StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Implement fix to allow root admins to view all servers.

Browse source 
closes #722
This commit is contained in:
Dane Everitt 2017-11-05 12:38:39 -06:00
parent fb2909a1c7
commit 6409fffdad
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
22 changed files with 143 additions and 166 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/Contracts/Repository/ServerRepositoryInterface.php
View file

@ -118,7 +118,7 @@ interface ServerRepositoryInterface extends RepositoryInterface, SearchableInter
* Return a server by UUID.
*
* @param string $uuid
* @return \Illuminate\Database\Eloquent\Collection
* @return \Pterodactyl\Models\Server
*
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
*/

2
app/Contracts/Repository/SubuserRepositoryInterface.php
View file

@ -13,7 +13,7 @@ interface SubuserRepositoryInterface extends RepositoryInterface
* @param bool $refresh
* @return \Pterodactyl\Models\Subuser
*/
public function getWithServer(Subuser $subuser, bool $refresh = false): Subuser;
public function loadServerAndUserRelations(Subuser $subuser, bool $refresh = false): Subuser;
/**
* Return a subuser with the associated permissions relationship.

2
app/Http/Controllers/Base/IndexController.php
View file

@ -93,7 +93,7 @@ class IndexController extends Controller
public function status(Request $request, $uuid)
{
$server = $this->repository->findFirstWhere([['uuidShort', '=', $uuid]]);
$token = $this->keyProviderService->handle($server->id, $request->user()->id);
$token = $this->keyProviderService->handle($server, $request->user());
if (! $server->installed) {
return response()->json(['status' => 20]);

4
app/Http/Middleware/AdminAuthenticate.php
View file

@ -11,7 +11,7 @@ namespace Pterodactyl\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
class AdminAuthenticate
{
@ -25,7 +25,7 @@ class AdminAuthenticate
public function handle(Request $request, Closure $next)
{
if (! $request->user() || ! $request->user()->root_admin) {
throw new HttpException(403, 'Access Denied');
throw new AccessDeniedHttpException;
}
return $next($request);

6
app/Http/Middleware/Authenticate.php
View file

@ -20,11 +20,7 @@ class Authenticate
public function handle(Request $request, Closure $next)
{
if (! $request->user()) {
if ($request->ajax() || $request->expectsJson()) {
throw new AuthenticationException();
} else {
return redirect()->route('auth.login');
}
throw new AuthenticationException;
}
return $next($request);

3
app/Http/Middleware/Daemon/DaemonAuthenticate.php
View file

@ -29,6 +29,7 @@ use Illuminate\Http\Request;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Pterodactyl\Contracts\Repository\NodeRepositoryInterface;
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
class DaemonAuthenticate
{
@ -80,7 +81,7 @@ class DaemonAuthenticate
try {
$node = $this->repository->findFirstWhere([['daemonSecret', '=', $token]]);
} catch (RecordNotFoundException $exception) {
throw new HttpException(403);
throw new AccessDeniedHttpException;
}
$request->attributes->set('node', $node);

6
app/Http/Middleware/Server/AuthenticateAsSubuser.php
View file

@ -12,9 +12,9 @@ namespace Pterodactyl\Http\Middleware\Server;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Contracts\Session\Session;
use Illuminate\Auth\AuthenticationException;
use Pterodactyl\Services\DaemonKeys\DaemonKeyProviderService;
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
class AuthenticateAsSubuser
{
@ -56,9 +56,9 @@ class AuthenticateAsSubuser
$server = $request->attributes->get('server');
try {
$token = $this->keyProviderService->handle($server->id, $request->user()->id);
$token = $this->keyProviderService->handle($server, $request->user());
} catch (RecordNotFoundException $exception) {
throw new AuthenticationException('This account does not have permission to access this server.');
throw new AccessDeniedHttpException('This account does not have permission to access this server.');
}
$this->session->now('server_data.token', $token);

7
app/Jobs/Schedule/RunTaskJob.php
View file

@ -92,20 +92,21 @@ class RunTaskJob extends Job implements ShouldQueue
$this->taskRepository = $taskRepository;
$task = $this->taskRepository->getTaskWithServer($this->task);
$server = $task->server;
$server = $task->getRelation('server');
$user = $server->getRelation('user');
// Perform the provided task aganist the daemon.
switch ($task->action) {
case 'power':
$this->powerRepository->setNode($server->node_id)
->setAccessServer($server->uuid)
->setAccessToken($keyProviderService->handle($server->id, $server->owner_id))
->setAccessToken($keyProviderService->handle($server, $user))
->sendSignal($task->payload);
break;
case 'command':
$this->commandRepository->setNode($server->node_id)
->setAccessServer($server->uuid)
->setAccessToken($keyProviderService->handle($server->id, $server->owner_id))
->setAccessToken($keyProviderService->handle($server, $user))
->send($task->payload);
break;
default:

6
app/Repositories/Eloquent/SubuserRepository.php
View file

@ -31,12 +31,16 @@ class SubuserRepository extends EloquentRepository implements SubuserRepositoryI
* @param bool $refresh
* @return \Pterodactyl\Models\Subuser
*/
public function getWithServer(Subuser $subuser, bool $refresh = false): Subuser
public function loadServerAndUserRelations(Subuser $subuser, bool $refresh = false): Subuser
{
if (! $subuser->relationLoaded('server') || $refresh) {
$subuser->load('server');
}
if (! $subuser->relationLoaded('user') || $refresh) {
$subuser->load('user');
}
return $subuser;
}

2
app/Repositories/Eloquent/TaskRepository.php
View file

@ -31,7 +31,7 @@ class TaskRepository extends EloquentRepository implements TaskRepositoryInterfa
{
Assert::integerish($id, 'First argument passed to getTaskWithServer must be numeric, received %s.');
$instance = $this->getBuilder()->with('server')->find($id, $this->getColumns());
$instance = $this->getBuilder()->with('server.user')->find($id, $this->getColumns());
if (! $instance) {
throw new RecordNotFoundException;
}

38
app/Services/DaemonKeys/DaemonKeyProviderService.php
View file

@ -25,39 +25,30 @@
namespace Pterodactyl\Services\DaemonKeys;
use Carbon\Carbon;
use Webmozart\Assert\Assert;
use Pterodactyl\Models\User;
use Pterodactyl\Models\Server;
use Pterodactyl\Contracts\Repository\DaemonKeyRepositoryInterface;
class DaemonKeyProviderService
{
/**
* @var \Carbon\Carbon
*/
protected $carbon;
/**
* @var \Pterodactyl\Services\DaemonKeys\DaemonKeyUpdateService
*/
protected $keyUpdateService;
private $keyUpdateService;
/**
* @var \Pterodactyl\Contracts\Repository\DaemonKeyRepositoryInterface
*/
protected $repository;
private $repository;
/**
* GetDaemonKeyService constructor.
*
* @param \Carbon\Carbon $carbon
* @param \Pterodactyl\Services\DaemonKeys\DaemonKeyUpdateService $keyUpdateService
* @param \Pterodactyl\Contracts\Repository\DaemonKeyRepositoryInterface $repository
*/
public function __construct(
Carbon $carbon,
DaemonKeyUpdateService $keyUpdateService,
DaemonKeyRepositoryInterface $repository
) {
$this->carbon = $carbon;
public function __construct(DaemonKeyUpdateService $keyUpdateService, DaemonKeyRepositoryInterface $repository)
{
$this->keyUpdateService = $keyUpdateService;
$this->repository = $repository;
}
@ -65,25 +56,24 @@ class DaemonKeyProviderService
/**
* Get the access key for a user on a specific server.
*
* @param int $server
* @param int $user
* @param bool $updateIfExpired
* @param \Pterodactyl\Models\Server $server
* @param \Pterodactyl\Models\User $user
* @param bool $updateIfExpired
* @return string
*
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
*/
public function handle($server, $user, $updateIfExpired = true)
public function handle(Server $server, User $user, $updateIfExpired = true): string
{
Assert::integerish($server, 'First argument passed to handle must be an integer, received %s.');
Assert::integerish($user, 'Second argument passed to handle must be an integer, received %s.');
$userId = $user->root_admin ? $server->owner_id : $user->id;
$key = $this->repository->findFirstWhere([
['user_id', '=', $user],
['server_id', '=', $server],
['user_id', '=', $userId],
['server_id', '=', $server->id],
]);
if (! $updateIfExpired || $this->carbon->now()->diffInSeconds($key->expires_at, false) > 0) {
if (! $updateIfExpired || Carbon::now()->diffInSeconds($key->expires_at, false) > 0) {
return $key->secret;
}

2
app/Services/Sftp/AuthenticateUsingPasswordService.php
View file

@ -84,7 +84,7 @@ class AuthenticateUsingPasswordService
return [
'server' => $server->uuid,
'token' => $this->keyProviderService->handle($server->id, $user->id),
'token' => $this->keyProviderService->handle($server, $user),
];
}
}

4
app/Services/Subusers/SubuserUpdateService.php
View file

@ -88,14 +88,14 @@ class SubuserUpdateService
*/
public function handle(Subuser $subuser, array $permissions)
{
$subuser = $this->repository->getWithServer($subuser);
$subuser = $this->repository->loadServerAndUserRelations($subuser);
$this->connection->beginTransaction();
$this->permissionRepository->deleteWhere([['subuser_id', '=', $subuser->id]]);
$this->permissionService->handle($subuser->id, $permissions);
try {
$token = $this->keyProviderService->handle($subuser->server_id, $subuser->user_id, false);
$token = $this->keyProviderService->handle($subuser->getRelation('server'), $subuser->getRelation('user'), false);
$this->daemonRepository->setNode($subuser->getRelation('server')->node_id)->revokeAccessKey($token);
} catch (RequestException $exception) {
$this->connection->rollBack();