Update allocations to support ids; protect endpoints; support notes

DaneEveritt · DaneEveritt · commit 2278927fb6e7 · 2020-07-09T20:36:08.000-07:00
diff --git a/app/Http/Controllers/Api/Client/Servers/NetworkAllocationController.php b/app/Http/Controllers/Api/Client/Servers/NetworkAllocationController.php
@@ -3,16 +3,19 @@
 namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
 
 use Pterodactyl\Models\Server;
+use Illuminate\Http\JsonResponse;
+use Pterodactyl\Models\Allocation;
 use Pterodactyl\Exceptions\DisplayException;
 use Pterodactyl\Repositories\Eloquent\ServerRepository;
-use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Pterodactyl\Repositories\Eloquent\AllocationRepository;
 use Pterodactyl\Transformers\Api\Client\AllocationTransformer;
 use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
 use Pterodactyl\Http\Requests\Api\Client\Servers\Network\GetNetworkRequest;
+use Pterodactyl\Http\Requests\Api\Client\Servers\Network\DeleteAllocationRequest;
+use Pterodactyl\Http\Requests\Api\Client\Servers\Network\UpdateAllocationRequest;
 use Pterodactyl\Http\Requests\Api\Client\Servers\Network\SetPrimaryAllocationRequest;
 
-class NetworkController extends ClientApiController
+class NetworkAllocationController extends ClientApiController
 {
     /**
      * @var \Pterodactyl\Repositories\Eloquent\AllocationRepository
@@ -55,36 +58,70 @@ public function index(GetNetworkRequest $request, Server $server): array
             ->toArray();
     }
 
+    /**
+     * Set the primary allocation for a server.
+     *
+     * @param \Pterodactyl\Http\Requests\Api\Client\Servers\Network\UpdateAllocationRequest $request
+     * @param \Pterodactyl\Models\Server $server
+     * @param \Pterodactyl\Models\Allocation $allocation
+     * @return array
+     *
+     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
+     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
+     */
+    public function update(UpdateAllocationRequest $request, Server $server, Allocation $allocation): array
+    {
+        $allocation = $this->repository->update($allocation->id, [
+            'notes' => $request->input('notes'),
+        ]);
+
+        return $this->fractal->item($allocation)
+            ->transformWith($this->getTransformer(AllocationTransformer::class))
+            ->toArray();
+    }
+
     /**
      * Set the primary allocation for a server.
      *
      * @param \Pterodactyl\Http\Requests\Api\Client\Servers\Network\SetPrimaryAllocationRequest $request
      * @param \Pterodactyl\Models\Server $server
+     * @param \Pterodactyl\Models\Allocation $allocation
      * @return array
      *
-     * @throws \Pterodactyl\Exceptions\DisplayException
+     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
      * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
+     */
+    public function setPrimary(SetPrimaryAllocationRequest $request, Server $server, Allocation $allocation): array
+    {
+        $this->serverRepository->update($server->id, ['allocation_id' => $allocation->id]);
+
+        return $this->fractal->item($allocation)
+            ->transformWith($this->getTransformer(AllocationTransformer::class))
+            ->toArray();
+    }
+
+    /**
+     * Delete an allocation from a server.
+     *
+     * @param \Pterodactyl\Http\Requests\Api\Client\Servers\Network\DeleteAllocationRequest $request
+     * @param \Pterodactyl\Models\Server $server
+     * @param \Pterodactyl\Models\Allocation $allocation
+     * @return \Illuminate\Http\JsonResponse
+     *
+     * @throws \Pterodactyl\Exceptions\DisplayException
      * @throws \Pterodactyl\Exceptions\Model\DataValidationException
+     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
      */
-    public function storePrimary(SetPrimaryAllocationRequest $request, Server $server): array
+    public function delete(DeleteAllocationRequest $request, Server $server, Allocation $allocation)
     {
-        try {
-            /** @var \Pterodactyl\Models\Allocation $allocation */
-            $allocation = $this->repository->findFirstWhere([
-                'server_id' => $server->id,
-                'ip' => $request->input('ip'),
-                'port' => $request->input('port'),
-            ]);
-        } catch (ModelNotFoundException $exception) {
+        if ($allocation->id === $server->allocation_id) {
             throw new DisplayException(
-                'The IP and port you selected are not available for this server.'
+                'Cannot delete the primary allocation for a server.'
             );
         }
 
-        $this->serverRepository->update($server->id, ['allocation_id' => $allocation->id]);
+        $this->repository->update($allocation->id, ['server_id' => null, 'notes' => null]);
 
-        return $this->fractal->item($allocation)
-            ->transformWith($this->getTransformer(AllocationTransformer::class))
-            ->toArray();
+        return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
     }
 }
diff --git a/app/Http/Middleware/Api/Client/Server/AllocationBelongsToServer.php b/app/Http/Middleware/Api/Client/Server/AllocationBelongsToServer.php
@@ -0,0 +1,33 @@
+<?php
+
+namespace Pterodactyl\Http\Middleware\Api\Client\Server;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+
+class AllocationBelongsToServer
+{
+    /**
+     * Ensure that the allocation found in the URL belongs to the server being queried.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure $next
+     * @return mixed
+     *
+     * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        /** @var \Pterodactyl\Models\Server $server */
+        $server = $request->route()->parameter('server');
+        /** @var \Pterodactyl\Models\Allocation|null $allocation */
+        $allocation = $request->route()->parameter('allocation');
+
+        if ($allocation && $allocation->server_id !== $server->id) {
+            throw new NotFoundHttpException;
+        }
+
+        return $next($request);
+    }
+}
diff --git a/app/Http/Middleware/Api/Client/SubstituteClientApiBindings.php b/app/Http/Middleware/Api/Client/SubstituteClientApiBindings.php
@@ -4,12 +4,12 @@
 
 use Closure;
 use Pterodactyl\Models\Backup;
+use Pterodactyl\Models\Database;
 use Illuminate\Container\Container;
 use Pterodactyl\Contracts\Extensions\HashidsInterface;
 use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings;
 use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
 use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
-use Pterodactyl\Contracts\Repository\DatabaseRepositoryInterface;
 
 class SubstituteClientApiBindings extends ApiSubstituteBindings
 {
@@ -43,17 +43,9 @@ public function handle($request, Closure $next)
         });
 
         $this->router->bind('database', function ($value) use ($request) {
-            try {
-                $id = Container::getInstance()->make(HashidsInterface::class)->decodeFirst($value);
-
-                return Container::getInstance()->make(DatabaseRepositoryInterface::class)->findFirstWhere([
-                    ['id', '=', $id],
-                ]);
-            } catch (RecordNotFoundException $exception) {
-                $request->attributes->set('is_missing_model', true);
+            $id = Container::getInstance()->make(HashidsInterface::class)->decodeFirst($value);
 
-                return null;
-            }
+            return Database::query()->where('id', $id)->firstOrFail();
         });
 
         $this->router->model('backup', Backup::class, function ($value) {
diff --git a/app/Http/Requests/Api/Client/Servers/Network/DeleteAllocationRequest.php b/app/Http/Requests/Api/Client/Servers/Network/DeleteAllocationRequest.php
@@ -0,0 +1,17 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Client\Servers\Network;
+
+use Pterodactyl\Models\Permission;
+use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
+
+class DeleteAllocationRequest extends ClientApiRequest
+{
+    /**
+     * @return string
+     */
+    public function permission(): string
+    {
+        return Permission::ACTION_ALLOCATION_DELETE;
+    }
+}
diff --git a/app/Http/Requests/Api/Client/Servers/Network/SetPrimaryAllocationRequest.php b/app/Http/Requests/Api/Client/Servers/Network/SetPrimaryAllocationRequest.php
@@ -2,27 +2,13 @@
 
 namespace Pterodactyl\Http\Requests\Api\Client\Servers\Network;
 
