Return Http test cases to a passing state
This commit is contained in:
Dane Everitt
parent
eaae74fe33
commit
536180ed0c
26 changed files with 140 additions and 1113 deletions
|
|
@ -30,10 +30,7 @@ use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
|
|||
use Pterodactyl\Http\Middleware\Server\AccessingValidServer;
|
||||
use Pterodactyl\Http\Middleware\Server\AuthenticateAsSubuser;
|
||||
use Pterodactyl\Http\Middleware\Api\Daemon\DaemonAuthenticate;
|
||||
use Pterodactyl\Http\Middleware\Server\SubuserBelongsToServer;
|
||||
use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;
|
||||
use Pterodactyl\Http\Middleware\Server\DatabaseBelongsToServer;
|
||||
use Pterodactyl\Http\Middleware\Server\ScheduleBelongsToServer;
|
||||
use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode;
|
||||
use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
|
||||
use Pterodactyl\Http\Middleware\Api\Client\SubstituteClientApiBindings;
|
||||
|
|
@ -113,14 +110,6 @@ class Kernel extends HttpKernel
|
|||
'recaptcha' => VerifyReCaptcha::class,
|
||||
'node.maintenance' => MaintenanceMiddleware::class,
|
||||
|
||||
// Server specific middleware (used for authenticating access to resources)
|
||||
//
|
||||
// These are only used for individual server authentication, and not global
|
||||
// actions from other resources. They are defined in the route files.
|
||||
'server..database' => DatabaseBelongsToServer::class,
|
||||
'server..subuser' => SubuserBelongsToServer::class,
|
||||
'server..schedule' => ScheduleBelongsToServer::class,
|
||||
|
||||
// API Specific Middleware
|
||||
'api..key' => AuthenticateKey::class,
|
||||
];
|
||||
|
|
|
|||
|
|
@ -5,8 +5,8 @@ namespace Pterodactyl\Http\Middleware\Api\Daemon;
|
|||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Contracts\Encryption\Encrypter;
|
||||
use Pterodactyl\Repositories\Eloquent\NodeRepository;
|
||||
use Symfony\Component\HttpKernel\Exception\HttpException;
|
||||
use Pterodactyl\Contracts\Repository\NodeRepositoryInterface;
|
||||
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
|
||||
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
|
||||
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
||||
|
|
@ -14,10 +14,15 @@ use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
|||
class DaemonAuthenticate
|
||||
{
|
||||
/**
|
||||
* @var \Pterodactyl\Contracts\Repository\NodeRepositoryInterface
|
||||
* @var \Pterodactyl\Repositories\Eloquent\NodeRepository
|
||||
*/
|
||||
private $repository;
|
||||
|
||||
/**
|
||||
* @var \Illuminate\Contracts\Encryption\Encrypter
|
||||
*/
|
||||
private $encrypter;
|
||||
|
||||
/**
|
||||
* Daemon routes that this middleware should be skipped on.
|
||||
*
|
||||
|
|
@ -27,18 +32,13 @@ class DaemonAuthenticate
|
|||
'daemon.configuration',
|
||||
];
|
||||
|
||||
/**
|
||||
* @var \Illuminate\Contracts\Encryption\Encrypter
|
||||
*/
|
||||
private $encrypter;
|
||||
|
||||
/**
|
||||
* DaemonAuthenticate constructor.
|
||||
*
|
||||
* @param \Illuminate\Contracts\Encryption\Encrypter $encrypter
|
||||
* @param \Pterodactyl\Contracts\Repository\NodeRepositoryInterface $repository
|
||||
* @param \Pterodactyl\Repositories\Eloquent\NodeRepository $repository
|
||||
*/
|
||||
public function __construct(Encrypter $encrypter, NodeRepositoryInterface $repository)
|
||||
public function __construct(Encrypter $encrypter, NodeRepository $repository)
|
||||
{
|
||||
$this->repository = $repository;
|
||||
$this->encrypter = $encrypter;
|
||||
|
|
|
|||
|
|
@ -1,56 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Middleware\Server;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Pterodactyl\Contracts\Repository\DatabaseRepositoryInterface;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
|
||||
class DatabaseBelongsToServer
|
||||
{
|
||||
/**
|
||||
* @var \Pterodactyl\Contracts\Repository\DatabaseRepositoryInterface
|
||||
*/
|
||||
private $repository;
|
||||
|
||||
/**
|
||||
* DatabaseAccess constructor.
|
||||
*
|
||||
* @param \Pterodactyl\Contracts\Repository\DatabaseRepositoryInterface $repository
|
||||
*/
|
||||
public function __construct(DatabaseRepositoryInterface $repository)
|
||||
{
|
||||
$this->repository = $repository;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a database being requested belongs to the currently loaded server.
|
||||
* If it does not, throw a 404 error, otherwise continue on with the request
|
||||
* and set an attribute with the database.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @return mixed
|
||||
*
|
||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
{
|
||||
$server = $request->attributes->get('server');
|
||||
$database = $request->input('database') ?? $request->route()->parameter('database');
|
||||
|
||||
if (! is_digit($database)) {
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
|
||||
$database = $this->repository->find($database);
|
||||
if (is_null($database) || $database->server_id !== $server->id) {
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
|
||||
$request->attributes->set('database', $database);
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
|
@ -1,60 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Middleware\Server;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Pterodactyl\Contracts\Extensions\HashidsInterface;
|
||||
use Pterodactyl\Contracts\Repository\ScheduleRepositoryInterface;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
|
||||
class ScheduleBelongsToServer
|
||||
{
|
||||
/**
|
||||
* @var \Pterodactyl\Contracts\Extensions\HashidsInterface
|
||||
*/
|
||||
private $hashids;
|
||||
|
||||
/**
|
||||
* @var \Pterodactyl\Contracts\Repository\ScheduleRepositoryInterface
|
||||
*/
|
||||
private $repository;
|
||||
|
||||
/**
|
||||
* TaskAccess constructor.
|
||||
*
|
||||
* @param \Pterodactyl\Contracts\Extensions\HashidsInterface $hashids
|
||||
* @param \Pterodactyl\Contracts\Repository\ScheduleRepositoryInterface $repository
|
||||
*/
|
||||
public function __construct(HashidsInterface $hashids, ScheduleRepositoryInterface $repository)
|
||||
{
|
||||
$this->hashids = $hashids;
|
||||
$this->repository = $repository;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine if a task is assigned to the active server.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @return mixed
|
||||
*
|
||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
||||
* @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
{
|
||||
$server = $request->attributes->get('server');
|
||||
|
||||
$scheduleId = $this->hashids->decodeFirst($request->route()->parameter('schedule'), 0);
|
||||
$schedule = $this->repository->getScheduleWithTasks($scheduleId);
|
||||
|
||||
if ($schedule->server_id !== $server->id) {
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
|
||||
$request->attributes->set('schedule', $schedule);
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
|
@ -1,67 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Middleware\Server;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Pterodactyl\Exceptions\DisplayException;
|
||||
use Pterodactyl\Contracts\Extensions\HashidsInterface;
|
||||
use Pterodactyl\Contracts\Repository\SubuserRepositoryInterface;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
|
||||
class SubuserBelongsToServer
|
||||
{
|
||||
/**
|
||||
* @var \Pterodactyl\Contracts\Extensions\HashidsInterface
|
||||
*/
|
||||
private $hashids;
|
||||
|
||||
/**
|
||||
* @var \Pterodactyl\Contracts\Repository\SubuserRepositoryInterface
|
||||
*/
|
||||
private $repository;
|
||||
|
||||
/**
|
||||
* SubuserAccess constructor.
|
||||
*
|
||||
* @param \Pterodactyl\Contracts\Extensions\HashidsInterface $hashids
|
||||
* @param \Pterodactyl\Contracts\Repository\SubuserRepositoryInterface $repository
|
||||
*/
|
||||
public function __construct(HashidsInterface $hashids, SubuserRepositoryInterface $repository)
|
||||
{
|
||||
$this->hashids = $hashids;
|
||||
$this->repository = $repository;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine if a user has permission to access and modify subuser.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @return mixed
|
||||
*
|
||||
* @throws \Pterodactyl\Exceptions\DisplayException
|
||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
||||
* @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
{
|
||||
$server = $request->attributes->get('server');
|
||||
|
||||
$hash = $request->route()->parameter('subuser', 0);
|
||||
$subuser = $this->repository->find($this->hashids->decodeFirst($hash, 0));
|
||||
if (is_null($subuser) || $subuser->server_id !== $server->id) {
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
|
||||
if ($request->method() === 'PATCH') {
|
||||
if ($subuser->user_id === $request->user()->id) {
|
||||
throw new DisplayException(trans('exceptions.subusers.editing_self'));
|
||||
}
|
||||
}
|
||||
|
||||
$request->attributes->set('subuser', $subuser);
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue