wings/router/router.go

package router

import (
	"github.com/apex/log"
	"github.com/gin-gonic/gin"

	"github.com/pterodactyl/wings/config"
	"github.com/pterodactyl/wings/remote"
	"github.com/pterodactyl/wings/router/middleware"
	wserver "github.com/pterodactyl/wings/server"
)

// Configure configures the routing infrastructure for this daemon instance.
func Configure(m *wserver.Manager, client remote.Client) *gin.Engine {
	gin.SetMode("release")

	router := gin.New()
	router.Use(gin.Recovery())
	router.SetTrustedProxies(config.Get().Api.TrustedProxies)
	router.Use(middleware.AttachRequestID(), middleware.CaptureErrors(), middleware.SetAccessControlHeaders())
	router.Use(middleware.AttachServerManager(m), middleware.AttachApiClient(client))
	// @todo log this into a different file so you can setup IP blocking for abusive requests and such.
	// This should still dump requests in debug mode since it does help with understanding the request
	// lifecycle and quickly seeing what was called leading to the logs. However, it isn't feasible to mix
	// this output in production and still get meaningful logs from it since they'll likely just be a huge
	// spamfest.
	router.Use(gin.LoggerWithFormatter(func(params gin.LogFormatterParams) string {
		log.WithFields(log.Fields{
			"client_ip":  params.ClientIP,
			"status":     params.StatusCode,
			"latency":    params.Latency,
			"request_id": params.Keys["request_id"],
		}).Debugf("%s %s", params.MethodColor()+params.Method+params.ResetColor(), params.Path)

		return ""
	}))

	// These routes use signed URLs to validate access to the resource being requested.
	router.GET("/download/backup", getDownloadBackup)
	router.GET("/download/file", getDownloadFile)
	router.POST("/upload/file", postServerUploadFiles)

	// This route is special it sits above all of the other requests because we are
	// using a JWT to authorize access to it, therefore it needs to be publicly
	// accessible.
	router.GET("/api/servers/:server/ws", middleware.ServerExists(), getServerWebsocket)

	// This request is called by another daemon when a server is going to be transferred out.
	// This request does not need the AuthorizationMiddleware as the panel should never call it
	// and requests are authenticated through a JWT the panel issues to the other daemon.
	router.GET("/api/servers/:server/archive", middleware.ServerExists(), getServerArchive)

	// All of the routes beyond this mount will use an authorization middleware
	// and will not be accessible without the correct Authorization header provided.
	protected := router.Use(middleware.RequireAuthorization())
	protected.POST("/api/update", postUpdateConfiguration)
	protected.GET("/api/system", getSystemInformation)
	protected.GET("/api/servers", getAllServers)
	protected.POST("/api/servers", postCreateServer)
	protected.POST("/api/transfer", postTransfer)

	// These are server specific routes, and require that the request be authorized, and
	// that the server exist on the Daemon.
	server := router.Group("/api/servers/:server")
	server.Use(middleware.RequireAuthorization(), middleware.ServerExists())
	{
		server.GET("", getServer)
		server.DELETE("", deleteServer)

		server.GET("/logs", getServerLogs)
		server.POST("/power", postServerPower)
		server.POST("/commands", postServerCommands)
		server.POST("/install", postServerInstall)
		server.POST("/reinstall", postServerReinstall)
		server.POST("/sync", postServerSync)
		server.POST("/ws/deny", postServerDenyWSTokens)

		// This archive request causes the archive to start being created
		// this should only be triggered by the panel.
		server.POST("/archive", postServerArchive)

		files := server.Group("/files")
		{
			files.GET("/contents", getServerFileContents)
			files.GET("/list-directory", getServerListDirectory)
			files.PUT("/rename", putServerRenameFiles)
			files.POST("/copy", postServerCopyFile)
			files.POST("/write", postServerWriteFile)
			files.POST("/create-directory", postServerCreateDirectory)
			files.POST("/delete", postServerDeleteFiles)
			files.POST("/compress", postServerCompressFiles)
			files.POST("/decompress", postServerDecompressFiles)
			files.POST("/chmod", postServerChmodFile)

			files.GET("/pull", middleware.RemoteDownloadEnabled(), getServerPullingFiles)
			files.POST("/pull", middleware.RemoteDownloadEnabled(), postServerPullRemoteFile)
			files.DELETE("/pull/:download", middleware.RemoteDownloadEnabled(), deleteServerPullRemoteFile)
		}

		backup := server.Group("/backup")
		{
			backup.POST("", postServerBackup)
			backup.POST("/:backup/restore", postServerRestoreBackup)
			backup.DELETE("/:backup", deleteServerBackup)
		}
	}

	return router
}
Port most of the HTTP code over to gin 2020-04-06 01:00:33 +00:00			`package router`

Remove more unused files, fix issue with CORS on /api/system, fix issue with GET /api/servers/:server/archive 2020-04-06 20:39:33 +00:00			`import (`
Cleaner gin logging in debug 2020-06-13 17:54:38 +00:00			`"github.com/apex/log"`
Remove more unused files, fix issue with CORS on /api/system, fix issue with GET /api/servers/:server/archive 2020-04-06 20:39:33 +00:00			`"github.com/gin-gonic/gin"`
break everything - upgrade dependencies - run gofmt and goimports to organize code - fix typos - other small tweaks 2021-08-02 21:07:00 +00:00
Add configuration for trusted proxies (#141) 2022-10-05 00:11:07 +00:00			`"github.com/pterodactyl/wings/config"`
Remove all of the remaining API logic and port it all to the remote.Client type 2021-02-02 05:28:46 +00:00			`"github.com/pterodactyl/wings/remote"`
Begin refactoring and improving the middleware 2021-01-16 19:02:57 +00:00			`"github.com/pterodactyl/wings/router/middleware"`
Cleanup server sync logic to work in a single consistent format (#101) * Cleanup server sync logic to work in a single consistent format Previously we had a mess of a function trying to update server details from a patch request. This change just centralizes everything to a single Sync() call when a server needs to update itself. We can also eventually update the panel (in V2) to not hit the patch endpoint, rather it can just be a generic endpoint that is hit after a server is updated on the Panel that tells Wings to re-sync the data to get the environment changes on the fly. The changes I made to the patch function currently act like that, with a slightly fragile 2 second wait to let the panel persist the changes since I don't want this to be a breaking change on that end. * Remove legacy server patch endpoint; replace with simpler sync endpoint 2021-08-29 20:37:18 +00:00			`wserver "github.com/pterodactyl/wings/server"`
Remove more unused files, fix issue with CORS on /api/system, fix issue with GET /api/servers/:server/archive 2020-04-06 20:39:33 +00:00			`)`
Port most of the HTTP code over to gin 2020-04-06 01:00:33 +00:00
Begin refactoring and improving the middleware 2021-01-16 19:02:57 +00:00			`// Configure configures the routing infrastructure for this daemon instance.`
Cleanup server sync logic to work in a single consistent format (#101) * Cleanup server sync logic to work in a single consistent format Previously we had a mess of a function trying to update server details from a patch request. This change just centralizes everything to a single Sync() call when a server needs to update itself. We can also eventually update the panel (in V2) to not hit the patch endpoint, rather it can just be a generic endpoint that is hit after a server is updated on the Panel that tells Wings to re-sync the data to get the environment changes on the fly. The changes I made to the patch function currently act like that, with a slightly fragile 2 second wait to let the panel persist the changes since I don't want this to be a breaking change on that end. * Remove legacy server patch endpoint; replace with simpler sync endpoint 2021-08-29 20:37:18 +00:00			`func Configure(m wserver.Manager, client remote.Client) gin.Engine {`
Cleaner gin logging in debug 2020-06-13 17:54:38 +00:00			`gin.SetMode("release")`

			`router := gin.New()`
Begin refactoring and improving the middleware 2021-01-16 19:02:57 +00:00			`router.Use(gin.Recovery())`
Add configuration for trusted proxies (#141) 2022-10-05 00:11:07 +00:00			`router.SetTrustedProxies(config.Get().Api.TrustedProxies)`
Begin refactoring and improving the middleware 2021-01-16 19:02:57 +00:00			`router.Use(middleware.AttachRequestID(), middleware.CaptureErrors(), middleware.SetAccessControlHeaders())`
Remove all of the remaining API logic and port it all to the remote.Client type 2021-02-02 05:28:46 +00:00			`router.Use(middleware.AttachServerManager(m), middleware.AttachApiClient(client))`
Cleaner gin logging in debug 2020-06-13 17:54:38 +00:00			`// @todo log this into a different file so you can setup IP blocking for abusive requests and such.`
			`// This should still dump requests in debug mode since it does help with understanding the request`
			`// lifecycle and quickly seeing what was called leading to the logs. However, it isn't feasible to mix`
			`// this output in production and still get meaningful logs from it since they'll likely just be a huge`
			`// spamfest.`
			`router.Use(gin.LoggerWithFormatter(func(params gin.LogFormatterParams) string {`
			`log.WithFields(log.Fields{`
Include the request ID in the request logs 2021-01-16 20:07:31 +00:00			`"client_ip": params.ClientIP,`
			`"status": params.StatusCode,`
			`"latency": params.Latency,`
			`"request_id": params.Keys["request_id"],`
Cleaner gin logging in debug 2020-06-13 17:54:38 +00:00			`}).Debugf("%s %s", params.MethodColor()+params.Method+params.ResetColor(), params.Path)`

			`return ""`
			`}))`
Port most of the HTTP code over to gin 2020-04-06 01:00:33 +00:00
Add support for downloading a backup 2020-04-06 01:56:54 +00:00			`// These routes use signed URLs to validate access to the resource being requested.`
			`router.GET("/download/backup", getDownloadBackup)`
Add support for direct downloads of server files 2020-04-07 03:27:57 +00:00			`router.GET("/download/file", getDownloadFile)`
Add basic file upload support 2020-07-12 22:43:25 +00:00			`router.POST("/upload/file", postServerUploadFiles)`
Add support for downloading a backup 2020-04-06 01:56:54 +00:00
Remove more unused files, fix issue with CORS on /api/system, fix issue with GET /api/servers/:server/archive 2020-04-06 20:39:33 +00:00			`// This route is special it sits above all of the other requests because we are`
			`// using a JWT to authorize access to it, therefore it needs to be publicly`
Port most of the HTTP code over to gin 2020-04-06 01:00:33 +00:00			`// accessible.`
More middleware cleanup and movement 2021-01-16 19:19:33 +00:00			`router.GET("/api/servers/:server/ws", middleware.ServerExists(), getServerWebsocket)`
Port most of the HTTP code over to gin 2020-04-06 01:00:33 +00:00
Remove more unused files, fix issue with CORS on /api/system, fix issue with GET /api/servers/:server/archive 2020-04-06 20:39:33 +00:00			`// This request is called by another daemon when a server is going to be transferred out.`
			`// This request does not need the AuthorizationMiddleware as the panel should never call it`
			`// and requests are authenticated through a JWT the panel issues to the other daemon.`
More middleware cleanup and movement 2021-01-16 19:19:33 +00:00			`router.GET("/api/servers/:server/archive", middleware.ServerExists(), getServerArchive)`
Remove more unused files, fix issue with CORS on /api/system, fix issue with GET /api/servers/:server/archive 2020-04-06 20:39:33 +00:00
Port most of the HTTP code over to gin 2020-04-06 01:00:33 +00:00			`// All of the routes beyond this mount will use an authorization middleware`
			`// and will not be accessible without the correct Authorization header provided.`
More middleware cleanup and movement 2021-01-16 19:19:33 +00:00			`protected := router.Use(middleware.RequireAuthorization())`
Add support for modifying daemon configuration on-the-fly 2020-04-11 23:17:46 +00:00			`protected.POST("/api/update", postUpdateConfiguration)`
Port most of the HTTP code over to gin 2020-04-06 01:00:33 +00:00			`protected.GET("/api/system", getSystemInformation)`
			`protected.GET("/api/servers", getAllServers)`
			`protected.POST("/api/servers", postCreateServer)`
Dane caused this monstrosity to occur.. Port over remaining transfer/archive code to gin, delete http.go 2020-04-06 19:49:49 +00:00			`protected.POST("/api/transfer", postTransfer)`
Port most of the HTTP code over to gin 2020-04-06 01:00:33 +00:00
			`// These are server specific routes, and require that the request be authorized, and`
			`// that the server exist on the Daemon.`
			`server := router.Group("/api/servers/:server")`
More middleware cleanup and movement 2021-01-16 19:19:33 +00:00			`server.Use(middleware.RequireAuthorization(), middleware.ServerExists())`
Port most of the HTTP code over to gin 2020-04-06 01:00:33 +00:00			`{`
			`server.GET("", getServer)`
			`server.DELETE("", deleteServer)`

			`server.GET("/logs", getServerLogs)`
			`server.POST("/power", postServerPower)`
			`server.POST("/commands", postServerCommands)`
			`server.POST("/install", postServerInstall)`
			`server.POST("/reinstall", postServerReinstall)`
Cleanup server sync logic to work in a single consistent format (#101) * Cleanup server sync logic to work in a single consistent format Previously we had a mess of a function trying to update server details from a patch request. This change just centralizes everything to a single Sync() call when a server needs to update itself. We can also eventually update the panel (in V2) to not hit the patch endpoint, rather it can just be a generic endpoint that is hit after a server is updated on the Panel that tells Wings to re-sync the data to get the environment changes on the fly. The changes I made to the patch function currently act like that, with a slightly fragile 2 second wait to let the panel persist the changes since I don't want this to be a breaking change on that end. * Remove legacy server patch endpoint; replace with simpler sync endpoint 2021-08-29 20:37:18 +00:00			`server.POST("/sync", postServerSync)`
Support denying a JWT JTI via the API 2020-11-04 05:01:50 +00:00			`server.POST("/ws/deny", postServerDenyWSTokens)`
Move over backup and create transfer logic 2020-04-06 02:07:16 +00:00
Remove more unused files, fix issue with CORS on /api/system, fix issue with GET /api/servers/:server/archive 2020-04-06 20:39:33 +00:00			`// This archive request causes the archive to start being created`
			`// this should only be triggered by the panel.`
Move over backup and create transfer logic 2020-04-06 02:07:16 +00:00			`server.POST("/archive", postServerArchive)`
Port most of the HTTP code over to gin 2020-04-06 01:00:33 +00:00
			`files := server.Group("/files")`
			`{`
			`files.GET("/contents", getServerFileContents)`
			`files.GET("/list-directory", getServerListDirectory)`
Support renaming multiple files at once 2020-07-11 23:00:39 +00:00			`files.PUT("/rename", putServerRenameFiles)`
Port most of the HTTP code over to gin 2020-04-06 01:00:33 +00:00			`files.POST("/copy", postServerCopyFile)`
			`files.POST("/write", postServerWriteFile)`
			`files.POST("/create-directory", postServerCreateDirectory)`
Support deleting multiple files at the same time 2020-07-11 22:33:53 +00:00			`files.POST("/delete", postServerDeleteFiles)`
Support generating a compressed archive for a server via the API 2020-07-11 20:13:49 +00:00			`files.POST("/compress", postServerCompressFiles)`
Add endpoint for decompressing archives 2020-07-15 18:28:45 +00:00			`files.POST("/decompress", postServerDecompressFiles)`
Add chmod endpoint to server files 2020-11-29 20:07:45 +00:00			`files.POST("/chmod", postServerChmodFile)`
Include endpoints for getting active downloads for a server 2020-12-20 21:14:07 +00:00
More middleware cleanup and movement 2021-01-16 19:19:33 +00:00			`files.GET("/pull", middleware.RemoteDownloadEnabled(), getServerPullingFiles)`
			`files.POST("/pull", middleware.RemoteDownloadEnabled(), postServerPullRemoteFile)`
			`files.DELETE("/pull/:download", middleware.RemoteDownloadEnabled(), deleteServerPullRemoteFile)`
Port most of the HTTP code over to gin 2020-04-06 01:00:33 +00:00			`}`
Add support for deleting a backup 2020-04-10 05:07:48 +00:00
			`backup := server.Group("/backup")`
			`{`
			`backup.POST("", postServerBackup)`
Fix import cycle issue 2021-01-18 05:05:51 +00:00			`backup.POST("/:backup/restore", postServerRestoreBackup)`
Add support for deleting a backup 2020-04-10 05:07:48 +00:00			`backup.DELETE("/:backup", deleteServerBackup)`
			`}`
Port most of the HTTP code over to gin 2020-04-06 01:00:33 +00:00			`}`

			`return router`
Dane caused this monstrosity to occur.. Port over remaining transfer/archive code to gin, delete http.go 2020-04-06 19:49:49 +00:00			`}`