Simplify logic when a server is in an unsupported state
This commit is contained in:
Dane Everitt
parent
be26921fcc
commit
e30a765071
10 changed files with 76 additions and 294 deletions
|
|
@ -12,8 +12,6 @@ use Pterodactyl\Exceptions\Http\HttpForbiddenException;
|
|||
use Pterodactyl\Repositories\Eloquent\ServerRepository;
|
||||
use Pterodactyl\Services\Servers\GetUserPermissionsService;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
use Pterodactyl\Exceptions\Http\Server\ServerTransferringException;
|
||||
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
|
||||
use Pterodactyl\Http\Requests\Api\Remote\SftpAuthenticationFormRequest;
|
||||
use Symfony\Component\HttpKernel\Exception\TooManyRequestsHttpException;
|
||||
|
||||
|
|
@ -98,16 +96,7 @@ class SftpAuthenticationController extends Controller
|
|||
}
|
||||
}
|
||||
|
||||
// Prevent SFTP access to servers that are being transferred.
|
||||
if (!is_null($server->transfer)) {
|
||||
throw new ServerTransferringException();
|
||||
}
|
||||
|
||||
// Remember, for security purposes, only reveal the existence of the server to people that
|
||||
// have provided valid credentials, and have permissions to know about it.
|
||||
if ($server->isSuspended() || !$server->isInstalled()) {
|
||||
throw new BadRequestHttpException('Server is not installed or is currently suspended.');
|
||||
}
|
||||
$server->validateCurrentState();
|
||||
|
||||
return new JsonResponse([
|
||||
'server' => $server->uuid,
|
||||
|
|
|
|||
|
|
@ -28,7 +28,6 @@ use Pterodactyl\Http\Middleware\Api\AuthenticateIPAccess;
|
|||
use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings;
|
||||
use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
|
||||
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
|
||||
use Pterodactyl\Http\Middleware\Server\AccessingValidServer;
|
||||
use Pterodactyl\Http\Middleware\Api\Daemon\DaemonAuthenticate;
|
||||
use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;
|
||||
use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode;
|
||||
|
|
@ -106,7 +105,6 @@ class Kernel extends HttpKernel
|
|||
'auth' => Authenticate::class,
|
||||
'auth.basic' => AuthenticateWithBasicAuth::class,
|
||||
'guest' => RedirectIfAuthenticated::class,
|
||||
'server' => AccessingValidServer::class,
|
||||
'admin' => AdminAuthenticate::class,
|
||||
'csrf' => VerifyCsrfToken::class,
|
||||
'throttle' => ThrottleRequests::class,
|
||||
|
|
|
|||
|
|
@ -6,10 +6,8 @@ use Closure;
|
|||
use Illuminate\Http\Request;
|
||||
use Pterodactyl\Models\Server;
|
||||
use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
|
||||
use Symfony\Component\HttpKernel\Exception\ConflictHttpException;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
use Pterodactyl\Exceptions\Http\Server\ServerTransferringException;
|
||||
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
|
||||
use Pterodactyl\Exceptions\Http\Server\ServerStateConflictException;
|
||||
|
||||
class AuthenticateServerAccess
|
||||
{
|
||||
|
|
@ -60,23 +58,17 @@ class AuthenticateServerAccess
|
|||
}
|
||||
}
|
||||
|
||||
if ($server->suspended && !$request->routeIs('api:client:server.resources')) {
|
||||
throw new BadRequestHttpException('This server is currently suspended and the functionality requested is unavailable.');
|
||||
}
|
||||
|
||||
// Still allow users to get information about their server if it is installing or being transferred.
|
||||
if (!$request->routeIs('api:client:server.view')) {
|
||||
if (!$server->isInstalled()) {
|
||||
// Throw an exception for all server routes; however if the user is an admin and requesting the
|
||||
// server details, don't throw the exception for them.
