Merge branch 'dane/restore-backups' into develop

Author: DaneEveritt

.github/workflows/tests.yml

@@ -51,7 +51,7 @@ jobs:
       - name: install dependencies
         run: composer install --prefer-dist --no-interaction --no-progress
       - name: run cs-fixer
-        run: vendor/bin/php-cs-fixer fix --dry-run --diff --diff-format=udiff --rules=psr_autoloading
+        run: vendor/bin/php-cs-fixer fix --dry-run --diff --diff-format=udiff --config .php_cs.dist
         continue-on-error: true
       - name: execute unit tests
         run: vendor/bin/phpunit --bootstrap bootstrap/app.php tests/Unit

app/Exceptions/Http/Connection/DaemonConnectionException.php

@@ -2,8 +2,8 @@
 
 namespace Pterodactyl\Exceptions\Http\Connection;
 
-use Illuminate\Support\Arr;
 use Illuminate\Http\Response;
+use Illuminate\Support\Facades\Log;
 use GuzzleHttp\Exception\GuzzleException;
 use Pterodactyl\Exceptions\DisplayException;
 
@@ -17,30 +17,40 @@ class DaemonConnectionException extends DisplayException
      */
     private $statusCode = Response::HTTP_GATEWAY_TIMEOUT;
 
+    /**
+     * Every request to the Wings instance will return a unique X-Request-Id header
+     * which allows for all errors to be efficiently tied to a specific request that
+     * triggered them, and gives users a more direct method of informing hosts when
+     * something goes wrong.
+     *
+     * @var string|null
+     */
+    private $requestId;
+
     /**
      * Throw a displayable exception caused by a daemon connection error.
      */
     public function __construct(GuzzleException $previous, bool $useStatusCode = true)
     {
         /** @var \GuzzleHttp\Psr7\Response|null $response */
         $response = method_exists($previous, 'getResponse') ? $previous->getResponse() : null;
+        $this->requestId = $response ? $response->getHeaderLine('X-Request-Id') : null;
 
         if ($useStatusCode) {
             $this->statusCode = is_null($response) ? $this->statusCode : $response->getStatusCode();
         }
 
-        $message = trans('admin/server.exceptions.daemon_exception', [
-            'code' => is_null($response) ? 'E_CONN_REFUSED' : $response->getStatusCode(),
-        ]);
+        if (is_null($response)) {
+            $message = 'Could not establish a connection to the machine running this server. Please try again.';
+        } else {
+            $message = sprintf('There was an error while communicating with the machine running this server. This error has been logged, please try again. (code: %s) (request_id: %s)', $response->getStatusCode(), $this->requestId ?? '<nil>');
+        }
 
         // Attempt to pull the actual error message off the response and return that if it is not
         // a 500 level error.
         if ($this->statusCode < 500 && !is_null($response)) {
-            $body = $response->getBody();
-            if (is_string($body) || (is_object($body) && method_exists($body, '__toString'))) {
-                $body = json_decode(is_string($body) ? $body : $body->__toString(), true);
-                $message = '[Wings Error]: ' . Arr::get($body, 'error', $message);
-            }
+            $body = json_decode($response->getBody()->__toString(), true);
+            $message = sprintf('An error occurred on the remote host: %s. (request id: %s)', $body['error'] ?? $message, $this->requestId ?? '<nil>');
         }
 
         $level = $this->statusCode >= 500 && $this->statusCode !== 504
@@ -50,6 +60,19 @@ public function __construct(GuzzleException $previous, bool $useStatusCode = tru
         parent::__construct($message, $previous, $level);
     }
 
+    /**
+     * Override the default reporting method for DisplayException by just logging immediately
+     * here and including the specific X-Request-Id header that was returned by the call.
+     *
+     * @return void
+     */
+    public function report()
+    {
+        Log::{$this->getErrorLevel()}($this->getPrevious(), [
+            'request_id' => $this->requestId,
+        ]);
+    }
+
     /**
      * Return the HTTP status code for this exception.
      *
@@ -59,4 +82,12 @@ public function getStatusCode()
     {
         return $this->statusCode;
     }
+
+    /**
+     * @return string|null
+     */
+    public function getRequestId()
+    {
+        return $this->requestId;
+    }
 }

app/Exceptions/Http/Server/ServerStateConflictException.php

@@ -0,0 +1,30 @@
+<?php
+
+namespace Pterodactyl\Exceptions\Http\Server;
+
+use Throwable;
+use Pterodactyl\Models\Server;
+use Symfony\Component\HttpKernel\Exception\ConflictHttpException;
+
+class ServerStateConflictException extends ConflictHttpException
+{
+    /**
+     * Exception thrown when the server is in an unsupported state for API access or
+     * certain operations within the codebase.
+     */
+    public function __construct(Server $server, Throwable $previous = null)
+    {
+        $message = 'This server is currently in an unsupported state, please try again later.';
+        if ($server->isSuspended()) {
+            $message = 'This server is currently suspended and the functionality requested is unavailable.';
+        } elseif (!$server->isInstalled()) {
+            $message = 'This server has not yet completed its installation process, please try again later.';
+        } elseif ($server->status === Server::STATUS_RESTORING_BACKUP) {
+            $message = 'This server is currently restoring from a backup, please try again later.';
+        } elseif (!is_null($server->transfer)) {
+            $message = 'This server is currently being transferred to a new machine, please try again later.';
+        }
+
+        parent::__construct($message, $previous);
+    }
+}

app/Exceptions/Http/Server/ServerTransferringException.php

@@ -184,7 +184,7 @@ public function mounts(Request $request, Server $server)
      */
     public function manage(Request $request, Server $server)
     {
-        if ($server->installed > 1) {
+        if ($server->status === Server::STATUS_INSTALL_FAILED) {
             throw new DisplayException('This server is in a failed install state and cannot be recovered. Please delete and re-create the server.');
         }
 

app/Http/Controllers/Admin/Servers/ServerViewController.php

@@ -203,12 +203,12 @@ public function setDetails(Request $request, Server $server)
      */
     public function toggleInstall(Server $server)
     {
-        if ($server->installed > 1) {
+        if ($server->status === Server::STATUS_INSTALL_FAILED) {
             throw new DisplayException(trans('admin/server.exceptions.marked_as_failed'));
         }
 
         $this->repository->update($server->id, [
-            'installed' => !$server->installed,
+            'status' => $server->isInstalled() ? Server::STATUS_INSTALLING : null,
         ], true, true);
 
         $this->alert->success(trans('admin/server.alerts.install_toggled'))->flash();

app/Http/Controllers/Admin/ServersController.php

@@ -2,17 +2,21 @@
 
 namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
 
+use Illuminate\Http\Request;
 use Pterodactyl\Models\Backup;
 use Pterodactyl\Models\Server;
+use Pterodactyl\Models\AuditLog;
 use Illuminate\Http\JsonResponse;
+use Pterodactyl\Models\Permission;
+use Illuminate\Validation\UnauthorizedException;
 use Pterodactyl\Services\Backups\DeleteBackupService;
-use Pterodactyl\Repositories\Eloquent\BackupRepository;
+use Pterodactyl\Services\Backups\DownloadLinkService;
 use Pterodactyl\Services\Backups\InitiateBackupService;
+use Pterodactyl\Repositories\Wings\DaemonBackupRepository;
 use Pterodactyl\Transformers\Api\Client\BackupTransformer;
 use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
-use Pterodactyl\Http\Requests\Api\Client\Servers\Backups\GetBackupsRequest;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 use Pterodactyl\Http\Requests\Api\Client\Servers\Backups\StoreBackupRequest;
-use Pterodactyl\Http\Requests\Api\Client\Servers\Backups\DeleteBackupRequest;
 
 class BackupController extends ClientApiController
 {
@@ -27,33 +31,45 @@ class BackupController extends ClientApiController
     private $deleteBackupService;
 
     /**
-     * @var \Pterodactyl\Repositories\Eloquent\BackupRepository
+     * @var \Pterodactyl\Services\Backups\DownloadLinkService
+     */
+    private $downloadLinkService;
+
+    /**
+     * @var \Pterodactyl\Repositories\Wings\DaemonBackupRepository
      */
     private $repository;
 
     /**
      * BackupController constructor.
      */
     public function __construct(
-        BackupRepository $repository,
+        DaemonBackupRepository $repository,
         DeleteBackupService $deleteBackupService,
-        InitiateBackupService $initiateBackupService
+        InitiateBackupService $initiateBackupService,
+        DownloadLinkService $downloadLinkService
     ) {
         parent::__construct();
 
+        $this->repository = $repository;
         $this->initiateBackupService = $initiateBackupService;
         $this->deleteBackupService = $deleteBackupService;
-        $this->repository = $repository;
+        $this->downloadLinkService = $downloadLinkService;
     }
 
     /**
      * Returns all of the backups for a given server instance in a paginated
      * result set.
      *
-     * @return array
+     * @throws \Spatie\Fractalistic\Exceptions\InvalidTransformation
+     * @throws \Spatie\Fractalistic\Exceptions\NoTransformerSpecified
      */
-    public function index(GetBackupsRequest $request, Server $server)
+    public function index(Request $request, Server $server): array
     {
+        if (!$request->user()->can(Permission::ACTION_BACKUP_READ, $server)) {
+            throw new UnauthorizedException();
+        }
+
         $limit = min($request->query('per_page') ?? 20, 50);
 
         return $this->fractal->collection($server->backups()->paginate($limit))
@@ -64,17 +80,24 @@ public function index(GetBackupsRequest $request, Server $server)
     /**
      * Starts the backup process for a server.
      *
-     * @return array
-     *
-     * @throws \Exception|\Throwable
+     * @throws \Spatie\Fractalistic\Exceptions\InvalidTransformation
+     * @throws \Spatie\Fractalistic\Exceptions\NoTransformerSpecified
+     * @throws \Throwable
      */
-    public function store(StoreBackupRequest $request, Server $server)
+    public function store(StoreBackupRequest $request, Server $server): array
     {
-        $backup = $this->initiateBackupService
-            ->setIgnoredFiles(
-                explode(PHP_EOL, $request->input('ignored') ?? '')
-            )
-            ->handle($server, $request->input('name'));
+        /** @var \Pterodactyl\Models\Backup $backup */
+        $backup = $server->audit(AuditLog::SERVER__BACKUP_STARTED, function (AuditLog $model, Server $server) use ($request) {
+            $backup = $this->initiateBackupService
+                ->setIgnoredFiles(
+                    explode(PHP_EOL, $request->input('ignored') ?? '')
+                )
+                ->handle($server, $request->input('name'));
+
+            $model->metadata = ['backup_uuid' => $backup->uuid];
+
+            return $backup;
+        });
 
