Cleanup frontend controllers and middleware
This commit is contained in:
Dane Everitt
parent
d73d580724
commit
e0d03513e4
33 changed files with 400 additions and 594 deletions
|
|
@ -9,10 +9,22 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Server;
|
||||
|
||||
use Pterodactyl\Http\Requests\FrontendUserFormRequest;
|
||||
|
||||
class ScheduleCreationFormRequest extends FrontendUserFormRequest
|
||||
class ScheduleCreationFormRequest extends ServerFormRequest
|
||||
{
|
||||
/**
|
||||
* Permission to validate this request aganist.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
protected function permission(): string
|
||||
{
|
||||
if ($this->method() === 'PATCH') {
|
||||
return 'edit-schedule';
|
||||
}
|
||||
|
||||
return 'create-schedule';
|
||||
}
|
||||
|
||||
/**
|
||||
* Validation rules to apply to the request.
|
||||
*
|
||||
|
|
|
|||
29
app/Http/Requests/Server/ServerFormRequest.php
Normal file
29
app/Http/Requests/Server/ServerFormRequest.php
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Requests\Server;
|
||||
|
||||
use Pterodactyl\Http\Requests\FrontendUserFormRequest;
|
||||
|
||||
abstract class ServerFormRequest extends FrontendUserFormRequest
|
||||
{
|
||||
/**
|
||||
* Return the user permission to validate this request aganist.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
abstract protected function permission(): string;
|
||||
|
||||
/**
|
||||
* Determine if a user has permission to access this resource.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function authorize()
|
||||
{
|
||||
if (! parent::authorize()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return $this->user()->can($this->permission(), $this->attributes->get('server'));
|
||||
}
|
||||
}
|
||||
31
app/Http/Requests/Server/Subuser/SubuserStoreFormRequest.php
Normal file
31
app/Http/Requests/Server/Subuser/SubuserStoreFormRequest.php
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Requests\Server\Subuser;
|
||||
|
||||
use Pterodactyl\Http\Requests\Server\ServerFormRequest;
|
||||
|
||||
class SubuserStoreFormRequest extends ServerFormRequest
|
||||
{
|
||||
/**
|
||||
* Return the user permission to validate this request aganist.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
protected function permission(): string
|
||||
{
|
||||
return 'create-subuser';
|
||||
}
|
||||
|
||||
/**
|
||||
* The rules to validate this request submission aganist.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function rules()
|
||||
{
|
||||
return [
|
||||
'email' => 'required|email',
|
||||
'permissions' => 'present|array',
|
||||
];
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Requests\Server\Subuser;
|
||||
|
||||
use Pterodactyl\Http\Requests\Server\ServerFormRequest;
|
||||
|
||||
class SubuserUpdateFormRequest extends ServerFormRequest
|
||||
{
|
||||
/**
|
||||
* Return the user permission to validate this request aganist.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
protected function permission(): string
|
||||
{
|
||||
return 'edit-subuser';
|
||||
}
|
||||
|
||||
/**
|
||||
* The rules to validate this request submission aganist.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function rules()
|
||||
{
|
||||
return [
|
||||
'permissions' => 'present|array',
|
||||
];
|
||||
}
|
||||
}
|
||||
|
|
@ -9,22 +9,24 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Server;
|
||||
|
||||
use Illuminate\Log\Writer;
|
||||
use Illuminate\Contracts\Session\Session;
|
||||
use GuzzleHttp\Exception\RequestException;
|
||||
use Illuminate\Contracts\Config\Repository;
|
||||
use Pterodactyl\Exceptions\DisplayException;
|
||||
use Pterodactyl\Http\Requests\FrontendUserFormRequest;
|
||||
use Pterodactyl\Exceptions\Http\Server\FileSizeTooLargeException;
|
||||
use Pterodactyl\Contracts\Repository\Daemon\FileRepositoryInterface;
|
||||
use Pterodactyl\Exceptions\Http\Server\FileTypeNotEditableException;
|
||||
use Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException;
|
||||
|
||||
class UpdateFileContentsFormRequest extends FrontendUserFormRequest
|
||||
class UpdateFileContentsFormRequest extends ServerFormRequest
|
||||
{
|
||||
/**
|
||||
* @var object
|
||||
* Return the permission string to validate this request aganist.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
protected $stats;
|
||||
protected function permission(): string
|
||||
{
|
||||
return 'edit-files';
|
||||
}
|
||||
|
||||
/**
|
||||
* Authorize a request to edit a file.
