @@ class BackupController extends ClientApiController
/**
* Starts the backup process for a server.
*
* @return array
*
* @throws \Exception|\Throwable
* @throws \Spatie\Fractalistic\Exceptions\InvalidTransformation
* @throws \Spatie\Fractalistic\Exceptions\NoTransformerSpecified
* @throws \Throwable
*/
public function store(StoreBackupRequest $request, Server $server)
public function store(StoreBackupRequest $request, Server $server): array
{
$backup = $this->initiateBackupService
->setIgnoredFiles(
explode(PHP_EOL, $request->input('ignored') ?? '')
)
->handle($server, $request->input('name'));
/** @var \Pterodactyl\Models\Backup $backup */
$backup = $server->audit(AuditLog::SERVER__BACKUP_STARTED, function (AuditLog $model, Server $server) use ($request) {
$backup = $this->initiateBackupService
->setIgnoredFiles(
explode(PHP_EOL, $request->input('ignored') ?? '')
)
->handle($server, $request->input('name'));
$model->metadata = ['backup_uuid' => $backup->uuid];
return $backup;
});
return $this->fractal->item($backup)
->transformWith($this->getTransformer(BackupTransformer::class))
@ -84,10 +108,16 @@ class BackupController extends ClientApiController
/**
* Returns information about a single backup.
*
* @return array
* @throws \Spatie\Fractalistic\Exceptions\InvalidTransformation
* @throws \Spatie\Fractalistic\Exceptions\NoTransformerSpecified
* @throws \Illuminate\Auth\Access\AuthorizationException
*/
public function view(GetBackupsRequest $request, Server $server, Backup $backup)
public function view(Request $request, Server $server, Backup $backup): array
{
if (!$request->user()->can(Permission::ACTION_BACKUP_READ, $server)) {
throw new AuthorizationException();
}
return $this->fractal->item($backup)
->transformWith($this->getTransformer(BackupTransformer::class))
->toArray();
@ -97,14 +127,91 @@ class BackupController extends ClientApiController
* Deletes a backup from the panel as well as the remote source where it is currently
* being stored.
*
* @return \Illuminate\Http\JsonResponse
* @throws \Throwable
*/
public function delete(Request $request, Server $server, Backup $backup): JsonResponse
{
if (!$request->user()->can(Permission::ACTION_BACKUP_DELETE, $server)) {
throw new AuthorizationException();
}
$server->audit(AuditLog::SERVER__BACKUP_DELETED, function (AuditLog $audit) use ($backup) {
$audit->metadata = ['backup_uuid' => $backup->uuid];
$this->deleteBackupService->handle($backup);
});
return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
}
/**
* Download the backup for a given server instance. For daemon local files, the file
* will be streamed back through the Panel. For AWS S3 files, a signed URL will be generated
* which the user is redirected to.
*
* @throws \Illuminate\Auth\Access\AuthorizationException
*/
public function download(Request $request, Server $server, Backup $backup): JsonResponse
{
if (!$request->user()->can(Permission::ACTION_BACKUP_DOWNLOAD, $server)) {
throw new AuthorizationException();
}
switch ($backup->disk) {
case Backup::ADAPTER_WINGS:
case Backup::ADAPTER_AWS_S3:
return new JsonResponse([
'object' => 'signed_url',
'attributes' => ['url' => ''],
]);
default:
throw new BadRequestHttpException();
}
}
/**
* Handles restoring a backup by making a request to the Wings instance telling it
* to begin the process of finding (or downloading) the backup and unpacking it
* over the server files.
*
* If the "truncate" flag is passed through in this request then all of the
* files that currently exist on the server will be deleted before restoring.
* Otherwise the archive will simply be unpacked over the existing files.
*
* @throws \Throwable
*/
public function delete(DeleteBackupRequest $request, Server $server, Backup $backup)
public function restore(Request $request, Server $server, Backup $backup): JsonResponse
{
$this->deleteBackupService->handle($backup);
if (!$request->user()->can(Permission::ACTION_BACKUP_RESTORE, $server)) {
throw new AuthorizationException();
}
return JsonResponse::create([], JsonResponse::HTTP_NO_CONTENT);
// Cannot restore a backup unless a server is fully installed and not currently
// processing a different backup restoration request.
if (!is_null($server->status)) {
throw new BadRequestHttpException('This server is not currently in a state that allows for a backup to be restored.');
}
if (!$backup->is_successful && !$backup->completed_at) {
throw new BadRequestHttpException('This backup cannot be restored at this time: not completed or failed.');
}
$server->audit(AuditLog::SERVER__BACKUP_RESTORE_STARTED, function (AuditLog $audit, Server $server) use ($backup, $request) {
$audit->metadata = ['backup_uuid' => $backup->uuid];
// If the backup is for an S3 file we need to generate a unique Download link for
// it that will allow Wings to actually access the file.
if ($backup->disk === Backup::ADAPTER_AWS_S3) {
$url = $this->downloadLinkService->handle($backup, $request->user());
}
// Update the status right away for the server so that we know not to allow certain
// actions against it via the Panel API.
$server->update(['status' => Server::STATUS_RESTORING_BACKUP]);
$this->repository->setServer($server)->restore($backup, $url ?? null, $request->input('truncate') === 'true');
});
return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
}
}

