More logic for deleting databases

Author: DaneEveritt

app/Http/Middleware/Api/Client/AuthenticateClientAccess.php

@@ -0,0 +1,57 @@
+<?php
+
+namespace Pterodactyl\Http\Middleware\Api\Client\Server;
+
+use Closure;
+use Illuminate\Http\Request;
+use Pterodactyl\Models\Server;
+use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
+use Symfony\Component\HttpKernel\Exception\ConflictHttpException;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+
+class AuthenticateServerAccess
+{
+    /**
+     * @var \Pterodactyl\Contracts\Repository\ServerRepositoryInterface
+     */
+    private $repository;
+
+    /**
+     * AuthenticateServerAccess constructor.
+     *
+     * @param \Pterodactyl\Contracts\Repository\ServerRepositoryInterface $repository
+     */
+    public function __construct(ServerRepositoryInterface $repository)
+    {
+        $this->repository = $repository;
+    }
+
+    /**
+     * Authenticate that this server exists and is not suspended or marked as installing.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure                 $next
+     * @return mixed
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        $server = $request->route()->parameter('server');
+
+        if (! $server instanceof Server) {
+            throw new NotFoundHttpException;
+        }
+
+        if ($server->suspended) {
+            throw new AccessDeniedHttpException('Cannot access a server that is marked as being suspended.');
+        }
+
+        if (! $server->isInstalled()) {
+            throw new ConflictHttpException('Server has not completed the installation process.');
+        }
+
+        $request->attributes->set('server', $server);
+
+        return $next($request);
+    }
+}

app/Http/Middleware/Api/Client/Server/AuthenticateServerAccess.php

@@ -18,15 +18,10 @@ public function permission(): string
     }
 
     /**
-     * Determine if the provided database even belongs to this server instance.
-     *
      * @return bool
      */
     public function resourceExists(): bool
     {
-        $server = $this->getModel(Server::class);
-        $database = $this->getModel(Database::class);
-
-        return $database->server_id === $server->id;
+        return $this->getModel(Server::class)->id === $this->getModel(Database::class)->server_id;
     }
 }

app/Http/Requests/Api/Client/Servers/Databases/DeleteDatabaseRequest.php

@@ -143,6 +143,14 @@ public function getTableColumns()
         return Schema::getColumnListing($this->getTable());
     }
 
+    /**
+     * @return bool
+     */
+    public function isInstalled(): bool
+    {
+        return $this->installed === 1;
+    }
+
     /**
      * Gets the user who owns the server.
      *

app/Models/Server.php

@@ -1,6 +1,6 @@
 <?php
 
-use Pterodactyl\Http\Middleware\Api\Client\AuthenticateClientAccess;
+use Pterodactyl\Http\Middleware\Api\Client\Server\AuthenticateServerAccess;
 
 /*
 |--------------------------------------------------------------------------
@@ -27,7 +27,7 @@
 | Endpoint: /api/client/servers/{server}
 |
 */
-Route::group(['prefix' => '/servers/{server}', 'middleware' => [AuthenticateClientAccess::class]], function () {
+Route::group(['prefix' => '/servers/{server}', 'middleware' => [AuthenticateServerAccess::class]], function () {
     Route::get('/', 'Servers\ServerController@index')->name('api.client.servers.view');
     Route::get('/utilization', 'Servers\ResourceUtilizationController@index')
         ->name('api.client.servers.resources');