Merge branch 'develop' into matthewpi/security-keys-backport
This commit is contained in:
Matthew Penner
commit
f631ac1946
1153 changed files with 25099 additions and 37002 deletions
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http\Middleware\Activity;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Pterodactyl\Facades\LogTarget;
|
||||
|
||||
|
|
@ -12,7 +11,7 @@ class AccountSubject
|
|||
* Sets the actor and default subject for all requests passing through this
|
||||
* middleware to be the currently logged in user.
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
public function handle(Request $request, \Closure $next)
|
||||
{
|
||||
LogTarget::setActor($request->user());
|
||||
LogTarget::setSubject($request->user());
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http\Middleware\Activity;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Facades\LogTarget;
|
||||
|
|
@ -17,7 +16,7 @@ class ServerSubject
|
|||
* If no server is found this is a no-op as the activity log service can always
|
||||
* set the user based on the authmanager response.
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
public function handle(Request $request, \Closure $next)
|
||||
{
|
||||
$server = $request->route()->parameter('server');
|
||||
if ($server instanceof Server) {
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http\Middleware\Activity;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Pterodactyl\Models\ApiKey;
|
||||
use Pterodactyl\Facades\LogTarget;
|
||||
|
|
@ -15,7 +14,7 @@ class TrackAPIKey
|
|||
* request singleton so that all tracked activity log events are properly associated
|
||||
* with the given API key.
|
||||
*/
|
||||
public function handle(Request $request, Closure $next): mixed
|
||||
public function handle(Request $request, \Closure $next): mixed
|
||||
{
|
||||
if ($request->user()) {
|
||||
$token = $request->user()->currentAccessToken();
|
||||
|
|
|
|||
|
|
@ -1,32 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Middleware\Admin\Servers;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Http\Response;
|
||||
use Pterodactyl\Models\Server;
|
||||
use Symfony\Component\HttpKernel\Exception\HttpException;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
|
||||
class ServerInstalled
|
||||
{
|
||||
/**
|
||||
* Checks that the server is installed before allowing access through the route.
|
||||
*/
|
||||
public function handle(Request $request, Closure $next): mixed
|
||||
{
|
||||
/** @var \Pterodactyl\Models\Server|null $server */
|
||||
$server = $request->route()->parameter('server');
|
||||
|
||||
if (!$server instanceof Server) {
|
||||
throw new NotFoundHttpException('No server resource was located in the request parameters.');
|
||||
}
|
||||
|
||||
if (!$server->isInstalled()) {
|
||||
throw new HttpException(Response::HTTP_FORBIDDEN, 'Access to this resource is not allowed due to the current installation state.');
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
||||
|
||||
|
|
@ -13,7 +12,7 @@ class AdminAuthenticate
|
|||
*
|
||||
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
|
||||
*/
|
||||
public function handle(Request $request, Closure $next): mixed
|
||||
public function handle(Request $request, \Closure $next): mixed
|
||||
{
|
||||
if (!$request->user() || !$request->user()->root_admin) {
|
||||
throw new AccessDeniedHttpException();
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http\Middleware\Api\Application;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
||||
|
||||
|
|
@ -12,7 +11,7 @@ class AuthenticateApplicationUser
|
|||
* Authenticate that the currently authenticated user is an administrator
|
||||
* and should be allowed to proceed through the application API.