131
app/Http/Controllers/Api/Client/Servers/DownloadBackupController.php
View file

@ -1,131 +0,0 @@
<?php
namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
use Carbon\CarbonImmutable;
use Pterodactyl\Models\User;
use Pterodactyl\Models\Backup;
use Pterodactyl\Models\Server;
use Illuminate\Http\JsonResponse;
use Pterodactyl\Services\Nodes\NodeJWTService;
use Illuminate\Contracts\Routing\ResponseFactory;
use Pterodactyl\Extensions\Backups\BackupManager;
use Pterodactyl\Repositories\Wings\DaemonBackupRepository;
use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Pterodactyl\Http\Requests\Api\Client\Servers\Backups\DownloadBackupRequest;
class DownloadBackupController extends ClientApiController
{
/**
* @var \Pterodactyl\Repositories\Wings\DaemonBackupRepository
*/
private $daemonBackupRepository;
/**
* @var \Illuminate\Contracts\Routing\ResponseFactory
*/
private $responseFactory;
/**
* @var \Pterodactyl\Services\Nodes\NodeJWTService
*/
private $jwtService;
/**
* @var \Pterodactyl\Extensions\Backups\BackupManager
*/
private $backupManager;
/**
* DownloadBackupController constructor.
*/
public function __construct(
DaemonBackupRepository $daemonBackupRepository,
NodeJWTService $jwtService,
BackupManager $backupManager,
ResponseFactory $responseFactory
) {
parent::__construct();
$this->daemonBackupRepository = $daemonBackupRepository;
$this->responseFactory = $responseFactory;
$this->jwtService = $jwtService;
$this->backupManager = $backupManager;
}
/**
* Download the backup for a given server instance. For daemon local files, the file
* will be streamed back through the Panel. For AWS S3 files, a signed URL will be generated
* which the user is redirected to.
*
* @return \Illuminate\Http\JsonResponse
*/
public function __invoke(DownloadBackupRequest $request, Server $server, Backup $backup)
{
switch ($backup->disk) {
case Backup::ADAPTER_WINGS:
$url = $this->getLocalBackupUrl($backup, $server, $request->user());
break;
case Backup::ADAPTER_AWS_S3:
$url = $this->getS3BackupUrl($backup, $server);
break;
default:
throw new BadRequestHttpException();
}
return new JsonResponse([
'object' => 'signed_url',
'attributes' => [
'url' => $url,
],
]);
}
/**
* Returns a signed URL that allows us to download a file directly out of a non-public
* S3 bucket by using a signed URL.
*
* @return string
*/
protected function getS3BackupUrl(Backup $backup, Server $server)
{
/** @var \League\Flysystem\AwsS3v3\AwsS3Adapter $adapter */
$adapter = $this->backupManager->adapter(Backup::ADAPTER_AWS_S3);
$client = $adapter->getClient();
$request = $client->createPresignedRequest(
$client->getCommand('GetObject', [
'Bucket' => $adapter->getBucket(),
'Key' => sprintf('%s/%s.tar.gz', $server->uuid, $backup->uuid),
'ContentType' => 'application/x-gzip',
]),
CarbonImmutable::now()->addMinutes(5)
);
return $request->getUri()->__toString();
}
/**
* Returns a download link a backup stored on a wings instance.
*
* @return string
*/
protected function getLocalBackupUrl(Backup $backup, Server $server, User $user)
{
$token = $this->jwtService
->setExpiresAt(CarbonImmutable::now()->addMinutes(15)->toDateTimeImmutable())
->setClaims([
'backup_uuid' => $backup->uuid,
'server_uuid' => $server->uuid,
])
->handle($server->node, $user->id . $server->uuid);
return sprintf(
'%s/download/backup?token=%s',
$server->node->getConnectionAddress(),
$token->toString()
);
}
}

