From 66e81ebfcfe33a9863430c6de65331ecee07311b Mon Sep 17 00:00:00 2001 From: 1day2die Date: Sat, 13 Aug 2022 22:21:55 +0200 Subject: [PATCH 1/2] Fix User-> Server edit bug --- app/Http/Controllers/ServerController.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/app/Http/Controllers/ServerController.php b/app/Http/Controllers/ServerController.php index 66e8d6ed..1047ec3d 100644 --- a/app/Http/Controllers/ServerController.php +++ b/app/Http/Controllers/ServerController.php @@ -105,14 +105,14 @@ class ServerController extends Controller if (FacadesRequest::has("product")) { $product = Product::findOrFail(FacadesRequest::input("product")); - // Get node resource allocation info + // Get node resource allocation info $node = $product->nodes()->findOrFail(FacadesRequest::input('node')); $nodeName = $node->name; // Check if node has enough memory and disk space $checkResponse = Pterodactyl::checkNodeResources($node, $product->memory, $product->disk); if ($checkResponse == False) return redirect()->route('servers.index')->with('error', __("The node '" . $nodeName . "' doesn't have the required memory or disk left to allocate this product.")); - + // Min. Credits if ( Auth::user()->credits < @@ -227,6 +227,8 @@ class ServerController extends Controller /** Show Server Settings */ public function show(Server $server) { + if($server->user_id != Auth::user()->id){ return back()->with('error', __('´This is not your Server!')); + } $serverAttributes = Pterodactyl::getServerAttributes($server->pterodactyl_id); $serverRelationships = $serverAttributes['relationships']; $serverLocationAttributes = $serverRelationships['location']['attributes']; From 1ca4cea5a43bbffec445faa2e257b68754024e8d Mon Sep 17 00:00:00 2001 From: 1day2die Date: Sat, 13 Aug 2022 22:29:57 +0200 Subject: [PATCH 2/2] globally limit post requests --- app/Http/Controllers/ServerController.php | 5 +++-- app/Providers/RouteServiceProvider.php | 8 +++----- routes/web.php | 1 + 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/app/Http/Controllers/ServerController.php b/app/Http/Controllers/ServerController.php index 1047ec3d..36155514 100644 --- a/app/Http/Controllers/ServerController.php +++ b/app/Http/Controllers/ServerController.php @@ -227,8 +227,9 @@ class ServerController extends Controller /** Show Server Settings */ public function show(Server $server) { - if($server->user_id != Auth::user()->id){ return back()->with('error', __('´This is not your Server!')); - } + + + if($server->user_id != Auth::user()->id){ return back()->with('error', __('´This is not your Server!'));} $serverAttributes = Pterodactyl::getServerAttributes($server->pterodactyl_id); $serverRelationships = $serverAttributes['relationships']; $serverLocationAttributes = $serverRelationships['location']['attributes']; diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php index 6dbbc407..0531b53e 100644 --- a/app/Providers/RouteServiceProvider.php +++ b/app/Providers/RouteServiceProvider.php @@ -46,6 +46,7 @@ class RouteServiceProvider extends ServiceProvider Route::middleware('web') ->namespace($this->namespace) ->group(base_path('routes/web.php')); + }); } @@ -59,11 +60,8 @@ class RouteServiceProvider extends ServiceProvider RateLimiter::for('api', function (Request $request) { return Limit::perMinute(60)->by(optional($request->user())->id ?: $request->ip()); }); - RateLimiter::for('ticket-new', function (Request $request) { - return Limit::perMinute(3)->by(optional($request->user())->id ?: $request->ip()); - }); - RateLimiter::for('ticket-reply', function (Request $request) { - return Limit::perMinute(4)->by(optional($request->user())->id ?: $request->ip()); + RateLimiter::for('web', function (Request $request) { + return Limit::perMinute(15)->by(optional($request->user())->id ?: $request->ip()); }); } } diff --git a/routes/web.php b/routes/web.php index 59e0d67f..73634f52 100644 --- a/routes/web.php +++ b/routes/web.php @@ -42,6 +42,7 @@ use App\Classes\Settings\System; | */ + Route::middleware('guest')->get('/', function () { return redirect('login'); })->name('welcome');