[security] fix vulnerability when handling remote file redirects

Also adds the ability for an admin to just completely disable this service if it is not needed on the node.

CHANGELOG.md

@@ -1,9 +1,19 @@
 # Changelog
 
+## v1.2.3
+### Fixed
+* **[Security]** Fixes a remaining security vulnerability in the code handling remote file downloads for servers relating to redirect validation.
+
+### Added
+* Adds a configuration key at `api.disable_remote_download` that can be set to `true` to completely download the remote download system.
+
 ## v1.2.2
 ### Fixed
 * Reverts changes to logic handling blocking until a server process is done running when polling stats. This change exposed a bug in the underlying Docker system causing servers to enter a state in which Wings was unable to terminate the process and Docker commands would hang if executed against the container.
 
+### Changed
+* Adds logic to handle a console stream unexpectedly returning an EOF when reading console logs. New code should automatically re-attach the stream avoiding issues where the console would stop live updating for servers.
+
 ## v1.2.1
 ### Fixed
 * Fixes servers not be properly marked as no longer transfering if an error occurs during the archive process.

api/api.go

@@ -2,17 +2,18 @@ package api
 
 import (
 	"bytes"
-	"emperror.dev/errors"
 	"encoding/json"
 	"fmt"
-	"github.com/apex/log"
-	"github.com/pterodactyl/wings/config"
-	"github.com/pterodactyl/wings/system"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"time"
+
+	"emperror.dev/errors"
+	"github.com/apex/log"
+	"github.com/pterodactyl/wings/config"
+	"github.com/pterodactyl/wings/system"
 )
 
 // Initializes the requester instance.

api/process_configuration.go

@@ -2,10 +2,11 @@ package api
 
 import (
 	"encoding/json"
-	"github.com/apex/log"
-	"github.com/pterodactyl/wings/parser"
 	"regexp"
 	"strings"
+
+	"github.com/apex/log"
+	"github.com/pterodactyl/wings/parser"
 )
 
 type OutputLineMatcher struct {

api/server_endpoints.go

@@ -4,11 +4,12 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"strconv"
+	"sync"
+
 	"github.com/apex/log"
 	"github.com/pterodactyl/wings/config"
 	"golang.org/x/sync/errgroup"
-	"strconv"
-	"sync"
 )
 
 const (

api/sftp_endpoints.go

@@ -1,9 +1,10 @@
 package api
 
 import (
+	"regexp"
+
 	"emperror.dev/errors"
 	"github.com/apex/log"
-	"regexp"
 )
 
 type SftpAuthRequest struct {

cmd/config_finder.go

@@ -1,9 +1,10 @@
 package cmd
 
 import (
-	"github.com/pterodactyl/wings/config"
 	"os"
 	"path/filepath"
+
+	"github.com/pterodactyl/wings/config"
 )
 
 // We've gone through a couple of iterations of where the configuration is stored. This

cmd/configure.go

@@ -4,10 +4,6 @@ import (
 	"crypto/tls"
 	"encoding/json"
 	"fmt"
-	"github.com/AlecAivazis/survey/v2"
-	"github.com/AlecAivazis/survey/v2/terminal"
-	"github.com/pterodactyl/wings/config"
-	"github.com/spf13/cobra"
 	"io/ioutil"
 	"net/http"
 	"net/url"
@@ -15,6 +11,11 @@ import (
 	"path"
 	"regexp"
 	"time"
+
+	"github.com/AlecAivazis/survey/v2"
+	"github.com/AlecAivazis/survey/v2/terminal"
+	"github.com/pterodactyl/wings/config"
+	"github.com/spf13/cobra"
 )
 
 var (

cmd/diagnostics.go

@@ -5,7 +5,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"github.com/pterodactyl/wings/environment"
 	"io"
 	"io/ioutil"
 	"net/http"
@@ -16,6 +15,8 @@ import (
 	"strings"
 	"time"
 
+	"github.com/pterodactyl/wings/environment"
+
 	"github.com/AlecAivazis/survey/v2"
 	"github.com/AlecAivazis/survey/v2/terminal"
 	"github.com/docker/docker/api/types"

cmd/root.go

@@ -2,8 +2,15 @@ package cmd
 
 import (
 	"crypto/tls"
-	"emperror.dev/errors"
 	"fmt"
+	log2 "log"
+	"net/http"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+
+	"emperror.dev/errors"
 	"github.com/NYTimes/logrotate"
 	"github.com/apex/log"
 	"github.com/apex/log/handlers/multi"
@@ -21,47 +28,54 @@ import (
 	"github.com/spf13/cobra"
 	"golang.org/x/crypto/acme"
 	"golang.org/x/crypto/acme/autocert"
-	"net/http"
-	"os"
-	"path"
-	"path/filepath"
-	"strings"
 )
 
 var (
-	profiler                = ""
 	configPath = config.DefaultLocation
 	debug      = false
-	useAutomaticTls         = false
-	tlsHostname             = ""
-	showVersion             = false
-	ignoreCertificateErrors = false
 )
 
-var root = &cobra.Command{
+var rootCommand = &cobra.Command{
 	Use:   "wings",
-	Short: "The wings of the pterodactyl game management panel",
-	Long:  ``,
+	Short: "Runs the API server allowing programatic control of game servers for Pterodactyl Panel.",
 	PreRun: func(cmd *cobra.Command, args []string) {
-		if useAutomaticTls && len(tlsHostname) == 0 {
+		if tls, _ := cmd.Flags().GetBool("auto-tls"); tls {
+			if host, _ := cmd.Flags().GetString("tls-hostname"); host == "" {
 				fmt.Println("A TLS hostname must be provided when running wings with automatic TLS, e.g.:\n\n    ./wings --auto-tls --tls-hostname my.example.com")
 				os.Exit(1)
 			}
+		}
 	},
 	Run: rootCmdRun,
 }
 
-func init() {
-	root.PersistentFlags().BoolVar(&showVersion, "version", false, "show the version and exit")
-	root.PersistentFlags().StringVar(&configPath, "config", config.DefaultLocation, "set the location for the configuration file")
-	root.PersistentFlags().BoolVar(&debug, "debug", false, "pass in order to run wings in debug mode")
-	root.PersistentFlags().StringVar(&profiler, "profiler", "", "the profiler to run for this instance")
-	root.PersistentFlags().BoolVar(&useAutomaticTls, "auto-tls", false, "pass in order to have wings generate and manage it's own SSL certificates using Let's Encrypt")
-	root.PersistentFlags().StringVar(&tlsHostname, "tls-hostname", "", "required with --auto-tls, the FQDN for the generated SSL certificate")
-	root.PersistentFlags().BoolVar(&ignoreCertificateErrors, "ignore-certificate-errors", false, "if passed any SSL certificate errors will be ignored by wings")
+var versionCommand = &cobra.Command{
+	Use:   "version",
+	Short: "Prints the current executable version and exits.",
+	Run: func(cmd *cobra.Command, _ []string) {
+		fmt.Printf("wings v%s\nCopyright © 2018 - 2021 Dane Everitt & Contributors\n", system.Version)
+	},
+}
 
-	root.AddCommand(configureCmd)
-	root.AddCommand(diagnosticsCmd)
+func Execute() {
+	if err := rootCommand.Execute(); err != nil {
+		log2.Fatalf("failed to execute command: %s", err)
+	}
+}
+
+func init() {
+	rootCommand.PersistentFlags().StringVar(&configPath, "config", config.DefaultLocation, "set the location for the configuration file")
+	rootCommand.PersistentFlags().BoolVar(&debug, "debug", false, "pass in order to run wings in debug mode")
+
+	// Flags specifically used when running the API.
+	rootCommand.Flags().String("profiler", "", "the profiler to run for this instance")
+	rootCommand.Flags().Bool("auto-tls", false, "pass in order to have wings generate and manage it's own SSL certificates using Let's Encrypt")
+	rootCommand.Flags().String("tls-hostname", "", "required with --auto-tls, the FQDN for the generated SSL certificate")
+	rootCommand.Flags().Bool("ignore-certificate-errors", false, "ignore certificate verification errors when executing API calls")
+
+	rootCommand.AddCommand(versionCommand)
+	rootCommand.AddCommand(configureCmd)
+	rootCommand.AddCommand(diagnosticsCmd)
 }
 
