Add database password rotation to view

Author: DaneEveritt

app/Http/Controllers/Api/Client/Servers/DatabaseController.php

@@ -2,9 +2,11 @@
 
 namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
 
+use Illuminate\Support\Str;
 use Illuminate\Http\Response;
 use Pterodactyl\Models\Server;
 use Pterodactyl\Models\Database;
+use Pterodactyl\Services\Databases\DatabasePasswordService;
 use Pterodactyl\Transformers\Api\Client\DatabaseTransformer;
 use Pterodactyl\Services\Databases\DatabaseManagementService;
 use Pterodactyl\Services\Databases\DeployServerDatabaseService;
@@ -13,6 +15,7 @@
 use Pterodactyl\Http\Requests\Api\Client\Servers\Databases\GetDatabasesRequest;
 use Pterodactyl\Http\Requests\Api\Client\Servers\Databases\StoreDatabaseRequest;
 use Pterodactyl\Http\Requests\Api\Client\Servers\Databases\DeleteDatabaseRequest;
+use Pterodactyl\Http\Requests\Api\Client\Servers\Databases\RotatePasswordRequest;
 
 class DatabaseController extends ClientApiController
 {
@@ -31,15 +34,22 @@ class DatabaseController extends ClientApiController
      */
     private $managementService;
 
+    /**
+     * @var \Pterodactyl\Services\Databases\DatabasePasswordService
+     */
+    private $passwordService;
+
     /**
      * DatabaseController constructor.
      *
      * @param \Pterodactyl\Services\Databases\DatabaseManagementService     $managementService
+     * @param \Pterodactyl\Services\Databases\DatabasePasswordService       $passwordService
      * @param \Pterodactyl\Contracts\Repository\DatabaseRepositoryInterface $repository
      * @param \Pterodactyl\Services\Databases\DeployServerDatabaseService   $deployDatabaseService
      */
     public function __construct(
         DatabaseManagementService $managementService,
+        DatabasePasswordService $passwordService,
         DatabaseRepositoryInterface $repository,
         DeployServerDatabaseService $deployDatabaseService
     ) {
@@ -48,6 +58,7 @@ public function __construct(
         $this->deployDatabaseService = $deployDatabaseService;
         $this->repository = $repository;
         $this->managementService = $managementService;
+        $this->passwordService = $passwordService;
     }
 
     /**
@@ -81,6 +92,30 @@ public function store(StoreDatabaseRequest $request): array
             ->toArray();
     }
 
+    /**
+     * Rotates the password for the given server model and returns a fresh instance to
+     * the caller.
+     *
+     * @param \Pterodactyl\Http\Requests\Api\Client\Servers\Databases\RotatePasswordRequest $request
+     * @return array
+     *
+     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
+     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
+     */
+    public function rotatePassword(RotatePasswordRequest $request)
+    {
+        $database = $request->getModel(Database::class);
+
+        $this->passwordService->handle($database, Str::random(24));
+
+        $database->refresh();
+
+        return $this->fractal->item($database)
+            ->parseIncludes(['password'])
+            ->transformWith($this->getTransformer(DatabaseTransformer::class))
+            ->toArray();
+    }
+
     /**
      * @param \Pterodactyl\Http\Requests\Api\Client\Servers\Databases\DeleteDatabaseRequest $request
      * @return \Illuminate\Http\Response

app/Http/Requests/Api/Client/ClientApiRequest.php

@@ -6,6 +6,9 @@
 use Pterodactyl\Contracts\Http\ClientPermissionsRequest;
 use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;
 
+/**
+ * @method \Pterodactyl\Models\User user($guard = null)
+ */
 abstract class ClientApiRequest extends ApplicationApiRequest
 {
     /**

app/Http/Requests/Api/Client/Servers/Databases/RotatePasswordRequest.php

@@ -0,0 +1,19 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Client\Servers\Databases;
+
+use Pterodactyl\Models\Server;
+use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
+
+class RotatePasswordRequest extends ClientApiRequest
+{
+    /**
+     * Check that the user has permission to rotate the password.
+     *
+     * @return bool
+     */
+    public function authorize(): bool
+    {
+        return $this->user()->can('reset-db-password', $this->getModel(Server::class));
+    }
+}

app/Services/Databases/DatabasePasswordService.php

@@ -2,6 +2,7 @@
 
 namespace Pterodactyl\Services\Databases;
 