133
app/Http/Controllers/Api/Client/Servers/FileController.php
View file

@ -5,6 +5,7 @@ namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
use Carbon\CarbonImmutable;
use Illuminate\Http\Response;
use Pterodactyl\Models\Server;
use Pterodactyl\Models\AuditLog;
use Illuminate\Http\JsonResponse;
use Pterodactyl\Services\Nodes\NodeJWTService;
use Illuminate\Contracts\Routing\ResponseFactory;
@ -74,19 +75,16 @@ class FileController extends ClientApiController
/**
* Return the contents of a specified file for the user.
*
* @throws \Pterodactyl\Exceptions\Http\Server\FileSizeTooLargeException
* @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException
* @throws \Throwable
*/
public function contents(GetFileContentsRequest $request, Server $server): Response
{
return new Response(
$this->fileRepository->setServer($server)->getContent(
$request->get('file'),
config('pterodactyl.files.max_edit_size')
),
Response::HTTP_OK,
['Content-Type' => 'text/plain']
$response = $this->fileRepository->setServer($server)->getContent(
$request->get('file'),
config('pterodactyl.files.max_edit_size')
);
return new Response($response, Response::HTTP_OK, ['Content-Type' => 'text/plain']);
}
/**
@ -95,17 +93,21 @@ class FileController extends ClientApiController
*
* @return array
*
* @throws \Exception
* @throws \Throwable
*/
public function download(GetFileContentsRequest $request, Server $server)
{
$token = $this->jwtService
->setExpiresAt(CarbonImmutable::now()->addMinutes(15)->toDateTimeImmutable())
->setClaims([
'file_path' => rawurldecode($request->get('file')),
'server_uuid' => $server->uuid,
])
->handle($server->node, $request->user()->id . $server->uuid);
$token = $server->audit(AuditLog::SERVER__FILESYSTEM_DOWNLOAD, function (AuditLog $audit, Server $server) use ($request) {
$audit->metadata = ['file' => $request->get('file')];
return $this->jwtService
->setExpiresAt(CarbonImmutable::now()->addMinutes(15))
->setClaims([
'file_path' => rawurldecode($request->get('file')),
'server_uuid' => $server->uuid,
])
->handle($server->node, $request->user()->id . $server->uuid);
});
return [
'object' => 'signed_url',
@ -126,7 +128,14 @@ class FileController extends ClientApiController
*/
public function write(WriteFileContentRequest $request, Server $server): JsonResponse
{
$this->fileRepository->setServer($server)->putContent($request->get('file'), $request->getContent());
$server->audit(AuditLog::SERVER__FILESYSTEM_WRITE, function (AuditLog $audit, Server $server) use ($request) {
$audit->subaction = 'write_content';
$audit->metadata = ['file' => $request->get('file')];
$this->fileRepository
->setServer($server)
->putContent($request->get('file'), $request->getContent());
});
return new JsonResponse([], Response::HTTP_NO_CONTENT);
}
@ -134,13 +143,18 @@ class FileController extends ClientApiController
/**
* Creates a new folder on the server.
*
* @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException
* @throws \Throwable
*/
public function create(CreateFolderRequest $request, Server $server): JsonResponse
{
$this->fileRepository
->setServer($server)
->createDirectory($request->input('name'), $request->input('root', '/'));
$server->audit(AuditLog::SERVER__FILESYSTEM_WRITE, function (AuditLog $audit, Server $server) use ($request) {
$audit->subaction = 'create_folder';
$audit->metadata = ['file' => $request->input('root', '/') . $request->input('name')];
$this->fileRepository
->setServer($server)
->createDirectory($request->input('name'), $request->input('root', '/'));
});
return new JsonResponse([], Response::HTTP_NO_CONTENT);
}
@ -148,13 +162,17 @@ class FileController extends ClientApiController
/**
* Renames a file on the remote machine.
*
* @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException
* @throws \Throwable
*/
public function rename(RenameFileRequest $request, Server $server): JsonResponse
{
$this->fileRepository
->setServer($server)
->renameFiles($request->input('root'), $request->input('files'));
$server->audit(AuditLog::SERVER__FILESYSTEM_RENAME, function (AuditLog $audit, Server $server) use ($request) {
