diff --git a/app/Http/Controllers/Api/Client/Servers/DownloadBackupController.php b/app/Http/Controllers/Api/Client/Servers/DownloadBackupController.php index 4c8b16a2..0bb506d8 100644 --- a/app/Http/Controllers/Api/Client/Servers/DownloadBackupController.php +++ b/app/Http/Controllers/Api/Client/Servers/DownloadBackupController.php @@ -128,7 +128,7 @@ class DownloadBackupController extends ClientApiController protected function getLocalBackupUrl(Backup $backup, Server $server, User $user) { $token = $this->jwtService - ->setExpiresAt(CarbonImmutable::now()->addMinutes(15)) + ->setExpiresAt(CarbonImmutable::now()->addMinutes(15)->toDateTimeImmutable()) ->setClaims([ 'backup_uuid' => $backup->uuid, 'server_uuid' => $server->uuid, @@ -138,7 +138,7 @@ class DownloadBackupController extends ClientApiController return sprintf( '%s/download/backup?token=%s', $server->node->getConnectionAddress(), - $token->__toString() + $token->toString() ); } } diff --git a/app/Http/Controllers/Api/Client/Servers/FileController.php b/app/Http/Controllers/Api/Client/Servers/FileController.php index 317115b2..b3bf6918 100644 --- a/app/Http/Controllers/Api/Client/Servers/FileController.php +++ b/app/Http/Controllers/Api/Client/Servers/FileController.php @@ -6,7 +6,6 @@ use Carbon\CarbonImmutable; use Illuminate\Http\Response; use Pterodactyl\Models\Server; use Illuminate\Http\JsonResponse; -use Illuminate\Support\Collection; use Pterodactyl\Services\Nodes\NodeJWTService; use Illuminate\Contracts\Routing\ResponseFactory; use Pterodactyl\Repositories\Wings\DaemonFileRepository; @@ -114,7 +113,7 @@ class FileController extends ClientApiController public function download(GetFileContentsRequest $request, Server $server) { $token = $this->jwtService - ->setExpiresAt(CarbonImmutable::now()->addMinutes(15)) + ->setExpiresAt(CarbonImmutable::now()->addMinutes(15)->toDateTimeImmutable()) ->setClaims([ 'file_path' => rawurldecode($request->get('file')), 'server_uuid' => $server->uuid, @@ -127,7 +126,7 @@ class FileController extends ClientApiController 'url' => sprintf( '%s/download/file?token=%s', $server->node->getConnectionAddress(), - $token->__toString() + $token->toString() ), ], ]; diff --git a/app/Http/Controllers/Api/Client/Servers/FileUploadController.php b/app/Http/Controllers/Api/Client/Servers/FileUploadController.php index e8f5ad08..bcaec9ba 100644 --- a/app/Http/Controllers/Api/Client/Servers/FileUploadController.php +++ b/app/Http/Controllers/Api/Client/Servers/FileUploadController.php @@ -58,7 +58,7 @@ class FileUploadController extends ClientApiController protected function getUploadUrl(Server $server, User $user) { $token = $this->jwtService - ->setExpiresAt(CarbonImmutable::now()->addMinutes(15)) + ->setExpiresAt(CarbonImmutable::now()->addMinutes(15)->toDateTimeImmutable()) ->setClaims([ 'server_uuid' => $server->uuid, ]) @@ -67,7 +67,7 @@ class FileUploadController extends ClientApiController return sprintf( '%s/upload/file?token=%s', $server->node->getConnectionAddress(), - $token->__toString() + $token->toString() ); } } diff --git a/app/Http/Controllers/Api/Client/Servers/WebsocketController.php b/app/Http/Controllers/Api/Client/Servers/WebsocketController.php index 1de41b08..9003463b 100644 --- a/app/Http/Controllers/Api/Client/Servers/WebsocketController.php +++ b/app/Http/Controllers/Api/Client/Servers/WebsocketController.php @@ -73,7 +73,7 @@ class WebsocketController extends ClientApiController } $token = $this->jwtService - ->setExpiresAt(CarbonImmutable::now()->addMinutes(10)) + ->setExpiresAt(CarbonImmutable::now()->addMinutes(10)->toDateTimeImmutable()) ->setClaims([ 'user_id' => $request->user()->id, 'server_uuid' => $server->uuid, @@ -85,7 +85,7 @@ class WebsocketController extends ClientApiController return new JsonResponse([ 'data' => [ - 'token' => $token->__toString(), + 'token' => $token->toString(), 'socket' => $socket . sprintf('/api/servers/%s/ws', $server->uuid), ], ]); diff --git a/app/Http/Controllers/Api/Remote/Servers/ServerTransferController.php b/app/Http/Controllers/Api/Remote/Servers/ServerTransferController.php index cc097a63..a68d7afe 100644 --- a/app/Http/Controllers/Api/Remote/Servers/ServerTransferController.php +++ b/app/Http/Controllers/Api/Remote/Servers/ServerTransferController.php @@ -2,8 +2,8 @@ namespace Pterodactyl\Http\Controllers\Api\Remote\Servers; -use Cake\Chronos\Chronos; use Illuminate\Support\Arr; +use Carbon\CarbonImmutable; use Illuminate\Http\Request; use Illuminate\Http\Response; use Illuminate\Http\JsonResponse; @@ -110,11 +110,11 @@ class ServerTransferController extends Controller Arr::set($data, 'suspended', false); $this->connection->transaction(function () use ($data, $server) { - // This token is used by the new node the server is being transfered to. It allows + // This token is used by the new node the server is being transferred to. It allows // that node to communicate with the old node during the process to initiate the // actual file transfer. $token = $this->jwtService - ->setExpiresAt(Chronos::now()->addMinutes(15)) + ->setExpiresAt(CarbonImmutable::now()->addMinutes(15)->toDateTimeImmutable()) ->setSubject($server->uuid) ->handle($server->node, $server->uuid, 'sha256'); @@ -128,7 +128,7 @@ class ServerTransferController extends Controller $this->daemonTransferRepository ->setServer($server) ->setNode($server->transfer->newNode) - ->notify($server, $data, $server->node, $token->__toString()); + ->notify($server, $data, $server->node, $token->toString()); }); return new JsonResponse([], Response::HTTP_NO_CONTENT); diff --git a/app/Services/Nodes/NodeJWTService.php b/app/Services/Nodes/NodeJWTService.php index 7c359efe..dbbf8a82 100644 --- a/app/Services/Nodes/NodeJWTService.php +++ b/app/Services/Nodes/NodeJWTService.php @@ -2,7 +2,7 @@ namespace Pterodactyl\Services\Nodes; -use DateTimeInterface; +use DateTimeImmutable; use Lcobucci\JWT\Builder; use Carbon\CarbonImmutable; use Illuminate\Support\Str; @@ -18,7 +18,7 @@ class NodeJWTService private $claims = []; /** - * @var int|null + * @var \DateTimeImmutable|null */ private $expiresAt; @@ -41,12 +41,12 @@ class NodeJWTService } /** - * @param \DateTimeInterface $date + * @param \DateTimeImmutable $date * @return $this */ - public function setExpiresAt(DateTimeInterface $date) + public function setExpiresAt(DateTimeImmutable $date) { - $this->expiresAt = $date->getTimestamp(); + $this->expiresAt = $date; return $this; } @@ -74,18 +74,22 @@ class NodeJWTService { $signer = new Sha256; + $identifier = hash($algo, $identifiedBy); + $builder = (new Builder)->issuedBy(config('app.url')) ->permittedFor($node->getConnectionAddress()) - ->identifiedBy(hash($algo, $identifiedBy), true) - ->issuedAt(CarbonImmutable::now()->getTimestamp()) - ->canOnlyBeUsedAfter(CarbonImmutable::now()->subMinutes(5)->getTimestamp()); + ->identifiedBy($identifier) + ->withHeader('jti', $identifier) + ->issuedAt(CarbonImmutable::now()->toDateTimeImmutable()) + ->canOnlyBeUsedAfter(CarbonImmutable::now()->subMinutes(5)->toDateTimeImmutable()); if ($this->expiresAt) { $builder = $builder->expiresAt($this->expiresAt); } - if (!empty($this->subject)) { - $builder = $builder->relatedTo($this->subject, true); + if (! empty($this->subject)) { + $builder = $builder->relatedTo($this->subject) + ->withHeader('sub', $this->subject); } foreach ($this->claims as $key => $value) { diff --git a/tests/Integration/Services/Servers/ServerDeletionServiceTest.php b/tests/Integration/Services/Servers/ServerDeletionServiceTest.php index 80e7b470..77bbb408 100644 --- a/tests/Integration/Services/Servers/ServerDeletionServiceTest.php +++ b/tests/Integration/Services/Servers/ServerDeletionServiceTest.php @@ -65,7 +65,7 @@ class ServerDeletionServiceTest extends IntegrationTestCase $this->expectException(DaemonConnectionException::class); $this->daemonServerRepository->expects('setServer->delete')->withNoArgs()->andThrows( - new DaemonConnectionException(new BadResponseException('Bad request', new Request('GET', '/test'))) + new DaemonConnectionException(new BadResponseException('Bad request', new Request('GET', '/test'), null)) ); $this->getService()->handle($server);