add ability to generate a token to retrieve the config for a specific node

schrej · schrej · commit e1e159b7de87 · 2017-01-07T18:10:11.000+01:00
diff --git a/app/Http/Controllers/Admin/NodesController.php b/app/Http/Controllers/Admin/NodesController.php
@@ -28,6 +28,7 @@
 use Log;
 use Alert;
 use Validator;
+use Carbon\Carbon;
 use Pterodactyl\Models;
 use Illuminate\Http\Request;
 use Pterodactyl\Exceptions\DisplayException;
@@ -276,4 +277,24 @@ public function deleteNode(Request $request, $id)
             'tab' => 'tab_delete',
         ]);
     }
+
+    public function getConfigurationToken(Request $request, $id) {
+        // Check if Node exists. Will lead to 404 if not.
+        Models\Node::findOrFail($id);
+
+        // Create a token
+        $token = new Models\NodeConfigurationToken();
+        $token->node = $id;
+        $token->token = str_random(32);
+        $token->expires_at = Carbon::now()->addMinutes(5); // Expire in 5 Minutes
+        $token->save();
+
+        $token_response = array(
+            'token' => $token->token,
+            'expires_at' => $token->expires_at->toDateTimeString()
+        );
+
+        return response(json_encode($token_response), 200)
+            ->header('Content-Type', 'application/json');
+    }
 }
diff --git a/app/Http/Controllers/Remote/RemoteController.php b/app/Http/Controllers/Remote/RemoteController.php
@@ -24,10 +24,12 @@
 
 namespace Pterodactyl\Http\Controllers\Remote;
 
+use Carbon\Carbon;
 use Pterodactyl\Models;
 use Illuminate\Http\Request;
 use Pterodactyl\Http\Controllers\Controller;
 use Pterodactyl\Services\NotificationService;
+use Pterodactyl\Models\NodeConfigurationToken;
 
 class RemoteController extends Controller
 {
@@ -107,4 +109,28 @@ public function event(Request $request)
 
         return response('', 201);
     }
+
+    public function getConfiguration(Request $request, $tokenString) {
+        // Try to query the token and the node from the database
+        try {
+            $token = Models\NodeConfigurationToken::where('token', $tokenString)->firstOrFail();
+            $node = Models\Node::findOrFail($token->node);
+        } catch(\Illuminate\Database\Eloquent\ModelNotFoundException $e) {
+            return response(json_encode(array('error' => 'token_invalid')), 403)
+                ->header('Content-Type', 'application/json');
+        }
+
+        // Check if token is expired
+        if ($token->expires_at->lt(Carbon::now())) {
+            $token->delete();
+            return response(json_encode(array('error' => 'token_expired')), 403)
+                ->header('Content-Type', 'application/json');
+        }
+
+        // Delete the token, it's one-time use
+        $token->delete();
+
+        return response($node->getConfigurationAsJson(), 200)
+            ->header('Content-Type', 'application/json');
+    }
 }
diff --git a/app/Http/Routes/AdminRoutes.php b/app/Http/Routes/AdminRoutes.php
@@ -286,6 +286,11 @@ public function map(Router $router)
                 'as' => 'admin.nodes.delete',
                 'uses' => 'Admin\NodesController@deleteNode',
             ]);
+
+            $router->get('/{id}/configurationtoken', [
+                'as' => 'admin.nodes.configurationtoken',
+                'uses' => 'Admin\NodesController@getConfigurationToken',
+            ]);
         });
 
         // Location Routes
diff --git a/app/Http/Routes/RemoteRoutes.php b/app/Http/Routes/RemoteRoutes.php
@@ -46,6 +46,11 @@ public function map(Router $router)
                 'as' => 'remote.event',
                 'uses' => 'Remote\RemoteController@event',
             ]);
+
+            $router->get('configuration/{token}', [
+                'as' => 'remote.configuration',
+                'uses' => 'Remote\RemoteController@getConfiguration',
+            ]);
         });
     }
 }
diff --git a/app/Models/NodeConfigurationToken.php b/app/Models/NodeConfigurationToken.php
@@ -0,0 +1,51 @@
+<?php
+/**
+ * Pterodactyl - Panel
+ * Copyright (c) 2015 - 2016 Dane Everitt <dane@daneeveritt.com>.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+namespace Pterodactyl\Models;
+
+use Illuminate\Database\Eloquent\Model;
+
+class NodeConfigurationToken extends Model
+{
+    /**
+     * The table associated with the model.
+     *
+     * @var string
+     */
+    protected $table = 'node_configuration_tokens';
+
+    /**
+     * Fields that are not mass assignable.
+     *
+     * @var array
+     */
+    protected $guarded = ['id', 'created_at', 'updated_at'];
+
+    /**
+     * The attributes that should be mutated to dates.
+     *
+     * @var array
+     */
+    protected $dates = ['created_at', 'updated_at', 'expires_at'];
+}
diff --git a/app/Repositories/NodeRepository.php b/app/Repositories/NodeRepository.php
@@ -282,6 +282,9 @@ public function delete($id)
             // Delete Allocations
             Models\Allocation::where('node', $node->id)->delete();
 
+            // Delete configure tokens
+            Models\NodeConfigureToken::where('node', $node->id)->delete();
+
             // Delete Node
             $node->delete();
 
diff --git a/database/migrations/2017_01_07_154228_create_node_configuration_tokens_table.php b/database/migrations/2017_01_07_154228_create_node_configuration_tokens_table.php
@@ -0,0 +1,36 @@
+<?php
+
+use Illuminate\Support\Facades\Schema;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+
+class CreateNodeConfigurationTokensTable extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::create('node_configuration_tokens', function (Blueprint $table) {
+            $table->increments('id');
+            $table->char('token', 32);
+            $table->timestamp('expires_at');
+            $table->integer('node')->unsigned();
+            $table->foreign('node')
+                ->references('id')->on('nodes');
+            $table->timestamps();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::dropIfExists('node_configuration_tokens');
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -46,6 +46,11 @@ public function map(Router $router)`
`46`	`46`	`'as' => 'remote.event',`
`47`	`47`	`'uses' => 'Remote\RemoteController@event',`
`48`	`48`	`]);`
	`49`	`+`
	`50`	`+ $router->get('configuration/{token}', [`
	`51`	`+ 'as' => 'remote.configuration',`
	`52`	`+ 'uses' => 'Remote\RemoteController@getConfiguration',`
	`53`	`+ ]);`
`49`	`54`	`});`
`50`	`55`	`}`
`51`	`56`	`}`