$audit->metadata = ['root' => $request->input('root'), 'files' => $request->input('files')];
$this->fileRepository
->setServer($server)
->renameFiles($request->input('root'), $request->input('files'));
});
return new JsonResponse([], Response::HTTP_NO_CONTENT);
}
@ -166,9 +184,14 @@ class FileController extends ClientApiController
*/
public function copy(CopyFileRequest $request, Server $server): JsonResponse
{
$this->fileRepository
->setServer($server)
->copyFile($request->input('location'));
$server->audit(AuditLog::SERVER__FILESYSTEM_WRITE, function (AuditLog $audit, Server $server) use ($request) {
$audit->subaction = 'copy_file';
$audit->metadata = ['file' => $request->input('location')];
$this->fileRepository
->setServer($server)
->copyFile($request->input('location'));
});
return new JsonResponse([], Response::HTTP_NO_CONTENT);
}
@ -178,14 +201,18 @@ class FileController extends ClientApiController
*/
public function compress(CompressFilesRequest $request, Server $server): array
{
// Allow up to five minutes for this request to process before timing out.
set_time_limit(300);
$file = $server->audit(AuditLog::SERVER__FILESYSTEM_COMPRESS, function (AuditLog $audit, Server $server) use ($request) {
// Allow up to five minutes for this request to process before timing out.
set_time_limit(300);
$file = $this->fileRepository->setServer($server)
->compressFiles(
$request->input('root'),
$request->input('files')
);
$audit->metadata = ['root' => $request->input('root'), 'files' => $request->input('files')];
return $this->fileRepository->setServer($server)
->compressFiles(
$request->input('root'),
$request->input('files')
);
});
return $this->fractal->item($file)
->transformWith($this->getTransformer(FileObjectTransformer::class))
@ -197,11 +224,15 @@ class FileController extends ClientApiController
*/
public function decompress(DecompressFilesRequest $request, Server $server): JsonResponse
{
// Allow up to five minutes for this request to process before timing out.
set_time_limit(300);
$file = $server->audit(AuditLog::SERVER__FILESYSTEM_DECOMPRESS, function (AuditLog $audit, Server $server) use ($request) {
// Allow up to five minutes for this request to process before timing out.
set_time_limit(300);
$this->fileRepository->setServer($server)
->decompressFile($request->input('root'), $request->input('file'));
$audit->metadata = ['root' => $request->input('root'), 'files' => $request->input('file')];
$this->fileRepository->setServer($server)
->decompressFile($request->input('root'), $request->input('file'));
});
return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
}
@ -213,11 +244,15 @@ class FileController extends ClientApiController
*/
public function delete(DeleteFileRequest $request, Server $server): JsonResponse
{
$this->fileRepository->setServer($server)
->deleteFiles(
$request->input('root'),
$request->input('files')
);
$server->audit(AuditLog::SERVER__FILESYSTEM_DELETE, function (AuditLog $audit, Server $server) use ($request) {
$audit->metadata = ['root' => $request->input('root'), 'files' => $request->input('files')];
$this->fileRepository->setServer($server)
->deleteFiles(
$request->input('root'),
$request->input('files')
);
});
return new JsonResponse([], Response::HTTP_NO_CONTENT);
}
@ -243,11 +278,15 @@ class FileController extends ClientApiController
*
* @param $request
*
* @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException
* @throws \Throwable
*/
public function pull(PullFileRequest $request, Server $server): JsonResponse
{
$this->fileRepository->setServer($server)->pull($request->input('url'), $request->input('directory'));
$server->audit(AuditLog::SERVER__FILESYSTEM_PULL, function (AuditLog $audit, Server $server) use ($request) {
$audit->metadata = ['directory' => $request->input('directory'), 'url' => $request->input('url')];
$this->fileRepository->setServer($server)->pull($request->input('url'), $request->input('directory'));
});
return new JsonResponse([], Response::HTTP_NO_CONTENT);
}

