Add database password rotation to view

2019-07-27 15:17:50 -07:00 · 2019-07-27 15:17:50 -07:00 · 48c39abfcb
commit 48c39abfcb
parent f6ee885f26
11 changed files with 178 additions and 6 deletions
--- a/app/Http/Controllers/Api/Client/Servers/DatabaseController.php
+++ b/app/Http/Controllers/Api/Client/Servers/DatabaseController.php
@ -2,9 +2,11 @@

 namespace Pterodactyl\Http\Controllers\Api\Client\Servers;

+use Illuminate\Support\Str;
 use Illuminate\Http\Response;
 use Pterodactyl\Models\Server;
 use Pterodactyl\Models\Database;
+use Pterodactyl\Services\Databases\DatabasePasswordService;
 use Pterodactyl\Transformers\Api\Client\DatabaseTransformer;
 use Pterodactyl\Services\Databases\DatabaseManagementService;
 use Pterodactyl\Services\Databases\DeployServerDatabaseService;
@ -13,6 +15,7 @@ use Pterodactyl\Contracts\Repository\DatabaseRepositoryInterface;
 use Pterodactyl\Http\Requests\Api\Client\Servers\Databases\GetDatabasesRequest;
 use Pterodactyl\Http\Requests\Api\Client\Servers\Databases\StoreDatabaseRequest;
 use Pterodactyl\Http\Requests\Api\Client\Servers\Databases\DeleteDatabaseRequest;
+use Pterodactyl\Http\Requests\Api\Client\Servers\Databases\RotatePasswordRequest;

 class DatabaseController extends ClientApiController
 {
@ -31,15 +34,22 @@ class DatabaseController extends ClientApiController
     */
    private $managementService;

+    /**
+     * @var \Pterodactyl\Services\Databases\DatabasePasswordService
+     */
+    private $passwordService;
+
    /**
     * DatabaseController constructor.
     *
     * @param \Pterodactyl\Services\Databases\DatabaseManagementService     $managementService
+     * @param \Pterodactyl\Services\Databases\DatabasePasswordService       $passwordService
     * @param \Pterodactyl\Contracts\Repository\DatabaseRepositoryInterface $repository
     * @param \Pterodactyl\Services\Databases\DeployServerDatabaseService   $deployDatabaseService
     */
    public function __construct(
        DatabaseManagementService $managementService,
+        DatabasePasswordService $passwordService,
        DatabaseRepositoryInterface $repository,
        DeployServerDatabaseService $deployDatabaseService
    ) {
@ -48,6 +58,7 @@ class DatabaseController extends ClientApiController
        $this->deployDatabaseService = $deployDatabaseService;
        $this->repository = $repository;
        $this->managementService = $managementService;
+        $this->passwordService = $passwordService;
    }

    /**
@ -81,6 +92,30 @@ class DatabaseController extends ClientApiController
            ->toArray();
    }

+    /**
+     * Rotates the password for the given server model and returns a fresh instance to
+     * the caller.
+     *
+     * @param \Pterodactyl\Http\Requests\Api\Client\Servers\Databases\RotatePasswordRequest $request
+     * @return array
+     *
+     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
+     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
+     */
+    public function rotatePassword(RotatePasswordRequest $request)
+    {
+        $database = $request->getModel(Database::class);
+
+        $this->passwordService->handle($database, Str::random(24));
+
+        $database->refresh();
+
+        return $this->fractal->item($database)
+            ->parseIncludes(['password'])
+            ->transformWith($this->getTransformer(DatabaseTransformer::class))
+            ->toArray();
+    }
+
    /**
     * @param \Pterodactyl\Http\Requests\Api\Client\Servers\Databases\DeleteDatabaseRequest $request
     * @return \Illuminate\Http\Response
--- a/app/Http/Requests/Api/Client/ClientApiRequest.php
+++ b/app/Http/Requests/Api/Client/ClientApiRequest.php
@ -6,6 +6,9 @@ use Pterodactyl\Models\Server;
 use Pterodactyl\Contracts\Http\ClientPermissionsRequest;
 use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;

+/**
+ * @method \Pterodactyl\Models\User user($guard = null)
+ */
 abstract class ClientApiRequest extends ApplicationApiRequest
 {
    /**
--- a/app/Http/Requests/Api/Client/Servers/Databases/RotatePasswordRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Databases/RotatePasswordRequest.php
@ -0,0 +1,19 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Client\Servers\Databases;
+
+use Pterodactyl\Models\Server;
+use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
+
+class RotatePasswordRequest extends ClientApiRequest
+{
+    /**
+     * Check that the user has permission to rotate the password.
+     *
+     * @return bool
+     */
+    public function authorize(): bool
+    {
+        return $this->user()->can('reset-db-password', $this->getModel(Server::class));
+    }
+}
--- a/app/Services/Databases/DatabasePasswordService.php
+++ b/app/Services/Databases/DatabasePasswordService.php
@ -2,6 +2,7 @@

 namespace Pterodactyl\Services\Databases;

+use Webmozart\Assert\Assert;
 use Pterodactyl\Models\Database;
 use Illuminate\Database\ConnectionInterface;
 use Illuminate\Contracts\Encryption\Encrypter;
@ -63,6 +64,8 @@ class DatabasePasswordService
    public function handle($database, string $password): bool
    {
        if (! $database instanceof Database) {
+            Assert::integerish($database);
+
            $database = $this->repository->find($database);
        }