StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Cleanup frontend controllers and middleware

Browse source
This commit is contained in:
Dane Everitt 2017-10-27 21:42:53 -05:00
parent d73d580724
commit e0d03513e4
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
33 changed files with 400 additions and 594 deletions
Download patch file Download diff file Expand all files Collapse all files

110
app/Http/Middleware/Server/AccessingValidServer.php Normal file
View file

@ -0,0 +1,110 @@
<?php
namespace Pterodactyl\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Pterodactyl\Models\Server;
use Illuminate\Contracts\Session\Session;
use Illuminate\Auth\AuthenticationException;
use Illuminate\Contracts\Config\Repository as ConfigRepository;
use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
class AccessingValidServer
{
/**
* @var \Illuminate\Contracts\Config\Repository
*/
protected $config;
/**
* @var \Pterodactyl\Contracts\Repository\ServerRepositoryInterface
*/
protected $repository;
/**
* @var \Pterodactyl\Models\Server
*/
protected $server;
/**
* @var \Illuminate\Contracts\Session\Session
*/
protected $session;
/**
* AccessingValidServer constructor.
*
* @param \Illuminate\Contracts\Config\Repository $config
* @param \Pterodactyl\Contracts\Repository\ServerRepositoryInterface $repository
* @param \Illuminate\Contracts\Session\Session $session
*/
public function __construct(
ConfigRepository $config,
ServerRepositoryInterface $repository,
Session $session
) {
$this->config = $config;
$this->repository = $repository;
$this->session = $session;
}
/**
* Determine if a given user has permission to access a server.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*
* @throws \Illuminate\Auth\AuthenticationException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
* @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
*/
public function handle(Request $request, Closure $next)
{
if (! $request->user()) {
throw new AuthenticationException;
}
$attributes = $request->route()->parameter('server');
$isApiRequest = $request->expectsJson() || $request->is(...$this->config->get('pterodactyl.json_routes', []));
$server = $this->repository->getByUuid($attributes instanceof Server ? $attributes->uuid : $attributes);
if (! $server) {
if ($isApiRequest) {
throw new NotFoundHttpException('The requested server was not found on the system.');
}
return response()->view('errors.404', [], 404);
}
if ($server->suspended) {
if ($isApiRequest) {
throw new AccessDeniedHttpException('Server is suspended.');
}
return response()->view('errors.suspended', [], 403);
}
if ($server->installed !== 1) {
if ($isApiRequest) {
throw new AccessDeniedHttpException('Server is completing install process.');
}
return response()->view('errors.installing', [], 403);
}
// Store the server in the session.
// @todo remove from session. use request attributes.
$this->session->now('server_data.model', $server);
// Add server to the request attributes. This will replace sessions
// as files are updated.
$request->attributes->set('server', $server);
return $next($request);
}
}

33
app/Http/Middleware/Server/ScheduleBelongsToServer.php
View file

@ -1,51 +1,34 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* This software is licensed under the terms of the MIT license.
* https://opensource.org/licenses/MIT
*/
namespace Pterodactyl\Http\Middleware\Server;
use Closure;
use Illuminate\Contracts\Session\Session;
use Pterodactyl\Contracts\Extensions\HashidsInterface;
use Pterodactyl\Contracts\Repository\ScheduleRepositoryInterface;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
class ScheduleBelongsToServer
{
/**
* @var \Pterodactyl\Contracts\Extensions\HashidsInterface
*/
protected $hashids;
private $hashids;
/**
* @var \Pterodactyl\Contracts\Repository\ScheduleRepositoryInterface
*/
protected $repository;
/**
* @var \Illuminate\Contracts\Session\Session
*/
protected $session;
private $repository;
/**
* TaskAccess constructor.
*
* @param \Pterodactyl\Contracts\Extensions\HashidsInterface $hashids
* @param \Illuminate\Contracts\Session\Session $session
* @param \Pterodactyl\Contracts\Repository\ScheduleRepositoryInterface $repository
*/
public function __construct(
HashidsInterface $hashids,
Session $session,
ScheduleRepositoryInterface $repository
) {
public function __construct(HashidsInterface $hashids, ScheduleRepositoryInterface $repository)
{
$this->hashids = $hashids;
$this->repository = $repository;
$this->session = $session;
}
/**
@ -55,18 +38,18 @@ class ScheduleBelongsToServer
* @param \Closure $next
* @return mixed
*
* @throws \Symfony\Component\HttpKernel\Exception\HttpException
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
* @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
*/
public function handle($request, Closure $next)
{
$server = $this->session->get('server_data.model');
$server = $request->attributes->get('server');
$scheduleId = $this->hashids->decodeFirst($request->route()->parameter('schedule'), 0);
$schedule = $this->repository->getScheduleWithTasks($scheduleId);
if (object_get($schedule, 'server_id') !== $server->id) {
abort(404);
throw new NotFoundHttpException;
}
$request->attributes->set('schedule', $schedule);

32
app/Http/Middleware/Server/SubuserBelongsToServer.php
View file

@ -1,42 +1,35 @@
<?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* This software is licensed under the terms of the MIT license.
* https://opensource.org/licenses/MIT
*/
namespace Pterodactyl\Http\Middleware\Server;
use Closure;
use Illuminate\Contracts\Session\Session;
use Pterodactyl\Exceptions\DisplayException;
use Pterodactyl\Contracts\Extensions\HashidsInterface;
use Pterodactyl\Contracts\Repository\SubuserRepositoryInterface;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
class SubuserBelongsToServer
{
/**
* @var \Pterodactyl\Contracts\Repository\SubuserRepositoryInterface
* @var \Pterodactyl\Contracts\Extensions\HashidsInterface
*/
protected $repository;
private $hashids;
/**
* @var \Illuminate\Contracts\Session\Session
* @var \Pterodactyl\Contracts\Repository\SubuserRepositoryInterface
*/
protected $session;
private $repository;
/**
* SubuserAccess constructor.
*
* @param \Illuminate\Contracts\Session\Session $session
* @param \Pterodactyl\Contracts\Extensions\HashidsInterface $hashids
* @param \Pterodactyl\Contracts\Repository\SubuserRepositoryInterface $repository
*/
public function __construct(Session $session, SubuserRepositoryInterface $repository)
public function __construct(HashidsInterface $hashids, SubuserRepositoryInterface $repository)
{
$this->hashids = $hashids;
$this->repository = $repository;
$this->session = $session;
}
/**
@ -52,10 +45,11 @@ class SubuserBelongsToServer
*/
public function handle($request, Closure $next)
{
$server = $this->session->get('server_data.model');
$server = $request->attributes->get('server');
$subuser = $this->repository->find($request->route()->parameter('subuser', 0));
if ($subuser->server_id !== $server->id) {
$hash = $request->route()->parameter('subuser', 0);
$subuser = $this->repository->find($this->hashids->decodeFirst($hash, 0));
if (! $subuser || $subuser->server_id !== $server->id) {
throw new NotFoundHttpException;
}
@ -65,6 +59,8 @@ class SubuserBelongsToServer
}
}
$request->attributes->set('subuser', $subuser);
return $next($request);
}
}