72
app/Http/Controllers/Api/Remote/Backups/BackupStatusController.php
View file

@ -3,7 +3,10 @@
namespace Pterodactyl\Http\Controllers\Api\Remote\Backups;
use Carbon\CarbonImmutable;
use Illuminate\Http\Request;
use Pterodactyl\Models\Backup;
use Pterodactyl\Models\Server;
use Pterodactyl\Models\AuditLog;
use Illuminate\Http\JsonResponse;
use League\Flysystem\AwsS3v3\AwsS3Adapter;
use Pterodactyl\Exceptions\DisplayException;
@ -39,9 +42,9 @@ class BackupStatusController extends Controller
*
* @return \Illuminate\Http\JsonResponse
*
* @throws \Exception
* @throws \Throwable
*/
public function __invoke(ReportBackupCompleteRequest $request, string $backup)
public function index(ReportBackupCompleteRequest $request, string $backup)
{
/** @var \Pterodactyl\Models\Backup $model */
$model = Backup::query()->where('uuid', $backup)->firstOrFail();
@ -50,21 +53,60 @@ class BackupStatusController extends Controller
throw new BadRequestHttpException('Cannot update the status of a backup that is already marked as completed.');
}
$successful = $request->input('successful') ? true : false;
$action = $request->input('successful')
? AuditLog::SERVER__BACKUP_COMPELTED
: AuditLog::SERVER__BACKUP_FAILED;
$model->fill([
'is_successful' => $successful,
'checksum' => $successful ? ($request->input('checksum_type') . ':' . $request->input('checksum')) : null,
'bytes' => $successful ? $request->input('size') : 0,
'completed_at' => CarbonImmutable::now(),
])->save();
$model->server->audit($action, function (AuditLog $audit) use ($model, $request) {
$audit->is_system = true;
$audit->metadata = ['backup_uuid' => $model->uuid];
// Check if we are using the s3 backup adapter. If so, make sure we mark the backup as
// being completed in S3 correctly.
$adapter = $this->backupManager->adapter();
if ($adapter instanceof AwsS3Adapter) {
$this->completeMultipartUpload($model, $adapter, $successful);
}
$successful = $request->input('successful') ? true : false;
$model->fill([
'is_successful' => $successful,
'checksum' => $successful ? ($request->input('checksum_type') . ':' . $request->input('checksum')) : null,
'bytes' => $successful ? $request->input('size') : 0,
'completed_at' => CarbonImmutable::now(),
])->save();
// Check if we are using the s3 backup adapter. If so, make sure we mark the backup as
// being completed in S3 correctly.
$adapter = $this->backupManager->adapter();
if ($adapter instanceof AwsS3Adapter) {
$this->completeMultipartUpload($model, $adapter, $successful);
}
});
return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
}
/**
* Handles toggling the restoration status of a server. The server status field should be
* set back to null, even if the restoration failed. This is not an unsolvable state for
* the server, and the user can keep trying to restore, or just use the reinstall button.
*
* The only thing the successful field does is update the entry value for the audit logs
* table tracking for this restoration.
*
* @return \Illuminate\Http\JsonResponse
*
* @throws \Throwable
*/
public function restore(Request $request, string $backup)
{
/** @var \Pterodactyl\Models\Backup $model */
$model = Backup::query()->where('uuid', $backup)->firstOrFail();
$action = $request->get('successful')
? AuditLog::SERVER__BACKUP_RESTORE_COMPLETED
: AuditLog::SERVER__BACKUP_RESTORE_FAILED;
// Just create a new audit entry for this event and update the server state
// so that power actions, file management, and backups can resume as normal.
$model->server->audit($action, function (AuditLog $audit, Server $server) use ($backup) {
$audit->is_system = true;
$audit->metadata = ['backup_uuid' => $backup];
$server->update(['status' => null]);
});
return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
}

12
app/Http/Controllers/Api/Remote/Servers/ServerInstallController.php
View file

@ -4,6 +4,7 @@ namespace Pterodactyl\Http\Controllers\Api\Remote\Servers;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
use Pterodactyl\Models\Server;
use Illuminate\Http\JsonResponse;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Repositories\Eloquent\ServerRepository;
@ -55,10 +56,13 @@ class ServerInstallController extends Controller
{
$server = $this->repository->getByUuid($uuid);
$this->repository->update($server->id, [
'installed' => (string) $request->input('successful') === '1' ? 1 : 2,
], true, true);
$status = $request->input('successful') === '1' ? null : Server::STATUS_INSTALL_FAILED;
if ($server->status === Server::STATUS_SUSPENDED) {
$status = Server::STATUS_SUSPENDED;
}
return JsonResponse::create([], Response::HTTP_NO_CONTENT);
$this->repository->update($server->id, ['status' => $status], true, true);
return new JsonResponse([], Response::HTTP_NO_CONTENT);
}
}

