wings/router/router.go

105 lines
4.3 KiB
Go
Raw Normal View History

2020-04-06 01:00:33 +00:00
package router
import (
2020-06-13 17:54:38 +00:00
"github.com/apex/log"
"github.com/gin-gonic/gin"
"github.com/pterodactyl/wings/router/middleware"
)
2020-04-06 01:00:33 +00:00
// Configure configures the routing infrastructure for this daemon instance.
2020-04-06 01:00:33 +00:00
func Configure() *gin.Engine {
2020-06-13 17:54:38 +00:00
gin.SetMode("release")
router := gin.New()
router.Use(gin.Recovery())
router.Use(middleware.AttachRequestID(), middleware.CaptureErrors(), middleware.SetAccessControlHeaders())
2020-06-13 17:54:38 +00:00
// @todo log this into a different file so you can setup IP blocking for abusive requests and such.
// This should still dump requests in debug mode since it does help with understanding the request
// lifecycle and quickly seeing what was called leading to the logs. However, it isn't feasible to mix
// this output in production and still get meaningful logs from it since they'll likely just be a huge
// spamfest.
router.Use()
2020-06-13 17:54:38 +00:00
router.Use(gin.LoggerWithFormatter(func(params gin.LogFormatterParams) string {
log.WithFields(log.Fields{
"client_ip": params.ClientIP,
"status": params.StatusCode,
"latency": params.Latency,
"request_id": params.Keys["request_id"],
2020-06-13 17:54:38 +00:00
}).Debugf("%s %s", params.MethodColor()+params.Method+params.ResetColor(), params.Path)
return ""
}))
2020-04-06 01:00:33 +00:00
2020-04-06 01:56:54 +00:00
// These routes use signed URLs to validate access to the resource being requested.
router.GET("/download/backup", getDownloadBackup)
router.GET("/download/file", getDownloadFile)
2020-07-12 22:43:25 +00:00
router.POST("/upload/file", postServerUploadFiles)
2020-04-06 01:56:54 +00:00
// This route is special it sits above all of the other requests because we are
// using a JWT to authorize access to it, therefore it needs to be publicly
2020-04-06 01:00:33 +00:00
// accessible.
2021-01-16 19:19:33 +00:00
router.GET("/api/servers/:server/ws", middleware.ServerExists(), getServerWebsocket)
2020-04-06 01:00:33 +00:00
// This request is called by another daemon when a server is going to be transferred out.
// This request does not need the AuthorizationMiddleware as the panel should never call it
// and requests are authenticated through a JWT the panel issues to the other daemon.
2021-01-16 19:19:33 +00:00
router.GET("/api/servers/:server/archive", middleware.ServerExists(), getServerArchive)
2020-04-06 01:00:33 +00:00
// All of the routes beyond this mount will use an authorization middleware
// and will not be accessible without the correct Authorization header provided.
2021-01-16 19:19:33 +00:00
protected := router.Use(middleware.RequireAuthorization())
protected.POST("/api/update", postUpdateConfiguration)
2020-04-06 01:00:33 +00:00
protected.GET("/api/system", getSystemInformation)
protected.GET("/api/servers", getAllServers)
protected.POST("/api/servers", postCreateServer)
protected.POST("/api/transfer", postTransfer)
2020-04-06 01:00:33 +00:00
// These are server specific routes, and require that the request be authorized, and
// that the server exist on the Daemon.
server := router.Group("/api/servers/:server")
2021-01-16 19:19:33 +00:00
server.Use(middleware.RequireAuthorization(), middleware.ServerExists())
2020-04-06 01:00:33 +00:00
{
server.GET("", getServer)
server.PATCH("", patchServer)
server.DELETE("", deleteServer)
server.GET("/logs", getServerLogs)
server.POST("/power", postServerPower)
server.POST("/commands", postServerCommands)
server.POST("/install", postServerInstall)
server.POST("/reinstall", postServerReinstall)
2020-11-04 05:01:50 +00:00
server.POST("/ws/deny", postServerDenyWSTokens)
// This archive request causes the archive to start being created
// this should only be triggered by the panel.
server.POST("/archive", postServerArchive)
2020-04-06 01:00:33 +00:00
files := server.Group("/files")
{
files.GET("/contents", getServerFileContents)
files.GET("/list-directory", getServerListDirectory)
files.PUT("/rename", putServerRenameFiles)
2020-04-06 01:00:33 +00:00
files.POST("/copy", postServerCopyFile)
files.POST("/write", postServerWriteFile)
files.POST("/create-directory", postServerCreateDirectory)
files.POST("/delete", postServerDeleteFiles)
files.POST("/compress", postServerCompressFiles)
files.POST("/decompress", postServerDecompressFiles)
2020-11-29 20:07:45 +00:00
files.POST("/chmod", postServerChmodFile)
2021-01-16 19:19:33 +00:00
files.GET("/pull", middleware.RemoteDownloadEnabled(), getServerPullingFiles)
files.POST("/pull", middleware.RemoteDownloadEnabled(), postServerPullRemoteFile)
files.DELETE("/pull/:download", middleware.RemoteDownloadEnabled(), deleteServerPullRemoteFile)
2020-04-06 01:00:33 +00:00
}
2020-04-10 05:07:48 +00:00
backup := server.Group("/backup")
{
backup.POST("", postServerBackup)
2021-01-18 05:05:51 +00:00
backup.POST("/:backup/restore", postServerRestoreBackup)
2020-04-10 05:07:48 +00:00
backup.DELETE("/:backup", deleteServerBackup)
}
2020-04-06 01:00:33 +00:00
}
return router
}