Merge branch 'develop' into subusers

Author: notAreYouScared

CHANGELOG.md

@@ -3,6 +3,43 @@ This file is a running track of new features and fixes to each version of the pa
 
 This project follows [Semantic Versioning](http://semver.org) guidelines.
 
+## v1.0.3
+### Fixed
+* Fixes bug causing subusers to not be creatable or editable via the frontend for servers.
+* Fixes system timezone not being passed along properly to the MySQL connection causing scheduled tasks to run every minute when the MySQL instance and Panel timezone did not line up.
+* Fixes listing servers owned by a user in the admin area to actually list their servers.
+
+### Changed
+* Adds SameSite `lax` attribute for cookies generated by the Panel.
+* Adds better filtering for searching servers in the admin area to better key off name, uuid, or owner username/email.
+
+## v1.0.2
+### Added
+* Adds support for searching inside the file editor.
+* Adds support for manually executing a schedule regardless of if it is currently queued or not.
+* Adds an indicator to the schedule UI to show when a schedule is currently processing.
+* Adds support for setting the `backup_limit` of a server via the API.
+* **[Security]** Adds login throttling to the 2FA verification endpoint.
+
+### Fixed
+* Fixes subuser page title missing server name.
+* Fixes schedule task `sequence_id` not properly being reset when a schedule's task is deleted.
+* Fixes misc. UI bugs throughout the frontend when long text overflows its bounds.
+* Fixes user deletion command to properly handle email & ID searching.
+* Fixes color issues in the terminal causing certain text & background combinations to be illegible.
+* Fixes reCAPTCHA not properly resetting on login failure.
+* Fixes error messages not properly resetting between login screens.
+* Fixes a UI crash when attempting to create or view a directory or file that contained the `%` somewhere in the name.
+
+### Changed
+* Updated the search modal to close itself when the ESC key is pressed.
+* Updates the schedule view and editing UI to better display information to users.
+* Changed logic powering server searching on the frontend to return more accurate results and return all servers when executing the query as an admin.
+* Admin CP link no longer opens in a new tab.
+* Mounts will no longer allow a user to mount certain directory combinations. This blocks mounting one server's files into another server, and blocks using the server data directory as a mount destination.
+* Cleaned up assorted server build modification code.
+* Updates default eggs to have improved install scripts and more consistent container usage.
+
 ## v1.0.1
 ### Fixed
 * Fixes 500 error when mounting a mount to a server, and other related errors when handling mounts.

README.md

@@ -15,7 +15,7 @@ Stop settling for less. Make game servers a first class citizen on your platform
 ![Image](https://cdn.pterodactyl.io/site-assets/pterodactyl_v1_demo.gif)
 
 ## Sponsors
-I would like to extend my sincere thanks to the following sponsors for helping find Pterodactyl's developement.
+I would like to extend my sincere thanks to the following sponsors for helping fund Pterodactyl's developement.
 [Interested in becoming a sponsor?](https://github.com/sponsors/DaneEveritt)
 
 | Company | About |
@@ -26,8 +26,10 @@ I would like to extend my sincere thanks to the following sponsors for helping f
 | [**DedicatedMC**](https://dedicatedmc.io/) | DedicatedMC provides Raw Power hosting at affordable pricing, making sure to never compromise on your performance and giving you the best performance money can buy. |
 | [**Skynode**](https://www.skynode.pro/) | Skynode provides blazing fast game servers along with a top-notch user experience. Whatever our clients are looking for, we're able to provide it! |
 | [**XCORE-SERVER.de**](https://xcore-server.de/) | XCORE-SERVER.de offers High-End Servers for hosting and gaming since 2012. Fast, excellent and well-known for eSports Gaming. |
-| [**RoyaleHosting**](https://royalehosting.net/) |  Build your dreams and deploy them with RoyaleHosting’s reliable servers and network. Easy to use, provisioned in a couple of minutes. |
-| [**Spill Hosting**](https://spillhosting.no/) |  Spill Hosting is a Norwegian hosting service, which aims to cheap services on quality servers. Premium i9-9900K processors will run your game like a dream. |
+| [**RoyaleHosting**](https://royalehosting.net/) | Build your dreams and deploy them with RoyaleHosting’s reliable servers and network. Easy to use, provisioned in a couple of minutes. |
+| [**Spill Hosting**](https://spillhosting.no/) | Spill Hosting is a Norwegian hosting service, which aims to cheap services on quality servers. Premium i9-9900K processors will run your game like a dream. |
+| [**DeinServerHost**](https://deinserverhost.de/) | DeinServerHost offers Dedicated, vps and Gameservers for many popular Games like Minecraft and Rust in Germany since 2013. |
+| [**HostBend**](https://hostbend.com/) | HostBend offers a variety of solutions for developers, students, and others who have a tight budget but don't want to compromise quality and support. |
 
 ## Documentation
 * [Panel Documentation](https://pterodactyl.io/panel/1.0/getting_started.html)

app/Console/Commands/Environment/AppSettingsCommand.php

@@ -144,6 +144,11 @@ public function handle()
             $this->variables['APP_ENVIRONMENT_ONLY'] = $this->confirm(trans('command/messages.environment.app.settings'), true) ? 'false' : 'true';
         }
 
+        // Make sure session cookies are set as "secure" when using HTTPS
+        if (strpos($this->variables['APP_URL'], 'https://') === 0) {
+            $this->variables['SESSION_SECURE_COOKIE'] = 'true';
+        }
+
         $this->checkForRedis();
         $this->writeToEnvironment($this->variables);
 

app/Console/Commands/Schedule/ProcessRunnableCommand.php

@@ -1,86 +1,79 @@
 <?php
-/**
- * Pterodactyl - Panel
- * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
- *
- * This software is licensed under the terms of the MIT license.
- * https://opensource.org/licenses/MIT
- */
 
 namespace Pterodactyl\Console\Commands\Schedule;
 
-use Cake\Chronos\Chronos;
+use Throwable;
+use Exception;
 use Illuminate\Console\Command;
-use Illuminate\Support\Collection;
+use Pterodactyl\Models\Schedule;
+use Illuminate\Support\Facades\Log;
 use Pterodactyl\Services\Schedules\ProcessScheduleService;
-use Pterodactyl\Contracts\Repository\ScheduleRepositoryInterface;
 
 class ProcessRunnableCommand extends Command
 {
-    /**
-     * @var string
-     */
-    protected $description = 'Process schedules in the database and determine which are ready to run.';
-
-    /**
-     * @var \Pterodactyl\Services\Schedules\ProcessScheduleService
-     */
-    protected $processScheduleService;
-
-    /**
-     * @var \Pterodactyl\Contracts\Repository\ScheduleRepositoryInterface
-     */
-    protected $repository;
-
     /**
      * @var string
      */
     protected $signature = 'p:schedule:process';
 
     /**
-     * ProcessRunnableCommand constructor.
-     *
-     * @param \Pterodactyl\Services\Schedules\ProcessScheduleService $processScheduleService
-     * @param \Pterodactyl\Contracts\Repository\ScheduleRepositoryInterface $repository
+     * @var string
      */
-    public function __construct(ProcessScheduleService $processScheduleService, ScheduleRepositoryInterface $repository)
-    {
-        parent::__construct();
-
-        $this->processScheduleService = $processScheduleService;
-        $this->repository = $repository;
-    }
+    protected $description = 'Process schedules in the database and determine which are ready to run.';
 
     /**
      * Handle command execution.
      */
     public function handle()
     {
-        $schedules = $this->repository->getSchedulesToProcess(Chronos::now()->toAtomString());
+        $schedules = Schedule::query()->with('tasks')
+            ->where('is_active', true)
+            ->where('is_processing', false)
+            ->whereRaw('next_run_at <= NOW()')
+            ->get();
+
         if ($schedules->count() < 1) {
             $this->line('There are no scheduled tasks for servers that need to be run.');
 
             return;
         }
 
         $bar = $this->output->createProgressBar(count($schedules));
-        $schedules->each(function ($schedule) use ($bar) {
-            if ($schedule->tasks instanceof Collection && count($schedule->tasks) > 0) {
-                $this->processScheduleService->handle($schedule);
-
-                if ($this->input->isInteractive()) {
-                    $bar->clear();
-                    $this->line(trans('command/messages.schedule.output_line', [
-                        'schedule' => $schedule->name,
-                        'hash' => $schedule->hashid,
-                    ]));
-                }
-            }
-
+        foreach ($schedules as $schedule) {
+            $bar->clear();
+            $this->processSchedule($schedule);
             $bar->advance();
             $bar->display();
-        });
+        }
 
         $this->line('');
     }
+
+    /**
+     * Processes a given schedule and logs and errors encountered the console output. This should
+     * never throw an exception out, otherwise you'll end up killing the entire run group causing
+     * any other schedules to not process correctly.
+     *
+     * @param \Pterodactyl\Models\Schedule $schedule
+     * @see https://github.com/pterodactyl/panel/issues/2609
+     */
+    protected function processSchedule(Schedule $schedule)
+    {
+        if ($schedule->tasks->isEmpty()) {
+            return;
+        }
+
+        try {
+            $this->getLaravel()->make(ProcessScheduleService::class)->handle($schedule);
+
+            $this->line(trans('command/messages.schedule.output_line', [
+                'schedule' => $schedule->name,
+                'hash' => $schedule->hashid,
+            ]));
+        } catch (Throwable | Exception $exception) {
+            Log::error($exception, ['schedule_id' => $schedule->id]);
+
+            $this->error("An error was encountered while processing Schedule #{$schedule->id}: " . $exception->getMessage());
+        }
+    }
 }

app/Contracts/Repository/ScheduleRepositoryInterface.php

@@ -24,12 +24,4 @@ public function findServerSchedules(int $server): Collection;
      * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
      */
     public function getScheduleWithTasks(int $schedule): Schedule;
-
-    /**
-     * Return all of the schedules that should be processed.
-     *
-     * @param string $timestamp
-     * @return \Illuminate\Support\Collection
-     */
-    public function getSchedulesToProcess(string $timestamp): Collection;
 }

app/Contracts/Repository/ServerRepositoryInterface.php

@@ -139,16 +139,4 @@ public function getSuspendedServersCount(): int;
      * @return \Illuminate\Contracts\Pagination\LengthAwarePaginator
      */
     public function loadAllServersForNode(int $node, int $limit): LengthAwarePaginator;
-
-    /**
-     * Returns every server that exists for a given node.
-     *
-     * This is different from {@see loadAllServersForNode} because
-     * it does not paginate the response.
-     *
-     * @param int $node
-     *
-     * @return \Illuminate\Database\Eloquent\Builder[]|\Illuminate\Database\Eloquent\Collection
-     */
-    public function loadEveryServerForNode(int $node);
 }

app/Helpers/Time.php

@@ -0,0 +1,25 @@
+<?php
+
+namespace Pterodactyl\Helpers;
+
+use Carbon\CarbonImmutable;
+
+final class Time
+{
+    /**
+     * Gets the time offset from the provided timezone relative to UTC as a number. This
+     * is used in the database configuration since we can't always rely on there being support
+     * for named timezones in MySQL.
+     *
+     * Returns the timezone as a string like +08:00 or -05:00 depending on the app timezone.
+     *
+     * @param string $timezone
+     * @return string
+     */
+    public static function getMySQLTimezoneOffset(string $timezone): string
+    {
+        $offset = round(CarbonImmutable::now($timezone)->getTimezone()->getOffset(CarbonImmutable::now('UTC')) / 3600);
+
+        return sprintf('%s%s:00', $offset > 0 ? '+' : '-', str_pad(abs($offset), 2, '0', STR_PAD_LEFT));
+    }
+}

app/Helpers/Utilities.php

@@ -52,7 +52,12 @@ public static function getScheduleNextRunDate(string $minute, string $hour, stri
         )->getNextRunDate());
     }
 
-    public static function checked($name, $default)
+    /**
+     * @param string $name
+     * @param mixed $default
+     * @return string
+     */
+    public static function checked(string $name, $default)
     {
         $errors = session('errors');
 

app/Http/Controllers/Admin/Servers/ServerController.php

@@ -6,7 +6,9 @@
 use Pterodactyl\Models\Server;
 use Spatie\QueryBuilder\QueryBuilder;
 use Illuminate\Contracts\View\Factory;
+use Spatie\QueryBuilder\AllowedFilter;
 use Pterodactyl\Http\Controllers\Controller;
+use Pterodactyl\Models\Filters\AdminServerFilter;
 use Pterodactyl\Repositories\Eloquent\ServerRepository;
 
 class ServerController extends Controller
@@ -45,8 +47,10 @@ public function __construct(
     public function index(Request $request)
     {
         $servers = QueryBuilder::for(Server::query()->with('node', 'user', 'allocation'))
-            ->allowedFilters(['uuid', 'name', 'image'])
-            ->allowedSorts(['id', 'uuid'])
+            ->allowedFilters([
+                AllowedFilter::exact('owner_id'),
+                AllowedFilter::custom('*', new AdminServerFilter),
+            ])
             ->paginate(config()->get('pterodactyl.paginate.admin.servers'));
 
         return $this->view->make('admin.servers.index', ['servers' => $servers]);

app/Http/Controllers/Api/Client/Servers/ScheduleTaskController.php

@@ -56,7 +56,8 @@ public function store(StoreTaskRequest $request, Server $server, Schedule $sched
             );
         }
 
-        $lastTask = $schedule->tasks->last();
+        /** @var \Pterodactyl\Models\Task|null $lastTask */
+        $lastTask = $schedule->tasks()->orderByDesc('sequence_id')->first();
 
         /** @var \Pterodactyl\Models\Task $task */
         $task = $this->repository->create([
@@ -102,13 +103,16 @@ public function update(StoreTaskRequest $request, Server $server, Schedule $sche
     }
 
     /**
-     * Determines if a user can delete the task for a given server.
+     * Delete a given task for a schedule. If there are subsequent tasks stored in the database
+     * for this schedule their sequence IDs are decremented properly.
      *
      * @param \Pterodactyl\Http\Requests\Api\Client\ClientApiRequest $request
      * @param \Pterodactyl\Models\Server $server
      * @param \Pterodactyl\Models\Schedule $schedule
      * @param \Pterodactyl\Models\Task $task
      * @return \Illuminate\Http\JsonResponse
+     *
+     * @throws \Exception
      */
     public function delete(ClientApiRequest $request, Server $server, Schedule $schedule, Task $task)
     {
@@ -120,8 +124,12 @@ public function delete(ClientApiRequest $request, Server $server, Schedule $sche
             throw new HttpForbiddenException('You do not have permission to perform this action.');
         }
 
-        $this->repository->delete($task->id);
+        $schedule->tasks()->where('sequence_id', '>', $task->sequence_id)->update([
+            'sequence_id' => $schedule->tasks()->getConnection()->raw('(sequence_id - 1)'),
+        ]);
+
+        $task->delete();
 
-        return JsonResponse::create(null, Response::HTTP_NO_CONTENT);
+        return new JsonResponse(null, Response::HTTP_NO_CONTENT);
     }
 }