13
app/Http/Controllers/Api/Remote/SftpAuthenticationController.php
View file

@ -12,8 +12,6 @@ use Pterodactyl\Exceptions\Http\HttpForbiddenException;
use Pterodactyl\Repositories\Eloquent\ServerRepository;
use Pterodactyl\Services\Servers\GetUserPermissionsService;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Pterodactyl\Exceptions\Http\Server\ServerTransferringException;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Pterodactyl\Http\Requests\Api\Remote\SftpAuthenticationFormRequest;
use Symfony\Component\HttpKernel\Exception\TooManyRequestsHttpException;
@ -98,16 +96,7 @@ class SftpAuthenticationController extends Controller
}
}
// Prevent SFTP access to servers that are being transferred.
if (!is_null($server->transfer)) {
throw new ServerTransferringException();
}
// Remember, for security purposes, only reveal the existence of the server to people that
// have provided valid credentials, and have permissions to know about it.
if ($server->installed !== 1 || $server->suspended) {
throw new BadRequestHttpException('Server is not installed or is currently suspended.');
}
$server->validateCurrentState();
return new JsonResponse([
'server' => $server->uuid,

2
app/Http/Kernel.php
View file

@ -28,7 +28,6 @@ use Pterodactyl\Http\Middleware\Api\AuthenticateIPAccess;
use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings;
use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
use Pterodactyl\Http\Middleware\Server\AccessingValidServer;
use Pterodactyl\Http\Middleware\Api\Daemon\DaemonAuthenticate;
use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;
use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode;
@ -106,7 +105,6 @@ class Kernel extends HttpKernel
'auth' => Authenticate::class,
'auth.basic' => AuthenticateWithBasicAuth::class,
'guest' => RedirectIfAuthenticated::class,
'server' => AccessingValidServer::class,
'admin' => AdminAuthenticate::class,
'csrf' => VerifyCsrfToken::class,
'throttle' => ThrottleRequests::class,

2
app/Http/Middleware/Admin/Servers/ServerInstalled.php
View file

@ -25,7 +25,7 @@ class ServerInstalled
throw new NotFoundHttpException('No server resource was located in the request parameters.');
}
if ($server->installed !== 1) {
if (!$server->isInstalled()) {
throw new HttpException(Response::HTTP_FORBIDDEN, 'Access to this resource is not allowed due to the current installation state.');
}

30
app/Http/Middleware/Api/Client/Server/AuthenticateServerAccess.php
View file

@ -6,10 +6,8 @@ use Closure;
use Illuminate\Http\Request;
use Pterodactyl\Models\Server;
use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
use Symfony\Component\HttpKernel\Exception\ConflictHttpException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Pterodactyl\Exceptions\Http\Server\ServerTransferringException;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Pterodactyl\Exceptions\Http\Server\ServerStateConflictException;
class AuthenticateServerAccess
{
@ -60,23 +58,17 @@ class AuthenticateServerAccess
}
}
if ($server->suspended && !$request->routeIs('api:client:server.resources')) {
throw new BadRequestHttpException('This server is currently suspended and the functionality requested is unavailable.');
}
// Still allow users to get information about their server if it is installing or being transferred.
if (!$request->routeIs('api:client:server.view')) {
if (!$server->isInstalled()) {
// Throw an exception for all server routes; however if the user is an admin and requesting the
// server details, don't throw the exception for them.
if (!$user->root_admin || ($user->root_admin && !$request->routeIs($this->except))) {
throw new ConflictHttpException('Server has not completed the installation process.');
try {
$server->validateCurrentState();
} catch (ServerStateConflictException $exception) {
// Still allow users to get information about their server if it is installing or
// being transferred.
if (!$request->routeIs('api:client:server.view')) {
if ($server->isSuspended() && !$request->routeIs('api:client:server.resources')) {
throw $exception;
}
}
if (!is_null($server->transfer)) {
if (!$user->root_admin || ($user->root_admin && !$request->routeIs($this->except))) {
throw new ServerTransferringException();
if (!$user->root_admin || !$request->routeIs($this->except)) {
throw $exception;
}
}
}

