Update CHANGELOG.md

- upgrade dependencies
- run gofmt and goimports to organize code
- fix typos
- other small tweaks

.github/workflows/build-test.yml

@@ -2,17 +2,17 @@ name: Run Tests
 on:
   push:
     branches:
-      - 'develop'
+      - develop
   pull_request:
     branches:
-      - 'develop'
+      - develop
 jobs:
   build:
     strategy:
       fail-fast: false
       matrix:
         os: [ ubuntu-20.04 ]
-        go: [ '^1.15', '^1.16' ]
+        go: [ '^1.16' ]
         goos: [ linux ]
         goarch: [ amd64, arm64 ]
     runs-on: ${{ matrix.os }}
@@ -60,7 +60,7 @@ jobs:
         run: go test ./...
       - name: Upload Artifact
         uses: actions/upload-artifact@v2
-        if: ${{ matrix.go == '^1.15' && (github.ref == 'refs/heads/develop' || github.event_name == 'pull_request') }}
+        if: ${{ matrix.go == '^1.16' && (github.ref == 'refs/heads/develop' || github.event_name == 'pull_request') }}
         with:
           name: wings_${{ matrix.goos }}_${{ matrix.goarch }}
           path: build/wings_${{ matrix.goos }}_${{ matrix.goarch }}

.github/workflows/codeql-analysis.yml

@@ -2,30 +2,29 @@ name: CodeQL
 on:
   push:
     branches:
-      - 'develop'
+      - develop
   pull_request:
     branches:
-      - 'develop'
+      - develop
   schedule:
     - cron: '0 9 * * 4'
 jobs:
   analyze:
     name: Analyze
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
     strategy:
       fail-fast: false
       matrix:
-        language:
+        language: [ 'go' ]
-          - go
     steps:
-      - name: Code Checkout
+      - uses: actions/checkout@v2
-        uses: actions/checkout@v2
-      - name: Checkout Head
-        run: git checkout HEAD^2
-        if: ${{ github.event_name == 'pull_request' }}
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v1
         with:
           languages: ${{ matrix.language }}
-      - name: Perform CodeQL Analysis
+      - uses: github/codeql-action/autobuild@v1
-        uses: github/codeql-action/analyze@v1
+      - uses: github/codeql-action/analyze@v1

.github/workflows/docker.yml

@@ -2,8 +2,7 @@ name: Publish Docker Image
 on:
   push:
     branches:
-      - 'develop'
+      - develop
-
     tags:
       - 'v*'
 jobs:
@@ -44,6 +43,7 @@ jobs:
           build-args: |
             VERSION=${{ steps.build_info.outputs.version_tag }}
           labels: ${{ steps.docker_meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
           push: true
           tags: ${{ steps.docker_meta.outputs.tags }}
       - name: Release Development Build
@@ -53,5 +53,6 @@ jobs:
           build-args: |
             VERSION=dev-${{ steps.build_info.outputs.short_sha }}
           labels: ${{ steps.docker_meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.docker_meta.outputs.tags }}

.github/workflows/release.yml

@@ -11,7 +11,7 @@ jobs:
         uses: actions/checkout@v2
       - uses: actions/setup-go@v2
         with:
-          go-version: '^1.15'
+          go-version: '^1.16'
       - name: Build
         env:
           REF: ${{ github.ref }}

CHANGELOG.md

@@ -1,5 +1,67 @@
 # Changelog
 
+## v1.4.6
+### Fixed
+* Environment variable starting with the same prefix no longer get merged into a single environment variable value (skipping all but the first).
+* The `start_on_completion` flag for server installs will now properly start the server.
+* Fixes socket files unintentionally causing backups to be aborted.
+* Files extracted from a backup now have their preior mode properly set on the restored files, rather than defaulting to 0644.
+* Fixes logrotate issues due to a bad user configuration on some systems.
+
+### Updated
+* The minimum Go version required to compile Wings is now `go1.16`.
+
+### Deprecated
+> Both of these deprecations will be removed in `Wings@2.0.0`.
+
+* The `Server.Id()` method has been deprecated in favor of `Server.ID()`.
+* The `directory` field on the `/api/servers/:server/files/pull` endpoint is deprecated and should be updated to use `root` instead for consistency with other endpoints.
+
+## v1.4.5
+### Changed
+* Upped the process limit for a container from `256` to `512` in order to address edge-cases for some games that spawn a lot of processes.
+
+## v1.4.4
+### Added
+* **[security]** Adds support for limiting the total number of pids any one container can have active at once to prevent malicious users from impacting other instances on the same node.
+* Server install containers now use the limits assigned to the server, or a globally defined minimum amount of memory and CPU rather than having unlimited resources.
+
+## v1.4.3
+This build was created to address `CVE-2021-33196` in `Go` which requires a new binary
+be built on the latest `go1.15` version.
+
+## v1.4.2
+### Fixed
+* Fixes the `~` character not being properly trimmed from container image names when creating a new server.
+
+### Changed
+* Implemented exponential backoff for S3 uploads when working with backups. This should resolve many issues with external S3 compatiable systems that sometimes return 5xx level errors that should be re-attempted automatically.
+* Implements exponential backoff behavior for all API calls to the Panel that do not immediately return a 401, 403, or 429 error response. This should address fragiligty in some API calls and address random call failures due to connection drops or random DNS resolution errors.
+
+## v1.4.1
+### Fixed
+* Fixes a bug that would cause the file unarchiving process to put all files in the base directory rather than the directory in which the files should be located.
+
+## v1.4.0
+### Fixed
+* **[Breaking]** Fixes `/api/servers` and `/api/servers/:server` not properly returning all of the relevant server information and resource usage.
+* Fixes Wings improperly reading `WINGS_UID` and not `WINGS_GID` when running in containerized environments.
+* Fixes a panic encountered when returning the contents of a file that is actively being written to by another process.
+* Corrected the handling of files that are being decompressed to properly support `.rar` files.
+* Fixes the error message returned when a server has run out of disk space to properly indicate such, rather than indicating that the file is a directory.
+
+### Changed
+* Improved the error handling and output when an error is encountered while pulling an image for a server.
+* Improved robustness of code handling value replacement in configuration files to not potentially panic if a non-string value is encountered as the replacement type.
+* Improves error handling throughout the server filesystem.
+
+### Added
+* Adds the ability to set the internal name of the application in response output from the console using the `app_name` key in the `config.yml` file.
+
+## v1.3.2
+### Fixed
+* Correctly sets the internal state of the server as restoring when a restore is being performed to avoid any accidental booting.
+
 ## v1.3.1
 ### Fixed
 * Fixes an error being returned to the client when attempting to restart a server when the container no longer exists on the machine.

Dockerfile

@@ -1,8 +1,8 @@
 # Stage 1 (Build)
-FROM golang:1.15-alpine3.12 AS builder
+FROM --platform=$BUILDPLATFORM golang:1.16-alpine AS builder
 
 ARG VERSION
-RUN apk add --update --no-cache git=2.26.2-r0 make=4.3-r0 upx=3.96-r0
+RUN apk add --update --no-cache git make upx
 WORKDIR /app/
 COPY go.mod go.sum /app/
 RUN go mod download
@@ -14,9 +14,10 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
     -o wings \
     wings.go
 RUN upx wings
+RUN echo "ID=\"distroless\"" > /etc/os-release
 
 # Stage 2 (Final)
-FROM busybox:1.33.0
+FROM gcr.io/distroless/static:latest
-RUN echo "ID=\"busybox\"" > /etc/os-release
+COPY --from=builder /etc/os-release /etc/os-release
 COPY --from=builder /app/wings /usr/bin/
-CMD [ "wings", "--config", "/etc/pterodactyl/config.yml" ]
+CMD [ "/usr/bin/wings", "--config", "/etc/pterodactyl/config.yml" ]

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2019 Dane Everitt <dane@daneeveritt.com>
+Copyright (c) 2018 - 2021 Dane Everitt <dane@daneeveritt.com> and Contributors
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -19,14 +19,19 @@ I would like to extend my sincere thanks to the following sponsors for helping f
 | Company | About |
 | ------- | ----- |
 | [**WISP**](https://wisp.gg) | Extra features. |
+| [**MixmlHosting**](https://mixmlhosting.com) | MixmlHosting provides high quality Virtual Private Servers along with game servers, all at a affordable price. |
+| [**BisectHosting**](https://www.bisecthosting.com/) | BisectHosting provides Minecraft, Valheim and other server hosting services with the highest reliability and lightning fast support since 2012. |
 | [**Bloom.host**](https://bloom.host) | Bloom.host offers dedicated core VPS and Minecraft hosting with Ryzen 9 processors. With owned-hardware, we offer truly unbeatable prices on high-performance hosting. |
 | [**MineStrator**](https://minestrator.com/) | Looking for a French highend hosting company for you minecraft server? More than 14,000 members on our discord, trust us. |
 | [**DedicatedMC**](https://dedicatedmc.io/) | DedicatedMC provides Raw Power hosting at affordable pricing, making sure to never compromise on your performance and giving you the best performance money can buy. |
 | [**Skynode**](https://www.skynode.pro/) | Skynode provides blazing fast game servers along with a top-notch user experience. Whatever our clients are looking for, we're able to provide it! |
 | [**XCORE**](https://xcore-server.de/) | XCORE offers High-End Servers for hosting and gaming since 2012. Fast, excellent and well-known for eSports Gaming. |
 | [**RoyaleHosting**](https://royalehosting.net/) | Build your dreams and deploy them with RoyaleHosting’s reliable servers and network. Easy to use, provisioned in a couple of minutes. |
-| [**Spill Hosting**](https://spillhosting.no/) |  Spill Hosting is a Norwegian hosting service, which aims to cheap services on quality servers. Premium i9-9900K processors will run your game like a dream. |
+| [**Spill Hosting**](https://spillhosting.no/) | Spill Hosting is a Norwegian hosting service, which aims for inexpensive services on quality servers. Premium i9-9900K processors will run your game like a dream. |
 | [**DeinServerHost**](https://deinserverhost.de/) | DeinServerHost offers Dedicated, vps and Gameservers for many popular Games like Minecraft and Rust in Germany since 2013. |
+| [**HostBend**](https://hostbend.com/) | HostBend offers a variety of solutions for developers, students, and others who have a tight budget but don't want to compromise quality and support. |
+| [**Capitol Hosting Solutions**](https://capitolsolutions.cloud/) | CHS is *the* budget friendly hosting company for Australian and American gamers, offering a variety of plans from Web Hosting to Game Servers; Custom Solutions too! |
+| [**ByteAnia**](https://byteania.com/?utm_source=pterodactyl) | ByteAnia offers the best performing and most affordable **Ryzen 5000 Series hosting** on the market for *unbeatable prices*! |
 
 ## Documentation
 * [Panel Documentation](https://pterodactyl.io/panel/1.0/getting_started.html)

cmd/configure.go

@@ -14,8 +14,9 @@ import (
 
 	"github.com/AlecAivazis/survey/v2"
 	"github.com/AlecAivazis/survey/v2/terminal"
-	"github.com/pterodactyl/wings/config"
 	"github.com/spf13/cobra"
+
+	"github.com/pterodactyl/wings/config"
 )
 
 var (

cmd/diagnostics.go

@@ -21,11 +21,12 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/pkg/parsers/kernel"
 	"github.com/docker/docker/pkg/parsers/operatingsystem"
+	"github.com/spf13/cobra"
+
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/environment"
 	"github.com/pterodactyl/wings/loggers/cli"
 	"github.com/pterodactyl/wings/system"
-	"github.com/spf13/cobra"
 )
 
 const DefaultHastebinUrl = "https://ptero.co"

cmd/root.go

@@ -20,6 +20,10 @@ import (
 	"github.com/gammazero/workerpool"
 	"github.com/mitchellh/colorstring"
 	"github.com/pkg/profile"
+	"github.com/spf13/cobra"
+	"golang.org/x/crypto/acme"
+	"golang.org/x/crypto/acme/autocert"
+
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/environment"
 	"github.com/pterodactyl/wings/loggers/cli"
@@ -28,9 +32,6 @@ import (
 	"github.com/pterodactyl/wings/server"
 	"github.com/pterodactyl/wings/sftp"
 	"github.com/pterodactyl/wings/system"
-	"github.com/spf13/cobra"
-	"golang.org/x/crypto/acme"
-	"golang.org/x/crypto/acme/autocert"
 )
 
 var (
@@ -40,7 +41,7 @@ var (
 
 var rootCommand = &cobra.Command{
 	Use:   "wings",
-	Short: "Runs the API server allowing programatic control of game servers for Pterodactyl Panel.",
+	Short: "Runs the API server allowing programmatic control of game servers for Pterodactyl Panel.",
 	PreRun: func(cmd *cobra.Command, args []string) {
 		initConfig()
 		initLogging()
@@ -58,7 +59,7 @@ var versionCommand = &cobra.Command{
 	Use:   "version",
 	Short: "Prints the current executable version and exits.",
 	Run: func(cmd *cobra.Command, _ []string) {
-		fmt.Printf("wings v%s\nCopyright © 2018 - 2021 Dane Everitt & Contributors\n", system.Version)
+		fmt.Printf("wings v%s\nCopyright © 2018 - %d Dane Everitt & Contributors\n", system.Version, time.Now().Year())
 	},
 }
 
@@ -90,9 +91,9 @@ func rootCmdRun(cmd *cobra.Command, _ []string) {
 	case "mem":
 		defer profile.Start(profile.MemProfile).Stop()
 	case "alloc":
-		defer profile.Start(profile.MemProfile, profile.MemProfileAllocs()).Stop()
+		defer profile.Start(profile.MemProfile, profile.MemProfileAllocs).Stop()
 	case "heap":
-		defer profile.Start(profile.MemProfile, profile.MemProfileHeap()).Stop()
+		defer profile.Start(profile.MemProfile, profile.MemProfileHeap).Stop()
 	case "routines":
 		defer profile.Start(profile.GoroutineProfile).Stop()
 	case "mutex":
@@ -122,11 +123,6 @@ func rootCmdRun(cmd *cobra.Command, _ []string) {
 		log.WithField("error", err).Fatal("failed to configure system directories for pterodactyl")
 		return
 	}
-	if err := config.EnableLogRotation(); err != nil {
-		log.WithField("error", err).Fatal("failed to configure log rotation on the system")
-		return
-	}
-
 	log.WithField("username", config.Get().System.User).Info("checking for pterodactyl system user")
 	if err := config.EnsurePterodactylUser(); err != nil {
 		log.WithField("error", err).Fatal("failed to create pterodactyl system user")
@@ -136,6 +132,10 @@ func rootCmdRun(cmd *cobra.Command, _ []string) {
 		"uid":      config.Get().System.User.Uid,
 		"gid":      config.Get().System.User.Gid,
 	}).Info("configured system user successfully")
+	if err := config.EnableLogRotation(); err != nil {
+		log.WithField("error", err).Fatal("failed to configure log rotation on the system")
+		return
+	}
 
 	pclient := remote.New(
 		config.Get().PanelLocation,
@@ -160,7 +160,7 @@ func rootCmdRun(cmd *cobra.Command, _ []string) {
 
 	// Just for some nice log output.
 	for _, s := range manager.All() {
-		log.WithField("server", s.Id()).Info("finished loading configuration for server")
+		log.WithField("server", s.ID()).Info("finished loading configuration for server")
 	}
 
 	states, err := manager.ReadStates()
@@ -202,14 +202,14 @@ func rootCmdRun(cmd *cobra.Command, _ []string) {
 		pool.Submit(func() {
 			s.Log().Info("configuring server environment and restoring to previous state")
 			var st string
-			if state, exists := states[s.Id()]; exists {
+			if state, exists := states[s.ID()]; exists {
 				st = state
 			}
 
 			r, err := s.Environment.IsRunning()
 			// We ignore missing containers because we don't want to actually block booting of wings at this
-			// point. If we didn't do this and you pruned all of the images and then started wings you could
+			// point. If we didn't do this, and you pruned all the images and then started wings you could
-			// end up waiting a long period of time for all of the images to be re-pulled on Wings boot rather
+			// end up waiting a long period of time for all the images to be re-pulled on Wings boot rather
 			// than when the server itself is started.
 			if err != nil && !client.IsErrNotFound(err) {
 				s.Log().WithField("error", err).Error("error checking server environment status")
@@ -247,10 +247,10 @@ func rootCmdRun(cmd *cobra.Command, _ []string) {
 		})
 	}
 
-	// Wait until all of the servers are ready to go before we fire up the SFTP and HTTP servers.
+	// Wait until all the servers are ready to go before we fire up the SFTP and HTTP servers.
 	pool.StopWait()
 	defer func() {
-		// Cancel the context on all of the running servers at this point, even though the
+		// Cancel the context on all the running servers at this point, even though the
 		// program is just shutting down.
 		for _, s := range manager.All() {
 			s.CtxCancel()
@@ -267,7 +267,7 @@ func rootCmdRun(cmd *cobra.Command, _ []string) {
 
 	go func() {
 		log.Info("updating server states on Panel: marking installing/restoring servers as normal")
-		// Update all of the servers on the Panel to be in a valid state if they're
+		// Update all the servers on the Panel to be in a valid state if they're
 		// currently marked as installing/restoring now that Wings is restarted.
 		if err := pclient.ResetServersState(cmd.Context()); err != nil {
 			log.WithField("error", err).Error("failed to reset server states on Panel: some instances may be stuck in an installing/restoring state unexpectedly")
@@ -349,7 +349,7 @@ func rootCmdRun(cmd *cobra.Command, _ []string) {
 }
 
 // Reads the configuration from the disk and then sets up the global singleton
-// with all of the configuration values.
+// with all the configuration values.
 func initConfig() {
 	if !strings.HasPrefix(configPath, "/") {
 		d, err := os.Getwd()
@@ -400,7 +400,7 @@ __ [blue][bold]Pterodactyl[reset] _____/___/_______ _______ ______
         \___/\___/___/___/___/___    /______/
                             /_______/ [bold]%s[reset]
 
-Copyright © 2018 - 2021 Dane Everitt & Contributors
+Copyright © 2018 - %d Dane Everitt & Contributors
 
 Website:  https://pterodactyl.io
  Source:  https://github.com/pterodactyl/wings
@@ -408,7 +408,7 @@ License:  https://github.com/pterodactyl/wings/blob/develop/LICENSE
 
 This software is made available under the terms of the MIT license.
 The above copyright notice and this permission notice shall be included
-in all copies or substantial portions of the Software.%s`), system.Version, "\n\n")
+in all copies or substantial portions of the Software.%s`), system.Version, time.Now().Year(), "\n\n")
 }
 
 func exitWithConfigurationNotice() {

config/config.go

@@ -21,8 +21,9 @@ import (
 	"github.com/cobaugh/osrelease"
 	"github.com/creasty/defaults"
 	"github.com/gbrlsnchs/jwt/v3"
-	"github.com/pterodactyl/wings/system"
 	"gopkg.in/yaml.v2"
+
+	"github.com/pterodactyl/wings/system"
 )
 
 const DefaultLocation = "/etc/pterodactyl/config.yml"
@@ -53,7 +54,7 @@ var _jwtAlgo *jwt.HMACSHA
 var _debugViaFlag bool
 
 // Locker specific to writing the configuration to the disk, this happens
-// in areas that might already be locked so we don't want to crash the process.
+// in areas that might already be locked, so we don't want to crash the process.
 var _writeLock sync.Mutex
 
 // SftpConfiguration defines the configuration of the internal SFTP server.
@@ -247,6 +248,8 @@ type Configuration struct {
 	// if the debug flag is passed through the command line arguments.
 	Debug bool
 
+	AppName string `default:"Pterodactyl" json:"app_name" yaml:"app_name"`
+
 	// A unique identifier for this node in the Panel.
 	Uuid string
 
@@ -392,10 +395,10 @@ func EnsurePterodactylUser() error {
 	}
 
 	// Our way of detecting if wings is running inside of Docker.
-	if sysName == "busybox" {
+	if sysName == "distroless" {
 		_config.System.Username = system.FirstNotEmpty(os.Getenv("WINGS_USERNAME"), "pterodactyl")
 		_config.System.User.Uid = system.MustInt(system.FirstNotEmpty(os.Getenv("WINGS_UID"), "988"))
-		_config.System.User.Gid = system.MustInt(system.FirstNotEmpty(os.Getenv("WINGS_UID"), "988"))
+		_config.System.User.Gid = system.MustInt(system.FirstNotEmpty(os.Getenv("WINGS_GID"), "988"))
 		return nil
 	}
 
@@ -536,8 +539,7 @@ func EnableLogRotation() error {
 	}
 	defer f.Close()
 
-	t, err := template.New("logrotate").Parse(`
+	t, err := template.New("logrotate").Parse(`{{.LogDirectory}}/wings.log {
-{{.LogDirectory}}/wings.log {
     size 10M
     compress
     delaycompress
@@ -545,9 +547,8 @@ func EnableLogRotation() error {
     maxage 7
     missingok
     notifempty
-    create 0640 {{.User.Uid}} {{.User.Gid}}
     postrotate
-        killall -SIGHUP wings
+        /usr/bin/systemctl kill -s HUP wings.service >/dev/null 2>&1 || true
     endscript
 }`)
 	if err != nil {

config/config_docker.go

@@ -55,6 +55,21 @@ type DockerConfiguration struct {
 	// utilizes host memory for this value, and that we do not keep track of the space used here
 	// so avoid allocating too much to a server.
 	TmpfsSize uint `default:"100" json:"tmpfs_size" yaml:"tmpfs_size"`
+
+	// ContainerPidLimit sets the total number of processes that can be active in a container
+	// at any given moment. This is a security concern in shared-hosting environments where a
+	// malicious process could create enough processes to cause the host node to run out of
+	// available pids and crash.
+	ContainerPidLimit int64 `default:"512" json:"container_pid_limit" yaml:"container_pid_limit"`
+
+	// InstallLimits defines the limits on the installer containers that prevents a server's
+	// installation process from unintentionally consuming more resources than expected. This
+	// is used in conjunction with the server's defined limits. Whichever value is higher will
+	// take precedence in the install containers.
+	InstallerLimits struct {
+		Memory int64 `default:"1024" json:"memory" yaml:"memory"`
+		Cpu    int64 `default:"100" json:"cpu" yaml:"cpu"`
+	} `json:"installer_limits" yaml:"installer_limits"`
 }
 
 // RegistryConfiguration defines the authentication credentials for a given

environment/allocations.go

@@ -5,6 +5,7 @@ import (
 	"strconv"
 
 	"github.com/docker/go-connections/nat"
+
 	"github.com/pterodactyl/wings/config"
 )
 
@@ -19,7 +20,7 @@ type Allocations struct {
 		Port int    `json:"port"`
 	} `json:"default"`
 
