Model fixing, moving things around to improve code.

Adds unique UUID generator, moves functions into repositories for
adding servers and users, cleans up code, adding more comments.

Author: DaneEveritt

app/Http/Controllers/Admin/AccountsController.php

@@ -3,11 +3,9 @@
 namespace Pterodactyl\Http\Controllers\Admin;
 
 use Alert;
-use Debugbar;
-use Hash;
-use Uuid;
-
 use Pterodactyl\Models\User;
+use Pterodactyl\Repositories\UserRepository;
+
 use Pterodactyl\Http\Controllers\Controller;
 use Illuminate\Http\Request;
 
@@ -52,18 +50,19 @@ public function postNew(Request $request)
             'password_confirmation' => 'required'
         ]);
 
-        //@TODO: re-generate UUID if conflict
-        $user = new User;
-        $user->uuid = Uuid::generate(4);
+        try {
+
+            $user = new UserRepository;
+            $userid = $user->create($request->input('username'), $request->input('email'), $request->input('password'));
 
-        $user->username = $request->input('username');
-        $user->email = $request->input('email');
-        $user->password = Hash::make($request->input('password'));
+            Alert::success('Account has been successfully created.')->flash();
+            return redirect()->route('admin.accounts.view', ['id' => $userid]);
 
-        $user->save();
+        } catch (\Exception $e) {
+            Alert::danger('An error occured while attempting to add a new user. Please check the logs or try again.')->flash();
+            return redirect()->route('admin.accounts.new');
+        }
 
-        Alert::success('Account has been successfully created.')->flash();
-        return redirect()->route('admin.accounts.view', ['id' => $user->id]);
     }
 
 }

app/Http/Controllers/Admin/ServersController.php

@@ -3,6 +3,7 @@
 namespace Pterodactyl\Http\Controllers\Admin;
 
 use Debugbar;
+use Pterodactyl\Repositories\ServerRepository;
 use Pterodactyl\Models\Server;
 use Pterodactyl\Models\Node;
 use Pterodactyl\Models\Location;
@@ -56,7 +57,8 @@ public function postNewServer(Request $request)
     {
 
         try {
-            $resp = Server::addServer($request->all());
+            $server = new ServerRepository;
+            $resp = $server->create($request->all());
             echo $resp . '<br />';
         } catch (\Exception $e) {
             Debugbar::addException($e);

app/Http/Controllers/Base/IndexController.php

@@ -3,14 +3,12 @@
 namespace Pterodactyl\Http\Controllers\Base;
 
 use Auth;
-use Debugbar;
+use Hash;
 use Google2FA;
-use Log;
 use Alert;
-use Pterodactyl\Exceptions\AccountNotFoundException;
-use Pterodactyl\Exceptions\DisplayException;
-use Pterodactyl\Models\User;
+
 use Pterodactyl\Models\Server;
+use Pterodactyl\Exceptions\DisplayException;
 
 use Pterodactyl\Http\Controllers\Controller;
 use Illuminate\Http\Request;
@@ -74,22 +72,18 @@ public function getAccountTotp(Request $request)
     public function putAccountTotp(Request $request)
     {
 
-        try {
-            $totpSecret = User::setTotpSecret(Auth::user()->id);
-        } catch (\Exception $e) {
-            if ($e instanceof AccountNotFoundException) {
-                return response($e->getMessage(), 500);
-            }
-            throw $e;
-        }
+        $user = $request->user();
+
+        $user->totp_secret = Google2FA::generateSecretKey();
+        $user->save();
 
         return response()->json([
             'qrImage' => Google2FA::getQRCodeGoogleUrl(
                 'Pterodactyl',
-                Auth::user()->email,
-                $totpSecret
+                $user->email,
+                $user->totp_secret
             ),
-            'secret' => $totpSecret
+            'secret' => $user->totp_secret
         ]);
 
     }
@@ -104,21 +98,16 @@ public function postAccountTotp(Request $request)
     {
 
         if (!$request->has('token')) {
-            return response('No input \'token\' defined.', 500);
+            return response(null, 500);
         }
 
-        try {
-            if(User::toggleTotp(Auth::user()->id, $request->input('token'))) {
-                return response('true');
-            }
-            return response('false');
-        } catch (\Exception $e) {
-            if ($e instanceof AccountNotFoundException) {
-                return response($e->getMessage(), 500);
-            }
-            throw $e;
+        $user = $request->user();
+        if($user->toggleTotp($request->input('token'))) {
+            return response('true');
         }
 
+        return response('false');
+
     }
 
     /**
@@ -135,21 +124,14 @@ public function deleteAccountTotp(Request $request)
             return redirect()->route('account.totp');
         }
 
-        try {
-            if(User::toggleTotp(Auth::user()->id, $request->input('token'))) {
-                return redirect()->route('account.totp');
-            }
-
-            Alert::danger('Unable to disable TOTP on this account, was the token correct?')->flash();
+        $user = $request->user();
+        if($user->toggleTotp($request->input('token'))) {
             return redirect()->route('account.totp');
-        } catch (\Exception $e) {
-            if ($e instanceof AccountNotFoundException) {
-                Alert::danger('An error occured while attempting to perform this action.')->flash();
-                return redirect()->route('account.totp');
-            }
-            throw $e;
         }
 
+        Alert::danger('The TOTP token provided was invalid.')->flash();
+        return redirect()->route('account.totp');
+
     }
 
     /**
@@ -177,23 +159,19 @@ public function postAccountEmail(Request $request)
             'password' => 'required'
         ]);
 
-        if (!password_verify($request->input('password'), Auth::user()->password)) {
+        $user = $request->user();
+
+        if (!password_verify($request->input('password'), $user->password)) {
             Alert::danger('The password provided was not valid for this account.')->flash();
             return redirect()->route('account');
         }
 
-        // Met Validation, lets roll out.
-        try {
-            User::setEmail(Auth::user()->id, $request->input('new_email'));
-            Alert::success('Your email address has successfully been updated.')->flash();
-            return redirect()->route('account');
-        } catch (\Exception $e) {
-            if ($e instanceof AccountNotFoundException || $e instanceof DisplayException) {
-                Alert::danger($e->getMessage())->flash();
-                return redirect()->route('account');
-            }
-            throw $e;
-        }
+        $user->email = $request->input('new_email');
+        $user->save();
+
+        Alert::success('Your email address has successfully been updated.')->flash();
+        return redirect()->route('account');
+
     }
 
     /**
@@ -211,24 +189,22 @@ public function postAccountPassword(Request $request)
             'new_password_confirmation' => 'required'
         ]);
 
-        if (!password_verify($request->input('current_password'), Auth::user()->password)) {
+        $user = $request->user();
+
+        if (!password_verify($request->input('current_password'), $user->password)) {
             Alert::danger('The password provided was not valid for this account.')->flash();
             return redirect()->route('account');
         }
 
-        // Met Validation, lets roll out.
         try {
-            User::setPassword(Auth::user()->id, $request->input('new_password'));
+            $user->setPassword($request->input('new_password'));
             Alert::success('Your password has successfully been updated.')->flash();
-            return redirect()->route('account');
-        } catch (\Exception $e) {
-            if ($e instanceof AccountNotFoundException || $e instanceof DisplayException) {
-                Alert::danger($e->getMessage())->flash();
-                return redirect()->route('account');
-            }
-            throw $e;
+        } catch (DisplayException $e) {
+            Alert::danger($e->getMessage())->flash();
         }
 
+        return redirect()->route('account');
+
     }
 
 }

app/Models/Server.php

@@ -3,16 +3,8 @@
 namespace Pterodactyl\Models;
 
 use Auth;
-use DB;
-use Debugbar;
-use Validator;
-
-use Pterodactyl\Exceptions\DisplayException;
-use Pterodactyl\Exceptions\AccountNotFoundException;
-use Pterodactyl\Exceptions\DisplayValidationException;
-
-use Pterodactyl\Models;
 
+use Pterodactyl\Models\Subuser;
 use Illuminate\Database\Eloquent\Model;
 
 class Server extends Model
@@ -50,18 +42,6 @@ public function __construct()
         self::$user = Auth::user();
     }
 
-    protected static function generateSFTPUsername($name)
-    {
-
-        $name = preg_replace('/\s+/', '', $name);
-        if (strlen($name) > 6) {
-            return strtolower('ptdl-' . substr($name, 0, 6) . '_' . str_random(5));
-        }
-
-        return strtolower('ptdl-' . $name . '_' . str_random((11 - strlen($name))));
-
-    }
-
     /**
      * Determine if we need to change the server's daemonSecret value to
      * match that of the user if they are a subuser.
@@ -76,7 +56,7 @@ protected static function getUserDaemonSecret(Server $server)
             return $server->daemonSecret;
         }
 
-        $subuser = Models\Subuser::where('server_id', $server->id)->where('user_id', self::$user->id)->first();
+        $subuser = Subuser::where('server_id', $server->id)->where('user_id', self::$user->id)->first();
 
         if (is_null($subuser)) {
             return null;
@@ -101,7 +81,7 @@ public static function getUserServers()
                     ->where('active', 1);
 
         if (self::$user->root_admin !== 1) {
-            $query->whereIn('servers.id', Models\Subuser::accessServers());
+            $query->whereIn('servers.id', Subuser::accessServers());
         }
 
         return $query->get();
@@ -124,7 +104,7 @@ public static function getByUUID($uuid)
         $query = self::where('uuidShort', $uuid)->where('active', 1);
 
         if (self::$user->root_admin !== 1) {
-            $query->whereIn('servers.id', Models\Subuser::accessServers());
+            $query->whereIn('servers.id', Subuser::accessServers());
         }
 
         $result = $query->first();
@@ -158,84 +138,4 @@ public static function getGuzzleHeaders($uuid)
 
     }
 
-    /**
-     * Adds a new server to the system.
-     * @param array  $data  An array of data descriptors for creating the server. These should align to the columns in the database.
-     */
-    public static function addServer(array $data)
-    {
-
-        // Validate Fields
-        $validator = Validator::make($data, [
-            'owner' => 'required|email|exists:users,email',
-            'node' => 'required|numeric|min:1|exists:nodes,id',
-            'name' => 'required|regex:([\w -]{4,35})',
-            'memory' => 'required|numeric|min:1',
-            'disk' => 'required|numeric|min:1',
-            'cpu' => 'required|numeric|min:0',
-            'io' => 'required|numeric|min:10|max:1000',
-            'ip' => 'required|ip',
-            'port' => 'required|numeric|min:1|max:65535',
-            'service' => 'required|numeric|min:1|exists:services,id',
-            'option' => 'required|numeric|min:1|exists:service_options,id',
-            'custom_image_name' => 'required_if:use_custom_image,on',
-        ]);
-
-        // Run validator, throw catchable and displayable exception if it fails.
-        // Exception includes a JSON result of failed validation rules.
-        if ($validator->fails()) {
-            throw new DisplayValidationException(json_encode($validator->errors()->all()));
-        }
-
-        // Get the User ID; user exists since we passed the 'exists:users,email' part of the validation
-        $user = Models\User::select('id')->where('email', $data['owner'])->first();
-
-        // Verify IP & Port are a.) free and b.) assigned to the node.
-        // We know the node exists because of 'exists:nodes,id' in the validation
-        $node = Models\Node::find($data['node']);
-        $allocation = Models\Allocation::where('ip', $data['ip'])->where('port', $data['port'])->where('node', $data['node'])->whereNull('assigned_to')->first();
-
-        // Something failed in the query, either that combo doesn't exist, or it is in use.
-        if (!$allocation) {
-            throw new DisplayException('The selected IP/Port combination (' . $data['ip'] . ':' . $data['port'] . ') is either already in use, or unavaliable for this node.');
-        }
-
-        // Validate those Service Option Variables
-        // We know the service and option exists because of the validation.
-        // We need to verify that the option exists for the service, and then check for
-        // any required variable fields. (fields are labeled env_<env_variable>)
-        $option = Models\ServiceOptions::where('id', $data['option'])->where('parent_service', $data['service'])->first();
-        if (!$option) {
-            throw new DisplayException('The requested service option does not exist for the specified service.');
-        }
-
-        // Check those Variables
-        $variables = Models\ServiceVariables::where('option_id', $data['option'])->get();
-        if ($variables) {
-            foreach($variables as $variable) {
-
-                // Is the variable required?
-                if (!$data['env_' . $variable->env_variable]) {
-                    if ($variable->required === 1) {
-                        throw new DisplayException('A required service option variable field (env_' . $variable->env_variable . ') was missing from the request.');
-                    }
-
-                    $data['env_' . $variable->env_variable] = $variable->default_value;
-                    continue;
-                }
-
-                // Check aganist Regex Pattern
-                if (!is_null($variable->regex) && !preg_match($variable->regex, $data['env_' . $variable->env_variable])) {
-                    throw new DisplayException('Failed to validate service option variable field (env_' . $variable->env_variable . ') aganist regex (' . $variable->regex . ').');
-                }
-
-                continue;
-
-            }
-        }
-
-        return self::generateSFTPUsername($data['name']);
-
-    }
-
 }