sonot
/
PteroTheme
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'develop' into showunlimited

This commit is contained in:
Charles Morgan 2020-06-02 11:18:00 -05:00 committed by GitHub
parent 917a1e8a87 0795f8763d
commit 4d3563b8e1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 54 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
SECURITY.md Normal file
View File

@ -0,0 +1,19 @@
# Security Policy
## Supported Versions
The following versions of Pterodactyl are receiving active support and maintenance. Any security vulnerabilities discovered must be reproducible in supported versions.
| Panel | Daemon | Supported |
| ----- | ------------ | ------------------ |
| 1.0.x | wings@1.0.x | :white_check_mark: |
| 0.7.x | daemon@0.6.x | :white_check_mark: |
| 0.6.x | daemon@0.5.x | :x: |
| 0.5.x | daemon@0.4.x | :x: |
## Reporting a Vulnerability
Please reach out directly to any project team member on Discord when reporting a security vulnerability, or you can send an email to `dane [ät] pterodactyl.io`.
We make every effort to respond as soon as possible, although it may take a day or two for us to sync internally and determine the severity of the report and its impact. Please, _do not_ use a public facing channel or GitHub issues to report sensitive security issues.
As part of our process, we will create a security advisory for the affected versions and disclose it publicly, usually two to four weeks after a releasing a version that addresses it.

1
app/Http/Controllers/Admin/ServersController.php
View File

@ -323,6 +323,7 @@ class ServersController extends Controller
'database' => $request->input('database'), 'database' => $request->input('database'),
'remote' => $request->input('remote'), 'remote' => $request->input('remote'),
'database_host_id' => $request->input('database_host_id'), 'database_host_id' => $request->input('database_host_id'),
'max_connections' => $request->input('max_connections'),
]); ]);
return redirect()->route('admin.servers.view.database', $server)->withInput(); return redirect()->route('admin.servers.view.database', $server)->withInput();

49
app/Repositories/Wings/DaemonFileRepository.php
View File

@ -2,8 +2,6 @@
namespace Pterodactyl\Repositories\Wings; namespace Pterodactyl\Repositories\Wings;
use stdClass;
use Exception;
use Webmozart\Assert\Assert; use Webmozart\Assert\Assert;
use Pterodactyl\Models\Server; use Pterodactyl\Models\Server;
use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ResponseInterface;
@ -11,20 +9,6 @@ use Pterodactyl\Exceptions\Http\Server\FileSizeTooLargeException;
class DaemonFileRepository extends DaemonRepository class DaemonFileRepository extends DaemonRepository
{ {
/**
* Return stat information for a given file.
*
* @param string $path
* @return \stdClass
*
* @throws \Exception
* @throws \GuzzleHttp\Exception\TransferException
*/
public function getFileStat(string $path): stdClass
{
throw new Exception('Function not implemented.');
}
/** /**
* Return the contents of a given file. * Return the contents of a given file.
* *
@ -55,29 +39,6 @@ class DaemonFileRepository extends DaemonRepository
return $response->getBody()->__toString(); return $response->getBody()->__toString();
} }
/**
* Returns a stream of a file's contents back to the calling function to allow
* proxying the request through the Panel rather than needing a direct call to
* the Daemon in order to work.
*
* @param string $path
* @return \Psr\Http\Message\ResponseInterface
*/
public function streamContent(string $path): ResponseInterface
{
Assert::isInstanceOf($this->server, Server::class);
$response = $this->getHttpClient()->get(
sprintf('/api/servers/%s/files/contents', $this->server->uuid),
[
'query' => ['file' => $path, 'download' => true],
'stream' => true,
]
);
return $response;
}
/** /**
* Save new contents to a given file. This works for both creating and updating * Save new contents to a given file. This works for both creating and updating
* a file. * a file.
@ -138,8 +99,8 @@ class DaemonFileRepository extends DaemonRepository
sprintf('/api/servers/%s/files/create-directory', $this->server->uuid), sprintf('/api/servers/%s/files/create-directory', $this->server->uuid),
[ [
'json' => [ 'json' => [
'name' => $name, 'name' => urldecode($name),
'path' => $path, 'path' => urldecode($path),
], ],
] ]
); );
@ -160,8 +121,8 @@ class DaemonFileRepository extends DaemonRepository
sprintf('/api/servers/%s/files/rename', $this->server->uuid), sprintf('/api/servers/%s/files/rename', $this->server->uuid),
[ [
'json' => [ 'json' => [
'rename_from' => $from, 'rename_from' => urldecode($from),
'rename_to' => $to, 'rename_to' => urldecode($to),
], ],
] ]
); );
@ -181,7 +142,7 @@ class DaemonFileRepository extends DaemonRepository
sprintf('/api/servers/%s/files/copy', $this->server->uuid), sprintf('/api/servers/%s/files/copy', $this->server->uuid),
[ [
'json' => [ 'json' => [
'location' => $location, 'location' => urldecode($location),
], ],
] ]
); );

