1
1
mirror of https://github.com/pterodactyl/panel.git synced 2024-11-25 02:22:36 +01:00

api(remote): ensure requesting node is checked

This commit is contained in:
Matthew Penner 2024-04-10 17:38:09 -06:00
parent 1172d71d31
commit 319ca683f8
No known key found for this signature in database
2 changed files with 17 additions and 3 deletions

View File

@ -32,6 +32,10 @@ class BackupRemoteUploadController extends Controller
*/
public function __invoke(Request $request, string $backup): JsonResponse
{
// Get the node associated with the request.
/** @var \Pterodactyl\Models\Node $node */
$node = $request->attributes->get('node');
// Get the size query parameter.
$size = (int) $request->query('size');
if (empty($size)) {
@ -39,7 +43,10 @@ class BackupRemoteUploadController extends Controller
}
/** @var \Pterodactyl\Models\Backup $backup */
$backup = Backup::query()->where('uuid', $backup)->firstOrFail();
$backup = Backup::query()
->where('node_id', $node->id)
->where('uuid', $backup)
->firstOrFail();
// Prevent backups that have already been completed from trying to
// be uploaded again.

View File

@ -30,8 +30,15 @@ class BackupStatusController extends Controller
*/
public function index(ReportBackupCompleteRequest $request, string $backup): JsonResponse
{
/** @var \Pterodactyl\Models\Backup $model */
$model = Backup::query()->where('uuid', $backup)->firstOrFail();
// Get the node associated with the request.
/** @var \Pterodactyl\Models\Node $node */
$node = $request->attributes->get('node');
/** @var \Pterodactyl\Models\Backup $backup */
$backup = Backup::query()
->where('node_id', $node->id)
->where('uuid', $backup)
->firstOrFail();
if ($model->is_successful) {
throw new BadRequestHttpException('Cannot update the status of a backup that is already marked as completed.');