StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Store node daemon tokens in an encrypted manner

Browse source
This commit is contained in:
Dane Everitt 2020-04-10 15:15:38 -07:00
parent 2ac82af25a
commit 7557dddf49
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
26 changed files with 222 additions and 827 deletions
Download patch file Download diff file Expand all files Collapse all files

26
app/Services/Nodes/NodeCreationService.php
View file

@ -1,33 +1,34 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* This software is licensed under the terms of the MIT license.
* https://opensource.org/licenses/MIT
*/
namespace Pterodactyl\Services\Nodes;
use Illuminate\Support\Str;
use Pterodactyl\Models\Node;
use Illuminate\Encryption\Encrypter;
use Pterodactyl\Contracts\Repository\NodeRepositoryInterface;
class NodeCreationService
{
const DAEMON_SECRET_LENGTH = 36;
/**
* @var \Pterodactyl\Contracts\Repository\NodeRepositoryInterface
*/
protected $repository;
/**
* @var \Illuminate\Encryption\Encrypter
*/
private $encrypter;
/**
* CreationService constructor.
*
* @param \Illuminate\Encryption\Encrypter $encrypter
* @param \Pterodactyl\Contracts\Repository\NodeRepositoryInterface $repository
*/
public function __construct(NodeRepositoryInterface $repository)
public function __construct(Encrypter $encrypter, NodeRepositoryInterface $repository)
{
$this->repository = $repository;
$this->encrypter = $encrypter;
}
/**
@ -40,8 +41,9 @@ class NodeCreationService
*/
public function handle(array $data)
{
$data['daemonSecret'] = str_random(self::DAEMON_SECRET_LENGTH);
$data['daemon_token'] = Str::random(Node::DAEMON_TOKEN_LENGTH);
$data['daemon_token_id'] = $this->encrypter->encrypt(Str::random(Node::DAEMON_TOKEN_ID_LENGTH));
return $this->repository->create($data);
return $this->repository->create($data, true, true);
}
}

2
app/Services/Nodes/NodeJWTService.php
View file

@ -69,6 +69,6 @@ class NodeJWTService
return $builder
->withClaim('unique_id', Str::random(16))
->getToken($signer, new Key($node->daemonSecret));
->getToken($signer, new Key($node->getDecryptedKey()));
}
}

45
app/Services/Nodes/NodeUpdateService.php
View file

@ -2,12 +2,15 @@
namespace Pterodactyl\Services\Nodes;
use Illuminate\Support\Str;
use Pterodactyl\Models\Node;
use GuzzleHttp\Exception\ConnectException;
use GuzzleHttp\Exception\RequestException;
use Illuminate\Database\ConnectionInterface;
use Illuminate\Contracts\Encryption\Encrypter;
use Pterodactyl\Repositories\Daemon\ConfigurationRepository;
use Pterodactyl\Contracts\Repository\NodeRepositoryInterface;
use Pterodactyl\Repositories\Wings\DaemonConfigurationRepository;
use Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException;
use Pterodactyl\Exceptions\Service\Node\ConfigurationNotPersistedException;
@ -18,31 +21,39 @@ class NodeUpdateService
*/
private $connection;
/**
* @var \Pterodactyl\Contracts\Repository\Daemon\ConfigurationRepositoryInterface
*/
private $configRepository;
/**
* @var \Pterodactyl\Contracts\Repository\NodeRepositoryInterface
*/
private $repository;
/**
* @var \Pterodactyl\Repositories\Wings\DaemonConfigurationRepository
*/
private $configurationRepository;
/**
* @var \Illuminate\Contracts\Encryption\Encrypter
*/
private $encrypter;
/**
* UpdateService constructor.
*
* @param \Illuminate\Database\ConnectionInterface $connection
* @param \Pterodactyl\Repositories\Daemon\ConfigurationRepository $configurationRepository
* @param \Illuminate\Contracts\Encryption\Encrypter $encrypter
* @param \Pterodactyl\Repositories\Wings\DaemonConfigurationRepository $configurationRepository
* @param \Pterodactyl\Contracts\Repository\NodeRepositoryInterface $repository
*/
public function __construct(
ConnectionInterface $connection,
ConfigurationRepository $configurationRepository,
Encrypter $encrypter,
DaemonConfigurationRepository $configurationRepository,
NodeRepositoryInterface $repository
) {
$this->connection = $connection;
$this->configRepository = $configurationRepository;
$this->repository = $repository;
$this->configurationRepository = $configurationRepository;
$this->encrypter = $encrypter;
}
/**
@ -58,13 +69,14 @@ class NodeUpdateService
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
* @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException
* @throws \Pterodactyl\Exceptions\Service\Node\ConfigurationNotPersistedException
*
* @throws \GuzzleHttp\Exception\GuzzleException
*/
public function handle(Node $node, array $data, bool $resetToken = false)
{
if ($resetToken) {
$data['daemonSecret'] = str_random(Node::DAEMON_SECRET_LENGTH);
$data['daemon_token'] = Str::random(Node::DAEMON_TOKEN_LENGTH);
$data['daemon_token_id'] = $this->encrypter->encrypt(
Str::random(Node::DAEMON_TOKEN_ID_LENGTH)
);
}
$this->connection->beginTransaction();
@ -77,14 +89,15 @@ class NodeUpdateService
// We need to clone the new model and set it's authentication token to be the
// old one so we can connect. Then we will pass the new token through as an
// override on the call.
$cloned = $updatedModel->replicate(['daemonSecret']);
$cloned->setAttribute('daemonSecret', $node->getAttribute('daemonSecret'));
$cloned = $updatedModel->replicate(['daemon_token']);
$cloned->setAttribute('daemon_token', $node->getAttribute('daemon_token'));
$this->configRepository->setNode($cloned)->update([
'keys' => [$data['daemonSecret']],
$this->configurationRepository->setNode($cloned)->update([
'daemon_token_id' => $updatedModel->daemon_token_id,
'daemon_token' => $updatedModel->getDecryptedKey(),
]);
} else {
$this->configRepository->setNode($updatedModel)->update();
$this->configurationRepository->setNode($updatedModel)->update();
}
$this->connection->commit();