-	// Mappings contains all of the ports that should be assigned to a given server
+	// Mappings contains all the ports that should be assigned to a given server
 	// attached to the IP they correspond to.
 	Mappings map[string][]int `json:"mappings"`
 }
@@ -62,7 +63,7 @@ func (a *Allocations) DockerBindings() nat.PortMap {
 	iface := config.Get().Docker.Network.Interface
 
 	out := a.Bindings()
-	// Loop over all of the bindings for this container, and convert any that reference 127.0.0.1
+	// Loop over all the bindings for this container, and convert any that reference 127.0.0.1
 	// to use the pterodactyl0 network interface IP, as that is the true local for what people are
 	// trying to do when creating servers.
 	for p, binds := range out {

environment/docker.go

@@ -10,6 +10,7 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/client"
+
 	"github.com/pterodactyl/wings/config"
 )
 

environment/docker/container.go

@@ -17,6 +17,7 @@ import (
 	"github.com/docker/docker/api/types/mount"
 	"github.com/docker/docker/client"
 	"github.com/docker/docker/daemon/logger/jsonfilelog"
+
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/environment"
 	"github.com/pterodactyl/wings/system"
@@ -132,14 +133,14 @@ func (e *Environment) InSituUpdate() error {
 	//
 	// @see https://github.com/moby/moby/issues/41946
 	if _, err := e.client.ContainerUpdate(ctx, e.Id, container.UpdateConfig{
-		Resources: e.resources(),
+		Resources: e.Configuration.Limits().AsContainerResources(),
 	}); err != nil {
 		return errors.Wrap(err, "environment/docker: could not update container")
 	}
 	return nil
 }
 
-// Create creates a new container for the server using all of the data that is
+// Create creates a new container for the server using all the data that is
 // currently available for it. If the container already exists it will be
 // returned.
 func (e *Environment) Create() error {
@@ -149,12 +150,12 @@ func (e *Environment) Create() error {
 	if _, err := e.client.ContainerInspect(context.Background(), e.Id); err == nil {
 		return nil
 	} else if !client.IsErrNotFound(err) {
-		return err
+		return errors.Wrap(err, "environment/docker: failed to inspect container")
 	}
 
 	// Try to pull the requested image before creating the container.
 	if err := e.ensureImageExists(e.meta.Image); err != nil {
-		return err
+		return errors.WithStackIf(err)
 	}
 
 	a := e.Configuration.Allocations()
@@ -178,7 +179,7 @@ func (e *Environment) Create() error {
 		OpenStdin:    true,
 		Tty:          true,
 		ExposedPorts: a.Exposed(),
-		Image:        e.meta.Image,
+		Image:        strings.TrimPrefix(e.meta.Image, "~"),
 		Env:          e.Configuration.EnvironmentVariables(),
 		Labels: map[string]string{
 			"Service":       "Pterodactyl",
@@ -192,7 +193,7 @@ func (e *Environment) Create() error {
 		PortBindings: a.DockerBindings(),
 
 		// Configure the mounts for this container. First mount the server data directory
-		// into the container as a r/w bind.
+		// into the container as an r/w bind.
 		Mounts: e.convertMounts(),
 
 		// Configure the /tmp folder mapping in containers. This is necessary for some
@@ -203,7 +204,7 @@ func (e *Environment) Create() error {
 
 		// Define resource limits for the container based on the data passed through
 		// from the Panel.
-		Resources: e.resources(),
+		Resources: e.Configuration.Limits().AsContainerResources(),
 
 		DNS: config.Get().Docker.Network.Dns,
 
@@ -230,7 +231,7 @@ func (e *Environment) Create() error {
 	}
 
 	if _, err := e.client.ContainerCreate(context.Background(), conf, hostConf, nil, nil, e.Id); err != nil {
-		return err
+		return errors.Wrap(err, "environment/docker: failed to create container")
 	}
 
 	return nil
@@ -340,11 +341,9 @@ func (e *Environment) scanOutput(reader io.ReadCloser) {
 
 	events := e.Events()
 
-	err := system.ScanReader(reader, func(line string) {
+	if err := system.ScanReader(reader, func(line string) {
 		events.Publish(environment.ConsoleOutputEvent, line)
-	})
+	}); err != nil && err != io.EOF {
-
-	if err != nil && err != io.EOF {
 		log.WithField("error", err).WithField("container_id", e.Id).Warn("error processing scanner line in console output")
 		return
 	}
@@ -354,7 +353,7 @@ func (e *Environment) scanOutput(reader io.ReadCloser) {
 		return
 	}
 
-	// Close the current reader before starting a new one, the defer will still run
+	// Close the current reader before starting a new one, the defer will still run,
 	// but it will do nothing if we already closed the stream.
 	_ = reader.Close()
 
@@ -372,7 +371,7 @@ type imagePullStatus struct {
 // error to the logger but continue with the process.
 //
 // The reasoning behind this is that Quay has had some serious outages as of
-// late, and we don't need to block all of the servers from booting just because
+// late, and we don't need to block all the servers from booting just because
 // of that. I'd imagine in a lot of cases an outage shouldn't affect users too
 // badly. It'll at least keep existing servers working correctly if anything.
 func (e *Environment) ensureImageExists(image string) error {
@@ -420,7 +419,7 @@ func (e *Environment) ensureImageExists(image string) error {
 		if ierr != nil {
 			// Well damn, something has gone really wrong here, just go ahead and abort there
 			// isn't much anything we can do to try and self-recover from this.
-			return ierr
+			return errors.Wrap(ierr, "environment/docker: failed to list images")
 		}
 
 		for _, img := range images {
@@ -441,7 +440,7 @@ func (e *Environment) ensureImageExists(image string) error {
 			}
 		}
 
-		return err
+		return errors.Wrapf(err, "environment/docker: failed to pull \"%s\" image for server", image)
 	}
 	defer out.Close()
 
@@ -486,6 +485,7 @@ func (e *Environment) convertMounts() []mount.Mount {
 
 func (e *Environment) resources() container.Resources {
 	l := e.Configuration.Limits()
+	pids := l.ProcessLimit()
 
 	return container.Resources{
 		Memory:            l.BoundedMemoryLimit(),
@@ -497,5 +497,6 @@ func (e *Environment) resources() container.Resources {
 		BlkioWeight:       l.IoWeight,
 		OomKillDisable:    &l.OOMDisabled,
 		CpusetCpus:        l.Threads,
+		PidsLimit:         &pids,
 	}
 }

environment/docker/environment.go

@@ -10,6 +10,7 @@ import (
 	"github.com/apex/log"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
+
 	"github.com/pterodactyl/wings/environment"
 	"github.com/pterodactyl/wings/events"
 	"github.com/pterodactyl/wings/remote"
@@ -21,7 +22,7 @@ type Metadata struct {
 	Stop  remote.ProcessStopConfiguration
 }
 
-// Ensure that the Docker environment is always implementing all of the methods
+// Ensure that the Docker environment is always implementing all the methods
 // from the base environment interface.
 var _ environment.ProcessEnvironment = (*Environment)(nil)
 

environment/docker/power.go

@@ -12,6 +12,7 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/client"
+
 	"github.com/pterodactyl/wings/environment"
 	"github.com/pterodactyl/wings/remote"
 )
@@ -27,7 +28,7 @@ func (e *Environment) OnBeforeStart() error {
 	// Always destroy and re-create the server container to ensure that synced data from the Panel is used.
 	if err := e.client.ContainerRemove(context.Background(), e.Id, types.ContainerRemoveOptions{RemoveVolumes: true}); err != nil {
 		if !client.IsErrNotFound(err) {
-			return errors.WithMessage(err, "failed to remove server docker container during pre-boot")
+			return errors.WrapIf(err, "environment/docker: failed to remove container during pre-boot")
 		}
 	}
 
@@ -71,7 +72,7 @@ func (e *Environment) Start() error {
 		//
 		// @see https://github.com/pterodactyl/panel/issues/2000
 		if !client.IsErrNotFound(err) {
-			return err
+			return errors.WrapIf(err, "environment/docker: failed to inspect container")
 		}
 	} else {
 		// If the server is running update our internal state and continue on with the attach.
@@ -81,12 +82,12 @@ func (e *Environment) Start() error {
 			return e.Attach()
 		}
 
-		// Truncate the log file so we don't end up outputting a bunch of useless log information
+		// Truncate the log file, so we don't end up outputting a bunch of useless log information
 		// to the websocket and whatnot. Check first that the path and file exist before trying
 		// to truncate them.
 		if _, err := os.Stat(c.LogPath); err == nil {
 			if err := os.Truncate(c.LogPath, 0); err != nil {
-				return err
+				return errors.Wrap(err, "environment/docker: failed to truncate instance logs")
 			}
 		}
 	}
@@ -101,14 +102,14 @@ func (e *Environment) Start() error {
 	// exists on the system, and rebuild the container if that is required for server booting to
 	// occur.
 	if err := e.OnBeforeStart(); err != nil {
-		return err
+		return errors.WithStackIf(err)
 	}
 
 	ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)
 	defer cancel()
 
 	if err := e.client.ContainerStart(ctx, e.Id, types.ContainerStartOptions{}); err != nil {
-		return err
+		return errors.WrapIf(err, "environment/docker: failed to start container")
 	}
 
 	// No errors, good to continue through.
@@ -242,7 +243,7 @@ func (e *Environment) Terminate(signal os.Signal) error {
 	}
 
 	if !c.State.Running {
-		// If the container is not running but we're not already in a stopped state go ahead
+		// If the container is not running, but we're not already in a stopped state go ahead
 		// and update things to indicate we should be completely stopped now. Set to stopping
 		// first so crash detection is not triggered.
 		if e.st.Load() != environment.ProcessOfflineState {

environment/docker/stats.go

@@ -2,12 +2,14 @@ package docker
 
 import (
 	"context"
-	"emperror.dev/errors"
 	"encoding/json"
-	"github.com/docker/docker/api/types"
-	"github.com/pterodactyl/wings/environment"
 	"io"
 	"math"
+
+	"emperror.dev/errors"
+	"github.com/docker/docker/api/types"
+
+	"github.com/pterodactyl/wings/environment"
 )
 
 // Attach to the instance and then automatically emit an event whenever the resource usage for the
@@ -73,9 +75,8 @@ func (e *Environment) pollResources(ctx context.Context) error {
 // value which can be rather confusing to people trying to compare panel usage to
 // their stats output.
 //
-// This math is straight up lifted from their CLI repository in order to show the same
+// This math is from their CLI repository in order to show the same values to avoid people
-// values to avoid people bothering me about it. It should also reflect a slightly more
+// bothering me about it. It should also reflect a slightly more correct memory value anyways.
-// correct memory value anyways.
 //
 // @see https://github.com/docker/cli/blob/96e1d1d6/cli/command/container/stats_helpers.go#L227-L249
 func calculateDockerMemory(stats types.MemoryStats) uint64 {

environment/settings.go

@@ -6,6 +6,9 @@ import (
 	"strconv"
 
 	"github.com/apex/log"
+	"github.com/docker/docker/api/types/container"
+
+	"github.com/pterodactyl/wings/config"
 )
 
 type Mount struct {
@@ -23,13 +26,13 @@ type Mount struct {
 	// that we're mounting into the container at the Target location.
 	Source string `json:"source"`
 
-	// Whether or not the directory is being mounted as read-only. It is up to the environment to
+	// Whether the directory is being mounted as read-only. It is up to the environment to
 	// handle this value correctly and ensure security expectations are met with its usage.
 	ReadOnly bool `json:"read_only"`
 }
 
-// The build settings for a given server that impact docker container creation and
+// Limits is the build settings for a given server that impact docker container
-// resource limits for a server instance.
+// creation and resource limits for a server instance.
 type Limits struct {
 	// The total amount of memory in megabytes that this server is allowed to
 	// use on the host system.
@@ -56,51 +59,76 @@ type Limits struct {
 	OOMDisabled bool `json:"oom_disabled"`
 }
 
-// Converts the CPU limit for a server build into a number that can be better understood
+// ConvertedCpuLimit converts the CPU limit for a server build into a number
-// by the Docker environment. If there is no limit set, return -1 which will indicate to
+// that can be better understood by the Docker environment. If there is no limit
-// Docker that it has unlimited CPU quota.
+// set, return -1 which will indicate to Docker that it has unlimited CPU quota.
-func (r *Limits) ConvertedCpuLimit() int64 {
+func (l Limits) ConvertedCpuLimit() int64 {
-	if r.CpuLimit == 0 {
+	if l.CpuLimit == 0 {
 		return -1
 	}
 
-	return r.CpuLimit * 1000
+	return l.CpuLimit * 1000
 }
 
-// Set the hard limit for memory usage to be 5% more than the amount of memory assigned to
+// MemoryOverheadMultiplier sets the hard limit for memory usage to be 5% more
-// the server. If the memory limit for the server is < 4G, use 10%, if less than 2G use
+// than the amount of memory assigned to the server. If the memory limit for the
-// 15%. This avoids unexpected crashes from processes like Java which run over the limit.
+// server is < 4G, use 10%, if less than 2G use 15%. This avoids unexpected
-func (r *Limits) MemoryOverheadMultiplier() float64 {
+// crashes from processes like Java which run over the limit.
-	if r.MemoryLimit <= 2048 {
+func (l Limits) MemoryOverheadMultiplier() float64 {
+	if l.MemoryLimit <= 2048 {
 		return 1.15
-	} else if r.MemoryLimit <= 4096 {
+	} else if l.MemoryLimit <= 4096 {
 		return 1.10
 	}
 
 	return 1.05
 }
 
-func (r *Limits) BoundedMemoryLimit() int64 {
+func (l Limits) BoundedMemoryLimit() int64 {
-	return int64(math.Round(float64(r.MemoryLimit) * r.MemoryOverheadMultiplier() * 1_000_000))
+	return int64(math.Round(float64(l.MemoryLimit) * l.MemoryOverheadMultiplier() * 1_000_000))
 }
 
-// Returns the amount of swap available as a total in bytes. This is returned as the amount
+// ConvertedSwap returns the amount of swap available as a total in bytes. This
-// of memory available to the server initially, PLUS the amount of additional swap to include
+// is returned as the amount of memory available to the server initially, PLUS
-// which is the format used by Docker.
+// the amount of additional swap to include which is the format used by Docker.
-func (r *Limits) ConvertedSwap() int64 {
+func (l Limits) ConvertedSwap() int64 {
-	if r.Swap < 0 {
+	if l.Swap < 0 {
 		return -1
 	}
 
-	return (r.Swap * 1_000_000) + r.BoundedMemoryLimit()
+	return (l.Swap * 1_000_000) + l.BoundedMemoryLimit()
+}
+
+// ProcessLimit returns the process limit for a container. This is currently
+// defined at a system level and not on a per-server basis.
+func (l Limits) ProcessLimit() int64 {
+	return config.Get().Docker.ContainerPidLimit
+}
+
+func (l Limits) AsContainerResources() container.Resources {
+	pids := l.ProcessLimit()
+
+	return container.Resources{
+		Memory:            l.BoundedMemoryLimit(),
+		MemoryReservation: l.MemoryLimit * 1_000_000,
+		MemorySwap:        l.ConvertedSwap(),
+		CPUQuota:          l.ConvertedCpuLimit(),
+		CPUPeriod:         100_000,
+		CPUShares:         1024,
+		BlkioWeight:       l.IoWeight,
+		OomKillDisable:    &l.OOMDisabled,
+		CpusetCpus:        l.Threads,
+		PidsLimit:         &pids,
+	}
 }
 
 type Variables map[string]interface{}
 
-// Ugly hacky function to handle environment variables that get passed through as not-a-string
+// Get is an ugly hacky function to handle environment variables that get passed
-// from the Panel. Ideally we'd just say only pass strings, but that is a fragile idea and if a
+// through as not-a-string from the Panel. Ideally we'd just say only pass
-// string wasn't passed through you'd cause a crash or the server to become unavailable. For now
+// strings, but that is a fragile idea and if a string wasn't passed through
-// try to handle the most likely values from the JSON and hope for the best.
+// you'd cause a crash or the server to become unavailable. For now try to
+// handle the most likely values from the JSON and hope for the best.
 func (v Variables) Get(key string) string {
 	val, ok := v[key]
 	if !ok {

environment/stats.go

@@ -12,7 +12,7 @@ type Stats struct {
 
 	// The total amount of memory this container or resource can use. Inside Docker this is
 	// going to be higher than you'd expect because we're automatically allocating overhead
-	// abilities for the container, so its not going to be a perfect match.
+	// abilities for the container, so it's not going to be a perfect match.
 	MemoryLimit uint64 `json:"memory_limit_bytes"`
 
 	// The absolute CPU usage is the amount of CPU used in relation to the entire system and

events/events.go

@@ -30,7 +30,7 @@ func (e *EventBus) Publish(topic string, data string) {
 	// Some of our topics for the socket support passing a more specific namespace,
 	// such as "backup completed:1234" to indicate which specific backup was completed.
 	//
-	// In these cases, we still need to the send the event using the standard listener
+	// In these cases, we still need to send the event using the standard listener
 	// name of "backup completed".
 	if strings.Contains(topic, ":") {
 		parts := strings.SplitN(topic, ":", 2)
@@ -43,7 +43,7 @@ func (e *EventBus) Publish(topic string, data string) {
 	e.mu.RLock()
 	defer e.mu.RUnlock()
 
-	// Acquire a read lock and loop over all of the channels registered for the topic. This
+	// Acquire a read lock and loop over all the channels registered for the topic. This
 	// avoids a panic crash if the process tries to unregister the channel while this routine
 	// is running.
 	if cp, ok := e.pools[t]; ok {
@@ -65,7 +65,7 @@ func (e *EventBus) Publish(topic string, data string) {
 	}
 }
 
-// Publishes a JSON message to a given topic.
+// PublishJson publishes a JSON message to a given topic.
 func (e *EventBus) PublishJson(topic string, data interface{}) error {
 	b, err := json.Marshal(data)
 	if err != nil {
@@ -77,7 +77,7 @@ func (e *EventBus) PublishJson(topic string, data interface{}) error {
 	return nil
 }
 
-// Register a callback function that will be executed each time one of the events using the topic
+// On adds a callback function that will be executed each time one of the events using the topic
 // name is called.
 func (e *EventBus) On(topic string, callback *func(Event)) {
 	e.mu.Lock()
@@ -97,7 +97,7 @@ func (e *EventBus) On(topic string, callback *func(Event)) {
 	e.pools[topic].Add(callback)
 }
 
-// Removes an event listener from the bus.
+// Off removes an event listener from the bus.
 func (e *EventBus) Off(topic string, callback *func(Event)) {
 	e.mu.Lock()
 	defer e.mu.Unlock()
@@ -107,7 +107,7 @@ func (e *EventBus) Off(topic string, callback *func(Event)) {
 	}
 }
 
-// Removes all of the event listeners that have been registered for any topic. Also stops the worker
+// Destroy removes all the event listeners that have been registered for any topic. Also stops the worker
 // pool to close that routine.
 func (e *EventBus) Destroy() {
 	e.mu.Lock()

go.mod

@@ -1,81 +1,72 @@
 module github.com/pterodactyl/wings
 
-go 1.14
+go 1.16
 
 require (
 	emperror.dev/errors v0.8.0
-	github.com/AlecAivazis/survey/v2 v2.2.7
+	github.com/AlecAivazis/survey/v2 v2.2.15
-	github.com/Jeffail/gabs/v2 v2.6.0
+	github.com/Jeffail/gabs/v2 v2.6.1
-	github.com/Microsoft/go-winio v0.4.16 // indirect
+	github.com/Microsoft/go-winio v0.5.0 // indirect
-	github.com/Microsoft/hcsshim v0.8.14 // indirect
+	github.com/Microsoft/hcsshim v0.8.20 // indirect
 	github.com/NYTimes/logrotate v1.0.0
-	github.com/andybalholm/brotli v1.0.1 // indirect
+	github.com/andybalholm/brotli v1.0.3 // indirect
 	github.com/apex/log v1.9.0
-	github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef
+	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
 	github.com/beevik/etree v1.1.0
-	github.com/buger/jsonparser v1.1.0
+	github.com/buger/jsonparser v1.1.1
+	github.com/cenkalti/backoff/v4 v4.1.1
 	github.com/cobaugh/osrelease v0.0.0-20181218015638-a93a0a55a249
-	github.com/containerd/containerd v1.4.3 // indirect
+	github.com/containerd/containerd v1.5.5 // indirect
-	github.com/containerd/fifo v0.0.0-20201026212402-0724c46b320c // indirect
 	github.com/creasty/defaults v1.5.1
-	github.com/docker/distribution v2.7.1+incompatible // indirect
+	github.com/docker/docker v20.10.7+incompatible
-	github.com/docker/docker v20.10.1+incompatible
 	github.com/docker/go-connections v0.4.0
-	github.com/docker/go-metrics v0.0.1 // indirect
+	github.com/fatih/color v1.12.0
-	github.com/fatih/color v1.10.0
 	github.com/franela/goblin v0.0.0-20200825194134-80c0062ed6cd
-	github.com/fsnotify/fsnotify v1.4.9 // indirect
+	github.com/gabriel-vasile/mimetype v1.3.1
-	github.com/gabriel-vasile/mimetype v1.1.2
+	github.com/gammazero/workerpool v1.1.2
-	github.com/gammazero/deque v0.0.0-20201010052221-3932da5530cc // indirect
+	github.com/gbrlsnchs/jwt/v3 v3.0.1
-	github.com/gammazero/workerpool v1.1.1
+	github.com/gin-gonic/gin v1.7.2
-	github.com/gbrlsnchs/jwt/v3 v3.0.0
+	github.com/go-playground/validator/v10 v10.8.0 // indirect
-	github.com/gin-gonic/gin v1.6.3
+	github.com/golang/snappy v0.0.4 // indirect
-	github.com/go-playground/validator/v10 v10.4.1 // indirect
+	github.com/google/uuid v1.3.0
-	github.com/golang/snappy v0.0.2 // indirect
-	github.com/google/go-cmp v0.5.2 // indirect
-	github.com/google/uuid v1.1.2
 	github.com/gorilla/mux v1.7.4 // indirect
 	github.com/gorilla/websocket v1.4.2
-	github.com/iancoleman/strcase v0.1.2
+	github.com/iancoleman/strcase v0.2.0
-	github.com/icza/dyno v0.0.0-20200205103839-49cb13720835
+	github.com/icza/dyno v0.0.0-20210726202311-f1bafe5d9996
-	github.com/imdario/mergo v0.3.9
+	github.com/imdario/mergo v0.3.12
 	github.com/juju/ratelimit v1.0.1
 	github.com/karrick/godirwalk v1.16.1
-	github.com/klauspost/compress v1.11.4 // indirect
+	github.com/klauspost/compress v1.13.2 // indirect
 	github.com/klauspost/pgzip v1.2.5
-	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/magefile/mage v1.11.0 // indirect
-	github.com/magefile/mage v1.10.0 // indirect
+	github.com/magiconair/properties v1.8.5
-	github.com/magiconair/properties v1.8.4
 	github.com/mattn/go-colorable v0.1.8
+	github.com/mattn/go-isatty v0.0.13 // indirect
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
 	github.com/mholt/archiver/v3 v3.5.0
 	github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db
-	github.com/moby/term v0.0.0-20201216013528-df9cb8a40635 // indirect
+	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
-	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/nwaples/rardecode v1.1.1 // indirect
-	github.com/opencontainers/image-spec v1.0.1 // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible
-	github.com/pierrec/lz4/v4 v4.1.2 // indirect
+	github.com/pierrec/lz4/v4 v4.1.8 // indirect
-	github.com/pkg/profile v1.5.0
+	github.com/pkg/profile v1.6.0
-	github.com/pkg/sftp v1.12.0
+	github.com/pkg/sftp v1.13.2
-	github.com/prometheus/client_golang v1.9.0 // indirect
+	github.com/prometheus/common v0.30.0 // indirect
+	github.com/prometheus/procfs v0.7.1 // indirect
 	github.com/sabhiram/go-gitignore v0.0.0-20201211210132-54b8a0bf510f
-	github.com/sirupsen/logrus v1.7.0 // indirect
+	github.com/spf13/cobra v1.2.1
-	github.com/spf13/cobra v1.1.1
+	github.com/stretchr/testify v1.7.0
-	github.com/stretchr/testify v1.6.1
+	github.com/ulikunitz/xz v0.5.10 // indirect
-	github.com/ugorji/go v1.2.2 // indirect
+	go.uber.org/atomic v1.9.0 // indirect
-	github.com/ulikunitz/xz v0.5.9 // indirect
+	go.uber.org/multierr v1.7.0 // indirect
-	golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad
+	golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97
-	golang.org/x/net v0.0.0-20201224014010-6772e930b67b // indirect
+	golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985 // indirect
-	golang.org/x/sync v0.0.0-20201207232520-09787c993a3a
+	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
-	golang.org/x/sys v0.0.0-20201223074533-0d417f636930 // indirect
+	golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b // indirect
-	golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf // indirect
+	golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
-	golang.org/x/text v0.3.4 // indirect
+	google.golang.org/genproto v0.0.0-20210729151513-df9385d47c1b // indirect
-	golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 // indirect
-	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
-	google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d // indirect
-	google.golang.org/grpc v1.34.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect
 	gopkg.in/ini.v1 v1.62.0
 	gopkg.in/yaml.v2 v2.4.0

installer/installer.go

@@ -7,6 +7,7 @@ import (
 	"emperror.dev/errors"
 	"github.com/asaskevich/govalidator"
 	"github.com/buger/jsonparser"
+
 	"github.com/pterodactyl/wings/environment"
 	"github.com/pterodactyl/wings/remote"
 	"github.com/pterodactyl/wings/server"
@@ -16,7 +17,7 @@ type Installer struct {
 	server *server.Server
 }
 
