From 239984f92c55f48ba96ba7d0de4f376ed99380c8 Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Sun, 10 Jan 2021 17:02:14 -0800
Subject: [PATCH] Add internal support for file denylist on eggs; closes #569

---
 .../Requests/Admin/Egg/EggFormRequest.php     |  3 +-
 app/Models/Egg.php                            | 18 +++++++++++
 .../Eggs/Sharing/EggExporterService.php       |  1 +
 .../Eggs/Sharing/EggImporterService.php       |  3 +-
 .../ServerConfigurationStructureService.php   |  8 +++++
 .../Api/Application/EggTransformer.php        |  1 +
 ...53937_add_file_denylist_to_egg_configs.php | 32 +++++++++++++++++++
 7 files changed, 64 insertions(+), 2 deletions(-)
 create mode 100644 database/migrations/2021_01_10_153937_add_file_denylist_to_egg_configs.php

diff --git a/app/Http/Requests/Admin/Egg/EggFormRequest.php b/app/Http/Requests/Admin/Egg/EggFormRequest.php
index 2c865f228..92e4a6541 100644
--- a/app/Http/Requests/Admin/Egg/EggFormRequest.php
+++ b/app/Http/Requests/Admin/Egg/EggFormRequest.php
@@ -22,6 +22,7 @@ class EggFormRequest extends AdminFormRequest
             'name' => 'required|string|max:191',
             'description' => 'nullable|string',
             'docker_images' => 'required|string',
+            'file_denylist' => 'string',
             'startup' => 'required|string',
             'config_from' => 'sometimes|bail|nullable|numeric',
             'config_stop' => 'required_without:config_from|nullable|string|max:191',
@@ -43,7 +44,7 @@ class EggFormRequest extends AdminFormRequest
     public function withValidator($validator)
     {
         $validator->sometimes('config_from', 'exists:eggs,id', function () {
-            return (int) $this->input('config_from') !== 0;
+            return (int)$this->input('config_from') !== 0;
         });
     }
 }
diff --git a/app/Models/Egg.php b/app/Models/Egg.php
index aed4be7e3..03d5fa5f8 100644
--- a/app/Models/Egg.php
+++ b/app/Models/Egg.php
@@ -13,6 +13,7 @@ namespace Pterodactyl\Models;
  * @property string $docker_image -- deprecated, use $docker_images
  * @property string $update_url
  * @property array $docker_images
+ * @property string $file_denylist
  * @property string|null $config_files
  * @property string|null $config_startup
  * @property string|null $config_logs
@@ -34,6 +35,7 @@ namespace Pterodactyl\Models;
  * @property string|null $inherit_config_startup
  * @property string|null $inherit_config_logs
  * @property string|null $inherit_config_stop
+ * @property string $inherit_file_denylist
  * @property array|null $inherit_features
  *
  * @property \Pterodactyl\Models\Nest $nest
@@ -79,6 +81,7 @@ class Egg extends Model
         'description',
         'features',
         'docker_images',
+        'file_denylist',
         'config_files',
         'config_startup',
         'config_logs',
@@ -255,6 +258,21 @@ class Egg extends Model
         return $this->configFrom->features;
     }
 
+    /**
+     * Returns the features available to this egg from the parent configuration if there are
+     * no features defined for this egg specifically and there is a parent egg configured.
+     *
+     * @return string
+     */
+    public function getInheritFileDenylistAttribute()
+    {
+        if (is_null($this->config_from)) {
+            return $this->file_denylist;
+        }
+
+        return $this->configFrom->file_denylist;
+    }
+
     /**
      * Gets nest associated with an egg.
      *
diff --git a/app/Services/Eggs/Sharing/EggExporterService.php b/app/Services/Eggs/Sharing/EggExporterService.php
index bd26a1ea1..7b0cb3a49 100644
--- a/app/Services/Eggs/Sharing/EggExporterService.php
+++ b/app/Services/Eggs/Sharing/EggExporterService.php
@@ -46,6 +46,7 @@ class EggExporterService
             'description' => $egg->description,
             'features' => $egg->features,
             'images' => $egg->docker_images,
+            'file_denylist' => $egg->inherit_file_denylist,
             'startup' => $egg->startup,
             'config' => [
                 'files' => $egg->inherit_config_files,
diff --git a/app/Services/Eggs/Sharing/EggImporterService.php b/app/Services/Eggs/Sharing/EggImporterService.php
index 8955b1870..19d1c7d2a 100644
--- a/app/Services/Eggs/Sharing/EggImporterService.php
+++ b/app/Services/Eggs/Sharing/EggImporterService.php
@@ -105,6 +105,7 @@ class EggImporterService
             // Maintain backwards compatability for eggs that are still using the old single image
             // string format. New eggs can provide an array of Docker images that can be used.
             'docker_images' => object_get($parsed, 'images') ?? [object_get($parsed, 'image')],
+            'file_denylist' => implode(PHP_EOL, object_get($parsed, 'file_denylist') ?? []),
             'update_url' => object_get($parsed, 'meta.update_url'),
             'config_files' => object_get($parsed, 'config.files'),
             'config_startup' => object_get($parsed, 'config.startup'),
@@ -118,7 +119,7 @@ class EggImporterService
         ], true, true);
 
         collect($parsed->variables)->each(function ($variable) use ($egg) {
-            $this->eggVariableRepository->create(array_merge((array) $variable, [
+            $this->eggVariableRepository->create(array_merge((array)$variable, [
                 'egg_id' => $egg->id,
             ]));
         });
diff --git a/app/Services/Servers/ServerConfigurationStructureService.php b/app/Services/Servers/ServerConfigurationStructureService.php
index 790e9ecc1..b942a270a 100644
--- a/app/Services/Servers/ServerConfigurationStructureService.php
+++ b/app/Services/Servers/ServerConfigurationStructureService.php
@@ -91,6 +91,14 @@ class ServerConfigurationStructureService
                     'read_only' => $mount->read_only,
                 ];
             }),
+            'egg' => [
+                'id' => $server->egg->uuid,
+                'file_denylist' => [
+                    'config.yml',
+                    '**/*.json'
+                ]
+                // 'file_denylist' => explode(PHP_EOL, $server->egg->inherit_file_denylist),
+            ]
         ];
     }
 
diff --git a/app/Transformers/Api/Application/EggTransformer.php b/app/Transformers/Api/Application/EggTransformer.php
index 96a0abfb9..5982d009f 100644
--- a/app/Transformers/Api/Application/EggTransformer.php
+++ b/app/Transformers/Api/Application/EggTransformer.php
@@ -55,6 +55,7 @@ class EggTransformer extends BaseTransformer
                 'startup' => json_decode($model->config_startup, true),
                 'stop' => $model->config_stop,
                 'logs' => json_decode($model->config_logs, true),
+                'file_denylist' => explode(PHP_EOL, $model->file_denylist),
                 'extends' => $model->config_from,
             ],
             'startup' => $model->startup,
diff --git a/database/migrations/2021_01_10_153937_add_file_denylist_to_egg_configs.php b/database/migrations/2021_01_10_153937_add_file_denylist_to_egg_configs.php
new file mode 100644
index 000000000..a5f2c716a
--- /dev/null
+++ b/database/migrations/2021_01_10_153937_add_file_denylist_to_egg_configs.php
@@ -0,0 +1,32 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class AddFileDenylistToEggConfigs extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('eggs', function (Blueprint $table) {
+            $table->text('file_denylist')->after('docker_images');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('eggs', function (Blueprint $table) {
+            $table->dropColumn('file_denylist');
+        });
+    }
+}