api(remote): ensure requesting node is checked

This commit is contained in:
Matthew Penner 2024-04-10 17:38:09 -06:00
parent 1172d71d31
commit 319ca683f8
No known key found for this signature in database
2 changed files with 17 additions and 3 deletions

View File

@ -32,6 +32,10 @@ class BackupRemoteUploadController extends Controller
*/ */
public function __invoke(Request $request, string $backup): JsonResponse public function __invoke(Request $request, string $backup): JsonResponse
{ {
// Get the node associated with the request.
/** @var \Pterodactyl\Models\Node $node */
$node = $request->attributes->get('node');
// Get the size query parameter. // Get the size query parameter.
$size = (int) $request->query('size'); $size = (int) $request->query('size');
if (empty($size)) { if (empty($size)) {
@ -39,7 +43,10 @@ class BackupRemoteUploadController extends Controller
} }
/** @var \Pterodactyl\Models\Backup $backup */ /** @var \Pterodactyl\Models\Backup $backup */
$backup = Backup::query()->where('uuid', $backup)->firstOrFail(); $backup = Backup::query()
->where('node_id', $node->id)
->where('uuid', $backup)
->firstOrFail();
// Prevent backups that have already been completed from trying to // Prevent backups that have already been completed from trying to
// be uploaded again. // be uploaded again.

View File

@ -30,8 +30,15 @@ class BackupStatusController extends Controller
*/ */
public function index(ReportBackupCompleteRequest $request, string $backup): JsonResponse public function index(ReportBackupCompleteRequest $request, string $backup): JsonResponse
{ {
/** @var \Pterodactyl\Models\Backup $model */ // Get the node associated with the request.
$model = Backup::query()->where('uuid', $backup)->firstOrFail(); /** @var \Pterodactyl\Models\Node $node */
$node = $request->attributes->get('node');
/** @var \Pterodactyl\Models\Backup $backup */
$backup = Backup::query()
->where('node_id', $node->id)
->where('uuid', $backup)
->firstOrFail();
if ($model->is_successful) { if ($model->is_successful) {
throw new BadRequestHttpException('Cannot update the status of a backup that is already marked as completed.'); throw new BadRequestHttpException('Cannot update the status of a backup that is already marked as completed.');