diff --git a/app/Http/Controllers/Api/Remote/SftpController.php b/app/Http/Controllers/Api/Remote/SftpAuthenticationController.php similarity index 87% rename from app/Http/Controllers/Api/Remote/SftpController.php rename to app/Http/Controllers/Api/Remote/SftpAuthenticationController.php index 083544237..e93c1dfc1 100644 --- a/app/Http/Controllers/Api/Remote/SftpController.php +++ b/app/Http/Controllers/Api/Remote/SftpAuthenticationController.php @@ -12,7 +12,7 @@ use Pterodactyl\Services\Sftp\AuthenticateUsingPasswordService; use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; use Pterodactyl\Http\Requests\Api\Remote\SftpAuthenticationFormRequest; -class SftpController extends Controller +class SftpAuthenticationController extends Controller { use ThrottlesLogins; @@ -40,9 +40,12 @@ class SftpController extends Controller * * @throws \Pterodactyl\Exceptions\Model\DataValidationException */ - public function index(SftpAuthenticationFormRequest $request): JsonResponse + public function __invoke(SftpAuthenticationFormRequest $request): JsonResponse { + // Reverse the string to avoid issues with usernames that contain periods. $parts = explode('.', strrev($request->input('username')), 2); + + // Unreverse the strings after parsing them apart. $connection = [ 'username' => strrev(array_get($parts, 1)), 'server' => strrev(array_get($parts, 0)), @@ -86,6 +89,8 @@ class SftpController extends Controller */ protected function throttleKey(Request $request) { - return strtolower(array_get(explode('.', $request->input('username')), 0) . '|' . $request->ip()); + $username = explode('.', strrev($request->input('username', ''))); + + return strtolower(strrev($username[0] ?? '') . '|' . $request->ip()); } } diff --git a/routes/api-remote.php b/routes/api-remote.php index 9da6d8722..f35810ac1 100644 --- a/routes/api-remote.php +++ b/routes/api-remote.php @@ -9,10 +9,8 @@ Route::group(['prefix' => '/scripts'], function () { Route::get('/{uuid}', 'EggInstallController@index')->name('api.remote.scripts'); }); -Route::group(['prefix' => '/sftp'], function () { - Route::post('/', 'SftpController@index')->name('api.remote.sftp'); -}); - +// Routes for the Wings daemon. +Route::post('/sftp/auth', 'SftpAuthenticationController'); Route::group(['prefix' => '/servers/{uuid}'], function () { Route::get('/configuration', 'Servers\ServerConfigurationController'); });