-// New validates the received data to ensure that all of the required fields
+// New validates the received data to ensure that all the required fields
 // have been passed along in the request. This should be manually run before
 // calling Execute().
 func New(ctx context.Context, manager *server.Manager, data []byte) (*Installer, error) {
@@ -29,6 +30,7 @@ func New(ctx context.Context, manager *server.Manager, data []byte) (*Installer,
 		Suspended:         false,
 		Invocation:        getString(data, "invocation"),
 		SkipEggScripts:    getBoolean(data, "skip_egg_scripts"),
+		StartOnCompletion: getBoolean(data, "start_on_completion"),
 		Build: environment.Limits{
 			MemoryLimit: getInt(data, "build", "memory"),
 			Swap:        getInt(data, "build", "swap"),
@@ -84,7 +86,7 @@ func New(ctx context.Context, manager *server.Manager, data []byte) (*Installer,
 
 // Uuid returns the UUID associated with this installer instance.
 func (i *Installer) Uuid() string {
-	return i.server.Id()
+	return i.server.ID()
 }
 
 // Server returns the server instance.

loggers/cli/cli.go

@@ -1,17 +1,18 @@
 package cli
 
 import (
-	"emperror.dev/errors"
 	"fmt"
-	"github.com/apex/log"
-	"github.com/apex/log/handlers/cli"
-	color2 "github.com/fatih/color"
-	"github.com/mattn/go-colorable"
 	"io"
 	"os"
 	"strings"
 	"sync"
 	"time"
+
+	"emperror.dev/errors"
+	"github.com/apex/log"
+	"github.com/apex/log/handlers/cli"
+	color2 "github.com/fatih/color"
+	"github.com/mattn/go-colorable"
 )
 
 var Default = New(os.Stderr, true)

parser/parser.go

@@ -15,9 +15,10 @@ import (
 	"github.com/buger/jsonparser"
 	"github.com/icza/dyno"
 	"github.com/magiconair/properties"
-	"github.com/pterodactyl/wings/config"
 	"gopkg.in/ini.v1"
 	"gopkg.in/yaml.v2"
+
+	"github.com/pterodactyl/wings/config"
 )
 
 // The file parsing options that are available for a server configuration file.
@@ -30,6 +31,45 @@ const (
 	Xml        = "xml"
 )
 
+type ReplaceValue struct {
+	value     []byte
+	valueType jsonparser.ValueType
+}
+
+// Value returns the underlying value of the replacement. Be aware that this
+// can include escaped UTF-8 sequences that will need to be handled by the caller
+// in order to avoid accidentally injecting invalid sequences into the running
+// process.
+//
+// For example the expected value may be "§Foo" but you'll be working directly
+// with "\u00a7FOo" for this value. This will cause user pain if not solved since
+// that is clearly not the value they were expecting to be using.
+func (cv *ReplaceValue) Value() []byte {
+	return cv.value
+}
+
+// Type returns the underlying data type for the Value field.
+func (cv *ReplaceValue) Type() jsonparser.ValueType {
+	return cv.valueType
+}
+
+// String returns the value as a string representation. This will automatically
+// handle casting the UTF-8 sequence into the expected value, switching something
+// like "\u00a7Foo" into "§Foo".
+func (cv *ReplaceValue) String() string {
+	if cv.Type() != jsonparser.String {
+		if cv.Type() == jsonparser.Null {
+			return "<nil>"
+		}
+		return "<invalid>"
+	}
+	str, err := jsonparser.ParseString(cv.value)
+	if err != nil {
+		panic(errors.Wrap(err, "parser: could not parse value"))
+	}
+	return str
+}
+
 type ConfigurationParser string
 
 func (cp ConfigurationParser) String() string {
@@ -77,15 +117,16 @@ func (f *ConfigurationFile) UnmarshalJSON(data []byte) error {
 	return nil
 }
 
-// Defines a single find/replace instance for a given server configuration file.
+// ConfigurationFileReplacement defines a single find/replace instance for a
+// given server configuration file.
 type ConfigurationFileReplacement struct {
 	Match       string       `json:"match"`
 	IfValue     string       `json:"if_value"`
 	ReplaceWith ReplaceValue `json:"replace_with"`
 }
 
-// Handles unmarshaling the JSON representation into a struct that provides more useful
+// UnmarshalJSON handles unmarshaling the JSON representation into a struct that
-// data to this functionality.
+// provides more useful data to this functionality.
 func (cfr *ConfigurationFileReplacement) UnmarshalJSON(data []byte) error {
 	m, err := jsonparser.GetString(data, "match")
 	if err != nil {
@@ -410,48 +451,66 @@ func (f *ConfigurationFile) parseTextFile(path string) error {
 	return nil
 }
 
-// Parses a properties file and updates the values within it to match those that
+// parsePropertiesFile parses a properties file and updates the values within it
-// are passed. Writes the file once completed.
+// to match those that are passed. Once completed the new file is written to the
+// disk. This will cause comments not present at the head of the file to be
+// removed unfortunately.
+//
+// Any UTF-8 value will be written back to the disk as their escaped value rather
+// than the raw value There is no winning with this logic. This fixes a bug where
+// users with hand rolled UTF-8 escape sequences would have all sorts of pain in
+// their configurations because we were writing the UTF-8 literal characters which
+// their games could not actually handle.
+//
+// However, by adding this fix to only store the escaped UTF-8 sequence we
+// unwittingly introduced a "regression" that causes _other_ games to have issues
+// because they can only handle the unescaped representations. I cannot think of
+// a simple approach to this problem that doesn't just lead to more complicated
+// cases and problems.
+//
+// So, if your game cannot handle parsing UTF-8 sequences that are escaped into
+// the string, well, sucks. There are fewer of those games than there are games
+// that have issues parsing the raw UTF-8 sequence into a string? Also how does
+// one really know what the user intended at this point? We'd need to know if
+// the value was escaped or not to begin with before setting it, which I suppose
+// can work but jesus that is going to be some annoyingly complicated logic?
+//
+// @see https://github.com/pterodactyl/panel/issues/2308 (original)
+// @see https://github.com/pterodactyl/panel/issues/3009 ("bug" introduced as result)
 func (f *ConfigurationFile) parsePropertiesFile(path string) error {
-	// Open the file.
-	f2, err := os.Open(path)
-	if err != nil {
-		return err
-	}
-
 	var s strings.Builder
-
+	// Open the file and attempt to load any comments that currenty exist at the start
-	// Get any header comments from the file.
+	// of the file. This is kind of a hack, but should work for a majority of users for
-	scanner := bufio.NewScanner(f2)
+	// the time being.
+	if fd, err := os.Open(path); err != nil {
+		return errors.Wrap(err, "parser: could not open file for reading")
+	} else {
+		scanner := bufio.NewScanner(fd)
+		// Scan until we hit a line that is not a comment that actually has content
+		// on it. Keep appending the comments until that time.
 		for scanner.Scan() {
 			text := scanner.Text()
 			if len(text) > 0 && text[0] != '#' {
 				break
 			}
-
+			s.WriteString(text + "\n")
-		s.WriteString(text)
-		s.WriteString("\n")
 		}
-
+		_ = fd.Close()
-	// Close the file.
-	_ = f2.Close()
-
-	// Handle any scanner errors.
 		if err := scanner.Err(); err != nil {
-		return err
+			return errors.WithStackIf(err)
+		}
 	}
 
-	// Decode the properties file.
 	p, err := properties.LoadFile(path, properties.UTF8)
 	if err != nil {
-		return err
+		return errors.Wrap(err, "parser: could not load properties file for configuration update")
 	}
 
 	// Replace any values that need to be replaced.
 	for _, replace := range f.Replace {
 		data, err := f.LookupConfigurationValue(replace)
 		if err != nil {
-			return err
+			return errors.Wrap(err, "parser: failed to lookup configuration value")
 		}
 
 		v, ok := p.Get(replace.Match)
@@ -463,7 +522,7 @@ func (f *ConfigurationFile) parsePropertiesFile(path string) error {
 		}
 
 		if _, _, err := p.Set(replace.Match, data); err != nil {
-			return err
+			return errors.Wrap(err, "parser: failed to set replacement value")
 		}
 	}
 
@@ -473,11 +532,11 @@ func (f *ConfigurationFile) parsePropertiesFile(path string) error {
 		if !ok {
 			continue
 		}
-
+		// This escape is intentional!
-		s.WriteString(key)
+		//
-		s.WriteByte('=')
+		// See the docblock for this function for more details, do not change this
-		s.WriteString(strings.Trim(strconv.QuoteToASCII(value), `"`))
+		// or you'll cause a flood of new issue reports no one wants to deal with.
-		s.WriteString("\n")
+		s.WriteString(key + "=" + strings.Trim(strconv.QuoteToASCII(value), "\"") + "\n")
 	}
 
 	// Open the file for writing.
@@ -489,7 +548,7 @@ func (f *ConfigurationFile) parsePropertiesFile(path string) error {
 
 	// Write the data to the file.
 	if _, err := w.Write([]byte(s.String())); err != nil {
-		return err
+		return errors.Wrap(err, "parser: failed to write properties file to disk")
 	}
 
 	return nil

parser/value.go

@@ -1,24 +0,0 @@
-package parser
-
-import (
-	"github.com/buger/jsonparser"
-)
-
-type ReplaceValue struct {
-	value     []byte
-	valueType jsonparser.ValueType `json:"-"`
-}
-
-func (cv *ReplaceValue) Value() []byte {
-	return cv.value
-}
-
-func (cv *ReplaceValue) String() string {
-	str, _ := jsonparser.ParseString(cv.value)
-
-	return str
-}
-
-func (cv *ReplaceValue) Type() jsonparser.ValueType {
-	return cv.valueType
-}

remote/errors.go

@@ -3,6 +3,8 @@ package remote
 import (
 	"fmt"
 	"net/http"
+
+	"emperror.dev/errors"
 )
 
 type RequestErrors struct {
@@ -16,13 +18,31 @@ type RequestError struct {
 	Detail   string `json:"detail"`
 }
 
+// IsRequestError checks if the given error is of the RequestError type.
 func IsRequestError(err error) bool {
-	_, ok := err.(*RequestError)
+	var rerr *RequestError
-
+	if err == nil {
-	return ok
+		return false
+	}
+	return errors.As(err, &rerr)
 }
 
-// Returns the error response in a string form that can be more easily consumed.
+// AsRequestError transforms the error into a RequestError if it is currently
+// one, checking the wrap status from the other error handlers. If the error
+// is not a RequestError nil is returned.
+func AsRequestError(err error) *RequestError {
+	if err == nil {
+		return nil
+	}
+	var rerr *RequestError
+	if errors.As(err, &rerr) {
+		return rerr
+	}
+	return nil
+}
+
+// Error returns the error response in a string form that can be more easily
+// consumed.
 func (re *RequestError) Error() string {
 	c := 0
 	if re.response != nil {
@@ -32,6 +52,11 @@ func (re *RequestError) Error() string {
 	return fmt.Sprintf("Error response from Panel: %s: %s (HTTP/%d)", re.Code, re.Detail, c)
 }
 
+// StatusCode returns the status code of the response.
+func (re *RequestError) StatusCode() int {
+	return re.response.StatusCode
+}
+
 type SftpInvalidCredentialsError struct {
 }
 

remote/http.go

@@ -8,11 +8,14 @@ import (
 	"io"
 	"io/ioutil"
 	"net/http"
+	"strconv"
 	"strings"
 	"time"
 
 	"emperror.dev/errors"
 	"github.com/apex/log"
+	"github.com/cenkalti/backoff/v4"
+
 	"github.com/pterodactyl/wings/system"
 )
 
@@ -35,7 +38,7 @@ type client struct {
 	baseUrl     string
 	tokenId     string
 	token       string
-	attempts   int
+	maxAttempts int
 }
 
 // New returns a new HTTP request client that is used for making authenticated
@@ -46,7 +49,7 @@ func New(base string, opts ...ClientOption) Client {
 		httpClient: &http.Client{
 			Timeout: time.Second * 15,
 		},
-		attempts: 1,
+		maxAttempts: 0,
 	}
 	for _, opt := range opts {
 		opt(&c)
@@ -71,11 +74,31 @@ func WithHttpClient(httpClient *http.Client) ClientOption {
 	}
 }
 
+// Get executes a HTTP GET request.
+func (c *client) Get(ctx context.Context, path string, query q) (*Response, error) {
+	return c.request(ctx, http.MethodGet, path, nil, func(r *http.Request) {
+		q := r.URL.Query()
+		for k, v := range query {
+			q.Set(k, v)
+		}
+		r.URL.RawQuery = q.Encode()
+	})
+}
+
+// Post executes a HTTP POST request.
+func (c *client) Post(ctx context.Context, path string, data interface{}) (*Response, error) {
+	b, err := json.Marshal(data)
+	if err != nil {
+		return nil, err
+	}
+	return c.request(ctx, http.MethodPost, path, bytes.NewBuffer(b))
+}
+
 // requestOnce creates a http request and executes it once. Prefer request()
 // over this method when possible. It appends the path to the endpoint of the
 // client and adds the authentication token to the request.
 func (c *client) requestOnce(ctx context.Context, method, path string, body io.Reader, opts ...func(r *http.Request)) (*Response, error) {
-	req, err := http.NewRequest(method, c.baseUrl+path, body)
+	req, err := http.NewRequestWithContext(ctx, method, c.baseUrl+path, body)
 	if err != nil {
 		return nil, err
 	}
@@ -92,45 +115,86 @@ func (c *client) requestOnce(ctx context.Context, method, path string, body io.R
 
 	debugLogRequest(req)
 
-	res, err := c.httpClient.Do(req.WithContext(ctx))
+	res, err := c.httpClient.Do(req)
 	return &Response{res}, err
 }
 
-// request executes a http request and attempts when errors occur.
+// request executes an HTTP request against the Panel API. If there is an error
-// It appends the path to the endpoint of the client and adds the authentication token to the request.
+// encountered with the request it will be retried using an exponential backoff.
-func (c *client) request(ctx context.Context, method, path string, body io.Reader, opts ...func(r *http.Request)) (res *Response, err error) {
+// If the error returned from the Panel is due to API throttling or because there
-	for i := 0; i < c.attempts; i++ {
+// are invalid authentication credentials provided the request will _not_ be
-		res, err = c.requestOnce(ctx, method, path, body, opts...)
+// retried by the backoff.
-		if err == nil &&
+//
-			res.StatusCode < http.StatusInternalServerError &&
+// This function automatically appends the path to the current client endpoint
-			res.StatusCode != http.StatusTooManyRequests {
+// and adds the required authentication headers to the request that is being
-			break
+// created. Errors returned will be of the RequestError type if there was some
-		}
+// type of response from the API that can be parsed.
-	}
+func (c *client) request(ctx context.Context, method, path string, body io.Reader, opts ...func(r *http.Request)) (*Response, error) {
+	var res *Response
+	err := backoff.Retry(func() error {
+		r, err := c.requestOnce(ctx, method, path, body, opts...)
 		if err != nil {
-		return nil, errors.WithStack(err)
+			if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) {
+				return backoff.Permanent(err)
 			}
-	return
+			return errors.WrapIf(err, "http: request creation failed")
 		}
-
+		res = r
-// get executes a http get request.
+		if r.HasError() {
-func (c *client) get(ctx context.Context, path string, query q) (*Response, error) {
+			// Close the request body after returning the error to free up resources.
-	return c.request(ctx, http.MethodGet, path, nil, func(r *http.Request) {
+			defer r.Body.Close()
-		q := r.URL.Query()
+			// Don't keep spamming the endpoint if we've already made too many requests or
-		for k, v := range query {
+			// if we're not even authenticated correctly. Retrying generally won't fix either
-			q.Set(k, v)
+			// of these issues.
+			if r.StatusCode == http.StatusForbidden ||
+				r.StatusCode == http.StatusTooManyRequests ||
+				r.StatusCode == http.StatusUnauthorized {
+				return backoff.Permanent(r.Error())
 			}
-		r.URL.RawQuery = q.Encode()
+			return r.Error()
-	})
 		}
-
+		return nil
-// post executes a http post request.
+	}, c.backoff(ctx))
-func (c *client) post(ctx context.Context, path string, data interface{}) (*Response, error) {
-	b, err := json.Marshal(data)
 	if err != nil {
+		if v, ok := err.(*backoff.PermanentError); ok {
+			return nil, v.Unwrap()
+		}
 		return nil, err
 	}
-	return c.request(ctx, http.MethodPost, path, bytes.NewBuffer(b))
+	return res, nil
+}
+
+// backoff returns an exponential backoff function for use with remote API
+// requests. This will allow an API call to be executed approximately 10 times
+// before it is finally reported back as an error.
+//
+// This allows for issues with DNS resolution, or rare race conditions due to
+// slower SQL queries on the Panel to potentially self-resolve without just
+// immediately failing the first request. The example below shows the amount of
+// time that has elapsed between each call to the handler when an error is
+// returned. You can tweak these values as needed to get the effect you desire.
+//
+// If maxAttempts is a value greater than 0 the backoff will be capped at a total
+// number of executions, or the MaxElapsedTime, whichever comes first.
+//
+// call(): 0s
+// call(): 552.330144ms
+// call(): 1.63271196s
+// call(): 2.94284202s
+// call(): 4.525234711s
+// call(): 6.865723375s
+// call(): 11.37194223s
+// call(): 14.593421816s
+// call(): 20.202045293s
+// call(): 27.36567952s <-- Stops here as MaxElapsedTime is 30 seconds
+func (c *client) backoff(ctx context.Context) backoff.BackOffContext {
+	b := backoff.NewExponentialBackOff()
+	b.MaxInterval = time.Second * 12
+	b.MaxElapsedTime = time.Second * 30
+	if c.maxAttempts > 0 {
+		return backoff.WithContext(backoff.WithMaxRetries(b, uint64(c.maxAttempts)), ctx)
+	}
+	return backoff.WithContext(b, ctx)
 }
 
 // Response is a custom response type that allows for commonly used error
@@ -157,15 +221,12 @@ func (r *Response) HasError() bool {
 func (r *Response) Read() ([]byte, error) {
 	var b []byte
 	if r.Response == nil {
-		return nil, errors.New("http: attempting to read missing response")
+		return nil, errors.New("remote: attempting to read missing response")
 	}
-
 	if r.Response.Body != nil {
 		b, _ = ioutil.ReadAll(r.Response.Body)
 	}
-
 	r.Response.Body = ioutil.NopCloser(bytes.NewBuffer(b))
-
 	return b, nil
 }
 
@@ -177,15 +238,16 @@ func (r *Response) BindJSON(v interface{}) error {
 	if err != nil {
 		return err
 	}
-
 	if err := json.Unmarshal(b, &v); err != nil {
-		return errors.Wrap(err, "http: could not unmarshal response")
+		return errors.Wrap(err, "remote: could not unmarshal response")
 	}
 	return nil
 }
 
 // Returns the first error message from the API call as a string. The error
-// message will be formatted similar to the below example:
+// message will be formatted similar to the below example. If there is no error
+// that can be parsed out of the API you'll still get a RequestError returned
+// but the RequestError.Code will be "_MissingResponseCode".
 //
 // HttpNotFoundException: The requested resource does not exist. (HTTP/404)
 func (r *Response) Error() error {
@@ -196,14 +258,18 @@ func (r *Response) Error() error {
 	var errs RequestErrors
 	_ = r.BindJSON(&errs)
 
-	e := &RequestError{}
+	e := &RequestError{
+		Code:   "_MissingResponseCode",
+		Status: strconv.Itoa(r.StatusCode),
+		Detail: "No error response returned from API endpoint.",
+	}
 	if len(errs.Errors) > 0 {
 		e = &errs.Errors[0]
 	}
 
 	e.response = r.Response
 
-	return e
+	return errors.WithStackDepth(e, 1)
 }
 
 // Logs the request into the debug log with all of the important request bits.

remote/http_test.go

@@ -14,8 +14,7 @@ func createTestClient(h http.HandlerFunc) (*client, *httptest.Server) {
 	c := &client{
 		httpClient:  s.Client(),
 		baseUrl:     s.URL,
-
+		maxAttempts: 1,
-		attempts: 1,
 		tokenId:     "testid",
 		token:       "testtoken",
 	}
@@ -47,7 +46,7 @@ func TestRequestRetry(t *testing.T) {
 		}
 		i++
 	})
-	c.attempts = 2
+	c.maxAttempts = 2
 	r, err := c.request(context.Background(), "", "", nil)
 	assert.NoError(t, err)
 	assert.NotNil(t, r)
@@ -60,12 +59,15 @@ func TestRequestRetry(t *testing.T) {
 		rw.WriteHeader(http.StatusInternalServerError)
 		i++
 	})
-	c.attempts = 2
+	c.maxAttempts = 2
 	r, err = c.request(context.Background(), "get", "", nil)
-	assert.NoError(t, err)
+	assert.Error(t, err)
-	assert.NotNil(t, r)
+	assert.Nil(t, r)
-	assert.Equal(t, http.StatusInternalServerError, r.StatusCode)
+
-	assert.Equal(t, 2, i)
+	v := AsRequestError(err)
+	assert.NotNil(t, v)
+	assert.Equal(t, http.StatusInternalServerError, v.StatusCode())
+	assert.Equal(t, 3, i)
 }
 
 func TestGet(t *testing.T) {
@@ -74,7 +76,7 @@ func TestGet(t *testing.T) {
 		assert.Len(t, r.URL.Query(), 1)
 		assert.Equal(t, "world", r.URL.Query().Get("hello"))
 	})
-	r, err := c.get(context.Background(), "/test", q{"hello": "world"})
+	r, err := c.Get(context.Background(), "/test", q{"hello": "world"})
 	assert.NoError(t, err)
 	assert.NotNil(t, r)
 }
@@ -87,7 +89,7 @@ func TestPost(t *testing.T) {
 		assert.Equal(t, http.MethodPost, r.Method)
 
