From 85bdbdce143145a7100b7a9bd5b0b1a01919edac Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Thu, 1 Mar 2018 19:19:19 -0600 Subject: [PATCH] Better handling of file download requests --- CHANGELOG.md | 1 + .../Api/Remote/FileDownloadController.php | 50 +++++++++++++++++++ .../Controllers/Daemon/ActionController.php | 22 -------- .../Server/Files/DownloadController.php | 4 +- routes/api-remote.php | 9 +--- routes/daemon.php | 1 - 6 files changed, 56 insertions(+), 31 deletions(-) create mode 100644 app/Http/Controllers/Api/Remote/FileDownloadController.php diff --git a/CHANGELOG.md b/CHANGELOG.md index f0953dcdd..9cd81951c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines. ### Added * Adds back client API for sending commands or power toggles to a server though the Panel API: `/api/client/servers/` * Added proper transformer for Packs and re-enabled missing includes on server. +* Added support for using Filesystem as a caching driver, although not recommended. ## v0.7.3 (Derelict Dermodactylus) ### Fixed diff --git a/app/Http/Controllers/Api/Remote/FileDownloadController.php b/app/Http/Controllers/Api/Remote/FileDownloadController.php new file mode 100644 index 000000000..fa4818fc9 --- /dev/null +++ b/app/Http/Controllers/Api/Remote/FileDownloadController.php @@ -0,0 +1,50 @@ +cache = $cache; + } + + /** + * Handle a request to authenticate a download using a token and return + * the path of the file to the daemon. + * + * @param \Illuminate\Http\Request $request + * @return \Illuminate\Http\JsonResponse + * + * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException + */ + public function index(Request $request): JsonResponse + { + $download = $this->cache->pull('Server:Downloads:' . $request->input('token', '')); + + if (is_null($download)) { + throw new NotFoundHttpException('No file was found using the token provided.'); + } + + return response()->json([ + 'path' => array_get($download, 'path'), + 'server' => array_get($download, 'server'), + ]); + } +} diff --git a/app/Http/Controllers/Daemon/ActionController.php b/app/Http/Controllers/Daemon/ActionController.php index 64c0a0c21..fef0b35b7 100644 --- a/app/Http/Controllers/Daemon/ActionController.php +++ b/app/Http/Controllers/Daemon/ActionController.php @@ -10,28 +10,6 @@ use Pterodactyl\Http\Controllers\Controller; class ActionController extends Controller { - /** - * Handles download request from daemon. - * - * @param \Illuminate\Http\Request $request - * @return \Illuminate\Http\JsonResponse - */ - public function authenticateDownload(Request $request) - { - $download = Cache::pull('Server:Downloads:' . $request->input('token')); - - if (is_null($download)) { - return response()->json([ - 'error' => 'An invalid request token was recieved with this request.', - ], 403); - } - - return response()->json([ - 'path' => $download['path'], - 'server' => $download['server'], - ]); - } - /** * Handles install toggle request from daemon. * diff --git a/app/Http/Controllers/Server/Files/DownloadController.php b/app/Http/Controllers/Server/Files/DownloadController.php index 06a31f9e5..04b16d084 100644 --- a/app/Http/Controllers/Server/Files/DownloadController.php +++ b/app/Http/Controllers/Server/Files/DownloadController.php @@ -9,6 +9,7 @@ namespace Pterodactyl\Http\Controllers\Server\Files; +use Ramsey\Uuid\Uuid; use Illuminate\Http\Request; use Illuminate\Cache\Repository; use Illuminate\Http\RedirectResponse; @@ -46,8 +47,9 @@ class DownloadController extends Controller $server = $request->attributes->get('server'); $this->authorize('download-files', $server); - $token = str_random(40); + $token = Uuid::uuid4()->toString(); $node = $server->getRelation('node'); + $this->cache->put('Server:Downloads:' . $token, ['server' => $server->uuid, 'path' => $file], 5); return redirect(sprintf('%s://%s:%s/v1/server/file/download/%s', $node->scheme, $node->fqdn, $node->daemonListen, $token)); diff --git a/routes/api-remote.php b/routes/api-remote.php index a06a72feb..5566651d4 100644 --- a/routes/api-remote.php +++ b/routes/api-remote.php @@ -1,12 +1,7 @@ . - * - * This software is licensed under the terms of the MIT license. - * https://opensource.org/licenses/MIT - */ + Route::get('/authenticate/{token}', 'ValidateKeyController@index')->name('api.remote.authenticate'); +Route::post('/download-file', 'FileDownloadController@index')->name('api.remote.download_file'); Route::group(['prefix' => '/eggs'], function () { Route::get('/', 'EggRetrievalController@index')->name('api.remote.eggs'); diff --git a/routes/daemon.php b/routes/daemon.php index b74a005a7..2c8058e36 100644 --- a/routes/daemon.php +++ b/routes/daemon.php @@ -10,5 +10,4 @@ Route::get('/packs/pull/{uuid}', 'PackController@pull')->name('daemon.pack.pull' Route::get('/packs/pull/{uuid}/hash', 'PackController@hash')->name('daemon.pack.hash'); Route::get('/configure/{token}', 'ActionController@configuration')->name('daemon.configuration'); -Route::post('/download', 'ActionController@authenticateDownload')->name('daemon.download'); Route::post('/install', 'ActionController@markInstall')->name('daemon.install');