StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Store node daemon tokens in an encrypted manner

Browse source
This commit is contained in:
Dane Everitt 2020-04-10 15:15:38 -07:00
parent 2ac82af25a
commit 7557dddf49
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
26 changed files with 222 additions and 827 deletions
Download patch file Download diff file Expand all files Collapse all files

154
app/Repositories/Daemon/BaseRepository.php
View file

@ -1,154 +0,0 @@
<?php
namespace Pterodactyl\Repositories\Daemon;
use RuntimeException;
use GuzzleHttp\Client;
use Pterodactyl\Models\Node;
use Pterodactyl\Models\Server;
use Illuminate\Foundation\Application;
use Pterodactyl\Contracts\Repository\NodeRepositoryInterface;
use Pterodactyl\Contracts\Repository\Daemon\BaseRepositoryInterface;
abstract class BaseRepository implements BaseRepositoryInterface
{
/**
* @var \Illuminate\Foundation\Application
*/
private $app;
/**
* @var \Pterodactyl\Models\Server
*/
private $server;
/**
* @var string|null
*/
private $token;
/**
* @var \Pterodactyl\Models\Node|null
*/
private $node;
/**
* @var \Pterodactyl\Contracts\Repository\NodeRepositoryInterface
*/
private $nodeRepository;
/**
* BaseRepository constructor.
*
* @param \Illuminate\Foundation\Application $app
* @param \Pterodactyl\Contracts\Repository\NodeRepositoryInterface $nodeRepository
*/
public function __construct(Application $app, NodeRepositoryInterface $nodeRepository)
{
$this->app = $app;
$this->nodeRepository = $nodeRepository;
}
/**
* Set the node model to be used for this daemon connection.
*
* @param \Pterodactyl\Models\Node $node
* @return $this
*/
public function setNode(Node $node)
{
$this->node = $node;
return $this;
}
/**
* Return the node model being used.
*
* @return \Pterodactyl\Models\Node|null
*/
public function getNode()
{
return $this->node;
}
/**
* Set the Server model to use when requesting information from the Daemon.
*
* @param \Pterodactyl\Models\Server $server
* @return $this
*/
public function setServer(Server $server)
{
$this->server = $server;
return $this;
}
/**
* Return the Server model.
*
* @return \Pterodactyl\Models\Server|null
*/
public function getServer()
{
return $this->server;
}
/**
* Set the token to be used in the X-Access-Token header for requests to the daemon.
*
* @param string $token
* @return $this
*/
public function setToken(string $token)
{
$this->token = $token;
return $this;
}
/**
* Return the access token being used for requests.
*
* @return string|null
*/
public function getToken()
{
return $this->token;
}
/**
* Return an instance of the Guzzle HTTP Client to be used for requests.
*
* @param array $headers
* @return \GuzzleHttp\Client
*/
public function getHttpClient(array $headers = []): Client
{
// If no node is set, load the relationship onto the Server model
// and pass that to the setNode function.
if (! $this->getNode() instanceof Node) {
if (! $this->getServer() instanceof Server) {
throw new RuntimeException('An instance of ' . Node::class . ' or ' . Server::class . ' must be set on this repository in order to return a client.');
}
$this->getServer()->loadMissing('node');
$this->setNode($this->getServer()->getRelation('node'));
}
if ($this->getServer() instanceof Server) {
$headers['X-Access-Server'] = $this->getServer()->uuid;
}
$headers['X-Access-Token'] = $this->getToken() ?? $this->getNode()->daemonSecret;
return new Client([
'verify' => config('app.env') === 'production',
'base_uri' => sprintf('%s://%s:%s/v1/', $this->getNode()->scheme, $this->getNode()->fqdn, $this->getNode()->daemonListen),
'timeout' => config('pterodactyl.guzzle.timeout'),
'connect_timeout' => config('pterodactyl.guzzle.connect_timeout'),
'headers' => $headers,
]);
}
}