-use Pterodactyl\Models\Permission;
-use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
-
-class SetPrimaryAllocationRequest extends ClientApiRequest
+class SetPrimaryAllocationRequest extends UpdateAllocationRequest
 {
-    /**
-     * @return string
-     */
-    public function permission(): string
-    {
-        return Permission::ACTION_ALLOCIATION_UPDATE;
-    }
-
     /**
      * @return array
      */
     public function rules(): array
     {
-        return [
-            'ip' => 'required|string',
-            'port' => 'required|numeric|min:1024|max:65535',
-        ];
+        return [];
     }
 }
diff --git a/app/Http/Requests/Api/Client/Servers/Network/UpdateAllocationRequest.php b/app/Http/Requests/Api/Client/Servers/Network/UpdateAllocationRequest.php
@@ -0,0 +1,28 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Client\Servers\Network;
+
+use Pterodactyl\Models\Allocation;
+use Pterodactyl\Models\Permission;
+use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
+
+class UpdateAllocationRequest extends ClientApiRequest
+{
+    /**
+     * @return string
+     */
+    public function permission(): string
+    {
+        return Permission::ACTION_ALLOCATION_UPDATE;
+    }
+
+    /**
+     * @return array
+     */
+    public function rules(): array
+    {
+        return [
+            'notes' => Allocation::$validationRules['notes'],
+        ];
+    }
+}
diff --git a/app/Models/Allocation.php b/app/Models/Allocation.php
@@ -9,6 +9,7 @@
  * @property string|null $ip_alias
  * @property int $port
  * @property int|null $server_id
+ * @property string|null $notes
  * @property \Carbon\Carbon|null $created_at
  * @property \Carbon\Carbon|null $updated_at
  *
@@ -60,6 +61,7 @@ class Allocation extends Model
         'port' => 'required|numeric|between:1024,65553',
         'ip_alias' => 'nullable|string',
         'server_id' => 'nullable|exists:servers,id',
+        'notes' => 'nullable|string|max:256',
     ];
 
     /**
diff --git a/app/Models/Permission.php b/app/Models/Permission.php
@@ -44,7 +44,9 @@ class Permission extends Model
     const ACTION_BACKUP_DOWNLOAD = 'backup.download';
 
     const ACTION_ALLOCATION_READ = 'allocation.read';
-    const ACTION_ALLOCIATION_UPDATE = 'allocation.update';
+    const ACTION_ALLOCATION_CREATE = 'allocation.create';
+    const ACTION_ALLOCATION_UPDATE = 'allocation.update';
+    const ACTION_ALLOCATION_DELETE = 'allocation.delete';
 
     const ACTION_FILE_READ = 'file.read';
     const ACTION_FILE_CREATE = 'file.create';
@@ -157,7 +159,9 @@ class Permission extends Model
             'description' => 'Permissions that control a user\'s ability to modify the port allocations for this server.',
             'keys' => [
                 'read' => 'Allows a user to view the allocations assigned to this server.',
-                'update' => 'Allows a user to modify the allocations assigned to this server.',
+                'create' => 'Allows a user to assign additional allocations to the server.',
+                'update' => 'Allows a user to change the primary server allocation and attach notes to each allocation.',
+                'delete' => 'Allows a user to delete an allocation from the server.',
             ],
         ],
 
diff --git a/app/Transformers/Api/Application/AllocationTransformer.php b/app/Transformers/Api/Application/AllocationTransformer.php
@@ -39,6 +39,7 @@ public function transform(Allocation $allocation)
             'ip' => $allocation->ip,
             'alias' => $allocation->ip_alias,
             'port' => $allocation->port,
+            'notes' => $allocation->notes,
             'assigned' => ! is_null($allocation->server_id),
         ];
     }
diff --git a/app/Transformers/Api/Client/AllocationTransformer.php b/app/Transformers/Api/Client/AllocationTransformer.php
@@ -25,9 +25,11 @@ public function getResourceName(): string
     public function transform(Allocation $model)
     {
         return [
+            'id' => $model->id,
             'ip' => $model->ip,
             'ip_alias' => $model->ip_alias,
             'port' => $model->port,
+            'notes' => $model->notes,
             'is_default' => $model->server->allocation_id === $model->id,
         ];
     }
diff --git a/database/migrations/2020_07_09_201845_add_notes_column_for_allocations.php b/database/migrations/2020_07_09_201845_add_notes_column_for_allocations.php
@@ -0,0 +1,32 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class AddNotesColumnForAllocations extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('allocations', function (Blueprint $table) {
+            $table->string('notes')->nullable()->after('server_id');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('allocations', function (Blueprint $table) {
+            $table->dropColumn('notes');
+        });
+    }
+}
diff --git a/resources/scripts/api/server/getServer.ts b/resources/scripts/api/server/getServer.ts
@@ -2,9 +2,11 @@ import http, { FractalResponseData, FractalResponseList } from '@/api/http';
 import { rawDataToServerAllocation } from '@/api/transformers';
 
