StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Store node daemon tokens in an encrypted manner

Browse source
This commit is contained in:
Dane Everitt 2020-04-10 15:15:38 -07:00
parent 2ac82af25a
commit 7557dddf49
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
26 changed files with 222 additions and 827 deletions
Download patch file Download diff file Expand all files Collapse all files

9
database/factories/ModelFactory.php
View file

@ -1,7 +1,10 @@
<?php
use Ramsey\Uuid\Uuid;
use Cake\Chronos\Chronos;
use Illuminate\Support\Str;
use Faker\Generator as Faker;
use Pterodactyl\Models\Node;
use Pterodactyl\Models\ApiKey;
/*
@ -80,6 +83,7 @@ $factory->define(Pterodactyl\Models\Location::class, function (Faker $faker) {
$factory->define(Pterodactyl\Models\Node::class, function (Faker $faker) {
return [
'id' => $faker->unique()->randomNumber(),
'uuid' => Uuid::uuid4()->toString(),
'public' => true,
'name' => $faker->firstName,
'fqdn' => $faker->ipv4,
@ -90,10 +94,11 @@ $factory->define(Pterodactyl\Models\Node::class, function (Faker $faker) {
'disk' => 10240,
'disk_overallocate' => 0,
'upload_size' => 100,
'daemonSecret' => $faker->uuid,
'daemon_token_id' => Str::random(Node::DAEMON_TOKEN_ID_LENGTH),
'daemon_token' => Str::random(Node::DAEMON_TOKEN_LENGTH),
'daemonListen' => 8080,
'daemonSFTP' => 2022,
'daemonBase' => '/srv/daemon',
'daemonBase' => '/srv/daemon-data',
];
});

84
database/migrations/2020_04_10_141024_store_node_tokens_as_encrypted_value.php Normal file
View file

@ -0,0 +1,84 @@
<?php
use Ramsey\Uuid\Uuid;
use Illuminate\Support\Facades\DB;
use Illuminate\Container\Container;
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
use Illuminate\Contracts\Encryption\Encrypter;
class StoreNodeTokensAsEncryptedValue extends Migration
{
/**
* Run the migrations.
*
* @return void
* @throws \Exception
*/
public function up()
{
Schema::table('nodes', function (Blueprint $table) {
$table->dropUnique(['daemonSecret']);
});
Schema::table('nodes', function (Blueprint $table) {
$table->char('uuid', 36)->after('id')->unique();
$table->char('daemon_token_id', 16)->after('upload_size')->unique();
$table->renameColumn('daemonSecret', 'daemon_token');
});
Schema::table('nodes', function (Blueprint $table) {
$table->text('daemon_token')->change();
});
DB::transaction(function () {
/** @var \Illuminate\Contracts\Encryption\Encrypter $encrypter */
$encrypter = Container::getInstance()->make(Encrypter::class);
foreach (DB::select('SELECT id, daemon_token FROM nodes') as $datum) {
DB::update('UPDATE nodes SET uuid = ?, daemon_token_id = ?, daemon_token = ? WHERE id = ?', [
Uuid::uuid4()->toString(),
substr($datum->daemon_token, 0, 16),
$encrypter->encrypt(substr($datum->daemon_token, 16)),
$datum->id,
]);
}
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
DB::transaction(function () {
/** @var \Illuminate\Contracts\Encryption\Encrypter $encrypter */
$encrypter = Container::getInstance()->make(Encrypter::class);
foreach (DB::select('SELECT id, daemon_token_id, daemon_token FROM nodes') as $datum) {
DB::update('UPDATE nodes SET daemon_token = ? WHERE id = ?', [
$datum->daemon_token_id . $encrypter->decrypt($datum->daemon_token),
$datum->id,
]);
}
});
Schema::table('nodes', function (Blueprint $table) {
$table->dropUnique(['uuid']);
$table->dropUnique(['daemon_token_id']);
});
Schema::table('nodes', function (Blueprint $table) {
$table->dropColumn(['uuid', 'daemon_token_id']);
$table->renameColumn('daemon_token', 'daemonSecret');
});
Schema::table('nodes', function (Blueprint $table) {
$table->string('daemonSecret', 36)->change();
$table->unique(['daemonSecret']);
});
}
}