26
database/seeds/eggs/minecraft/egg-forge-minecraft.json
View File

@ -3,7 +3,7 @@
"meta": { "meta": {
"version": "PTDL_v1" "version": "PTDL_v1"
}, },
"exported_at": "2019-02-10T22:57:27+01:00", "exported_at": "2020-05-24T12:15:13-04:00",
"name": "Forge Minecraft", "name": "Forge Minecraft",
"author": "support@pterodactyl.io", "author": "support@pterodactyl.io",
"description": "Minecraft Forge Server. Minecraft Forge is a modding API (Application Programming Interface), which makes it easier to create mods, and also make sure mods are compatible with each other.", "description": "Minecraft Forge Server. Minecraft Forge is a modding API (Application Programming Interface), which makes it easier to create mods, and also make sure mods are compatible with each other.",
@ -17,8 +17,8 @@
}, },
"scripts": { "scripts": {
"installation": { "installation": {
"script": "#!\/bin\/bash\r\n# Forge Installation Script\r\n#\r\n# Server Files: \/mnt\/server\r\napt update\r\napt install -y curl\r\n\r\n#Fetching version\r\nif [ -z \"$MC_VERSION\" ] || [ \"$MC_VERSION\" == \"latest\" ]; then\r\n echo \"Fetching latest\"\r\n MC_VERSION=$(curl -sl https:\/\/files.minecraftforge.net\/maven\/net\/minecraftforge\/forge\/index.html | grep -A 2 \"Latest\" | awk NF=NF RS= OFS=\" \" | grep -o -e '[1].[0-9]*.[0-9]* - [0-9]*.[0-9]*.[0-9]*.[0-9]*' | sed 's\/ \/\/g')\r\nelif [[ ! \"$MC_VERSION\" =~ - ]]; then\r\n echo \"Fetching latest from version $MC_VERSION\"\r\n MC_VERSION=$(curl -sl https:\/\/files.minecraftforge.net\/maven\/net\/minecraftforge\/forge\/index_$MC_VERSION.html | grep -A 2 \"Latest\" | awk NF=NF RS= OFS=\" \" | grep -o -e '[1].[0-9]*.[0-9]* - [0-9]*.[0-9]*.[0-9]*.[0-9]*' | sed 's\/ \/\/g')\r\nfi\r\n\r\n#Checking if forge version valid\r\nif [[ ! \"$MC_VERSION\" =~ [1].[0-9]*.[0-9]*-[0-9]*.[0-9]*.[0-9]*.[0-9]* ]]; then\r\n echo \"!!! Invalid forge version \\\"$MC_VERSION\\\" !!!\"\r\n exit\r\nfi\r\n\r\n#Go into main direction\r\ncd \/mnt\/server\r\n\r\n#Adding .jar when not eding by SERVER_JARFILE\r\nif [[ ! $SERVER_JARFILE = *\\.jar ]]; then\r\n SERVER_JARFILE=\"$SERVER_JARFILE.jar\"\r\nfi\r\n\r\n#Downloading jars\r\necho -e \"Downloading forge version \\\"$MC_VERSION\\\"\"\r\ncurl -o installer.jar -sS https:\/\/files.minecraftforge.net\/maven\/net\/minecraftforge\/forge\/$MC_VERSION\/forge-$MC_VERSION-installer.jar\r\ncurl -o $SERVER_JARFILE -sS https:\/\/files.minecraftforge.net\/maven\/net\/minecraftforge\/forge\/$MC_VERSION\/forge-$MC_VERSION-universal.jar\r\n\r\n#Checking if downloaded jars exist\r\nif [ ! -f .\/installer.jar ] || [ ! -f .\/$SERVER_JARFILE ]; then\r\n echo \"!!! Error by downloading forge version \\\"$MC_VERSION\\\" !!!\"\r\n exit\r\nfi\r\n\r\n#Installing server\r\necho -e \"Installing forge server.\\n\"\r\njava -jar installer.jar --installServer\r\n\r\n#Deleting installer.jar\r\necho -e \"Deleting installer.jar file.\\n\"\r\nrm -rf installer.jar", "script": "#!\/bin\/bash\r\n# Forge Installation Script\r\n#\r\n# Server Files: \/mnt\/server\r\napt update\r\napt install -y curl jq\r\n\r\n#Go into main direction\r\nif [ ! -d \/mnt\/server ]; then\r\n mkdir \/mnt\/server\r\nfi\r\n\r\ncd \/mnt\/server\r\n\r\nif [ ! -z ${FORGE_VERSION} ]; then\r\n DOWNLOAD_LINK=https:\/\/files.minecraftforge.net\/maven\/net\/minecraftforge\/forge\/${FORGE_VERSION}\/forge-${FORGE_VERSION}\r\nelse\r\n JSON_DATA=$(curl -sSL https:\/\/files.minecraftforge.net\/maven\/net\/minecraftforge\/forge\/promotions_slim.json)\r\n\r\n if [ \"${MC_VERSION}\" == \"latest\" ] || [ \"${MC_VERSION}\" == \"\" ] ; then\r\n echo -e \"getting latest recommended version of forge.\"\r\n MC_VERSION=$(echo -e ${JSON_DATA} | jq -r '.promos | del(.\"latest-1.7.10\") | del(.\"1.7.10-latest-1.7.10\") | to_entries[] | .key | select(contains(\"recommended\")) | split(\"-\")[0]' | sort -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n | tail -1)\r\n \tBUILD_TYPE=recommended\r\n fi\r\n\r\n if [ \"${BUILD_TYPE}\" != \"recommended\" ] && [ \"${BUILD_TYPE}\" != \"latest\" ]; then\r\n BUILD_TYPE=recommended\r\n fi\r\n\r\n echo -e \"minecraft version: ${MC_VERSION}\"\r\n echo -e \"build type: ${BUILD_TYPE}\"\r\n\r\n ## some variables for getting versions and things\r\n FILE_SITE=$(echo -e ${JSON_DATA} | jq -r '.homepage' | sed \"s\/http:\/https:\/g\")\r\n VERSION_KEY=$(echo -e ${JSON_DATA} | jq -r --arg MC_VERSION \"${MC_VERSION}\" --arg BUILD_TYPE \"${BUILD_TYPE}\" '.promos | del(.\"latest-1.7.10\") | del(.\"1.7.10-latest-1.7.10\") | to_entries[] | .key | select(contains($MC_VERSION)) | select(contains($BUILD_TYPE))')\r\n\r\n ## locating the forge version\r\n if [ \"${VERSION_KEY}\" == \"\" ] && [ \"${BUILD_TYPE}\" == \"recommended\" ]; then\r\n echo -e \"dropping back to latest from recommended due to there not being a recommended version of forge for the mc version requested.\"\r\n VERSION_KEY=$(echo -e ${JSON_DATA} | jq -r --arg MC_VERSION \"${MC_VERSION}\" '.promos | del(.\"latest-1.7.10\") | del(.\"1.7.10-latest-1.7.10\") | to_entries[] | .key | select(contains($MC_VERSION)) | select(contains(\"recommended\"))')\r\n fi\r\n\r\n ## Error if the mc version set wasn't valid.\r\n if [ \"${VERSION_KEY}\" == \"\" ] || [ \"${VERSION_KEY}\" == \"null\" ]; then\r\n \techo -e \"The install failed because there is no valid version of forge for the version on minecraft selected.\"\r\n \texit 1\r\n fi\r\n\r\n FORGE_VERSION=$(echo -e ${JSON_DATA} | jq -r --arg VERSION_KEY \"$VERSION_KEY\" '.promos | .[$VERSION_KEY]')\r\n\r\n if [ \"${MC_VERSION}\" == \"1.7.10\" ] || [ \"${MC_VERSION}\" == \"1.8.9\" ]; then\r\n DOWNLOAD_LINK=${FILE_SITE}${MC_VERSION}-${FORGE_VERSION}-${MC_VERSION}\/forge-${MC_VERSION}-${FORGE_VERSION}-${MC_VERSION}\r\n FORGE_JAR=forge-${MC_VERSION}-${FORGE_VERSION}-${MC_VERSION}.jar\r\n if [ \"${MC_VERSION}\" == \"1.7.10\" ]; then\r\n FORGE_JAR=forge-${MC_VERSION}-${FORGE_VERSION}-${MC_VERSION}-universal.jar\r\n fi\r\n else\r\n DOWNLOAD_LINK=${FILE_SITE}${MC_VERSION}-${FORGE_VERSION}\/forge-${MC_VERSION}-${FORGE_VERSION}\r\n FORGE_JAR=forge-${MC_VERSION}-${FORGE_VERSION}.jar\r\n fi\r\nfi\r\n\r\n\r\n#Adding .jar when not eding by SERVER_JARFILE\r\nif [[ ! $SERVER_JARFILE = *\\.jar ]]; then\r\n SERVER_JARFILE=\"$SERVER_JARFILE.jar\"\r\nfi\r\n\r\n#Downloading jars\r\necho -e \"Downloading forge version ${FORGE_VERSION}\"\r\nif [ ! -z \"${DOWNLOAD_LINK}\" ]; then \r\n if curl --output \/dev\/null --silent --head --fail ${DOWNLOAD_LINK}-installer.jar; then\r\n echo -e \"installer jar download link is valid.\"\r\n else\r\n echo -e \"link is invalid closing out\"\r\n exit 2\r\n fi\r\n\r\n echo -e \"no download link closing out\"\r\n exit 3\r\nfi\r\n\r\ncurl -s -o installer.jar -sS ${DOWNLOAD_LINK}-installer.jar\r\n\r\n#Checking if downloaded jars exist\r\nif [ ! -f .\/installer.jar ]; then\r\n echo \"!!! Error by downloading forge version ${FORGE_VERSION} !!!\"\r\n exit\r\nfi\r\n\r\n#Installing server\r\necho -e \"Installing forge server.\\n\"\r\njava -jar installer.jar --installServer || { echo -e \"install failed\"; exit 4; }\r\n\r\nmv $FORGE_JAR $SERVER_JARFILE\r\n\r\n#Deleting installer.jar\r\necho -e \"Deleting installer.jar file.\\n\"\r\nrm -rf installer.jar",
"container": "openjdk:8", "container": "openjdk:8-jdk-slim",
"entrypoint": "bash" "entrypoint": "bash"
} }
}, },
@ -34,11 +34,29 @@
}, },
{ {
"name": "Forge version", "name": "Forge version",
"description": "The version of forge that you want to run.\r\nExamples:\r\n- 1.12.2\r\n- 1.12.2-14.23.5.2810", "description": "The version of minecraft you want to install for.\r\n\r\nLeaving latest will install the latest recommended version.",
"env_variable": "MC_VERSION", "env_variable": "MC_VERSION",
"default_value": "latest", "default_value": "latest",
"user_viewable": 1, "user_viewable": 1,
"user_editable": 1, "user_editable": 1,
"rules": "required|string|max:9"
},
{
"name": "Build Type",
"description": "The type of server jar to download from forge.\r\n\r\nValid types are \"recommended\" and \"latest\".",
"env_variable": "BUILD_TYPE",
"default_value": "recommended",
"user_viewable": 1,
"user_editable": 1,
"rules": "required|string|max:20"
},
{
"name": "Forge Version",
"description": "Gets an exact version.\r\n\r\nEx. 1.15.2-31.2.4\r\n\r\nOverrides MC_VERSION and BUILD_TYPE. If it fails to download the server files it will fail to install.",
"env_variable": "FORGE_VERSION",
"default_value": "",
"user_viewable": 1,
"user_editable": 1,
"rules": "required|string|max:20" "rules": "required|string|max:20"
} }
] ]

4
resources/scripts/components/server/StatGraphs.tsx
View File

@ -17,14 +17,14 @@ const chartDefaults: ChartConfiguration = {
enabled: false, enabled: false,
}, },
animation: { animation: {
duration: 250, duration: 0,
}, },
elements: { elements: {
point: { point: {
radius: 0, radius: 0,
}, },
line: { line: {
tension: 0.1, tension: 0.3,
backgroundColor: 'rgba(15, 178, 184, 0.45)', backgroundColor: 'rgba(15, 178, 184, 0.45)',
borderColor: '#32D0D9', borderColor: '#32D0D9',
}, },

6
resources/scripts/components/server/users/EditSubuserModal.tsx
View File

@ -53,6 +53,8 @@ const EditSubuserModal = forwardRef<HTMLHeadingElement, Props>(({ subuser, ...pr
const [ canEditUser ] = usePermissions(subuser ? [ 'user.update' ] : [ 'user.create' ]); const [ canEditUser ] = usePermissions(subuser ? [ 'user.update' ] : [ 'user.create' ]);
const permissions = useStoreState(state => state.permissions.data); const permissions = useStoreState(state => state.permissions.data);
const user = useStoreState(state => state.user.data!);
// The currently logged in user's permissions. We're going to filter out any permissions // The currently logged in user's permissions. We're going to filter out any permissions
// that they should not need. // that they should not need.
const loggedInPermissions = ServerContext.useStoreState(state => state.server.permissions); const loggedInPermissions = ServerContext.useStoreState(state => state.server.permissions);
@ -64,7 +66,7 @@ const EditSubuserModal = forwardRef<HTMLHeadingElement, Props>(({ subuser, ...pr
const list: string[] = ([] as string[]).concat.apply([], Object.values(cleaned)); const list: string[] = ([] as string[]).concat.apply([], Object.values(cleaned));
if (loggedInPermissions.length === 1 && loggedInPermissions[0] === '*') { if (user.rootAdmin || (loggedInPermissions.length === 1 && loggedInPermissions[0] === '*')) {
return list; return list;
} }
@ -81,12 +83,14 @@ const EditSubuserModal = forwardRef<HTMLHeadingElement, Props>(({ subuser, ...pr
} }
</h3> </h3>
<FlashMessageRender byKey={'user:edit'} className={'mt-4'}/> <FlashMessageRender byKey={'user:edit'} className={'mt-4'}/>
{(!user.rootAdmin && loggedInPermissions[0] !== '*') &&
<div className={'mt-4 pl-4 py-2 border-l-4 border-cyan-400'}> <div className={'mt-4 pl-4 py-2 border-l-4 border-cyan-400'}>
<p className={'text-sm text-neutral-300'}> <p className={'text-sm text-neutral-300'}>
Only permissions which your account is currently assigned may be selected when creating or Only permissions which your account is currently assigned may be selected when creating or
modifying other users. modifying other users.
</p> </p>
</div> </div>
}
{!subuser && {!subuser &&
<div className={'mt-6'}> <div className={'mt-6'}>
<Field <Field

3
routes/api-remote.php
View File

@ -2,9 +2,6 @@
use Illuminate\Support\Facades\Route; use Illuminate\Support\Facades\Route;
Route::get('/authenticate/{token}', 'ValidateKeyController@index');
Route::post('/download-file', 'FileDownloadController@index');
// Routes for the Wings daemon. // Routes for the Wings daemon.
Route::post('/sftp/auth', 'SftpAuthenticationController'); Route::post('/sftp/auth', 'SftpAuthenticationController');