+use Webmozart\Assert\Assert;
 use Pterodactyl\Models\Database;
 use Illuminate\Database\ConnectionInterface;
 use Illuminate\Contracts\Encryption\Encrypter;
@@ -63,6 +64,8 @@ public function __construct(
     public function handle($database, string $password): bool
     {
         if (! $database instanceof Database) {
+            Assert::integerish($database);
+
             $database = $this->repository->find($database);
         }
 

resources/scripts/api/server/rotateDatabasePassword.ts

@@ -0,0 +1,10 @@
+import { rawDataToServerDatabase, ServerDatabase } from '@/api/server/getServerDatabases';
+import http from '@/api/http';
+
+export default (uuid: string, database: string): Promise<ServerDatabase> => {
+    return new Promise((resolve, reject) => {
+        http.post(`/api/client/servers/${uuid}/databases/${database}/rotate-password`)
+            .then((response) => resolve(rawDataToServerDatabase(response.data.attributes)))
+            .catch(reject);
+    });
+};

resources/scripts/components/elements/Button.tsx

@@ -0,0 +1,20 @@
+import React from 'react';
+import classNames from 'classnames';
+
+type Props = { isLoading?: boolean } & React.DetailedHTMLProps<React.ButtonHTMLAttributes<HTMLButtonElement>, HTMLButtonElement>;
+
+export default ({ isLoading, children, className, ...props }: Props) => (
+    <button
+        {...props}
+        className={classNames('btn btn-sm relative', className)}
+    >
+        {isLoading &&
+        <div className={'w-full flex absolute justify-center'} style={{ marginLeft: '-0.75rem' }}>
+            <div className={'spinner-circle spinner-white spinner-sm'}/>
+        </div>
+        }
+        <span className={isLoading ? 'text-transparent' : undefined}>
+            {children}
+        </span>
+    </button>
+);

resources/scripts/components/server/databases/DatabaseRow.tsx

@@ -15,19 +15,26 @@ import { ApplicationStore } from '@/state';
 import { ServerContext } from '@/state/server';
 import deleteServerDatabase from '@/api/server/deleteServerDatabase';
 import { httpErrorToHuman } from '@/api/http';
+import RotatePasswordButton from '@/components/server/databases/RotatePasswordButton';
 
 interface Props {
-    database: ServerDatabase;
+    databaseId: string | number;
     className?: string;
     onDelete: () => void;
 }
 
-export default ({ database, className, onDelete }: Props) => {
+export default ({ databaseId, className, onDelete }: Props) => {
     const [visible, setVisible] = useState(false);
+    const database = ServerContext.useStoreState(state => state.databases.items.find(item => item.id === databaseId));
+    const appendDatabase = ServerContext.useStoreActions(actions => actions.databases.appendDatabase);
     const [connectionVisible, setConnectionVisible] = useState(false);
     const { addFlash, clearFlashes } = useStoreActions((actions: Actions<ApplicationStore>) => actions.flashes);
     const server = ServerContext.useStoreState(state => state.server.data!);
 
+    if (!database) {
+        return null;
+    }
+
     const schema = object().shape({
         confirm: string()
             .required('The database name must be provided.')
@@ -104,6 +111,7 @@ export default ({ database, className, onDelete }: Props) => {
                 }
             </Formik>
             <Modal visible={connectionVisible} onDismissed={() => setConnectionVisible(false)}>
+                <FlashMessageRender byKey={'database-connection-modal'} className={'mb-6'}/>
                 <h3 className={'mb-6'}>Database connection details</h3>
                 <div>
                     <label className={'input-dark-label'}>Password</label>
@@ -119,6 +127,7 @@ export default ({ database, className, onDelete }: Props) => {
                     />
                 </div>
                 <div className={'mt-6 text-right'}>
+                    <RotatePasswordButton databaseId={database.id} onUpdate={appendDatabase}/>
                     <button className={'btn btn-sm btn-secondary'} onClick={() => setConnectionVisible(false)}>
                         Close
                     </button>

resources/scripts/components/server/databases/DatabasesContainer.tsx

@@ -12,12 +12,15 @@ import CreateDatabaseButton from '@/components/server/databases/CreateDatabaseBu
 
 export default () => {
     const [ loading, setLoading ] = useState(true);
-    const [ databases, setDatabases ] = useState<ServerDatabase[]>([]);
     const server = ServerContext.useStoreState(state => state.server.data!);
+    const databases = ServerContext.useStoreState(state => state.databases.items);
+    const { setDatabases, appendDatabase, removeDatabase } = ServerContext.useStoreActions(state => state.databases);
     const { addFlash, clearFlashes } = useStoreActions((actions: Actions<ApplicationStore>) => actions.flashes);
 
     useEffect(() => {
+        setLoading(!databases.length);
         clearFlashes('databases');
+
         getServerDatabases(server.uuid)
             .then(databases => {
                 setDatabases(databases);
@@ -43,8 +46,8 @@ export default () => {
                             databases.map((database, index) => (
                                 <DatabaseRow
                                     key={database.id}
-                                    database={database}
-                                    onDelete={() => setDatabases(s => [ ...s.filter(d => d.id !== database.id) ])}
+                                    databaseId={database.id}
+                                    onDelete={() => removeDatabase(database)}
                                     className={index > 0 ? 'mt-1' : undefined}
                                 />
                             ))
@@ -54,7 +57,7 @@ export default () => {
                             </p>
                         }
                         <div className={'mt-6 flex justify-end'}>
-                            <CreateDatabaseButton onCreated={database => setDatabases(s => [ ...s, database ])}/>
+                            <CreateDatabaseButton onCreated={appendDatabase}/>
                         </div>
                     </React.Fragment>
                 </CSSTransition>

resources/scripts/components/server/databases/RotatePasswordButton.tsx

@@ -0,0 +1,45 @@
+import React, { useState } from 'react';
+import rotateDatabasePassword from '@/api/server/rotateDatabasePassword';
+import { Actions, useStoreActions } from 'easy-peasy';
+import { ApplicationStore } from '@/state';
+import { ServerContext } from '@/state/server';
+import { ServerDatabase } from '@/api/server/getServerDatabases';
+import { httpErrorToHuman } from '@/api/http';
+import Button from '@/components/elements/Button';
+
+export default ({ databaseId, onUpdate }: {
+    databaseId: string;
+    onUpdate: (database: ServerDatabase) => void;
+}) => {
+    const [ loading, setLoading ] = useState(false);
+    const { addFlash, clearFlashes } = useStoreActions((actions: Actions<ApplicationStore>) => actions.flashes);
+    const server = ServerContext.useStoreState(state => state.server.data!);
+
+    if (!databaseId) {
+        return null;
+    }
+
+    const rotate = () => {
+        setLoading(true);
+        clearFlashes();
+
+        rotateDatabasePassword(server.uuid, databaseId)
+            .then(database => onUpdate(database))
+            .catch(error => {
+                console.error(error);
+                addFlash({
+                    type: 'error',
+                    title: 'Error',
+                    message: httpErrorToHuman(error),
+                    key: 'database-connection-modal',
+                });
+            })
+            .then(() => setLoading(false));
+    };
+
+    return (
+        <Button className={'btn-secondary mr-2'} onClick={rotate} isLoading={loading}>
+            Rotate Password
+        </Button>
+    );
+};

resources/scripts/state/server/index.ts

@@ -1,6 +1,7 @@
 import getServer, { Server } from '@/api/server/getServer';
 import { action, Action, createContextStore, thunk, Thunk } from 'easy-peasy';
 import socket, { SocketStore } from './socket';
+import { ServerDatabase } from '@/api/server/getServerDatabases';
 
 export type ServerStatus = 'offline' | 'starting' | 'stopping' | 'running';
 
@@ -32,8 +33,29 @@ const status: ServerStatusStore = {
     }),
 };
 
+interface ServerDatabaseStore {
+    items: ServerDatabase[];
+    setDatabases: Action<ServerDatabaseStore, ServerDatabase[]>;
+    appendDatabase: Action<ServerDatabaseStore, ServerDatabase>;
+    removeDatabase: Action<ServerDatabaseStore, ServerDatabase>;
+}
+
+const databases: ServerDatabaseStore = {
+    items: [],
+    setDatabases: action((state, payload) => {
+        state.items = payload;
+    }),
+    appendDatabase: action((state, payload) => {
+        state.items = state.items.filter(item => item.id !== payload.id).concat(payload);
+    }),
+    removeDatabase: action((state, payload) => {
+       state.items = state.items.filter(item => item.id !== payload.id);
+    }),
+};
+
 export interface ServerStore {
     server: ServerDataStore;
+    databases: ServerDatabaseStore;
     socket: SocketStore;
     status: ServerStatusStore;
     clearServerState: Action<ServerStore>;
@@ -43,8 +65,10 @@ export const ServerContext = createContextStore<ServerStore>({
     server,
     socket,
     status,
+    databases,
     clearServerState: action(state => {
         state.server.data = undefined;
+        state.databases.items = [];
 
         if (state.socket.instance) {
             state.socket.instance.removeAllListeners();