 export interface Allocation {
+    id: number;
     ip: string;
     alias: string | null;
     port: number;
+    notes: string | null;
     isDefault: boolean;
 }
 
diff --git a/resources/scripts/api/server/network/deleteServerAllocation.ts b/resources/scripts/api/server/network/deleteServerAllocation.ts
@@ -0,0 +1,4 @@
+import { Allocation } from '@/api/server/getServer';
+import http from '@/api/http';
+
+export default async (uuid: string, id: number): Promise<Allocation> => await http.delete(`/api/client/servers/${uuid}/network/allocations/${id}`);
diff --git a/resources/scripts/api/server/network/getServerAllocations.ts b/resources/scripts/api/server/network/getServerAllocations.ts
@@ -3,7 +3,7 @@ import { rawDataToServerAllocation } from '@/api/transformers';
 import { Allocation } from '@/api/server/getServer';
 
 export default async (uuid: string): Promise<Allocation[]> => {
-    const { data } = await http.get(`/api/client/servers/${uuid}/network`);
+    const { data } = await http.get(`/api/client/servers/${uuid}/network/allocations`);
 
     return (data.data || []).map(rawDataToServerAllocation);
 };
diff --git a/resources/scripts/api/server/network/setPrimaryServerAllocation.ts b/resources/scripts/api/server/network/setPrimaryServerAllocation.ts
@@ -2,8 +2,8 @@ import { Allocation } from '@/api/server/getServer';
 import http from '@/api/http';
 import { rawDataToServerAllocation } from '@/api/transformers';
 
-export default async (uuid: string, ip: string, port: number): Promise<Allocation> => {
-    const { data } = await http.put(`/api/client/servers/${uuid}/network/primary`, { ip, port });
+export default async (uuid: string, id: number): Promise<Allocation> => {
+    const { data } = await http.post(`/api/client/servers/${uuid}/network/allocations/${id}/primary`);
 
     return rawDataToServerAllocation(data);
 };
diff --git a/resources/scripts/api/server/network/setServerAllocationNotes.ts b/resources/scripts/api/server/network/setServerAllocationNotes.ts
@@ -0,0 +1,9 @@
+import { Allocation } from '@/api/server/getServer';
+import http from '@/api/http';
+import { rawDataToServerAllocation } from '@/api/transformers';
+
+export default async (uuid: string, id: number, notes: string | null): Promise<Allocation> => {
+    const { data } = await http.post(`/api/client/servers/${uuid}/network/allocations/${id}`, { notes });
+
+    return rawDataToServerAllocation(data);
+};
diff --git a/resources/scripts/api/transformers.ts b/resources/scripts/api/transformers.ts
diff --git a/resources/scripts/components/server/network/NetworkContainer.tsx b/resources/scripts/components/server/network/NetworkContainer.tsx
diff --git a/routes/api-client.php b/routes/api-client.php

Original file line number	Diff line number	Diff line change
`@@ -39,6 +39,7 @@ public function transform(Allocation $allocation)`
`39`	`39`	`'ip' => $allocation->ip,`
`40`	`40`	`'alias' => $allocation->ip_alias,`
`41`	`41`	`'port' => $allocation->port,`
	`42`	`+ 'notes' => $allocation->notes,`
`42`	`43`	`'assigned' => ! is_null($allocation->server_id),`
`43`	`44`	`];`
`44`	`45`	`}`
Original file line number	Diff line number	Diff line change
`@@ -25,9 +25,11 @@ public function getResourceName(): string`
`25`	`25`	`public function transform(Allocation $model)`
`26`	`26`	`{`
`27`	`27`	`return [`
	`28`	`+ 'id' => $model->id,`
`28`	`29`	`'ip' => $model->ip,`
`29`	`30`	`'ip_alias' => $model->ip_alias,`
`30`	`31`	`'port' => $model->port,`
	`32`	`+ 'notes' => $model->notes,`
`31`	`33`	`'is_default' => $model->server->allocation_id === $model->id,`
`32`	`34`	`];`
`33`	`35`	`}`