Add support for locking backups to prevent any accidental deletions

Author: DaneEveritt

app/Exceptions/Service/Backup/BackupLockedException.php

@@ -0,0 +1,16 @@
+<?php
+
+namespace Pterodactyl\Exceptions\Service\Backup;
+
+use Pterodactyl\Exceptions\DisplayException;
+
+class BackupLockedException extends DisplayException
+{
+    /**
+     * TooManyBackupsException constructor.
+     */
+    public function __construct()
+    {
+        parent::__construct('Cannot delete a backup that is marked as locked.');
+    }
+}

app/Http/Controllers/Api/Client/Servers/BackupController.php

@@ -61,8 +61,6 @@ public function __construct(
      * Returns all of the backups for a given server instance in a paginated
      * result set.
      *
-     * @throws \Spatie\Fractalistic\Exceptions\InvalidTransformation
-     * @throws \Spatie\Fractalistic\Exceptions\NoTransformerSpecified
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function index(Request $request, Server $server): array
@@ -89,11 +87,18 @@ public function store(StoreBackupRequest $request, Server $server): array
     {
         /** @var \Pterodactyl\Models\Backup $backup */
         $backup = $server->audit(AuditLog::SERVER__BACKUP_STARTED, function (AuditLog $model, Server $server) use ($request) {
-            $backup = $this->initiateBackupService
-                ->setIgnoredFiles(
-                    explode(PHP_EOL, $request->input('ignored') ?? '')
-                )
-                ->handle($server, $request->input('name'));
+            $action = $this->initiateBackupService
+                ->setIgnoredFiles(explode(PHP_EOL, $request->input('ignored') ?? ''));
+
+            // Only set the lock status if the user even has permission to delete backups,
+            // otherwise ignore this status. This gets a little funky since it isn't clear
+            // how best to allow a user to create a backup that is locked without also preventing
+            // them from just filling up a server with backups that can never be deleted?
+            if ($request->user()->can(Permission::ACTION_BACKUP_DELETE, $server)) {
+                $action->setIsLocked((bool) $request->input('is_locked'));
+            }
+
+            $backup = $action->handle($server, $request->input('name'));
 
             $model->metadata = ['backup_uuid' => $backup->uuid];
 
@@ -105,11 +110,35 @@ public function store(StoreBackupRequest $request, Server $server): array
             ->toArray();
     }
 
+    /**
+     * Toggles the lock status of a given backup for a server.
+     *
+     * @throws \Throwable
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function toggleLock(Request $request, Server $server, Backup $backup): array
+    {
+        if (!$request->user()->can(Permission::ACTION_BACKUP_DELETE, $server)) {
+            throw new AuthorizationException();
+        }
+
+        $action = $backup->is_locked ? AuditLog::SERVER__BACKUP_UNLOCKED : AuditLog::SERVER__BACKUP_LOCKED;
+        $server->audit($action, function (AuditLog $audit) use ($backup) {
+            $audit->metadata = ['backup_uuid' => $backup->uuid];
+
+            $backup->update(['is_locked' => !$backup->is_locked]);
+        });
+
+        $backup->refresh();
+
+        return $this->fractal->item($backup)
+            ->transformWith($this->getTransformer(BackupTransformer::class))
+            ->toArray();
+    }
+
     /**
      * Returns information about a single backup.
      *
-     * @throws \Spatie\Fractalistic\Exceptions\InvalidTransformation
-     * @throws \Spatie\Fractalistic\Exceptions\NoTransformerSpecified
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function view(Request $request, Server $server, Backup $backup): array

app/Http/Requests/Api/Client/Servers/Backups/StoreBackupRequest.php

@@ -19,6 +19,7 @@ public function rules(): array
     {
         return [
             'name' => 'nullable|string|max:191',
+            'is_locked' => 'nullable|boolean',
             'ignored' => 'nullable|string',
         ];
     }

app/Models/AuditLog.php

@@ -7,17 +7,17 @@
 use Illuminate\Container\Container;
 
 /**
- * @property int                             $id
- * @property string                          $uuid
- * @property bool                            $is_system
- * @property int|null                        $user_id
- * @property int|null                        $server_id
- * @property string                          $action
- * @property string|null                     $subaction
- * @property array                           $device
- * @property array                           $metadata
- * @property \Carbon\CarbonImmutable         $created_at
- * @property \Pterodactyl\Models\User|null   $user
+ * @property int $id
+ * @property string $uuid
+ * @property bool $is_system
+ * @property int|null $user_id
+ * @property int|null $server_id
+ * @property string $action
+ * @property string|null $subaction
+ * @property array $device
+ * @property array $metadata
+ * @property \Carbon\CarbonImmutable $created_at
+ * @property \Pterodactyl\Models\User|null $user
  * @property \Pterodactyl\Models\Server|null $server
  */
 class AuditLog extends Model
@@ -36,6 +36,8 @@ class AuditLog extends Model
     public const SERVER__BACKUP_COMPELTED = 'server:backup.completed';
     public const SERVER__BACKUP_DELETED = 'server:backup.deleted';
     public const SERVER__BACKUP_DOWNLOADED = 'server:backup.downloaded';
+    public const SERVER__BACKUP_LOCKED = 'server:backup.locked';
+    public const SERVER__BACKUP_UNLOCKED = 'server:backup.unlocked';
     public const SERVER__BACKUP_RESTORE_STARTED = 'server:backup.restore.started';
     public const SERVER__BACKUP_RESTORE_COMPLETED = 'server:backup.restore.completed';
     public const SERVER__BACKUP_RESTORE_FAILED = 'server:backup.restore.failed';

app/Models/Backup.php

@@ -9,6 +9,7 @@
  * @property int $server_id
  * @property string $uuid
  * @property bool $is_successful
+ * @property bool $is_locked
  * @property string $name
  * @property string[] $ignored_files
  * @property string $disk
@@ -46,6 +47,7 @@ class Backup extends Model
     protected $casts = [
         'id' => 'int',
         'is_successful' => 'bool',
+        'is_locked' => 'bool',
         'ignored_files' => 'array',
         'bytes' => 'int',
     ];
@@ -62,6 +64,7 @@ class Backup extends Model
      */
     protected $attributes = [
         'is_successful' => true,
+        'is_locked' => false,
         'checksum' => null,
         'bytes' => 0,
         'upload_id' => null,
@@ -79,6 +82,7 @@ class Backup extends Model
         'server_id' => 'bail|required|numeric|exists:servers,id',
         'uuid' => 'required|uuid',
         'is_successful' => 'boolean',
+        'is_locked' => 'boolean',
         'name' => 'required|string',
         'ignored_files' => 'array',
         'disk' => 'required|string',

app/Services/Backups/DeleteBackupService.php

@@ -9,6 +9,7 @@
 use Pterodactyl\Extensions\Backups\BackupManager;
 use Pterodactyl\Repositories\Eloquent\BackupRepository;
 use Pterodactyl\Repositories\Wings\DaemonBackupRepository;
+use Pterodactyl\Exceptions\Service\Backup\BackupLockedException;
 use Pterodactyl\Exceptions\Http\Connection\DaemonConnectionException;
 
 class DeleteBackupService
@@ -55,6 +56,10 @@ public function __construct(
      */
     public function handle(Backup $backup)
     {
+        if ($backup->is_locked) {
+            throw new BackupLockedException();
+        }
+
         if ($backup->disk === Backup::ADAPTER_AWS_S3) {
             $this->deleteFromS3($backup);
 

app/Services/Backups/InitiateBackupService.php

@@ -21,6 +21,11 @@ class InitiateBackupService
      */
     private $ignoredFiles;
 
+    /**
+     * @var bool
+     */
+    private $isLocked = false;
+
     /**
      * @var \Pterodactyl\Repositories\Eloquent\BackupRepository
      */
@@ -49,7 +54,11 @@ class InitiateBackupService
     /**
      * InitiateBackupService constructor.
      *
+     * @param \Pterodactyl\Repositories\Eloquent\BackupRepository $repository
+     * @param \Illuminate\Database\ConnectionInterface $connection
+     * @param \Pterodactyl\Repositories\Wings\DaemonBackupRepository $daemonBackupRepository
      * @param \Pterodactyl\Services\Backups\DeleteBackupService $deleteBackupService
+     * @param \Pterodactyl\Extensions\Backups\BackupManager $backupManager
      */
     public function __construct(
         BackupRepository $repository,
@@ -65,6 +74,19 @@ public function __construct(
         $this->deleteBackupService = $deleteBackupService;
     }
 
+    /**
+     * Set if the backup should be locked once it is created which will prevent
+     * its deletion by users or automated system processes.
+     *
+     * @return $this
+     */
+    public function setIsLocked(bool $isLocked): self
+    {
+        $this->isLocked = $isLocked;
+
+        return $this;
+    }
+
     /**
      * Sets the files to be ignored by this backup.
      *
@@ -91,7 +113,7 @@ public function setIgnoredFiles(?array $ignored)
     }
 
     /**
-     * Initiates the backup process for a server on the daemon.
+     * Initiates the backup process for a server on Wings.
      *
      * @throws \Throwable
      * @throws \Pterodactyl\Exceptions\Service\Backup\TooManyBackupsException
@@ -104,23 +126,30 @@ public function handle(Server $server, string $name = null, bool $override = fal
         if ($period > 0) {
             $previous = $this->repository->getBackupsGeneratedDuringTimespan($server->id, $period);
             if ($previous->count() >= $limit) {
-                throw new TooManyRequestsHttpException(CarbonImmutable::now()->diffInSeconds($previous->last()->created_at->addSeconds($period)), sprintf('Only %d backups may be generated within a %d second span of time.', $limit, $period));
+                $message = sprintf('Only %d backups may be generated within a %d second span of time.', $limit, $period);
+
+                throw new TooManyRequestsHttpException(CarbonImmutable::now()->diffInSeconds($previous->last()->created_at->addSeconds($period)), $message);
             }
         }
 
-        // Check if the server has reached or exceeded it's backup limit
-        if (!$server->backup_limit || $server->backups()->where('is_successful', true)->count() >= $server->backup_limit) {
+        // Check if the server has reached or exceeded it's backup limit.
+        $successful = $server->backups()->where('is_successful', true);
+        if (!$server->backup_limit || $successful->count() >= $server->backup_limit) {
             // Do not allow the user to continue if this server is already at its limit and can't override.
             if (!$override || $server->backup_limit <= 0) {
                 throw new TooManyBackupsException($server->backup_limit);
             }
 
-            // Get the oldest backup the server has.
-            /** @var \Pterodactyl\Models\Backup $oldestBackup */
-            $oldestBackup = $server->backups()->where('is_successful', true)->orderBy('created_at')->first();
+            // Get the oldest backup the server has that is not "locked" (indicating a backup that should
+            // never be automatically purged). If we find a backup we will delete it and then continue with
+            // this process. If no backup is found that can be used an exception is thrown.
+            /** @var \Pterodactyl\Models\Backup $oldest */
+            $oldest = $successful->where('is_locked', false)->orderBy('created_at')->first();
+            if (!$oldest) {
+                throw new TooManyBackupsException($server->backup_limit);
+            }
 
-            // Delete the oldest backup.
-            $this->deleteBackupService->handle($oldestBackup);
+            $this->deleteBackupService->handle($oldest);
         }
 
         return $this->connection->transaction(function () use ($server, $name) {
@@ -131,6 +160,7 @@ public function handle(Server $server, string $name = null, bool $override = fal
                 'name' => trim($name) ?: sprintf('Backup at %s', CarbonImmutable::now()->toDateTimeString()),
                 'ignored_files' => array_values($this->ignoredFiles ?? []),
                 'disk' => $this->backupManager->getDefaultAdapter(),
+                'is_locked' => $this->isLocked,
             ], true, true);
 
             $this->daemonBackupRepository->setServer($server)

app/Transformers/Api/Client/BackupTransformer.php

@@ -19,6 +19,7 @@ public function transform(Backup $backup)
         return [
             'uuid' => $backup->uuid,
             'is_successful' => $backup->is_successful,
+            'is_locked' => $backup->is_locked,
             'name' => $backup->name,
             'ignored_files' => $backup->ignored_files,
             'checksum' => $backup->checksum,

database/migrations/2021_05_03_201016_add_support_for_locking_a_backup.php

@@ -0,0 +1,32 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class AddSupportForLockingABackup extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('backups', function (Blueprint $table) {
+            $table->unsignedTinyInteger('is_locked')->after('is_successful')->default(0);
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('backups', function (Blueprint $table) {
+            $table->dropColumn('is_locked');
+        });
+    }
+}

resources/scripts/api/server/backups/createServerBackup.ts

@@ -2,12 +2,18 @@ import http from '@/api/http';
 import { ServerBackup } from '@/api/server/types';
 import { rawDataToServerBackup } from '@/api/transformers';
 
-export default (uuid: string, name?: string, ignored?: string): Promise<ServerBackup> => {
-    return new Promise((resolve, reject) => {
-        http.post(`/api/client/servers/${uuid}/backups`, {
-            name, ignored,
-        })
-            .then(({ data }) => resolve(rawDataToServerBackup(data)))
-            .catch(reject);
+interface RequestParameters {
+    name?: string;
+    ignored?: string;
+    isLocked: boolean;
+}
+
+export default async (uuid: string, params: RequestParameters): Promise<ServerBackup> => {
+    const { data } = await http.post(`/api/client/servers/${uuid}/backups`, {
+        name: params.name,
+        ignored: params.ignored,
+        is_locked: params.isLocked,
     });
+
+    return rawDataToServerBackup(data);
 };