 // Get the configuration path based on the arguments provided.
@@ -85,13 +99,8 @@ func readConfiguration() (*config.Configuration, error) {
 	return config.ReadConfiguration(p)
 }
 
-func rootCmdRun(*cobra.Command, []string) {
-	if showVersion {
-		fmt.Println(system.Version)
-		os.Exit(0)
-	}
-
-	switch profiler {
+func rootCmdRun(cmd *cobra.Command, _ []string) {
+	switch cmd.Flag("profiler").Value.String() {
 	case "cpu":
 		defer profile.Start(profile.CPUProfile).Stop()
 	case "mem":
@@ -117,7 +126,6 @@ func rootCmdRun(*cobra.Command, []string) {
 			if errors.Is(err, os.ErrNotExist) {
 				exitWithConfigurationNotice()
 			}
-
 			panic(err)
 		}
 	}
@@ -141,7 +149,7 @@ func rootCmdRun(*cobra.Command, []string) {
 		log.Debug("running in debug mode")
 	}
 
-	if ignoreCertificateErrors {
+	if ok, _ := cmd.Flags().GetBool("ignore-certificate-errors"); ok {
 		log.Warn("running with --ignore-certificate-errors: TLS certificate host chains and name will not be verified")
 		http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{
 			InsecureSkipVerify: true,
@@ -280,9 +288,15 @@ func rootCmdRun(*cobra.Command, []string) {
 		log.WithField("error", err).Error("failed to create backup directory")
 	}
 
+	autotls, _ := cmd.Flags().GetBool("auto-tls")
+	tlshostname, _ := cmd.Flags().GetString("tls-hostname")
+	if autotls && tlshostname == "" {
+		autotls = false
+	}
+
 	log.WithFields(log.Fields{
 		"use_ssl":      c.Api.Ssl.Enabled,
-		"use_auto_tls": useAutomaticTls && len(tlsHostname) > 0,
+		"use_auto_tls": autotls,
 		"host_address": c.Api.Host,
 		"host_port":    c.Api.Port,
 	}).Info("configuring internal webserver")
@@ -293,7 +307,6 @@ func rootCmdRun(*cobra.Command, []string) {
 	s := &http.Server{
 		Addr:    fmt.Sprintf("%s:%d", c.Api.Host, c.Api.Port),
 		Handler: r,
-
 		TLSConfig: &tls.Config{
 			NextProtos: []string{"h2", "http/1.1"},
 			// @see https://blog.cloudflare.com/exposing-go-on-the-internet
@@ -313,14 +326,14 @@ func rootCmdRun(*cobra.Command, []string) {
 	}
 
 	// Check if the server should run with TLS but using autocert.
-	if useAutomaticTls && len(tlsHostname) > 0 {
+	if autotls {
 		m := autocert.Manager{
 			Prompt:     autocert.AcceptTOS,
 			Cache:      autocert.DirCache(path.Join(c.System.RootDirectory, "/.tls-cache")),
-			HostPolicy: autocert.HostWhitelist(tlsHostname),
+			HostPolicy: autocert.HostWhitelist(tlshostname),
 		}
 
-		log.WithField("hostname", tlsHostname).
+		log.WithField("hostname", tlshostname).
 			Info("webserver is now listening with auto-TLS enabled; certificates will be automatically generated by Let's Encrypt")
 
 		// Hook autocert into the main http server.
@@ -336,7 +349,7 @@ func rootCmdRun(*cobra.Command, []string) {
 
 		// Start the main http server with TLS using autocert.
 		if err := s.ListenAndServeTLS("", ""); err != nil {
-			log.WithFields(log.Fields{"auto_tls": true, "tls_hostname": tlsHostname, "error": err}).
+			log.WithFields(log.Fields{"auto_tls": true, "tls_hostname": tlshostname, "error": err}).
 				Fatal("failed to configure HTTP server using auto-tls")
 		}
 
@@ -364,11 +377,6 @@ func rootCmdRun(*cobra.Command, []string) {
 	}
 }
 
-// Execute calls cobra to handle cli commands
-func Execute() error {
-	return root.Execute()
-}
-
 // Configures the global logger for Zap so that we can call it from any location
 // in the code without having to pass around a logger instance.
 func configureLogging(logDir string, debug bool) error {
@@ -379,20 +387,15 @@ func configureLogging(logDir string, debug bool) error {
 	p := filepath.Join(logDir, "/wings.log")
 	w, err := logrotate.NewFile(p)
 	if err != nil {
-		panic(errors.WithMessage(err, "failed to open process log file"))
+		return err
 	}
 
+	log.SetLevel(log.InfoLevel)
 	if debug {
 		log.SetLevel(log.DebugLevel)
-	} else {
-		log.SetLevel(log.InfoLevel)
 	}
 
-	log.SetHandler(multi.New(
-		cli.Default,
-		cli.New(w.File, false),
-	))
-
+	log.SetHandler(multi.New(cli.Default, cli.New(w.File, false)))
 	log.WithField("path", p).Info("writing log files to disk")
 
 	return nil

config/config.go

@@ -1,12 +1,7 @@
 package config
 
 import (
-	"emperror.dev/errors"
 	"fmt"
-	"github.com/cobaugh/osrelease"
-	"github.com/creasty/defaults"
-	"github.com/gbrlsnchs/jwt/v3"
-	"gopkg.in/yaml.v2"
 	"io/ioutil"
 	"os"
 	"os/exec"
@@ -14,6 +9,12 @@ import (
 	"strconv"
 	"strings"
 	"sync"
+
+	"emperror.dev/errors"
+	"github.com/cobaugh/osrelease"
+	"github.com/creasty/defaults"
+	"github.com/gbrlsnchs/jwt/v3"
+	"gopkg.in/yaml.v2"
 )
 
 const DefaultLocation = "/etc/pterodactyl/config.yml"
@@ -87,11 +88,16 @@ type ApiConfiguration struct {
 
 	// SSL configuration for the daemon.
 	Ssl struct {
-		Enabled         bool   `default:"false"`
+		Enabled         bool   `json:"enabled" yaml:"enabled"`
 		CertificateFile string `json:"cert" yaml:"cert"`
 		KeyFile         string `json:"key" yaml:"key"`
 	}
 
+	// Determines if functionality for allowing remote download of files into server directories
+	// is enabled on this instance. If set to "true" remote downloads will not be possible for
+	// servers.
+	DisableRemoteDownload bool `json:"disable_remote_download" yaml:"disable_remote_download"`
+
 	// The maximum size for files uploaded through the Panel in bytes.
 	UploadLimit int `default:"100" json:"upload_limit" yaml:"upload_limit"`
 }

config/config_docker.go

@@ -3,6 +3,7 @@ package config
 import (
 	"encoding/base64"
 	"encoding/json"
+
 	"github.com/docker/docker/api/types"
 )
 

config/config_system.go

@@ -2,9 +2,7 @@ package config
 
 import (
 	"context"
-	"emperror.dev/errors"
 	"fmt"
-	"github.com/apex/log"
 	"html/template"
 	"io/ioutil"
 	"os"
@@ -13,6 +11,9 @@ import (
 	"path/filepath"
 	"regexp"
 	"time"
+
+	"emperror.dev/errors"
+	"github.com/apex/log"
 )
 
 // Defines basic system configuration settings.

environment/allocations.go

@@ -2,9 +2,10 @@ package environment
 
 import (
 	"fmt"
+	"strconv"
+
 	"github.com/docker/go-connections/nat"
 	"github.com/pterodactyl/wings/config"
-	"strconv"
 )
 
 // Defines the allocations available for a given server. When using the Docker environment

environment/docker.go

@@ -2,10 +2,11 @@ package environment
 
 import (
 	"context"
-	"github.com/apex/log"
 	"strconv"
 	"sync"
 
+	"github.com/apex/log"
+
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/client"

environment/environment.go

@@ -1,8 +1,9 @@
 package environment
 
 import (
-	"github.com/pterodactyl/wings/events"
 	"os"
+
+	"github.com/pterodactyl/wings/events"
 )
 
 const (

environment/settings.go

@@ -2,9 +2,10 @@ package environment
 
 import (
 	"fmt"
-	"github.com/apex/log"
 	"math"
 	"strconv"
+
+	"github.com/apex/log"
 )
 
 type Mount struct {

events/events.go

@@ -2,9 +2,10 @@ package events
 
 import (
 	"encoding/json"
-	"github.com/gammazero/workerpool"
 	"strings"
 	"sync"
+
+	"github.com/gammazero/workerpool"
 )
 
 type Event struct {

events/pool.go

@@ -1,8 +1,9 @@
 package events
 
 import (
-	"github.com/gammazero/workerpool"
 	"reflect"
+
+	"github.com/gammazero/workerpool"
 )
 
 type CallbackPool struct {

go.mod

@@ -63,6 +63,7 @@ require (
 	github.com/sabhiram/go-gitignore v0.0.0-20201211210132-54b8a0bf510f
 	github.com/sirupsen/logrus v1.7.0 // indirect
 	github.com/spf13/cobra v1.1.1
+	github.com/spf13/pflag v1.0.5
 	github.com/ugorji/go v1.2.2 // indirect
 	github.com/ulikunitz/xz v0.5.9 // indirect
 	golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad

installer/installer.go

@@ -1,8 +1,9 @@
 package installer
 
 import (
-	"emperror.dev/errors"
 	"encoding/json"
+
+	"emperror.dev/errors"
 	"github.com/asaskevich/govalidator"
 	"github.com/buger/jsonparser"
 	"github.com/pterodactyl/wings/api"

parser/helpers.go

@@ -2,16 +2,17 @@ package parser
 
 import (
 	"bytes"
-	"emperror.dev/errors"
-	"github.com/Jeffail/gabs/v2"
-	"github.com/apex/log"
-	"github.com/buger/jsonparser"
-	"github.com/iancoleman/strcase"
 	"io/ioutil"
 	"os"
 	"regexp"
 	"strconv"
 	"strings"
+
+	"emperror.dev/errors"
+	"github.com/Jeffail/gabs/v2"
+	"github.com/apex/log"
+	"github.com/buger/jsonparser"
+	"github.com/iancoleman/strcase"
 )
 
 // Regex to match anything that has a value matching the format of {{ config.$1 }} which

parser/parser.go

@@ -2,8 +2,14 @@ package parser
 
 import (
 	"bufio"
-	"emperror.dev/errors"
 	"encoding/json"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+
+	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/beevik/etree"
 	"github.com/buger/jsonparser"
@@ -12,11 +18,6 @@ import (
 	"github.com/pterodactyl/wings/config"
 	"gopkg.in/ini.v1"
 	"gopkg.in/yaml.v2"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
 )
 
 // The file parsing options that are available for a server configuration file.

router/downloader/downloader.go

@@ -18,7 +18,22 @@ import (
 	"time"
 )
 
-var client = &http.Client{Timeout: time.Hour * 12}
+var client = &http.Client{
+	Timeout: time.Hour * 12,
+	// Disallow any redirect on a HTTP call. This is a security requirement: do not modify
+	// this logic without first ensuring that the new target location IS NOT within the current
+	// instance's local network.
+	//
+	// This specific error response just causes the client to not follow the redirect and
+	// returns the actual redirect response to the caller. Not perfect, but simple and most
+	// people won't be using URLs that redirect anyways hopefully?
+	//
+	// We'll re-evaluate this down the road if needed.
+	CheckRedirect: func(req *http.Request, via []*http.Request) error {
+		return http.ErrUseLastResponse
+	},
+}
+
 var instance = &Downloader{
 	// Tracks all of the active downloads.
 	downloadCache: make(map[string]*Download),

router/error.go

@@ -1,16 +1,17 @@
 package router
 
 import (
-	"emperror.dev/errors"
 	"fmt"
+	"net/http"
+	"os"
+	"strings"
+
+	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
 	"github.com/pterodactyl/wings/server"
 	"github.com/pterodactyl/wings/server/filesystem"
-	"net/http"
-	"os"
-	"strings"
 )
 
 type RequestError struct {

router/middleware.go

@@ -1,14 +1,15 @@
 package router
 
 import (
+	"io"
+	"net/http"
+	"strings"
+
 	"emperror.dev/errors"
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/server"
-	"io"
-	"net/http"
-	"strings"
 )
 
 type Middleware struct{}
@@ -119,6 +120,21 @@ func (m *Middleware) ServerExists() gin.HandlerFunc {
 	}
 }
 
+// Checks if remote file downloading is enabled on this instance before allowing access
+// to the given endpoint.
+func (m *Middleware) CheckRemoteDownloadEnabled() gin.HandlerFunc {
+	disabled := config.Get().Api.DisableRemoteDownload
+	return func(c *gin.Context) {
+		if disabled {
+			c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{
+				"error": "This functionality is not currently enabled on this instance.",
+			})
+			return
+		}
+		c.Next()
+	}
+}
+
 // Returns the server instance from the gin context. If there is no server set in the
 // context (e.g. calling from a controller not protected by ServerExists) this function
 // will panic.

router/router.go

@@ -88,9 +88,9 @@ func Configure() *gin.Engine {
 			files.POST("/decompress", postServerDecompressFiles)
 			files.POST("/chmod", postServerChmodFile)
 
-			files.GET("/pull", getServerPullingFiles)
-			files.POST("/pull", postServerPullRemoteFile)
-			files.DELETE("/pull/:download", deleteServerPullRemoteFile)
+			files.GET("/pull", m.CheckRemoteDownloadEnabled(), getServerPullingFiles)
+			files.POST("/pull", m.CheckRemoteDownloadEnabled(), postServerPullRemoteFile)
+			files.DELETE("/pull/:download", m.CheckRemoteDownloadEnabled(), deleteServerPullRemoteFile)
 		}
 
 		backup := server.Group("/backup")

router/router_download.go

@@ -3,12 +3,13 @@ package router
 import (
 	"bufio"
 	"errors"
-	"github.com/gin-gonic/gin"
-	"github.com/pterodactyl/wings/router/tokens"
-	"github.com/pterodactyl/wings/server/backup"
 	"net/http"
 	"os"
 	"strconv"
+
+	"github.com/gin-gonic/gin"
+	"github.com/pterodactyl/wings/router/tokens"
+	"github.com/pterodactyl/wings/server/backup"
 )
 
 // Handle a download request for a server backup.

router/router_server.go

@@ -3,15 +3,16 @@ package router
 import (
 	"bytes"
 	"context"
+	"net/http"
+	"os"
+	"strconv"
+
 	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/gin-gonic/gin"
 	"github.com/pterodactyl/wings/router/downloader"
 	"github.com/pterodactyl/wings/router/tokens"
 	"github.com/pterodactyl/wings/server"
-	"net/http"
-	"os"
-	"strconv"
 )
 
 type serverProcData struct {

router/router_server_backup.go

@@ -1,13 +1,14 @@
 package router
 
 import (
-	"emperror.dev/errors"
 	"fmt"
+	"net/http"
+	"os"
+
+	"emperror.dev/errors"
 	"github.com/gin-gonic/gin"
 	"github.com/pterodactyl/wings/server"
 	"github.com/pterodactyl/wings/server/backup"
-	"net/http"
-	"os"
 )
 
 // Backs up a server.

router/router_server_ws.go

@@ -3,10 +3,11 @@ package router
 import (
 	"context"
 	"encoding/json"
+	"time"
+
 	"github.com/gin-gonic/gin"
 	ws "github.com/gorilla/websocket"
 	"github.com/pterodactyl/wings/router/websocket"
-	"time"
 )
 
 // Upgrades a connection to a websocket and passes events along between.

router/router_system.go

@@ -2,14 +2,15 @@ package router
 
 import (
 	"bytes"
+	"net/http"
+	"strings"
+
 	"github.com/apex/log"
 	"github.com/gin-gonic/gin"
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/installer"
 	"github.com/pterodactyl/wings/server"
 	"github.com/pterodactyl/wings/system"
-	"net/http"
-	"strings"
 )
 
 // Returns information about the system that wings is running on.

router/router_transfer.go

@@ -3,10 +3,19 @@ package router
 import (
 	"bufio"
 	"crypto/sha256"
-	"emperror.dev/errors"
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"sync/atomic"
+	"time"
+
+	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
@@ -19,14 +28,6 @@ import (
 	"github.com/pterodactyl/wings/router/tokens"
 	"github.com/pterodactyl/wings/server"
 	"github.com/pterodactyl/wings/system"
-	"io"
-	"net/http"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
-	"sync/atomic"
-	"time"
 )
 
