Merge pull request pterodactyl#701 from Pterodactyl/feature/add-frontend-server-configuration

Add database/startup/allocation management to server front-end views

Author: DaneEveritt

CHANGELOG.md

@@ -12,22 +12,34 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
 * New CLI command to disabled 2-Factor Authentication on an account if necessary.
 * Ability to delete users and locations via the CLI.
 * You can now require 2FA for all users, admins only, or at will using a simple configuration in the Admin CP.
-* Added ability to export and import service options and their associated settings and environment variables via the Admin CP.
+* **Added ability to export and import service options and their associated settings and environment variables via the Admin CP.**
+* Default allocation for a server can be changed on the front-end by users. This includes two new subuser permissions as well.
+* Significant improvements to environment variable control for servers. Now ships with built-in abilities to define extra variables in the Panel's configuration file, or in-code for those heavily modifying the Panel.
+* Quick link to server edit view in ACP on frontend when viewing servers.
+* Databases created in the Panel now include `EXECUTE` privilege.
 
 ### Changed
+* **Services renamed to Nests. Service Options renamed to Eggs.** 🥚
 * Theme colors and login pages updated to give a more unique feel to the project.
 * Massive overhaul to the backend code that allows for much easier updating of core functionality as well as support for better testing. This overhaul also reduces complex code logic, and allows for faster response times in the application.
 * CLI commands updated to be easier to type, now stored in the `p:` namespace.
 * Logout icon is now more universal and not just a power icon.
 * Administrative logout notice now uses SWAL rather than a generic javascript popup.
 * Server creation page now only asks for a node to deploy to, rather than requiring a location and then a node.
+* Database passwords are now hidden by default and will only show if clicked on. In addition, database view in ACP now indicates that passwords must be viewed on the front-end.
+* Localhost cannot be used as a connection address in the environment configuration script. `127.0.0.1` is allowed.
 
 ### Fixed
 * Unable to change the daemon secret for a server via the Admin CP.
 * Using default value in rules when creating a new variable if the rules is empty.
 * Fixes a design-flaw in the allocation management part of nodes that would run a MySQL query for each port being allocated. This behavior is now changed to only execute one query to add multiple ports at once.
 * Attempting to create a server when no nodes are configured now redirects to the node creation page.
 * Fixes missing library issue for teamspeak when used with mariadb.
+* Fixes inability to change the default port on front-end when viewing a server.
+* Fixes bug preventing deletion of nests that have other nests referencing them as children. 
+
+### Removed
+* SFTP settings page now only displays connection address and username. Password setting was removed as it is no longer necessary with Daemon changes.
 
 ## v0.6.4 (Courageous Carniadactylus)
 ### Fixed

app/Contracts/Repository/DatabaseRepositoryInterface.php

@@ -9,8 +9,35 @@
 
 namespace Pterodactyl\Contracts\Repository;
 
+use Illuminate\Support\Collection;
+
 interface DatabaseRepositoryInterface extends RepositoryInterface
 {
+    const DEFAULT_CONNECTION_NAME = 'dynamic';
+
+    /**
+     * Set the connection name to execute statements against.
+     *
+     * @param string $connection
+     * @return $this
+     */
+    public function setConnection(string $connection);
+
+    /**
+     * Return the connection to execute statements aganist.
+     *
+     * @return string
+     */
+    public function getConnection(): string;
+
+    /**
+     * Return all of the databases belonging to a server.
+     *
+     * @param int $server
+     * @return \Illuminate\Support\Collection
+     */
+    public function getDatabasesForServer(int $server): Collection;
+
     /**
      * Create a new database if it does not already exist on the host with
      * the provided details.
@@ -26,58 +53,52 @@ public function createIfNotExists(array $data);
     /**
      * Create a new database on a given connection.
      *
-     * @param string      $database
-     * @param null|string $connection
+     * @param string $database
      * @return bool
      */
-    public function createDatabase($database, $connection = null);
+    public function createDatabase($database);
 
     /**
      * Create a new database user on a given connection.
      *
-     * @param string      $username
-     * @param string      $remote
-     * @param string      $password
-     * @param null|string $connection
+     * @param string $username
+     * @param string $remote
+     * @param string $password
      * @return bool
      */
-    public function createUser($username, $remote, $password, $connection = null);
+    public function createUser($username, $remote, $password);
 
     /**
      * Give a specific user access to a given database.
      *
-     * @param string      $database
-     * @param string      $username
-     * @param string      $remote
-     * @param null|string $connection
+     * @param string $database
+     * @param string $username
+     * @param string $remote
      * @return bool
      */
-    public function assignUserToDatabase($database, $username, $remote, $connection = null);
+    public function assignUserToDatabase($database, $username, $remote);
 
     /**
      * Flush the privileges for a given connection.
      *
-     * @param null|string $connection
      * @return mixed
      */
-    public function flush($connection = null);
+    public function flush();
 
     /**
      * Drop a given database on a specific connection.
      *
-     * @param string      $database
-     * @param null|string $connection
+     * @param string $database
      * @return bool
      */
-    public function dropDatabase($database, $connection = null);
+    public function dropDatabase($database);
 
     /**
      * Drop a given user on a specific connection.
      *
-     * @param string      $username
-     * @param string      $remote
-     * @param null|string $connection
+     * @param string $username
+     * @param string $remote
      * @return mixed
      */
-    public function dropUser($username, $remote, $connection = null);
+    public function dropUser($username, $remote);
 }

app/Contracts/Repository/EggVariableRepositoryInterface.php

@@ -9,6 +9,16 @@
 
 namespace Pterodactyl\Contracts\Repository;
 
+use Illuminate\Support\Collection;
+
 interface EggVariableRepositoryInterface extends RepositoryInterface
 {
+    /**
+     * Return editable variables for a given egg. Editable variables must be set to
+     * user viewable in order to be picked up by this function.
+     *
+     * @param int $egg
+     * @return \Illuminate\Support\Collection
+     */
+    public function getEditableVariables(int $egg): Collection;
 }

app/Contracts/Repository/ServerRepositoryInterface.php

@@ -9,6 +9,7 @@
 
 namespace Pterodactyl\Contracts\Repository;
 
+use Pterodactyl\Models\Server;
 use Pterodactyl\Contracts\Repository\Attributes\SearchableInterface;
 
 interface ServerRepositoryInterface extends RepositoryInterface, SearchableInterface
@@ -53,14 +54,26 @@ public function findWithVariables($id);
     public function getVariablesWithValues($id, $returnAsObject = false);
 
     /**
-     * Return enough data to be used for the creation of a server via the daemon.
+     * Get the primary allocation for a given server. If a model is passed into
+     * the function, load the allocation relationship onto it. Otherwise, find and
+     * return the server from the database.
      *
-     * @param int $id
-     * @return \Illuminate\Database\Eloquent\Collection|\Illuminate\Database\Eloquent\Model
+     * @param int|\Pterodactyl\Models\Server $server
+     * @param bool                           $refresh
+     * @return \Pterodactyl\Models\Server
      *
      * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
      */
-    public function getDataForCreation($id);
+    public function getPrimaryAllocation($server, bool $refresh = false): Server;
+
+    /**
+     * Return enough data to be used for the creation of a server via the daemon.
+     *
+     * @param \Pterodactyl\Models\Server $server
+     * @param bool                       $refresh
+     * @return \Pterodactyl\Models\Server
+     */
+    public function getDataForCreation(Server $server, bool $refresh = false): Server;
 
     /**
      * Return a server as well as associated databases and their hosts.

app/Exceptions/DisplayException.php

@@ -28,17 +28,17 @@ class DisplayException extends PterodactylException
      * @param string         $message
      * @param Throwable|null $previous
      * @param string         $level
-     * @internal param mixed $log
+     * @param int            $code
      */
-    public function __construct($message, Throwable $previous = null, $level = self::LEVEL_ERROR)
+    public function __construct($message, Throwable $previous = null, $level = self::LEVEL_ERROR, $code = 0)
     {
         $this->level = $level;
 
         if (! is_null($previous)) {
             Log::{$level}($previous);
         }
 
-        parent::__construct($message);
+        parent::__construct($message, $code, $previous);
     }
 
     /**

app/Exceptions/Service/Allocation/AllocationDoesNotBelongToServerException.php

@@ -0,0 +1,9 @@
+<?php
+
+namespace Pterodactyl\Exceptions\Service\Allocation;
+
+use Pterodactyl\Exceptions\PterodactylException;
+
+class AllocationDoesNotBelongToServerException extends PterodactylException
+{
+}

app/Http/Controllers/API/Remote/SftpController.php

@@ -0,0 +1,85 @@
+<?php
+
+namespace Pterodactyl\Http\Controllers\API\Remote;
+
+use Illuminate\Http\Request;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Auth\AuthenticationException;
+use Pterodactyl\Http\Controllers\Controller;
+use Illuminate\Foundation\Auth\ThrottlesLogins;
+use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
+use Pterodactyl\Services\Sftp\AuthenticateUsingPasswordService;
+use Pterodactyl\Http\Requests\API\Remote\SftpAuthenticationFormRequest;
+
+class SftpController extends Controller
+{
+    use ThrottlesLogins;
+
+    /**
+     * @var \Pterodactyl\Services\Sftp\AuthenticateUsingPasswordService
+     */
+    private $authenticationService;
+
+    /**
+     * SftpController constructor.
+     *
+     * @param \Pterodactyl\Services\Sftp\AuthenticateUsingPasswordService $authenticationService
+     */
+    public function __construct(AuthenticateUsingPasswordService $authenticationService)
+    {
+        $this->authenticationService = $authenticationService;
+    }
+
+    /**
+     * Authenticate a set of credentials and return the associated server details
+     * for a SFTP connection on the daemon.
+     *
+     * @param \Pterodactyl\Http\Requests\API\Remote\SftpAuthenticationFormRequest $request
+     * @return \Illuminate\Http\JsonResponse
+     *
+     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
+     */
+    public function index(SftpAuthenticationFormRequest $request): JsonResponse
+    {
+        $connection = explode('.', $request->input('username'));
+        $this->incrementLoginAttempts($request);
+
+        if ($this->hasTooManyLoginAttempts($request)) {
+            return response()->json([
+                'error' => 'Logins throttled.',
+            ], 429);
+        }
+
+        try {
+            $data = $this->authenticationService->handle(
+                array_get($connection, 0),
+                $request->input('password'),
+                object_get($request->attributes->get('node'), 'id', 0),
+                array_get($connection, 1)
+            );
+
+            $this->clearLoginAttempts($request);
+        } catch (AuthenticationException $exception) {
+            return response()->json([
+                'error' => 'Invalid credentials.',
+            ], 403);
+        } catch (RecordNotFoundException $exception) {
+            return response()->json([
+                'error' => 'Invalid server.',
+            ], 404);
+        }
+
+        return response()->json($data);
+    }
+
+    /**
+     * Get the throttle key for the given request.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @return string
+     */
+    protected function throttleKey(Request $request)
+    {
+        return strtolower(array_get(explode('.', $request->input('username')), 0) . '|' . $request->ip());
+    }
+}