Don't allow creation of a database with an identical name for the same server; closes pterodactyl#2447

DaneEveritt · DaneEveritt · commit a4d7170facb7 · 2020-10-10T18:17:04.000-07:00
diff --git a/app/Http/Requests/Api/Client/Servers/Databases/StoreDatabaseRequest.php b/app/Http/Requests/Api/Client/Servers/Databases/StoreDatabaseRequest.php
@@ -2,7 +2,11 @@
 
 namespace Pterodactyl\Http\Requests\Api\Client\Servers\Databases;
 
+use Webmozart\Assert\Assert;
+use Pterodactyl\Models\Server;
+use Illuminate\Validation\Rule;
 use Pterodactyl\Models\Permission;
+use Illuminate\Database\Query\Builder;
 use Pterodactyl\Contracts\Http\ClientPermissionsRequest;
 use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
 
@@ -21,9 +25,31 @@ public function permission(): string
      */
     public function rules(): array
     {
+        $server = $this->route()->parameter('server');
+
+        Assert::isInstanceOf($server, Server::class);
+
         return [
-            'database' => 'required|alpha_dash|min:3|max:48',
+            'database' => [
+                'required',
+                'alpha_dash',
+                'min:3',
+                'max:48',
+                // Yes, I am aware that you could have the same database name across two unique hosts. However,
+                // I don't really care about that for this validation. We just want to make sure it is unique to
+                // the server itself. No need for complexity.
+                Rule::unique('databases', 'database')->where(function (Builder $query) use ($server) {
+                    $query->where('server_id', $server->id);
+                }),
+            ],
             'remote' => 'required|string|regex:/^[0-9%.]{1,15}$/',
         ];
     }
+
+    public function messages()
+    {
+        return [
+            'database.unique' => 'The database name you have selected is already in use by this server.',
+        ];
+    }
 }
diff --git a/database/migrations/2020_10_10_165437_change_unique_database_name_to_account_for_server.php b/database/migrations/2020_10_10_165437_change_unique_database_name_to_account_for_server.php
@@ -0,0 +1,41 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class ChangeUniqueDatabaseNameToAccountForServer extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('databases', function (Blueprint $table) {
+            $table->dropUnique(['database_host_id', 'database']);
+        });
+
+        Schema::table('databases', function (Blueprint $table) {
+            $table->unique(['database_host_id', 'server_id', 'database']);
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('databases', function (Blueprint $table) {
+            $table->dropUnique(['database_host_id', 'server_id', 'database']);
+        });
+
+        Schema::table('databases', function (Blueprint $table) {
+            $table->unique(['database_host_id', 'database']);
+        });
+
+    }
+}
