sonot
/
PteroTheme
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Proxy file downloads through the panel rather than having to get creative with download tokens

This commit is contained in:
Dane Everitt 2019-10-26 14:36:37 -07:00
parent 78ccdf93b6
commit 0b9c6bd21d
No known key found for this signature in database
GPG Key ID: EEA66103B3D71F53
4 changed files with 78 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
app/Http/Controllers/Api/Client/Servers/FileController.php
View File

@ -2,15 +2,12 @@
namespace Pterodactyl\Http\Controllers\Api\Client\Servers; namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
use Carbon\Carbon;
use Ramsey\Uuid\Uuid;
use Illuminate\Http\Response; use Illuminate\Http\Response;
use Pterodactyl\Models\Server; use Pterodactyl\Models\Server;
use Illuminate\Http\JsonResponse;
use GuzzleHttp\Exception\TransferException; use GuzzleHttp\Exception\TransferException;
use Illuminate\Contracts\Routing\ResponseFactory;
use Pterodactyl\Repositories\Wings\DaemonFileRepository; use Pterodactyl\Repositories\Wings\DaemonFileRepository;
use Pterodactyl\Transformers\Daemon\FileObjectTransformer; use Pterodactyl\Transformers\Daemon\FileObjectTransformer;
use Illuminate\Contracts\Cache\Repository as CacheRepository;
use Pterodactyl\Http\Controllers\Api\Client\ClientApiController; use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
use Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException; use Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException;
use Pterodactyl\Http\Requests\Api\Client\Servers\Files\CopyFileRequest; use Pterodactyl\Http\Requests\Api\Client\Servers\Files\CopyFileRequest;
@ -18,34 +15,35 @@ use Pterodactyl\Http\Requests\Api\Client\Servers\Files\ListFilesRequest;
use Pterodactyl\Http\Requests\Api\Client\Servers\Files\DeleteFileRequest; use Pterodactyl\Http\Requests\Api\Client\Servers\Files\DeleteFileRequest;
use Pterodactyl\Http\Requests\Api\Client\Servers\Files\RenameFileRequest; use Pterodactyl\Http\Requests\Api\Client\Servers\Files\RenameFileRequest;
use Pterodactyl\Http\Requests\Api\Client\Servers\Files\CreateFolderRequest; use Pterodactyl\Http\Requests\Api\Client\Servers\Files\CreateFolderRequest;
use Pterodactyl\Http\Requests\Api\Client\Servers\Files\DownloadFileRequest;
use Pterodactyl\Http\Requests\Api\Client\Servers\Files\GetFileContentsRequest; use Pterodactyl\Http\Requests\Api\Client\Servers\Files\GetFileContentsRequest;
use Pterodactyl\Http\Requests\Api\Client\Servers\Files\WriteFileContentRequest; use Pterodactyl\Http\Requests\Api\Client\Servers\Files\WriteFileContentRequest;
class FileController extends ClientApiController class FileController extends ClientApiController
{ {
/**
* @var \Illuminate\Contracts\Cache\Factory
*/
private $cache;
/** /**
* @var \Pterodactyl\Repositories\Wings\DaemonFileRepository * @var \Pterodactyl\Repositories\Wings\DaemonFileRepository
*/ */
private $fileRepository; private $fileRepository;
/**
* @var \Illuminate\Contracts\Routing\ResponseFactory
*/
private $responseFactory;
/** /**
* FileController constructor. * FileController constructor.
* *
* @param \Illuminate\Contracts\Routing\ResponseFactory $responseFactory
* @param \Pterodactyl\Repositories\Wings\DaemonFileRepository $fileRepository * @param \Pterodactyl\Repositories\Wings\DaemonFileRepository $fileRepository
* @param \Illuminate\Contracts\Cache\Repository $cache
*/ */
public function __construct(DaemonFileRepository $fileRepository, CacheRepository $cache) public function __construct(
{ ResponseFactory $responseFactory,
DaemonFileRepository $fileRepository
) {
parent::__construct(); parent::__construct();
$this->cache = $cache;
$this->fileRepository = $fileRepository; $this->fileRepository = $fileRepository;
$this->responseFactory = $responseFactory;
} }
/** /**
@ -91,6 +89,39 @@ class FileController extends ClientApiController
); );
} }
/**
* @param \Pterodactyl\Http\Requests\Api\Client\Servers\Files\GetFileContentsRequest $request
* @param \Pterodactyl\Models\Server $server
* @return \Symfony\Component\HttpFoundation\StreamedResponse
*
* @throws \Exception
*/
public function download(GetFileContentsRequest $request, Server $server)
{
set_time_limit(0);
$request = $this->fileRepository->setServer($server)->streamContent(
$request->get('file')
);
$body = $request->getBody();
preg_match('/filename=(?<name>.*)$/', $request->getHeaderLine('Content-Disposition'), $matches);
return $this->responseFactory->streamDownload(
function () use ($body) {
while (! $body->eof()) {
echo $body->read(128);
}
},
$matches['name'] ?? 'download',
[
'Content-Type' => $request->getHeaderLine('Content-Type'),
'Content-Length' => $request->getHeaderLine('Content-Length'),
]
);
}
/** /**
* Writes the contents of the specified file to the server. * Writes the contents of the specified file to the server.
* *
@ -171,27 +202,4 @@ class FileController extends ClientApiController
return Response::create('', Response::HTTP_NO_CONTENT); return Response::create('', Response::HTTP_NO_CONTENT);
} }
/**
* Configure a reference to a file to download in the cache so that when the
* user hits the Daemon and it verifies with the Panel they'll actually be able
* to download that file.
*
* Returns the token that needs to be used when downloading the file.
*
* @param \Pterodactyl\Http\Requests\Api\Client\Servers\Files\DownloadFileRequest $request
* @param \Pterodactyl\Models\Server $server
* @return \Illuminate\Http\JsonResponse
* @throws \Exception
*/
public function download(DownloadFileRequest $request, Server $server): JsonResponse
{
$token = Uuid::uuid4()->toString();
$this->cache->put(
'Server:Downloads:' . $token, ['server' => $server->uuid, 'path' => $request->route()->parameter('file')], Carbon::now()->addMinutes(5)
);
return JsonResponse::create(['token' => $token]);
}
} }

