Add activity logging to most of the endpoints

Author: DaneEveritt

app/Facades/Activity.php

@@ -16,6 +16,7 @@
  * @method static ActivityLogService property(string|array $key, mixed $value = null)
  * @method static \Pterodactyl\Models\ActivityLog log(string $description = null)
  * @method static ActivityLogService clone()
+ * @method static void reset()
  * @method static mixed transaction(\Closure $callback)
  */
 class Activity extends Facade

app/Http/Controllers/Api/Client/Servers/DatabaseController.php

@@ -5,6 +5,7 @@
 use Illuminate\Http\Response;
 use Pterodactyl\Models\Server;
 use Pterodactyl\Models\Database;
+use Pterodactyl\Facades\Activity;
 use Pterodactyl\Repositories\Eloquent\DatabaseRepository;
 use Pterodactyl\Services\Databases\DatabasePasswordService;
 use Pterodactyl\Transformers\Api\Client\DatabaseTransformer;
@@ -76,6 +77,11 @@ public function store(StoreDatabaseRequest $request, Server $server): array
     {
         $database = $this->deployDatabaseService->handle($server, $request->validated());
 
+        Activity::event('server:database.create')
+            ->subject($database)
+            ->property('name', $database->database)
+            ->log();
+
         return $this->fractal->item($database)
             ->parseIncludes(['password'])
             ->transformWith($this->getTransformer(DatabaseTransformer::class))
@@ -95,6 +101,8 @@ public function rotatePassword(RotatePasswordRequest $request, Server $server, D
         $this->passwordService->handle($database);
         $database->refresh();
 
+        Activity::event('server:database.rotate-password')->subject($database)->log();
+
         return $this->fractal->item($database)
             ->parseIncludes(['password'])
             ->transformWith($this->getTransformer(DatabaseTransformer::class))
@@ -110,6 +118,11 @@ public function delete(DeleteDatabaseRequest $request, Server $server, Database
     {
         $this->managementService->delete($database);
 
+        Activity::event('server:database.delete')
+            ->subject($database)
+            ->property('name', $database->database)
+            ->log();
+
         return Response::create('', Response::HTTP_NO_CONTENT);
     }
 }

app/Http/Controllers/Api/Client/Servers/NetworkAllocationController.php

@@ -4,6 +4,7 @@
 
 use Pterodactyl\Models\Server;
 use Illuminate\Http\JsonResponse;
+use Pterodactyl\Facades\Activity;
 use Pterodactyl\Models\Allocation;
 use Pterodactyl\Exceptions\DisplayException;
 use Pterodactyl\Repositories\Eloquent\ServerRepository;
@@ -68,9 +69,16 @@ public function index(GetNetworkRequest $request, Server $server): array
      */
     public function update(UpdateAllocationRequest $request, Server $server, Allocation $allocation): array
     {
-        $allocation = $this->repository->update($allocation->id, [
-            'notes' => $request->input('notes'),
-        ]);
+        $original = $allocation->notes;
+
+        $allocation->forceFill(['notes' => $request->input('notes')])->save();
+
+        if ($original !== $allocation->notes) {
+            Activity::event('server:allocation.notes')
+                ->subject($allocation)
+                ->property(['allocation' => $allocation->toString(), 'old' => $original, 'new' => $allocation->notes])
+                ->log();
+        }
 
         return $this->fractal->item($allocation)
             ->transformWith($this->getTransformer(AllocationTransformer::class))
@@ -87,6 +95,11 @@ public function setPrimary(SetPrimaryAllocationRequest $request, Server $server,
     {
         $this->serverRepository->update($server->id, ['allocation_id' => $allocation->id]);
 
+        Activity::event('server:allocation.primary')
+            ->subject($allocation)
+            ->property('allocation', $allocation->toString())
+            ->log();
+
         return $this->fractal->item($allocation)
             ->transformWith($this->getTransformer(AllocationTransformer::class))
             ->toArray();
@@ -106,6 +119,11 @@ public function store(NewAllocationRequest $request, Server $server): array
 
         $allocation = $this->assignableAllocationService->handle($server);
 
+        Activity::event('server:allocation.create')
+            ->subject($allocation)
+            ->property('allocation', $allocation->toString())
+            ->log();
+
         return $this->fractal->item($allocation)
             ->transformWith($this->getTransformer(AllocationTransformer::class))
             ->toArray();
@@ -135,6 +153,11 @@ public function delete(DeleteAllocationRequest $request, Server $server, Allocat
             'server_id' => null,
         ]);
 
+        Activity::event('server:allocation.delete')
+            ->subject($allocation)
+            ->property('allocation', $allocation->toString())
+            ->log();
+
         return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
     }
 }

app/Http/Controllers/Api/Client/Servers/ScheduleController.php

@@ -9,6 +9,7 @@
 use Pterodactyl\Models\Server;
 use Pterodactyl\Models\Schedule;
 use Illuminate\Http\JsonResponse;
+use Pterodactyl\Facades\Activity;
 use Pterodactyl\Helpers\Utilities;
 use Pterodactyl\Exceptions\DisplayException;
 use Pterodactyl\Repositories\Eloquent\ScheduleRepository;
@@ -83,6 +84,11 @@ public function store(StoreScheduleRequest $request, Server $server)
             'next_run_at' => $this->getNextRunAt($request),
         ]);
 
+        Activity::event('server:schedule.create')
+            ->subject($model)
+            ->property('name', $model->name)
+            ->log();
+
         return $this->fractal->item($model)
             ->transformWith($this->getTransformer(ScheduleTransformer::class))
             ->toArray();
@@ -141,6 +147,11 @@ public function update(UpdateScheduleRequest $request, Server $server, Schedule
 
         $this->repository->update($schedule->id, $data);
 
+        Activity::event('server:schedule.update')
+            ->subject($schedule)
+            ->property(['name' => $schedule->name, 'active' => $active])
+            ->log();
+
         return $this->fractal->item($schedule->refresh())
             ->transformWith($this->getTransformer(ScheduleTransformer::class))
             ->toArray();
@@ -158,6 +169,8 @@ public function execute(TriggerScheduleRequest $request, Server $server, Schedul
     {
         $this->service->handle($schedule, true);
 
+        Activity::event('server:schedule.execute')->subject($schedule)->property('name', $schedule->name)->log();
+
         return new JsonResponse([], JsonResponse::HTTP_ACCEPTED);
     }
 
@@ -170,6 +183,8 @@ public function delete(DeleteScheduleRequest $request, Server $server, Schedule
     {
         $this->repository->delete($schedule->id);
 
+        Activity::event('server:schedule.delete')->subject($schedule)->property('name', $schedule->name)->log();
+
         return new JsonResponse([], Response::HTTP_NO_CONTENT);
     }
 

app/Http/Controllers/Api/Client/Servers/ScheduleTaskController.php

@@ -7,6 +7,7 @@
 use Pterodactyl\Models\Server;
 use Pterodactyl\Models\Schedule;
 use Illuminate\Http\JsonResponse;
+use Pterodactyl\Facades\Activity;
 use Pterodactyl\Models\Permission;
 use Pterodactyl\Repositories\Eloquent\TaskRepository;
 use Pterodactyl\Exceptions\Http\HttpForbiddenException;
@@ -67,6 +68,11 @@ public function store(StoreTaskRequest $request, Server $server, Schedule $sched
             'continue_on_failure' => (bool) $request->input('continue_on_failure'),
         ]);
 
+        Activity::event('server:task.create')
+            ->subject($schedule, $task)
+            ->property(['name' => $schedule->name, 'action' => $task->action, 'payload' => $task->payload])
+            ->log();
+
         return $this->fractal->item($task)
             ->transformWith($this->getTransformer(TaskTransformer::class))
             ->toArray();
@@ -98,6 +104,11 @@ public function update(StoreTaskRequest $request, Server $server, Schedule $sche
             'continue_on_failure' => (bool) $request->input('continue_on_failure'),
         ]);
 
+        Activity::event('server:task.update')
+            ->subject($schedule, $task)
+            ->property(['name' => $schedule->name, 'action' => $task->action, 'payload' => $task->payload])
+            ->log();
+
         return $this->fractal->item($task->refresh())
             ->transformWith($this->getTransformer(TaskTransformer::class))
             ->toArray();
@@ -127,6 +138,8 @@ public function delete(ClientApiRequest $request, Server $server, Schedule $sche
 
         $task->delete();
 
+        Activity::event('server:task.delete')->subject($schedule, $task)->property('name', $schedule->name)->log();
+
         return new JsonResponse(null, Response::HTTP_NO_CONTENT);
     }
 }

app/Http/Controllers/Api/Client/Servers/SettingsController.php

@@ -5,6 +5,7 @@
 use Illuminate\Http\Response;
 use Pterodactyl\Models\Server;
 use Illuminate\Http\JsonResponse;
+use Pterodactyl\Facades\Activity;
 use Pterodactyl\Repositories\Eloquent\ServerRepository;
 use Pterodactyl\Services\Servers\ReinstallServerService;
 use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
@@ -52,6 +53,12 @@ public function rename(RenameServerRequest $request, Server $server)
             'name' => $request->input('name'),
         ]);
 
+        if ($server->name !== $request->input('name')) {
+            Activity::event('server:settings.rename')
+                ->property(['old' => $server->name, 'new' => $request->input('name')])
+                ->log();
+        }
+
         return new JsonResponse([], Response::HTTP_NO_CONTENT);
     }
 
@@ -66,6 +73,8 @@ public function reinstall(ReinstallServerRequest $request, Server $server)
     {
         $this->reinstallServerService->handle($server);
 
+        Activity::event('server:reinstall')->log();
+
         return new JsonResponse([], Response::HTTP_ACCEPTED);
     }
 
@@ -82,8 +91,15 @@ public function dockerImage(SetDockerImageRequest $request, Server $server)
             throw new BadRequestHttpException('This server\'s Docker image has been manually set by an administrator and cannot be updated.');
         }
 
+        $original = $server->image;
         $server->forceFill(['image' => $request->input('docker_image')])->saveOrFail();
 
+        if ($original !== $server->image) {
+            Activity::event('server:startup.image')
+                ->property(['old' => $original, 'new' => $request->input('docker_image')])
+                ->log();
+        }
+
         return new JsonResponse([], Response::HTTP_NO_CONTENT);
     }
 }

app/Http/Controllers/Api/Client/Servers/StartupController.php

@@ -3,6 +3,7 @@
 namespace Pterodactyl\Http\Controllers\Api\Client\Servers;
 
 use Pterodactyl\Models\Server;
+use Pterodactyl\Facades\Activity;
 use Pterodactyl\Services\Servers\StartupCommandService;
 use Pterodactyl\Services\Servers\VariableValidatorService;
 use Pterodactyl\Repositories\Eloquent\ServerVariableRepository;
@@ -75,6 +76,7 @@ public function update(UpdateStartupVariableRequest $request, Server $server)
     {
         /** @var \Pterodactyl\Models\EggVariable $variable */
         $variable = $server->variables()->where('env_variable', $request->input('key'))->first();
+        $original = $variable->server_value;
 
         if (is_null($variable) || !$variable->user_viewable) {
             throw new BadRequestHttpException('The environment variable you are trying to edit does not exist.');
@@ -97,6 +99,17 @@ public function update(UpdateStartupVariableRequest $request, Server $server)
 
         $startup = $this->startupCommandService->handle($server, false);
 
+        if ($variable->env_variable !== $request->input('value')) {
+            Activity::event('server:startup.edit')
+                ->subject($variable)
+                ->property([
+                    'variable' => $variable->env_variable,
+                    'old' => $original,
+                    'new' => $request->input('value'),
+                ])
+                ->log();
+        }
+
         return $this->fractal->item($variable)
             ->transformWith($this->getTransformer(EggVariableTransformer::class))
             ->addMeta([

app/Http/Controllers/Api/Client/Servers/SubuserController.php

@@ -5,6 +5,7 @@
 use Illuminate\Http\Request;
 use Pterodactyl\Models\Server;
 use Illuminate\Http\JsonResponse;
+use Pterodactyl\Facades\Activity;
 use Pterodactyl\Models\Permission;
 use Illuminate\Support\Facades\Log;
 use Pterodactyl\Repositories\Eloquent\SubuserRepository;
@@ -94,6 +95,11 @@ public function store(StoreSubuserRequest $request, Server $server)
             $this->getDefaultPermissions($request)
         );
 
+        Activity::event('server:subuser.create')
+            ->subject($response->user)
+            ->property(['email' => $request->input('email'), 'permissions' => $this->getDefaultPermissions($request)])
+            ->log();
+
         return $this->fractal->item($response)
             ->transformWith($this->getTransformer(SubuserTransformer::class))
             ->toArray();
@@ -116,22 +122,37 @@ public function update(UpdateSubuserRequest $request, Server $server): array
         sort($permissions);
         sort($current);
 
+        $log = Activity::event('server:subuser.update')
+            ->subject($subuser->user)
+            ->property([
+                'email' => $subuser->user->email,
+                'old' => $current,
+                'new' => $permissions,
+                'revoked' => true,
+            ]);
+
         // Only update the database and hit up the Wings instance to invalidate JTI's if the permissions
         // have actually changed for the user.
         if ($permissions !== $current) {
-            $this->repository->update($subuser->id, [
-                'permissions' => $this->getDefaultPermissions($request),
-            ]);
-
-            try {
-                $this->serverRepository->setServer($server)->revokeUserJTI($subuser->user_id);
-            } catch (DaemonConnectionException $exception) {
-                // Don't block this request if we can't connect to the Wings instance. Chances are it is
-                // offline in this event and the token will be invalid anyways once Wings boots back.
-                Log::warning($exception, ['user_id' => $subuser->user_id, 'server_id' => $server->id]);
-            }
+            $log->transaction(function ($instance) use ($request, $subuser, $server) {
+                $this->repository->update($subuser->id, [
+                    'permissions' => $this->getDefaultPermissions($request),
+                ]);
+
+                try {
+                    $this->serverRepository->setServer($server)->revokeUserJTI($subuser->user_id);
+                } catch (DaemonConnectionException $exception) {
+                    // Don't block this request if we can't connect to the Wings instance. Chances are it is
+                    // offline in this event and the token will be invalid anyways once Wings boots back.
+                    Log::warning($exception, ['user_id' => $subuser->user_id, 'server_id' => $server->id]);
+
+                    $instance->property('revoked', false);
+                }
+            });
         }
 
+        $log->reset();
+
         return $this->fractal->item($subuser->refresh())
             ->transformWith($this->getTransformer(SubuserTransformer::class))
             ->toArray();
@@ -147,14 +168,23 @@ public function delete(DeleteSubuserRequest $request, Server $server)
         /** @var \Pterodactyl\Models\Subuser $subuser */
         $subuser = $request->attributes->get('subuser');
 
-        $this->repository->delete($subuser->id);
+        $log = Activity::event('server:subuser.delete')
+            ->subject($subuser->user)
+            ->property('email', $subuser->user->email)
+            ->property('revoked', true);
 
-        try {
-            $this->serverRepository->setServer($server)->revokeUserJTI($subuser->user_id);
-        } catch (DaemonConnectionException $exception) {
-            // Don't block this request if we can't connect to the Wings instance.
-            Log::warning($exception, ['user_id' => $subuser->user_id, 'server_id' => $server->id]);
-        }
+        $log->transaction(function ($instance) use ($server, $subuser) {
+            $subuser->delete();
+
+            try {
+                $this->serverRepository->setServer($server)->revokeUserJTI($subuser->user_id);
+            } catch (DaemonConnectionException $exception) {
+                // Don't block this request if we can't connect to the Wings instance.
+                Log::warning($exception, ['user_id' => $subuser->user_id, 'server_id' => $server->id]);
+
+                $instance->property('revoked', false);
+            }
+        });
 
         return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
     }

app/Models/Allocation.php

@@ -122,6 +122,11 @@ public function getHasAliasAttribute($value)
         return !is_null($this->ip_alias);
     }
 
+    public function toString(): string
+    {
+        return sprintf('%s:%s', $this->ip, $this->port);
+    }
+
     /**
      * Gets information for the server associated with this allocation.
      *