 // Number of ticks in the progress bar

server/archiver.go

@@ -2,15 +2,16 @@ package server
 
 import (
 	"crypto/sha256"
-	"emperror.dev/errors"
 	"encoding/hex"
-	"github.com/mholt/archiver/v3"
-	"github.com/pterodactyl/wings/config"
-	"github.com/pterodactyl/wings/server/filesystem"
 	"io"
 	"io/ioutil"
 	"os"
 	"path/filepath"
+
+	"emperror.dev/errors"
+	"github.com/mholt/archiver/v3"
+	"github.com/pterodactyl/wings/config"
+	"github.com/pterodactyl/wings/server/filesystem"
 )
 
 // Archiver represents a Server Archiver.

server/backup.go

@@ -1,12 +1,13 @@
 package server
 
 import (
+	"io/ioutil"
+	"os"
+
 	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/pterodactyl/wings/api"
 	"github.com/pterodactyl/wings/server/backup"
-	"io/ioutil"
-	"os"
 )
 
 // Notifies the panel of a backup's state and returns an error if one is encountered

server/config_parser.go

@@ -1,8 +1,9 @@
 package server
 
 import (
-	"github.com/gammazero/workerpool"
 	"runtime"
+
+	"github.com/gammazero/workerpool"
 )
 
 // Parent function that will update all of the defined configuration files for a server

server/configuration.go

@@ -1,8 +1,9 @@
 package server
 
 import (
-	"github.com/pterodactyl/wings/environment"
 	"sync"
+
+	"github.com/pterodactyl/wings/environment"
 )
 
 type Configuration struct {

server/console.go

@@ -2,14 +2,15 @@ package server
 
 import (
 	"context"
-	"emperror.dev/errors"
 	"fmt"
-	"github.com/mitchellh/colorstring"
-	"github.com/pterodactyl/wings/config"
-	"github.com/pterodactyl/wings/system"
 	"sync"
 	"sync/atomic"
 	"time"
+
+	"emperror.dev/errors"
+	"github.com/mitchellh/colorstring"
+	"github.com/pterodactyl/wings/config"
+	"github.com/pterodactyl/wings/system"
 )
 
 var ErrTooMuchConsoleData = errors.New("console is outputting too much data")

server/crash.go

@@ -2,11 +2,12 @@ package server
 
 import (
 	"fmt"
-	"github.com/pterodactyl/wings/config"
-	"github.com/pterodactyl/wings/environment"
 	"strconv"
 	"sync"
 	"time"
+
+	"github.com/pterodactyl/wings/config"
+	"github.com/pterodactyl/wings/environment"
 )
 
 type CrashHandler struct {

server/filesystem.go

@@ -1,8 +1,9 @@
 package server
 
 import (
-	"github.com/pterodactyl/wings/server/filesystem"
 	"os"
+
+	"github.com/pterodactyl/wings/server/filesystem"
 )
 
 func (s *Server) Filesystem() *filesystem.Filesystem {

server/install.go

@@ -4,6 +4,13 @@ import (
 	"bufio"
 	"bytes"
 	"context"
+	"html/template"
+	"io"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+
 	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/docker/docker/api/types"
@@ -14,12 +21,6 @@ import (
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/environment"
 	"github.com/pterodactyl/wings/system"
-	"html/template"
-	"io"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
 )
 
 // Executes the installation stack for a server process. Bubbles any errors up to the calling

server/listeners.go

@@ -2,14 +2,15 @@ package server
 
 import (
 	"encoding/json"
+	"regexp"
+	"strconv"
+	"sync"
+
 	"github.com/apex/log"
 	"github.com/pterodactyl/wings/api"
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/environment"
 	"github.com/pterodactyl/wings/events"
-	"regexp"
-	"strconv"
-	"sync"
 )
 
 var dockerEvents = []string{

server/loader.go

@@ -1,9 +1,14 @@
 package server
 
 import (
-	"emperror.dev/errors"
 	"encoding/json"
 	"fmt"
+	"os"
+	"path/filepath"
+	"runtime"
+	"time"
+
+	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/gammazero/workerpool"
 	"github.com/pterodactyl/wings/api"
@@ -11,10 +16,6 @@ import (
 	"github.com/pterodactyl/wings/environment"
 	"github.com/pterodactyl/wings/environment/docker"
 	"github.com/pterodactyl/wings/server/filesystem"
-	"os"
-	"path/filepath"
-	"runtime"
-	"time"
 )
 
 var servers = NewCollection(nil)

server/mounts.go

@@ -1,11 +1,12 @@
 package server
 
 import (
+	"path/filepath"
+	"strings"
+
 	"github.com/apex/log"
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/environment"
-	"path/filepath"
-	"strings"
 )
 
 // To avoid confusion when working with mounts, assume that a server.Mount has not been properly

server/power.go

@@ -2,12 +2,13 @@ package server
 
 import (
 	"context"
+	"os"
+	"time"
+
 	"emperror.dev/errors"
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/environment"
 	"golang.org/x/sync/semaphore"
-	"os"
-	"time"
 )
 
 type PowerAction string

server/resources.go

@@ -1,10 +1,11 @@
 package server
 
 import (
-	"github.com/pterodactyl/wings/environment"
-	"github.com/pterodactyl/wings/system"
 	"sync"
 	"sync/atomic"
+
+	"github.com/pterodactyl/wings/environment"
+	"github.com/pterodactyl/wings/system"
 )
 
 // Defines the current resource usage for a given server instance. If a server is offline you

server/server.go

@@ -2,8 +2,11 @@ package server
 
 import (
 	"context"
-	"emperror.dev/errors"
 	"fmt"
+	"strings"
+	"sync"
+
+	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/creasty/defaults"
 	"github.com/pterodactyl/wings/api"
@@ -14,8 +17,6 @@ import (
 	"github.com/pterodactyl/wings/server/filesystem"
 	"github.com/pterodactyl/wings/system"
 	"golang.org/x/sync/semaphore"
-	"strings"
-	"sync"
 )
 
 // High level definition for a server instance being controlled by Wings.

server/state.go

@@ -2,12 +2,13 @@ package server
 
 import (
 	"encoding/json"
-	"github.com/pterodactyl/wings/config"
-	"github.com/pterodactyl/wings/environment"
 	"io"
 	"io/ioutil"
 	"os"
 	"sync"
+
+	"github.com/pterodactyl/wings/config"
+	"github.com/pterodactyl/wings/environment"
 )
 
 var stateMutex sync.Mutex

server/update.go

@@ -1,8 +1,9 @@
 package server
 
 import (
-	"emperror.dev/errors"
 	"encoding/json"
+
+	"emperror.dev/errors"
 	"github.com/buger/jsonparser"
 	"github.com/imdario/mergo"
 	"github.com/pterodactyl/wings/environment"

server/websockets.go

@@ -2,8 +2,9 @@ package server
 
 import (
 	"context"
-	"github.com/google/uuid"
 	"sync"
+
+	"github.com/google/uuid"
 )
 
 type WebsocketBag struct {

sftp/handler.go

@@ -1,14 +1,15 @@
 package sftp
 
 import (
-	"github.com/apex/log"
-	"github.com/patrickmn/go-cache"
-	"github.com/pkg/sftp"
 	"io"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"sync"
+
+	"github.com/apex/log"
+	"github.com/patrickmn/go-cache"
+	"github.com/pkg/sftp"
 )
 
 type FileSystem struct {

sftp/server.go

@@ -6,11 +6,6 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
-	"github.com/apex/log"
-	"github.com/patrickmn/go-cache"
-	"github.com/pkg/sftp"
-	"github.com/pterodactyl/wings/api"
-	"golang.org/x/crypto/ssh"
 	"io"
 	"io/ioutil"
 	"net"
@@ -18,6 +13,12 @@ import (
 	"path"
 	"strings"
 	"time"
+
+	"github.com/apex/log"
+	"github.com/patrickmn/go-cache"
+	"github.com/pkg/sftp"
+	"github.com/pterodactyl/wings/api"
+	"golang.org/x/crypto/ssh"
 )
 
 type Settings struct {

system/const.go

@@ -2,5 +2,5 @@ package system
 
 var (
 	// The current version of this software.
-	Version = "v0.0.1"
+	Version = "0.0.1"
 )

system/system.go

@@ -1,8 +1,9 @@
 package system
 
 import (
-	"github.com/docker/docker/pkg/parsers/kernel"
 	"runtime"
+
+	"github.com/docker/docker/pkg/parsers/kernel"
 )
 
 type Information struct {