 	})
-	r, err := c.post(context.Background(), "/test", test)
+	r, err := c.Post(context.Background(), "/test", test)
 	assert.NoError(t, err)
 	assert.NotNil(t, r)
 }

remote/servers.go

@@ -58,62 +58,54 @@ func (c *client) GetServers(ctx context.Context, limit int) ([]RawServerData, er
 // things in a bad state within the Panel. This API call is executed once Wings
 // has fully booted all of the servers.
 func (c *client) ResetServersState(ctx context.Context) error {
-	res, err := c.post(ctx, "/servers/reset", nil)
+	res, err := c.Post(ctx, "/servers/reset", nil)
 	if err != nil {
-		return errors.WrapIf(err, "remote/servers: failed to reset server state on Panel")
+		return errors.WrapIf(err, "remote: failed to reset server state on Panel")
 	}
-	res.Body.Close()
+	_ = res.Body.Close()
 	return nil
 }
 
 func (c *client) GetServerConfiguration(ctx context.Context, uuid string) (ServerConfigurationResponse, error) {
 	var config ServerConfigurationResponse
-	res, err := c.get(ctx, fmt.Sprintf("/servers/%s", uuid), nil)
+	res, err := c.Get(ctx, fmt.Sprintf("/servers/%s", uuid), nil)
 	if err != nil {
 		return config, err
 	}
 	defer res.Body.Close()
 
-	if res.HasError() {
-		return config, res.Error()
-	}
-
 	err = res.BindJSON(&config)
 	return config, err
 }
 
 func (c *client) GetInstallationScript(ctx context.Context, uuid string) (InstallationScript, error) {
-	res, err := c.get(ctx, fmt.Sprintf("/servers/%s/install", uuid), nil)
+	res, err := c.Get(ctx, fmt.Sprintf("/servers/%s/install", uuid), nil)
 	if err != nil {
 		return InstallationScript{}, err
 	}
 	defer res.Body.Close()
 
-	if res.HasError() {
-		return InstallationScript{}, res.Error()
-	}
-
 	var config InstallationScript
 	err = res.BindJSON(&config)
 	return config, err
 }
 
 func (c *client) SetInstallationStatus(ctx context.Context, uuid string, successful bool) error {
-	resp, err := c.post(ctx, fmt.Sprintf("/servers/%s/install", uuid), d{"successful": successful})
+	resp, err := c.Post(ctx, fmt.Sprintf("/servers/%s/install", uuid), d{"successful": successful})
 	if err != nil {
 		return err
 	}
-	defer resp.Body.Close()
+	_ = resp.Body.Close()
-	return resp.Error()
+	return nil
 }
 
 func (c *client) SetArchiveStatus(ctx context.Context, uuid string, successful bool) error {
-	resp, err := c.post(ctx, fmt.Sprintf("/servers/%s/archive", uuid), d{"successful": successful})
+	resp, err := c.Post(ctx, fmt.Sprintf("/servers/%s/archive", uuid), d{"successful": successful})
 	if err != nil {
 		return err
 	}
-	defer resp.Body.Close()
+	_ = resp.Body.Close()
-	return resp.Error()
+	return nil
 }
 
 func (c *client) SetTransferStatus(ctx context.Context, uuid string, successful bool) error {
@@ -121,12 +113,12 @@ func (c *client) SetTransferStatus(ctx context.Context, uuid string, successful
 	if successful {
 		state = "success"
 	}
-	resp, err := c.get(ctx, fmt.Sprintf("/servers/%s/transfer/%s", uuid, state), nil)
+	resp, err := c.Get(ctx, fmt.Sprintf("/servers/%s/transfer/%s", uuid, state), nil)
 	if err != nil {
 		return err
 	}
-	defer resp.Body.Close()
+	_ = resp.Body.Close()
-	return resp.Error()
+	return nil
 }
 
 // ValidateSftpCredentials makes a request to determine if the username and
@@ -136,66 +128,54 @@ func (c *client) SetTransferStatus(ctx context.Context, uuid string, successful
 // all of the authorization security logic to the Panel.
 func (c *client) ValidateSftpCredentials(ctx context.Context, request SftpAuthRequest) (SftpAuthResponse, error) {
 	var auth SftpAuthResponse
-	res, err := c.post(ctx, "/sftp/auth", request)
+	res, err := c.Post(ctx, "/sftp/auth", request)
 	if err != nil {
+		if err := AsRequestError(err); err != nil && (err.StatusCode() >= 400 && err.StatusCode() < 500) {
+			log.WithFields(log.Fields{"subsystem": "sftp", "username": request.User, "ip": request.IP}).Warn(err.Error())
+			return auth, &SftpInvalidCredentialsError{}
+		}
 		return auth, err
 	}
 	defer res.Body.Close()
 
-	e := res.Error()
+	if err := res.BindJSON(&auth); err != nil {
-	if e != nil {
-		if res.StatusCode >= 400 && res.StatusCode < 500 {
-			log.WithFields(log.Fields{
-				"subsystem": "sftp",
-				"username":  request.User,
-				"ip":        request.IP,
-			}).Warn(e.Error())
-
-			return auth, &SftpInvalidCredentialsError{}
-		}
-
-		return auth, errors.New(e.Error())
-	}
-
-	err = res.BindJSON(&auth)
 		return auth, err
 	}
+	return auth, nil
+}
 
 func (c *client) GetBackupRemoteUploadURLs(ctx context.Context, backup string, size int64) (BackupRemoteUploadResponse, error) {
 	var data BackupRemoteUploadResponse
-	res, err := c.get(ctx, fmt.Sprintf("/backups/%s", backup), q{"size": strconv.FormatInt(size, 10)})
+	res, err := c.Get(ctx, fmt.Sprintf("/backups/%s", backup), q{"size": strconv.FormatInt(size, 10)})
 	if err != nil {
 		return data, err
 	}
 	defer res.Body.Close()
-
+	if err := res.BindJSON(&data); err != nil {
-	if res.HasError() {
-		return data, res.Error()
-	}
-
-	err = res.BindJSON(&data)
 		return data, err
 	}
+	return data, nil
+}
 
 func (c *client) SetBackupStatus(ctx context.Context, backup string, data BackupRequest) error {
-	resp, err := c.post(ctx, fmt.Sprintf("/backups/%s", backup), data)
+	resp, err := c.Post(ctx, fmt.Sprintf("/backups/%s", backup), data)
 	if err != nil {
 		return err
 	}
-	defer resp.Body.Close()
+	_ = resp.Body.Close()
-	return resp.Error()
+	return nil
 }
 
 // SendRestorationStatus triggers a request to the Panel to notify it that a
 // restoration has been completed and the server should be marked as being
 // activated again.
 func (c *client) SendRestorationStatus(ctx context.Context, backup string, successful bool) error {
-	resp, err := c.post(ctx, fmt.Sprintf("/backups/%s/restore", backup), d{"successful": successful})
+	resp, err := c.Post(ctx, fmt.Sprintf("/backups/%s/restore", backup), d{"successful": successful})
 	if err != nil {
 		return err
 	}
-	defer resp.Body.Close()
+	_ = resp.Body.Close()
-	return resp.Error()
+	return nil
 }
 
 // getServersPaged returns a subset of servers from the Panel API using the
@@ -206,7 +186,7 @@ func (c *client) getServersPaged(ctx context.Context, page, limit int) ([]RawSer
 		Meta Pagination      `json:"meta"`
 	}
 
-	res, err := c.get(ctx, "/servers", q{
+	res, err := c.Get(ctx, "/servers", q{
 		"page":     strconv.Itoa(page),
 		"per_page": strconv.Itoa(limit),
 	})
@@ -214,10 +194,6 @@ func (c *client) getServersPaged(ctx context.Context, page, limit int) ([]RawSer
 		return nil, r.Meta, err
 	}
 	defer res.Body.Close()
-
-	if res.HasError() {
-		return nil, r.Meta, res.Error()
-	}
 	if err := res.BindJSON(&r); err != nil {
 		return nil, r.Meta, err
 	}

remote/types.go

@@ -6,6 +6,7 @@ import (
 	"strings"
 
 	"github.com/apex/log"
+
 	"github.com/pterodactyl/wings/parser"
 )
 
@@ -32,7 +33,7 @@ type Pagination struct {
 
 // ServerConfigurationResponse holds the server configuration data returned from
 // the Panel. When a server process is started, Wings communicates with the
-// Panel to fetch the latest build information as well as get all of the details
+// Panel to fetch the latest build information as well as get all the details
 // needed to parse the given Egg.
 //
 // This means we do not need to hit Wings each time part of the server is

router/downloader/downloader.go

@@ -2,26 +2,26 @@ package downloader
 
 import (
 	"context"
-	"emperror.dev/errors"
 	"encoding/json"
 	"fmt"
-	"github.com/google/uuid"
-	"github.com/pterodactyl/wings/server"
 	"io"
 	"net"
 	"net/http"
 	"net/url"
 	"path/filepath"
-	"regexp"
-	"strconv"
 	"strings"
 	"sync"
 	"time"
+
+	"emperror.dev/errors"
+	"github.com/google/uuid"
+
+	"github.com/pterodactyl/wings/server"
 )
 
 var client = &http.Client{
 	Timeout: time.Hour * 12,
-	// Disallow any redirect on a HTTP call. This is a security requirement: do not modify
+	// Disallow any redirect on an HTTP call. This is a security requirement: do not modify
 	// this logic without first ensuring that the new target location IS NOT within the current
 	// instance's local network.
 	//
@@ -36,18 +36,14 @@ var client = &http.Client{
 }
 
 var instance = &Downloader{
-	// Tracks all of the active downloads.
+	// Tracks all the active downloads.
 	downloadCache: make(map[string]*Download),
-	// Tracks all of the downloads active for a given server instance. This is
+	// Tracks all the downloads active for a given server instance. This is
 	// primarily used to make things quicker and keep the code a little more
 	// legible throughout here.
 	serverCache: make(map[string][]string),
 }
 
-// Regex to match the end of an IPv4/IPv6 address. This allows the port to be removed
-// so that we are just working with the raw IP address in question.
-var ipMatchRegex = regexp.MustCompile(`(:\d+)$`)
-
 // Internal IP ranges that should be blocked if the resource requested resolves within.
 var internalRanges = []*net.IPNet{
 	mustParseCIDR("127.0.0.1/8"),
@@ -60,9 +56,11 @@ var internalRanges = []*net.IPNet{
 	mustParseCIDR("fc00::/7"),
 }
 
-const ErrInternalResolution = errors.Sentinel("downloader: destination resolves to internal network location")
+const (
-const ErrInvalidIPAddress = errors.Sentinel("downloader: invalid IP address")
+	ErrInternalResolution = errors.Sentinel("downloader: destination resolves to internal network location")
-const ErrDownloadFailed = errors.Sentinel("downloader: download request failed")
+	ErrInvalidIPAddress   = errors.Sentinel("downloader: invalid IP address")
+	ErrDownloadFailed     = errors.Sentinel("downloader: download request failed")
+)
 
 type Counter struct {
 	total   int
@@ -77,8 +75,8 @@ func (c *Counter) Write(p []byte) (int, error) {
 }
 
 type DownloadRequest struct {
-	URL       *url.URL
 	Directory string
+	URL       *url.URL
 }
 
 type Download struct {
@@ -90,7 +88,7 @@ type Download struct {
 	cancelFunc *context.CancelFunc
 }
 
-// Starts a new tracked download which allows for cancellation later on by calling
+// New starts a new tracked download which allows for cancellation later on by calling
 // the Downloader.Cancel function.
 func New(s *server.Server, r DownloadRequest) *Download {
 	dl := Download{
@@ -102,14 +100,14 @@ func New(s *server.Server, r DownloadRequest) *Download {
 	return &dl
 }
 
-// Returns all of the tracked downloads for a given server instance.
+// ByServer returns all the tracked downloads for a given server instance.
 func ByServer(sid string) []*Download {
 	instance.mu.Lock()
 	defer instance.mu.Unlock()
 	var downloads []*Download
 	if v, ok := instance.serverCache[sid]; ok {
 		for _, id := range v {
-			if dl, dlok := instance.downloadCache[id]; dlok {
+			if dl, ok := instance.downloadCache[id]; ok {
 				downloads = append(downloads, dl)
 			}
 		}
@@ -117,7 +115,7 @@ func ByServer(sid string) []*Download {
 	return downloads
 }
 
-// Returns a single Download matching a given identifier. If no download is found
+// ByID returns a single Download matching a given identifier. If no download is found
 // the second argument in the response will be false.
 func ByID(dlid string) *Download {
 	return instance.find(dlid)
@@ -134,7 +132,7 @@ func (dl Download) MarshalJSON() ([]byte, error) {
 	})
 }
 
-// Executes a given download for the server and begins writing the file to the disk. Once
+// Execute executes a given download for the server and begins writing the file to the disk. Once
 // completed the download will be removed from the cache.
 func (dl *Download) Execute() error {
 	ctx, cancel := context.WithTimeout(context.Background(), time.Hour*12)
@@ -185,7 +183,7 @@ func (dl *Download) Execute() error {
 	return nil
 }
 
-// Cancels a running download and frees up the associated resources. If a file is being
+// Cancel cancels a running download and frees up the associated resources. If a file is being
 // written a partial file will remain present on the disk.
 func (dl *Download) Cancel() {
 	if dl.cancelFunc != nil {
@@ -194,12 +192,12 @@ func (dl *Download) Cancel() {
 	instance.remove(dl.Identifier)
 }
 
-// Checks if the given download belongs to the provided server.
+// BelongsTo checks if the given download belongs to the provided server.
 func (dl *Download) BelongsTo(s *server.Server) bool {
-	return dl.server.Id() == s.Id()
+	return dl.server.ID() == s.ID()
 }
 
-// Returns the current progress of the download as a float value between 0 and 1 where
+// Progress returns the current progress of the download as a float value between 0 and 1 where
 // 1 indicates that the download is completed.
 func (dl *Download) Progress() float64 {
 	dl.mu.RLock()
@@ -232,15 +230,19 @@ func (dl *Download) isExternalNetwork(ctx context.Context) error {
 
 	// This cluster-fuck of math and integer shit converts an integer IP into a proper IPv4.
 	// For example: 16843009 would become 1.1.1.1
-	if i, err := strconv.ParseInt(host, 10, 64); err == nil {
+	//if i, err := strconv.ParseInt(host, 10, 64); err == nil {
-		host = strconv.FormatInt((i>>24)&0xFF, 10) + "." + strconv.FormatInt((i>>16)&0xFF, 10) + "." + strconv.FormatInt((i>>8)&0xFF, 10) + "." + strconv.FormatInt(i&0xFF, 10)
+	//	host = strconv.FormatInt((i>>24)&0xFF, 10) + "." + strconv.FormatInt((i>>16)&0xFF, 10) + "." + strconv.FormatInt((i>>8)&0xFF, 10) + "." + strconv.FormatInt(i&0xFF, 10)
-	}
+	//}
 
-	if !ipMatchRegex.MatchString(host) {
+	if _, _, err := net.SplitHostPort(host); err != nil {
-		if dl.req.URL.Scheme == "https" {
+		if !strings.Contains(err.Error(), "missing port in address") {
-			host = host + ":443"
+			return errors.WithStack(err)
-		} else {
+		}
-			host = host + ":80"
+		switch dl.req.URL.Scheme {
+		case "http":
+			host += ":80"
+		case "https":
+			host += ":443"
 		}
 	}
 
@@ -250,7 +252,11 @@ func (dl *Download) isExternalNetwork(ctx context.Context) error {
 	}
 	_ = c.Close()
 
-	ip := net.ParseIP(ipMatchRegex.ReplaceAllString(c.RemoteAddr().String(), ""))
+	ipStr, _, err := net.SplitHostPort(c.RemoteAddr().String())
+	if err != nil {
+		return errors.WithStack(err)
+	}
+	ip := net.ParseIP(ipStr)
 	if ip == nil {
 		return errors.WithStack(ErrInvalidIPAddress)
 	}
@@ -265,7 +271,7 @@ func (dl *Download) isExternalNetwork(ctx context.Context) error {
 	return nil
 }
 
-// Defines a global downloader struct that keeps track of all currently processing downloads
+// Downloader represents a global downloader that keeps track of all currently processing downloads
 // for the machine.
 type Downloader struct {
 	mu            sync.RWMutex
@@ -273,11 +279,11 @@ type Downloader struct {
 	serverCache   map[string][]string
 }
 
-// Tracks a download in the internal cache for this instance.
+// track tracks a download in the internal cache for this instance.
 func (d *Downloader) track(dl *Download) {
 	d.mu.Lock()
 	defer d.mu.Unlock()
-	sid := dl.server.Id()
+	sid := dl.server.ID()
 	if _, ok := d.downloadCache[dl.Identifier]; !ok {
 		d.downloadCache[dl.Identifier] = dl
 		if _, ok := d.serverCache[sid]; !ok {
@@ -287,7 +293,7 @@ func (d *Downloader) track(dl *Download) {
 	}
 }
 
-// Finds a given download entry using the provided ID and returns it.
+// find finds a given download entry using the provided ID and returns it.
 func (d *Downloader) find(dlid string) *Download {
 	d.mu.RLock()
 	defer d.mu.RUnlock()
@@ -297,24 +303,24 @@ func (d *Downloader) find(dlid string) *Download {
 	return nil
 }
 
-// Remove the given download reference from the cache storing them. This also updates
+// remove removes the given download reference from the cache storing them. This also updates
 // the slice of active downloads for a given server to not include this download.
-func (d *Downloader) remove(dlid string) {
+func (d *Downloader) remove(dlID string) {
 	d.mu.Lock()
 	defer d.mu.Unlock()
-	if _, ok := d.downloadCache[dlid]; !ok {
+	if _, ok := d.downloadCache[dlID]; !ok {
 		return
 	}
-	sid := d.downloadCache[dlid].server.Id()
+	sID := d.downloadCache[dlID].server.ID()
-	delete(d.downloadCache, dlid)
+	delete(d.downloadCache, dlID)
-	if tracked, ok := d.serverCache[sid]; ok {
+	if tracked, ok := d.serverCache[sID]; ok {
 		var out []string
 		for _, k := range tracked {
-			if k != dlid {
+			if k != dlID {
 				out = append(out, k)
 			}
 		}
-		d.serverCache[sid] = out
+		d.serverCache[sID] = out
 	}
 }
 

router/error.go

@@ -10,6 +10,7 @@ import (
 	"github.com/apex/log"
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
+
 	"github.com/pterodactyl/wings/server"
 	"github.com/pterodactyl/wings/server/filesystem"
 )
@@ -134,7 +135,7 @@ func (e *RequestError) getAsFilesystemError() (int, string) {
 		return http.StatusBadRequest, "Cannot perform that action: file is a directory."
 	}
 	if filesystem.IsErrorCode(e.err, filesystem.ErrCodeDiskSpace) || strings.Contains(e.err.Error(), "filesystem: not enough disk space") {
-		return http.StatusBadRequest, "Cannot perform that action: file is a directory."
+		return http.StatusBadRequest, "Cannot perform that action: not enough disk space available."
 	}
 	if strings.HasSuffix(e.err.Error(), "file name too long") {
 		return http.StatusBadRequest, "Cannot perform that action: file name is too long."

router/middleware.go

@@ -2,6 +2,7 @@ package router
 
 import (
 	"github.com/gin-gonic/gin"
+
 	"github.com/pterodactyl/wings/router/middleware"
 	"github.com/pterodactyl/wings/server"
 )

router/middleware/middleware.go

@@ -12,6 +12,7 @@ import (
 	"github.com/apex/log"
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
+
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/remote"
 	"github.com/pterodactyl/wings/server"
@@ -62,7 +63,7 @@ func (re *RequestError) Abort(c *gin.Context, status int) {
 	// server triggered this error.
 	if s, ok := c.Get("server"); ok {
 		if s, ok := s.(*server.Server); ok {
-			event = event.WithField("server_id", s.Id())
+			event = event.WithField("server_id", s.ID())
 		}
 	}
 
@@ -262,14 +263,14 @@ func ServerExists() gin.HandlerFunc {
 		if c.Param("server") != "" {
 			manager := ExtractManager(c)
 			s = manager.Find(func(s *server.Server) bool {
-				return c.Param("server") == s.Id()
+				return c.Param("server") == s.ID()
 			})
 		}
 		if s == nil {
 			c.AbortWithStatusJSON(http.StatusNotFound, gin.H{"error": "The requested resource does not exist on this instance."})
 			return
 		}
-		c.Set("logger", ExtractLogger(c).WithField("server_id", s.Id()))
+		c.Set("logger", ExtractLogger(c).WithField("server_id", s.ID()))
 		c.Set("server", s)
 		c.Next()
 	}

router/router.go

@@ -3,6 +3,7 @@ package router
 import (
 	"github.com/apex/log"
 	"github.com/gin-gonic/gin"
+
 	"github.com/pterodactyl/wings/remote"
 	"github.com/pterodactyl/wings/router/middleware"
 	"github.com/pterodactyl/wings/server"

router/router_download.go

@@ -8,6 +8,7 @@ import (
 	"strconv"
 
 	"github.com/gin-gonic/gin"
+
 	"github.com/pterodactyl/wings/router/middleware"
 	"github.com/pterodactyl/wings/router/tokens"
 	"github.com/pterodactyl/wings/server/backup"

router/router_server.go

@@ -10,25 +10,16 @@ import (
 	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/gin-gonic/gin"
+
 	"github.com/pterodactyl/wings/router/downloader"
 	"github.com/pterodactyl/wings/router/middleware"
 	"github.com/pterodactyl/wings/router/tokens"
 	"github.com/pterodactyl/wings/server"
 )
 
-type serverProcData struct {
-	server.ResourceUsage
-	Suspended bool `json:"suspended"`
-}
-
 // Returns a single server from the collection of servers.
 func getServer(c *gin.Context) {
-	s := ExtractServer(c)
+	c.JSON(http.StatusOK, ExtractServer(c).ToAPIResponse())
-
-	c.JSON(http.StatusOK, serverProcData{
-		ResourceUsage: s.Proc(),
-		Suspended:     s.IsSuspended(),
-	})
 }
 
 // Returns the logs for a given server instance.
@@ -205,7 +196,7 @@ func deleteServer(c *gin.Context) {
 	s.Websockets().CancelAll()
 
 	// Remove any pending remote file downloads for the server.
-	for _, dl := range downloader.ByServer(s.Id()) {
+	for _, dl := range downloader.ByServer(s.ID()) {
 		dl.Cancel()
 	}
 
@@ -230,7 +221,7 @@ func deleteServer(c *gin.Context) {
 	}(s.Filesystem().Path())
 
 	middleware.ExtractManager(c).Remove(func(server *server.Server) bool {
-		return server.Id() == s.Id()
+		return server.ID() == s.ID()
 	})
 
 	// Deallocate the reference to this server.