|
||||
*/
|
||||
public function handle(Request $request, Closure $next): mixed
|
||||
public function handle(Request $request, \Closure $next): mixed
|
||||
{
|
||||
/** @var \Pterodactyl\Models\User|null $user */
|
||||
$user = $request->user();
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http\Middleware\Api;
|
||||
|
||||
use Closure;
|
||||
use IPTools\IP;
|
||||
use IPTools\Range;
|
||||
use Illuminate\Http\Request;
|
||||
|
|
@ -18,7 +17,7 @@ class AuthenticateIPAccess
|
|||
* @throws \Exception
|
||||
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
|
||||
*/
|
||||
public function handle(Request $request, Closure $next): mixed
|
||||
public function handle(Request $request, \Closure $next): mixed
|
||||
{
|
||||
/** @var \Laravel\Sanctum\TransientToken|\Pterodactyl\Models\ApiKey $token */
|
||||
$token = $request->user()->currentAccessToken();
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http\Middleware\Api\Client\Server;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Pterodactyl\Models\Server;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
|
|
@ -27,7 +26,7 @@ class AuthenticateServerAccess
|
|||
/**
|
||||
* Authenticate that this server exists and is not suspended or marked as installing.
|
||||
*/
|
||||
public function handle(Request $request, Closure $next): mixed
|
||||
public function handle(Request $request, \Closure $next): mixed
|
||||
{
|
||||
/** @var \Pterodactyl\Models\User $user */
|
||||
$user = $request->user();
|
||||
|
|
@ -53,7 +52,7 @@ class AuthenticateServerAccess
|
|||
// Still allow users to get information about their server if it is installing or
|
||||
// being transferred.
|
||||
if (!$request->routeIs('api:client:server.view')) {
|
||||
if ($server->isSuspended() && !$request->routeIs('api:client:server.resources')) {
|
||||
if (($server->isSuspended() || $server->node->isUnderMaintenance()) && !$request->routeIs('api:client:server.resources')) {
|
||||
throw $exception;
|
||||
}
|
||||
if (!$user->root_admin || !$request->routeIs($this->except)) {
|
||||
|
|
|
|||
|
|
@ -2,11 +2,9 @@
|
|||
|
||||
namespace Pterodactyl\Http\Middleware\Api\Client\Server;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Pterodactyl\Models\Task;
|
||||
use Pterodactyl\Models\User;
|
||||
use InvalidArgumentException;
|
||||
use Pterodactyl\Models\Backup;
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Models\Subuser;
|
||||
|
|
@ -26,14 +24,14 @@ class ResourceBelongsToServer
|
|||
* server that is expected, and that we're not accessing a resource completely
|
||||
* unrelated to the server provided in the request.
|
||||
*/
|
||||
public function handle(Request $request, Closure $next): mixed
|
||||
public function handle(Request $request, \Closure $next): mixed
|
||||
{
|
||||
$params = $request->route()->parameters();
|
||||
if (is_null($params) || !$params['server'] instanceof Server) {
|
||||
throw new InvalidArgumentException('This middleware cannot be used in a context that is missing a server in the parameters.');
|
||||
if (!$params['server'] instanceof Server) {
|
||||
throw new \InvalidArgumentException('This middleware cannot be used in a context that is missing a server in the parameters.');
|
||||
}
|
||||
|
||||
/** @var \Pterodactyl\Models\Server $server */
|
||||
/** @var Server $server */
|
||||
$server = $request->route()->parameter('server');
|
||||
$exception = new NotFoundHttpException('The requested resource was not found for this server.');
|
||||
foreach ($params as $key => $model) {
|
||||
|
|
@ -45,6 +43,7 @@ class ResourceBelongsToServer
|
|||
continue;
|
||||
}
|
||||
|
||||
/** @var Allocation|Backup|Database|Schedule|Subuser $model */
|
||||
switch (get_class($model)) {
|
||||
// All of these models use "server_id" as the field key for the server
|
||||
// they are assigned to, so the logic is identical for them all.
|
||||
|
|
@ -71,6 +70,7 @@ class ResourceBelongsToServer
|
|||
// Tasks are special since they're (currently) the only item in the API
|
||||
// that requires something in addition to the server in order to be accessed.
|
||||
case Task::class:
|
||||
/** @var Schedule $schedule */
|
||||
$schedule = $request->route()->parameter('schedule');
|
||||
if ($model->schedule_id !== $schedule->id || $schedule->server_id !== $server->id) {
|
||||
throw $exception;
|
||||
|
|
@ -79,7 +79,7 @@ class ResourceBelongsToServer
|
|||
default:
|
||||
// Don't return a 404 here since we want to make sure no one relies
|
||||
// on this middleware in a context in which it will not work. Fail safe.
|
||||
throw new InvalidArgumentException('There is no handler configured for a resource of this type: ' . get_class($model));
|
||||
throw new \InvalidArgumentException('There is no handler configured for a resource of this type: ' . get_class($model));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http\Middleware\Api\Client;
|
||||
|
||||
use Closure;
|
||||
use Pterodactyl\Models\Server;
|
||||
use Illuminate\Routing\Middleware\SubstituteBindings;
|
||||
|
||||
|
|
@ -11,7 +10,7 @@ class SubstituteClientBindings extends SubstituteBindings
|
|||
/**
|
||||
* @param \Illuminate\Http\Request $request
|
||||
*/
|
||||
public function handle($request, Closure $next): mixed
|
||||
public function handle($request, \Closure $next): mixed
|
||||
{
|
||||
// Override default behavior of the model binding to use a specific table
|
||||
// column rather than the default 'id'.
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http\Middleware\Api\Daemon;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Contracts\Encryption\Encrypter;
|
||||
use Pterodactyl\Repositories\Eloquent\NodeRepository;
|
||||
|
|
@ -32,7 +31,7 @@ class DaemonAuthenticate
|
|||
*
|
||||
* @throws \Symfony\Component\HttpKernel\Exception\HttpException
|
||||
*/
|
||||
public function handle(Request $request, Closure $next): mixed
|
||||
public function handle(Request $request, \Closure $next): mixed
|
||||
{
|
||||
if (in_array($request->route()->getName(), $this->except)) {
|
||||
return $next($request);
|
||||
|
|
|
|||
|
|
@ -2,8 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http\Middleware\Api;
|
||||
|
||||
use Closure;
|
||||
use JsonException;
|
||||
use Illuminate\Http\Request;
|
||||
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
|
||||
|
||||
|
|
@ -14,12 +12,12 @@ class IsValidJson
|
|||
* parsing the data. This avoids confusing validation errors where every field is flagged and
|
||||
* it is not immediately clear that there is an issue with the JSON being passed.
|
||||
*/
|
||||
public function handle(Request $request, Closure $next): mixed
|
||||
public function handle(Request $request, \Closure $next): mixed
|
||||
{
|
||||
if ($request->isJson() && !empty($request->getContent())) {
|
||||
try {
|
||||
json_decode($request->getContent(), true, 512, JSON_THROW_ON_ERROR);
|
||||
} catch (JsonException $exception) {
|
||||
} catch (\JsonException $exception) {
|
||||
throw new BadRequestHttpException('The JSON data passed in the request appears to be malformed: ' . $exception->getMessage());
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Foundation\Application;
|
||||
|
||||
|
|
@ -18,7 +17,7 @@ class LanguageMiddleware
|
|||
/**
|
||||
* Handle an incoming request and set the user's preferred language.
|
||||
*/
|
||||
public function handle(Request $request, Closure $next): mixed
|
||||
public function handle(Request $request, \Closure $next): mixed
|
||||
{
|
||||
$this->app->setLocale($request->user()->language ?? config('app.locale', 'en'));
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Contracts\Routing\ResponseFactory;
|
||||
|
||||
|
|
@ -18,7 +17,7 @@ class MaintenanceMiddleware
|
|||
/**
|
||||
* Handle an incoming request.
|
||||
*/
|
||||
public function handle(Request $request, Closure $next): mixed
|
||||
public function handle(Request $request, \Closure $next): mixed
|
||||
{
|
||||
/** @var \Pterodactyl\Models\Server $server */
|
||||
$server = $request->attributes->get('server');
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Auth\AuthManager;
|
||||
|
||||
|
|
@ -18,7 +17,7 @@ class RedirectIfAuthenticated
|
|||
/**
|
||||
* Handle an incoming request.
|
||||
*/
|
||||
public function handle(Request $request, Closure $next, string $guard = null): mixed
|
||||
public function handle(Request $request, \Closure $next, string $guard = null): mixed
|
||||
{
|
||||
if ($this->authManager->guard($guard)->check()) {
|
||||
return redirect()->route('index');
|
||||
|
|
|
|||
|
|
@ -2,10 +2,9 @@
|
|||
|
||||
namespace Pterodactyl\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Support\Str;
|
||||
use Illuminate\Http\Request;
|
||||
use Prologue\Alerts\AlertsMessageBag;
|
||||
use Pterodactyl\Models\User;
|
||||
use Pterodactyl\Exceptions\Http\TwoFactorAuthRequiredException;
|
||||
|
||||
class RequireTwoFactorAuthentication
|
||||
|
|
@ -19,13 +18,6 @@ class RequireTwoFactorAuthentication
|
|||
*/
|
||||
protected string $redirectRoute = '/account';
|
||||
|
||||
/**
|
||||
* RequireTwoFactorAuthentication constructor.
|
||||
*/
|
||||
public function __construct(private AlertsMessageBag $alert)
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* Check the user state on the incoming request to determine if they should be allowed to
|
||||
* proceed or not. This checks if the Panel is configured to require 2FA on an account in
|
||||
|
|
@ -34,14 +26,19 @@ class RequireTwoFactorAuthentication
|
|||
*
|
||||
* @throws \Pterodactyl\Exceptions\Http\TwoFactorAuthRequiredException
|
||||
*/
|
||||
public function handle(Request $request, Closure $next): mixed
|
||||
public function handle(Request $request, \Closure $next): mixed
|
||||
{
|
||||
/** @var \Pterodactyl\Models\User $user */
|
||||
/** @var User $user */
|
||||
$user = $request->user();
|
||||
$uri = rtrim($request->getRequestUri(), '/') . '/';
|
||||
$current = $request->route()->getName();
|
||||
|
||||
if (!$user || Str::startsWith($uri, ['/auth/']) || Str::startsWith($current, ['auth.', 'account.'])) {
|
||||
// Must be logged in
|
||||
if (!$user instanceof User) {
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
if (Str::startsWith($uri, ['/auth/']) || Str::startsWith($current, ['auth.', 'account.'])) {
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
|
|
@ -59,8 +56,6 @@ class RequireTwoFactorAuthentication
|
|||
throw new TwoFactorAuthRequiredException();
|
||||
}
|
||||
|
||||
$this->alert->danger(trans('auth.2fa_must_be_enabled'))->flash();
|
||||
|
||||
return redirect()->to($this->redirectRoute);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,8 +2,6 @@
|
|||
|
||||
namespace Pterodactyl\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use stdClass;
|
||||
use GuzzleHttp\Client;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Http\Response;
|
||||
|
|
@ -24,7 +22,7 @@ class VerifyReCaptcha
|
|||
/**
|
||||
* Handle an incoming request.
|
||||
*/
|
||||
public function handle(Request $request, Closure $next): mixed
|
||||
public function handle(Request $request, \Closure $next): mixed
|
||||
{
|
||||
if (!$this->config->get('recaptcha.enabled')) {
|
||||
return $next($request);
|
||||
|
|
@ -61,7 +59,7 @@ class VerifyReCaptcha
|
|||
/**
|
||||
* Determine if the response from the recaptcha servers was valid.
|
||||
*/
|
||||
private function isResponseVerified(stdClass $result, Request $request): bool
|
||||
private function isResponseVerified(\stdClass $result, Request $request): bool
|
||||
{
|
||||
if (!$this->config->get('recaptcha.verify_domain')) {
|
||||
return false;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue