StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add support for tracking more SFTP specific events

Browse source
This commit is contained in:
DaneEveritt 2022-07-09 19:30:38 -04:00
parent 2e01891074
commit 33ab762f5a
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
5 changed files with 38 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

21
app/Http/Controllers/Api/Remote/SftpAuthenticationController.php
View file

@ -6,6 +6,7 @@ use Illuminate\Http\Request;
use Pterodactyl\Models\User;
use Pterodactyl\Models\Server;
use Illuminate\Http\JsonResponse;
use Pterodactyl\Facades\Activity;
use Pterodactyl\Models\Permission;
use phpseclib3\Crypt\PublicKeyLoader;
use Pterodactyl\Http\Controllers\Controller;
@ -51,6 +52,8 @@ class SftpAuthenticationController extends Controller
if ($request->input('type') !== 'public_key') {
if (!password_verify($request->input('password'), $user->password)) {
Activity::event('auth:sftp.fail')->property('method', 'password')->subject($user)->log();
$this->reject($request);
}
} else {
@ -62,13 +65,29 @@ class SftpAuthenticationController extends Controller
}
if (!$key || !$user->sshKeys()->where('fingerprint', $key->getFingerprint('sha256'))->exists()) {
// We don't log here because of the way the SFTP system works. This endpoint
// will get hit for every key the user provides, which could be 4 or 5. That is
// a lot of unnecessary log noise.
//
// For now, we'll only log failures due to a bad password as those are not likely
// to occur more than once in a session for the user, and are more likely to be of
// value to the end user.
$this->reject($request, is_null($key));
}
}
$this->validateSftpAccess($user, $server);
Activity::event('auth:sftp.success')->actor($user)
->subject($user)
->property(array_filter([
'method' => isset($key) ? 'ssh_key' : 'password',
'fingerprint' => isset($key) ? 'SHA256:' . $key->getFingerprint('sha256') : null,
]))
->log();
return new JsonResponse([
'user' => $user->uuid,
'server' => $server->uuid,
'permissions' => $this->permissions->handle($server, $user),
]);
@ -136,6 +155,8 @@ class SftpAuthenticationController extends Controller
$permissions = $this->permissions->handle($server, $user);
if (!in_array(Permission::ACTION_FILE_SFTP, $permissions)) {
Activity::event('server:sftp.denied')->actor($user)->subject($server)->log();
throw new HttpForbiddenException('You do not have permission to access SFTP for this server.');
}
}