Skip to content

Commit

Permalink
api(remote): ensure requesting node is checked
Browse files Browse the repository at this point in the history
  • Loading branch information
@matthewpi
matthewpi committed Apr 10, 2024
1 parent 1172d71 commit 319ca68
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 3 deletions.
9 changes: 8 additions & 1 deletion app/Http/Controllers/Api/Remote/Backups/BackupRemoteUploadController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,14 +32,21 @@ public function __construct(private BackupManager $backupManager)
*/
public function __invoke(Request $request, string $backup): JsonResponse
{
// Get the node associated with the request.
/** @var \Pterodactyl\Models\Node $node */
$node = $request->attributes->get('node');

// Get the size query parameter.
$size = (int) $request->query('size');
if (empty($size)) {
throw new BadRequestHttpException('A non-empty "size" query parameter must be provided.');
}

/** @var \Pterodactyl\Models\Backup $backup */
$backup = Backup::query()->where('uuid', $backup)->firstOrFail();
$backup = Backup::query()
->where('node_id', $node->id)
->where('uuid', $backup)
->firstOrFail();

// Prevent backups that have already been completed from trying to
// be uploaded again.
Expand Down
11 changes: 9 additions & 2 deletions app/Http/Controllers/Api/Remote/Backups/BackupStatusController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,15 @@ public function __construct(private BackupManager $backupManager)
*/
public function index(ReportBackupCompleteRequest $request, string $backup): JsonResponse
{
/** @var \Pterodactyl\Models\Backup $model */
$model = Backup::query()->where('uuid', $backup)->firstOrFail();
// Get the node associated with the request.
/** @var \Pterodactyl\Models\Node $node */
$node = $request->attributes->get('node');

/** @var \Pterodactyl\Models\Backup $backup */
$backup = Backup::query()
->where('node_id', $node->id)
->where('uuid', $backup)
->firstOrFail();

if ($model->is_successful) {
throw new BadRequestHttpException('Cannot update the status of a backup that is already marked as completed.');
Expand Down

0 comments on commit 319ca68

Please sign in to comment.