Better handling of file download requests

Author: DaneEveritt

CHANGELOG.md

@@ -12,6 +12,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
 ### Added
 * Adds back client API for sending commands or power toggles to a server though the Panel API: `/api/client/servers/<identifier>`
 * Added proper transformer for Packs and re-enabled missing includes on server.
+* Added support for using Filesystem as a caching driver, although not recommended.
 
 ## v0.7.3 (Derelict Dermodactylus)
 ### Fixed

app/Http/Controllers/Api/Remote/FileDownloadController.php

@@ -0,0 +1,50 @@
+<?php
+
+namespace Pterodactyl\Http\Controllers\Api\Remote;
+
+use Illuminate\Http\Request;
+use Illuminate\Http\JsonResponse;
+use Pterodactyl\Http\Controllers\Controller;
+use Illuminate\Contracts\Cache\Repository as CacheRepository;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+
+class FileDownloadController extends Controller
+{
+    /**
+     * @var \Illuminate\Contracts\Cache\Repository
+     */
+    private $cache;
+
+    /**
+     * FileDownloadController constructor.
+     *
+     * @param \Illuminate\Contracts\Cache\Repository $cache
+     */
+    public function __construct(CacheRepository $cache)
+    {
+        $this->cache = $cache;
+    }
+
+    /**
+     * Handle a request to authenticate a download using a token and return
+     * the path of the file to the daemon.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @return \Illuminate\Http\JsonResponse
+     *
+     * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
+     */
+    public function index(Request $request): JsonResponse
+    {
+        $download = $this->cache->pull('Server:Downloads:' . $request->input('token', ''));
+
+        if (is_null($download)) {
+            throw new NotFoundHttpException('No file was found using the token provided.');
+        }
+
+        return response()->json([
+            'path' => array_get($download, 'path'),
+            'server' => array_get($download, 'server'),
+        ]);
+    }
+}

app/Http/Controllers/Daemon/ActionController.php

@@ -10,28 +10,6 @@
 
 class ActionController extends Controller
 {
-    /**
-     * Handles download request from daemon.
-     *
-     * @param \Illuminate\Http\Request $request
-     * @return \Illuminate\Http\JsonResponse
-     */
-    public function authenticateDownload(Request $request)
-    {
-        $download = Cache::pull('Server:Downloads:' . $request->input('token'));
-
-        if (is_null($download)) {
-            return response()->json([
-                'error' => 'An invalid request token was recieved with this request.',
-            ], 403);
-        }
-
-        return response()->json([
-            'path' => $download['path'],
-            'server' => $download['server'],
-        ]);
-    }
-
     /**
      * Handles install toggle request from daemon.
      *

app/Http/Controllers/Server/Files/DownloadController.php

@@ -9,6 +9,7 @@
 
 namespace Pterodactyl\Http\Controllers\Server\Files;
 
+use Ramsey\Uuid\Uuid;
 use Illuminate\Http\Request;
 use Illuminate\Cache\Repository;
 use Illuminate\Http\RedirectResponse;
@@ -46,8 +47,9 @@ public function index(Request $request, string $uuid, string $file): RedirectRes
         $server = $request->attributes->get('server');
         $this->authorize('download-files', $server);
 
-        $token = str_random(40);
+        $token = Uuid::uuid4()->toString();
         $node = $server->getRelation('node');
+
         $this->cache->put('Server:Downloads:' . $token, ['server' => $server->uuid, 'path' => $file], 5);
 
         return redirect(sprintf('%s://%s:%s/v1/server/file/download/%s', $node->scheme, $node->fqdn, $node->daemonListen, $token));

routes/api-remote.php

@@ -1,12 +1,7 @@
 <?php
-/**
- * Pterodactyl - Panel
- * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
- *
- * This software is licensed under the terms of the MIT license.
- * https://opensource.org/licenses/MIT
- */
+
 Route::get('/authenticate/{token}', 'ValidateKeyController@index')->name('api.remote.authenticate');
+Route::post('/download-file', 'FileDownloadController@index')->name('api.remote.download_file');
 
 Route::group(['prefix' => '/eggs'], function () {
     Route::get('/', 'EggRetrievalController@index')->name('api.remote.eggs');

routes/daemon.php

@@ -10,5 +10,4 @@
 Route::get('/packs/pull/{uuid}/hash', 'PackController@hash')->name('daemon.pack.hash');
 Route::get('/configure/{token}', 'ActionController@configuration')->name('daemon.configuration');
 
-Route::post('/download', 'ActionController@authenticateDownload')->name('daemon.download');
 Route::post('/install', 'ActionController@markInstall')->name('daemon.install');