StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'develop' into enhancement/wings-improved-server-loading

Browse source
This commit is contained in:
Matthew Penner 2020-04-10 16:23:46 -06:00 committed by GitHub
commit 94d46affb8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
57 changed files with 602 additions and 1101 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/Http/Controllers/Admin/Nodes/NodeViewController.php
View file

@ -148,8 +148,8 @@ class NodeViewController extends Controller
public function servers(Request $request, Node $node)
{
$this->plainInject([
'node' => Collection::wrap($node->makeVisible('daemonSecret'))
->only(['scheme', 'fqdn', 'daemonListen', 'daemonSecret']),
'node' => Collection::wrap($node->makeVisible(['daemon_token_id', 'daemon_token']))
->only(['scheme', 'fqdn', 'daemonListen', 'daemon_token_id', 'daemon_token']),
]);
return $this->view->make('admin.nodes.view.servers', [

2
app/Http/Controllers/Admin/StatisticsController.php
View file

@ -67,7 +67,7 @@ class StatisticsController extends Controller
$tokens = [];
foreach ($nodes as $node) {
$tokens[$node->id] = $node->daemonSecret;
$tokens[$node->id] = decrypt($node->daemon_token);
}
$this->injectJavascript([

2
app/Http/Controllers/Api/Remote/Servers/ServerTransferController.php
View file

@ -145,7 +145,7 @@ class ServerTransferController extends Controller
->canOnlyBeUsedAfter($now->getTimestamp())
->expiresAt($now->addMinutes(15)->getTimestamp())
->relatedTo($server->uuid, true)
->getToken($signer, new Key($server->node->daemonSecret));
->getToken($signer, new Key($server->node->getDecryptedKey()));
// On the daemon transfer repository, make sure to set the node after the server
// because setServer() tells the repository to use the server's node and not the one

107
app/Http/Controllers/Daemon/ActionController.php
View file

@ -1,107 +0,0 @@
<?php
namespace Pterodactyl\Http\Controllers\Daemon;
use Cache;
use Illuminate\Http\Request;
use Pterodactyl\Models\Node;
use Illuminate\Http\Response;
use Illuminate\Http\JsonResponse;
use Pterodactyl\Http\Controllers\Controller;
use Pterodactyl\Repositories\Eloquent\ServerRepository;
use Pterodactyl\Events\Server\Installed as ServerInstalled;
use Illuminate\Contracts\Events\Dispatcher as EventDispatcher;
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
class ActionController extends Controller
{
/**
* @var \Illuminate\Contracts\Events\Dispatcher
*/
private $eventDispatcher;
/**
* @var \Pterodactyl\Repositories\Eloquent\ServerRepository
*/
private $repository;
/**
* ActionController constructor.
*
* @param \Pterodactyl\Repositories\Eloquent\ServerRepository $repository
* @param \Illuminate\Contracts\Events\Dispatcher $eventDispatcher
*/
public function __construct(ServerRepository $repository, EventDispatcher $eventDispatcher)
{
$this->eventDispatcher = $eventDispatcher;
$this->repository = $repository;
}
/**
* Handles install toggle request from daemon.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\JsonResponse
*
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
*/
public function markInstall(Request $request): JsonResponse
{
try {
/** @var \Pterodactyl\Models\Server $server */
$server = $this->repository->findFirstWhere([
'uuid' => $request->input('server'),
]);
} catch (RecordNotFoundException $exception) {
return JsonResponse::create([
'error' => 'No server by that ID was found on the system.',
], Response::HTTP_UNPROCESSABLE_ENTITY);
}
if (! $server->relationLoaded('node')) {
$server->load('node');
}
$hmac = $request->input('signed');
$status = $request->input('installed');
if (! hash_equals(base64_decode($hmac), hash_hmac('sha256', $server->uuid, $server->getRelation('node')->daemonSecret, true))) {
return JsonResponse::create([
'error' => 'Signed HMAC was invalid.',
], Response::HTTP_FORBIDDEN);
}
$this->repository->update($server->id, [
'installed' => ($status === 'installed') ? 1 : 2,
], true, true);
// Only fire event if server installed successfully.
if ($status === 'installed') {
$this->eventDispatcher->dispatch(new ServerInstalled($server));
}
// Don't use a 204 here, the daemon is hard-checking for a 200 code.
return JsonResponse::create([]);
}
/**
* Handles configuration data request from daemon.
*
* @param \Illuminate\Http\Request $request
* @param string $token
* @return \Illuminate\Http\JsonResponse|\Illuminate\Http\Response
*/
public function configuration(Request $request, $token)
{
$nodeId = Cache::pull('Node:Configuration:' . $token);
if (is_null($nodeId)) {
return response()->json(['error' => 'token_invalid'], 403);
}
$node = Node::findOrFail($nodeId);
// Manually as getConfigurationAsJson() returns it in correct format already
return $node->getJsonConfiguration();
}
}

