Implement Panel changes to support internal SFTP subsystem on Daemon (#703)

2017-10-25 00:35:25 -04:00 · 2017-10-25 00:35:25 -04:00 · 058e490ec4
commit 058e490ec4
parent 57db949a9c
23 changed files with 484 additions and 247 deletions
--- a/app/Http/Controllers/API/Remote/SftpController.php
+++ b/app/Http/Controllers/API/Remote/SftpController.php
@ -0,0 +1,85 @@
+<?php
+
+namespace Pterodactyl\Http\Controllers\API\Remote;
+
+use Illuminate\Http\Request;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Auth\AuthenticationException;
+use Pterodactyl\Http\Controllers\Controller;
+use Illuminate\Foundation\Auth\ThrottlesLogins;
+use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
+use Pterodactyl\Services\Sftp\AuthenticateUsingPasswordService;
+use Pterodactyl\Http\Requests\API\Remote\SftpAuthenticationFormRequest;
+
+class SftpController extends Controller
+{
+    use ThrottlesLogins;
+
+    /**
+     * @var \Pterodactyl\Services\Sftp\AuthenticateUsingPasswordService
+     */
+    private $authenticationService;
+
+    /**
+     * SftpController constructor.
+     *
+     * @param \Pterodactyl\Services\Sftp\AuthenticateUsingPasswordService $authenticationService
+     */
+    public function __construct(AuthenticateUsingPasswordService $authenticationService)
+    {
+        $this->authenticationService = $authenticationService;
+    }
+
+    /**
+     * Authenticate a set of credentials and return the associated server details
+     * for a SFTP connection on the daemon.
+     *
+     * @param \Pterodactyl\Http\Requests\API\Remote\SftpAuthenticationFormRequest $request
+     * @return \Illuminate\Http\JsonResponse
+     *
+     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
+     */
+    public function index(SftpAuthenticationFormRequest $request): JsonResponse
+    {
+        $connection = explode('.', $request->input('username'));
+        $this->incrementLoginAttempts($request);
+
+        if ($this->hasTooManyLoginAttempts($request)) {
+            return response()->json([
+                'error' => 'Logins throttled.',
+            ], 429);
+        }
+
+        try {
+            $data = $this->authenticationService->handle(
+                array_get($connection, 0),
+                $request->input('password'),
+                object_get($request->attributes->get('node'), 'id', 0),
+                array_get($connection, 1)
+            );
+
+            $this->clearLoginAttempts($request);
+        } catch (AuthenticationException $exception) {
+            return response()->json([
+                'error' => 'Invalid credentials.',
+            ], 403);
+        } catch (RecordNotFoundException $exception) {
+            return response()->json([
+                'error' => 'Invalid server.',
+            ], 404);
+        }
+
+        return response()->json($data);
+    }
+
+    /**
+     * Get the throttle key for the given request.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @return string
+     */
+    protected function throttleKey(Request $request)
+    {
+        return strtolower(array_get(explode('.', $request->input('username')), 0) . '|' . $request->ip());
+    }
+}
--- a/app/Http/Controllers/Server/Settings/SftpController.php
+++ b/app/Http/Controllers/Server/Settings/SftpController.php
@ -0,0 +1,26 @@
+<?php
+
+namespace Pterodactyl\Http\Controllers\Server\Settings;
+
+use Illuminate\View\View;
+use Illuminate\Http\Request;
+use Pterodactyl\Http\Controllers\Controller;
+use Pterodactyl\Traits\Controllers\JavascriptInjection;
+
+class SftpController extends Controller
+{
+    use JavascriptInjection;
+
+    /**
+     * Render the server SFTP settings page.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @return \Illuminate\View\View
+     */
+    public function index(Request $request): View
+    {
+        $this->setRequest($request)->injectJavascript();
+
+        return view('server.settings.sftp');
+    }
+}
--- a/app/Http/Middleware/Daemon/DaemonAuthenticate.php
+++ b/app/Http/Middleware/Daemon/DaemonAuthenticate.php
@ -75,7 +75,7 @@ class DaemonAuthenticate
            throw new HttpException(403);
        }

-        $request->attributes->set('node.model', $node);
+        $request->attributes->set('node', $node);

        return $next($request);
    }
--- a/app/Http/Requests/API/Remote/SftpAuthenticationFormRequest.php
+++ b/app/Http/Requests/API/Remote/SftpAuthenticationFormRequest.php
@ -0,0 +1,44 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\API\Remote;
+
+use Pterodactyl\Http\Requests\Request;
+
+class SftpAuthenticationFormRequest extends Request
+{
+    /**
+     * Authenticate the request.
+     *
+     * @return bool
+     */
+    public function authorize()
+    {
+        return true;
+    }
+
+    /**
+     * Rules to apply to the request.
+     *
+     * @return array
+     */
+    public function rules()
+    {
+        return [
+            'username' => 'required|string',
+            'password' => 'required|string',
+        ];
+    }
+
+    /**
+     * Return only the fields that we are interested in from the request.
+     * This will include empty fields as a null value.
+     *
+     * @return array
+     */
+    public function normalize()
+    {
+        return $this->only(
+            array_keys($this->rules())
+        );
+    }
+}