Update allocations to support ids; protect endpoints; support notes

2020-07-09 20:36:08 -07:00 · 2020-07-09 20:36:08 -07:00 · 2278927fb6
commit 2278927fb6
parent 9c3b9a0fae
19 changed files with 217 additions and 62 deletions
--- a/app/Http/Controllers/Api/Client/Servers/NetworkAllocationController.php
+++ b/app/Http/Controllers/Api/Client/Servers/NetworkAllocationController.php
@ -3,16 +3,19 @@
 namespace Pterodactyl\Http\Controllers\Api\Client\Servers;

 use Pterodactyl\Models\Server;
+use Illuminate\Http\JsonResponse;
+use Pterodactyl\Models\Allocation;
 use Pterodactyl\Exceptions\DisplayException;
 use Pterodactyl\Repositories\Eloquent\ServerRepository;
-use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Pterodactyl\Repositories\Eloquent\AllocationRepository;
 use Pterodactyl\Transformers\Api\Client\AllocationTransformer;
 use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
 use Pterodactyl\Http\Requests\Api\Client\Servers\Network\GetNetworkRequest;
+use Pterodactyl\Http\Requests\Api\Client\Servers\Network\DeleteAllocationRequest;
+use Pterodactyl\Http\Requests\Api\Client\Servers\Network\UpdateAllocationRequest;
 use Pterodactyl\Http\Requests\Api\Client\Servers\Network\SetPrimaryAllocationRequest;

-class NetworkController extends ClientApiController
+class NetworkAllocationController extends ClientApiController
 {
    /**
     * @var \Pterodactyl\Repositories\Eloquent\AllocationRepository
@ -58,33 +61,67 @@ class NetworkController extends ClientApiController
    /**
     * Set the primary allocation for a server.
     *
-     * @param \Pterodactyl\Http\Requests\Api\Client\Servers\Network\SetPrimaryAllocationRequest $request
+     * @param \Pterodactyl\Http\Requests\Api\Client\Servers\Network\UpdateAllocationRequest $request
     * @param \Pterodactyl\Models\Server $server
+     * @param \Pterodactyl\Models\Allocation $allocation
     * @return array
     *
-     * @throws \Pterodactyl\Exceptions\DisplayException
-     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
+     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
     */
-    public function storePrimary(SetPrimaryAllocationRequest $request, Server $server): array
+    public function update(UpdateAllocationRequest $request, Server $server, Allocation $allocation): array
    {
-        try {
-            /** @var \Pterodactyl\Models\Allocation $allocation */
-            $allocation = $this->repository->findFirstWhere([
-                'server_id' => $server->id,
-                'ip' => $request->input('ip'),
-                'port' => $request->input('port'),
-            ]);
-        } catch (ModelNotFoundException $exception) {
-            throw new DisplayException(
-                'The IP and port you selected are not available for this server.'
-            );
-        }
+        $allocation = $this->repository->update($allocation->id, [
+            'notes' => $request->input('notes'),
+        ]);

+        return $this->fractal->item($allocation)
+            ->transformWith($this->getTransformer(AllocationTransformer::class))
+            ->toArray();
+    }
+
+    /**
+     * Set the primary allocation for a server.
+     *
+     * @param \Pterodactyl\Http\Requests\Api\Client\Servers\Network\SetPrimaryAllocationRequest $request
+     * @param \Pterodactyl\Models\Server $server
+     * @param \Pterodactyl\Models\Allocation $allocation
+     * @return array
+     *
+     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
+     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
+     */
+    public function setPrimary(SetPrimaryAllocationRequest $request, Server $server, Allocation $allocation): array
+    {
        $this->serverRepository->update($server->id, ['allocation_id' => $allocation->id]);

