Completed subuser system

2016-01-18 19:57:10 -05:00 · 2016-01-18 19:57:10 -05:00 · ac6edc4d64
commit ac6edc4d64
parent 251700bc2e
16 changed files with 731 additions and 15 deletions
--- a/app/Repositories/SubuserRepository.php
+++ b/app/Repositories/SubuserRepository.php
@ -4,16 +4,29 @@ namespace Pterodactyl\Repositories;

 use DB;
 use Validator;
+use Mail;

 use Pterodactyl\Models;
+use Pterodactyl\Repositories\UserRepository;
 use Pterodactyl\Services\UuidService;

 use Pterodactyl\Exceptions\DisplayValidationException;
 use Pterodactyl\Exceptions\DisplayException;

-class UserRepository
+class SubuserRepository
 {

+    /**
+     * Core permissions required for every subuser on the daemon.
+     * Without this we cannot connect the websocket or get basic
+     * information about the server.
+     * @var array
+     */
+    protected $coreDaemonPermissions = [
+        's:get',
+        's:console'
+    ];
+
    /**
     * Allowed permissions and their related daemon permission.
     * @var array
@ -30,12 +43,12 @@ class UserRepository

        // File Manager
        'list-files' => 's:files:get',
-        'edit-file' => 's:files:read',
-        'save-file' => 's:files:post',
-        'create-file' => 's:files:post',
-        'download-file' => null,
-        'upload-file' => 's:files:upload',
-        'delete-file' => 's:files:delete',
+        'edit-files' => 's:files:read',
+        'save-files' => 's:files:post',
+        'create-files' => 's:files:post',
+        'download-files' => null,
+        'upload-files' => 's:files:upload',
+        'delete-files' => 's:files:delete',

        // Subusers
        'list-subusers' => null,
@ -46,6 +59,8 @@ class UserRepository

        // Management
        'set-connection' => null,
+        'view-startup' => null,
+        'edit-startup' => null,
        'view-sftp' => null,
        'reset-sftp' => 's:set-password'
    ];
@ -55,6 +70,154 @@ class UserRepository
        //
    }

+    /**
+     * Creates a new subuser on the server.
+     * @param  integer $id     The ID of the server to add this subuser to.
+     * @param  array  $data
+     * @throws DisplayValidationException
+     * @throws DisplayException
+     * @return integer          Returns the ID of the newly created subuser.
+     */
+    public function create($sid, array $data)
+    {
+        $server = Models\Server::findOrFail($sid);
+        $validator = Validator::make($data, [
+            'permissions' => 'required|array',
+            'email' => 'required|email'
+        ]);
+
+        if ($validator->fails()) {
+            throw new DisplayValidationException(json_encode($validator->all()));
+        }
+
+        DB::beginTransaction();
+
+        // Determine if this user exists or if we need to make them an account.
+        $user = Models\User::where('email', $data['email'])->first();
+        if (!$user) {
+            $password = str_random(16);
+            try {
+                $repo = new UserRepository;
+                $uid = $repo->create($data['email'], $password);
+                $user = Models\User::findOrFail($uid);
+            } catch (\Exception $ex) {
+                throw $ex;
+            }
+        }
+
+        $uuid = new UuidService;
+
+        $subuser = new Models\Subuser;
+        $subuser->fill([
+            'user_id' => $user->id,
+            'server_id' => $server->id,
+            'daemonSecret' => (string) $uuid->generate('servers', 'uuid')
+        ]);
+        $subuser->save();
+
+        $daemonPermissions = $this->coreDaemonPermissions;
+        foreach($data['permissions'] as $permission) {
+            if (array_key_exists($permission, $this->permissions)) {
+                // Build the daemon permissions array for sending.
+                if (!is_null($this->permissions[$permission])) {
+                    array_push($daemonPermissions, $this->permissions[$permission]);
+                }
+                $model = new Models\Permission;
+                $model->fill([
+                    'user_id' => $user->id,
+                    'server_id' => $server->id,
+                    'permission' => $permission
+                ]);
+                $model->save();
+            }
+        }
+
+        // Contact Daemon
+        // We contact even if they don't have any daemon permissions to overwrite
+        // if they did have them previously.
+        try {
+
+            $node = Models\Node::getByID($server->node);
+            $client = Models\Node::guzzleRequest($server->node);
+
+            $res = $client->request('PATCH', '/server', [
+                'headers' => [
+                    'X-Access-Server' => $server->uuid,
+                    'X-Access-Token' => $node->daemonSecret
+                ],
+                'json' => [
+                    'keys' => [
+                        $subuser->daemonSecret => $daemonPermissions
+                    ]
+                ]
+            ]);
+
+            $email = $data['email'];
+            Mail::queue('emails.added-subuser', [
+                'serverName' => $server->name,
+                'url' => route('server.index', $server->uuidShort),
+            ], function ($message) use ($email) {
+                $message->to($email);
+                $message->subject('Pterodactyl - Added to Server');
+            });
+            DB::commit();
+            return $subuser->id;
+        } catch (\GuzzleHttp\Exception\TransferException $ex) {
+            DB::rollBack();
+            throw new DisplayException('There was an error attempting to connect to the daemon to add this user.');
+        } catch (\Exception $ex) {
+            DB::rollBack();
+            throw $ex;
+        }
+        return false;
+    }
+
+    /**
+     * Revokes a users permissions on a server.
+     * @param  integer  $id  The ID of the subuser row in MySQL.
+     * @param  array    $data
+     * @throws DisplayValidationException
+     * @throws DisplayException
+     * @return void
+     */
+    public function delete($id)
+    {
+        $subuser = Models\Subuser::findOrFail($id);
+        $server = Models\Server::findOrFail($subuser->server_id);
+
+        DB::beginTransaction();
+
+        Models\Permission::where('user_id', $subuser->user_id)->where('server_id', $subuser->server_id)->delete();
+
+        try {
+            $node = Models\Node::getByID($server->node);
+            $client = Models\Node::guzzleRequest($server->node);
+
+            $res = $client->request('PATCH', '/server', [
+                'headers' => [
+                    'X-Access-Server' => $server->uuid,
+                    'X-Access-Token' => $node->daemonSecret
+                ],
+                'json' => [
+                    'keys' => [
+                        $subuser->daemonSecret => []
+                    ]
+                ]
+            ]);
+
+            $subuser->delete();
+            DB::commit();
+            return true;
+        } catch (\GuzzleHttp\Exception\TransferException $ex) {
+            DB::rollBack();
+            throw new DisplayException('There was an error attempting to connect to the daemon to delete this subuser.');
+        } catch (\Exception $ex) {
+            DB::rollBack();
+            throw $ex;
+        }
+        return false;
+    }
+
    /**
     * Updates permissions for a given subuser.
     * @param  integer $id  The ID of the subuser row in MySQL. (Not the user ID)
@ -66,13 +229,67 @@ class UserRepository
    public function update($id, array $data)
    {
        $validator = Validator::make($data, [
-            'permissions' => 'required|array'
+            'permissions' => 'required|array',
+            'user' => 'required|exists:users,id',
+            'server' => 'required|exists:servers,id',
        ]);

        if ($validator->fails()) {
            throw new DisplayValidationException(json_encode($validator->all()));
        }

-        // @TODO the thing.
+        $subuser = Models\Subuser::findOrFail($id);
+        $server = Models\Server::findOrFail($data['server']);

+        DB::beginTransaction();
+        Models\Permission::where('user_id', $subuser->user_id)->where('server_id', $subuser->server_id)->delete();
+
+        $daemonPermissions = $this->coreDaemonPermissions;
+        foreach($data['permissions'] as $permission) {
+            if (array_key_exists($permission, $this->permissions)) {
+                // Build the daemon permissions array for sending.
+                if (!is_null($this->permissions[$permission])) {
+                    array_push($daemonPermissions, $this->permissions[$permission]);
+                }
+                $model = new Models\Permission;
+                $model->fill([
+                    'user_id' => $data['user'],
+                    'server_id' => $data['server'],
+                    'permission' => $permission
+                ]);
+                $model->save();
+            }
+        }
+
+        // Contact Daemon
+        // We contact even if they don't have any daemon permissions to overwrite
+        // if they did have them previously.
+        try {
+            $node = Models\Node::getByID($server->node);
+            $client = Models\Node::guzzleRequest($server->node);
+
+            $res = $client->request('PATCH', '/server', [
+                'headers' => [
+                    'X-Access-Server' => $server->uuid,
+                    'X-Access-Token' => $node->daemonSecret
+                ],
+                'json' => [
+                    'keys' => [
+                        $subuser->daemonSecret => $daemonPermissions
+                    ]
+                ]
+            ]);
+
+            DB::commit();
+            return true;
+        } catch (\GuzzleHttp\Exception\TransferException $ex) {
+            DB::rollBack();
+            throw new DisplayException('There was an error attempting to connect to the daemon to update permissions.');
+        } catch (\Exception $ex) {
+            DB::rollBack();
+            throw $ex;
+        }
+        return false;
    }
+
+}