92
app/Http/Middleware/Server/AccessingValidServer.php
View file

@ -1,92 +0,0 @@
<?php
namespace Pterodactyl\Http\Middleware\Server;
use Closure;
use Illuminate\Http\Request;
use Pterodactyl\Models\Server;
use Illuminate\Contracts\Routing\ResponseFactory;
use Illuminate\Contracts\Config\Repository as ConfigRepository;
use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
use Symfony\Component\HttpKernel\Exception\ConflictHttpException;
use Pterodactyl\Exceptions\Http\Server\ServerTransferringException;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
class AccessingValidServer
{
/**
* @var \Illuminate\Contracts\Config\Repository
*/
private $config;
/**
* @var \Pterodactyl\Contracts\Repository\ServerRepositoryInterface
*/
private $repository;
/**
* @var \Illuminate\Contracts\Routing\ResponseFactory
*/
private $response;
/**
* AccessingValidServer constructor.
*/
public function __construct(
ConfigRepository $config,
ResponseFactory $response,
ServerRepositoryInterface $repository
) {
$this->config = $config;
$this->repository = $repository;
$this->response = $response;
}
/**
* Determine if a given user has permission to access a server.
*
* @return \Illuminate\Http\Response|mixed
*
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
* @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
*/
public function handle(Request $request, Closure $next)
{
$attributes = $request->route()->parameter('server');
$isApiRequest = $request->expectsJson() || $request->is(...$this->config->get('pterodactyl.json_routes', []));
$server = $this->repository->getByUuid($attributes instanceof Server ? $attributes->uuid : $attributes);
if ($server->suspended) {
if ($isApiRequest) {
throw new AccessDeniedHttpException('Server is suspended and cannot be accessed.');
}
return $this->response->view('errors.suspended', [], 403);
}
// Servers can have install statuses other than 1 or 0, so don't check
// for a bool-type operator here.
if ($server->installed !== 1) {
if ($isApiRequest) {
throw new ConflictHttpException('Server is still completing the installation process.');
}
return $this->response->view('errors.installing', [], 409);
}
if (!is_null($server->transfer)) {
if ($isApiRequest) {
throw new ServerTransferringException();
}
return $this->response->view('errors.transferring', [], 409);
}
// Add server to the request attributes. This will replace sessions
// as files are updated.
$request->attributes->set('server', $server);
return $next($request);
}
}

17
app/Http/Requests/Api/Client/Servers/Backups/DeleteBackupRequest.php
View file

@ -1,17 +0,0 @@
<?php
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Backups;
use Pterodactyl\Models\Permission;
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
class DeleteBackupRequest extends ClientApiRequest
{
/**
* @return string
*/
public function permission()
{
return Permission::ACTION_BACKUP_DELETE;
}
}

39
app/Http/Requests/Api/Client/Servers/Backups/DownloadBackupRequest.php
View file

@ -1,39 +0,0 @@
<?php
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Backups;
use Pterodactyl\Models\Backup;
use Pterodactyl\Models\Server;
use Pterodactyl\Models\Permission;
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
class DownloadBackupRequest extends ClientApiRequest
{
/**
* @return string
*/
public function permission()
{
return Permission::ACTION_BACKUP_DOWNLOAD;
}
/**
* Ensure that this backup belongs to the server that is also present in the
* request.
*/
public function resourceExists(): bool
{
/** @var \Pterodactyl\Models\Server|mixed $server */
$server = $this->route()->parameter('server');
/** @var \Pterodactyl\Models\Backup|mixed $backup */
$backup = $this->route()->parameter('backup');
if ($server instanceof Server && $backup instanceof Backup) {
if ($server->exists && $backup->exists && $server->id === $backup->server_id) {
return true;
}
}
return false;
}
}

17
app/Http/Requests/Api/Client/Servers/Backups/GetBackupsRequest.php
View file

@ -1,17 +0,0 @@
<?php
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Backups;
use Pterodactyl\Models\Permission;
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
class GetBackupsRequest extends ClientApiRequest
{
/**
* @return string
*/
public function permission()
{
return Permission::ACTION_BACKUP_READ;
}
}