|
||||
if (!$user->root_admin || ($user->root_admin && !$request->routeIs($this->except))) {
|
||||
throw new ConflictHttpException('Server has not completed the installation process.');
|
||||
try {
|
||||
$server->validateCurrentState();
|
||||
} catch (ServerStateConflictException $exception) {
|
||||
// Still allow users to get information about their server if it is installing or
|
||||
// being transferred.
|
||||
if (!$request->routeIs('api:client:server.view')) {
|
||||
if ($server->isSuspended() && !$request->routeIs('api:client:server.resources')) {
|
||||
throw $exception;
|
||||
}
|
||||
}
|
||||
|
||||
if (!is_null($server->transfer)) {
|
||||
if (!$user->root_admin || ($user->root_admin && !$request->routeIs($this->except))) {
|
||||
throw new ServerTransferringException();
|
||||
if (!$user->root_admin || !$request->routeIs($this->except)) {
|
||||
throw $exception;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,92 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Middleware\Server;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Pterodactyl\Models\Server;
|
||||
use Illuminate\Contracts\Routing\ResponseFactory;
|
||||
use Illuminate\Contracts\Config\Repository as ConfigRepository;
|
||||
use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
|
||||
use Symfony\Component\HttpKernel\Exception\ConflictHttpException;
|
||||
use Pterodactyl\Exceptions\Http\Server\ServerTransferringException;
|
||||
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
||||
|
||||
class AccessingValidServer
|
||||
{
|
||||
/**
|
||||
* @var \Illuminate\Contracts\Config\Repository
|
||||
*/
|
||||
private $config;
|
||||
|
||||
/**
|
||||
* @var \Pterodactyl\Contracts\Repository\ServerRepositoryInterface
|
||||
*/
|
||||
private $repository;
|
||||
|
||||
/**
|
||||
* @var \Illuminate\Contracts\Routing\ResponseFactory
|
||||
*/
|
||||
private $response;
|
||||
|
||||
/**
|
||||
* AccessingValidServer constructor.
|
||||
*/
|
||||
public function __construct(
|
||||
ConfigRepository $config,
|
||||
ResponseFactory $response,
|
||||
ServerRepositoryInterface $repository
|
||||
) {
|
||||
$this->config = $config;
|
||||
$this->repository = $repository;
|
||||
$this->response = $response;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine if a given user has permission to access a server.
|
||||
*
|
||||
* @return \Illuminate\Http\Response|mixed
|
||||
*
|
||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
||||
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
|
||||
* @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
{
|
||||
$attributes = $request->route()->parameter('server');
|
||||
$isApiRequest = $request->expectsJson() || $request->is(...$this->config->get('pterodactyl.json_routes', []));
|
||||
$server = $this->repository->getByUuid($attributes instanceof Server ? $attributes->uuid : $attributes);
|
||||
|
||||
if ($server->isSuspended()) {
|
||||
if ($isApiRequest) {
|
||||
throw new AccessDeniedHttpException('Server is suspended and cannot be accessed.');
|
||||
}
|
||||
|
||||
return $this->response->view('errors.suspended', [], 403);
|
||||
}
|
||||
|
||||
// Servers can have install statuses other than 1 or 0, so don't check
|
||||
// for a bool-type operator here.
|
||||
if (!$server->isInstalled()) {
|
||||
if ($isApiRequest) {
|
||||
throw new ConflictHttpException('Server is still completing the installation process.');
|
||||
}
|
||||
|
||||
return $this->response->view('errors.installing', [], 409);
|
||||
}
|
||||
|
||||
if (!is_null($server->transfer)) {
|
||||
if ($isApiRequest) {
|
||||
throw new ServerTransferringException();
|
||||
}
|
||||
|
||||
return $this->response->view('errors.transferring', [], 409);
|
||||
}
|
||||
|
||||
// Add server to the request attributes. This will replace sessions
|
||||
// as files are updated.
|
||||
$request->attributes->set('server', $server);
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue