Add database management back to front-end and begin some refactoring

Here we go again boys...
2017-10-18 22:32:19 -05:00 · 2017-10-18 22:32:19 -05:00 · 97dc0519d6
commit 97dc0519d6
parent 2b80de03df
32 changed files with 774 additions and 407 deletions
--- a/app/Http/Middleware/Server/DatabaseBelongsToServer.php
+++ b/app/Http/Middleware/Server/DatabaseBelongsToServer.php
@ -0,0 +1,51 @@
+<?php
+
+namespace Pterodactyl\Http\Middleware\Server;
+
+use Closure;
+use Illuminate\Http\Request;
+use Pterodactyl\Contracts\Repository\DatabaseRepositoryInterface;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+
+class DatabaseBelongsToServer
+{
+    /**
+     * @var \Pterodactyl\Contracts\Repository\DatabaseRepositoryInterface
+     */
+    protected $repository;
+
+    /**
+     * DatabaseAccess constructor.
+     *
+     * @param \Pterodactyl\Contracts\Repository\DatabaseRepositoryInterface $repository
+     */
+    public function __construct(DatabaseRepositoryInterface $repository)
+    {
+        $this->repository = $repository;
+    }
+
+    /**
+     * Check if a database being requested belongs to the currently loaded server.
+     * If it does not, throw a 404 error, otherwise continue on with the request
+     * and set an attribute with the database.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure                 $next
+     * @return mixed
+     *
+     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        $server = $request->attributes->get('server');
+
+        $database = $this->repository->find($request->input('database'));
+        if ($database->server_id !== $server->id) {
+            throw new NotFoundHttpException;
+        }
+
+        $request->attributes->set('database', $database);
+
+        return $next($request);
+    }
+}
--- a/app/Http/Middleware/Server/ScheduleBelongsToServer.php
+++ b/app/Http/Middleware/Server/ScheduleBelongsToServer.php
@ -14,7 +14,7 @@ use Illuminate\Contracts\Session\Session;
 use Pterodactyl\Contracts\Extensions\HashidsInterface;
 use Pterodactyl\Contracts\Repository\ScheduleRepositoryInterface;

-class ScheduleAccess
+class ScheduleBelongsToServer
 {
    /**
     * @var \Pterodactyl\Contracts\Extensions\HashidsInterface
--- a/app/Http/Middleware/Server/SubuserBelongsToServer.php
+++ b/app/Http/Middleware/Server/SubuserBelongsToServer.php
@ -15,7 +15,7 @@ use Pterodactyl\Exceptions\DisplayException;
 use Pterodactyl\Contracts\Repository\SubuserRepositoryInterface;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;

-class SubuserAccess
+class SubuserBelongsToServer
 {
    /**
     * @var \Pterodactyl\Contracts\Repository\SubuserRepositoryInterface
--- a/app/Http/Middleware/ServerAuthenticate.php
+++ b/app/Http/Middleware/ServerAuthenticate.php
@ -105,8 +105,13 @@ class ServerAuthenticate
        }

        // Store the server in the session.
+        // @todo remove from session. use request attributes.
        $this->session->now('server_data.model', $server);

+        // Add server to the request attributes. This will replace sessions
+        // as files are updated.
+        $request->attributes->set('server', $server);
+
        return $next($request);
    }
 }
--- a/app/Http/Middleware/SubuserAccessAuthenticate.php
+++ b/app/Http/Middleware/SubuserAccessAuthenticate.php
@ -60,6 +60,7 @@ class SubuserAccessAuthenticate
        try {
            $token = $this->keyProviderService->handle($server->id, $request->user()->id);
            $this->session->now('server_data.token', $token);
+            $request->attributes->set('server_token', $token);
        } catch (RecordNotFoundException $exception) {
            throw new AuthenticationException('This account does not have permission to access this server.');
        }