25
app/Repositories/Daemon/CommandRepository.php
View file

@ -1,25 +0,0 @@
<?php
namespace Pterodactyl\Repositories\Daemon;
use Psr\Http\Message\ResponseInterface;
use Pterodactyl\Contracts\Repository\Daemon\CommandRepositoryInterface;
class CommandRepository extends BaseRepository implements CommandRepositoryInterface
{
/**
* Send a command to a server.
*
* @param string $command
* @return \Psr\Http\Message\ResponseInterface
* @throws \GuzzleHttp\Exception\GuzzleException
*/
public function send(string $command): ResponseInterface
{
return $this->getHttpClient()->request('POST', 'server/command', [
'json' => [
'command' => $command,
],
]);
}
}

46
app/Repositories/Daemon/ConfigurationRepository.php
View file

@ -1,46 +0,0 @@
<?php
namespace Pterodactyl\Repositories\Daemon;
use Psr\Http\Message\ResponseInterface;
use Pterodactyl\Contracts\Repository\Daemon\ConfigurationRepositoryInterface;
class ConfigurationRepository extends BaseRepository implements ConfigurationRepositoryInterface
{
/**
* Update the configuration details for the specified node using data from the database.
*
* @param array $overrides
* @return \Psr\Http\Message\ResponseInterface
* @throws \GuzzleHttp\Exception\GuzzleException
*/
public function update(array $overrides = []): ResponseInterface
{
$node = $this->getNode();
$structure = [
'web' => [
'listen' => $node->daemonListen,
'ssl' => [
'enabled' => (! $node->behind_proxy && $node->scheme === 'https'),
],
],
'sftp' => [
'path' => $node->daemonBase,
'port' => $node->daemonSFTP,
],
'remote' => [
'base' => config('app.url'),
],
'uploads' => [
'size_limit' => $node->upload_size,
],
'keys' => [
$node->daemonSecret,
],
];
return $this->getHttpClient()->request('PATCH', 'config', [
'json' => array_merge($structure, $overrides),
]);
}
}

104
app/Repositories/Daemon/FileRepository.php
View file

@ -1,104 +0,0 @@
<?php
namespace Pterodactyl\Repositories\Daemon;
use stdClass;
use RuntimeException;
use Psr\Http\Message\ResponseInterface;
use Pterodactyl\Contracts\Repository\Daemon\FileRepositoryInterface;
class FileRepository extends BaseRepository implements FileRepositoryInterface
{
/**
* Return stat information for a given file.
*
* @param string $path
* @return \stdClass
*
* @throws \GuzzleHttp\Exception\GuzzleException
*/
public function getFileStat(string $path): stdClass
{
$file = str_replace('\\', '/', pathinfo($path));
$file['dirname'] = in_array($file['dirname'], ['.', './', '/']) ? null : trim($file['dirname'], '/') . '/';
$response = $this->getHttpClient()->request('GET', sprintf(
'server/file/stat/%s',
rawurlencode($file['dirname'] . $file['basename'])
));
return json_decode($response->getBody());
}
/**
* Return the contents of a given file if it can be edited in the Panel.
*
* @param string $path
* @return string
*
* @throws \GuzzleHttp\Exception\GuzzleException
*/
public function getContent(string $path): string
{
$file = str_replace('\\', '/', pathinfo($path));
$file['dirname'] = in_array($file['dirname'], ['.', './', '/']) ? null : trim($file['dirname'], '/') . '/';
$response = $this->getHttpClient()->request('GET', sprintf(
'server/file/f/%s',
rawurlencode($file['dirname'] . $file['basename'])
));
return object_get(json_decode($response->getBody()), 'content');
}
/**
* Save new contents to a given file.
*
* @param string $path
* @param string $content
* @return \Psr\Http\Message\ResponseInterface
*
* @throws \GuzzleHttp\Exception\GuzzleException
*/
public function putContent(string $path, string $content): ResponseInterface
{
$file = str_replace('\\', '/', pathinfo($path));
$file['dirname'] = in_array($file['dirname'], ['.', './', '/']) ? null : trim($file['dirname'], '/') . '/';
return $this->getHttpClient()->request('POST', 'server/file/save', [
'json' => [
'path' => rawurlencode($file['dirname'] . $file['basename']),
'content' => $content,
],
]);
}
/**
* Return a directory listing for a given path.
*
* @param string $path
* @return array
*
* @throws \GuzzleHttp\Exception\GuzzleException
*/
public function getDirectory(string $path): array
{
$response = $this->getHttpClient()->request('GET', sprintf('server/directory/%s', rawurlencode($path)));
return json_decode($response->getBody());
}
/**
* Creates a new directory for the server in the given $path.
*
* @param string $name
* @param string $path
* @return \Psr\Http\Message\ResponseInterface
*
* @throws \RuntimeException
*/
public function createDirectory(string $name, string $path): ResponseInterface
{
throw new RuntimeException('Not implemented.');
}
}

36
app/Repositories/Daemon/PowerRepository.php
View file

@ -1,36 +0,0 @@
<?php
namespace Pterodactyl\Repositories\Daemon;
use Psr\Http\Message\ResponseInterface;
use Pterodactyl\Contracts\Repository\Daemon\PowerRepositoryInterface;
use Pterodactyl\Exceptions\Repository\Daemon\InvalidPowerSignalException;
class PowerRepository extends BaseRepository implements PowerRepositoryInterface
{
/**
* Send a power signal to a server.
*
* @param string $signal
* @return \Psr\Http\Message\ResponseInterface
*
* @throws InvalidPowerSignalException
* @throws \GuzzleHttp\Exception\GuzzleException
*/
public function sendSignal(string $signal): ResponseInterface
{
switch ($signal) {
case self::SIGNAL_START:
case self::SIGNAL_STOP:
case self::SIGNAL_RESTART:
case self::SIGNAL_KILL:
return $this->getHttpClient()->request('PUT', 'server/power', [
'json' => [
'action' => $signal,
],
]);
default:
throw new InvalidPowerSignalException('The signal "' . $signal . '" is not defined and could not be processed.');
}
}
}

134
app/Repositories/Daemon/ServerRepository.php
View file

@ -1,134 +0,0 @@
<?php
namespace Pterodactyl\Repositories\Daemon;
use Webmozart\Assert\Assert;
use Psr\Http\Message\ResponseInterface;
use Pterodactyl\Contracts\Repository\Daemon\ServerRepositoryInterface;
class ServerRepository extends BaseRepository implements ServerRepositoryInterface
{
/**
* Create a new server on the daemon for the panel.
*
* @param array $structure
* @param array $overrides
* @return \Psr\Http\Message\ResponseInterface
*
* @throws \GuzzleHttp\Exception\GuzzleException
*/
public function create(array $structure, array $overrides = []): ResponseInterface
{
foreach ($overrides as $key => $value) {
$structure[$key] = value($value);
}
return $this->getHttpClient()->request('POST', 'servers', [
'json' => $structure,
]);
}
/**
* Update server details on the daemon.
*
* @param array $data
* @return \Psr\Http\Message\ResponseInterface
* @throws \GuzzleHttp\Exception\GuzzleException
*/
public function update(array $data): ResponseInterface
{
return $this->getHttpClient()->request('PATCH', 'server', [
'json' => $data,
]);
}
/**
* Mark a server to be reinstalled on the system.
*
* @param array|null $data
* @return \Psr\Http\Message\ResponseInterface
* @throws \GuzzleHttp\Exception\GuzzleException
*/
public function reinstall(array $data = null): ResponseInterface
{
return $this->getHttpClient()->request('POST', 'server/reinstall', [
'json' => $data ?? [],
]);
}
/**
* Mark a server as needing a container rebuild the next time the server is booted.
*
* @return \Psr\Http\Message\ResponseInterface
* @throws \GuzzleHttp\Exception\GuzzleException
*/
public function rebuild(): ResponseInterface
{
return $this->getHttpClient()->request('POST', 'server/rebuild');
}
/**
* Suspend a server on the daemon.
*
* @return \Psr\Http\Message\ResponseInterface
* @throws \GuzzleHttp\Exception\GuzzleException
*/
public function suspend(): ResponseInterface
{
return $this->getHttpClient()->request('POST', 'server/suspend');
}
/**
* Un-suspend a server on the daemon.
*
* @return \Psr\Http\Message\ResponseInterface
* @throws \GuzzleHttp\Exception\GuzzleException
*/
public function unsuspend(): ResponseInterface
{
return $this->getHttpClient()->request('POST', 'server/unsuspend');
}
/**
* Delete a server on the daemon.
*
* @return \Psr\Http\Message\ResponseInterface
* @throws \GuzzleHttp\Exception\GuzzleException
*/
public function delete(): ResponseInterface
{
return $this->getHttpClient()->request('DELETE', 'servers');
}
/**
* Return details on a specific server.
*
* @return \Psr\Http\Message\ResponseInterface
* @throws \GuzzleHttp\Exception\GuzzleException
*/
public function details(): ResponseInterface
{
return $this->getHttpClient()->request('GET', 'server');
}
/**
* Revoke an access key on the daemon before the time is expired.
*
* @param string|array $key
* @return \Psr\Http\Message\ResponseInterface
*
* @throws \GuzzleHttp\Exception\GuzzleException
*/
public function revokeAccessKey($key): ResponseInterface
{
if (is_array($key)) {
return $this->getHttpClient()->request('POST', 'keys/batch-delete', [
'json' => ['keys' => $key],
]);
}
Assert::stringNotEmpty($key, 'First argument passed to revokeAccessKey must be a non-empty string or array, received %s.');
return $this->getHttpClient()->request('DELETE', 'keys/' . $key);
}
}