router/router_server_backup.go

@@ -8,6 +8,7 @@ import (
 	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/gin-gonic/gin"
+
 	"github.com/pterodactyl/wings/router/middleware"
 	"github.com/pterodactyl/wings/server"
 	"github.com/pterodactyl/wings/server/backup"
@@ -42,7 +43,7 @@ func postServerBackup(c *gin.Context) {
 	// Attach the server ID and the request ID to the adapter log context for easier
 	// parsing in the logs.
 	adapter.WithLogContext(map[string]interface{}{
-		"server":     s.Id(),
+		"server":     s.ID(),
 		"request_id": c.GetString("request_id"),
 	})
 

router/router_server_files.go

@@ -3,6 +3,7 @@ package router
 import (
 	"bufio"
 	"context"
+	"io"
 	"mime/multipart"
 	"net/http"
 	"net/url"
@@ -15,12 +16,13 @@ import (
 	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/gin-gonic/gin"
+	"golang.org/x/sync/errgroup"
+
 	"github.com/pterodactyl/wings/router/downloader"
 	"github.com/pterodactyl/wings/router/middleware"
 	"github.com/pterodactyl/wings/router/tokens"
 	"github.com/pterodactyl/wings/server"
 	"github.com/pterodactyl/wings/server/filesystem"
-	"golang.org/x/sync/errgroup"
 )
 
 // getServerFileContents returns the contents of a file on the server.
@@ -43,8 +45,16 @@ func getServerFileContents(c *gin.Context) {
 		c.Header("Content-Type", "application/octet-stream")
 	}
 	defer c.Writer.Flush()
-	_, err = bufio.NewReader(f).WriteTo(c.Writer)
+	// If you don't do a limited reader here you will trigger a panic on write when
-	if err != nil {
+	// a different server process writes content to the file after you've already
+	// determined the file size. This could lead to some weird content output but
+	// it would technically be accurate based on the content at the time of the request.
+	//
+	// "http: wrote more than the declared Content-Length"
+	//
+	// @see https://github.com/pterodactyl/panel/issues/3131
+	r := io.LimitReader(f, st.Size())
+	if _, err = bufio.NewReader(r).WriteTo(c.Writer); err != nil {
 		// Pretty sure this will unleash chaos on the response, but its a risk we can
 		// take since a panic will at least be recovered and this should be incredibly
 		// rare?
@@ -236,7 +246,7 @@ func postServerWriteFile(c *gin.Context) {
 func getServerPullingFiles(c *gin.Context) {
 	s := ExtractServer(c)
 	c.JSON(http.StatusOK, gin.H{
-		"downloads": downloader.ByServer(s.Id()),
+		"downloads": downloader.ByServer(s.ID()),
 	})
 }
 
@@ -244,13 +254,20 @@ func getServerPullingFiles(c *gin.Context) {
 func postServerPullRemoteFile(c *gin.Context) {
 	s := ExtractServer(c)
 	var data struct {
+		// Deprecated
+		Directory string `binding:"required_without=RootPath,omitempty" json:"directory"`
+		RootPath  string `binding:"required_without=Directory,omitempty" json:"root"`
 		URL       string `binding:"required" json:"url"`
-		Directory string `binding:"required,omitempty" json:"directory"`
 	}
 	if err := c.BindJSON(&data); err != nil {
 		return
 	}
 
+	// Handle the deprecated Directory field in the struct until it is removed.
+	if data.Directory != "" && data.RootPath == "" {
+		data.RootPath = data.Directory
+	}
+
 	u, err := url.Parse(data.URL)
 	if err != nil {
 		if e, ok := err.(*url.Error); ok {
@@ -268,7 +285,7 @@ func postServerPullRemoteFile(c *gin.Context) {
 		return
 	}
 	// Do not allow more than three simultaneous remote file downloads at one time.
-	if len(downloader.ByServer(s.Id())) >= 3 {
+	if len(downloader.ByServer(s.ID())) >= 3 {
 		c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{
 			"error": "This server has reached its limit of 3 simultaneous remote file downloads at once. Please wait for one to complete before trying again.",
 		})
@@ -276,11 +293,11 @@ func postServerPullRemoteFile(c *gin.Context) {
 	}
 
 	dl := downloader.New(s, downloader.DownloadRequest{
+		Directory: data.RootPath,
 		URL:       u,
-		Directory: data.Directory,
 	})
 
-	// Execute this pull in a seperate thread since it may take a long time to complete.
+	// Execute this pull in a separate thread since it may take a long time to complete.
 	go func() {
 		s.Log().WithField("download_id", dl.Identifier).WithField("url", u.String()).Info("starting pull of remote file to disk")
 		if err := dl.Execute(); err != nil {
@@ -374,8 +391,6 @@ func postServerCompressFiles(c *gin.Context) {
 // of unpacking an archive that exists on the server into the provided RootPath
 // for the server.
 func postServerDecompressFiles(c *gin.Context) {
-	s := middleware.ExtractServer(c)
-	lg := middleware.ExtractLogger(c)
 	var data struct {
 		RootPath string `json:"root"`
 		File     string `json:"file"`
@@ -384,7 +399,8 @@ func postServerDecompressFiles(c *gin.Context) {
 		return
 	}
 
-	lg = lg.WithFields(log.Fields{"root_path": data.RootPath, "file": data.File})
+	s := middleware.ExtractServer(c)
+	lg := middleware.ExtractLogger(c).WithFields(log.Fields{"root_path": data.RootPath, "file": data.File})
 	lg.Debug("checking if space is available for file decompression")
 	err := s.Filesystem().SpaceAvailableForDecompression(data.RootPath, data.File)
 	if err != nil {
@@ -403,7 +419,7 @@ func postServerDecompressFiles(c *gin.Context) {
 		// much we specifically can do. They'll need to stop the running server process in order to overwrite
 		// a file like this.
 		if strings.Contains(err.Error(), "text file busy") {
-			lg.WithField("error", err).Warn("failed to decompress file: text file busy")
+			lg.WithField("error", errors.WithStackIf(err)).Warn("failed to decompress file: text file busy")
 			c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{
 				"error": "One or more files this archive is attempting to overwrite are currently in use by another process. Please try again.",
 			})

router/router_server_ws.go

@@ -7,6 +7,7 @@ import (
 
 	"github.com/gin-gonic/gin"
 	ws "github.com/gorilla/websocket"
+
 	"github.com/pterodactyl/wings/router/middleware"
 	"github.com/pterodactyl/wings/router/websocket"
 )

router/router_system.go

@@ -2,14 +2,18 @@ package router
 
 import (
 	"bytes"
+	"context"
+	"errors"
 	"net/http"
 	"strings"
 
 	"github.com/apex/log"
 	"github.com/gin-gonic/gin"
+
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/installer"
 	"github.com/pterodactyl/wings/router/middleware"
+	"github.com/pterodactyl/wings/server"
 	"github.com/pterodactyl/wings/system"
 )
 
@@ -28,7 +32,12 @@ func getSystemInformation(c *gin.Context) {
 // Returns all of the servers that are registered and configured correctly on
 // this wings instance.
 func getAllServers(c *gin.Context) {
-	c.JSON(http.StatusOK, middleware.ExtractManager(c).All())
+	servers := middleware.ExtractManager(c).All()
+	out := make([]server.APIResponse, len(servers), len(servers))
+	for i, v := range servers {
+		out[i] = v.ToAPIResponse()
+	}
+	c.JSON(http.StatusOK, out)
 }
 
 // Creates a new server on the wings daemon and begins the installation process
@@ -59,14 +68,30 @@ func postCreateServer(c *gin.Context) {
 	// cycle. If there are any errors they will be logged and communicated back
 	// to the Panel where a reinstall may take place.
 	go func(i *installer.Installer) {
-		err := i.Server().CreateEnvironment()
+		if err := i.Server().CreateEnvironment(); err != nil {
-		if err != nil {
 			i.Server().Log().WithField("error", err).Error("failed to create server environment during install process")
 			return
 		}
 
 		if err := i.Server().Install(false); err != nil {
 			log.WithFields(log.Fields{"server": i.Uuid(), "error": err}).Error("failed to run install process for server")
+			return
+		}
+
+		if i.Server().Config().StartOnCompletion {
+			log.WithField("server_id", i.Server().ID()).Debug("starting server after successful installation")
+			if err := i.Server().HandlePowerAction(server.PowerActionStart, 30); err != nil {
+				if errors.Is(err, context.DeadlineExceeded) {
+					log.WithFields(log.Fields{"server_id": i.Server().ID(), "action": "start"}).
+						Warn("could not acquire a lock while attempting to perform a power action")
+				} else {
+					log.WithFields(log.Fields{"server_id": i.Server().ID(), "action": "start", "error": err}).
+						Error("encountered error processing a server power action in the background")
+				}
+			}
+		} else {
+			log.WithField("server_id", i.Server().ID()).
+				Debug("skipping automatic start after successful server installation")
 		}
 	}(install)
 

router/router_transfer.go

@@ -23,6 +23,7 @@ import (
 	"github.com/juju/ratelimit"
 	"github.com/mholt/archiver/v3"
 	"github.com/mitchellh/colorstring"
+
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/installer"
 	"github.com/pterodactyl/wings/remote"
@@ -75,14 +76,14 @@ func getServerArchive(c *gin.Context) {
 	}
 
 	s := ExtractServer(c)
-	if token.Subject != s.Id() {
+	if token.Subject != s.ID() {
 		c.AbortWithStatusJSON(http.StatusForbidden, gin.H{
 			"error": "Missing required token subject, or subject is not valid for the requested server.",
 		})
 		return
 	}
 
-	archivePath := getArchivePath(s.Id())
+	archivePath := getArchivePath(s.ID())
 
 	// Stat the archive file.
 	st, err := os.Lstat(archivePath)
@@ -123,7 +124,7 @@ func getServerArchive(c *gin.Context) {
 	c.Header("X-Checksum", checksum)
 	c.Header("X-Mime-Type", "application/tar+gzip")
 	c.Header("Content-Length", strconv.Itoa(int(st.Size())))
-	c.Header("Content-Disposition", "attachment; filename="+strconv.Quote(s.Id()+".tar.gz"))
+	c.Header("Content-Disposition", "attachment; filename="+strconv.Quote(s.ID()+".tar.gz"))
 	c.Header("Content-Type", "application/octet-stream")
 
 	_, _ = bufio.NewReader(f).WriteTo(c.Writer)
@@ -134,7 +135,7 @@ func postServerArchive(c *gin.Context) {
 	manager := middleware.ExtractManager(c)
 
 	go func(s *server.Server) {
-		l := log.WithField("server", s.Id())
+		l := log.WithField("server", s.ID())
 
 		// This function automatically adds the Source Node prefix and Timestamp to the log
 		// output before sending it over the websocket.
@@ -157,7 +158,7 @@ func postServerArchive(c *gin.Context) {
 			s.Events().Publish(server.TransferStatusEvent, "failure")
 
 			sendTransferLog("Attempting to notify panel of archive failure..")
-			if err := manager.Client().SetArchiveStatus(s.Context(), s.Id(), false); err != nil {
+			if err := manager.Client().SetArchiveStatus(s.Context(), s.ID(), false); err != nil {
 				if !remote.IsRequestError(err) {
 					sendTransferLog("Failed to notify panel of archive failure: " + err.Error())
 					l.WithField("error", err).Error("failed to notify panel of failed archive status")
@@ -190,7 +191,7 @@ func postServerArchive(c *gin.Context) {
 		}
 
 		// Attempt to get an archive of the server.
-		if err := a.Create(getArchivePath(s.Id())); err != nil {
+		if err := a.Create(getArchivePath(s.ID())); err != nil {
 			sendTransferLog("An error occurred while archiving the server: " + err.Error())
 			l.WithField("error", err).Error("failed to get transfer archive for server")
 			return
@@ -199,7 +200,7 @@ func postServerArchive(c *gin.Context) {
 		sendTransferLog("Successfully created archive, attempting to notify panel..")
 		l.Info("successfully created server transfer archive, notifying panel..")
 
-		if err := manager.Client().SetArchiveStatus(s.Context(), s.Id(), true); err != nil {
+		if err := manager.Client().SetArchiveStatus(s.Context(), s.ID(), true); err != nil {
 			if !remote.IsRequestError(err) {
 				sendTransferLog("Failed to notify panel of archive success: " + err.Error())
 				l.WithField("error", err).Error("failed to notify panel of successful archive status")
@@ -360,7 +361,7 @@ func postTransfer(c *gin.Context) {
 				sendTransferLog("Server transfer failed, check Wings logs for additional information.")
 				s.Events().Publish(server.TransferStatusEvent, "failure")
 				manager.Remove(func(match *server.Server) bool {
-					return match.Id() == s.Id()
+					return match.ID() == s.ID()
 				})
 
 				// If the transfer status was successful but the request failed, act like the transfer failed.

router/tokens/parser.go

@@ -1,9 +1,11 @@
 package tokens
 
 import (
-	"github.com/gbrlsnchs/jwt/v3"
-	"github.com/pterodactyl/wings/config"
 	"time"
+
+	"github.com/gbrlsnchs/jwt/v3"
+
+	"github.com/pterodactyl/wings/config"
 )
 
 type TokenData interface {

router/tokens/token_store.go

@@ -1,9 +1,10 @@
 package tokens
 
 import (
-	"github.com/patrickmn/go-cache"
 	"sync"
 	"time"
+
+	"github.com/patrickmn/go-cache"
 )
 
 type TokenStore struct {

router/tokens/websocket.go

@@ -2,11 +2,12 @@ package tokens
 
 import (
 	"encoding/json"
-	"github.com/apex/log"
-	"github.com/gbrlsnchs/jwt/v3"
 	"strings"
 	"sync"
 	"time"
+
+	"github.com/apex/log"
+	"github.com/gbrlsnchs/jwt/v3"
 )
 
 // The time at which Wings was booted. No JWT's created before this time are allowed to

router/websocket/listeners.go

@@ -2,9 +2,10 @@ package websocket
 
 import (
 	"context"
+	"time"
+
 	"github.com/pterodactyl/wings/events"
 	"github.com/pterodactyl/wings/server"
-	"time"
 )
 
 // Checks the time to expiration on the JWT every 30 seconds until the token has

router/websocket/websocket.go

@@ -2,22 +2,24 @@ package websocket
 
 import (
 	"context"
-	"emperror.dev/errors"
 	"encoding/json"
 	"fmt"
+	"net/http"
+	"strings"
+	"sync"
+	"time"
+
+	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/gbrlsnchs/jwt/v3"
 	"github.com/google/uuid"
 	"github.com/gorilla/websocket"
+
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/environment"
 	"github.com/pterodactyl/wings/environment/docker"
 	"github.com/pterodactyl/wings/router/tokens"
 	"github.com/pterodactyl/wings/server"
-	"net/http"
-	"strings"
-	"sync"
-	"time"
 )
 
 const (
@@ -55,11 +57,10 @@ func IsJwtError(err error) bool {
 		errors.Is(err, jwt.ErrExpValidation)
 }
 
-// Parses a JWT into a websocket token payload.
+// NewTokenPayload parses a JWT into a websocket token payload.
 func NewTokenPayload(token []byte) (*tokens.WebsocketPayload, error) {
-	payload := tokens.WebsocketPayload{}
+	var payload tokens.WebsocketPayload
-	err := tokens.ParseToken(token, &payload)
+	if err := tokens.ParseToken(token, &payload); err != nil {
-	if err != nil {
 		return nil, err
 	}
 
@@ -180,7 +181,7 @@ func (h *Handler) unsafeSendJson(v interface{}) error {
 	return h.Connection.WriteJSON(v)
 }
 
-// Checks if the JWT is still valid.
+// TokenValid checks if the JWT is still valid.
 func (h *Handler) TokenValid() error {
 	j := h.GetJwt()
 	if j == nil {
@@ -199,14 +200,14 @@ func (h *Handler) TokenValid() error {
 		return ErrJwtNoConnectPerm
 	}
 
-	if h.server.Id() != j.GetServerUuid() {
+	if h.server.ID() != j.GetServerUuid() {
 		return ErrJwtUuidMismatch
 	}
 
 	return nil
 }
 
-// Sends an error back to the connected websocket instance by checking the permissions
+// SendErrorJson sends an error back to the connected websocket instance by checking the permissions
 // of the token. If the user has the "receive-errors" grant we will send back the actual
 // error message, otherwise we just send back a standard error message.
 func (h *Handler) SendErrorJson(msg Message, err error, shouldLog ...bool) error {
@@ -236,7 +237,7 @@ func (h *Handler) SendErrorJson(msg Message, err error, shouldLog ...bool) error
 	return h.unsafeSendJson(wsm)
 }
 
-// Converts an error message into a more readable representation and returns a UUID
+// GetErrorMessage converts an error message into a more readable representation and returns a UUID
 // that can be cross-referenced to find the specific error that triggered.
 func (h *Handler) GetErrorMessage(msg string) (string, uuid.UUID) {
 	u := uuid.Must(uuid.NewRandom())
@@ -246,13 +247,7 @@ func (h *Handler) GetErrorMessage(msg string) (string, uuid.UUID) {
 	return m, u
 }
 
-// Sets the JWT for the websocket in a race-safe manner.
+// GetJwt returns the JWT for the websocket in a race-safe manner.
-func (h *Handler) setJwt(token *tokens.WebsocketPayload) {
-	h.Lock()
-	h.jwt = token
-	h.Unlock()
-}
-
 func (h *Handler) GetJwt() *tokens.WebsocketPayload {
 	h.RLock()
 	defer h.RUnlock()
@@ -260,7 +255,14 @@ func (h *Handler) GetJwt() *tokens.WebsocketPayload {
 	return h.jwt
 }
 
-// Handle the inbound socket request and route it to the proper server action.
+// setJwt sets the JWT for the websocket in a race-safe manner.
+func (h *Handler) setJwt(token *tokens.WebsocketPayload) {
+	h.Lock()
+	h.jwt = token
+	h.Unlock()
+}
+
+// HandleInbound handles an inbound socket request and route it to the proper action.
 func (h *Handler) HandleInbound(m Message) error {
 	if m.Event != AuthenticationEvent {
 		if err := h.TokenValid(); err != nil {

server/backup.go

@@ -2,12 +2,14 @@ package server
 
 import (
 	"io"
+	"io/fs"
 	"io/ioutil"
 	"os"
 
 	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/docker/docker/client"
+
 	"github.com/pterodactyl/wings/environment"
 	"github.com/pterodactyl/wings/remote"
 	"github.com/pterodactyl/wings/server/backup"
@@ -60,13 +62,13 @@ func (s *Server) Backup(b backup.BackupInterface) error {
 	ignored := b.Ignored()
 	if b.Ignored() == "" {
 		if i, err := s.getServerwideIgnoredFiles(); err != nil {
-			log.WithField("server", s.Id()).WithField("error", err).Warn("failed to get server-wide ignored files")
+			log.WithField("server", s.ID()).WithField("error", err).Warn("failed to get server-wide ignored files")
 		} else {
 			ignored = i
 		}
 	}
 
-	ad, err := b.Generate(s.Filesystem().Path(), ignored)
+	ad, err := b.Generate(s.Context(), s.Filesystem().Path(), ignored)
 	if err != nil {
 		if err := s.notifyPanelOfBackup(b.Identifier(), &backup.ArchiveDetails{}, false); err != nil {
 			s.Log().WithFields(log.Fields{
@@ -150,9 +152,12 @@ func (s *Server) RestoreBackup(b backup.BackupInterface, reader io.ReadCloser) (
 	// Attempt to restore the backup to the server by running through each entry
 	// in the file one at a time and writing them to the disk.
 	s.Log().Debug("starting file writing process for backup restoration")
-	err = b.Restore(reader, func(file string, r io.Reader) error {
+	err = b.Restore(s.Context(), reader, func(file string, r io.Reader, mode fs.FileMode) error {
 		s.Events().Publish(DaemonMessageEvent, "(restoring): "+file)
-		return s.Filesystem().Writefile(file, r)
+		if err := s.Filesystem().Writefile(file, r); err != nil {
+			return err
+		}
+		return s.Filesystem().Chmod(file, mode)
 	})
 
 	return errors.WithStackIf(err)

server/backup/backup.go

@@ -1,14 +1,18 @@
 package backup
 
 import (
+	"context"
 	"crypto/sha1"
 	"encoding/hex"
 	"io"
+	"io/fs"
 	"os"
 	"path"
-	"sync"
 
+	"emperror.dev/errors"
 	"github.com/apex/log"
+	"golang.org/x/sync/errgroup"
+
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/remote"
 )
@@ -22,22 +26,39 @@ const (
 
 // RestoreCallback is a generic restoration callback that exists for both local
 // and remote backups allowing the files to be restored.
-type RestoreCallback func(file string, r io.Reader) error
+type RestoreCallback func(file string, r io.Reader, mode fs.FileMode) error
 
-type ArchiveDetails struct {
+// noinspection GoNameStartsWithPackageName
-	Checksum     string `json:"checksum"`
+type BackupInterface interface {
-	ChecksumType string `json:"checksum_type"`
+	// SetClient sets the API request client on the backup interface.
-	Size         int64  `json:"size"`
+	SetClient(c remote.Client)
-}
+	// Identifier returns the UUID of this backup as tracked by the panel
-
+	// instance.
-// ToRequest returns a request object.
+	Identifier() string
-func (ad *ArchiveDetails) ToRequest(successful bool) remote.BackupRequest {
+	// WithLogContext attaches additional context to the log output for this
-	return remote.BackupRequest{
+	// backup.
-		Checksum:     ad.Checksum,
+	WithLogContext(map[string]interface{})
-		ChecksumType: ad.ChecksumType,
+	// Generate creates a backup in whatever the configured source for the
-		Size:         ad.Size,
+	// specific implementation is.
-		Successful:   successful,
+	Generate(ctx context.Context, basePath string, ignore string) (*ArchiveDetails, error)
-	}
+	// Ignored returns the ignored files for this backup instance.
+	Ignored() string
+	// Checksum returns a SHA1 checksum for the generated backup.
+	Checksum() ([]byte, error)
+	// Size returns the size of the generated backup.
+	Size() (int64, error)
+	// Path returns the path to the backup on the machine. This is not always
+	// the final storage location of the backup, simply the location we're using
+	// to store it until it is moved to the final spot.
+	Path() string
+	// Details returns details about the archive.
+	Details(ctx context.Context) (*ArchiveDetails, error)
+	// Remove removes a backup file.
+	Remove() error
+	// Restore is called when a backup is ready to be restored to the disk from
+	// the given source. Not every backup implementation will support this nor
+	// will every implementation require a reader be provided.
+	Restore(ctx context.Context, reader io.Reader, callback RestoreCallback) error
 }
 
 type Backup struct {
@@ -54,39 +75,6 @@ type Backup struct {
 	logContext map[string]interface{}
 }
 
-// noinspection GoNameStartsWithPackageName
-type BackupInterface interface {
-	// SetClient sets the API request client on the backup interface.
-	SetClient(c remote.Client)
-	// Identifier returns the UUID of this backup as tracked by the panel
-	// instance.
-	Identifier() string
-	// WithLogContext attaches additional context to the log output for this
-	// backup.
-	WithLogContext(map[string]interface{})
-	// Generate creates a backup in whatever the configured source for the
-	// specific implementation is.
-	Generate(string, string) (*ArchiveDetails, error)
-	// Ignored returns the ignored files for this backup instance.
-	Ignored() string
-	// Checksum returns a SHA1 checksum for the generated backup.
-	Checksum() ([]byte, error)
-	// Size returns the size of the generated backup.
-	Size() (int64, error)
-	// Path returns the path to the backup on the machine. This is not always
-	// the final storage location of the backup, simply the location we're using
-	// to store it until it is moved to the final spot.
-	Path() string
-	// Details returns details about the archive.
-	Details() *ArchiveDetails
-	// Remove removes a backup file.
-	Remove() error
-	// Restore is called when a backup is ready to be restored to the disk from
-	// the given source. Not every backup implementation will support this nor
-	// will every implementation require a reader be provided.
-	Restore(reader io.Reader, callback RestoreCallback) error
-}
-
 func (b *Backup) SetClient(c remote.Client) {
 	b.client = c
 }
@@ -95,12 +83,12 @@ func (b *Backup) Identifier() string {
 	return b.Uuid
 }
 
-// Returns the path for this specific backup.
+// Path returns the path for this specific backup.
 func (b *Backup) Path() string {
 	return path.Join(config.Get().System.BackupDirectory, b.Identifier()+".tar.gz")
 }
 
-// Return the size of the generated backup.
+// Size returns the size of the generated backup.
 func (b *Backup) Size() (int64, error) {
 	st, err := os.Stat(b.Path())
 	if err != nil {
@@ -110,7 +98,7 @@ func (b *Backup) Size() (int64, error) {
 	return st.Size(), nil
 }
 
-// Returns the SHA256 checksum of a backup.
+// Checksum returns the SHA256 checksum of a backup.
 func (b *Backup) Checksum() ([]byte, error) {
 	h := sha1.New()
 
@@ -128,51 +116,34 @@ func (b *Backup) Checksum() ([]byte, error) {
 	return h.Sum(nil), nil
 }
 
-// Returns details of the archive by utilizing two go-routines to get the checksum and
+// Details returns both the checksum and size of the archive currently stored on
-// the size of the archive.
+// the disk to the caller.
-func (b *Backup) Details() *ArchiveDetails {
+func (b *Backup) Details(ctx context.Context) (*ArchiveDetails, error) {
-	wg := sync.WaitGroup{}
+	ad := ArchiveDetails{ChecksumType: "sha1"}
-	wg.Add(2)
+	g, ctx := errgroup.WithContext(ctx)
 
-	l := log.WithField("backup_id", b.Uuid)
+	g.Go(func() error {
-
-	var checksum string
-	// Calculate the checksum for the file.
-	go func() {
-		defer wg.Done()
-
-		l.Info("computing checksum for backup...")
 		resp, err := b.Checksum()
 		if err != nil {
-			log.WithFields(log.Fields{
+			return err
-				"backup": b.Identifier(),
-				"error":  err,
-			}).Error("failed to calculate checksum for backup")
-			return
 		}
+		ad.Checksum = hex.EncodeToString(resp)
+		return nil
+	})
 
-		checksum = hex.EncodeToString(resp)
+	g.Go(func() error {
-		l.WithField("checksum", checksum).Info("computed checksum for backup")
+		s, err := b.Size()
-	}()
+		if err != nil {
-
+			return err
-	var sz int64
-	go func() {
-		defer wg.Done()
-
-		if s, err := b.Size(); err != nil {
-			return
-		} else {
-			sz = s
 		}
-	}()
+		ad.Size = s
+		return nil
+	})
 
-	wg.Wait()
+	if err := g.Wait(); err != nil {
-
+		return nil, errors.WithStackDepth(err, 1)
-	return &ArchiveDetails{
-		Checksum:     checksum,
-		ChecksumType: "sha1",
-		Size:         sz,
 	}
+	return &ad, nil
 }
 
 func (b *Backup) Ignored() string {
@@ -188,3 +159,19 @@ func (b *Backup) log() *log.Entry {
 	}
 	return l
 }
+
+type ArchiveDetails struct {
+	Checksum     string `json:"checksum"`
+	ChecksumType string `json:"checksum_type"`
+	Size         int64  `json:"size"`
+}
+
+// ToRequest returns a request object.
+func (ad *ArchiveDetails) ToRequest(successful bool) remote.BackupRequest {
+	return remote.BackupRequest{
+		Checksum:     ad.Checksum,
+		ChecksumType: ad.ChecksumType,
+		Size:         ad.Size,
+		Successful:   successful,
+	}
+}

server/backup/backup_local.go

@@ -1,14 +1,15 @@
 package backup
 
 import (
-	"errors"
+	"context"
-	"github.com/pterodactyl/wings/server/filesystem"
 	"io"
 	"os"
 
+	"emperror.dev/errors"
 	"github.com/mholt/archiver/v3"
+
 	"github.com/pterodactyl/wings/remote"
-	"github.com/pterodactyl/wings/system"
+	"github.com/pterodactyl/wings/server/filesystem"
 )
 
 type LocalBackup struct {
@@ -56,32 +57,38 @@ func (b *LocalBackup) WithLogContext(c map[string]interface{}) {
 
 // Generate generates a backup of the selected files and pushes it to the
 // defined location for this instance.
-func (b *LocalBackup) Generate(basePath, ignore string) (*ArchiveDetails, error) {
+func (b *LocalBackup) Generate(ctx context.Context, basePath, ignore string) (*ArchiveDetails, error) {
 	a := &filesystem.Archive{
 		BasePath: basePath,
 		Ignore:   ignore,
 	}
 
-	b.log().Info("creating backup for server...")
+	b.log().WithField("path", b.Path()).Info("creating backup for server")
 	if err := a.Create(b.Path()); err != nil {
 		return nil, err
 	}
 	b.log().Info("created backup successfully")
 
-	return b.Details(), nil
+	ad, err := b.Details(ctx)
+	if err != nil {
+		return nil, errors.WrapIf(err, "backup: failed to get archive details for local backup")
+	}
+	return ad, nil
 }
 
 // Restore will walk over the archive and call the callback function for each
 // file encountered.
-func (b *LocalBackup) Restore(_ io.Reader, callback RestoreCallback) error {
+func (b *LocalBackup) Restore(ctx context.Context, _ io.Reader, callback RestoreCallback) error {
 	return archiver.Walk(b.Path(), func(f archiver.File) error {
+		select {
+		case <-ctx.Done():
+			// Stop walking if the context is canceled.
+			return archiver.ErrStopWalk
+		default:
 			if f.IsDir() {
 				return nil
 			}
-		name, err := system.ExtractArchiveSourceName(f, "/")
+			return callback(filesystem.ExtractNameFromArchive(f), f, f.Mode())
-		if err != nil {
-			return err
 		}
-		return callback(name, f)
 	})
 }

server/backup/backup_s3.go

@@ -5,13 +5,19 @@ import (
 	"compress/gzip"
 	"context"
 	"fmt"
-	"github.com/pterodactyl/wings/server/filesystem"
 	"io"
 	"net/http"
 	"os"
 	"strconv"
+	"time"
+
+	"emperror.dev/errors"
+	"github.com/cenkalti/backoff/v4"
+
+	"github.com/pterodactyl/wings/server/filesystem"
 
 	"github.com/juju/ratelimit"
+
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/remote"
 )
@@ -45,7 +51,7 @@ func (s *S3Backup) WithLogContext(c map[string]interface{}) {
 
 // Generate creates a new backup on the disk, moves it into the S3 bucket via
 // the provided presigned URL, and then deletes the backup from the disk.
-func (s *S3Backup) Generate(basePath, ignore string) (*ArchiveDetails, error) {
+func (s *S3Backup) Generate(ctx context.Context, basePath, ignore string) (*ArchiveDetails, error) {
 	defer s.Remove()
 
 	a := &filesystem.Archive{
@@ -53,7 +59,7 @@ func (s *S3Backup) Generate(basePath, ignore string) (*ArchiveDetails, error) {
 		Ignore:   ignore,
 	}
 
-	s.log().Info("creating backup for server...")
+	s.log().WithField("path", s.Path()).Info("creating backup for server")
 	if err := a.Create(s.Path()); err != nil {
 		return nil, err
 	}
@@ -61,29 +67,65 @@ func (s *S3Backup) Generate(basePath, ignore string) (*ArchiveDetails, error) {
 
 	rc, err := os.Open(s.Path())
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrap(err, "backup: could not read archive from disk")
 	}
 	defer rc.Close()
 
-	if err := s.generateRemoteRequest(rc); err != nil {
+	if err := s.generateRemoteRequest(ctx, rc); err != nil {
 		return nil, err
 	}
-
+	ad, err := s.Details(ctx)
-	return s.Details(), nil
+	if err != nil {
+		return nil, errors.WrapIf(err, "backup: failed to get archive details after upload")
+	}
+	return ad, nil
 }
 
-// Reader provides a wrapper around an existing io.Reader
+// Restore will read from the provided reader assuming that it is a gzipped
-// but implements io.Closer in order to satisfy an io.ReadCloser.
+// tar reader. When a file is encountered in the archive the callback function
-type Reader struct {
+// will be triggered. If the callback returns an error the entire process is
-	io.Reader
+// stopped, otherwise this function will run until all files have been written.
+//
+// This restoration uses a workerpool to use up to the number of CPUs available
+// on the machine when writing files to the disk.
+func (s *S3Backup) Restore(ctx context.Context, r io.Reader, callback RestoreCallback) error {
+	reader := r
+	// Steal the logic we use for making backups which will be applied when restoring
+	// this specific backup. This allows us to prevent overloading the disk unintentionally.
+	if writeLimit := int64(config.Get().System.Backups.WriteLimit * 1024 * 1024); writeLimit > 0 {
+		reader = ratelimit.Reader(r, ratelimit.NewBucketWithRate(float64(writeLimit), writeLimit))
+	}
+	gr, err := gzip.NewReader(reader)
+	if err != nil {
+		return err
+	}
+	defer gr.Close()
+	tr := tar.NewReader(gr)
+	for {
+		select {
+		case <-ctx.Done():
+			return nil
+		default:
+			// Do nothing, fall through to the next block of code in this loop.
+		}
+		header, err := tr.Next()
+		if err != nil {
+			if err == io.EOF {
+				break
+			}
+			return err
+		}
+		if header.Typeflag == tar.TypeReg {
+			if err := callback(header.Name, tr, header.FileInfo().Mode()); err != nil {
+				return err
+			}
+		}
 	}
-
-func (Reader) Close() error {
 	return nil
 }
 
 // Generates the remote S3 request and begins the upload.
-func (s *S3Backup) generateRemoteRequest(rc io.ReadCloser) error {
+func (s *S3Backup) generateRemoteRequest(ctx context.Context, rc io.ReadCloser) error {
 	defer rc.Close()
 
 	s.log().Debug("attempting to get size of backup...")
@@ -101,37 +143,7 @@ func (s *S3Backup) generateRemoteRequest(rc io.ReadCloser) error {
 	s.log().Debug("got S3 upload urls from the Panel")
 	s.log().WithField("parts", len(urls.Parts)).Info("attempting to upload backup to s3 endpoint...")
 
-	handlePart := func(part string, size int64) (string, error) {
+	uploader := newS3FileUploader(rc)
-		r, err := http.NewRequest(http.MethodPut, part, nil)
-		if err != nil {
-			return "", err
-		}
-
-		r.ContentLength = size
-		r.Header.Add("Content-Length", strconv.Itoa(int(size)))
-		r.Header.Add("Content-Type", "application/x-gzip")
-
-		// Limit the reader to the size of the part.
-		r.Body = Reader{Reader: io.LimitReader(rc, size)}
-
-		// This http request can block forever due to it not having a timeout,
-		// but we are uploading up to 5GB of data, so there is not really
-		// a good way to handle a timeout on this.
-		res, err := http.DefaultClient.Do(r)
-		if err != nil {
-			return "", err
-		}
-		defer res.Body.Close()
-
-		// Handle non-200 status codes.
-		if res.StatusCode != http.StatusOK {
-			return "", fmt.Errorf("failed to put S3 object part, %d:%s", res.StatusCode, res.Status)
-		}
-
-		// Get the ETag from the uploaded part, this should be sent with the CompleteMultipartUpload request.
-		return res.Header.Get("ETag"), nil
-	}
-
 	for i, part := range urls.Parts {
 		// Get the size for the current part.
 		var partSize int64
@@ -144,7 +156,7 @@ func (s *S3Backup) generateRemoteRequest(rc io.ReadCloser) error {
 		}
 
 		// Attempt to upload the part.
-		if _, err := handlePart(part, partSize); err != nil {
+		if _, err := uploader.uploadPart(ctx, part, partSize); err != nil {
 			s.log().WithField("part_id", i+1).WithError(err).Warn("failed to upload part")
 			return err
 		}
@@ -157,39 +169,97 @@ func (s *S3Backup) generateRemoteRequest(rc io.ReadCloser) error {
 	return nil
 }
 
-// Restore will read from the provided reader assuming that it is a gzipped
+type s3FileUploader struct {
-// tar reader. When a file is encountered in the archive the callback function
+	io.ReadCloser
-// will be triggered. If the callback returns an error the entire process is
+	client *http.Client
-// stopped, otherwise this function will run until all files have been written.
+}
+
+// newS3FileUploader returns a new file uploader instance.
+func newS3FileUploader(file io.ReadCloser) *s3FileUploader {
+	return &s3FileUploader{
+		ReadCloser: file,
+		// We purposefully use a super high timeout on this request since we need to upload
+		// a 5GB file. This assumes at worst a 10Mbps connection for uploading. While technically
+		// you could go slower we're targeting mostly hosted servers that should have 100Mbps
+		// connections anyways.
+		client: &http.Client{Timeout: time.Hour * 2},
+	}
+}
+
+// backoff returns a new expoential backoff implementation using a context that
+// will also stop the backoff if it is canceled.
+func (fu *s3FileUploader) backoff(ctx context.Context) backoff.BackOffContext {
+	b := backoff.NewExponentialBackOff()
+	b.Multiplier = 2
+	b.MaxElapsedTime = time.Minute
+
+	return backoff.WithContext(b, ctx)
+}
+
+// uploadPart attempts to upload a given S3 file part to the S3 system. If a
+// 5xx error is returned from the endpoint this will continue with an exponential
+// backoff to try and successfully upload the part.
 //
-// This restoration uses a workerpool to use up to the number of CPUs available
+// Once uploaded the ETag is returned to the caller.
-// on the machine when writing files to the disk.
+func (fu *s3FileUploader) uploadPart(ctx context.Context, part string, size int64) (string, error) {
-func (s *S3Backup) Restore(r io.Reader, callback RestoreCallback) error {
+	r, err := http.NewRequestWithContext(ctx, http.MethodPut, part, nil)
-	reader := r
-	// Steal the logic we use for making backups which will be applied when restoring
-	// this specific backup. This allows us to prevent overloading the disk unintentionally.
-	if writeLimit := int64(config.Get().System.Backups.WriteLimit * 1024 * 1024); writeLimit > 0 {
-		reader = ratelimit.Reader(r, ratelimit.NewBucketWithRate(float64(writeLimit), writeLimit))
-	}
-	gr, err := gzip.NewReader(reader)
 	if err != nil {
-		return err
+		return "", errors.Wrap(err, "backup: could not create request for S3")
 	}
-	defer gr.Close()
+
-	tr := tar.NewReader(gr)
+	r.ContentLength = size
-	for {
+	r.Header.Add("Content-Length", strconv.Itoa(int(size)))
-		header, err := tr.Next()
+	r.Header.Add("Content-Type", "application/x-gzip")
+
+	// Limit the reader to the size of the part.
+	r.Body = Reader{Reader: io.LimitReader(fu.ReadCloser, size)}
+
+	var etag string
+	err = backoff.Retry(func() error {
+		res, err := fu.client.Do(r)
 		if err != nil {
-			if err == io.EOF {
+			if errors.Is(err, context.DeadlineExceeded) || errors.Is(err, context.Canceled) {
-				break
+				return backoff.Permanent(err)
 			}
+			// Don't use a permanent error here, if there is a temporary resolution error with
+			// the URL due to DNS issues we want to keep re-trying.
+			return errors.Wrap(err, "backup: S3 HTTP request failed")
+		}
+		_ = res.Body.Close()
+
+		if res.StatusCode != http.StatusOK {
+			err := errors.New(fmt.Sprintf("backup: failed to put S3 object: [HTTP/%d] %s", res.StatusCode, res.Status))
+			// Only attempt a backoff retry if this error is because of a 5xx error from
+			// the S3 endpoint. Any 4xx error should be treated as an error that a retry
+			// would not fix.
+			if res.StatusCode >= http.StatusInternalServerError {
 				return err
 			}
-		if header.Typeflag == tar.TypeReg {
+			return backoff.Permanent(err)
-			if err := callback(header.Name, tr); err != nil {
-				return err
 		}
+
+		// Get the ETag from the uploaded part, this should be sent with the
+		// CompleteMultipartUpload request.
+		etag = res.Header.Get("ETag")
+
+		return nil
+	}, fu.backoff(ctx))
+
+	if err != nil {
+		if v, ok := err.(*backoff.PermanentError); ok {
+			return "", v.Unwrap()
 		}
+		return "", err
 	}
+	return etag, nil
+}
+
+// Reader provides a wrapper around an existing io.Reader
+// but implements io.Closer in order to satisfy an io.ReadCloser.
+type Reader struct {
+	io.Reader
+}
+
+func (Reader) Close() error {
 	return nil
 }

server/configuration.go

@@ -8,7 +8,7 @@ import (
 
 type EggConfiguration struct {
 	// The internal UUID of the Egg on the Panel.
-	ID string
+	ID string `json:"id"`
 
 	// Maintains a list of files that are blacklisted for opening/editing/downloading
 	// or basically any type of access on the server by any user. This is NOT the same
@@ -33,7 +33,9 @@ type Configuration struct {
 
 	// By default this is false, however if selected within the Panel while installing or re-installing a
 	// server, specific installation scripts will be skipped for the server process.
-	SkipEggScripts bool `default:"false" json:"skip_egg_scripts"`
+	SkipEggScripts bool `json:"skip_egg_scripts"`
+
+	StartOnCompletion bool `json:"start_on_completion"`
 
 	// An array of environment variables that should be passed along to the running
 	// server process.
@@ -41,9 +43,8 @@ type Configuration struct {
 
 	Allocations           environment.Allocations `json:"allocations"`
 	Build                 environment.Limits      `json:"build"`
-	CrashDetectionEnabled bool                    `default:"true" json:"enabled" yaml:"enabled"`
+	CrashDetectionEnabled bool                    `json:"crash_detection_enabled"`
 	Mounts                []Mount                 `json:"mounts"`
-	Resources             ResourceUsage           `json:"resources"`
 	Egg                   EggConfiguration        `json:"egg,omitempty"`
 
 	Container struct {
@@ -55,34 +56,30 @@ type Configuration struct {
 func (s *Server) Config() *Configuration {
 	s.cfg.mu.RLock()
 	defer s.cfg.mu.RUnlock()
-
 	return &s.cfg
 }
 
-// Returns the amount of disk space available to a server in bytes.
+// DiskSpace returns the amount of disk space available to a server in bytes.
 func (s *Server) DiskSpace() int64 {
 	s.cfg.mu.RLock()
 	defer s.cfg.mu.RUnlock()
-
 	return s.cfg.Build.DiskSpace * 1024.0 * 1024.0
 }
 
 func (s *Server) MemoryLimit() int64 {
 	s.cfg.mu.RLock()
 	defer s.cfg.mu.RUnlock()
-
 	return s.cfg.Build.MemoryLimit
 }
 
 func (c *Configuration) GetUuid() string {
 	c.mu.RLock()
 	defer c.mu.RUnlock()
-
 	return c.Uuid
 }
 
 func (c *Configuration) SetSuspended(s bool) {
 	c.mu.Lock()
+	defer c.mu.Unlock()
 	c.Suspended = s
-	c.mu.Unlock()
 }

server/console.go

@@ -9,10 +9,16 @@ import (
 
 	"emperror.dev/errors"
 	"github.com/mitchellh/colorstring"
+
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/system"
 )
 
+// appName is a local cache variable to avoid having to make expensive copies of
+// the configuration every time we need to send output along to the websocket for
+// a server.
+var appName string
+
 var ErrTooMuchConsoleData = errors.New("console is outputting too much data")
 
 type ConsoleThrottler struct {
@@ -122,11 +128,14 @@ func (s *Server) Throttler() *ConsoleThrottler {
 	return s.throttler
 }
 
-// Sends output to the server console formatted to appear correctly as being sent
+// PublishConsoleOutputFromDaemon sends output to the server console formatted
-// from Wings.
+// to appear correctly as being sent from Wings.
 func (s *Server) PublishConsoleOutputFromDaemon(data string) {
+	if appName == "" {
+		appName = config.Get().AppName
+	}
 	s.Events().Publish(
 		ConsoleOutputEvent,
-		colorstring.Color(fmt.Sprintf("[yellow][bold][Pterodactyl Daemon]:[default] %s", data)),
+		colorstring.Color(fmt.Sprintf("[yellow][bold][%s Daemon]:[default] %s", appName, data)),
 	)
 }

server/filesystem/archive.go

@@ -3,6 +3,7 @@ package filesystem
 import (
 	"archive/tar"
 	"io"
+	"io/fs"
 	"os"
 	"path/filepath"
 	"strings"
@@ -13,8 +14,9 @@ import (
 	"github.com/juju/ratelimit"
 	"github.com/karrick/godirwalk"
 	"github.com/klauspost/pgzip"
+	ignore "github.com/sabhiram/go-gitignore"
+
 	"github.com/pterodactyl/wings/config"
-	"github.com/sabhiram/go-gitignore"
 )
 
 const memory = 4 * 1024
@@ -156,9 +158,15 @@ func (a *Archive) addToArchive(p string, rp string, w *tar.Writer) error {
 		return errors.WrapIff(err, "failed executing os.Lstat on '%s'", rp)
 	}
 
+	// Skip socket files as they are unsupported by archive/tar.
+	// Error will come from tar#FileInfoHeader: "archive/tar: sockets not supported"
+	if s.Mode()&fs.ModeSocket != 0 {
+		return nil
+	}
+
 	// Resolve the symlink target if the file is a symlink.
 	var target string
-	if s.Mode()&os.ModeSymlink != 0 {
+	if s.Mode()&fs.ModeSymlink != 0 {
 		// Read the target of the symlink. If there are any errors we will dump them out to
 		// the logs, but we're not going to stop the backup. There are far too many cases of
 		// symlinks causing all sorts of unnecessary pain in this process. Sucks to suck if
@@ -180,7 +188,7 @@ func (a *Archive) addToArchive(p string, rp string, w *tar.Writer) error {
 	}
 
 	// Fix the header name if the file is not a symlink.
-	if s.Mode()&os.ModeSymlink == 0 {
+	if s.Mode()&fs.ModeSymlink == 0 {
 		header.Name = rp
 	}
 

server/filesystem/compress.go

@@ -1,6 +1,9 @@
 package filesystem
 
 import (
+	"archive/tar"
+	"archive/zip"
+	"compress/gzip"
 	"fmt"
 	"os"
 	"path"
@@ -9,8 +12,8 @@ import (
 	"sync/atomic"
 	"time"
 
+	"emperror.dev/errors"
 	"github.com/mholt/archiver/v3"
-	"github.com/pterodactyl/wings/system"
 )
 
 // CompressFiles compresses all of the files matching the given paths in the
@@ -86,13 +89,13 @@ func (fs *Filesystem) SpaceAvailableForDecompression(dir string, file string) er
 	// Walk over the archive and figure out just how large the final output would be from unarchiving it.
 	err = archiver.Walk(source, func(f archiver.File) error {
 		if atomic.AddInt64(&size, f.Size())+dirSize > fs.MaxDisk() {
-			return &Error{code: ErrCodeDiskSpace}
+			return newFilesystemError(ErrCodeDiskSpace, nil)
 		}
 		return nil
 	})
 	if err != nil {
-		if strings.HasPrefix(err.Error(), "format ") {
+		if IsUnknownArchiveFormatError(err) {
-			return &Error{code: ErrCodeUnknownArchive}
+			return newFilesystemError(ErrCodeUnknownArchive, err)
 		}
 		return err
 	}
@@ -111,7 +114,7 @@ func (fs *Filesystem) DecompressFile(dir string, file string) error {
 	}
 	// Ensure that the source archive actually exists on the system.
 	if _, err := os.Stat(source); err != nil {
-		return err
+		return errors.WithStack(err)
 	}
 
 	// Walk all of the files in the archiver file and write them to the disk. If any
@@ -121,25 +124,57 @@ func (fs *Filesystem) DecompressFile(dir string, file string) error {
 		if f.IsDir() {
 			return nil
 		}
-		name, err := system.ExtractArchiveSourceName(f, dir)
+		p := filepath.Join(dir, ExtractNameFromArchive(f))
-		if err != nil {
-			return WrapError(err, filepath.Join(dir, f.Name()))
-		}
-		p := filepath.Join(dir, name)
 		// If it is ignored, just don't do anything with the file and skip over it.
 		if err := fs.IsIgnored(p); err != nil {
 			return nil
 		}
 		if err := fs.Writefile(p, f); err != nil {
-			return &Error{code: ErrCodeUnknownError, err: err, resolved: source}
+			return wrapError(err, source)
+		}
+		// Update the file permissions to the one set in the archive.
+		if err := fs.Chmod(p, f.Mode()); err != nil {
+			return wrapError(err, source)
 		}
 		return nil
 	})
 	if err != nil {
-		if strings.HasPrefix(err.Error(), "format ") {
+		if IsUnknownArchiveFormatError(err) {
-			return &Error{code: ErrCodeUnknownArchive}
+			return newFilesystemError(ErrCodeUnknownArchive, err)
 		}
 		return err
 	}
 	return nil
 }
+
+// ExtractNameFromArchive looks at an archive file to try and determine the name
+// for a given element in an archive. Because of... who knows why, each file type
+// uses different methods to determine the file name.
+//
+// If there is a archiver.File#Sys() value present we will try to use the name
+// present in there, otherwise falling back to archiver.File#Name() if all else
+// fails. Without this logic present, some archive types such as zip/tars/etc.
+// will write all of the files to the base directory, rather than the nested
+// directory that is expected.
+//
+// For files like ".rar" types, there is no f.Sys() value present, and the value
+// of archiver.File#Name() will be what you need.
+func ExtractNameFromArchive(f archiver.File) string {
+	sys := f.Sys()
+	// Some archive types won't have a value returned when you call f.Sys() on them,
+	// such as ".rar" archives for example. In those cases the only thing you can do
+	// is hope that "f.Name()" is actually correct for them.
+	if sys == nil {
+		return f.Name()
+	}
+	switch s := sys.(type) {
+	case *tar.Header:
+		return s.Name
+	case *gzip.Header:
+		return s.Name
+	case *zip.FileHeader:
+		return s.Name
+	default:
+		return f.Name()
+	}
+}

server/filesystem/compress_test.go

@@ -0,0 +1,55 @@
+package filesystem
+
+import (
+	"io/ioutil"
+	"sync/atomic"
+	"testing"
+
+	. "github.com/franela/goblin"
+)
+
+// Given an archive named test.{ext}, with the following file structure:
+//	test/
+//	|──inside/
+//	|────finside.txt
+//	|──outside.txt
+// this test will ensure that it's being decompressed as expected
+func TestFilesystem_DecompressFile(t *testing.T) {
+	g := Goblin(t)
+	fs, rfs := NewFs()
+
+	g.Describe("Decompress", func() {
+
+		for _, ext := range []string{"zip", "rar", "tar", "tar.gz"} {
+			g.It("can decompress a "+ext, func() {
+				// copy the file to the new FS
+				c, err := ioutil.ReadFile("./testdata/test." + ext)
+				g.Assert(err).IsNil()
+				err = rfs.CreateServerFile("./test."+ext, c)
+				g.Assert(err).IsNil()
+
+				// decompress
+				err = fs.DecompressFile("/", "test."+ext)
+				g.Assert(err).IsNil()
+
+				// make sure everything is where it is supposed to be
+				_, err = rfs.StatServerFile("test/outside.txt")
+				g.Assert(err).IsNil()
+
+				st, err := rfs.StatServerFile("test/inside")
+				g.Assert(err).IsNil()
+				g.Assert(st.IsDir()).IsTrue()
+
+				_, err = rfs.StatServerFile("test/inside/finside.txt")
+				g.Assert(err).IsNil()
+				g.Assert(st.IsDir()).IsTrue()
+			})
+		}
+
+		g.AfterEach(func() {
+			rfs.reset()
+			atomic.StoreInt64(&fs.diskUsed, 0)
+			atomic.StoreInt64(&fs.diskLimit, 0)
+		})
+	})
+}

server/filesystem/disk_space.go

@@ -1,13 +1,14 @@
 package filesystem
 
 import (
-	"emperror.dev/errors"
-	"github.com/apex/log"
-	"github.com/karrick/godirwalk"
 	"sync"
 	"sync/atomic"
 	"syscall"
 	"time"
+
+	"emperror.dev/errors"
+	"github.com/apex/log"
+	"github.com/karrick/godirwalk"
 )
 
 type SpaceCheckingOpts struct {
@@ -48,7 +49,7 @@ func (fs *Filesystem) SetDiskLimit(i int64) {
 // no space, rather than a boolean value.
 func (fs *Filesystem) HasSpaceErr(allowStaleValue bool) error {
 	if !fs.HasSpaceAvailable(allowStaleValue) {
-		return &Error{code: ErrCodeDiskSpace}
+		return newFilesystemError(ErrCodeDiskSpace, nil)
 	}
 	return nil
 }
@@ -200,16 +201,13 @@ func (fs *Filesystem) HasSpaceFor(size int64) error {
 	if fs.MaxDisk() == 0 {
 		return nil
 	}
-
 	s, err := fs.DiskUsage(true)
 	if err != nil {
 		return err
 	}
-
 	if (s + size) > fs.MaxDisk() {
-		return &Error{code: ErrCodeDiskSpace}
+		return newFilesystemError(ErrCodeDiskSpace, nil)
 	}
-
 	return nil
 }
 

server/filesystem/errors.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"strings"
 
 	"emperror.dev/errors"
 	"github.com/apex/log"
@@ -34,6 +35,14 @@ type Error struct {
 	path string
 }
 
+// newFilesystemError returns a new error instance with a stack trace associated.
+func newFilesystemError(code ErrorCode, err error) error {
+	if err != nil {
+		return errors.WithStackDepth(&Error{code: code, err: err}, 1)
+	}
+	return errors.WithStackDepth(&Error{code: code}, 1)
+}
+
 // Code returns the ErrorCode for this specific error instance.
 func (e *Error) Code() ErrorCode {
 	return e.code
@@ -63,13 +72,13 @@ func (e *Error) Error() string {
 	case ErrCodeUnknownError:
 		fallthrough
 	default:
-		return fmt.Sprintf("filesystem: an error occurred: %s", e.Cause())
+		return fmt.Sprintf("filesystem: an error occurred: %s", e.Unwrap())
 	}
 }
 
-// Cause returns the underlying cause of this filesystem error. In some causes
+// Unwrap returns the underlying cause of this filesystem error. In some causes
 // there may not be a cause present, in which case nil will be returned.
-func (e *Error) Cause() error {
+func (e *Error) Unwrap() error {
 	return e.err
 }
 
@@ -113,20 +122,26 @@ func IsErrorCode(err error, code ErrorCode) bool {
 	return false
 }
 
-// NewBadPathResolution returns a new BadPathResolution error.
+// IsUnknownArchiveFormatError checks if the error is due to the archive being
-func NewBadPathResolution(path string, resolved string) *Error {
+// in an unexpected file format.
-	return &Error{code: ErrCodePathResolution, path: path, resolved: resolved}
+func IsUnknownArchiveFormatError(err error) bool {
+	if err != nil && strings.HasPrefix(err.Error(), "format ") {
+		return true
+	}
+	return false
 }
 
-// WrapError wraps the provided error as a Filesystem error and attaches the
+// NewBadPathResolution returns a new BadPathResolution error.
+func NewBadPathResolution(path string, resolved string) error {
+	return errors.WithStackDepth(&Error{code: ErrCodePathResolution, path: path, resolved: resolved}, 1)
+}
+
+// wrapError wraps the provided error as a Filesystem error and attaches the
 // provided resolved source to it. If the error is already a Filesystem error
 // no action is taken.
-func WrapError(err error, resolved string) *Error {
+func wrapError(err error, resolved string) error {
-	if err == nil {
+	if err == nil || IsFilesystemError(err) {
-		return nil
+		return err
 	}
-	if IsFilesystemError(err) {
+	return errors.WithStackDepth(&Error{code: ErrCodeUnknownError, err: err, resolved: resolved}, 1)
-		return err.(*Error)
-	}
-	return &Error{code: ErrCodeUnknownError, err: err, resolved: resolved}
 }

server/filesystem/errors_test.go

@@ -1,13 +1,45 @@
 package filesystem
 
 import (
-	. "github.com/franela/goblin"
+	"io"
 	"testing"
+
+	"emperror.dev/errors"
+	. "github.com/franela/goblin"
 )
 
+type stackTracer interface {
+	StackTrace() errors.StackTrace
+}
+
 func TestFilesystem_PathResolutionError(t *testing.T) {
 	g := Goblin(t)
 
+	g.Describe("NewFilesystemError", func() {
+		g.It("includes a stack trace for the error", func() {
+			err := newFilesystemError(ErrCodeUnknownError, nil)
+
+			_, ok := err.(stackTracer)
+			g.Assert(ok).IsTrue()
+		})
+
+		g.It("properly wraps the underlying error cause", func() {
+			underlying := io.EOF
+			err := newFilesystemError(ErrCodeUnknownError, underlying)
+
+			_, ok := err.(stackTracer)
+			g.Assert(ok).IsTrue()
+
+			_, ok = err.(*Error)
+			g.Assert(ok).IsFalse()
+
+			fserr, ok := errors.Unwrap(err).(*Error)
+			g.Assert(ok).IsTrue()
+			g.Assert(fserr.Unwrap()).IsNotNil()
+			g.Assert(fserr.Unwrap()).Equal(underlying)
+		})
+	})
+
 	g.Describe("NewBadPathResolutionError", func() {
 		g.It("is can detect itself as an error correctly", func() {
 			err := NewBadPathResolution("foo", "bar")
@@ -18,6 +50,7 @@ func TestFilesystem_PathResolutionError(t *testing.T) {
 
 		g.It("returns <empty> if no destination path is provided", func() {
 			err := NewBadPathResolution("foo", "")
+			g.Assert(err).IsNotNil()
 			g.Assert(err.Error()).Equal("filesystem: server path [foo] resolves to a location outside the server root: <empty>")
 		})
 	})

server/filesystem/filesystem.go

@@ -17,9 +17,10 @@ import (
 	"emperror.dev/errors"
 	"github.com/gabriel-vasile/mimetype"
 	"github.com/karrick/godirwalk"
+	ignore "github.com/sabhiram/go-gitignore"
+
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/system"
-	ignore "github.com/sabhiram/go-gitignore"
 )
 
 type Filesystem struct {
@@ -67,7 +68,7 @@ func (fs *Filesystem) File(p string) (*os.File, Stat, error) {
 		return nil, Stat{}, err
 	}
 	if st.IsDir() {
-		return nil, Stat{}, &Error{code: ErrCodeIsDirectory}
+		return nil, Stat{}, newFilesystemError(ErrCodeIsDirectory, nil)
 	}
 	f, err := os.Open(cleaned)
 	if err != nil {
@@ -144,7 +145,7 @@ func (fs *Filesystem) Writefile(p string, r io.Reader) error {
 		return errors.Wrap(err, "server/filesystem: writefile: failed to stat file")
 	} else if err == nil {
 		if stat.IsDir() {
-			return &Error{code: ErrCodeIsDirectory, resolved: cleaned}
+			return errors.WithStack(&Error{code: ErrCodeIsDirectory, resolved: cleaned})
 		}
 		currentSize = stat.Size()
 	}

server/filesystem/filesystem_test.go

@@ -12,6 +12,7 @@ import (
 	"unicode/utf8"
 
 	. "github.com/franela/goblin"
+
 	"github.com/pterodactyl/wings/config"
 )
 
@@ -44,17 +45,21 @@ type rootFs struct {
 	root string
 }
 
-func (rfs *rootFs) CreateServerFile(p string, c string) error {
+func (rfs *rootFs) CreateServerFile(p string, c []byte) error {
 	f, err := os.Create(filepath.Join(rfs.root, "/server", p))
 
 	if err == nil {
-		f.Write([]byte(c))
+		f.Write(c)
 		f.Close()
 	}
 
 	return err
 }
 
+func (rfs *rootFs) CreateServerFileFromString(p string, c string) error {
+	return rfs.CreateServerFile(p, []byte(c))
+}
+
 func (rfs *rootFs) StatServerFile(p string) (os.FileInfo, error) {
 	return os.Stat(filepath.Join(rfs.root, "/server", p))
 }
@@ -79,7 +84,7 @@ func TestFilesystem_Readfile(t *testing.T) {
 		buf := &bytes.Buffer{}
 
 		g.It("opens a file if it exists on the system", func() {
-			err := rfs.CreateServerFile("test.txt", "testing")
+			err := rfs.CreateServerFileFromString("test.txt", "testing")
 			g.Assert(err).IsNil()
 
 			err = fs.Readfile("test.txt", buf)
@@ -103,7 +108,7 @@ func TestFilesystem_Readfile(t *testing.T) {
 		})
 
 		g.It("cannot open a file outside the root directory", func() {
-			err := rfs.CreateServerFile("/../test.txt", "testing")
+			err := rfs.CreateServerFileFromString("/../test.txt", "testing")
 			g.Assert(err).IsNil()
 
 			err = fs.Readfile("/../test.txt", buf)
@@ -281,13 +286,13 @@ func TestFilesystem_Rename(t *testing.T) {
 
 	g.Describe("Rename", func() {
 		g.BeforeEach(func() {
-			if err := rfs.CreateServerFile("source.txt", "text content"); err != nil {
+			if err := rfs.CreateServerFileFromString("source.txt", "text content"); err != nil {
 				panic(err)
 			}
 		})
 
 		g.It("returns an error if the target already exists", func() {
-			err := rfs.CreateServerFile("target.txt", "taget content")
+			err := rfs.CreateServerFileFromString("target.txt", "taget content")
 			g.Assert(err).IsNil()
 
 			err = fs.Rename("source.txt", "target.txt")
@@ -314,7 +319,7 @@ func TestFilesystem_Rename(t *testing.T) {
 		})
 
 		g.It("does not allow renaming from a location outside the root", func() {
-			err := rfs.CreateServerFile("/../ext-source.txt", "taget content")
+			err := rfs.CreateServerFileFromString("/../ext-source.txt", "taget content")
 
 			err = fs.Rename("/../ext-source.txt", "target.txt")
 			g.Assert(err).IsNotNil()
@@ -378,7 +383,7 @@ func TestFilesystem_Copy(t *testing.T) {
 
 	g.Describe("Copy", func() {
 		g.BeforeEach(func() {
-			if err := rfs.CreateServerFile("source.txt", "text content"); err != nil {
+			if err := rfs.CreateServerFileFromString("source.txt", "text content"); err != nil {
 				panic(err)
 			}
 
@@ -392,7 +397,7 @@ func TestFilesystem_Copy(t *testing.T) {
 		})
 
 		g.It("should return an error if the source is outside the root", func() {
-			err := rfs.CreateServerFile("/../ext-source.txt", "text content")
+			err := rfs.CreateServerFileFromString("/../ext-source.txt", "text content")
 
 			err = fs.Copy("../ext-source.txt")
 			g.Assert(err).IsNotNil()
@@ -403,7 +408,7 @@ func TestFilesystem_Copy(t *testing.T) {
 			err := os.MkdirAll(filepath.Join(rfs.root, "/nested/in/dir"), 0755)
 			g.Assert(err).IsNil()
 
-			err = rfs.CreateServerFile("/../nested/in/dir/ext-source.txt", "external content")
+			err = rfs.CreateServerFileFromString("/../nested/in/dir/ext-source.txt", "external content")
 			g.Assert(err).IsNil()
 
 			err = fs.Copy("../nested/in/dir/ext-source.txt")
@@ -464,7 +469,7 @@ func TestFilesystem_Copy(t *testing.T) {
 			err := os.MkdirAll(filepath.Join(rfs.root, "/server/nested/in/dir"), 0755)
 			g.Assert(err).IsNil()
 
-			err = rfs.CreateServerFile("nested/in/dir/source.txt", "test content")
+			err = rfs.CreateServerFileFromString("nested/in/dir/source.txt", "test content")
 			g.Assert(err).IsNil()
 
 			err = fs.Copy("nested/in/dir/source.txt")
@@ -492,7 +497,7 @@ func TestFilesystem_Delete(t *testing.T) {
 
 	g.Describe("Delete", func() {
 		g.BeforeEach(func() {
-			if err := rfs.CreateServerFile("source.txt", "test content"); err != nil {
+			if err := rfs.CreateServerFileFromString("source.txt", "test content"); err != nil {
 				panic(err)
 			}
 
@@ -500,7 +505,7 @@ func TestFilesystem_Delete(t *testing.T) {
 		})
 
 		g.It("does not delete files outside the root directory", func() {
-			err := rfs.CreateServerFile("/../ext-source.txt", "external content")
+			err := rfs.CreateServerFileFromString("/../ext-source.txt", "external content")
 
 			err = fs.Delete("../ext-source.txt")
 			g.Assert(err).IsNotNil()
@@ -544,7 +549,7 @@ func TestFilesystem_Delete(t *testing.T) {
 			g.Assert(err).IsNil()
 
 			for _, s := range sources {
-				err = rfs.CreateServerFile(s, "test content")
+				err = rfs.CreateServerFileFromString(s, "test content")
 				g.Assert(err).IsNil()
 			}
 

server/filesystem/path.go

@@ -20,7 +20,7 @@ func (fs *Filesystem) IsIgnored(paths ...string) error {
 			return err
 		}
 		if fs.denylist.MatchesPath(sp) {
-			return &Error{code: ErrCodeDenylistFile, path: p, resolved: sp}
+			return errors.WithStack(&Error{code: ErrCodeDenylistFile, path: p, resolved: sp})
 		}
 	}
 	return nil

server/filesystem/path_test.go

@@ -2,11 +2,12 @@ package filesystem
 
 import (
 	"bytes"
-	"emperror.dev/errors"
-	. "github.com/franela/goblin"
 	"os"
 	"path/filepath"
 	"testing"
+
+	"emperror.dev/errors"
+	. "github.com/franela/goblin"
 )
 
 func TestFilesystem_Path(t *testing.T) {
@@ -102,7 +103,7 @@ func TestFilesystem_Blocks_Symlinks(t *testing.T) {
 	g := Goblin(t)
 	fs, rfs := NewFs()
 
-	if err := rfs.CreateServerFile("/../malicious.txt", "external content"); err != nil {
+	if err := rfs.CreateServerFileFromString("/../malicious.txt", "external content"); err != nil {
 		panic(err)
 	}
 
@@ -180,7 +181,7 @@ func TestFilesystem_Blocks_Symlinks(t *testing.T) {
 		})
 
 		g.It("cannot rename a file to a location outside the directory root", func() {
-			rfs.CreateServerFile("my_file.txt", "internal content")
+			rfs.CreateServerFileFromString("my_file.txt", "internal content")
 
 			err := fs.Rename("my_file.txt", "external_dir/my_file.txt")
 			g.Assert(err).IsNotNil()

server/install.go

@@ -17,6 +17,7 @@ import (
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/mount"
 	"github.com/docker/docker/client"
+
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/environment"
 	"github.com/pterodactyl/wings/remote"
@@ -88,15 +89,10 @@ func (s *Server) Reinstall() error {
 
 // Internal installation function used to simplify reporting back to the Panel.
 func (s *Server) internalInstall() error {
-	script, err := s.client.GetInstallationScript(s.Context(), s.Id())
+	script, err := s.client.GetInstallationScript(s.Context(), s.ID())
 	if err != nil {
-		if !remote.IsRequestError(err) {
 		return err
 	}
-
-		return errors.New(err.Error())
-	}
-
 	p, err := NewInstallationProcess(s, &script)
 	if err != nil {
 		return err
@@ -161,7 +157,7 @@ func (s *Server) SetRestoring(state bool) {
 
 // Removes the installer container for the server.
 func (ip *InstallationProcess) RemoveContainer() error {
-	err := ip.client.ContainerRemove(ip.context, ip.Server.Id()+"_installer", types.ContainerRemoveOptions{
+	err := ip.client.ContainerRemove(ip.context, ip.Server.ID()+"_installer", types.ContainerRemoveOptions{
 		RemoveVolumes: true,
 		Force:         true,
 	})
@@ -211,7 +207,7 @@ func (ip *InstallationProcess) Run() error {
 
 // Returns the location of the temporary data for the installation process.
 func (ip *InstallationProcess) tempDir() string {
-	return filepath.Join(os.TempDir(), "pterodactyl/", ip.Server.Id())
+	return filepath.Join(os.TempDir(), "pterodactyl/", ip.Server.ID())
 }
 
 // Writes the installation script to a temporary file on the host machine so that it
@@ -334,7 +330,7 @@ func (ip *InstallationProcess) BeforeExecute() error {
 
 // Returns the log path for the installation process.
 func (ip *InstallationProcess) GetLogPath() string {
-	return filepath.Join(config.Get().System.LogDirectory, "/install", ip.Server.Id()+".log")
+	return filepath.Join(config.Get().System.LogDirectory, "/install", ip.Server.ID()+".log")
 }
 
 // Cleans up after the execution of the installation process. This grabs the logs from the
@@ -370,7 +366,7 @@ func (ip *InstallationProcess) AfterExecute(containerId string) error {
 |
 | Details
 | ------------------------------
-  Server UUID:          {{.Server.Id}}
+  Server UUID:          {{.Server.ID}}
   Container Image:      {{.Script.ContainerImage}}
   Container Entrypoint: {{.Script.Entrypoint}}
 
@@ -439,6 +435,7 @@ func (ip *InstallationProcess) Execute() (string, error) {
 				ReadOnly: false,
 			},
 		},
+		Resources: ip.resourceLimits(),
 		Tmpfs: map[string]string{
 			"/tmp": "rw,exec,nosuid,size=" + tmpfsSize + "M",
 		},
@@ -473,7 +470,7 @@ func (ip *InstallationProcess) Execute() (string, error) {
 		}
 	}()
 
-	r, err := ip.client.ContainerCreate(ctx, conf, hostConf, nil, nil, ip.Server.Id()+"_installer")
+	r, err := ip.client.ContainerCreate(ctx, conf, hostConf, nil, nil, ip.Server.ID()+"_installer")
 	if err != nil {
 		return "", err
 	}
@@ -535,19 +532,47 @@ func (ip *InstallationProcess) StreamOutput(ctx context.Context, id string) erro
 	return nil
 }
 
-// Makes a HTTP request to the Panel instance notifying it that the server has
+// resourceLimits returns the install container specific resource limits. This
-// completed the installation process, and what the state of the server is. A boolean
+// looks at the globally defined install container limits and attempts to use
-// value of "true" means everything was successful, "false" means something went
+// the higher of the two (defined limits & server limits). This allows for servers
-// wrong and the server must be deleted and re-created.
+// with super low limits (e.g. Discord bots with 128Mb of memory) to perform more
+// intensive installation processes if needed.
+//
+// This also avoids a server with limits such as 4GB of memory from accidentally
+// consuming 2-5x the defined limits during the install process and causing
+// system instability.
+func (ip *InstallationProcess) resourceLimits() container.Resources {
+	limits := config.Get().Docker.InstallerLimits
+
+	// Create a copy of the configuration so we're not accidentally making changes
+	// to the underlying server build data.
+	c := *ip.Server.Config()
+	cfg := c.Build
+	if cfg.MemoryLimit < limits.Memory {
+		cfg.MemoryLimit = limits.Memory
+	}
+	// Only apply the CPU limit if neither one is currently set to unlimited. If the
+	// installer CPU limit is unlimited don't even waste time with the logic, just
+	// set the config to unlimited for this.
+	if limits.Cpu == 0 {
+		cfg.CpuLimit = 0
+	} else if cfg.CpuLimit != 0 && cfg.CpuLimit < limits.Cpu {
+		cfg.CpuLimit = limits.Cpu
+	}
+
+	resources := cfg.AsContainerResources()
+	// Explicitly remove the PID limits for the installation container. These scripts are
+	// defined at an administrative level and users can't manually execute things like a
+	// fork bomb during this process.
+	resources.PidsLimit = nil
+
+	return resources
+}
+
+// SyncInstallState makes a HTTP request to the Panel instance notifying it that
+// the server has completed the installation process, and what the state of the
+// server is. A boolean value of "true" means everything was successful, "false"
+// means something went wrong and the server must be deleted and re-created.
 func (s *Server) SyncInstallState(successful bool) error {
-	err := s.client.SetInstallationStatus(s.Context(), s.Id(), successful)
+	return s.client.SetInstallationStatus(s.Context(), s.ID(), successful)
-	if err != nil {
-		if !remote.IsRequestError(err) {
-			return err
-		}
-
-		return errors.New(err.Error())
-	}
-
-	return nil
 }

server/listeners.go

@@ -7,6 +7,7 @@ import (
 	"sync"
 
 	"github.com/apex/log"
+
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/environment"
 	"github.com/pterodactyl/wings/events"
@@ -40,7 +41,7 @@ func (dsl *diskSpaceLimiter) Reset() {
 // 15 seconds, and terminate it forcefully if it does not stop.
 //
 // This function is only executed one time, so whenever a server is marked as booting the limiter
-// should be reset so it can properly be triggered as needed.
+// should be reset, so it can properly be triggered as needed.
 func (dsl *diskSpaceLimiter) Trigger() {
 	dsl.o.Do(func() {
 		dsl.server.PublishConsoleOutputFromDaemon("Server is exceeding the assigned disk space limit, stopping process now.")
@@ -50,7 +51,7 @@ func (dsl *diskSpaceLimiter) Trigger() {
 	})
 }
 
-// Adds all of the internal event listeners we want to use for a server. These listeners can only be
+// StartEventListeners adds all the internal event listeners we want to use for a server. These listeners can only be
 // removed by deleting the server as they should last for the duration of the process' lifetime.
 func (s *Server) StartEventListeners() {
 	console := func(e events.Event) {
@@ -106,15 +107,15 @@ func (s *Server) StartEventListeners() {
 	}
 
 	stats := func(e events.Event) {
-		st := new(environment.Stats)
+		var st environment.Stats
-		if err := json.Unmarshal([]byte(e.Data), st); err != nil {
+		if err := json.Unmarshal([]byte(e.Data), &st); err != nil {
 			s.Log().WithField("error", err).Warn("failed to unmarshal server environment stats")
 			return
 		}
 
 		// Update the server resource tracking object with the resources we got here.
 		s.resources.mu.Lock()
-		s.resources.Stats = *st
+		s.resources.Stats = st
 		s.resources.mu.Unlock()
 
 		// If there is no disk space available at this point, trigger the server disk limiter logic

server/manager.go

@@ -15,6 +15,7 @@ import (
 	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/gammazero/workerpool"
+
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/environment"
 	"github.com/pterodactyl/wings/environment/docker"
@@ -28,9 +29,9 @@ type Manager struct {
 	servers []*Server
 }
 
-// NewManager returns a new server manager instance. This will boot up all of
+// NewManager returns a new server manager instance. This will boot up all the
-// the servers that are currently present on the filesystem and set them into
+// servers that are currently present on the filesystem and set them into the
-// the manager.
+// manager.
 func NewManager(ctx context.Context, client remote.Client) (*Manager, error) {
 	m := NewEmptyManager(client)
 	if err := m.init(ctx); err != nil {
@@ -52,7 +53,7 @@ func (m *Manager) Client() remote.Client {
 	return m.client
 }
 
-// Put replaces all of the current values in the collection with the value that
+// Put replaces all the current values in the collection with the value that
 // is passed through.
 func (m *Manager) Put(s []*Server) {
 	m.mu.Lock()
@@ -60,7 +61,7 @@ func (m *Manager) Put(s []*Server) {
 	m.mu.Unlock()
 }
 
-// All returns all of the items in the collection.
+// All returns all the items in the collection.
 func (m *Manager) All() []*Server {
 	m.mu.RLock()
 	defer m.mu.RUnlock()
@@ -78,7 +79,7 @@ func (m *Manager) Add(s *Server) {
 // found in the global collection or not.
 func (m *Manager) Get(uuid string) (*Server, bool) {
 	match := m.Find(func(server *Server) bool {
-		return server.Id() == uuid
+		return server.ID() == uuid
 	})
 	return match, match != nil
 }
@@ -130,7 +131,7 @@ func (m *Manager) Remove(filter func(match *Server) bool) {
 func (m *Manager) PersistStates() error {
 	states := map[string]string{}
 	for _, s := range m.All() {
-		states[s.Id()] = s.Environment.State()
+		states[s.ID()] = s.Environment.State()
 	}
 	data, err := json.Marshal(states)
 	if err != nil {
@@ -175,11 +176,11 @@ func (m *Manager) InitServer(data remote.ServerConfigurationResponse) (*Server,
 		return nil, err
 	}
 
-	s.fs = filesystem.New(filepath.Join(config.Get().System.Data, s.Id()), s.DiskSpace(), s.Config().Egg.FileDenylist)
+	s.fs = filesystem.New(filepath.Join(config.Get().System.Data, s.ID()), s.DiskSpace(), s.Config().Egg.FileDenylist)
 
 	// Right now we only support a Docker based environment, so I'm going to hard code
 	// this logic in. When we're ready to support other environment we'll need to make
-	// some modifications here obviously.
+	// some modifications here, obviously.
 	settings := environment.Settings{
 		Mounts:      s.Mounts(),
 		Allocations: s.cfg.Allocations,
@@ -191,7 +192,7 @@ func (m *Manager) InitServer(data remote.ServerConfigurationResponse) (*Server,
 		Image: s.Config().Container.Image,
 	}
 
-	if env, err := docker.New(s.Id(), &meta, envCfg); err != nil {
+	if env, err := docker.New(s.ID(), &meta, envCfg); err != nil {
 		return nil, err
 	} else {
 		s.Environment = env
@@ -212,7 +213,7 @@ func (m *Manager) InitServer(data remote.ServerConfigurationResponse) (*Server,
 	return s, nil
 }
 
-// initializeFromRemoteSource iterates over a given directory and loads all of
+// initializeFromRemoteSource iterates over a given directory and loads all
 // the servers listed before returning them to the calling function.
 func (m *Manager) init(ctx context.Context) error {
 	log.Info("fetching list of servers from API")
@@ -252,7 +253,7 @@ func (m *Manager) init(ctx context.Context) error {
 		})
 	}
 
-	// Wait until we've processed all of the configuration files in the directory
+	// Wait until we've processed all the configuration files in the directory
 	// before continuing.
 	pool.StopWait()
 

server/mounts.go

@@ -5,6 +5,7 @@ import (
 	"strings"
 
 	"github.com/apex/log"
+
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/environment"
 )

server/power.go

@@ -6,9 +6,10 @@ import (
 	"time"
 
 	"emperror.dev/errors"
+	"golang.org/x/sync/semaphore"
+
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/environment"
-	"golang.org/x/sync/semaphore"
 )
 
 type PowerAction string
@@ -18,7 +19,7 @@ type PowerAction string
 // example, sending two "start" actions back to back will not process the second action until
 // the first action has been completed.
 //
-// This utilizes a workerpool with a limit of one worker so that all of the actions execute
+// This utilizes a workerpool with a limit of one worker so that all the actions execute
 // in a sync manner.
 const (
 	PowerActionStart     = "start"
@@ -27,7 +28,7 @@ const (
 	PowerActionTerminate = "kill"
 )
 
-// Checks if the power action being received is valid.
+// IsValid checks if the power action being received is valid.
 func (pa PowerAction) IsValid() bool {
 	return pa == PowerActionStart ||
 		pa == PowerActionStop ||
@@ -39,7 +40,7 @@ func (pa PowerAction) IsStart() bool {
 	return pa == PowerActionStart || pa == PowerActionRestart
 }
 
-// Check if there is currently a power action being processed for the server.
+// ExecutingPowerAction checks if there is currently a power action being processed for the server.
 func (s *Server) ExecutingPowerAction() bool {
 	if s.powerLock == nil {
 		return false
@@ -54,9 +55,9 @@ func (s *Server) ExecutingPowerAction() bool {
 	return !ok
 }
 
-// Helper function that can receive a power action and then process the actions that need
+// HandlePowerAction is a helper function that can receive a power action and then process the
-// to occur for it. This guards against someone calling Start() twice at the same time, or
+// actions that need to occur for it. This guards against someone calling Start() twice at the
-// trying to restart while another restart process is currently running.
+// same time, or trying to restart while another restart process is currently running.
 //
 // However, the code design for the daemon does depend on the user correctly calling this
 // function rather than making direct calls to the start/stop/restart functions on the
@@ -107,7 +108,7 @@ func (s *Server) HandlePowerAction(action PowerAction, waitSeconds ...int) error
 		// Release the lock once the process being requested has finished executing.
 		defer s.powerLock.Release(1)
 	} else {
-		// Still try to acquire the lock if terminating and it is available, just so that other power
+		// Still try to acquire the lock if terminating, and it is available, just so that other power
 		// actions are blocked until it has completed. However, if it is unavailable we won't stop
 		// the entire process.
 		if ok := s.powerLock.TryAcquire(1); ok {
@@ -190,14 +191,14 @@ func (s *Server) onBeforeStart() error {
 	// Update the configuration files defined for the server before beginning the boot process.
 	// This process executes a bunch of parallel updates, so we just block until that process
 	// is complete. Any errors as a result of this will just be bubbled out in the logger,
-	// we don't need to actively do anything about it at this point, worst comes to worst the
+	// we don't need to actively do anything about it at this point, worse comes to worst the
 	// server starts in a weird state and the user can manually adjust.
 	s.PublishConsoleOutputFromDaemon("Updating process configuration files...")
 	s.UpdateConfigurationFiles()
 
 	if config.Get().System.CheckPermissionsOnBoot {
 		s.PublishConsoleOutputFromDaemon("Ensuring file permissions are set correctly, this could take a few seconds...")
-		// Ensure all of the server file permissions are set correctly before booting the process.
+		// Ensure all the server file permissions are set correctly before booting the process.
 		if err := s.Filesystem().Chown("/"); err != nil {
 			return errors.WithMessage(err, "failed to chown root server directory during pre-boot process")
 		}

server/resources.go

@@ -8,7 +8,7 @@ import (
 	"github.com/pterodactyl/wings/system"
 )
 
-// Defines the current resource usage for a given server instance. If a server is offline you
+// ResourceUsage defines the current resource usage for a given server instance. If a server is offline you
 // should obviously expect memory and CPU usage to be 0. However, disk will always be returned
 // since that is not dependent on the server being running to collect that data.
 type ResourceUsage struct {
@@ -26,7 +26,7 @@ type ResourceUsage struct {
 	Disk int64 `json:"disk_bytes"`
 }
 
-// Returns the current resource usage stats for the server instance. This returns
+// Proc returns the current resource usage stats for the server instance. This returns
 // a copy of the tracked resources, so making any changes to the response will not
 // have the desired outcome for you most likely.
 func (s *Server) Proc() ResourceUsage {
@@ -38,11 +38,12 @@ func (s *Server) Proc() ResourceUsage {
 	return s.resources
 }
 
-// Resets the usages values to zero, used when a server is stopped to ensure we don't hold
+// Reset resets the usages values to zero, used when a server is stopped to ensure we don't hold
 // onto any values incorrectly.
 func (ru *ResourceUsage) Reset() {
 	ru.mu.Lock()
 	defer ru.mu.Unlock()
+
 	ru.Memory = 0
 	ru.CpuAbsolute = 0
 	ru.Network.TxBytes = 0

server/server.go

@@ -3,6 +3,7 @@ package server
 import (
 	"context"
 	"fmt"
+	"net/http"
 	"os"
 	"strings"
 	"sync"
@@ -10,6 +11,8 @@ import (
 	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/creasty/defaults"
+	"golang.org/x/sync/semaphore"
+
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/environment"
 	"github.com/pterodactyl/wings/environment/docker"
@@ -17,7 +20,6 @@ import (
 	"github.com/pterodactyl/wings/remote"
 	"github.com/pterodactyl/wings/server/filesystem"
 	"github.com/pterodactyl/wings/system"
-	"golang.org/x/sync/semaphore"
 )
 
 // Server is the high level definition for a server instance being controlled
@@ -92,11 +94,19 @@ func New(client remote.Client) (*Server, error) {
 	return &s, nil
 }
 
-// Id returns the UUID for the server instance.
+// ID returns the UUID for the server instance.
-func (s *Server) Id() string {
+func (s *Server) ID() string {
 	return s.Config().GetUuid()
 }
 
+// Id returns the UUID for the server instance. This function is deprecated
+// in favor of Server.ID().
+//
+// Deprecated
+func (s *Server) Id() string {
+	return s.ID()
+}
+
 // Cancels the context assigned to this server instance. Assuming background tasks
 // are using this server's context for things, all of the background tasks will be
 // stopped as a result.
@@ -128,7 +138,7 @@ eloop:
 	for k := range s.Config().EnvVars {
 		// Don't allow any environment variables that we have already set above.
 		for _, e := range out {
-			if strings.HasPrefix(e, strings.ToUpper(k)) {
+			if strings.HasPrefix(e, strings.ToUpper(k)+"=") {
 				continue eloop
 			}
 		}
@@ -140,29 +150,23 @@ eloop:
 }
 
 func (s *Server) Log() *log.Entry {
-	return log.WithField("server", s.Id())
+	return log.WithField("server", s.ID())
 }
 
-// Syncs the state of the server on the Panel with Wings. This ensures that we're always
+// Sync syncs the state of the server on the Panel with Wings. This ensures that
-// using the state of the server from the Panel and allows us to not require successful
+// we're always using the state of the server from the Panel and allows us to
-// API calls to Wings to do things.
+// not require successful API calls to Wings to do things.
 //
-// This also means mass actions can be performed against servers on the Panel and they
+// This also means mass actions can be performed against servers on the Panel
-// will automatically sync with Wings when the server is started.
+// and they will automatically sync with Wings when the server is started.
 func (s *Server) Sync() error {
-	cfg, err := s.client.GetServerConfiguration(s.Context(), s.Id())
+	cfg, err := s.client.GetServerConfiguration(s.Context(), s.ID())
 	if err != nil {
-		if !remote.IsRequestError(err) {
+		if err := remote.AsRequestError(err); err != nil && err.StatusCode() == http.StatusNotFound {
-			return err
-		}
-
-		if err.(*remote.RequestError).Status == "404" {
 			return &serverDoesNotExist{}
 		}
-
+		return errors.WithStackIf(err)
-		return errors.New(err.Error())
 	}
-
 	return s.SyncWithConfiguration(cfg)
 }
 
@@ -251,7 +255,7 @@ func (s *Server) EnsureDataDirectoryExists() error {
 	return nil
 }
 
-// Sets the state of the server internally. This function handles crash detection as
+// OnStateChange sets the state of the server internally. This function handles crash detection as
 // well as reporting to event listeners for the server.
 func (s *Server) OnStateChange() {
 	prevState := s.resources.State.Load()
@@ -266,7 +270,7 @@ func (s *Server) OnStateChange() {
 		s.Events().Publish(StatusEvent, st)
 	}
 
-	// Reset the resource usage to 0 when the process fully stops so that all of the UI
+	// Reset the resource usage to 0 when the process fully stops so that all the UI
 	// views in the Panel correctly display 0.
 	if st == environment.ProcessOfflineState {
 		s.resources.Reset()
@@ -298,10 +302,31 @@ func (s *Server) OnStateChange() {
 }
 
 // IsRunning determines if the server state is running or not. This is different
-// than the environment state, it is simply the tracked state from this daemon
+// from the environment state, it is simply the tracked state from this daemon
 // instance, and not the response from Docker.
 func (s *Server) IsRunning() bool {
 	st := s.Environment.State()
 
 	return st == environment.ProcessRunningState || st == environment.ProcessStartingState
 }
+
+// APIResponse is a type returned when requesting details about a single server
+// instance on Wings. This includes the information needed by the Panel in order
+// to show resource utilization and the current state on this system.
+type APIResponse struct {
+	State         string        `json:"state"`
+	IsSuspended   bool          `json:"is_suspended"`
+	Utilization   ResourceUsage `json:"utilization"`
+	Configuration Configuration `json:"configuration"`
+}
+
+// ToAPIResponse returns the server struct as an API object that can be consumed
+// by callers.
+func (s *Server) ToAPIResponse() APIResponse {
+	return APIResponse{
+		State:         s.Environment.State(),
+		IsSuspended:   s.IsSuspended(),
+		Utilization:   s.Proc(),
+		Configuration: *s.Config(),
+	}
+}

server/update.go

@@ -6,6 +6,7 @@ import (
 	"emperror.dev/errors"
 	"github.com/buger/jsonparser"
 	"github.com/imdario/mergo"
+
 	"github.com/pterodactyl/wings/environment"
 )
 
@@ -25,7 +26,7 @@ func (s *Server) UpdateDataStructure(data []byte) error {
 	// Don't allow obviously corrupted data to pass through into this function. If the UUID
 	// doesn't match something has gone wrong and the API is attempting to meld this server
 	// instance into a totally different one, which would be bad.
-	if src.Uuid != "" && s.Id() != "" && src.Uuid != s.Id() {
+	if src.Uuid != "" && s.ID() != "" && src.Uuid != s.ID() {
 		return errors.New("server/update: attempting to merge a data stack with an invalid UUID")
 	}
 

server/websockets.go

@@ -12,7 +12,7 @@ type WebsocketBag struct {
 	conns map[uuid.UUID]*context.CancelFunc
 }
 
-// Returns the websocket bag which contains all of the currently open websocket connections
+// Websockets returns the websocket bag which contains all the currently open websocket connections
 // for the server instance.
 func (s *Server) Websockets() *WebsocketBag {
 	s.wsBagLocker.Lock()
@@ -25,7 +25,7 @@ func (s *Server) Websockets() *WebsocketBag {
 	return s.wsBag
 }
 
-// Adds a new websocket connection to the stack.
+// Push adds a new websocket connection to the end of the stack.
 func (w *WebsocketBag) Push(u uuid.UUID, cancel *context.CancelFunc) {
 	w.mu.Lock()
 	defer w.mu.Unlock()
@@ -37,14 +37,14 @@ func (w *WebsocketBag) Push(u uuid.UUID, cancel *context.CancelFunc) {
 	w.conns[u] = cancel
 }
 
-// Removes a connection from the stack.
+// Remove removes a connection from the stack.
 func (w *WebsocketBag) Remove(u uuid.UUID) {
 	w.mu.Lock()
 	delete(w.conns, u)
 	w.mu.Unlock()
 }
 
-// Cancels all of the stored cancel functions which has the effect of disconnecting
+// CancelAll cancels all the stored cancel functions which has the effect of disconnecting
 // every listening websocket for the server.
 func (w *WebsocketBag) CancelAll() {
 	w.mu.Lock()

sftp/handler.go

@@ -11,9 +11,10 @@ import (
 	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/pkg/sftp"
+	"golang.org/x/crypto/ssh"
+
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/server/filesystem"
-	"golang.org/x/crypto/ssh"
 )
 
 const (

sftp/server.go

@@ -18,10 +18,11 @@ import (
 	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/pkg/sftp"
+	"golang.org/x/crypto/ssh"
+
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/remote"
 	"github.com/pterodactyl/wings/server"
-	"golang.org/x/crypto/ssh"
 )
 
 // Usernames all follow the same format, so don't even bother hitting the API if the username is not
@@ -132,7 +133,7 @@ func (c *SFTPServer) AcceptInbound(conn net.Conn, config *ssh.ServerConfig) {
 			if uuid == "" {
 				return false
 			}
-			return s.Id() == uuid
+			return s.ID() == uuid
 		})
 		if srv == nil {
 			continue

system/utils.go

@@ -1,23 +1,18 @@
 package system
 
 import (
-	"archive/tar"
-	"archive/zip"
 	"bufio"
 	"bytes"
-	"compress/gzip"
 	"context"
 	"encoding/json"
 	"fmt"
 	"io"
-	"reflect"
 	"strconv"
 	"strings"
 	"sync"
 	"time"
 
 	"emperror.dev/errors"
-	"github.com/mholt/archiver/v3"
 )
 
 var cr = []byte(" \r")
@@ -41,22 +36,6 @@ func MustInt(v string) int {
 	return i
 }
 
-// ExtractArchiveSourceName looks for the provided archiver.File's name if it is
-// a type that is supported, otherwise it returns an error to the caller.
-func ExtractArchiveSourceName(f archiver.File, dir string) (name string, err error) {
-	switch s := f.Sys().(type) {
-	case *tar.Header:
-		name = s.Name
-	case *gzip.Header:
-		name = s.Name
-	case *zip.FileHeader:
-		name = s.Name
-	default:
-		err = errors.New(fmt.Sprintf("could not parse underlying data source with type: %s", reflect.TypeOf(s).String()))
-	}
-	return name, err
-}
-
 func ScanReader(r io.Reader, callback func(line string)) error {
 	br := bufio.NewReader(r)
 	// Avoid constantly re-allocating memory when we're flooding lines through this