287 lines
9.6 KiB
PHP
287 lines
9.6 KiB
PHP
<?php
|
|
|
|
namespace Pterodactyl\Exceptions;
|
|
|
|
use Exception;
|
|
use Throwable;
|
|
use PDOException;
|
|
use Psr\Log\LoggerInterface;
|
|
use Swift_TransportException;
|
|
use Illuminate\Container\Container;
|
|
use Illuminate\Database\Connection;
|
|
use Illuminate\Auth\AuthenticationException;
|
|
use Illuminate\Session\TokenMismatchException;
|
|
use Illuminate\Validation\ValidationException;
|
|
use Illuminate\Auth\Access\AuthorizationException;
|
|
use Illuminate\Database\Eloquent\ModelNotFoundException;
|
|
use Symfony\Component\HttpKernel\Exception\HttpException;
|
|
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
|
|
use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
|
|
use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
|
|
|
|
class Handler extends ExceptionHandler
|
|
{
|
|
/**
|
|
* Laravel's validation parser formats custom rules using the class name
|
|
* resulting in some weird rule names. This string will be parsed out and
|
|
* replaced with 'p_' in the response code.
|
|
*/
|
|
private const PTERODACTYL_RULE_STRING = 'pterodactyl\_rules\_';
|
|
|
|
/**
|
|
* A list of the exception types that should not be reported.
|
|
*
|
|
* @var array
|
|
*/
|
|
protected $dontReport = [
|
|
AuthenticationException::class,
|
|
AuthorizationException::class,
|
|
HttpException::class,
|
|
ModelNotFoundException::class,
|
|
RecordNotFoundException::class,
|
|
TokenMismatchException::class,
|
|
ValidationException::class,
|
|
];
|
|
|
|
/**
|
|
* A list of exceptions that should be logged with cleaned stack
|
|
* traces to avoid exposing credentials or other sensitive information.
|
|
*
|
|
* @var array
|
|
*/
|
|
protected $cleanStacks = [
|
|
PDOException::class,
|
|
Swift_TransportException::class,
|
|
];
|
|
|
|
/**
|
|
* A list of the inputs that are never flashed for validation exceptions.
|
|
*
|
|
* @var array
|
|
*/
|
|
protected $dontFlash = [
|
|
'token',
|
|
'secret',
|
|
'password',
|
|
'password_confirmation',
|
|
];
|
|
|
|
/**
|
|
* Report or log an exception. Skips Laravel's internal reporter since we
|
|
* don't need or want the user information in our logs by default.
|
|
*
|
|
* If you want to implement logging in a different format to integrate with
|
|
* services such as AWS Cloudwatch or other monitoring you can replace the
|
|
* contents of this function with a call to the parent reporter.
|
|
*
|
|
* @param \Throwable $exception
|
|
* @return mixed
|
|
*
|
|
* @throws \Throwable
|
|
*/
|
|
public function report(Throwable $exception)
|
|
{
|
|
if (! config('app.exceptions.report_all', false) && $this->shouldntReport($exception)) {
|
|
return null;
|
|
}
|
|
|
|
if (method_exists($exception, 'report')) {
|
|
return $exception->report();
|
|
}
|
|
|
|
try {
|
|
$logger = $this->container->make(LoggerInterface::class);
|
|
} catch (Exception $ex) {
|
|
throw $exception;
|
|
}
|
|
|
|
foreach ($this->cleanStacks as $class) {
|
|
if ($exception instanceof $class) {
|
|
$exception = $this->generateCleanedExceptionStack($exception);
|
|
break;
|
|
}
|
|
}
|
|
|
|
return $logger->error($exception);
|
|
}
|
|
|
|
private function generateCleanedExceptionStack(Throwable $exception)
|
|
{
|
|
$cleanedStack = '';
|
|
foreach ($exception->getTrace() as $index => $item) {
|
|
$cleanedStack .= sprintf(
|
|
"#%d %s(%d): %s%s%s\n",
|
|
$index,
|
|
array_get($item, 'file'),
|
|
array_get($item, 'line'),
|
|
array_get($item, 'class'),
|
|
array_get($item, 'type'),
|
|
array_get($item, 'function')
|
|
);
|
|
}
|
|
|
|
$message = sprintf(
|
|
'%s: %s in %s:%d',
|
|
class_basename($exception),
|
|
$exception->getMessage(),
|
|
$exception->getFile(),
|
|
$exception->getLine()
|
|
);
|
|
|
|
return $message . "\nStack trace:\n" . trim($cleanedStack);
|
|
}
|
|
|
|
/**
|
|
* Render an exception into an HTTP response.
|
|
*
|
|
* @param \Illuminate\Http\Request $request
|
|
* @param \Throwable $exception
|
|
* @return \Symfony\Component\HttpFoundation\Response
|
|
*
|
|
* @throws \Throwable
|
|
*/
|
|
public function render($request, Throwable $exception)
|
|
{
|
|
$connections = Container::getInstance()->make(Connection::class);
|
|
|
|
// If we are currently wrapped up inside a transaction, we will roll all the way
|
|
// back to the beginning. This needs to happen, otherwise session data does not
|
|
// get properly persisted.
|
|
//
|
|
// This is kind of a hack, and ideally things like this should be handled as
|
|
// much as possible at the code level, but there are a lot of spots that do a
|
|
// ton of actions and were written before this bug discovery was made.
|
|
//
|
|
// @see https://github.com/pterodactyl/panel/pull/1468
|
|
if ($connections->transactionLevel()) {
|
|
$connections->rollBack(0);
|
|
}
|
|
|
|
return parent::render($request, $exception);
|
|
}
|
|
|
|
/**
|
|
* Transform a validation exception into a consistent format to be returned for
|
|
* calls to the API.
|
|
*
|
|
* @param \Illuminate\Http\Request $request
|
|
* @param \Illuminate\Validation\ValidationException $exception
|
|
* @return \Illuminate\Http\JsonResponse
|
|
*/
|
|
public function invalidJson($request, ValidationException $exception)
|
|
{
|
|
$codes = collect($exception->validator->failed())->mapWithKeys(function ($reasons, $field) {
|
|
$cleaned = [];
|
|
foreach ($reasons as $reason => $attrs) {
|
|
$cleaned[] = snake_case($reason);
|
|
}
|
|
|
|
return [str_replace('.', '_', $field) => $cleaned];
|
|
})->toArray();
|
|
|
|
$errors = collect($exception->errors())->map(function ($errors, $field) use ($codes, $exception) {
|
|
$response = [];
|
|
foreach ($errors as $key => $error) {
|
|
$meta = [
|
|
'source_field' => $field,
|
|
'rule' => str_replace(self::PTERODACTYL_RULE_STRING, 'p_', array_get(
|
|
$codes, str_replace('.', '_', $field) . '.' . $key
|
|
)),
|
|
];
|
|
|
|
$converted = self::convertToArray($exception)['errors'][0];
|
|
$converted['detail'] = $error;
|
|
$converted['meta'] = is_array($converted['meta'] ?? null) ? array_merge($converted['meta'], $meta) : $meta;
|
|
|
|
$response[] = $converted;
|
|
}
|
|
|
|
return $response;
|
|
})->flatMap(function ($errors) {
|
|
return $errors;
|
|
})->toArray();
|
|
|
|
return response()->json(['errors' => $errors], $exception->status);
|
|
}
|
|
|
|
/**
|
|
* Return the exception as a JSONAPI representation for use on API requests.
|
|
*
|
|
* @param \Throwable $exception
|
|
* @param array $override
|
|
* @return array
|
|
*/
|
|
public static function convertToArray(Throwable $exception, array $override = []): array
|
|
{
|
|
$error = [
|
|
'code' => class_basename($exception),
|
|
'status' => method_exists($exception, 'getStatusCode')
|
|
? strval($exception->getStatusCode())
|
|
: ($exception instanceof ValidationException ? '422' : '500'),
|
|
'detail' => $exception instanceof HttpExceptionInterface
|
|
? $exception->getMessage()
|
|
: 'An unexpected error was ecnountered while processing this request, please try again.',
|
|
];
|
|
|
|
if ($exception instanceof ModelNotFoundException || $exception->getPrevious() instanceof ModelNotFoundException) {
|
|
// Show a nicer error message compared to the standard "No query results for model"
|
|
// response that is normally returned. If we are in debug mode this will get overwritten
|
|
// with a more specific error message to help narrow down things.
|
|
$error['detail'] = 'The requested resource could not be found on the server.';
|
|
}
|
|
|
|
if (config('app.debug')) {
|
|
$error = array_merge($error, [
|
|
'detail' => $exception->getMessage(),
|
|
'source' => [
|
|
'line' => $exception->getLine(),
|
|
'file' => str_replace(base_path(), '', $exception->getFile()),
|
|
],
|
|
'meta' => [
|
|
'trace' => explode("\n", $exception->getTraceAsString()),
|
|
],
|
|
]);
|
|
}
|
|
|
|
return ['errors' => [array_merge($error, $override)]];
|
|
}
|
|
|
|
/**
|
|
* Return an array of exceptions that should not be reported.
|
|
*
|
|
* @param \Exception $exception
|
|
* @return bool
|
|
*/
|
|
public static function isReportable(Exception $exception): bool
|
|
{
|
|
return (new static(Container::getInstance()))->shouldReport($exception);
|
|
}
|
|
|
|
/**
|
|
* Convert an authentication exception into an unauthenticated response.
|
|
*
|
|
* @param \Illuminate\Http\Request $request
|
|
* @param \Illuminate\Auth\AuthenticationException $exception
|
|
* @return \Illuminate\Http\Response
|
|
*/
|
|
protected function unauthenticated($request, AuthenticationException $exception)
|
|
{
|
|
if ($request->expectsJson()) {
|
|
return response()->json(self::convertToArray($exception), 401);
|
|
}
|
|
|
|
return redirect()->guest(route('auth.login'));
|
|
}
|
|
|
|
/**
|
|
* Converts an exception into an array to render in the response. Overrides
|
|
* Laravel's built-in converter to output as a JSONAPI spec compliant object.
|
|
*
|
|
* @param \Throwable $exception
|
|
* @return array
|
|
*/
|
|
protected function convertExceptionToArray(Throwable $exception)
|
|
{
|
|
return self::convertToArray($exception);
|
|
}
|
|
}
|