73
app/Http/Controllers/Daemon/PackController.php
View file

@ -1,73 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* This software is licensed under the terms of the MIT license.
* https://opensource.org/licenses/MIT
*/
namespace Pterodactyl\Http\Controllers\Daemon;
use Storage;
use Pterodactyl\Models;
use Illuminate\Http\Request;
use Pterodactyl\Http\Controllers\Controller;
class PackController extends Controller
{
/**
* Pulls an install pack archive from the system.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\Http\JsonResponse|\Symfony\Component\HttpFoundation\BinaryFileResponse
*/
public function pull(Request $request, $uuid)
{
$pack = Models\Pack::where('uuid', $uuid)->first();
if (! $pack) {
return response()->json(['error' => 'No such pack.'], 404);
}
if (! Storage::exists('packs/' . $pack->uuid . '/archive.tar.gz')) {
return response()->json(['error' => 'There is no archive available for this pack.'], 503);
}
return response()->download(storage_path('app/packs/' . $pack->uuid . '/archive.tar.gz'));
}
/**
* Returns the hash information for a pack.
*
* @param \Illuminate\Http\Request $request
* @param string $uuid
* @return \Illuminate\Http\JsonResponse
*/
public function hash(Request $request, $uuid)
{
$pack = Models\Pack::where('uuid', $uuid)->first();
if (! $pack) {
return response()->json(['error' => 'No such pack.'], 404);
}
if (! Storage::exists('packs/' . $pack->uuid . '/archive.tar.gz')) {
return response()->json(['error' => 'There is no archive available for this pack.'], 503);
}
return response()->json([
'archive.tar.gz' => sha1_file(storage_path('app/packs/' . $pack->uuid . '/archive.tar.gz')),
]);
}
/**
* Pulls an update pack archive from the system.
*
* @param \Illuminate\Http\Request $request
*/
public function pullUpdate(Request $request)
{
}
}

2
app/Http/Kernel.php
View file

@ -38,7 +38,6 @@ use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode;
use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
use Pterodactyl\Http\Middleware\Api\Client\SubstituteClientApiBindings;
use Pterodactyl\Http\Middleware\Api\Application\AuthenticateApplicationUser;
use Pterodactyl\Http\Middleware\DaemonAuthenticate as OldDaemonAuthenticate;
class Kernel extends HttpKernel
{
@ -107,7 +106,6 @@ class Kernel extends HttpKernel
'server' => AccessingValidServer::class,
'subuser.auth' => AuthenticateAsSubuser::class,
'admin' => AdminAuthenticate::class,
'daemon-old' => OldDaemonAuthenticate::class,
'csrf' => VerifyCsrfToken::class,
'throttle' => ThrottleRequests::class,
'can' => Authorize::class,

39
app/Http/Middleware/Api/Daemon/DaemonAuthenticate.php
View file

@ -4,6 +4,7 @@ namespace Pterodactyl\Http\Middleware\Api\Daemon;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Contracts\Encryption\Encrypter;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Pterodactyl\Contracts\Repository\NodeRepositoryInterface;
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
@ -25,14 +26,21 @@ class DaemonAuthenticate
'daemon.configuration',
];
/**
* @var \Illuminate\Contracts\Encryption\Encrypter
*/
private $encrypter;
/**
* DaemonAuthenticate constructor.
*
* @param \Illuminate\Contracts\Encryption\Encrypter $encrypter
* @param \Pterodactyl\Contracts\Repository\NodeRepositoryInterface $repository
*/
public function __construct(NodeRepositoryInterface $repository)
public function __construct(Encrypter $encrypter, NodeRepositoryInterface $repository)
{
$this->repository = $repository;
$this->encrypter = $encrypter;
}
/**
@ -50,20 +58,31 @@ class DaemonAuthenticate
return $next($request);
}
$token = $request->bearerToken();
if (is_null($token)) {
throw new HttpException(401, null, null, ['WWW-Authenticate' => 'Bearer']);
if (is_null($bearer = $request->bearerToken())) {
throw new HttpException(
401, 'Access this this endpoint must include an Authorization header.', null, ['WWW-Authenticate' => 'Bearer']
);
}
[$identifier, $token] = explode('.', $bearer);
try {
$node = $this->repository->findFirstWhere([['daemonSecret', '=', $token]]);
/** @var \Pterodactyl\Models\Node $node */
$node = $this->repository->findFirstWhere([
'daemon_token_id' => $identifier,
]);
if (hash_equals((string) $this->encrypter->decrypt($node->daemon_token), $token)) {
$request->attributes->set('node', $node);
return $next($request);
}
} catch (RecordNotFoundException $exception) {
throw new AccessDeniedHttpException;
// Do nothing, we don't want to expose a node not existing at all.
}
$request->attributes->set('node', $node);
return $next($request);
throw new AccessDeniedHttpException(
'You are not authorized to access this resource.'
);
}
}

69
app/Http/Middleware/DaemonAuthenticate.php
View file

@ -1,69 +0,0 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* This software is licensed under the terms of the MIT license.
* https://opensource.org/licenses/MIT
*/
namespace Pterodactyl\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Pterodactyl\Contracts\Repository\NodeRepositoryInterface;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
class DaemonAuthenticate
{
/**
* An array of route names to not apply this middleware to.
*
* @var array
*/
private $except = [
'daemon.configuration',
];
/**
* @var \Pterodactyl\Contracts\Repository\NodeRepositoryInterface
*/
private $repository;
/**
* Create a new filter instance.
*
* @param \Pterodactyl\Contracts\Repository\NodeRepositoryInterface $repository
* @deprecated
*/
public function __construct(NodeRepositoryInterface $repository)
{
$this->repository = $repository;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
*/
public function handle(Request $request, Closure $next)
{
if (in_array($request->route()->getName(), $this->except)) {
return $next($request);
}
if (! $request->header('X-Access-Node')) {
throw new AccessDeniedHttpException;
}
$node = $this->repository->findFirstWhere(['daemonSecret' => $request->header('X-Access-Node')]);
$request->attributes->set('node', $node);
return $next($request);
}
}