diff --git a/app/Http/Controllers/API/User/CoreController.php b/app/Http/Controllers/API/User/CoreController.php index e0e0cedea..dfc119d50 100644 --- a/app/Http/Controllers/API/User/CoreController.php +++ b/app/Http/Controllers/API/User/CoreController.php @@ -31,6 +31,12 @@ use Pterodactyl\Transformers\User\ServerTransformer; class CoreController extends Controller { + /** + * Controller to handle base user request for all of their servers. + * + * @param \Illuminate\Http\Request $request + * @return array + */ public function index(Request $request) { $servers = $request->user()->access('service', 'node', 'allocation', 'option')->get(); diff --git a/app/Http/Controllers/API/User/ServerController.php b/app/Http/Controllers/API/User/ServerController.php index b868cdb0e..15f455ce1 100644 --- a/app/Http/Controllers/API/User/ServerController.php +++ b/app/Http/Controllers/API/User/ServerController.php @@ -27,11 +27,20 @@ namespace Pterodactyl\Http\Controllers\API\User; use Fractal; use Illuminate\Http\Request; use Pterodactyl\Models\Server; +use GuzzleHttp\Exception\ConnectException; use Pterodactyl\Http\Controllers\Controller; use Pterodactyl\Transformers\User\ServerTransformer; +use Pterodactyl\Repositories\Daemon\PowerRepository; class ServerController extends Controller { + /** + * Controller to handle base request for individual server information. + * + * @param \Illuminate\Http\Request $request + * @param string $uuid + * @return array + */ public function index(Request $request, $uuid) { $server = Server::byUuid($uuid); @@ -46,13 +55,39 @@ class ServerController extends Controller return $fractal->transformWith(new ServerTransformer)->toArray(); } + /** + * Controller to handle request for server power toggle. + * + * @param \Illuminate\Http\Request $request + * @param string $uuid + * @return \Illuminate\Http\Response + */ public function power(Request $request, $uuid) { + $server = Server::byUuid($uuid); + $request->user()->can('power-' . $request->input('action'), $server); + $repo = new PowerRepository($server); + $repo->do($request->input('action')); + + return response('', 204)->header('Content-Type', 'application/json'); } + /** + * Controller to handle base request for individual server information. + * + * @param \Illuminate\Http\Request $request + * @param string $uuid + * @return \Illuminate\Http\Response + */ public function command(Request $request, $uuid) { + $server = Server::byUuid($uuid); + $request->user()->can('send-command', $server); + $repo = new CommandRepository($server); + $repo->send($request->input('command')); + + return response('', 204)->header('Content-Type', 'application/json'); } } diff --git a/app/Http/Middleware/HMACAuthorization.php b/app/Http/Middleware/HMACAuthorization.php index 75b6a0f79..6eac236a2 100644 --- a/app/Http/Middleware/HMACAuthorization.php +++ b/app/Http/Middleware/HMACAuthorization.php @@ -29,6 +29,7 @@ use Crypt; use Config; use Closure; use Response; +use Debugbar; use IPTools\IP; use IPTools\Range; use Illuminate\Http\Request; @@ -74,6 +75,7 @@ class HMACAuthorization */ public function __construct() { + Debugbar::disable(); Config::set('session.driver', 'array'); } diff --git a/app/Repositories/Daemon/CommandRepository.php b/app/Repositories/Daemon/CommandRepository.php index 51afc6105..b7149b453 100644 --- a/app/Repositories/Daemon/CommandRepository.php +++ b/app/Repositories/Daemon/CommandRepository.php @@ -25,6 +25,7 @@ namespace Pterodactyl\Repositories\Daemon; use Pterodactyl\Models; +use GuzzleHttp\Exception\ConnectException; use Pterodactyl\Exceptions\DisplayException; class CommandRepository @@ -60,20 +61,20 @@ class CommandRepository { // We don't use the user's specific daemon secret here since we // are assuming that a call to this function has been validated. - // Additionally not all calls to this will be from a logged in user. - // (e.g. task queue or API) try { - $response = $this->server->node->guzzleClient([ - 'X-Access-Token' => $this->server->daemonSecret, - 'X-Access-Server' => $this->server->uuid, - ])->request('POST', '/server/command', ['json' => ['command' => $command]]); + $response = $this->server->guzzleClient()->request('PUT', '/server/command', [ + 'http_errors' => false, + 'json' => [ + 'command' => $command, + ], + ]); if ($response->getStatusCode() < 200 || $response->getStatusCode() >= 300) { - throw new DisplayException('Command sending responded with a non-200 error code.'); + throw new DisplayException('Command sending responded with a non-200 error code (HTTP/' . $response->getStatusCode() . ').'); } return $response->getBody(); - } catch (\Exception $ex) { + } catch (ConnectException $ex) { throw $ex; } } diff --git a/app/Repositories/Daemon/PowerRepository.php b/app/Repositories/Daemon/PowerRepository.php index e4b4cbb18..bc5696986 100644 --- a/app/Repositories/Daemon/PowerRepository.php +++ b/app/Repositories/Daemon/PowerRepository.php @@ -25,6 +25,7 @@ namespace Pterodactyl\Repositories\Daemon; use Pterodactyl\Models; +use GuzzleHttp\Exception\ConnectException; use Pterodactyl\Exceptions\DisplayException; class PowerRepository @@ -60,20 +61,20 @@ class PowerRepository { // We don't use the user's specific daemon secret here since we // are assuming that a call to this function has been validated. - // Additionally not all calls to this will be from a logged in user. - // (e.g. task queue or API) try { - $response = $this->server->node->guzzleClient([ - 'X-Access-Token' => $this->server->daemonSecret, - 'X-Access-Server' => $this->server->uuid, - ])->request('PUT', '/server/power', ['json' => ['action' => $action]]); + $response = $this->server->guzzleClient()->request('PUT', '/server/power', [ + 'http_errors' => false, + 'json' => [ + 'action' => $action, + ], + ]); if ($response->getStatusCode() < 200 || $response->getStatusCode() >= 300) { - throw new DisplayException('Power status responded with a non-200 error code.'); + throw new DisplayException('Power toggle endpoint responded with a non-200 error code (HTTP/' . $response->getStatusCode() . ').'); } return $response->getBody(); - } catch (\Exception $ex) { + } catch (ConnectException $ex) { throw $ex; } }