23
app/Repositories/Wings/DaemonFileRepository.php
View File

@ -57,6 +57,29 @@ class DaemonFileRepository extends DaemonRepository
return $response->getBody()->__toString(); return $response->getBody()->__toString();
} }
/**
* Returns a stream of a file's contents back to the calling function to allow
* proxying the request through the Panel rather than needing a direct call to
* the Daemon in order to work.
*
* @param string $path
* @return \Psr\Http\Message\ResponseInterface
*/
public function streamContent(string $path): ResponseInterface
{
Assert::isInstanceOf($this->server, Server::class);
$response = $this->getHttpClient()->get(
sprintf('/api/servers/%s/files/contents', $this->server->uuid),
[
'query' => ['file' => $path, 'download' => true],
'stream' => true,
]
);
return $response;
}
/** /**
* Save new contents to a given file. This works for both creating and updating * Save new contents to a given file. This works for both creating and updating
* a file. * a file.

11
resources/scripts/components/server/files/FileDropdownMenu.tsx
View File

@ -13,7 +13,7 @@ import { join } from 'path';
import deleteFile from '@/api/server/files/deleteFile'; import deleteFile from '@/api/server/files/deleteFile';
import SpinnerOverlay from '@/components/elements/SpinnerOverlay'; import SpinnerOverlay from '@/components/elements/SpinnerOverlay';
import copyFile from '@/api/server/files/copyFile'; import copyFile from '@/api/server/files/copyFile';
import { httpErrorToHuman } from '@/api/http'; import http, { httpErrorToHuman } from '@/api/http';
type ModalType = 'rename' | 'move'; type ModalType = 'rename' | 'move';
@ -69,6 +69,10 @@ export default ({ uuid }: { uuid: string }) => {
}); });
}; };
const doDownload = () => {
window.location = `/api/client/servers/${server.uuid}/files/download?file=${join(directory, file.name)}` as unknown as Location;
};
useEffect(() => { useEffect(() => {
menuVisible menuVisible
? document.addEventListener('click', windowListener) ? document.addEventListener('click', windowListener)
@ -138,7 +142,10 @@ export default ({ uuid }: { uuid: string }) => {
<FontAwesomeIcon icon={faCopy} className={'text-xs'}/> <FontAwesomeIcon icon={faCopy} className={'text-xs'}/>
<span className={'ml-2'}>Copy</span> <span className={'ml-2'}>Copy</span>
</div> </div>
<div className={'hover:text-neutral-700 p-2 flex items-center hover:bg-neutral-100 rounded'}> <div
className={'hover:text-neutral-700 p-2 flex items-center hover:bg-neutral-100 rounded'}
onClick={() => doDownload()}
>
<FontAwesomeIcon icon={faFileDownload} className={'text-xs'}/> <FontAwesomeIcon icon={faFileDownload} className={'text-xs'}/>
<span className={'ml-2'}>Download</span> <span className={'ml-2'}>Download</span>
</div> </div>

5
routes/api-client.php
View File

@ -46,15 +46,12 @@ Route::group(['prefix' => '/servers/{server}', 'middleware' => [AuthenticateServ
Route::group(['prefix' => '/files'], function () { Route::group(['prefix' => '/files'], function () {
Route::get('/list', 'Servers\FileController@listDirectory')->name('api.client.servers.files.list'); Route::get('/list', 'Servers\FileController@listDirectory')->name('api.client.servers.files.list');
Route::get('/contents', 'Servers\FileController@getFileContents')->name('api.client.servers.files.contents'); Route::get('/contents', 'Servers\FileController@getFileContents')->name('api.client.servers.files.contents');
Route::get('/download', 'Servers\FileController@download');
Route::put('/rename', 'Servers\FileController@renameFile')->name('api.client.servers.files.rename'); Route::put('/rename', 'Servers\FileController@renameFile')->name('api.client.servers.files.rename');
Route::post('/copy', 'Servers\FileController@copyFile')->name('api.client.servers.files.copy'); Route::post('/copy', 'Servers\FileController@copyFile')->name('api.client.servers.files.copy');
Route::post('/write', 'Servers\FileController@writeFileContents')->name('api.client.servers.files.write'); Route::post('/write', 'Servers\FileController@writeFileContents')->name('api.client.servers.files.write');
Route::post('/delete', 'Servers\FileController@delete')->name('api.client.servers.files.delete'); Route::post('/delete', 'Servers\FileController@delete')->name('api.client.servers.files.delete');
Route::post('/create-folder', 'Servers\FileController@createFolder')->name('api.client.servers.files.create-folder'); Route::post('/create-folder', 'Servers\FileController@createFolder')->name('api.client.servers.files.create-folder');
Route::post('/download/{file}', 'Servers\FileController@download')
->where('file', '.*')
->name('api.client.servers.files.download');
}); });
Route::group(['prefix' => '/network'], function () { Route::group(['prefix' => '/network'], function () {