2
app/Repositories/Eloquent/NodeRepository.php
View file

@ -183,7 +183,7 @@ class NodeRepository extends EloquentRepository implements NodeRepositoryInterfa
public function getNodeWithResourceUsage(int $node_id): Node
{
$instance = $this->getBuilder()
->select(['nodes.id', 'nodes.fqdn', 'nodes.scheme', 'nodes.daemonSecret', 'nodes.daemonListen', 'nodes.memory', 'nodes.disk', 'nodes.memory_overallocate', 'nodes.disk_overallocate'])
->select(['nodes.id', 'nodes.fqdn', 'nodes.scheme', 'nodes.daemon_token', 'nodes.daemonListen', 'nodes.memory', 'nodes.disk', 'nodes.memory_overallocate', 'nodes.disk_overallocate'])
->selectRaw('IFNULL(SUM(servers.memory), 0) as sum_memory, IFNULL(SUM(servers.disk), 0) as sum_disk')
->leftJoin('servers', 'servers.node_id', '=', 'nodes.id')
->where('nodes.id', $node_id);

18
app/Repositories/Wings/DaemonConfigurationRepository.php
View file

@ -23,4 +23,22 @@ class DaemonConfigurationRepository extends DaemonRepository
return json_decode($response->getBody()->__toString(), true);
}
/**
* Updates the configuration information for a daemon.
*
* @param array $attributes
* @return \Psr\Http\Message\ResponseInterface
* @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException
*/
public function update(array $attributes = [])
{
try {
return $this->getHttpClient()->post(
'/api/update', array_merge($this->node->getConfiguration(), $attributes)
);
} catch (TransferException $exception) {
throw new DaemonConnectionException($exception);
}
}
}

2
app/Repositories/Wings/DaemonRepository.php
View file

@ -79,7 +79,7 @@ abstract class DaemonRepository
'timeout' => config('pterodactyl.guzzle.timeout'),
'connect_timeout' => config('pterodactyl.guzzle.connect_timeout'),
'headers' => array_merge($headers, [
'Authorization' => 'Bearer ' . $this->node->daemonSecret,
'Authorization' => 'Bearer ' . $this->node->getDecryptedKey(),
'Accept' => 'application/json',
'Content-Type' => 'application/json',
]),