mirror of
https://github.com/pterodactyl/panel.git
synced 2024-11-22 00:52:43 +01:00
parent
b7b2413f3d
commit
7bfc265a7e
@ -42,15 +42,22 @@ class BackupRemoteUploadController extends Controller
|
|||||||
throw new BadRequestHttpException('A non-empty "size" query parameter must be provided.');
|
throw new BadRequestHttpException('A non-empty "size" query parameter must be provided.');
|
||||||
}
|
}
|
||||||
|
|
||||||
/** @var \Pterodactyl\Models\Backup $backup */
|
/** @var \Pterodactyl\Models\Backup $model */
|
||||||
$backup = Backup::query()
|
$model = Backup::query()
|
||||||
->where('node_id', $node->id)
|
|
||||||
->where('uuid', $backup)
|
->where('uuid', $backup)
|
||||||
->firstOrFail();
|
->firstOrFail();
|
||||||
|
|
||||||
|
// Check that the backup is "owned" by the node making the request. This avoids other nodes
|
||||||
|
// from messing with backups that they don't own.
|
||||||
|
/** @var \Pterodactyl\Models\Server $server */
|
||||||
|
$server = $model->server;
|
||||||
|
if ($server->node_id !== $node->id) {
|
||||||
|
throw new HttpForbiddenException('You do not have permission to access that backup.');
|
||||||
|
}
|
||||||
|
|
||||||
// Prevent backups that have already been completed from trying to
|
// Prevent backups that have already been completed from trying to
|
||||||
// be uploaded again.
|
// be uploaded again.
|
||||||
if (!is_null($backup->completed_at)) {
|
if (!is_null($model->completed_at)) {
|
||||||
throw new ConflictHttpException('This backup is already in a completed state.');
|
throw new ConflictHttpException('This backup is already in a completed state.');
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -61,7 +68,7 @@ class BackupRemoteUploadController extends Controller
|
|||||||
}
|
}
|
||||||
|
|
||||||
// The path where backup will be uploaded to
|
// The path where backup will be uploaded to
|
||||||
$path = sprintf('%s/%s.tar.gz', $backup->server->uuid, $backup->uuid);
|
$path = sprintf('%s/%s.tar.gz', $model->server->uuid, $model->uuid);
|
||||||
|
|
||||||
// Get the S3 client
|
// Get the S3 client
|
||||||
$client = $adapter->getClient();
|
$client = $adapter->getClient();
|
||||||
@ -99,7 +106,7 @@ class BackupRemoteUploadController extends Controller
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Set the upload_id on the backup in the database.
|
// Set the upload_id on the backup in the database.
|
||||||
$backup->update(['upload_id' => $params['UploadId']]);
|
$model->update(['upload_id' => $params['UploadId']]);
|
||||||
|
|
||||||
return new JsonResponse([
|
return new JsonResponse([
|
||||||
'parts' => $parts,
|
'parts' => $parts,
|
||||||
|
@ -36,10 +36,17 @@ class BackupStatusController extends Controller
|
|||||||
|
|
||||||
/** @var \Pterodactyl\Models\Backup $model */
|
/** @var \Pterodactyl\Models\Backup $model */
|
||||||
$model = Backup::query()
|
$model = Backup::query()
|
||||||
->where('node_id', $node->id)
|
|
||||||
->where('uuid', $backup)
|
->where('uuid', $backup)
|
||||||
->firstOrFail();
|
->firstOrFail();
|
||||||
|
|
||||||
|
// Check that the backup is "owned" by the node making the request. This avoids other nodes
|
||||||
|
// from messing with backups that they don't own.
|
||||||
|
/** @var \Pterodactyl\Models\Server $server */
|
||||||
|
$server = $model->server;
|
||||||
|
if ($server->node_id !== $node->id) {
|
||||||
|
throw new HttpForbiddenException('You do not have permission to access that backup.');
|
||||||
|
}
|
||||||
|
|
||||||
if ($model->is_successful) {
|
if ($model->is_successful) {
|
||||||
throw new BadRequestHttpException('Cannot update the status of a backup that is already marked as completed.');
|
throw new BadRequestHttpException('Cannot update the status of a backup that is already marked as completed.');
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user