Add database password rotation to view

2024-11-22 17:12:30 +01:00 · 2019-07-27 15:17:50 -07:00 · 2019-07-27 15:17:50 -07:00 · 48c39abfcb
commit 48c39abfcb
parent f6ee885f26
11 changed files with 178 additions and 6 deletions
--- a/app/Http/Controllers/Api/Client/Servers/DatabaseController.php
+++ b/app/Http/Controllers/Api/Client/Servers/DatabaseController.php
@ -2,9 +2,11 @@

 namespace Pterodactyl\Http\Controllers\Api\Client\Servers;

+use Illuminate\Support\Str;
 use Illuminate\Http\Response;
 use Pterodactyl\Models\Server;
 use Pterodactyl\Models\Database;
+use Pterodactyl\Services\Databases\DatabasePasswordService;
 use Pterodactyl\Transformers\Api\Client\DatabaseTransformer;
 use Pterodactyl\Services\Databases\DatabaseManagementService;
 use Pterodactyl\Services\Databases\DeployServerDatabaseService;
@ -13,6 +15,7 @@ use Pterodactyl\Contracts\Repository\DatabaseRepositoryInterface;
 use Pterodactyl\Http\Requests\Api\Client\Servers\Databases\GetDatabasesRequest;
 use Pterodactyl\Http\Requests\Api\Client\Servers\Databases\StoreDatabaseRequest;
 use Pterodactyl\Http\Requests\Api\Client\Servers\Databases\DeleteDatabaseRequest;
+use Pterodactyl\Http\Requests\Api\Client\Servers\Databases\RotatePasswordRequest;

 class DatabaseController extends ClientApiController
 {
@ -31,15 +34,22 @@ class DatabaseController extends ClientApiController
     */
    private $managementService;

+    /**
+     * @var \Pterodactyl\Services\Databases\DatabasePasswordService
+     */
+    private $passwordService;
+
    /**
     * DatabaseController constructor.
     *
     * @param \Pterodactyl\Services\Databases\DatabaseManagementService     $managementService
+     * @param \Pterodactyl\Services\Databases\DatabasePasswordService       $passwordService
     * @param \Pterodactyl\Contracts\Repository\DatabaseRepositoryInterface $repository
     * @param \Pterodactyl\Services\Databases\DeployServerDatabaseService   $deployDatabaseService
     */
    public function __construct(
        DatabaseManagementService $managementService,
+        DatabasePasswordService $passwordService,
        DatabaseRepositoryInterface $repository,
        DeployServerDatabaseService $deployDatabaseService
    ) {
@ -48,6 +58,7 @@ class DatabaseController extends ClientApiController
        $this->deployDatabaseService = $deployDatabaseService;
        $this->repository = $repository;
        $this->managementService = $managementService;
+        $this->passwordService = $passwordService;
    }

    /**
@ -81,6 +92,30 @@ class DatabaseController extends ClientApiController
            ->toArray();
    }

+    /**
+     * Rotates the password for the given server model and returns a fresh instance to
+     * the caller.
+     *
+     * @param \Pterodactyl\Http\Requests\Api\Client\Servers\Databases\RotatePasswordRequest $request
+     * @return array
+     *
+     * @throws \Pterodactyl\Exceptions\Model\DataValidationException
+     * @throws \Pterodactyl\Exceptions\Repository\RecordNotFoundException
+     */
+    public function rotatePassword(RotatePasswordRequest $request)
+    {
+        $database = $request->getModel(Database::class);
+
+        $this->passwordService->handle($database, Str::random(24));
+
+        $database->refresh();
+
+        return $this->fractal->item($database)
+            ->parseIncludes(['password'])
+            ->transformWith($this->getTransformer(DatabaseTransformer::class))
+            ->toArray();
+    }
+
    /**
     * @param \Pterodactyl\Http\Requests\Api\Client\Servers\Databases\DeleteDatabaseRequest $request
     * @return \Illuminate\Http\Response
--- a/app/Http/Requests/Api/Client/ClientApiRequest.php
+++ b/app/Http/Requests/Api/Client/ClientApiRequest.php
@ -6,6 +6,9 @@ use Pterodactyl\Models\Server;
 use Pterodactyl\Contracts\Http\ClientPermissionsRequest;
 use Pterodactyl\Http\Requests\Api\Application\ApplicationApiRequest;

+/**
+ * @method \Pterodactyl\Models\User user($guard = null)
+ */
 abstract class ClientApiRequest extends ApplicationApiRequest
 {
    /**
--- a/app/Http/Requests/Api/Client/Servers/Databases/RotatePasswordRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Databases/RotatePasswordRequest.php
@ -0,0 +1,19 @@
+<?php
+
+namespace Pterodactyl\Http\Requests\Api\Client\Servers\Databases;
+
+use Pterodactyl\Models\Server;
+use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
+
+class RotatePasswordRequest extends ClientApiRequest
+{
+    /**
+     * Check that the user has permission to rotate the password.
+     *
+     * @return bool
+     */
+    public function authorize(): bool
+    {
+        return $this->user()->can('reset-db-password', $this->getModel(Server::class));
+    }
+}
--- a/app/Services/Databases/DatabasePasswordService.php
+++ b/app/Services/Databases/DatabasePasswordService.php
@ -2,6 +2,7 @@

 namespace Pterodactyl\Services\Databases;

+use Webmozart\Assert\Assert;
 use Pterodactyl\Models\Database;
 use Illuminate\Database\ConnectionInterface;
 use Illuminate\Contracts\Encryption\Encrypter;
@ -63,6 +64,8 @@ class DatabasePasswordService
    public function handle($database, string $password): bool
    {
        if (! $database instanceof Database) {
+            Assert::integerish($database);
+
            $database = $this->repository->find($database);
        }

--- a/resources/scripts/api/server/rotateDatabasePassword.ts
+++ b/resources/scripts/api/server/rotateDatabasePassword.ts
@ -0,0 +1,10 @@
+import { rawDataToServerDatabase, ServerDatabase } from '@/api/server/getServerDatabases';
+import http from '@/api/http';
+
+export default (uuid: string, database: string): Promise<ServerDatabase> => {
+    return new Promise((resolve, reject) => {
+        http.post(`/api/client/servers/${uuid}/databases/${database}/rotate-password`)
+            .then((response) => resolve(rawDataToServerDatabase(response.data.attributes)))
+            .catch(reject);
+    });
+};
--- a/resources/scripts/components/elements/Button.tsx
+++ b/resources/scripts/components/elements/Button.tsx
@ -0,0 +1,20 @@
+import React from 'react';
+import classNames from 'classnames';
+
+type Props = { isLoading?: boolean } & React.DetailedHTMLProps<React.ButtonHTMLAttributes<HTMLButtonElement>, HTMLButtonElement>;
+
+export default ({ isLoading, children, className, ...props }: Props) => (
+    <button
+        {...props}
+        className={classNames('btn btn-sm relative', className)}
+    >
+        {isLoading &&
+        <div className={'w-full flex absolute justify-center'} style={{ marginLeft: '-0.75rem' }}>
+            <div className={'spinner-circle spinner-white spinner-sm'}/>
+        </div>
+        }
+        <span className={isLoading ? 'text-transparent' : undefined}>
+            {children}
+        </span>
+    </button>
+);
--- a/resources/scripts/components/server/databases/DatabaseRow.tsx
+++ b/resources/scripts/components/server/databases/DatabaseRow.tsx
@ -15,19 +15,26 @@ import { ApplicationStore } from '@/state';
 import { ServerContext } from '@/state/server';
 import deleteServerDatabase from '@/api/server/deleteServerDatabase';
 import { httpErrorToHuman } from '@/api/http';
+import RotatePasswordButton from '@/components/server/databases/RotatePasswordButton';

 interface Props {
-    database: ServerDatabase;
+    databaseId: string | number;
    className?: string;
    onDelete: () => void;
 }

-export default ({ database, className, onDelete }: Props) => {
+export default ({ databaseId, className, onDelete }: Props) => {
    const [visible, setVisible] = useState(false);
+    const database = ServerContext.useStoreState(state => state.databases.items.find(item => item.id === databaseId));
+    const appendDatabase = ServerContext.useStoreActions(actions => actions.databases.appendDatabase);
    const [connectionVisible, setConnectionVisible] = useState(false);
    const { addFlash, clearFlashes } = useStoreActions((actions: Actions<ApplicationStore>) => actions.flashes);
    const server = ServerContext.useStoreState(state => state.server.data!);

+    if (!database) {
+        return null;
+    }
+
    const schema = object().shape({
        confirm: string()
            .required('The database name must be provided.')
@ -104,6 +111,7 @@ export default ({ database, className, onDelete }: Props) => {
                }
            </Formik>
            <Modal visible={connectionVisible} onDismissed={() => setConnectionVisible(false)}>
+                <FlashMessageRender byKey={'database-connection-modal'} className={'mb-6'}/>
                <h3 className={'mb-6'}>Database connection details</h3>
                <div>
                    <label className={'input-dark-label'}>Password</label>
@ -119,6 +127,7 @@ export default ({ database, className, onDelete }: Props) => {
                    />
                </div>
                <div className={'mt-6 text-right'}>
+                    <RotatePasswordButton databaseId={database.id} onUpdate={appendDatabase}/>
                    <button className={'btn btn-sm btn-secondary'} onClick={() => setConnectionVisible(false)}>
                        Close
                    </button>
--- a/resources/scripts/components/server/databases/DatabasesContainer.tsx
+++ b/resources/scripts/components/server/databases/DatabasesContainer.tsx
@ -12,12 +12,15 @@ import CreateDatabaseButton from '@/components/server/databases/CreateDatabaseBu

 export default () => {
    const [ loading, setLoading ] = useState(true);
-    const [ databases, setDatabases ] = useState<ServerDatabase[]>([]);
    const server = ServerContext.useStoreState(state => state.server.data!);
+    const databases = ServerContext.useStoreState(state => state.databases.items);
+    const { setDatabases, appendDatabase, removeDatabase } = ServerContext.useStoreActions(state => state.databases);
    const { addFlash, clearFlashes } = useStoreActions((actions: Actions<ApplicationStore>) => actions.flashes);

    useEffect(() => {
+        setLoading(!databases.length);
        clearFlashes('databases');
+
        getServerDatabases(server.uuid)
            .then(databases => {
                setDatabases(databases);
@ -43,8 +46,8 @@ export default () => {
                            databases.map((database, index) => (
                                <DatabaseRow
                                    key={database.id}
-                                    database={database}
-                                    onDelete={() => setDatabases(s => [ ...s.filter(d => d.id !== database.id) ])}
+                                    databaseId={database.id}
+                                    onDelete={() => removeDatabase(database)}
                                    className={index > 0 ? 'mt-1' : undefined}
                                />
                            ))
@ -54,7 +57,7 @@ export default () => {
                            </p>
                        }
                        <div className={'mt-6 flex justify-end'}>
-                            <CreateDatabaseButton onCreated={database => setDatabases(s => [ ...s, database ])}/>
+                            <CreateDatabaseButton onCreated={appendDatabase}/>
                        </div>
                    </React.Fragment>
                </CSSTransition>
--- a/resources/scripts/components/server/databases/RotatePasswordButton.tsx
+++ b/resources/scripts/components/server/databases/RotatePasswordButton.tsx
@ -0,0 +1,45 @@
+import React, { useState } from 'react';
+import rotateDatabasePassword from '@/api/server/rotateDatabasePassword';
+import { Actions, useStoreActions } from 'easy-peasy';
+import { ApplicationStore } from '@/state';
+import { ServerContext } from '@/state/server';
+import { ServerDatabase } from '@/api/server/getServerDatabases';
+import { httpErrorToHuman } from '@/api/http';
+import Button from '@/components/elements/Button';
+
+export default ({ databaseId, onUpdate }: {
+    databaseId: string;
+    onUpdate: (database: ServerDatabase) => void;
+}) => {
+    const [ loading, setLoading ] = useState(false);
+    const { addFlash, clearFlashes } = useStoreActions((actions: Actions<ApplicationStore>) => actions.flashes);
+    const server = ServerContext.useStoreState(state => state.server.data!);
+
+    if (!databaseId) {
+        return null;
+    }
+
+    const rotate = () => {
+        setLoading(true);
+        clearFlashes();
+
+        rotateDatabasePassword(server.uuid, databaseId)
+            .then(database => onUpdate(database))
+            .catch(error => {
+                console.error(error);
+                addFlash({
+                    type: 'error',
+                    title: 'Error',
+                    message: httpErrorToHuman(error),
+                    key: 'database-connection-modal',
+                });
+            })
+            .then(() => setLoading(false));
+    };
+
+    return (
+        <Button className={'btn-secondary mr-2'} onClick={rotate} isLoading={loading}>
+            Rotate Password
+        </Button>
+    );
+};
--- a/resources/scripts/state/server/index.ts
+++ b/resources/scripts/state/server/index.ts
@ -1,6 +1,7 @@
 import getServer, { Server } from '@/api/server/getServer';
 import { action, Action, createContextStore, thunk, Thunk } from 'easy-peasy';
 import socket, { SocketStore } from './socket';
+import { ServerDatabase } from '@/api/server/getServerDatabases';

 export type ServerStatus = 'offline' | 'starting' | 'stopping' | 'running';

@ -32,8 +33,29 @@ const status: ServerStatusStore = {
    }),
 };

+interface ServerDatabaseStore {
+    items: ServerDatabase[];
+    setDatabases: Action<ServerDatabaseStore, ServerDatabase[]>;
+    appendDatabase: Action<ServerDatabaseStore, ServerDatabase>;
+    removeDatabase: Action<ServerDatabaseStore, ServerDatabase>;
+}
+
+const databases: ServerDatabaseStore = {
+    items: [],
+    setDatabases: action((state, payload) => {
+        state.items = payload;
+    }),
+    appendDatabase: action((state, payload) => {
+        state.items = state.items.filter(item => item.id !== payload.id).concat(payload);
+    }),
+    removeDatabase: action((state, payload) => {
+       state.items = state.items.filter(item => item.id !== payload.id);
+    }),
+};
+
 export interface ServerStore {
    server: ServerDataStore;
+    databases: ServerDatabaseStore;
    socket: SocketStore;
    status: ServerStatusStore;
    clearServerState: Action<ServerStore>;
@ -43,8 +65,10 @@ export const ServerContext = createContextStore<ServerStore>({
    server,
    socket,
    status,
+    databases,
    clearServerState: action(state => {
        state.server.data = undefined;
+        state.databases.items = [];

        if (state.socket.instance) {
            state.socket.instance.removeAllListeners();
--- a/routes/api-client.php
+++ b/routes/api-client.php
@ -38,6 +38,7 @@ Route::group(['prefix' => '/servers/{server}', 'middleware' => [AuthenticateServ
    Route::group(['prefix' => '/databases'], function () {
        Route::get('/', 'Servers\DatabaseController@index')->name('api.client.servers.databases');
        Route::post('/', 'Servers\DatabaseController@store');
+        Route::post('/{database}/rotate-password', 'Servers\DatabaseController@rotatePassword');
        Route::delete('/{database}', 'Servers\DatabaseController@delete')->name('api.client.servers.databases.delete');
    });