|
||||
|
|
@ -38,17 +40,13 @@ class UpdateFileContentsFormRequest extends FrontendUserFormRequest
|
|||
*/
|
||||
public function authorize()
|
||||
{
|
||||
parent::authorize();
|
||||
|
||||
$session = app()->make(Session::class);
|
||||
$server = $session->get('server_data.model');
|
||||
$token = $session->get('server_data.token');
|
||||
|
||||
$permission = $this->user()->can('edit-files', $server);
|
||||
if (! $permission) {
|
||||
if (! parent::authorize()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$server = $this->attributes->get('server');
|
||||
$token = $this->attributes->get('server_token');
|
||||
|
||||
return $this->checkFileCanBeEdited($server, $token);
|
||||
}
|
||||
|
||||
|
|
@ -61,16 +59,8 @@ class UpdateFileContentsFormRequest extends FrontendUserFormRequest
|
|||
}
|
||||
|
||||
/**
|
||||
* Return the file stats from the Daemon.
|
||||
* Checks if a given file can be edited by a user on this server.
|
||||
*
|
||||
* @return object
|
||||
*/
|
||||
public function getStats()
|
||||
{
|
||||
return $this->stats;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param \Pterodactyl\Models\Server $server
|
||||
* @param string $token
|
||||
* @return bool
|
||||
|
|
@ -80,33 +70,29 @@ class UpdateFileContentsFormRequest extends FrontendUserFormRequest
|
|||
* @throws \Pterodactyl\Exceptions\Http\Server\FileTypeNotEditableException
|
||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
||||
*/
|
||||
protected function checkFileCanBeEdited($server, $token)
|
||||
private function checkFileCanBeEdited($server, $token)
|
||||
{
|
||||
$config = app()->make(Repository::class);
|
||||
$repository = app()->make(FileRepositoryInterface::class);
|
||||
|
||||
try {
|
||||
$this->stats = $repository->setNode($server->node_id)
|
||||
->setAccessServer($server->uuid)
|
||||
$stats = $repository->setNode($server->node_id)->setAccessServer($server->uuid)
|
||||
->setAccessToken($token)
|
||||
->getFileStat($this->route()->parameter('file'));
|
||||
} catch (RequestException $exception) {
|
||||
$response = $exception->getResponse();
|
||||
app()->make(Writer::class)->warning($exception);
|
||||
|
||||
throw new DisplayException(trans('exceptions.daemon_connection_failed', [
|
||||
'code' => is_null($response) ? 'E_CONN_REFUSED' : $response->getStatusCode(),
|
||||
]));
|
||||
throw new DaemonConnectionException($exception);
|
||||
}
|
||||
|
||||
if (! $this->stats->file || ! in_array($this->stats->mime, $config->get('pterodactyl.files.editable'))) {
|
||||
if (! $stats->file || ! in_array($stats->mime, $config->get('pterodactyl.files.editable'))) {
|
||||
throw new FileTypeNotEditableException(trans('server.files.exceptions.invalid_mime'));
|
||||
}
|
||||
|
||||
if ($this->stats->size > $config->get('pterodactyl.files.max_edit_size')) {
|
||||
if ($stats->size > $config->get('pterodactyl.files.max_edit_size')) {
|
||||
throw new FileSizeTooLargeException(trans('server.files.exceptions.max_size'));
|
||||
}
|
||||
|
||||
$this->attributes->set('file_stats', $stats);
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue