Update allocations to support ids; protect endpoints; support notes
This commit is contained in:
Dane Everitt
parent
9c3b9a0fae
commit
2278927fb6
19 changed files with 217 additions and 62 deletions
|
|
@ -3,16 +3,19 @@
|
|||
namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
|
||||
|
||||
use Pterodactyl\Models\Server;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Pterodactyl\Models\Allocation;
|
||||
use Pterodactyl\Exceptions\DisplayException;
|
||||
use Pterodactyl\Repositories\Eloquent\ServerRepository;
|
||||
use Illuminate\Database\Eloquent\ModelNotFoundException;
|
||||
use Pterodactyl\Repositories\Eloquent\AllocationRepository;
|
||||
use Pterodactyl\Transformers\Api\Client\AllocationTransformer;
|
||||
use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
|
||||
use Pterodactyl\Http\Requests\Api\Client\Servers\Network\GetNetworkRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\Servers\Network\DeleteAllocationRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\Servers\Network\UpdateAllocationRequest;
|
||||
use Pterodactyl\Http\Requests\Api\Client\Servers\Network\SetPrimaryAllocationRequest;
|
||||
|
||||
class NetworkController extends ClientApiController
|
||||
class NetworkAllocationController extends ClientApiController
|
||||
{
|
||||
/**
|
||||
* @var \Pterodactyl\Repositories\Eloquent\AllocationRepository
|
||||
|
|
@ -58,33 +61,67 @@ class NetworkController extends ClientApiController
|
|||
/**
|
||||
* Set the primary allocation for a server.
|
||||
*
|
||||
* @param \Pterodactyl\Http\Requests\Api\Client\Servers\Network\SetPrimaryAllocationRequest $request
|
||||
* @param \Pterodactyl\Http\Requests\Api\Client\Servers\Network\UpdateAllocationRequest $request
|
||||
* @param \Pterodactyl\Models\Server $server
|
||||
* @param \Pterodactyl\Models\Allocation $allocation
|
||||
* @return array
|
||||
*
|
||||
* @throws \Pterodactyl\Exceptions\DisplayException
|
||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
||||
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
|
||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
||||
*/
|
||||
public function storePrimary(SetPrimaryAllocationRequest $request, Server $server): array
|
||||
public function update(UpdateAllocationRequest $request, Server $server, Allocation $allocation): array
|
||||
{
|
||||
try {
|
||||
/** @var \Pterodactyl\Models\Allocation $allocation */
|
||||
$allocation = $this->repository->findFirstWhere([
|
||||
'server_id' => $server->id,
|
||||
'ip' => $request->input('ip'),
|
||||
'port' => $request->input('port'),
|
||||
]);
|
||||
} catch (ModelNotFoundException $exception) {
|
||||
throw new DisplayException(
|
||||
'The IP and port you selected are not available for this server.'
|
||||
);
|
||||
}
|
||||
$allocation = $this->repository->update($allocation->id, [
|
||||
'notes' => $request->input('notes'),
|
||||
]);
|
||||
|
||||
return $this->fractal->item($allocation)
|
||||
->transformWith($this->getTransformer(AllocationTransformer::class))
|
||||
->toArray();
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the primary allocation for a server.
|
||||
*
|
||||
* @param \Pterodactyl\Http\Requests\Api\Client\Servers\Network\SetPrimaryAllocationRequest $request
|
||||
* @param \Pterodactyl\Models\Server $server
|
||||
* @param \Pterodactyl\Models\Allocation $allocation
|
||||
* @return array
|
||||
*
|
||||
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
|
||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
||||
*/
|
||||
public function setPrimary(SetPrimaryAllocationRequest $request, Server $server, Allocation $allocation): array
|
||||
{
|
||||
$this->serverRepository->update($server->id, ['allocation_id' => $allocation->id]);
|
||||
|
||||
return $this->fractal->item($allocation)
|
||||
->transformWith($this->getTransformer(AllocationTransformer::class))
|
||||
->toArray();
|
||||
}
|
||||
|
||||
/**
|
||||
* Delete an allocation from a server.
|
||||
*
|
||||
* @param \Pterodactyl\Http\Requests\Api\Client\Servers\Network\DeleteAllocationRequest $request
|
||||
* @param \Pterodactyl\Models\Server $server
|
||||
* @param \Pterodactyl\Models\Allocation $allocation
|
||||
* @return \Illuminate\Http\JsonResponse
|
||||
*
|
||||
* @throws \Pterodactyl\Exceptions\DisplayException
|
||||
* @throws \Pterodactyl\Exceptions\Model\DataValidationException
|
||||
* @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
|
||||
*/
|
||||
public function delete(DeleteAllocationRequest $request, Server $server, Allocation $allocation)
|
||||
{
|
||||
if ($allocation->id === $server->allocation_id) {
|
||||
throw new DisplayException(
|
||||
'Cannot delete the primary allocation for a server.'
|
||||
);
|
||||
}
|
||||
|
||||
$this->repository->update($allocation->id, ['server_id' => null, 'notes' => null]);
|
||||
|
||||
return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Middleware\Api\Client\Server;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
|
||||
class AllocationBelongsToServer
|
||||
{
|
||||
/**
|
||||
* Ensure that the allocation found in the URL belongs to the server being queried.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @return mixed
|
||||
*
|
||||
* @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
{
|
||||
/** @var \Pterodactyl\Models\Server $server */
|
||||
$server = $request->route()->parameter('server');
|
||||
/** @var \Pterodactyl\Models\Allocation|null $allocation */
|
||||
$allocation = $request->route()->parameter('allocation');
|
||||
|
||||
if ($allocation && $allocation->server_id !== $server->id) {
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
|
@ -4,12 +4,12 @@ namespace Pterodactyl\Http\Middleware\Api\Client;
|
|||
|
||||
use Closure;
|
||||
use Pterodactyl\Models\Backup;
|
||||
use Pterodactyl\Models\Database;
|
||||
use Illuminate\Container\Container;
|
||||
use Pterodactyl\Contracts\Extensions\HashidsInterface;
|
||||
use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings;
|
||||
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
|
||||
use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
|
||||
use Pterodactyl\Contracts\Repository\DatabaseRepositoryInterface;
|
||||
|
||||
class SubstituteClientApiBindings extends ApiSubstituteBindings
|
||||
{
|
||||
|
|
@ -43,17 +43,9 @@ class SubstituteClientApiBindings extends ApiSubstituteBindings
|
|||
});
|
||||
|
||||
$this->router->bind('database', function ($value) use ($request) {
|
||||
try {
|
||||
$id = Container::getInstance()->make(HashidsInterface::class)->decodeFirst($value);
|
||||
$id = Container::getInstance()->make(HashidsInterface::class)->decodeFirst($value);
|
||||
|
||||
return Container::getInstance()->make(DatabaseRepositoryInterface::class)->findFirstWhere([
|
||||
['id', '=', $id],
|
||||
]);
|
||||
} catch (RecordNotFoundException $exception) {
|
||||
$request->attributes->set('is_missing_model', true);
|
||||
|
||||
return null;
|
||||
}
|
||||
return Database::query()->where('id', $id)->firstOrFail();
|
||||
});
|
||||
|
||||
$this->router->model('backup', Backup::class, function ($value) {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,17 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Network;
|
||||
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
class DeleteAllocationRequest extends ClientApiRequest
|
||||
{
|
||||
/**
|
||||
* @return string
|
||||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return Permission::ACTION_ALLOCATION_DELETE;
|
||||
}
|
||||
}
|
||||
|
|
@ -2,27 +2,13 @@
|
|||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Network;
|
||||
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
class SetPrimaryAllocationRequest extends ClientApiRequest
|
||||
class SetPrimaryAllocationRequest extends UpdateAllocationRequest
|
||||
{
|
||||
/**
|
||||
* @return string
|
||||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return Permission::ACTION_ALLOCIATION_UPDATE;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array
|
||||
*/
|
||||
public function rules(): array
|
||||
{
|
||||
return [
|
||||
'ip' => 'required|string',
|
||||
'port' => 'required|numeric|min:1024|max:65535',
|
||||
];
|
||||
return [];
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,28 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Http\Requests\Api\Client\Servers\Network;
|
||||
|
||||
use Pterodactyl\Models\Allocation;
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||
|
||||
class UpdateAllocationRequest extends ClientApiRequest
|
||||
{
|
||||
/**
|
||||
* @return string
|
||||
*/
|
||||
public function permission(): string
|
||||
{
|
||||
return Permission::ACTION_ALLOCATION_UPDATE;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array
|
||||
*/
|
||||
public function rules(): array
|
||||
{
|
||||
return [
|
||||
'notes' => Allocation::$validationRules['notes'],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
|
@ -9,6 +9,7 @@ namespace Pterodactyl\Models;
|
|||
* @property string|null $ip_alias
|
||||
* @property int $port
|
||||
* @property int|null $server_id
|
||||
* @property string|null $notes
|
||||
* @property \Carbon\Carbon|null $created_at
|
||||
* @property \Carbon\Carbon|null $updated_at
|
||||
*
|
||||
|
|
@ -60,6 +61,7 @@ class Allocation extends Model
|
|||
'port' => 'required|numeric|between:1024,65553',
|
||||
'ip_alias' => 'nullable|string',
|
||||
'server_id' => 'nullable|exists:servers,id',
|
||||
'notes' => 'nullable|string|max:256',
|
||||
];
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -44,7 +44,9 @@ class Permission extends Model
|
|||
const ACTION_BACKUP_DOWNLOAD = 'backup.download';
|
||||
|
||||
const ACTION_ALLOCATION_READ = 'allocation.read';
|
||||
const ACTION_ALLOCIATION_UPDATE = 'allocation.update';
|
||||
const ACTION_ALLOCATION_CREATE = 'allocation.create';
|
||||
const ACTION_ALLOCATION_UPDATE = 'allocation.update';
|
||||
const ACTION_ALLOCATION_DELETE = 'allocation.delete';
|
||||
|
||||
const ACTION_FILE_READ = 'file.read';
|
||||
const ACTION_FILE_CREATE = 'file.create';
|
||||
|
|
@ -157,7 +159,9 @@ class Permission extends Model
|
|||
'description' => 'Permissions that control a user\'s ability to modify the port allocations for this server.',
|
||||
'keys' => [
|
||||
'read' => 'Allows a user to view the allocations assigned to this server.',
|
||||
'update' => 'Allows a user to modify the allocations assigned to this server.',
|
||||
'create' => 'Allows a user to assign additional allocations to the server.',
|
||||
'update' => 'Allows a user to change the primary server allocation and attach notes to each allocation.',
|
||||
'delete' => 'Allows a user to delete an allocation from the server.',
|
||||
],
|
||||
],
|
||||
|
||||
|
|
|
|||
|
|
@ -39,6 +39,7 @@ class AllocationTransformer extends BaseTransformer
|
|||
'ip' => $allocation->ip,
|
||||
'alias' => $allocation->ip_alias,
|
||||
'port' => $allocation->port,
|
||||
'notes' => $allocation->notes,
|
||||
'assigned' => ! is_null($allocation->server_id),
|
||||
];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,9 +25,11 @@ class AllocationTransformer extends BaseClientTransformer
|
|||
public function transform(Allocation $model)
|
||||
{
|
||||
return [
|
||||
'id' => $model->id,
|
||||
'ip' => $model->ip,
|
||||
'ip_alias' => $model->ip_alias,
|
||||
'port' => $model->port,
|
||||
'notes' => $model->notes,
|
||||
'is_default' => $model->server->allocation_id === $model->id,
|
||||
];
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue