From b15679d3bb04ad45c40ff58ecb53c6dea41d929a Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sun, 17 Jan 2021 10:49:36 -0800 Subject: [PATCH 01/24] Add base logic for audit logging --- app/Models/AuditLog.php | 120 ++++++++++++++++++ app/Models/Server.php | 26 ++++ ...1_01_17_102401_create_audit_logs_table.php | 31 +++++ 3 files changed, 177 insertions(+) create mode 100644 app/Models/AuditLog.php create mode 100644 database/migrations/2021_01_17_102401_create_audit_logs_table.php diff --git a/app/Models/AuditLog.php b/app/Models/AuditLog.php new file mode 100644 index 000000000..fdf166e68 --- /dev/null +++ b/app/Models/AuditLog.php @@ -0,0 +1,120 @@ + 'required|uuid', + 'action' => 'required|string', + 'device' => 'required|array', + 'device.ip_address' => 'ip', + 'device.user_agent' => 'string', + 'metadata' => 'array', + ]; + + /** + * @var string + */ + protected $table = 'audit_logs'; + + /** + * @var bool + */ + protected $immutableDates = true; + + /** + * @var string[] + */ + protected $casts = [ + 'device' => 'array', + 'metadata' => 'array', + ]; + + /** + * @var string[] + */ + protected $guarded = [ + 'id', + 'created_at', + ]; + + /** + * @return \Illuminate\Database\Eloquent\Relations\BelongsTo + */ + public function user() + { + return $this->belongsTo(User::class); + } + + /** + * @return \Illuminate\Database\Eloquent\Relations\BelongsTo + */ + public function server() + { + return $this->belongsTo(Server::class); + } + + /** + * Creates a new AuditLog model and returns it, attaching device information and the + * currently authenticated user if available. This model is not saved at this point, so + * you can always make modifications to it as needed before saving. + * + * @param string $action + * @param array $metadata + * @param bool $isSystem + * @return $this + */ + public static function factory(string $action, array $metadata, bool $isSystem = false) + { + /** @var \Illuminate\Http\Request $request */ + $request = Container::getInstance()->make('request'); + if (! $isSystem || ! $request instanceof Request) { + $request = null; + } + + return (new self())->fill([ + 'uuid' => Uuid::uuid4()->toString(), + 'is_system' => $isSystem, + 'user_id' => $request->user() ? $request->user()->id : null, + 'server_id' => null, + 'action' => $action, + 'device' => $request ? [ + 'ip_address' => $request->getClientIp(), + 'user_agent' => $request->userAgent(), + ] : [], + 'metadata' => $metadata, + ]); + } +} diff --git a/app/Models/Server.php b/app/Models/Server.php index aace86d0b..b617db0a2 100644 --- a/app/Models/Server.php +++ b/app/Models/Server.php @@ -50,6 +50,7 @@ use Znck\Eloquent\Traits\BelongsToThrough; * @property \Pterodactyl\Models\ServerTransfer $transfer * @property \Pterodactyl\Models\Backup[]|\Illuminate\Database\Eloquent\Collection $backups * @property \Pterodactyl\Models\Mount[]|\Illuminate\Database\Eloquent\Collection $mounts + * @property \Pterodactyl\Models\AuditLog[] $audits */ class Server extends Model { @@ -326,4 +327,29 @@ class Server extends Model { return $this->hasManyThrough(Mount::class, MountServer::class, 'server_id', 'id', 'id', 'mount_id'); } + + /** + * Saves an audit entry to the database for the server. + * + * @param string $action + * @param array $metadata + * @return \Pterodactyl\Models\AuditLog + */ + public function audit(string $action, array $metadata): AuditLog + { + $model = AuditLog::factory($action, $metadata)->fill([ + 'server_id' => $this->id, + ]); + $model->save(); + + return $model; + } + + /** + * @return \Illuminate\Database\Eloquent\Relations\HasMany + */ + public function audits() + { + return $this->hasMany(AuditLog::class); + } } diff --git a/database/migrations/2021_01_17_102401_create_audit_logs_table.php b/database/migrations/2021_01_17_102401_create_audit_logs_table.php new file mode 100644 index 000000000..7586c1b8c --- /dev/null +++ b/database/migrations/2021_01_17_102401_create_audit_logs_table.php @@ -0,0 +1,31 @@ +id(); + $table->timestamps(); + }); + } + + /** + * Reverse the migrations. + * + * @return void + */ + public function down() + { + Schema::dropIfExists('audit_logs'); + } +} From ccecaa6694333d5758ddfff91c1a6cc933549674 Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sun, 17 Jan 2021 11:46:08 -0800 Subject: [PATCH 02/24] Add basic auditing for filesystem actions Specifically skipping read actions since there isn't much to say there, and it generally wouldn't be very helpful (plus, likely to generate lots of logs). --- .../Api/Client/Servers/BackupController.php | 25 ++- .../Api/Client/Servers/FileController.php | 143 ++++++++++++------ app/Models/AuditLog.php | 18 ++- app/Models/Server.php | 29 +++- ...1_01_17_102401_create_audit_logs_table.php | 13 +- 5 files changed, 164 insertions(+), 64 deletions(-) diff --git a/app/Http/Controllers/Api/Client/Servers/BackupController.php b/app/Http/Controllers/Api/Client/Servers/BackupController.php index 23daf1bc6..5ba8475ed 100644 --- a/app/Http/Controllers/Api/Client/Servers/BackupController.php +++ b/app/Http/Controllers/Api/Client/Servers/BackupController.php @@ -4,6 +4,7 @@ namespace Pterodactyl\Http\Controllers\Api\Client\Servers; use Pterodactyl\Models\Backup; use Pterodactyl\Models\Server; +use Pterodactyl\Models\AuditLog; use Illuminate\Http\JsonResponse; use Pterodactyl\Services\Backups\DeleteBackupService; use Pterodactyl\Repositories\Eloquent\BackupRepository; @@ -61,6 +62,7 @@ class BackupController extends ClientApiController public function index(GetBackupsRequest $request, Server $server) { $limit = min($request->query('per_page') ?? 20, 50); + return $this->fractal->collection($server->backups()->paginate($limit)) ->transformWith($this->getTransformer(BackupTransformer::class)) ->toArray(); @@ -77,11 +79,18 @@ class BackupController extends ClientApiController */ public function store(StoreBackupRequest $request, Server $server) { - $backup = $this->initiateBackupService - ->setIgnoredFiles( - explode(PHP_EOL, $request->input('ignored') ?? '') - ) - ->handle($server, $request->input('name')); + /** @var \Pterodactyl\Models\Backup $backup */ + $backup = $server->audit(AuditLog::ACTION_SERVER_BACKUP_STARTED, function (AuditLog $model, Server $server) use ($request) { + $backup = $this->initiateBackupService + ->setIgnoredFiles( + explode(PHP_EOL, $request->input('ignored') ?? '') + ) + ->handle($server, $request->input('name')); + + $model->metadata = ['backup_uuid' => $backup->uuid]; + + return $backup; + }); return $this->fractal->item($backup) ->transformWith($this->getTransformer(BackupTransformer::class)) @@ -116,8 +125,10 @@ class BackupController extends ClientApiController */ public function delete(DeleteBackupRequest $request, Server $server, Backup $backup) { - $this->deleteBackupService->handle($backup); + $server->audit(AuditLog::ACTION_SERVER_BACKUP_DELETED, function () use ($backup) { + $this->deleteBackupService->handle($backup); + }); - return JsonResponse::create([], JsonResponse::HTTP_NO_CONTENT); + return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT); } } diff --git a/app/Http/Controllers/Api/Client/Servers/FileController.php b/app/Http/Controllers/Api/Client/Servers/FileController.php index 317115b29..782d948f5 100644 --- a/app/Http/Controllers/Api/Client/Servers/FileController.php +++ b/app/Http/Controllers/Api/Client/Servers/FileController.php @@ -5,8 +5,8 @@ namespace Pterodactyl\Http\Controllers\Api\Client\Servers; use Carbon\CarbonImmutable; use Illuminate\Http\Response; use Pterodactyl\Models\Server; +use Pterodactyl\Models\AuditLog; use Illuminate\Http\JsonResponse; -use Illuminate\Support\Collection; use Pterodactyl\Services\Nodes\NodeJWTService; use Illuminate\Contracts\Routing\ResponseFactory; use Pterodactyl\Repositories\Wings\DaemonFileRepository; @@ -87,18 +87,15 @@ class FileController extends ClientApiController * @param \Pterodactyl\Models\Server $server * @return \Illuminate\Http\Response * - * @throws \Pterodactyl\Exceptions\Http\Server\FileSizeTooLargeException - * @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException + * @throws \Throwable */ public function contents(GetFileContentsRequest $request, Server $server): Response { - return new Response( - $this->fileRepository->setServer($server)->getContent( - $request->get('file'), config('pterodactyl.files.max_edit_size') - ), - Response::HTTP_OK, - ['Content-Type' => 'text/plain'] + $response = $this->fileRepository->setServer($server)->getContent( + $request->get('file'), config('pterodactyl.files.max_edit_size') ); + + return new Response($response, Response::HTTP_OK, ['Content-Type' => 'text/plain']); } /** @@ -109,17 +106,21 @@ class FileController extends ClientApiController * @param \Pterodactyl\Models\Server $server * @return array * - * @throws \Exception + * @throws \Throwable */ public function download(GetFileContentsRequest $request, Server $server) { - $token = $this->jwtService - ->setExpiresAt(CarbonImmutable::now()->addMinutes(15)) - ->setClaims([ - 'file_path' => rawurldecode($request->get('file')), - 'server_uuid' => $server->uuid, - ]) - ->handle($server->node, $request->user()->id . $server->uuid); + $token = $server->audit(AuditLog::ACTION_SERVER_FILESYSTEM_DOWNLOAD, function (AuditLog $audit, Server $server) use ($request) { + $audit->metadata = ['file' => $request->get('file')]; + + return $this->jwtService + ->setExpiresAt(CarbonImmutable::now()->addMinutes(15)) + ->setClaims([ + 'file_path' => rawurldecode($request->get('file')), + 'server_uuid' => $server->uuid, + ]) + ->handle($server->node, $request->user()->id . $server->uuid); + }); return [ 'object' => 'signed_url', @@ -140,11 +141,20 @@ class FileController extends ClientApiController * @param \Pterodactyl\Models\Server $server * @return \Illuminate\Http\JsonResponse * - * @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException + * @throws \Throwable */ public function write(WriteFileContentRequest $request, Server $server): JsonResponse { - $this->fileRepository->setServer($server)->putContent($request->get('file'), $request->getContent()); + $server->audit(AuditLog::ACTION_SERVER_FILESYSTEM_WRITE, function (AuditLog $audit, Server $server) use ($request) { + $audit->metadata = [ + 'file' => $request->get('file'), + 'sub_action' => 'write_content', + ]; + + $this->fileRepository + ->setServer($server) + ->putContent($request->get('file'), $request->getContent()); + }); return new JsonResponse([], Response::HTTP_NO_CONTENT); } @@ -156,13 +166,20 @@ class FileController extends ClientApiController * @param \Pterodactyl\Models\Server $server * @return \Illuminate\Http\JsonResponse * - * @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException + * @throws \Throwable */ public function create(CreateFolderRequest $request, Server $server): JsonResponse { - $this->fileRepository - ->setServer($server) - ->createDirectory($request->input('name'), $request->input('root', '/')); + $server->audit(AuditLog::ACTION_SERVER_FILESYSTEM_WRITE, function (AuditLog $audit, Server $server) use ($request) { + $audit->metadata = [ + 'file' => $request->input('root', '/') . $request->input('name'), + 'sub_action' => 'create_folder', + ]; + + $this->fileRepository + ->setServer($server) + ->createDirectory($request->input('name'), $request->input('root', '/')); + }); return new JsonResponse([], Response::HTTP_NO_CONTENT); } @@ -174,13 +191,17 @@ class FileController extends ClientApiController * @param \Pterodactyl\Models\Server $server * @return \Illuminate\Http\JsonResponse * - * @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException + * @throws \Throwable */ public function rename(RenameFileRequest $request, Server $server): JsonResponse { - $this->fileRepository - ->setServer($server) - ->renameFiles($request->input('root'), $request->input('files')); + $server->audit(AuditLog::ACTION_SERVER_FILESYSTEM_RENAME, function (AuditLog $audit, Server $server) use ($request) { + $audit->metadata = ['root' => $request->input('root'), 'files' => $request->input('files')]; + + $this->fileRepository + ->setServer($server) + ->renameFiles($request->input('root'), $request->input('files')); + }); return new JsonResponse([], Response::HTTP_NO_CONTENT); } @@ -192,13 +213,19 @@ class FileController extends ClientApiController * @param \Pterodactyl\Models\Server $server * @return \Illuminate\Http\JsonResponse * - * @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException + * @throws \Throwable */ public function copy(CopyFileRequest $request, Server $server): JsonResponse { - $this->fileRepository - ->setServer($server) - ->copyFile($request->input('location')); + $server->audit(AuditLog::ACTION_SERVER_FILESYSTEM_WRITE, function (AuditLog $audit, Server $server) use ($request) { + $audit->metadata = [ + 'file' => $request->input('location'), + 'sub_action' => 'copy_file', + ]; + $this->fileRepository + ->setServer($server) + ->copyFile($request->input('location')); + }); return new JsonResponse([], Response::HTTP_NO_CONTENT); } @@ -208,17 +235,21 @@ class FileController extends ClientApiController * @param \Pterodactyl\Models\Server $server * @return array * - * @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException + * @throws \Throwable */ public function compress(CompressFilesRequest $request, Server $server): array { - // Allow up to five minutes for this request to process before timing out. - set_time_limit(300); + $file = $server->audit(AuditLog::ACTION_SERVER_FILESYSTEM_COMPRESS, function (AuditLog $audit, Server $server) use ($request) { + // Allow up to five minutes for this request to process before timing out. + set_time_limit(300); - $file = $this->fileRepository->setServer($server) - ->compressFiles( - $request->input('root'), $request->input('files') - ); + $audit->metadata = ['root' => $request->input('root'), 'files' => $request->input('files')]; + + return $this->fileRepository->setServer($server) + ->compressFiles( + $request->input('root'), $request->input('files') + ); + }); return $this->fractal->item($file) ->transformWith($this->getTransformer(FileObjectTransformer::class)) @@ -230,15 +261,19 @@ class FileController extends ClientApiController * @param \Pterodactyl\Models\Server $server * @return \Illuminate\Http\JsonResponse * - * @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException + * @throws \Throwable */ public function decompress(DecompressFilesRequest $request, Server $server): JsonResponse { - // Allow up to five minutes for this request to process before timing out. - set_time_limit(300); + $file = $server->audit(AuditLog::ACTION_SERVER_FILESYSTEM_DECOMPRESS, function (AuditLog $audit, Server $server) use ($request) { + // Allow up to five minutes for this request to process before timing out. + set_time_limit(300); - $this->fileRepository->setServer($server) - ->decompressFile($request->input('root'), $request->input('file')); + $audit->metadata = ['root' => $request->input('root'), 'files' => $request->input('file')]; + + $this->fileRepository->setServer($server) + ->decompressFile($request->input('root'), $request->input('file')); + }); return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT); } @@ -250,14 +285,18 @@ class FileController extends ClientApiController * @param \Pterodactyl\Models\Server $server * @return \Illuminate\Http\JsonResponse * - * @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException + * @throws \Throwable */ public function delete(DeleteFileRequest $request, Server $server): JsonResponse { - $this->fileRepository->setServer($server) - ->deleteFiles( - $request->input('root'), $request->input('files') - ); + $server->audit(AuditLog::ACTION_SERVER_FILESYSTEM_DELETE, function (AuditLog $audit, Server $server) use ($request) { + $audit->metadata = ['root' => $request->input('root'), 'files' => $request->input('files')]; + + $this->fileRepository->setServer($server) + ->deleteFiles( + $request->input('root'), $request->input('files') + ); + }); return new JsonResponse([], Response::HTTP_NO_CONTENT); } @@ -288,11 +327,15 @@ class FileController extends ClientApiController * @param \Pterodactyl\Models\Server $server * @return \Illuminate\Http\JsonResponse * - * @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException + * @throws \Throwable */ public function pull(PullFileRequest $request, Server $server): JsonResponse { - $this->fileRepository->setServer($server)->pull($request->input('url'), $request->input('directory')); + $server->audit(AuditLog::ACTION_SERVER_FILESYSTEM_PULL, function (AuditLog $audit, Server $server) use ($request) { + $audit->metadata = ['directory' => $request->input('directory'), 'url' => $request->input('url')]; + + $this->fileRepository->setServer($server)->pull($request->input('url'), $request->input('directory')); + }); return new JsonResponse([], Response::HTTP_NO_CONTENT); } diff --git a/app/Models/AuditLog.php b/app/Models/AuditLog.php index fdf166e68..7a0563260 100644 --- a/app/Models/AuditLog.php +++ b/app/Models/AuditLog.php @@ -28,6 +28,18 @@ class AuditLog extends Model const ACTION_USER_AUTH_FAILED = 'user:auth.failed'; const ACTION_USER_AUTH_PASSWORD_CHANGED = 'user:auth.password-changed'; + const ACTION_SERVER_FILESYSTEM_DOWNLOAD = 'server:filesystem.download'; + const ACTION_SERVER_FILESYSTEM_WRITE = 'server:filesystem.write'; + const ACTION_SERVER_FILESYSTEM_DELETE = 'server:filesystem.delete'; + const ACTION_SERVER_FILESYSTEM_RENAME = 'server:filesystem.rename'; + const ACTION_SERVER_FILESYSTEM_COMPRESS = 'server:filesystem.compress'; + const ACTION_SERVER_FILESYSTEM_DECOMPRESS = 'server:filesystem.decompress'; + const ACTION_SERVER_FILESYSTEM_PULL = 'server:filesystem.pull'; + + const ACTION_SERVER_BACKUP_STARTED = 'server:backup.started'; + const ACTION_SERVER_BACKUP_FAILED = 'server:backup.failed'; + const ACTION_SERVER_BACKUP_COMPELTED = 'server:backup.completed'; + const ACTION_SERVER_BACKUP_DELETED = 'server:backup.deleted'; const ACTION_SERVER_BACKUP_RESTORE_STARTED = 'server:backup.restore.started'; const ACTION_SERVER_BACKUP_RESTORE_COMPLETED = 'server:backup.restore.completed'; const ACTION_SERVER_BACKUP_RESTORE_FAILED = 'server:backup.restore.failed'; @@ -38,7 +50,7 @@ class AuditLog extends Model public static $validationRules = [ 'uuid' => 'required|uuid', 'action' => 'required|string', - 'device' => 'required|array', + 'device' => 'array', 'device.ip_address' => 'ip', 'device.user_agent' => 'string', 'metadata' => 'array', @@ -100,14 +112,14 @@ class AuditLog extends Model { /** @var \Illuminate\Http\Request $request */ $request = Container::getInstance()->make('request'); - if (! $isSystem || ! $request instanceof Request) { + if ($isSystem || ! $request instanceof Request) { $request = null; } return (new self())->fill([ 'uuid' => Uuid::uuid4()->toString(), 'is_system' => $isSystem, - 'user_id' => $request->user() ? $request->user()->id : null, + 'user_id' => ($request && $request->user()) ? $request->user()->id : null, 'server_id' => null, 'action' => $action, 'device' => $request ? [ diff --git a/app/Models/Server.php b/app/Models/Server.php index b617db0a2..b65ef662e 100644 --- a/app/Models/Server.php +++ b/app/Models/Server.php @@ -2,6 +2,7 @@ namespace Pterodactyl\Models; +use Closure; use Illuminate\Notifications\Notifiable; use Illuminate\Database\Query\JoinClause; use Znck\Eloquent\Traits\BelongsToThrough; @@ -335,7 +336,7 @@ class Server extends Model * @param array $metadata * @return \Pterodactyl\Models\AuditLog */ - public function audit(string $action, array $metadata): AuditLog + public function newAuditEvent(string $action, array $metadata): AuditLog { $model = AuditLog::factory($action, $metadata)->fill([ 'server_id' => $this->id, @@ -345,6 +346,32 @@ class Server extends Model return $model; } + /** + * Stores a new audit event for a server by using a transaction. If the transaction + * fails for any reason everything executed within will be rolled back. The callback + * passed in will receive the AuditLog model before it is saved and the second argument + * will be the current server instance. The callback should modify the audit entry as + * needed before finishing, any changes will be persisted. + * + * The response from the callback is returned to the caller. + * + * @param string $action + * @param \Closure $callback + * @return mixed + * @throws \Throwable + */ + public function audit(string $action, Closure $callback) + { + $model = $this->newAuditEvent($action, []); + + return $this->getConnection()->transaction(function () use ($callback, &$model) { + $response = $callback($model, $this); + $model->save(); + + return $response; + }); + } + /** * @return \Illuminate\Database\Eloquent\Relations\HasMany */ diff --git a/database/migrations/2021_01_17_102401_create_audit_logs_table.php b/database/migrations/2021_01_17_102401_create_audit_logs_table.php index 7586c1b8c..a13274c06 100644 --- a/database/migrations/2021_01_17_102401_create_audit_logs_table.php +++ b/database/migrations/2021_01_17_102401_create_audit_logs_table.php @@ -1,8 +1,8 @@ id(); - $table->timestamps(); + $table->char('uuid', 36); + $table->boolean('is_system')->default(false); + $table->bigInteger('user_id')->nullable(); + $table->bigInteger('server_id')->nullable(); + $table->string('action'); + $table->json('device'); + $table->json('metadata'); + $table->timestamp('created_at', 0); }); } From 291c65275ae9e83bee7db6d3c187a9ec345e853a Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sun, 17 Jan 2021 11:52:44 -0800 Subject: [PATCH 03/24] Update audit design --- .../Api/Client/Servers/FileController.php | 19 +++++++------------ app/Models/AuditLog.php | 4 +++- ...1_01_17_102401_create_audit_logs_table.php | 8 ++++++-- 3 files changed, 16 insertions(+), 15 deletions(-) diff --git a/app/Http/Controllers/Api/Client/Servers/FileController.php b/app/Http/Controllers/Api/Client/Servers/FileController.php index 782d948f5..2a2d96e06 100644 --- a/app/Http/Controllers/Api/Client/Servers/FileController.php +++ b/app/Http/Controllers/Api/Client/Servers/FileController.php @@ -146,10 +146,8 @@ class FileController extends ClientApiController public function write(WriteFileContentRequest $request, Server $server): JsonResponse { $server->audit(AuditLog::ACTION_SERVER_FILESYSTEM_WRITE, function (AuditLog $audit, Server $server) use ($request) { - $audit->metadata = [ - 'file' => $request->get('file'), - 'sub_action' => 'write_content', - ]; + $audit->subaction = 'write_content'; + $audit->metadata = ['file' => $request->get('file')]; $this->fileRepository ->setServer($server) @@ -171,10 +169,8 @@ class FileController extends ClientApiController public function create(CreateFolderRequest $request, Server $server): JsonResponse { $server->audit(AuditLog::ACTION_SERVER_FILESYSTEM_WRITE, function (AuditLog $audit, Server $server) use ($request) { - $audit->metadata = [ - 'file' => $request->input('root', '/') . $request->input('name'), - 'sub_action' => 'create_folder', - ]; + $audit->subaction = 'create_folder'; + $audit->metadata = ['file' => $request->input('root', '/') . $request->input('name')]; $this->fileRepository ->setServer($server) @@ -218,10 +214,9 @@ class FileController extends ClientApiController public function copy(CopyFileRequest $request, Server $server): JsonResponse { $server->audit(AuditLog::ACTION_SERVER_FILESYSTEM_WRITE, function (AuditLog $audit, Server $server) use ($request) { - $audit->metadata = [ - 'file' => $request->input('location'), - 'sub_action' => 'copy_file', - ]; + $audit->subaction = 'copy_file'; + $audit->metadata = ['file' => $request->input('location')]; + $this->fileRepository ->setServer($server) ->copyFile($request->input('location')); diff --git a/app/Models/AuditLog.php b/app/Models/AuditLog.php index 7a0563260..e5a9204e8 100644 --- a/app/Models/AuditLog.php +++ b/app/Models/AuditLog.php @@ -13,6 +13,7 @@ use Illuminate\Container\Container; * @property int|null $user_id * @property int|null $server_id * @property string $action + * @property string|null $subaction * @property array $device * @property array $metadata * @property \Carbon\CarbonImmutable $created_at @@ -49,7 +50,8 @@ class AuditLog extends Model */ public static $validationRules = [ 'uuid' => 'required|uuid', - 'action' => 'required|string', + 'action' => 'required|string|max:191', + 'subaction' => 'nullable|string|max:191', 'device' => 'array', 'device.ip_address' => 'ip', 'device.user_agent' => 'string', diff --git a/database/migrations/2021_01_17_102401_create_audit_logs_table.php b/database/migrations/2021_01_17_102401_create_audit_logs_table.php index a13274c06..f67e7d647 100644 --- a/database/migrations/2021_01_17_102401_create_audit_logs_table.php +++ b/database/migrations/2021_01_17_102401_create_audit_logs_table.php @@ -17,12 +17,16 @@ class CreateAuditLogsTable extends Migration $table->id(); $table->char('uuid', 36); $table->boolean('is_system')->default(false); - $table->bigInteger('user_id')->nullable(); - $table->bigInteger('server_id')->nullable(); + $table->unsignedInteger('user_id')->nullable(); + $table->unsignedInteger('server_id')->nullable(); $table->string('action'); + $table->string('subaction')->nullable(); $table->json('device'); $table->json('metadata'); $table->timestamp('created_at', 0); + + $table->foreign('user_id')->references('id')->on('users')->onDelete('set null'); + $table->foreign('server_id')->references('id')->on('servers')->onDelete('cascade'); }); } From bfc6f34c5048ebcf9d4867af4d09ac01a1048746 Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sun, 17 Jan 2021 15:22:02 -0800 Subject: [PATCH 04/24] Audit when a backup is successful or fails --- .../Remote/Backups/BackupStatusController.php | 36 +++++++++++-------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/app/Http/Controllers/Api/Remote/Backups/BackupStatusController.php b/app/Http/Controllers/Api/Remote/Backups/BackupStatusController.php index b11c07ad8..8880c2405 100644 --- a/app/Http/Controllers/Api/Remote/Backups/BackupStatusController.php +++ b/app/Http/Controllers/Api/Remote/Backups/BackupStatusController.php @@ -4,6 +4,7 @@ namespace Pterodactyl\Http\Controllers\Api\Remote\Backups; use Carbon\CarbonImmutable; use Pterodactyl\Models\Backup; +use Pterodactyl\Models\AuditLog; use Illuminate\Http\JsonResponse; use League\Flysystem\AwsS3v3\AwsS3Adapter; use Pterodactyl\Http\Controllers\Controller; @@ -44,7 +45,7 @@ class BackupStatusController extends Controller * @param string $backup * @return \Illuminate\Http\JsonResponse * - * @throws \Exception + * @throws \Throwable */ public function __invoke(ReportBackupCompleteRequest $request, string $backup) { @@ -57,21 +58,28 @@ class BackupStatusController extends Controller ); } - $successful = $request->input('successful') ? true : false; + $action = $request->input('successful') + ? AuditLog::ACTION_SERVER_BACKUP_COMPELTED + : AuditLog::ACTION_SERVER_BACKUP_FAILED; - $model->fill([ - 'is_successful' => $successful, - 'checksum' => $successful ? ($request->input('checksum_type') . ':' . $request->input('checksum')) : null, - 'bytes' => $successful ? $request->input('size') : 0, - 'completed_at' => CarbonImmutable::now(), - ])->save(); + $model->server->audit($action, function (AuditLog $audit) use ($model, $request) { + $audit->metadata = ['backup_uuid' => $model->uuid]; - // Check if we are using the s3 backup adapter. If so, make sure we mark the backup as - // being completed in S3 correctly. - $adapter = $this->backupManager->adapter(); - if ($adapter instanceof AwsS3Adapter) { - $this->completeMultipartUpload($model, $adapter, $successful); - } + $successful = $request->input('successful') ? true : false; + $model->fill([ + 'is_successful' => $successful, + 'checksum' => $successful ? ($request->input('checksum_type') . ':' . $request->input('checksum')) : null, + 'bytes' => $successful ? $request->input('size') : 0, + 'completed_at' => CarbonImmutable::now(), + ])->save(); + + // Check if we are using the s3 backup adapter. If so, make sure we mark the backup as + // being completed in S3 correctly. + $adapter = $this->backupManager->adapter(); + if ($adapter instanceof AwsS3Adapter) { + $this->completeMultipartUpload($model, $adapter, $successful); + } + }); return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT); } From 4c29be2e54f1bb11e0a73e979a80f8d3b3b5bc0a Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sun, 17 Jan 2021 15:25:49 -0800 Subject: [PATCH 05/24] Adjust some naming real quick --- .../Api/Client/Servers/BackupController.php | 6 ++-- .../Api/Client/Servers/FileController.php | 18 +++++----- .../Remote/Backups/BackupStatusController.php | 4 +-- app/Models/AuditLog.php | 33 ++++++++----------- 4 files changed, 29 insertions(+), 32 deletions(-) diff --git a/app/Http/Controllers/Api/Client/Servers/BackupController.php b/app/Http/Controllers/Api/Client/Servers/BackupController.php index 5ba8475ed..c18aac3ac 100644 --- a/app/Http/Controllers/Api/Client/Servers/BackupController.php +++ b/app/Http/Controllers/Api/Client/Servers/BackupController.php @@ -80,7 +80,7 @@ class BackupController extends ClientApiController public function store(StoreBackupRequest $request, Server $server) { /** @var \Pterodactyl\Models\Backup $backup */ - $backup = $server->audit(AuditLog::ACTION_SERVER_BACKUP_STARTED, function (AuditLog $model, Server $server) use ($request) { + $backup = $server->audit(AuditLog::SERVER__BACKUP_STARTED, function (AuditLog $model, Server $server) use ($request) { $backup = $this->initiateBackupService ->setIgnoredFiles( explode(PHP_EOL, $request->input('ignored') ?? '') @@ -125,7 +125,9 @@ class BackupController extends ClientApiController */ public function delete(DeleteBackupRequest $request, Server $server, Backup $backup) { - $server->audit(AuditLog::ACTION_SERVER_BACKUP_DELETED, function () use ($backup) { + $server->audit(AuditLog::SERVER__BACKUP_DELETED, function (AuditLog $audit) use ($backup) { + $audit->metadata = ['backup_uuid' => $backup->uuid]; + $this->deleteBackupService->handle($backup); }); diff --git a/app/Http/Controllers/Api/Client/Servers/FileController.php b/app/Http/Controllers/Api/Client/Servers/FileController.php index 2a2d96e06..df0fdded6 100644 --- a/app/Http/Controllers/Api/Client/Servers/FileController.php +++ b/app/Http/Controllers/Api/Client/Servers/FileController.php @@ -110,7 +110,7 @@ class FileController extends ClientApiController */ public function download(GetFileContentsRequest $request, Server $server) { - $token = $server->audit(AuditLog::ACTION_SERVER_FILESYSTEM_DOWNLOAD, function (AuditLog $audit, Server $server) use ($request) { + $token = $server->audit(AuditLog::SERVER__FILESYSTEM_DOWNLOAD, function (AuditLog $audit, Server $server) use ($request) { $audit->metadata = ['file' => $request->get('file')]; return $this->jwtService @@ -145,7 +145,7 @@ class FileController extends ClientApiController */ public function write(WriteFileContentRequest $request, Server $server): JsonResponse { - $server->audit(AuditLog::ACTION_SERVER_FILESYSTEM_WRITE, function (AuditLog $audit, Server $server) use ($request) { + $server->audit(AuditLog::SERVER__FILESYSTEM_WRITE, function (AuditLog $audit, Server $server) use ($request) { $audit->subaction = 'write_content'; $audit->metadata = ['file' => $request->get('file')]; @@ -168,7 +168,7 @@ class FileController extends ClientApiController */ public function create(CreateFolderRequest $request, Server $server): JsonResponse { - $server->audit(AuditLog::ACTION_SERVER_FILESYSTEM_WRITE, function (AuditLog $audit, Server $server) use ($request) { + $server->audit(AuditLog::SERVER__FILESYSTEM_WRITE, function (AuditLog $audit, Server $server) use ($request) { $audit->subaction = 'create_folder'; $audit->metadata = ['file' => $request->input('root', '/') . $request->input('name')]; @@ -191,7 +191,7 @@ class FileController extends ClientApiController */ public function rename(RenameFileRequest $request, Server $server): JsonResponse { - $server->audit(AuditLog::ACTION_SERVER_FILESYSTEM_RENAME, function (AuditLog $audit, Server $server) use ($request) { + $server->audit(AuditLog::SERVER__FILESYSTEM_RENAME, function (AuditLog $audit, Server $server) use ($request) { $audit->metadata = ['root' => $request->input('root'), 'files' => $request->input('files')]; $this->fileRepository @@ -213,7 +213,7 @@ class FileController extends ClientApiController */ public function copy(CopyFileRequest $request, Server $server): JsonResponse { - $server->audit(AuditLog::ACTION_SERVER_FILESYSTEM_WRITE, function (AuditLog $audit, Server $server) use ($request) { + $server->audit(AuditLog::SERVER__FILESYSTEM_WRITE, function (AuditLog $audit, Server $server) use ($request) { $audit->subaction = 'copy_file'; $audit->metadata = ['file' => $request->input('location')]; @@ -234,7 +234,7 @@ class FileController extends ClientApiController */ public function compress(CompressFilesRequest $request, Server $server): array { - $file = $server->audit(AuditLog::ACTION_SERVER_FILESYSTEM_COMPRESS, function (AuditLog $audit, Server $server) use ($request) { + $file = $server->audit(AuditLog::SERVER__FILESYSTEM_COMPRESS, function (AuditLog $audit, Server $server) use ($request) { // Allow up to five minutes for this request to process before timing out. set_time_limit(300); @@ -260,7 +260,7 @@ class FileController extends ClientApiController */ public function decompress(DecompressFilesRequest $request, Server $server): JsonResponse { - $file = $server->audit(AuditLog::ACTION_SERVER_FILESYSTEM_DECOMPRESS, function (AuditLog $audit, Server $server) use ($request) { + $file = $server->audit(AuditLog::SERVER__FILESYSTEM_DECOMPRESS, function (AuditLog $audit, Server $server) use ($request) { // Allow up to five minutes for this request to process before timing out. set_time_limit(300); @@ -284,7 +284,7 @@ class FileController extends ClientApiController */ public function delete(DeleteFileRequest $request, Server $server): JsonResponse { - $server->audit(AuditLog::ACTION_SERVER_FILESYSTEM_DELETE, function (AuditLog $audit, Server $server) use ($request) { + $server->audit(AuditLog::SERVER__FILESYSTEM_DELETE, function (AuditLog $audit, Server $server) use ($request) { $audit->metadata = ['root' => $request->input('root'), 'files' => $request->input('files')]; $this->fileRepository->setServer($server) @@ -326,7 +326,7 @@ class FileController extends ClientApiController */ public function pull(PullFileRequest $request, Server $server): JsonResponse { - $server->audit(AuditLog::ACTION_SERVER_FILESYSTEM_PULL, function (AuditLog $audit, Server $server) use ($request) { + $server->audit(AuditLog::SERVER__FILESYSTEM_PULL, function (AuditLog $audit, Server $server) use ($request) { $audit->metadata = ['directory' => $request->input('directory'), 'url' => $request->input('url')]; $this->fileRepository->setServer($server)->pull($request->input('url'), $request->input('directory')); diff --git a/app/Http/Controllers/Api/Remote/Backups/BackupStatusController.php b/app/Http/Controllers/Api/Remote/Backups/BackupStatusController.php index 8880c2405..fd53103c8 100644 --- a/app/Http/Controllers/Api/Remote/Backups/BackupStatusController.php +++ b/app/Http/Controllers/Api/Remote/Backups/BackupStatusController.php @@ -59,8 +59,8 @@ class BackupStatusController extends Controller } $action = $request->input('successful') - ? AuditLog::ACTION_SERVER_BACKUP_COMPELTED - : AuditLog::ACTION_SERVER_BACKUP_FAILED; + ? AuditLog::SERVER__BACKUP_COMPELTED + : AuditLog::SERVER__BACKUP_FAILED; $model->server->audit($action, function (AuditLog $audit) use ($model, $request) { $audit->metadata = ['backup_uuid' => $model->uuid]; diff --git a/app/Models/AuditLog.php b/app/Models/AuditLog.php index e5a9204e8..8126f9f19 100644 --- a/app/Models/AuditLog.php +++ b/app/Models/AuditLog.php @@ -25,25 +25,20 @@ class AuditLog extends Model { const UPDATED_AT = null; - const ACTION_USER_AUTH_LOGIN = 'user:auth.login'; - const ACTION_USER_AUTH_FAILED = 'user:auth.failed'; - const ACTION_USER_AUTH_PASSWORD_CHANGED = 'user:auth.password-changed'; - - const ACTION_SERVER_FILESYSTEM_DOWNLOAD = 'server:filesystem.download'; - const ACTION_SERVER_FILESYSTEM_WRITE = 'server:filesystem.write'; - const ACTION_SERVER_FILESYSTEM_DELETE = 'server:filesystem.delete'; - const ACTION_SERVER_FILESYSTEM_RENAME = 'server:filesystem.rename'; - const ACTION_SERVER_FILESYSTEM_COMPRESS = 'server:filesystem.compress'; - const ACTION_SERVER_FILESYSTEM_DECOMPRESS = 'server:filesystem.decompress'; - const ACTION_SERVER_FILESYSTEM_PULL = 'server:filesystem.pull'; - - const ACTION_SERVER_BACKUP_STARTED = 'server:backup.started'; - const ACTION_SERVER_BACKUP_FAILED = 'server:backup.failed'; - const ACTION_SERVER_BACKUP_COMPELTED = 'server:backup.completed'; - const ACTION_SERVER_BACKUP_DELETED = 'server:backup.deleted'; - const ACTION_SERVER_BACKUP_RESTORE_STARTED = 'server:backup.restore.started'; - const ACTION_SERVER_BACKUP_RESTORE_COMPLETED = 'server:backup.restore.completed'; - const ACTION_SERVER_BACKUP_RESTORE_FAILED = 'server:backup.restore.failed'; + const SERVER__FILESYSTEM_DOWNLOAD = 'server:filesystem.download'; + const SERVER__FILESYSTEM_WRITE = 'server:filesystem.write'; + const SERVER__FILESYSTEM_DELETE = 'server:filesystem.delete'; + const SERVER__FILESYSTEM_RENAME = 'server:filesystem.rename'; + const SERVER__FILESYSTEM_COMPRESS = 'server:filesystem.compress'; + const SERVER__FILESYSTEM_DECOMPRESS = 'server:filesystem.decompress'; + const SERVER__FILESYSTEM_PULL = 'server:filesystem.pull'; + const SERVER__BACKUP_STARTED = 'server:backup.started'; + const SERVER__BACKUP_FAILED = 'server:backup.failed'; + const SERVER__BACKUP_COMPELTED = 'server:backup.completed'; + const SERVER__BACKUP_DELETED = 'server:backup.deleted'; + const SERVER__BACKUP_RESTORE_STARTED = 'server:backup.restore.started'; + const SERVER__BACKUP_RESTORE_COMPLETED = 'server:backup.restore.completed'; + const SERVER__BACKUP_RESTORE_FAILED = 'server:backup.restore.failed'; /** * @var string[] From a75a347d6547a87be9e83759592bf8aa24e2875b Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sun, 17 Jan 2021 15:51:56 -0800 Subject: [PATCH 06/24] Remove suspended & installing fields, replace with single status field --- .../Admin/Servers/ServerViewController.php | 2 +- .../Controllers/Admin/ServersController.php | 4 +- .../Remote/SftpAuthenticationController.php | 6 +- .../Admin/Servers/ServerInstalled.php | 2 +- .../Server/AuthenticateServerAccess.php | 2 +- .../Server/AccessingValidServer.php | 4 +- app/Models/Server.php | 22 +++++--- .../Servers/ReinstallServerService.php | 2 +- .../ServerConfigurationStructureService.php | 4 +- .../Servers/ServerCreationService.php | 2 +- app/Services/Servers/SuspensionService.php | 7 +-- .../Api/Application/ServerTransformer.php | 4 +- .../Api/Client/ServerTransformer.php | 4 +- database/factories/ModelFactory.php | 3 +- ...52623_add_generic_server_status_column.php | 55 +++++++++++++++++++ resources/views/admin/servers/index.blade.php | 4 +- .../servers/partials/navigation.blade.php | 2 +- .../views/admin/servers/view/index.blade.php | 8 +-- .../views/admin/servers/view/manage.blade.php | 4 +- .../Client/Server/SettingsControllerTest.php | 6 +- .../Servers/ServerCreationServiceTest.php | 2 +- .../StartupModificationServiceTest.php | 2 +- .../Servers/SuspensionServiceTest.php | 15 ++--- .../Server/AccessingValidServerTest.php | 8 +-- 24 files changed, 115 insertions(+), 59 deletions(-) create mode 100644 database/migrations/2021_01_17_152623_add_generic_server_status_column.php diff --git a/app/Http/Controllers/Admin/Servers/ServerViewController.php b/app/Http/Controllers/Admin/Servers/ServerViewController.php index 5c2440b24..64c2b7f49 100644 --- a/app/Http/Controllers/Admin/Servers/ServerViewController.php +++ b/app/Http/Controllers/Admin/Servers/ServerViewController.php @@ -207,7 +207,7 @@ class ServerViewController extends Controller */ public function manage(Request $request, Server $server) { - if ($server->installed > 1) { + if ($server->status === Server::STATUS_INSTALL_FAILED) { throw new DisplayException( 'This server is in a failed install state and cannot be recovered. Please delete and re-create the server.' ); diff --git a/app/Http/Controllers/Admin/ServersController.php b/app/Http/Controllers/Admin/ServersController.php index bec5ac4aa..29016f792 100644 --- a/app/Http/Controllers/Admin/ServersController.php +++ b/app/Http/Controllers/Admin/ServersController.php @@ -228,12 +228,12 @@ class ServersController extends Controller */ public function toggleInstall(Server $server) { - if ($server->installed > 1) { + if ($server->status === Server::STATUS_INSTALL_FAILED) { throw new DisplayException(trans('admin/server.exceptions.marked_as_failed')); } $this->repository->update($server->id, [ - 'installed' => ! $server->installed, + 'status' => $server->isInstalled() ? Server::STATUS_INSTALLING : null, ], true, true); $this->alert->success(trans('admin/server.alerts.install_toggled'))->flash(); diff --git a/app/Http/Controllers/Api/Remote/SftpAuthenticationController.php b/app/Http/Controllers/Api/Remote/SftpAuthenticationController.php index cab532e81..efa6fe48c 100644 --- a/app/Http/Controllers/Api/Remote/SftpAuthenticationController.php +++ b/app/Http/Controllers/Api/Remote/SftpAuthenticationController.php @@ -118,10 +118,8 @@ class SftpAuthenticationController extends Controller // Remember, for security purposes, only reveal the existence of the server to people that // have provided valid credentials, and have permissions to know about it. - if ($server->installed !== 1 || $server->suspended) { - throw new BadRequestHttpException( - 'Server is not installed or is currently suspended.' - ); + if ($server->isSuspended() || !$server->isInstalled()) { + throw new BadRequestHttpException('Server is not installed or is currently suspended.'); } return new JsonResponse([ diff --git a/app/Http/Middleware/Admin/Servers/ServerInstalled.php b/app/Http/Middleware/Admin/Servers/ServerInstalled.php index 2f0a384f3..69c7d5488 100644 --- a/app/Http/Middleware/Admin/Servers/ServerInstalled.php +++ b/app/Http/Middleware/Admin/Servers/ServerInstalled.php @@ -29,7 +29,7 @@ class ServerInstalled ); } - if ($server->installed !== 1) { + if (! $server->isInstalled()) { throw new HttpException( Response::HTTP_FORBIDDEN, 'Access to this resource is not allowed due to the current installation state.' ); diff --git a/app/Http/Middleware/Api/Client/Server/AuthenticateServerAccess.php b/app/Http/Middleware/Api/Client/Server/AuthenticateServerAccess.php index e9eaa143e..902a5e4df 100644 --- a/app/Http/Middleware/Api/Client/Server/AuthenticateServerAccess.php +++ b/app/Http/Middleware/Api/Client/Server/AuthenticateServerAccess.php @@ -64,7 +64,7 @@ class AuthenticateServerAccess } } - if ($server->suspended && ! $request->routeIs('api:client:server.resources')) { + if ($server->isSuspended() && ! $request->routeIs('api:client:server.resources')) { throw new BadRequestHttpException( 'This server is currently suspended and the functionality requested is unavailable.' ); diff --git a/app/Http/Middleware/Server/AccessingValidServer.php b/app/Http/Middleware/Server/AccessingValidServer.php index 2491414c7..77a9e0beb 100644 --- a/app/Http/Middleware/Server/AccessingValidServer.php +++ b/app/Http/Middleware/Server/AccessingValidServer.php @@ -63,7 +63,7 @@ class AccessingValidServer $isApiRequest = $request->expectsJson() || $request->is(...$this->config->get('pterodactyl.json_routes', [])); $server = $this->repository->getByUuid($attributes instanceof Server ? $attributes->uuid : $attributes); - if ($server->suspended) { + if ($server->isSuspended()) { if ($isApiRequest) { throw new AccessDeniedHttpException('Server is suspended and cannot be accessed.'); } @@ -73,7 +73,7 @@ class AccessingValidServer // Servers can have install statuses other than 1 or 0, so don't check // for a bool-type operator here. - if ($server->installed !== 1) { + if (! $server->isInstalled()) { if ($isApiRequest) { throw new ConflictHttpException('Server is still completing the installation process.'); } diff --git a/app/Models/Server.php b/app/Models/Server.php index b65ef662e..775fbf3c3 100644 --- a/app/Models/Server.php +++ b/app/Models/Server.php @@ -15,8 +15,8 @@ use Znck\Eloquent\Traits\BelongsToThrough; * @property int $node_id * @property string $name * @property string $description + * @property string|null $status * @property bool $skip_scripts - * @property bool $suspended * @property int $owner_id * @property int $memory * @property int $swap @@ -30,7 +30,6 @@ use Znck\Eloquent\Traits\BelongsToThrough; * @property int $egg_id * @property string $startup * @property string $image - * @property int $installed * @property int $allocation_limit * @property int $database_limit * @property int $backup_limit @@ -64,9 +63,9 @@ class Server extends Model */ const RESOURCE_NAME = 'server'; - const STATUS_INSTALLING = 0; - const STATUS_INSTALLED = 1; - const STATUS_INSTALL_FAILED = 2; + const STATUS_INSTALLING = 'installing'; + const STATUS_INSTALL_FAILED = 'install_failed'; + const STATUS_SUSPENDED = 'suspended'; /** * The table associated with the model. @@ -82,6 +81,7 @@ class Server extends Model * @var array */ protected $attributes = [ + 'status' => self::STATUS_INSTALLING, 'oom_disabled' => true, ]; @@ -104,7 +104,7 @@ class Server extends Model * * @var array */ - protected $guarded = ['id', 'installed', self::CREATED_AT, self::UPDATED_AT, 'deleted_at']; + protected $guarded = ['id', self::CREATED_AT, self::UPDATED_AT, 'deleted_at']; /** * @var array @@ -115,6 +115,7 @@ class Server extends Model 'name' => 'required|string|min:1|max:191', 'node_id' => 'required|exists:nodes,id', 'description' => 'string', + 'status' => 'nullable|string', 'memory' => 'required|numeric|min:0', 'swap' => 'required|numeric|min:-1', 'io' => 'required|numeric|between:10,1000', @@ -142,7 +143,6 @@ class Server extends Model protected $casts = [ 'node_id' => 'integer', 'skip_scripts' => 'boolean', - 'suspended' => 'boolean', 'owner_id' => 'integer', 'memory' => 'integer', 'swap' => 'integer', @@ -153,7 +153,6 @@ class Server extends Model 'allocation_id' => 'integer', 'nest_id' => 'integer', 'egg_id' => 'integer', - 'installed' => 'integer', 'database_limit' => 'integer', 'allocation_limit' => 'integer', 'backup_limit' => 'integer', @@ -176,7 +175,12 @@ class Server extends Model */ public function isInstalled(): bool { - return $this->installed === 1; + return $this->status !== self::STATUS_INSTALLING && $this->status !== self::STATUS_INSTALL_FAILED; + } + + public function isSuspended(): bool + { + return $this->status === self::STATUS_SUSPENDED; } /** diff --git a/app/Services/Servers/ReinstallServerService.php b/app/Services/Servers/ReinstallServerService.php index 6f5b56083..b922464ca 100644 --- a/app/Services/Servers/ReinstallServerService.php +++ b/app/Services/Servers/ReinstallServerService.php @@ -44,7 +44,7 @@ class ReinstallServerService public function handle(Server $server) { return $this->connection->transaction(function () use ($server) { - $server->forceFill(['installed' => Server::STATUS_INSTALLING])->save(); + $server->fill(['status' => Server::STATUS_INSTALLING])->save(); $this->daemonServerRepository->setServer($server)->reinstall(); diff --git a/app/Services/Servers/ServerConfigurationStructureService.php b/app/Services/Servers/ServerConfigurationStructureService.php index b942a270a..1bffdb547 100644 --- a/app/Services/Servers/ServerConfigurationStructureService.php +++ b/app/Services/Servers/ServerConfigurationStructureService.php @@ -60,7 +60,7 @@ class ServerConfigurationStructureService { return [ 'uuid' => $server->uuid, - 'suspended' => $server->suspended, + 'suspended' => $server->isSuspended(), 'environment' => $this->environment->handle($server), 'invocation' => $server->startup, 'skip_egg_scripts' => $server->skip_scripts, @@ -137,7 +137,7 @@ class ServerConfigurationStructureService 'skip_scripts' => $server->skip_scripts, ], 'rebuild' => false, - 'suspended' => (int)$server->suspended, + 'suspended' => $server->isSuspended() ? 1 : 0, ]; } } diff --git a/app/Services/Servers/ServerCreationService.php b/app/Services/Servers/ServerCreationService.php index 76d371ab2..7c11dab9b 100644 --- a/app/Services/Servers/ServerCreationService.php +++ b/app/Services/Servers/ServerCreationService.php @@ -229,8 +229,8 @@ class ServerCreationService 'node_id' => Arr::get($data, 'node_id'), 'name' => Arr::get($data, 'name'), 'description' => Arr::get($data, 'description') ?? '', + 'status' => Server::STATUS_INSTALLING, 'skip_scripts' => Arr::get($data, 'skip_scripts') ?? isset($data['skip_scripts']), - 'suspended' => false, 'owner_id' => Arr::get($data, 'owner_id'), 'memory' => Arr::get($data, 'memory'), 'swap' => Arr::get($data, 'swap'), diff --git a/app/Services/Servers/SuspensionService.php b/app/Services/Servers/SuspensionService.php index 87fd0a334..3f3035cb0 100644 --- a/app/Services/Servers/SuspensionService.php +++ b/app/Services/Servers/SuspensionService.php @@ -6,7 +6,6 @@ use Webmozart\Assert\Assert; use Pterodactyl\Models\Server; use Illuminate\Database\ConnectionInterface; use Pterodactyl\Repositories\Wings\DaemonServerRepository; -use Symfony\Component\HttpKernel\Exception\ConflictHttpException; use Pterodactyl\Exceptions\Http\Server\ServerTransferringException; class SuspensionService @@ -54,7 +53,7 @@ class SuspensionService // Nothing needs to happen if we're suspending the server and it is already // suspended in the database. Additionally, nothing needs to happen if the server // is not suspended and we try to un-suspend the instance. - if ($isSuspending === $server->suspended) { + if ($isSuspending === $server->isSuspended()) { return; } @@ -63,9 +62,9 @@ class SuspensionService throw new ServerTransferringException; } - $this->connection->transaction(function () use ($action, $server) { + $this->connection->transaction(function () use ($action, $server, $isSuspending) { $server->update([ - 'suspended' => $action === self::ACTION_SUSPEND, + 'status' => $isSuspending ? Server::STATUS_SUSPENDED : null, ]); // Only send the suspension request to wings if the server is not currently being transferred. diff --git a/app/Transformers/Api/Application/ServerTransformer.php b/app/Transformers/Api/Application/ServerTransformer.php index 10c343d8c..70a346247 100644 --- a/app/Transformers/Api/Application/ServerTransformer.php +++ b/app/Transformers/Api/Application/ServerTransformer.php @@ -66,7 +66,7 @@ class ServerTransformer extends BaseTransformer 'identifier' => $server->uuidShort, 'name' => $server->name, 'description' => $server->description, - 'suspended' => (bool) $server->suspended, + 'suspended' => $server->isSuspended(), 'limits' => [ 'memory' => $server->memory, 'swap' => $server->swap, @@ -88,7 +88,7 @@ class ServerTransformer extends BaseTransformer 'container' => [ 'startup_command' => $server->startup, 'image' => $server->image, - 'installed' => (int) $server->installed === 1, + 'installed' => $server->isInstalled() ? 1 : 0, 'environment' => $this->environmentService->handle($server), ], $server->getUpdatedAtColumn() => $this->formatTimestamp($server->updated_at), diff --git a/app/Transformers/Api/Client/ServerTransformer.php b/app/Transformers/Api/Client/ServerTransformer.php index 0673f9b57..79102bb33 100644 --- a/app/Transformers/Api/Client/ServerTransformer.php +++ b/app/Transformers/Api/Client/ServerTransformer.php @@ -70,8 +70,8 @@ class ServerTransformer extends BaseClientTransformer 'allocations' => $server->allocation_limit, 'backups' => $server->backup_limit, ], - 'is_suspended' => $server->suspended, - 'is_installing' => $server->installed !== 1, + 'is_suspended' => $server->isSuspended(), + 'is_installing' => ! $server->isInstalled(), 'is_transferring' => ! is_null($server->transfer), ]; } diff --git a/database/factories/ModelFactory.php b/database/factories/ModelFactory.php index 4997a9b6f..f48c8e6e7 100644 --- a/database/factories/ModelFactory.php +++ b/database/factories/ModelFactory.php @@ -27,14 +27,13 @@ $factory->define(Pterodactyl\Models\Server::class, function (Faker $faker) { 'name' => $faker->firstName, 'description' => implode(' ', $faker->sentences()), 'skip_scripts' => 0, - 'suspended' => 0, + 'status' => null, 'memory' => 512, 'swap' => 0, 'disk' => 512, 'io' => 500, 'cpu' => 0, 'oom_disabled' => 0, - 'installed' => 1, 'database_limit' => null, 'allocation_limit' => null, 'created_at' => Carbon::now(), diff --git a/database/migrations/2021_01_17_152623_add_generic_server_status_column.php b/database/migrations/2021_01_17_152623_add_generic_server_status_column.php new file mode 100644 index 000000000..536b5642b --- /dev/null +++ b/database/migrations/2021_01_17_152623_add_generic_server_status_column.php @@ -0,0 +1,55 @@ +string('status')->nullable()->after('description'); + }); + + DB::transaction(function () { + DB::update('UPDATE servers SET `status` = \'suspended\' WHERE `suspended` = 1'); + DB::update('UPDATE servers SET `status` = \'installing\' WHERE `installed` = 0'); + DB::update('UPDATE servers SET `status` = \'install_failed\' WHERE `installed` = 2'); + }); + + Schema::table('servers', function (Blueprint $table) { + $table->dropColumn('suspended'); + $table->dropColumn('installed'); + }); + } + + /** + * Reverse the migrations. + * + * @return void + */ + public function down() + { + Schema::table('servers', function (Blueprint $table) { + $table->unsignedTinyInteger('suspended')->default(0); + $table->unsignedTinyInteger('installed')->default(0); + }); + + DB::transaction(function () { + DB::update('UPDATE servers SET `suspended` = 1 WHERE `status` = \'suspended\''); + DB::update('UPDATE servers SET `installed` = 1 WHERE `status` IS NULL'); + DB::update('UPDATE servers SET `installed` = 2 WHERE `status` = \'install_failed\''); + }); + + Schema::table('servers', function (Blueprint $table) { + $table->dropColumn('status'); + }); + } +} diff --git a/resources/views/admin/servers/index.blade.php b/resources/views/admin/servers/index.blade.php index ce039944f..e152158ce 100644 --- a/resources/views/admin/servers/index.blade.php +++ b/resources/views/admin/servers/index.blade.php @@ -57,9 +57,9 @@ {{ $server->allocation->alias }}:{{ $server->allocation->port }} - @if($server->suspended) + @if($server->isSuspended()) Suspended - @elseif(! $server->installed) + @elseif(! $server->isInstalled()) Installing @else Active diff --git a/resources/views/admin/servers/partials/navigation.blade.php b/resources/views/admin/servers/partials/navigation.blade.php index 0474787de..964eac8e3 100644 --- a/resources/views/admin/servers/partials/navigation.blade.php +++ b/resources/views/admin/servers/partials/navigation.blade.php @@ -8,7 +8,7 @@
  • About
    • - @if($server->installed === 1) + @if($server->isInstalled())
  • Details
    • diff --git a/resources/views/admin/servers/view/index.blade.php b/resources/views/admin/servers/view/index.blade.php index 0a563db3f..4e8078ef8 100644 --- a/resources/views/admin/servers/view/index.blade.php +++ b/resources/views/admin/servers/view/index.blade.php @@ -133,7 +133,7 @@
    - @if($server->suspended) + @if($server->isSuspended())
    @@ -142,11 +142,11 @@
    @endif - @if($server->installed !== 1) + @if(!$server->isInstalled())
    -
    +
    -

    {{ (! $server->installed) ? 'Installing' : 'Install Failed' }}

    +

    {{ (! $server->isInstalled()) ? 'Installing' : 'Install Failed' }}

    diff --git a/resources/views/admin/servers/view/manage.blade.php b/resources/views/admin/servers/view/manage.blade.php index 9962cfddf..abea741f0 100644 --- a/resources/views/admin/servers/view/manage.blade.php +++ b/resources/views/admin/servers/view/manage.blade.php @@ -31,7 +31,7 @@

    This will reinstall the server with the assigned service scripts. Danger! This could overwrite server data.

    - @if($server->installed === 1) + @if($server->isInstalled())
    {!! csrf_field() !!} @@ -59,7 +59,7 @@
    - @if(! $server->suspended) + @if(! $server->isSuspended())
    diff --git a/tests/Integration/Api/Client/Server/SettingsControllerTest.php b/tests/Integration/Api/Client/Server/SettingsControllerTest.php index 44a850a7c..dc52601b9 100644 --- a/tests/Integration/Api/Client/Server/SettingsControllerTest.php +++ b/tests/Integration/Api/Client/Server/SettingsControllerTest.php @@ -73,7 +73,7 @@ class SettingsControllerTest extends ClientApiIntegrationTestCase { /** @var \Pterodactyl\Models\Server $server */ [$user, $server] = $this->generateTestAccount($permissions); - $this->assertSame(Server::STATUS_INSTALLED, $server->installed); + $this->assertTrue($server->isInstalled()); $service = Mockery::mock(DaemonServerRepository::class); $this->app->instance(DaemonServerRepository::class, $service); @@ -91,7 +91,7 @@ class SettingsControllerTest extends ClientApiIntegrationTestCase ->assertStatus(Response::HTTP_ACCEPTED); $server = $server->refresh(); - $this->assertSame(Server::STATUS_INSTALLING, $server->installed); + $this->assertSame(Server::STATUS_INSTALLING, $server->status); } /** @@ -107,7 +107,7 @@ class SettingsControllerTest extends ClientApiIntegrationTestCase ->assertStatus(Response::HTTP_FORBIDDEN); $server = $server->refresh(); - $this->assertSame(Server::STATUS_INSTALLED, $server->installed); + $this->assertTrue($server->isInstalled()); } /** diff --git a/tests/Integration/Services/Servers/ServerCreationServiceTest.php b/tests/Integration/Services/Servers/ServerCreationServiceTest.php index daf198f22..ad6a5dc5d 100644 --- a/tests/Integration/Services/Servers/ServerCreationServiceTest.php +++ b/tests/Integration/Services/Servers/ServerCreationServiceTest.php @@ -142,7 +142,7 @@ class ServerCreationServiceTest extends IntegrationTestCase $this->assertSame($allocations[0]->id, $response->allocations[0]->id); $this->assertSame($allocations[4]->id, $response->allocations[1]->id); - $this->assertFalse($response->suspended); + $this->assertFalse($response->isSuspended()); $this->assertTrue($response->oom_disabled); $this->assertSame(0, $response->database_limit); $this->assertSame(0, $response->allocation_limit); diff --git a/tests/Integration/Services/Servers/StartupModificationServiceTest.php b/tests/Integration/Services/Servers/StartupModificationServiceTest.php index 84fee3be8..6645af0fa 100644 --- a/tests/Integration/Services/Servers/StartupModificationServiceTest.php +++ b/tests/Integration/Services/Servers/StartupModificationServiceTest.php @@ -98,7 +98,7 @@ class StartupModificationServiceTest extends IntegrationTestCase $this->assertTrue($response->skip_scripts); // Make sure we don't revert back to a lurking bug that causes servers to get marked // as not installed when you modify the startup... - $this->assertSame(1, $response->installed); + $this->assertTrue($response->isInstalled()); } /** diff --git a/tests/Integration/Services/Servers/SuspensionServiceTest.php b/tests/Integration/Services/Servers/SuspensionServiceTest.php index 92822aaa1..61d018364 100644 --- a/tests/Integration/Services/Servers/SuspensionServiceTest.php +++ b/tests/Integration/Services/Servers/SuspensionServiceTest.php @@ -4,6 +4,7 @@ namespace Pterodactyl\Tests\Integration\Services\Servers; use Mockery; use InvalidArgumentException; +use Pterodactyl\Models\Server; use Pterodactyl\Services\Servers\SuspensionService; use Pterodactyl\Tests\Integration\IntegrationTestCase; use Pterodactyl\Repositories\Wings\DaemonServerRepository; @@ -26,7 +27,7 @@ class SuspensionServiceTest extends IntegrationTestCase public function testServerIsSuspendedAndUnsuspended() { - $server = $this->createServerModel(['suspended' => false]); + $server = $this->createServerModel(); $this->repository->expects('setServer')->twice()->andReturnSelf(); $this->repository->expects('suspend')->with(false)->andReturnUndefined(); @@ -34,30 +35,30 @@ class SuspensionServiceTest extends IntegrationTestCase $this->getService()->toggle($server, SuspensionService::ACTION_SUSPEND); $server->refresh(); - $this->assertTrue($server->suspended); + $this->assertTrue($server->isSuspended()); $this->repository->expects('suspend')->with(true)->andReturnUndefined(); $this->getService()->toggle($server, SuspensionService::ACTION_UNSUSPEND); $server->refresh(); - $this->assertFalse($server->suspended); + $this->assertFalse($server->isSuspended()); } public function testNoActionIsTakenIfSuspensionStatusIsUnchanged() { - $server = $this->createServerModel(['suspended' => false]); + $server = $this->createServerModel(); $this->getService()->toggle($server, SuspensionService::ACTION_UNSUSPEND); $server->refresh(); - $this->assertFalse($server->suspended); + $this->assertFalse($server->isSuspended()); - $server->update(['suspended' => true]); + $server->update(['status' => Server::STATUS_SUSPENDED]); $this->getService()->toggle($server, SuspensionService::ACTION_SUSPEND); $server->refresh(); - $this->assertTrue($server->suspended); + $this->assertTrue($server->isSuspended()); } public function testExceptionIsThrownIfInvalidActionsArePassed() diff --git a/tests/Unit/Http/Middleware/Server/AccessingValidServerTest.php b/tests/Unit/Http/Middleware/Server/AccessingValidServerTest.php index 5cedbd9b9..1ecef153b 100644 --- a/tests/Unit/Http/Middleware/Server/AccessingValidServerTest.php +++ b/tests/Unit/Http/Middleware/Server/AccessingValidServerTest.php @@ -49,7 +49,7 @@ class AccessingValidServerTest extends MiddlewareTestCase $this->expectException(AccessDeniedHttpException::class); $this->expectExceptionMessage('Server is suspended and cannot be accessed.'); - $model = factory(Server::class)->make(['suspended' => 1]); + $model = factory(Server::class)->make(['status' => Server::STATUS_SUSPENDED]); $this->request->shouldReceive('route->parameter')->with('server')->once()->andReturn('123456'); $this->request->shouldReceive('expectsJson')->withNoArgs()->once()->andReturn(true); @@ -126,9 +126,9 @@ class AccessingValidServerTest extends MiddlewareTestCase $this->refreshApplication(); return [ - [factory(Server::class)->make(['suspended' => 1]), 'errors.suspended', 403], - [factory(Server::class)->make(['installed' => 0]), 'errors.installing', 409], - [factory(Server::class)->make(['installed' => 2]), 'errors.installing', 409], + [factory(Server::class)->make(['status' => Server::STATUS_SUSPENDED]), 'errors.suspended', 403], + [factory(Server::class)->make(['status' => Server::STATUS_INSTALLING]), 'errors.installing', 409], + [factory(Server::class)->make(['status' => Server::STATUS_INSTALL_FAILED]), 'errors.installing', 409], ]; } From cb40b280a4fd030dbc35e340f9b97af29b0bf883 Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sun, 17 Jan 2021 15:55:46 -0800 Subject: [PATCH 07/24] Fix single failing test --- .../Api/Remote/Servers/ServerInstallController.php | 12 ++++++++---- app/Models/Server.php | 1 - .../Middleware/Server/AccessingValidServerTest.php | 2 +- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/app/Http/Controllers/Api/Remote/Servers/ServerInstallController.php b/app/Http/Controllers/Api/Remote/Servers/ServerInstallController.php index 530832d4e..976493835 100644 --- a/app/Http/Controllers/Api/Remote/Servers/ServerInstallController.php +++ b/app/Http/Controllers/Api/Remote/Servers/ServerInstallController.php @@ -4,6 +4,7 @@ namespace Pterodactyl\Http\Controllers\Api\Remote\Servers; use Illuminate\Http\Request; use Illuminate\Http\Response; +use Pterodactyl\Models\Server; use Illuminate\Http\JsonResponse; use Pterodactyl\Http\Controllers\Controller; use Pterodactyl\Repositories\Eloquent\ServerRepository; @@ -61,10 +62,13 @@ class ServerInstallController extends Controller { $server = $this->repository->getByUuid($uuid); - $this->repository->update($server->id, [ - 'installed' => (string) $request->input('successful') === '1' ? 1 : 2, - ], true, true); + $status = $request->input('successful') === '1' ? null : Server::STATUS_INSTALL_FAILED; + if ($server->status === Server::STATUS_SUSPENDED) { + $status = Server::STATUS_SUSPENDED + } - return JsonResponse::create([], Response::HTTP_NO_CONTENT); + $this->repository->update($server->id, ['status' => $status], true, true); + + return new JsonResponse([], Response::HTTP_NO_CONTENT); } } diff --git a/app/Models/Server.php b/app/Models/Server.php index 775fbf3c3..0f8597224 100644 --- a/app/Models/Server.php +++ b/app/Models/Server.php @@ -129,7 +129,6 @@ class Server extends Model 'startup' => 'required|string', 'skip_scripts' => 'sometimes|boolean', 'image' => 'required|string|max:191', - 'installed' => 'in:0,1,2', 'database_limit' => 'present|nullable|integer|min:0', 'allocation_limit' => 'sometimes|nullable|integer|min:0', 'backup_limit' => 'present|nullable|integer|min:0', diff --git a/tests/Unit/Http/Middleware/Server/AccessingValidServerTest.php b/tests/Unit/Http/Middleware/Server/AccessingValidServerTest.php index 1ecef153b..c092813cd 100644 --- a/tests/Unit/Http/Middleware/Server/AccessingValidServerTest.php +++ b/tests/Unit/Http/Middleware/Server/AccessingValidServerTest.php @@ -67,7 +67,7 @@ class AccessingValidServerTest extends MiddlewareTestCase $this->expectException(ConflictHttpException::class); $this->expectExceptionMessage('Server is still completing the installation process.'); - $model = factory(Server::class)->make(['installed' => 0]); + $model = factory(Server::class)->make(['status' => Server::STATUS_INSTALLING]); $this->request->shouldReceive('route->parameter')->with('server')->once()->andReturn('123456'); $this->request->shouldReceive('expectsJson')->withNoArgs()->once()->andReturn(true); From b38b8f64657ca1283f282787e7dc629db6201558 Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sun, 17 Jan 2021 16:02:11 -0800 Subject: [PATCH 08/24] Mark some fields as deprecated in the API --- app/Transformers/Api/Application/ServerTransformer.php | 3 +++ app/Transformers/Api/Client/ServerTransformer.php | 3 +++ 2 files changed, 6 insertions(+) diff --git a/app/Transformers/Api/Application/ServerTransformer.php b/app/Transformers/Api/Application/ServerTransformer.php index 70a346247..08fdd9b1c 100644 --- a/app/Transformers/Api/Application/ServerTransformer.php +++ b/app/Transformers/Api/Application/ServerTransformer.php @@ -66,6 +66,8 @@ class ServerTransformer extends BaseTransformer 'identifier' => $server->uuidShort, 'name' => $server->name, 'description' => $server->description, + 'status' => $server->status, + // This field is deprecated, please use "status". 'suspended' => $server->isSuspended(), 'limits' => [ 'memory' => $server->memory, @@ -88,6 +90,7 @@ class ServerTransformer extends BaseTransformer 'container' => [ 'startup_command' => $server->startup, 'image' => $server->image, + // This field is deprecated, please use "status". 'installed' => $server->isInstalled() ? 1 : 0, 'environment' => $this->environmentService->handle($server), ], diff --git a/app/Transformers/Api/Client/ServerTransformer.php b/app/Transformers/Api/Client/ServerTransformer.php index 79102bb33..18124325d 100644 --- a/app/Transformers/Api/Client/ServerTransformer.php +++ b/app/Transformers/Api/Client/ServerTransformer.php @@ -70,7 +70,10 @@ class ServerTransformer extends BaseClientTransformer 'allocations' => $server->allocation_limit, 'backups' => $server->backup_limit, ], + 'status' => $server->status, + // This field is deprecated, please use "status". 'is_suspended' => $server->isSuspended(), + // This field is deprecated, please use "status". 'is_installing' => ! $server->isInstalled(), 'is_transferring' => ! is_null($server->transfer), ]; From 8db3a0549853f75dc41c6a53e6e1ea4c6859eb62 Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sun, 17 Jan 2021 16:08:41 -0800 Subject: [PATCH 09/24] ;-; --- .../Controllers/Api/Remote/Servers/ServerInstallController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Http/Controllers/Api/Remote/Servers/ServerInstallController.php b/app/Http/Controllers/Api/Remote/Servers/ServerInstallController.php index 976493835..c8f09fe8f 100644 --- a/app/Http/Controllers/Api/Remote/Servers/ServerInstallController.php +++ b/app/Http/Controllers/Api/Remote/Servers/ServerInstallController.php @@ -64,7 +64,7 @@ class ServerInstallController extends Controller $status = $request->input('successful') === '1' ? null : Server::STATUS_INSTALL_FAILED; if ($server->status === Server::STATUS_SUSPENDED) { - $status = Server::STATUS_SUSPENDED + $status = Server::STATUS_SUSPENDED; } $this->repository->update($server->id, ['status' => $status], true, true); From 805952ac38454b4f0e673455b038d9dd6dbb736e Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sun, 17 Jan 2021 16:13:49 -0800 Subject: [PATCH 10/24] Update typescript bindings with new status field --- resources/scripts/api/server/getServer.ts | 12 +++++++++--- resources/scripts/api/server/types.d.ts | 2 ++ resources/scripts/components/dashboard/ServerRow.tsx | 8 ++++---- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/resources/scripts/api/server/getServer.ts b/resources/scripts/api/server/getServer.ts index 959149f9d..30dc0b2ff 100644 --- a/resources/scripts/api/server/getServer.ts +++ b/resources/scripts/api/server/getServer.ts @@ -1,6 +1,6 @@ import http, { FractalResponseData, FractalResponseList } from '@/api/http'; import { rawDataToServerAllocation, rawDataToServerEggVariable } from '@/api/transformers'; -import { ServerEggVariable } from '@/api/server/types'; +import { ServerEggVariable, ServerStatus } from '@/api/server/types'; export interface Allocation { id: number; @@ -17,6 +17,7 @@ export interface Server { uuid: string; name: string; node: string; + status: ServerStatus; sftpDetails: { ip: string; port: number; @@ -38,6 +39,10 @@ export interface Server { allocations: number; backups: number; }; + // Only isSuspended got marked as deprecated since the isInstalling is a nice helper + // since you'd have to check multiple potential values for that. isSuspended should + // be replaced with status !== 'suspended'. + /** @deprecated */ isSuspended: boolean; isInstalling: boolean; isTransferring: boolean; @@ -51,6 +56,7 @@ export const rawDataToServerObject = ({ attributes: data }: FractalResponseData) uuid: data.uuid, name: data.name, node: data.node, + status: data.status, invocation: data.invocation, dockerImage: data.docker_image, sftpDetails: { @@ -61,8 +67,8 @@ export const rawDataToServerObject = ({ attributes: data }: FractalResponseData) limits: { ...data.limits }, eggFeatures: data.egg_features || [], featureLimits: { ...data.feature_limits }, - isSuspended: data.is_suspended, - isInstalling: data.is_installing, + isSuspended: data.status === 'suspended', + isInstalling: data.status === 'installing' || data.status === 'install_failed', isTransferring: data.is_transferring, variables: ((data.relationships?.variables as FractalResponseList | undefined)?.data || []).map(rawDataToServerEggVariable), allocations: ((data.relationships?.allocations as FractalResponseList | undefined)?.data || []).map(rawDataToServerAllocation), diff --git a/resources/scripts/api/server/types.d.ts b/resources/scripts/api/server/types.d.ts index b37fae402..dd871162c 100644 --- a/resources/scripts/api/server/types.d.ts +++ b/resources/scripts/api/server/types.d.ts @@ -1,3 +1,5 @@ +export type ServerStatus = 'installing' | 'install_failed' | 'suspended' | 'restoring_backup' | null; + export interface ServerBackup { uuid: string; isSuccessful: boolean; diff --git a/resources/scripts/components/dashboard/ServerRow.tsx b/resources/scripts/components/dashboard/ServerRow.tsx index 7db977311..017f933b2 100644 --- a/resources/scripts/components/dashboard/ServerRow.tsx +++ b/resources/scripts/components/dashboard/ServerRow.tsx @@ -41,7 +41,7 @@ const StatusIndicatorBox = styled(GreyRowBox)<{ $status: ServerPowerState | unde export default ({ server, className }: { server: Server; className?: string }) => { const interval = useRef(null); - const [ isSuspended, setIsSuspended ] = useState(server.isSuspended); + const [ isSuspended, setIsSuspended ] = useState(server.status === 'suspended'); const [ stats, setStats ] = useState(null); const getStats = () => getServerResourceUsage(server.uuid) @@ -49,8 +49,8 @@ export default ({ server, className }: { server: Server; className?: string }) = .catch(error => console.error(error)); useEffect(() => { - setIsSuspended(stats?.isSuspended || server.isSuspended); - }, [ stats?.isSuspended, server.isSuspended ]); + setIsSuspended(stats?.isSuspended || server.status === 'suspended'); + }, [ stats?.isSuspended, server.status ]); useEffect(() => { // Don't waste a HTTP request if there is nothing important to show to the user because @@ -107,7 +107,7 @@ export default ({ server, className }: { server: Server; className?: string }) = isSuspended ?
    - {server.isSuspended ? 'Suspended' : 'Connection Error'} + {server.status === 'suspended' ? 'Suspended' : 'Connection Error'}
    : From 87371901c0a61a1e6ad1ead1734ca74fbf687aac Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sun, 17 Jan 2021 17:51:09 -0800 Subject: [PATCH 11/24] Add base logic to support sending a request to restore a backup for a server --- .../Api/Client/Servers/BackupController.php | 126 +++++++++++++-- .../Servers/DownloadBackupController.php | 144 ------------------ .../Servers/Backups/DeleteBackupRequest.php | 17 --- .../Servers/Backups/DownloadBackupRequest.php | 41 ----- .../Servers/Backups/GetBackupsRequest.php | 17 --- app/Models/Permission.php | 6 +- app/Models/Server.php | 1 + .../Wings/DaemonBackupRepository.php | 31 +++- app/Services/Backups/DownloadLinkService.php | 83 ++++++++++ 9 files changed, 229 insertions(+), 237 deletions(-) delete mode 100644 app/Http/Controllers/Api/Client/Servers/DownloadBackupController.php delete mode 100644 app/Http/Requests/Api/Client/Servers/Backups/DeleteBackupRequest.php delete mode 100644 app/Http/Requests/Api/Client/Servers/Backups/DownloadBackupRequest.php delete mode 100644 app/Http/Requests/Api/Client/Servers/Backups/GetBackupsRequest.php create mode 100644 app/Services/Backups/DownloadLinkService.php diff --git a/app/Http/Controllers/Api/Client/Servers/BackupController.php b/app/Http/Controllers/Api/Client/Servers/BackupController.php index c18aac3ac..3abeaaa1d 100644 --- a/app/Http/Controllers/Api/Client/Servers/BackupController.php +++ b/app/Http/Controllers/Api/Client/Servers/BackupController.php @@ -2,18 +2,21 @@ namespace Pterodactyl\Http\Controllers\Api\Client\Servers; +use Illuminate\Http\Request; use Pterodactyl\Models\Backup; use Pterodactyl\Models\Server; use Pterodactyl\Models\AuditLog; use Illuminate\Http\JsonResponse; +use Pterodactyl\Models\Permission; +use Illuminate\Validation\UnauthorizedException; use Pterodactyl\Services\Backups\DeleteBackupService; -use Pterodactyl\Repositories\Eloquent\BackupRepository; +use Pterodactyl\Services\Backups\DownloadLinkService; use Pterodactyl\Services\Backups\InitiateBackupService; use Pterodactyl\Transformers\Api\Client\BackupTransformer; +use Pterodactyl\Repositories\Wings\DaemonBackupRepository; use Pterodactyl\Http\Controllers\Api\Client\ClientApiController; -use Pterodactyl\Http\Requests\Api\Client\Servers\Backups\GetBackupsRequest; +use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; use Pterodactyl\Http\Requests\Api\Client\Servers\Backups\StoreBackupRequest; -use Pterodactyl\Http\Requests\Api\Client\Servers\Backups\DeleteBackupRequest; class BackupController extends ClientApiController { @@ -28,39 +31,51 @@ class BackupController extends ClientApiController private $deleteBackupService; /** - * @var \Pterodactyl\Repositories\Eloquent\BackupRepository + * @var \Pterodactyl\Services\Backups\DownloadLinkService + */ + private $downloadLinkService; + + /** + * @var \Pterodactyl\Repositories\Wings\DaemonBackupRepository */ private $repository; /** * BackupController constructor. * - * @param \Pterodactyl\Repositories\Eloquent\BackupRepository $repository + * @param \Pterodactyl\Repositories\Wings\DaemonBackupRepository $repository * @param \Pterodactyl\Services\Backups\DeleteBackupService $deleteBackupService * @param \Pterodactyl\Services\Backups\InitiateBackupService $initiateBackupService + * @param \Pterodactyl\Services\Backups\DownloadLinkService $downloadLinkService */ public function __construct( - BackupRepository $repository, + DaemonBackupRepository $repository, DeleteBackupService $deleteBackupService, - InitiateBackupService $initiateBackupService + InitiateBackupService $initiateBackupService, + DownloadLinkService $downloadLinkService ) { parent::__construct(); + $this->repository = $repository; $this->initiateBackupService = $initiateBackupService; $this->deleteBackupService = $deleteBackupService; - $this->repository = $repository; + $this->downloadLinkService = $downloadLinkService; } /** * Returns all of the backups for a given server instance in a paginated * result set. * - * @param \Pterodactyl\Http\Requests\Api\Client\Servers\Backups\GetBackupsRequest $request + * @param \Illuminate\Http\Request $request * @param \Pterodactyl\Models\Server $server * @return array */ - public function index(GetBackupsRequest $request, Server $server) + public function index(Request $request, Server $server) { + if (! $request->user()->can(Permission::ACTION_BACKUP_READ, $server)) { + throw new UnauthorizedException; + } + $limit = min($request->query('per_page') ?? 20, 50); return $this->fractal->collection($server->backups()->paginate($limit)) @@ -100,13 +115,17 @@ class BackupController extends ClientApiController /** * Returns information about a single backup. * - * @param \Pterodactyl\Http\Requests\Api\Client\Servers\Backups\GetBackupsRequest $request + * @param \Illuminate\Http\Request $request * @param \Pterodactyl\Models\Server $server * @param \Pterodactyl\Models\Backup $backup * @return array */ - public function view(GetBackupsRequest $request, Server $server, Backup $backup) + public function view(Request $request, Server $server, Backup $backup) { + if (! $request->user()->can(Permission::ACTION_BACKUP_READ, $server)) { + throw new UnauthorizedException; + } + return $this->fractal->item($backup) ->transformWith($this->getTransformer(BackupTransformer::class)) ->toArray(); @@ -116,15 +135,19 @@ class BackupController extends ClientApiController * Deletes a backup from the panel as well as the remote source where it is currently * being stored. * - * @param \Pterodactyl\Http\Requests\Api\Client\Servers\Backups\DeleteBackupRequest $request + * @param \Illuminate\Http\Request $request * @param \Pterodactyl\Models\Server $server * @param \Pterodactyl\Models\Backup $backup * @return \Illuminate\Http\JsonResponse * * @throws \Throwable */ - public function delete(DeleteBackupRequest $request, Server $server, Backup $backup) + public function delete(Request $request, Server $server, Backup $backup) { + if (! $request->user()->can(Permission::ACTION_BACKUP_DELETE, $server)) { + throw new UnauthorizedException; + } + $server->audit(AuditLog::SERVER__BACKUP_DELETED, function (AuditLog $audit) use ($backup) { $audit->metadata = ['backup_uuid' => $backup->uuid]; @@ -133,4 +156,79 @@ class BackupController extends ClientApiController return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT); } + + /** + * Download the backup for a given server instance. For daemon local files, the file + * will be streamed back through the Panel. For AWS S3 files, a signed URL will be generated + * which the user is redirected to. + * + * @param \Illuminate\Http\Request $request + * @param \Pterodactyl\Models\Server $server + * @param \Pterodactyl\Models\Backup $backup + * @return \Illuminate\Http\JsonResponse + */ + public function download(Request $request, Server $server, Backup $backup) + { + if (! $request->user()->can(Permission::ACTION_BACKUP_DOWNLOAD, $server)) { + throw new UnauthorizedException; + } + + switch ($backup->disk) { + case Backup::ADAPTER_WINGS: + case Backup::ADAPTER_AWS_S3: + return new JsonResponse([ + 'object' => 'signed_url', + 'attributes' => ['url' => ''], + ]); + default: + throw new BadRequestHttpException; + } + } + + /** + * Handles restoring a backup by making a request to the Wings instance telling it + * to begin the process of finding (or downloading) the backup and unpacking it + * over the server files. + * + * If the "truncate" flag is passed through in this request then all of the + * files that currently exist on the server will be deleted before restoring. + * Otherwise the archive will simply be unpacked over the existing files. + * + * @param \Illuminate\Http\Request $request + * @param \Pterodactyl\Models\Server $server + * @param \Pterodactyl\Models\Backup $backup + * @return \Illuminate\Http\JsonResponse + * + * @throws \Throwable + */ + public function restore(Request $request, Server $server, Backup $backup) + { + if (! $request->user()->can(Permission::ACTION_BACKUP_RESTORE, $server)) { + throw new UnauthorizedException; + } + + // Cannot restore a backup unless a server is fully installed and not currently + // processing a different backup restoration request. + if (! is_null($server->status)) { + throw new BadRequestHttpException('This server is not currently in a state that allows for a backup to be restored.'); + } + + $server->audit(AuditLog::SERVER__BACKUP_RESTORE_STARTED, function (AuditLog $audit, Server $server) use ($backup, $request) { + $audit->metadata = ['backup_uuid' => $backup->uuid]; + + // If the backup is for an S3 file we need to generate a unique Download link for + // it that will allow Wings to actually access the file. + if ($backup->disk === Backup::ADAPTER_AWS_S3) { + $url = $this->downloadLinkService->handle($backup, $request->user()); + } + + // Update the status right away for the server so that we know not to allow certain + // actions against it via the Panel API. + $server->update(['status' => Server::STATUS_RESTORING_BACKUP]); + + $this->repository->restore($backup, $url ?? null, $request->input('truncate') === 'true'); + }); + + return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT); + } } diff --git a/app/Http/Controllers/Api/Client/Servers/DownloadBackupController.php b/app/Http/Controllers/Api/Client/Servers/DownloadBackupController.php deleted file mode 100644 index 4c8b16a25..000000000 --- a/app/Http/Controllers/Api/Client/Servers/DownloadBackupController.php +++ /dev/null @@ -1,144 +0,0 @@ -daemonBackupRepository = $daemonBackupRepository; - $this->responseFactory = $responseFactory; - $this->jwtService = $jwtService; - $this->backupManager = $backupManager; - } - - /** - * Download the backup for a given server instance. For daemon local files, the file - * will be streamed back through the Panel. For AWS S3 files, a signed URL will be generated - * which the user is redirected to. - * - * @param \Pterodactyl\Http\Requests\Api\Client\Servers\Backups\DownloadBackupRequest $request - * @param \Pterodactyl\Models\Server $server - * @param \Pterodactyl\Models\Backup $backup - * @return \Illuminate\Http\JsonResponse - */ - public function __invoke(DownloadBackupRequest $request, Server $server, Backup $backup) - { - switch ($backup->disk) { - case Backup::ADAPTER_WINGS: - $url = $this->getLocalBackupUrl($backup, $server, $request->user()); - break; - case Backup::ADAPTER_AWS_S3: - $url = $this->getS3BackupUrl($backup, $server); - break; - default: - throw new BadRequestHttpException; - } - - return new JsonResponse([ - 'object' => 'signed_url', - 'attributes' => [ - 'url' => $url, - ], - ]); - } - - /** - * Returns a signed URL that allows us to download a file directly out of a non-public - * S3 bucket by using a signed URL. - * - * @param \Pterodactyl\Models\Backup $backup - * @param \Pterodactyl\Models\Server $server - * @return string - */ - protected function getS3BackupUrl(Backup $backup, Server $server) - { - /** @var \League\Flysystem\AwsS3v3\AwsS3Adapter $adapter */ - $adapter = $this->backupManager->adapter(Backup::ADAPTER_AWS_S3); - - $client = $adapter->getClient(); - - $request = $client->createPresignedRequest( - $client->getCommand('GetObject', [ - 'Bucket' => $adapter->getBucket(), - 'Key' => sprintf('%s/%s.tar.gz', $server->uuid, $backup->uuid), - 'ContentType' => 'application/x-gzip', - ]), - CarbonImmutable::now()->addMinutes(5) - ); - - return $request->getUri()->__toString(); - } - - /** - * Returns a download link a backup stored on a wings instance. - * - * @param \Pterodactyl\Models\Backup $backup - * @param \Pterodactyl\Models\Server $server - * @param \Pterodactyl\Models\User $user - * @return string - */ - protected function getLocalBackupUrl(Backup $backup, Server $server, User $user) - { - $token = $this->jwtService - ->setExpiresAt(CarbonImmutable::now()->addMinutes(15)) - ->setClaims([ - 'backup_uuid' => $backup->uuid, - 'server_uuid' => $server->uuid, - ]) - ->handle($server->node, $user->id . $server->uuid); - - return sprintf( - '%s/download/backup?token=%s', - $server->node->getConnectionAddress(), - $token->__toString() - ); - } -} diff --git a/app/Http/Requests/Api/Client/Servers/Backups/DeleteBackupRequest.php b/app/Http/Requests/Api/Client/Servers/Backups/DeleteBackupRequest.php deleted file mode 100644 index 33b68aabd..000000000 --- a/app/Http/Requests/Api/Client/Servers/Backups/DeleteBackupRequest.php +++ /dev/null @@ -1,17 +0,0 @@ -route()->parameter('server'); - /** @var \Pterodactyl\Models\Backup|mixed $backup */ - $backup = $this->route()->parameter('backup'); - - if ($server instanceof Server && $backup instanceof Backup) { - if ($server->exists && $backup->exists && $server->id === $backup->server_id) { - return true; - } - } - - return false; - } -} diff --git a/app/Http/Requests/Api/Client/Servers/Backups/GetBackupsRequest.php b/app/Http/Requests/Api/Client/Servers/Backups/GetBackupsRequest.php deleted file mode 100644 index f938906d1..000000000 --- a/app/Http/Requests/Api/Client/Servers/Backups/GetBackupsRequest.php +++ /dev/null @@ -1,17 +0,0 @@ - [ 'create' => 'Allows a user to create new backups for this server.', 'read' => 'Allows a user to view all backups that exist for this server.', - 'update' => '', 'delete' => 'Allows a user to remove backups from the system.', - 'download' => 'Allows a user to download backups.', + 'download' => 'Allows a user to download a backup for the server. Danger: this allows a user to access all files for the server in the backup.', + 'restore' => 'Allows a user to restore a backup for the server. Danger: this allows the user to delete all of the server files in the process.' ], ], diff --git a/app/Models/Server.php b/app/Models/Server.php index 0f8597224..58e5a9760 100644 --- a/app/Models/Server.php +++ b/app/Models/Server.php @@ -66,6 +66,7 @@ class Server extends Model const STATUS_INSTALLING = 'installing'; const STATUS_INSTALL_FAILED = 'install_failed'; const STATUS_SUSPENDED = 'suspended'; + const STATUS_RESTORING_BACKUP = 'restoring_backup'; /** * The table associated with the model. diff --git a/app/Repositories/Wings/DaemonBackupRepository.php b/app/Repositories/Wings/DaemonBackupRepository.php index 37156f213..782f39d62 100644 --- a/app/Repositories/Wings/DaemonBackupRepository.php +++ b/app/Repositories/Wings/DaemonBackupRepository.php @@ -2,7 +2,6 @@ namespace Pterodactyl\Repositories\Wings; -use Illuminate\Support\Arr; use Webmozart\Assert\Assert; use Pterodactyl\Models\Backup; use Pterodactyl\Models\Server; @@ -58,6 +57,36 @@ class DaemonBackupRepository extends DaemonRepository } } + /** + * Sends a request to Wings to begin restoring a backup for a server. + * + * @param \Pterodactyl\Models\Backup $backup + * @param string|null $url + * @param bool $truncate + * @return \Psr\Http\Message\ResponseInterface + * + * @throws \Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException + */ + public function restore(Backup $backup, string $url = null, bool $truncate = false): ResponseInterface + { + Assert::isInstanceOf($this->server, Server::class); + + try { + return $this->getHttpClient()->post( + sprintf('/api/servers/%s/backup/%s/restore', $this->server->uuid, $backup->uuid), + [ + 'json' => [ + 'adapter' => $backup->disk, + 'truncate_directory' => $truncate, + 'download_url' => $url ?? '', + ], + ] + ); + } catch (TransferException $exception) { + throw new DaemonConnectionException($exception); + } + } + /** * Deletes a backup from the daemon. * diff --git a/app/Services/Backups/DownloadLinkService.php b/app/Services/Backups/DownloadLinkService.php new file mode 100644 index 000000000..f08b96596 --- /dev/null +++ b/app/Services/Backups/DownloadLinkService.php @@ -0,0 +1,83 @@ +backupManager = $backupManager; + $this->jwtService = $jwtService; + } + + /** + * Returns the URL that allows for a backup to be downloaded by an individual + * user, or by the Wings control software. + * + * @param \Pterodactyl\Models\Backup $backup + * @param \Pterodactyl\Models\User $user + * @return string + */ + public function handle(Backup $backup, User $user): string + { + if ($backup->disk === Backup::ADAPTER_AWS_S3) { + return $this->getS3BackupUrl($backup); + } + + $token = $this->jwtService + ->setExpiresAt(CarbonImmutable::now()->addMinutes(15)) + ->setClaims([ + 'backup_uuid' => $backup->uuid, + 'server_uuid' => $backup->server->uuid, + ]) + ->handle($backup->server->node, $user->id . $backup->server->uuid); + + return sprintf('%s/download/backup?token=%s', $backup->server->node->getConnectionAddress(), $token->__toString()); + } + + /** + * Returns a signed URL that allows us to download a file directly out of a non-public + * S3 bucket by using a signed URL. + * + * @param \Pterodactyl\Models\Backup $backup + * @return string + */ + protected function getS3BackupUrl(Backup $backup) + { + /** @var \League\Flysystem\AwsS3v3\AwsS3Adapter $adapter */ + $adapter = $this->backupManager->adapter(Backup::ADAPTER_AWS_S3); + + $request = $adapter->getClient()->createPresignedRequest( + $adapter->getClient()->getCommand('GetObject', [ + 'Bucket' => $adapter->getBucket(), + 'Key' => sprintf('%s/%s.tar.gz', $backup->server->uuid, $backup->uuid), + 'ContentType' => 'application/x-gzip', + ]), + CarbonImmutable::now()->addMinutes(5) + ); + + return $request->getUri()->__toString(); + } +} From ddc4c8e54ba7cdd6db1670eec6b1e6e8cba8bb8d Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sun, 17 Jan 2021 17:57:34 -0800 Subject: [PATCH 12/24] Fix route def --- routes/api-client.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routes/api-client.php b/routes/api-client.php index a00938f55..b8ae48e95 100644 --- a/routes/api-client.php +++ b/routes/api-client.php @@ -103,7 +103,7 @@ Route::group(['prefix' => '/servers/{server}', 'middleware' => [AuthenticateServ Route::get('/', 'Servers\BackupController@index'); Route::post('/', 'Servers\BackupController@store'); Route::get('/{backup}', 'Servers\BackupController@view'); - Route::get('/{backup}/download', 'Servers\DownloadBackupController'); + Route::get('/{backup}/download', 'Servers\BackupController@download'); Route::delete('/{backup}', 'Servers\BackupController@delete'); }); From 187df97590191a9c83bf31ef28a5657be256597b Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sun, 17 Jan 2021 18:25:13 -0800 Subject: [PATCH 13/24] Add UI for restoring backup checkpoint text --- .../components/elements/ConfirmationModal.tsx | 7 ++-- .../server/backups/BackupContextMenu.tsx | 37 ++++++++++++++++++- routes/api-client.php | 1 + 3 files changed, 41 insertions(+), 4 deletions(-) diff --git a/resources/scripts/components/elements/ConfirmationModal.tsx b/resources/scripts/components/elements/ConfirmationModal.tsx index 7233731f5..faff242a5 100644 --- a/resources/scripts/components/elements/ConfirmationModal.tsx +++ b/resources/scripts/components/elements/ConfirmationModal.tsx @@ -7,18 +7,19 @@ import ModalContext from '@/context/ModalContext'; type Props = { title: string; buttonText: string; - children: string; onConfirmed: () => void; showSpinnerOverlay?: boolean; }; -const ConfirmationModal = ({ title, children, buttonText, onConfirmed }: Props) => { +const ConfirmationModal: React.FC = ({ title, children, buttonText, onConfirmed }) => { const { dismiss } = useContext(ModalContext); return ( <>

    {title}

    -

    {children}

    +
    + {children} +
    : - server.isInstalling ? + (server.isTransferring || server.status) ?
    - Installing + {server.isTransferring ? + 'Transferring' + : + server.status === 'installing' ? 'Installing' : ( + server.status === 'restoring_backup' ? + 'Restoring Backup' + : + 'Unavailable' + ) + }
    : - server.isTransferring ? -
    - - Transferring - -
    - : - + :