From 2dcd39c9c75eec41692858cf8223cad67a0cfa6c Mon Sep 17 00:00:00 2001 From: Dawid Jaworski Date: Fri, 5 Jul 2024 21:22:47 +0200 Subject: [PATCH 1/4] fix: nullable egg features (#5135) --- resources/views/admin/eggs/view.blade.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/views/admin/eggs/view.blade.php b/resources/views/admin/eggs/view.blade.php index 50b69c3793..0f1e6521f4 100644 --- a/resources/views/admin/eggs/view.blade.php +++ b/resources/views/admin/eggs/view.blade.php @@ -118,7 +118,7 @@
From 123ce52dae1b52f293eb0407b1a7d789386cdeff Mon Sep 17 00:00:00 2001 From: Danny Harpigny Date: Fri, 26 Jul 2024 05:18:47 +0200 Subject: [PATCH 2/4] Allow subusers and subusers to delete or manage themselves --- .../Api/Client/Servers/Subusers/SubuserRequest.php | 10 ++++++++++ .../scripts/components/server/users/UserRow.tsx | 13 ++++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php b/app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php index 7c4fab9d22..c6ec44b11b 100644 --- a/app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php +++ b/app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php @@ -24,10 +24,20 @@ public function authorize(): bool return false; } + // Always authorize requests from a root admin. + if ($this->user()->root_admin) { + return true; + } + $user = $this->route()->parameter('user'); // Don't allow a user to edit themselves on the server. if ($user instanceof User) { if ($user->uuid === $this->user()->uuid) { + // Except if they want to delete themselves from the server. + if ($this->method() === Request::METHOD_DELETE) { + return true; + } + return false; } } diff --git a/resources/scripts/components/server/users/UserRow.tsx b/resources/scripts/components/server/users/UserRow.tsx index 45693c5d49..df181df5e1 100644 --- a/resources/scripts/components/server/users/UserRow.tsx +++ b/resources/scripts/components/server/users/UserRow.tsx @@ -15,6 +15,7 @@ interface Props { export default ({ subuser }: Props) => { const uuid = useStoreState((state) => state.user!.data!.uuid); + const rootAdmin = useStoreState((state) => state.user!.data!.rootAdmin); const [visible, setVisible] = useState(false); return ( @@ -44,7 +45,7 @@ export default ({ subuser }: Props) => {

Permissions

- {subuser.uuid !== uuid && ( + {(subuser.uuid !== uuid || rootAdmin) && ( <> + + )} + <> + {subuser.uuid === uuid ? ( + + ) : ( - - )} + )} + ); }; From 8ff901fcd1177b1efba357eee35f042d7c92bd1d Mon Sep 17 00:00:00 2001 From: Danny Harpigny Date: Fri, 26 Jul 2024 05:51:04 +0200 Subject: [PATCH 3/4] docker: Optimize build cache --- Dockerfile | 51 ++++++++++++++++++++++++++++++--------------------- 1 file changed, 30 insertions(+), 21 deletions(-) diff --git a/Dockerfile b/Dockerfile index aae05a526e..55998c1fb8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,39 +2,48 @@ # Build the assets that are needed for the frontend. This build stage is then discarded # since we won't need NodeJS anymore in the future. This Docker image ships a final production # level distribution of Pterodactyl. -FROM --platform=$TARGETOS/$TARGETARCH mhart/alpine-node:14 +FROM mhart/alpine-node:14 + WORKDIR /app -COPY . ./ -RUN yarn install --frozen-lockfile \ - && yarn run build:production + +# Install dependencies +COPY package.json yarn.lock . +RUN yarn install --frozen-lockfile + +# Build assets +COPY . . +RUN yarn run build:production # Stage 1: -# Build the actual container with all of the needed PHP dependencies that will run the application. -FROM --platform=$TARGETOS/$TARGETARCH php:8.1-fpm-alpine +# Build the actual container with all of the needed dependencies that will run the application. +FROM php:8.1-fpm-alpine + WORKDIR /app -COPY . ./ + +# System dependencies +RUN apk add --no-cache --update ca-certificates dcron curl git supervisor tar unzip nginx libpng-dev libxml2-dev libzip-dev certbot certbot-nginx + +# PHP dependencies +RUN docker-php-ext-install bcmath gd pdo_mysql zip + +# Install Composer +RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer + +COPY . . COPY --from=0 /app/public/assets ./public/assets -RUN apk add --no-cache --update ca-certificates dcron curl git supervisor tar unzip nginx libpng-dev libxml2-dev libzip-dev certbot certbot-nginx \ - && docker-php-ext-configure zip \ - && docker-php-ext-install bcmath gd pdo_mysql zip \ - && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ - && cp .env.example .env \ - && mkdir -p bootstrap/cache/ storage/logs storage/framework/sessions storage/framework/views storage/framework/cache \ - && chmod 777 -R bootstrap storage \ +RUN mkdir -p bootstrap/cache/ storage/logs storage/framework/sessions storage/framework/views storage/framework/cache \ && composer install --no-dev --optimize-autoloader \ - && rm -rf .env bootstrap/cache/*.php \ - && mkdir -p /app/storage/logs/ \ + && rm -rf bootstrap/cache/*.php \ && chown -R nginx:nginx . -RUN rm /usr/local/etc/php-fpm.conf \ - && echo "* * * * * /usr/local/bin/php /app/artisan schedule:run >> /dev/null 2>&1" >> /var/spool/cron/crontabs/root \ +RUN echo "* * * * * /usr/local/bin/php /app/artisan schedule:run >> /dev/null 2>&1" >> /var/spool/cron/crontabs/root \ && echo "0 23 * * * certbot renew --nginx --quiet" >> /var/spool/cron/crontabs/root \ && sed -i s/ssl_session_cache/#ssl_session_cache/g /etc/nginx/nginx.conf \ && mkdir -p /var/run/php /var/run/nginx -COPY .github/docker/default.conf /etc/nginx/http.d/default.conf -COPY .github/docker/www.conf /usr/local/etc/php-fpm.conf -COPY .github/docker/supervisord.conf /etc/supervisord.conf +COPY --link .github/docker/default.conf /etc/nginx/http.d/default.conf +COPY --link .github/docker/www.conf /usr/local/etc/php-fpm.conf +COPY --link .github/docker/supervisord.conf /etc/supervisord.conf EXPOSE 80 443 ENTRYPOINT [ "/bin/ash", ".github/docker/entrypoint.sh" ] From 2c108466ff11088e5cf8014f1d967e00264cadff Mon Sep 17 00:00:00 2001 From: Danny Harpigny Date: Fri, 26 Jul 2024 05:57:07 +0200 Subject: [PATCH 4/4] docker: Change ownership of log directory --- .github/docker/entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/docker/entrypoint.sh b/.github/docker/entrypoint.sh index 9cd4c9b0fc..03ec9c99a1 100644 --- a/.github/docker/entrypoint.sh +++ b/.github/docker/entrypoint.sh @@ -1,8 +1,8 @@ #!/bin/ash -e cd /app -mkdir -p /var/log/panel/logs/ /var/log/supervisord/ /var/log/nginx/ /var/log/php7/ \ - && chmod 777 /var/log/panel/logs/ \ +mkdir -p /var/log/panel/ /var/log/supervisord/ /var/log/nginx/ /var/log/php7/ \ + && chown -R nginx:nginx /app/storage/logs \ && ln -s /app/storage/logs/ /var/log/panel/ ## check for .env file and generate app keys if missing