         return $this->fractal->item($backup)
             ->transformWith($this->getTransformer(BackupTransformer::class))
@@ -84,10 +107,15 @@ public function store(StoreBackupRequest $request, Server $server)
     /**
      * Returns information about a single backup.
      *
-     * @return array
+     * @throws \Spatie\Fractalistic\Exceptions\InvalidTransformation
+     * @throws \Spatie\Fractalistic\Exceptions\NoTransformerSpecified
      */
-    public function view(GetBackupsRequest $request, Server $server, Backup $backup)
+    public function view(Request $request, Server $server, Backup $backup): array
     {
+        if (!$request->user()->can(Permission::ACTION_BACKUP_READ, $server)) {
+            throw new UnauthorizedException();
+        }
+
         return $this->fractal->item($backup)
             ->transformWith($this->getTransformer(BackupTransformer::class))
             ->toArray();
@@ -97,14 +125,89 @@ public function view(GetBackupsRequest $request, Server $server, Backup $backup)
      * Deletes a backup from the panel as well as the remote source where it is currently
      * being stored.
      *
-     * @return \Illuminate\Http\JsonResponse
+     * @throws \Throwable
+     */
+    public function delete(Request $request, Server $server, Backup $backup): JsonResponse
+    {
+        if (!$request->user()->can(Permission::ACTION_BACKUP_DELETE, $server)) {
+            throw new UnauthorizedException();
+        }
+
+        $server->audit(AuditLog::SERVER__BACKUP_DELETED, function (AuditLog $audit) use ($backup) {
+            $audit->metadata = ['backup_uuid' => $backup->uuid];
+
+            $this->deleteBackupService->handle($backup);
+        });
+
+        return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
+    }
+
+    /**
+     * Download the backup for a given server instance. For daemon local files, the file
+     * will be streamed back through the Panel. For AWS S3 files, a signed URL will be generated
+     * which the user is redirected to.
+     */
+    public function download(Request $request, Server $server, Backup $backup): JsonResponse
+    {
+        if (!$request->user()->can(Permission::ACTION_BACKUP_DOWNLOAD, $server)) {
+            throw new UnauthorizedException();
+        }
+
+        switch ($backup->disk) {
+            case Backup::ADAPTER_WINGS:
+            case Backup::ADAPTER_AWS_S3:
+                return new JsonResponse([
+                    'object' => 'signed_url',
+                    'attributes' => ['url' => ''],
+                ]);
+            default:
+                throw new BadRequestHttpException();
+        }
+    }
+
+    /**
+     * Handles restoring a backup by making a request to the Wings instance telling it
+     * to begin the process of finding (or downloading) the backup and unpacking it
+     * over the server files.
+     *
+     * If the "truncate" flag is passed through in this request then all of the
+     * files that currently exist on the server will be deleted before restoring.
+     * Otherwise the archive will simply be unpacked over the existing files.
      *
      * @throws \Throwable
      */
-    public function delete(DeleteBackupRequest $request, Server $server, Backup $backup)
+    public function restore(Request $request, Server $server, Backup $backup): JsonResponse
     {
-        $this->deleteBackupService->handle($backup);
+        if (!$request->user()->can(Permission::ACTION_BACKUP_RESTORE, $server)) {
+            throw new UnauthorizedException();
+        }
+
+        // Cannot restore a backup unless a server is fully installed and not currently
+        // processing a different backup restoration request.
+        if (!is_null($server->status)) {
+            throw new BadRequestHttpException('This server is not currently in a state that allows for a backup to be restored.');
+        }
+
+        if (!$backup->is_successful && !$backup->completed_at) {
+            throw new BadRequestHttpException('This backup cannot be restored at this time: not completed or failed.');
+        }
+
+        $server->audit(AuditLog::SERVER__BACKUP_RESTORE_STARTED, function (AuditLog $audit, Server $server) use ($backup, $request) {
+            $audit->metadata = ['backup_uuid' => $backup->uuid];
+
+            // If the backup is for an S3 file we need to generate a unique Download link for
+            // it that will allow Wings to actually access the file.
+            if ($backup->disk === Backup::ADAPTER_AWS_S3) {
+                $url = $this->downloadLinkService->handle($backup, $request->user());
+            }
+
+            // Update the status right away for the server so that we know not to allow certain
+            // actions against it via the Panel API.
+            $server->update(['status' => Server::STATUS_RESTORING_BACKUP]);
+
+            $this->repository->setServer($server)->restore($backup, $url ?? null, $request->input('truncate') === 'true');
+        });
 
-        return JsonResponse::create([], JsonResponse::HTTP_NO_CONTENT);
+        return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
     }
 }