        return $this->fractal->item($allocation)
            ->transformWith($this->getTransformer(AllocationTransformer::class))
            ->toArray();
    }
+
+    /**
+     * Delete an allocation from a server.
+     *
+     * @param \Pterodactyl\Http\Requests\Api\Client\Servers\Network\DeleteAllocationRequest $request
+     * @param \Pterodactyl\Models\Server $server
+     * @param \Pterodactyl\Models\Allocation $allocation
+     * @return \Illuminate\Http\JsonResponse
+     *
+     * @throws \Pterodactyl\Exceptions\DisplayException
+     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
+     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
+     */
+    public function delete(DeleteAllocationRequest $request, Server $server, Allocation $allocation)
+    {
+        if ($allocation->id === $server->allocation_id) {
+            throw new DisplayException(
+                'Cannot delete the primary allocation for a server.'
+            );
+        }
+
+        $this->repository->update($allocation->id, ['server_id' => null, 'notes' => null]);
+
+        return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
+    }
 }
--- a/app/Http/Middleware/Api/Client/Server/AllocationBelongsToServer.php
+++ b/app/Http/Middleware/Api/Client/Server/AllocationBelongsToServer.php
@ -0,0 +1,33 @@
+<?php
+
+namespace Pterodactyl\Http\Middleware\Api\Client\Server;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+
+class AllocationBelongsToServer
+{
+    /**
+     * Ensure that the allocation found in the URL belongs to the server being queried.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure $next
+     * @return mixed
+     *
+     * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        /** @var \Pterodactyl\Models\Server $server */
+        $server = $request->route()->parameter('server');
+        /** @var \Pterodactyl\Models\Allocation|null $allocation */
+        $allocation = $request->route()->parameter('allocation');
+
+        if ($allocation && $allocation->server_id !== $server->id) {
+            throw new NotFoundHttpException;
+        }
+
+        return $next($request);
+    }
+}
--- a/app/Http/Middleware/Api/Client/SubstituteClientApiBindings.php
+++ b/app/Http/Middleware/Api/Client/SubstituteClientApiBindings.php
@ -4,12 +4,12 @@ namespace Pterodactyl\Http\Middleware\Api\Client;

 use Closure;
 use Pterodactyl\Models\Backup;
+use Pterodactyl\Models\Database;
 use Illuminate\Container\Container;
 use Pterodactyl\Contracts\Extensions\HashidsInterface;
 use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings;
 use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
 use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
-use Pterodactyl\Contracts\Repository\DatabaseRepositoryInterface;

 class SubstituteClientApiBindings extends ApiSubstituteBindings
 {
@ -43,17 +43,9 @@ class SubstituteClientApiBindings extends ApiSubstituteBindings
        });

        $this->router->bind('database', function ($value) use ($request) {
-            try {
-                $id = Container::getInstance()->make(HashidsInterface::class)->decodeFirst($value);
+            $id = Container::getInstance()->make(HashidsInterface::class)->decodeFirst($value);

-                return Container::getInstance()->make(DatabaseRepositoryInterface::class)->findFirstWhere([
-                    ['id', '=', $id],
-                ]);
-            } catch (RecordNotFoundException $exception) {
-                $request->attributes->set('is_missing_model', true);
-
-                return null;
-            }
+            return Database::query()->where('id', $id)->firstOrFail();
        });

        $this->router->model('backup', Backup::class, function ($value) {
--- a/app/Http/Requests/Api/Client/Servers/Network/DeleteAllocationRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Network/DeleteAllocationRequest.php
@ -0,0 +1,17 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Client\Servers\Network;
+
+use Pterodactyl\Models\Permission;
+use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
+
+class DeleteAllocationRequest extends ClientApiRequest
+{
+    /**
+     * @return string
+     */
+    public function permission(): string
+    {
+        return Permission::ACTION_ALLOCATION_DELETE;
+    }
+}
--- a/app/Http/Requests/Api/Client/Servers/Network/SetPrimaryAllocationRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Network/SetPrimaryAllocationRequest.php
@ -2,27 +2,13 @@

 namespace Pterodactyl\Http\Requests\Api\Client\Servers\Network;

-use Pterodactyl\Models\Permission;
-use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
-
-class SetPrimaryAllocationRequest extends ClientApiRequest
+class SetPrimaryAllocationRequest extends UpdateAllocationRequest
 {
-    /**
-     * @return string
-     */
-    public function permission(): string
-    {
-        return Permission::ACTION_ALLOCIATION_UPDATE;
-    }
-
    /**
     * @return array
     */
    public function rules(): array
    {
-        return [
-            'ip' => 'required|string',
-            'port' => 'required|numeric|min:1024|max:65535',
-        ];
+        return [];
    }
 }
--- a/app/Http/Requests/Api/Client/Servers/Network/UpdateAllocationRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Network/UpdateAllocationRequest.php
@ -0,0 +1,28 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Client\Servers\Network;
+
+use Pterodactyl\Models\Allocation;
+use Pterodactyl\Models\Permission;
+use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
+
+class UpdateAllocationRequest extends ClientApiRequest
+{
+    /**
+     * @return string
+     */
+    public function permission(): string
+    {
+        return Permission::ACTION_ALLOCATION_UPDATE;
+    }
+
+    /**
+     * @return array
+     */
+    public function rules(): array
+    {
+        return [
+            'notes' => Allocation::$validationRules['notes'],
+        ];
+    }
+}