mirror of
https://github.com/pterodactyl/panel.git
synced 2024-11-22 00:52:43 +01:00
api(remote): ensure requesting node is checked
This commit is contained in:
parent
1172d71d31
commit
319ca683f8
@ -32,6 +32,10 @@ class BackupRemoteUploadController extends Controller
|
||||
*/
|
||||
public function __invoke(Request $request, string $backup): JsonResponse
|
||||
{
|
||||
// Get the node associated with the request.
|
||||
/** @var \Pterodactyl\Models\Node $node */
|
||||
$node = $request->attributes->get('node');
|
||||
|
||||
// Get the size query parameter.
|
||||
$size = (int) $request->query('size');
|
||||
if (empty($size)) {
|
||||
@ -39,7 +43,10 @@ class BackupRemoteUploadController extends Controller
|
||||
}
|
||||
|
||||
/** @var \Pterodactyl\Models\Backup $backup */
|
||||
$backup = Backup::query()->where('uuid', $backup)->firstOrFail();
|
||||
$backup = Backup::query()
|
||||
->where('node_id', $node->id)
|
||||
->where('uuid', $backup)
|
||||
->firstOrFail();
|
||||
|
||||
// Prevent backups that have already been completed from trying to
|
||||
// be uploaded again.
|
||||
|
@ -30,8 +30,15 @@ class BackupStatusController extends Controller
|
||||
*/
|
||||
public function index(ReportBackupCompleteRequest $request, string $backup): JsonResponse
|
||||
{
|
||||
/** @var \Pterodactyl\Models\Backup $model */
|
||||
$model = Backup::query()->where('uuid', $backup)->firstOrFail();
|
||||
// Get the node associated with the request.
|
||||
/** @var \Pterodactyl\Models\Node $node */
|
||||
$node = $request->attributes->get('node');
|
||||
|
||||
/** @var \Pterodactyl\Models\Backup $backup */
|
||||
$backup = Backup::query()
|
||||
->where('node_id', $node->id)
|
||||
->where('uuid', $backup)
|
||||
->firstOrFail();
|
||||
|
||||
if ($model->is_successful) {
|
||||
throw new BadRequestHttpException('Cannot update the status of a backup that is already marked as completed.');
|
||||
|
Loading…
Reference in New Issue
Block a user