Final touches to new key-rotation service
This commit is contained in:
Dane Everitt
parent
0f0c319ec0
commit
8e2b77dc1e
6 changed files with 154 additions and 18 deletions
93
app/Services/DaemonKeys/DaemonKeyUpdateService.php
Normal file
93
app/Services/DaemonKeys/DaemonKeyUpdateService.php
Normal file
|
|
@ -0,0 +1,93 @@
|
|||
<?php
|
||||
/*
|
||||
* Pterodactyl - Panel
|
||||
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in all
|
||||
* copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
namespace Pterodactyl\Services\DaemonKeys;
|
||||
|
||||
use Carbon\Carbon;
|
||||
use Pterodactyl\Models\DaemonKey;
|
||||
use Illuminate\Contracts\Config\Repository as ConfigRepository;
|
||||
use Pterodactyl\Contracts\Repository\DaemonKeyRepositoryInterface;
|
||||
|
||||
class DaemonKeyUpdateService
|
||||
{
|
||||
const INTERNAL_TOKEN_IDENTIFIER = 'i_';
|
||||
|
||||
/**
|
||||
* @var \Carbon\Carbon
|
||||
*/
|
||||
protected $carbon;
|
||||
|
||||
/**
|
||||
* @var
|
||||
*/
|
||||
protected $config;
|
||||
|
||||
/**
|
||||
* @var \Pterodactyl\Contracts\Repository\DaemonKeyRepositoryInterface
|
||||
*/
|
||||
protected $repository;
|
||||
|
||||
/**
|
||||
* DaemonKeyUpdateService constructor.
|
||||
*
|
||||
* @param \Carbon\Carbon $carbon
|
||||
* @param \Illuminate\Contracts\Config\Repository $config
|
||||
* @param \Pterodactyl\Contracts\Repository\DaemonKeyRepositoryInterface $repository
|
||||
*/
|
||||
public function __construct(
|
||||
Carbon $carbon,
|
||||
ConfigRepository $config,
|
||||
DaemonKeyRepositoryInterface $repository
|
||||
) {
|
||||
$this->carbon = $carbon;
|
||||
$this->config = $config;
|
||||
$this->repository = $repository;
|
||||
}
|
||||
|
||||
/**
|
||||
* Update a daemon key to expire the previous one.
|
||||
*
|
||||
* @param \Pterodactyl\Models\DaemonKey|int $key
|
||||
* @return string
|
||||
*
|
||||
* @throws \RuntimeException
|
||||
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
|
||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
||||
*/
|
||||
public function handle($key)
|
||||
{
|
||||
if ($key instanceof DaemonKey) {
|
||||
$key = $key->id;
|
||||
}
|
||||
|
||||
$secret = self::INTERNAL_TOKEN_IDENTIFIER . str_random(40);
|
||||
|
||||
$this->repository->withoutFresh()->update($key, [
|
||||
'secret' => $secret,
|
||||
'expires_at' => $this->carbon->now()->addMinutes($this->config->get('pterodactyl.api.key_expire_time')),
|
||||
]);
|
||||
|
||||
return $secret;
|
||||
}
|
||||
}
|
||||
|
|
@ -24,9 +24,12 @@
|
|||
|
||||
namespace Pterodactyl\Services\Servers;
|
||||
|
||||
use Carbon\Carbon;
|
||||
use Pterodactyl\Models\User;
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Models\DaemonKey;
|
||||
use Illuminate\Cache\Repository as CacheRepository;
|
||||
use Pterodactyl\Services\DaemonKeys\DaemonKeyUpdateService;
|
||||
use Pterodactyl\Contracts\Repository\UserRepositoryInterface;
|
||||
use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
|
||||
use Pterodactyl\Contracts\Repository\DaemonKeyRepositoryInterface;
|
||||
|
|
@ -39,11 +42,21 @@ class ServerAccessHelperService
|
|||
*/
|
||||
protected $cache;
|
||||
|
||||
/**
|
||||
* @var \Carbon\Carbon
|
||||
*/
|
||||
protected $carbon;
|
||||
|
||||
/**
|
||||
* @var \Pterodactyl\Contracts\Repository\DaemonKeyRepositoryInterface
|
||||
*/
|
||||
protected $daemonKeyRepository;
|
||||
|
||||
/**
|
||||
* @var \Pterodactyl\Services\DaemonKeys\DaemonKeyUpdateService
|
||||
*/
|
||||
protected $daemonKeyUpdateService;
|
||||
|
||||
/**
|
||||
* @var \Pterodactyl\Contracts\Repository\ServerRepositoryInterface
|
||||
*/
|
||||
|
|
@ -58,18 +71,24 @@ class ServerAccessHelperService
|
|||
* ServerAccessHelperService constructor.
|
||||
*
|
||||
* @param \Illuminate\Cache\Repository $cache
|
||||
* @param \Carbon\Carbon $carbon
|
||||
* @param \Pterodactyl\Contracts\Repository\DaemonKeyRepositoryInterface $daemonKeyRepository
|
||||
* @param \Pterodactyl\Services\DaemonKeys\DaemonKeyUpdateService $daemonKeyUpdateService
|
||||
* @param \Pterodactyl\Contracts\Repository\ServerRepositoryInterface $repository
|
||||
* @param \Pterodactyl\Contracts\Repository\UserRepositoryInterface $userRepository
|
||||
*/
|
||||
public function __construct(
|
||||
CacheRepository $cache,
|
||||
Carbon $carbon,
|
||||
DaemonKeyRepositoryInterface $daemonKeyRepository,
|
||||
DaemonKeyUpdateService $daemonKeyUpdateService,
|
||||
ServerRepositoryInterface $repository,
|
||||
UserRepositoryInterface $userRepository
|
||||
) {
|
||||
$this->cache = $cache;
|
||||
$this->carbon = $carbon;
|
||||
$this->daemonKeyRepository = $daemonKeyRepository;
|
||||
$this->daemonKeyUpdateService = $daemonKeyUpdateService;
|
||||
$this->repository = $repository;
|
||||
$this->userRepository = $userRepository;
|
||||
}
|
||||
|
|
@ -81,8 +100,10 @@ class ServerAccessHelperService
|
|||
* @param int|\Pterodactyl\Models\User $user
|
||||
* @return string
|
||||
*
|
||||
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
|
||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
||||
* @throws \Pterodactyl\Exceptions\Service\Server\UserNotLinkedToServerException
|
||||
* @throws \RuntimeException
|
||||
*/
|
||||
public function handle($server, $user)
|
||||
{
|
||||
|
|
@ -95,16 +116,16 @@ class ServerAccessHelperService
|
|||
}
|
||||
|
||||
$keys = $server->relationLoaded('keys') ? $server->keys : $this->daemonKeyRepository->getServerKeys($server->id);
|
||||
|
||||
$key = array_get($keys->where('user_id', $user->id)->first(null, []), 'secret');
|
||||
if ($user->root_admin) {
|
||||
$key = array_get($keys->where('user_id', $server->owner_id)->first(null, []), 'secret');
|
||||
}
|
||||
$key = $keys->where('user_id', $user->root_admin ? $server->owner_id : $user->id)->first();
|
||||
|
||||
if (is_null($key)) {
|
||||
throw new UserNotLinkedToServerException;
|
||||
}
|
||||
|
||||
return $key;
|
||||
if (max($this->carbon->now()->diffInSeconds($key->expires_at, false), 0) === 0) {
|
||||
$key = $this->daemonKeyUpdateService->handle($key);
|
||||
}
|
||||
|
||||
return ($key instanceof DaemonKey) ? $key->secret : $key;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue