docker: add debug logs around Start and Attach

* First pass at re-implementing the Docker inspect call to use more efficient json parser

* Improve logic

.github/workflows/build-test.yml

@@ -32,17 +32,20 @@ jobs:
           go env
           printf "\n\nSystem Environment:\n\n"
           env
-
+          printf "Git Version: $(git version)\n\n"
           echo "::set-output name=version_tag::${GITHUB_REF/refs\/tags\//}"
           echo "::set-output name=short_sha::$(git rev-parse --short HEAD)"
           echo "::set-output name=go_cache::$(go env GOCACHE)"
+          echo "::set-output name=go_mod_cache::$(go env GOMODCACHE)"
       - name: Build Cache
         uses: actions/cache@v2
         with:
-          path: ${{ steps.env.outputs.go_cache }}
-          key: ${{ runner.os }}-${{ matrix.go }}-go-${{ hashFiles('**/go.sum') }}
+          key: ${{ runner.os }}-go${{ matrix.go }}-${{ hashFiles('**/go.sum') }}
           restore-keys: |
-            ${{ runner.os }}-${{ matrix.go }}-go
+            ${{ runner.os }}-go${{ matrix.go }}-
+          path: |
+            ${{ steps.env.outputs.go_cache }}
+            ${{ steps.env.outputs.go_mod_cache }}
       - name: Get Dependencies
         run: |
           go get -v -t -d ./...
@@ -56,8 +59,10 @@ jobs:
           go build -v -trimpath -ldflags="-s -w -X ${SRC_PATH}/system.Version=dev-${GIT_COMMIT:0:7}" -o build/wings_${{ matrix.goos }}_${{ matrix.goarch }} wings.go
           upx build/wings_${{ matrix.goos }}_${{ matrix.goarch }}
           chmod +x build/wings_${{ matrix.goos }}_${{ matrix.goarch }}
-      - name: Test
+      - name: Tests
         run: go test ./...
+      - name: Tests (Race)
+        run: go test -race ./...
       - name: Upload Artifact
         uses: actions/upload-artifact@v2
         if: ${{ github.ref == 'refs/heads/develop' || github.event_name == 'pull_request' }}

.github/workflows/docker.yml

@@ -34,7 +34,7 @@ jobs:
       - name: Get Build Information
         id: build_info
         run: |
-          echo "::set-output name=version_tag::${GITHUB_REF/refs\/tags\//}"
+          echo "::set-output name=version_tag::${GITHUB_REF/refs\/tags\/v/}"
           echo "::set-output name=short_sha::$(git rev-parse --short HEAD)"
       - name: Release Production Build
         uses: docker/build-push-action@v2

.github/workflows/release.yml

@@ -45,7 +45,7 @@ jobs:
           git config --local user.name "Pterodactyl CI"
           git checkout -b $BRANCH
           git push -u origin $BRANCH
-          sed -i "s/	Version = \".*\"/	Version = \"${REF:11}\"/" system/const.go
+          sed -i "s/var Version = \".*\"/var Version = \"${REF:11}\"/" system/const.go
           git add system/const.go
           git commit -m "bump version for release"
           git push

CHANGELOG.md

@@ -1,5 +1,33 @@
 # Changelog
 
+## v1.5.6
+### Fixed
+* Rewrote handler logic for the power actions lock to hopefully address issues people have been having when a server crashes and they're unable to start it again until restarting Wings.
+* Fixes files uploaded with SFTP not being owned by the Pterodactyl user.
+* Fixes excessive memory usage when large lines are sent through the console event handler.
+
+### Changed
+* Replaced usage of `encoding/json` throughout the codebase with a more performant encoder (`goccy/go-json`) to hopefully improve overall performance for JSON operations.
+* Added custom `ContainerInspect` function to handle direct calls to Docker's CLI and make use of the new JSON encoder logic. This should reduce the total number of memory allocations and be more performant overall in a hot pathway.
+
+## v1.5.5
+### Fixed
+* Fixes sending to a closed channel when sending server logs over the websocket
+* Fixes `wings diagnostics` uploading no content
+* Fixes a panic caused by the event bus closing channels multiple times when a server is deleted
+
+## v1.5.4
+### Fixed
+* Fixes SSL paths being improperly converted to lowercase in environments where the path is case-sensitive.
+* Fixes a memory leak due to the implemention of server event processing.
+
+### Changed
+* Selecting to redact information now redacts URLs from the log output when running the diagnostic command.
+
+### Added
+* Adds support for modifying the default memory overhead percentages in environments where the shipped values are not adequate.
+* Adds support for sending the `Access-Control-Request-Private-Network` header in environments where Wings will be accessed over a private network. This is defaulted to `off`.
+
 ## v1.5.3
 ### Fixed
 * Fixes improper event registration and error handling during socket authentication that would cause the incorrect error message to be returned to the client, or no error in some scenarios. Event registration is now delayed until the socket is fully authenticated to ensure needless listeners are not registed.

cmd/configure.go

@@ -2,9 +2,8 @@ package cmd
 
 import (
 	"crypto/tls"
-	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"os"
@@ -14,21 +13,20 @@ import (
 
 	"github.com/AlecAivazis/survey/v2"
 	"github.com/AlecAivazis/survey/v2/terminal"
+	"github.com/goccy/go-json"
 	"github.com/spf13/cobra"
 
 	"github.com/pterodactyl/wings/config"
 )
 
-var (
-	configureArgs struct {
-		PanelURL      string
-		Token         string
-		ConfigPath    string
-		Node          string
-		Override      bool
-		AllowInsecure bool
-	}
-)
+var configureArgs struct {
+	PanelURL      string
+	Token         string
+	ConfigPath    string
+	Node          string
+	Override      bool
+	AllowInsecure bool
+}
 
 var nodeIdRegex = regexp.MustCompile(`^(\d+)$`)
 
@@ -140,13 +138,13 @@ func configureCmdRun(cmd *cobra.Command, args []string) {
 		fmt.Println("The authentication credentials provided were not valid.")
 		os.Exit(1)
 	} else if res.StatusCode != http.StatusOK {
-		b, _ := ioutil.ReadAll(res.Body)
+		b, _ := io.ReadAll(res.Body)
 
 		fmt.Println("An error occurred while processing this request.\n", string(b))
 		os.Exit(1)
 	}
 
-	b, err := ioutil.ReadAll(res.Body)
+	b, err := io.ReadAll(res.Body)
 
 	cfg, err := config.NewAtPath(configPath)
 	if err != nil {

cmd/diagnostics.go

@@ -2,11 +2,9 @@ package cmd
 
 import (
 	"context"
-	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"net/url"
 	"os/exec"
@@ -21,6 +19,7 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/pkg/parsers/kernel"
 	"github.com/docker/docker/pkg/parsers/operatingsystem"
+	"github.com/goccy/go-json"
 	"github.com/spf13/cobra"
 
 	"github.com/pterodactyl/wings/config"
@@ -29,19 +28,19 @@ import (
 	"github.com/pterodactyl/wings/system"
 )
 
-const DefaultHastebinUrl = "https://ptero.co"
-const DefaultLogLines = 200
-
-var (
-	diagnosticsArgs struct {
-		IncludeEndpoints   bool
-		IncludeLogs        bool
-		ReviewBeforeUpload bool
-		HastebinURL        string
-		LogLines           int
-	}
+const (
+	DefaultHastebinUrl = "https://ptero.co"
+	DefaultLogLines    = 200
 )
 
+var diagnosticsArgs struct {
+	IncludeEndpoints   bool
+	IncludeLogs        bool
+	ReviewBeforeUpload bool
+	HastebinURL        string
+	LogLines           int
+}
+
 func newDiagnosticsCommand() *cobra.Command {
 	command := &cobra.Command{
 		Use:   "diagnostics",
@@ -79,7 +78,7 @@ func diagnosticsCmdRun(cmd *cobra.Command, args []string) {
 		{
 			Name: "ReviewBeforeUpload",
 			Prompt: &survey.Confirm{
-				Message: "Do you want to review the collected data before uploading to hastebin.com?",
+				Message: "Do you want to review the collected data before uploading to " + diagnosticsArgs.HastebinURL + "?",
 				Help:    "The data, especially the logs, might contain sensitive information, so you should review it. You will be asked again if you want to upload.",
 				Default: true,
 			},
@@ -97,41 +96,40 @@ func diagnosticsCmdRun(cmd *cobra.Command, args []string) {
 	output := &strings.Builder{}
 	fmt.Fprintln(output, "Pterodactyl Wings - Diagnostics Report")
 	printHeader(output, "Versions")
-	fmt.Fprintln(output, "         wings:", system.Version)
+	fmt.Fprintln(output, "               Wings:", system.Version)
 	if dockerErr == nil {
-		fmt.Fprintln(output, "Docker:", dockerVersion.Version)
+		fmt.Fprintln(output, "              Docker:", dockerVersion.Version)
 	}
 	if v, err := kernel.GetKernelVersion(); err == nil {
-		fmt.Fprintln(output, "Kernel:", v)
+		fmt.Fprintln(output, "              Kernel:", v)
 	}
 	if os, err := operatingsystem.GetOperatingSystem(); err == nil {
-		fmt.Fprintln(output, "    OS:", os)
+		fmt.Fprintln(output, "                  OS:", os)
 	}
 
 	printHeader(output, "Wings Configuration")
 	if err := config.FromFile(config.DefaultLocation); err != nil {
-
 	}
 	cfg := config.Get()
-	fmt.Fprintln(output, "    Panel Location:", redact(cfg.PanelLocation))
+	fmt.Fprintln(output, "      Panel Location:", redact(cfg.PanelLocation))
 	fmt.Fprintln(output, "")
-	fmt.Fprintln(output, " Internal Webserver:", redact(cfg.Api.Host), ":", cfg.Api.Port)
-	fmt.Fprintln(output, "        SSL Enabled:", cfg.Api.Ssl.Enabled)
-	fmt.Fprintln(output, "    SSL Certificate:", redact(cfg.Api.Ssl.CertificateFile))
-	fmt.Fprintln(output, "            SSL Key:", redact(cfg.Api.Ssl.KeyFile))
+	fmt.Fprintln(output, "  Internal Webserver:", redact(cfg.Api.Host), ":", cfg.Api.Port)
+	fmt.Fprintln(output, "         SSL Enabled:", cfg.Api.Ssl.Enabled)
+	fmt.Fprintln(output, "     SSL Certificate:", redact(cfg.Api.Ssl.CertificateFile))
+	fmt.Fprintln(output, "             SSL Key:", redact(cfg.Api.Ssl.KeyFile))
 	fmt.Fprintln(output, "")
-	fmt.Fprintln(output, "        SFTP Server:", redact(cfg.System.Sftp.Address), ":", cfg.System.Sftp.Port)
-	fmt.Fprintln(output, "     SFTP Read-Only:", cfg.System.Sftp.ReadOnly)
+	fmt.Fprintln(output, "         SFTP Server:", redact(cfg.System.Sftp.Address), ":", cfg.System.Sftp.Port)
+	fmt.Fprintln(output, "      SFTP Read-Only:", cfg.System.Sftp.ReadOnly)
 	fmt.Fprintln(output, "")
-	fmt.Fprintln(output, "     Root Directory:", cfg.System.RootDirectory)
-	fmt.Fprintln(output, "     Logs Directory:", cfg.System.LogDirectory)
-	fmt.Fprintln(output, "     Data Directory:", cfg.System.Data)
-	fmt.Fprintln(output, "  Archive Directory:", cfg.System.ArchiveDirectory)
-	fmt.Fprintln(output, "   Backup Directory:", cfg.System.BackupDirectory)
+	fmt.Fprintln(output, "      Root Directory:", cfg.System.RootDirectory)
+	fmt.Fprintln(output, "      Logs Directory:", cfg.System.LogDirectory)
+	fmt.Fprintln(output, "      Data Directory:", cfg.System.Data)
+	fmt.Fprintln(output, "   Archive Directory:", cfg.System.ArchiveDirectory)
+	fmt.Fprintln(output, "    Backup Directory:", cfg.System.BackupDirectory)
 	fmt.Fprintln(output, "")
-	fmt.Fprintln(output, "           Username:", cfg.System.Username)
-	fmt.Fprintln(output, "        Server Time:", time.Now().Format(time.RFC1123Z))
-	fmt.Fprintln(output, "         Debug Mode:", cfg.Debug)
+	fmt.Fprintln(output, "            Username:", cfg.System.Username)
+	fmt.Fprintln(output, "         Server Time:", time.Now().Format(time.RFC1123Z))
+	fmt.Fprintln(output, "          Debug Mode:", cfg.Debug)
 
 	printHeader(output, "Docker: Info")
 	if dockerErr == nil {
@@ -181,6 +179,17 @@ func diagnosticsCmdRun(cmd *cobra.Command, args []string) {
 		fmt.Fprintln(output, "Logs redacted.")
 	}
 
+	if !diagnosticsArgs.IncludeEndpoints {
+		s := output.String()
+		output.Reset()
+		s = strings.ReplaceAll(s, cfg.PanelLocation, "{redacted}")
+		s = strings.ReplaceAll(s, cfg.Api.Host, "{redacted}")
+		s = strings.ReplaceAll(s, cfg.Api.Ssl.CertificateFile, "{redacted}")
+		s = strings.ReplaceAll(s, cfg.Api.Ssl.KeyFile, "{redacted}")
+		s = strings.ReplaceAll(s, cfg.System.Sftp.Address, "{redacted}")
+		output.WriteString(s)
+	}
+
 	fmt.Println("\n---------------  generated report  ---------------")
 	fmt.Println(output.String())
 	fmt.Print("---------------   end of report    ---------------\n\n")
@@ -226,7 +235,7 @@ func uploadToHastebin(hbUrl, content string) (string, error) {
 		return "", err
 	}
 	pres := make(map[string]interface{})
-	body, err := ioutil.ReadAll(res.Body)
+	body, err := io.ReadAll(res.Body)
 	if err != nil {
 		fmt.Println("Failed to parse response.", err)
 		return "", err

cmd/root.go

@@ -355,7 +355,7 @@ func rootCmdRun(cmd *cobra.Command, _ []string) {
 	// Check if main http server should run with TLS. Otherwise reset the TLS
 	// config on the server and then serve it over normal HTTP.
 	if api.Ssl.Enabled {
-		if err := s.ListenAndServeTLS(strings.ToLower(api.Ssl.CertificateFile), strings.ToLower(api.Ssl.KeyFile)); err != nil {
+		if err := s.ListenAndServeTLS(api.Ssl.CertificateFile, api.Ssl.KeyFile); err != nil {
 			log.WithFields(log.Fields{"auto_tls": false, "error": err}).Fatal("failed to configure HTTPS server")
 		}
 		return

config/config.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"crypto/tls"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"os/user"
@@ -287,6 +286,12 @@ type Configuration struct {
 	// The Panel URL is automatically allowed, this is only needed for adding
 	// additional origins.
 	AllowedOrigins []string `json:"allowed_origins" yaml:"allowed_origins"`
+
+	// AllowCORSPrivateNetwork sets the `Access-Control-Request-Private-Network` header which
+	// allows client browsers to make requests to internal IP addresses over HTTP.  This setting
+	// is only required by users running Wings without SSL certificates and using internal IP
+	// addresses in order to connect. Most users should NOT enable this setting.
+	AllowCORSPrivateNetwork bool `json:"allow_cors_private_network" yaml:"allow_cors_private_network"`
 }
 
 // NewAtPath creates a new struct and set the path where it should be stored.
@@ -380,7 +385,7 @@ func WriteToDisk(c *Configuration) error {
 	if err != nil {
 		return err
 	}
-	if err := ioutil.WriteFile(c.path, b, 0o600); err != nil {
+	if err := os.WriteFile(c.path, b, 0o600); err != nil {
 		return err
 	}
 	return nil
@@ -448,7 +453,7 @@ func EnsurePterodactylUser() error {
 // FromFile reads the configuration from the provided file and stores it in the
 // global singleton for this instance.
 func FromFile(path string) error {
-	b, err := ioutil.ReadFile(path)
+	b, err := os.ReadFile(path)
 	if err != nil {
 		return err
 	}
@@ -456,31 +461,17 @@ func FromFile(path string) error {
 	if err != nil {
 		return err
 	}
-	// Replace environment variables within the configuration file with their
-	// values from the host system. This function works almost identically to
-	// the default os.ExpandEnv function, except it supports escaping dollar
-	// signs in the text if you pass "$$" through.
-	//
-	// "some$$foo" -> "some$foo"
-	// "some$foo" -> "some" (or "someVALUE_OF_FOO" if FOO is defined in env)
-	//
-	// @see https://github.com/pterodactyl/panel/issues/3692
-	exp := os.Expand(string(b), func(s string) string {
-		if s == "$" {
-			return s
-		}
-		return os.Getenv(s)
-	})
 
-	if err := yaml.Unmarshal([]byte(exp), c); err != nil {
+	if err := yaml.Unmarshal(b, c); err != nil {
 		return err
 	}
+
 	// Store this configuration in the global state.
 	Set(c)
 	return nil
 }
 
-// ConfigureDirectories ensures that all of the system directories exist on the
+// ConfigureDirectories ensures that all the system directories exist on the
 // system. These directories are created so that only the owner can read the data,
 // and no other users.
 //
@@ -592,7 +583,7 @@ func ConfigureTimezone() error {
 		_config.System.Timezone = tz
 	}
 	if _config.System.Timezone == "" {
-		b, err := ioutil.ReadFile("/etc/timezone")
+		b, err := os.ReadFile("/etc/timezone")
 		if err != nil {
 			if !os.IsNotExist(err) {
 				return errors.WithMessage(err, "config: failed to open timezone file")

config/config_docker.go

@@ -2,9 +2,10 @@ package config
 
 import (
 	"encoding/base64"
-	"encoding/json"
+	"sort"
 
 	"github.com/docker/docker/api/types"
+	"github.com/goccy/go-json"
 )
 
 type dockerNetworkInterfaces struct {
@@ -51,9 +52,9 @@ type DockerConfiguration struct {
 	// Registries .
 	Registries map[string]RegistryConfiguration `json:"registries" yaml:"registries"`
 
-	// The size of the /tmp directory when mounted into a container. Please be aware that Docker
-	// utilizes host memory for this value, and that we do not keep track of the space used here
-	// so avoid allocating too much to a server.
+	// TmpfsSize specifies the size for the /tmp directory mounted into containers. Please be
+	// aware that Docker utilizes the host's system memory for this value, and that we do not
+	// keep track of the space used there, so avoid allocating too much to a server.
 	TmpfsSize uint `default:"100" json:"tmpfs_size" yaml:"tmpfs_size"`
 
 	// ContainerPidLimit sets the total number of processes that can be active in a container
@@ -62,14 +63,20 @@ type DockerConfiguration struct {
 	// available pids and crash.
 	ContainerPidLimit int64 `default:"512" json:"container_pid_limit" yaml:"container_pid_limit"`
 
-	// InstallLimits defines the limits on the installer containers that prevents a server's
+	// InstallerLimits defines the limits on the installer containers that prevents a server's
 	// installation process from unintentionally consuming more resources than expected. This
 	// is used in conjunction with the server's defined limits. Whichever value is higher will
-	// take precedence in the install containers.
+	// take precedence in the installer containers.
 	InstallerLimits struct {
 		Memory int64 `default:"1024" json:"memory" yaml:"memory"`
 		Cpu    int64 `default:"100" json:"cpu" yaml:"cpu"`
 	} `json:"installer_limits" yaml:"installer_limits"`
+
+	// Overhead controls the memory overhead given to all containers to circumvent certain
+	// software such as the JVM not staying below the maximum memory limit.
+	Overhead Overhead `json:"overhead" yaml:"overhead"`
+
+	UsePerformantInspect bool `default:"true" json:"use_performant_inspect" yaml:"use_performant_inspect"`
 }
 
 // RegistryConfiguration defines the authentication credentials for a given
@@ -91,3 +98,62 @@ func (c RegistryConfiguration) Base64() (string, error) {
 	}
 	return base64.URLEncoding.EncodeToString(b), nil
 }
+
+// Overhead controls the memory overhead given to all containers to circumvent certain
+// software such as the JVM not staying below the maximum memory limit.
+type Overhead struct {
+	// Override controls if the overhead limits should be overridden by the values in the config file.
+	Override bool `default:"false" json:"override" yaml:"override"`
+
+	// DefaultMultiplier sets the default multiplier for if no Multipliers are able to be applied.
+	DefaultMultiplier float64 `default:"1.05" json:"default_multiplier" yaml:"default_multiplier"`
+
+	// Multipliers allows overriding DefaultMultiplier depending on the amount of memory
+	// configured for a server.
+	//
+	// Default values (used if Override is `false`)
+	// - Less than 2048 MB of memory, multiplier of 1.15 (15%)
+	// - Less than 4096 MB of memory, multiplier of 1.10 (10%)
+	// - Otherwise, multiplier of 1.05 (5%) - specified in DefaultMultiplier
+	//
+	// If the defaults were specified in the config they would look like:
+	// ```yaml
+	// multipliers:
+	//   2048: 1.15
+	//   4096: 1.10
+	// ```
+	Multipliers map[int]float64 `json:"multipliers" yaml:"multipliers"`
+}
+
+func (o Overhead) GetMultiplier(memoryLimit int64) float64 {
+	// Default multiplier values.
+	if !o.Override {
+		if memoryLimit <= 2048 {
+			return 1.15
+		} else if memoryLimit <= 4096 {
+			return 1.10
+		}
+		return 1.05
+	}
+
+	// This plucks the keys of the Multipliers map, so they can be sorted from
+	// smallest to largest in order to correctly apply the proper multiplier.
+	i := 0
+	multipliers := make([]int, len(o.Multipliers))
+	for k := range o.Multipliers {
+		multipliers[i] = k
+		i++
+	}
+	sort.Ints(multipliers)
+
+	// Loop through the memory values in order (smallest to largest)
+	for _, m := range multipliers {
+		// If the server's memory limit exceeds the modifier's limit, don't apply it.
+		if memoryLimit > int64(m) {
+			continue
+		}
+		return o.Multipliers[m]
+	}
+
+	return o.DefaultMultiplier
+}

environment/allocations.go

@@ -31,7 +31,7 @@ type Allocations struct {
 //
 // You'll want to use DockerBindings() if you need to re-map 127.0.0.1 to the Docker interface.
 func (a *Allocations) Bindings() nat.PortMap {
-	var out = nat.PortMap{}
+	out := nat.PortMap{}
 
 	for ip, ports := range a.Mappings {
 		for _, port := range ports {
@@ -94,7 +94,7 @@ func (a *Allocations) DockerBindings() nat.PortMap {
 // To accomplish this, we'll just get the values from "DockerBindings" and then set them
 // to empty structs. Because why not.
 func (a *Allocations) Exposed() nat.PortSet {
-	var out = nat.PortSet{}
+	out := nat.PortSet{}
 
 	for port := range a.DockerBindings() {
 		out[port] = struct{}{}

environment/docker.go

@@ -14,8 +14,10 @@ import (
 	"github.com/pterodactyl/wings/config"
 )
 
-var _conce sync.Once
-var _client *client.Client
+var (
+	_conce  sync.Once
+	_client *client.Client
+)
 
 // Docker returns a docker client to be used throughout the codebase. Once a
 // client has been created it will be returned for all subsequent calls to this

environment/docker/api.go

@@ -0,0 +1,116 @@
+package docker
+
+import (
+	"context"
+	"io"
+	"net/http"
+	"reflect"
+	"strings"
+	"sync"
+
+	"emperror.dev/errors"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/versions"
+	"github.com/docker/docker/client"
+	"github.com/docker/docker/errdefs"
+	"github.com/goccy/go-json"
+	"github.com/pterodactyl/wings/config"
+)
+
+var (
+	o           sync.Once
+	cli         cliSettings
+	fastEnabled bool
+)
+
+type cliSettings struct {
+	enabled bool
+	proto   string
+	host    string
+	scheme  string
+	version string
+}
+
+func configure(c *client.Client) {
+	o.Do(func() {
+		fastEnabled = config.Get().Docker.UsePerformantInspect
+
+		r := reflect.ValueOf(c).Elem()
+		cli.proto = r.FieldByName("proto").String()
+		cli.host = r.FieldByName("addr").String()
+		cli.scheme = r.FieldByName("scheme").String()
+		cli.version = r.FieldByName("version").String()
+	})
+}
+
+// ContainerInspect is a rough equivalent of Docker's client.ContainerInspect()
+// but re-written to use a more performant JSON decoder. This is important since
+// a large number of requests to this endpoint are spawned by Wings, and the
+// standard "encoding/json" shows its performance woes badly even with single
+// containers running.
+func (e *Environment) ContainerInspect(ctx context.Context) (types.ContainerJSON, error) {
+	configure(e.client)
+
+	// Support feature flagging of this functionality so that if something goes
+	// wrong for now it is easy enough for people to switch back to the older method
+	// of fetching stats.
+	if !fastEnabled {
+		return e.client.ContainerInspect(ctx, e.Id)
+	}
+
+	var st types.ContainerJSON
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, "/containers/"+e.Id+"/json", nil)
+	if err != nil {
+		return st, errors.WithStack(err)
+	}
+
+	if cli.proto == "unix" || cli.proto == "npipe" {
+		req.Host = "docker"
+	}
+
+	req.URL.Host = cli.host
+	req.URL.Scheme = cli.scheme
+
+	res, err := e.client.HTTPClient().Do(req)
+	if err != nil {
+		return st, errdefs.FromStatusCode(err, res.StatusCode)
+	}
+
+	body, err := io.ReadAll(res.Body)
+	if err != nil {
+		return st, errors.Wrap(err, "failed to read response body from Docker")
+	}
+	if err := parseErrorFromResponse(res, body); err != nil {
+		return st, errdefs.FromStatusCode(err, res.StatusCode)
+	}
+	if err := json.Unmarshal(body, &st); err != nil {
+		return st, errors.WithStack(err)
+	}
+	return st, nil
+}
+
+// parseErrorFromResponse is a re-implementation of Docker's
+// client.checkResponseErr() function.
+func parseErrorFromResponse(res *http.Response, body []byte) error {
+	if res.StatusCode >= 200 && res.StatusCode < 400 {
+		return nil
+	}
+
+	var ct string
+	if res.Header != nil {
+		ct = res.Header.Get("Content-Type")
+	}
+
+	var emsg string
+	if (cli.version == "" || versions.GreaterThan(cli.version, "1.23")) && ct == "application/json" {
+		var errResp types.ErrorResponse
+		if err := json.Unmarshal(body, &errResp); err != nil {
+			return errors.WithStack(err)
+		}
+		emsg = strings.TrimSpace(errResp.Message)
+	} else {
+		emsg = strings.TrimSpace(string(body))
+	}
+
+	return errors.Wrap(errors.New(emsg), "Error response from daemon")
+}

environment/docker/container.go

@@ -3,7 +3,6 @@ package docker
 import (
 	"bufio"
 	"context"
-	"encoding/json"
 	"fmt"
 	"io"
 	"strconv"
@@ -12,6 +11,7 @@ import (
 
 	"emperror.dev/errors"
 	"github.com/apex/log"
+	"github.com/buger/jsonparser"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/mount"
@@ -49,10 +49,12 @@ func (e *Environment) Attach(ctx context.Context) error {
 	if e.IsAttached() {
 		return nil
 	}
+	e.log().Debug("not attached to container, continuing with attach...")
 
 	if err := e.followOutput(); err != nil {
 		return err
 	}
+	e.log().Debug("following container output")
 
 	opts := types.ContainerAttachOptions{
 		Stdin:  true,
@@ -62,11 +64,13 @@ func (e *Environment) Attach(ctx context.Context) error {
 	}
 
 	// Set the stream again with the container.
+	e.log().Debug("attempting to attach...")
 	if st, err := e.client.ContainerAttach(ctx, e.Id, opts); err != nil {
 		return err
 	} else {
 		e.SetStream(&st)
 	}
+	e.log().Debug("attached!")
 
 	go func() {
 		// Don't use the context provided to the function, that'll cause the polling to
@@ -118,7 +122,7 @@ func (e *Environment) InSituUpdate() error {
 	ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)
 	defer cancel()
 
-	if _, err := e.client.ContainerInspect(ctx, e.Id); err != nil {
+	if _, err := e.ContainerInspect(ctx); err != nil {
 		// If the container doesn't exist for some reason there really isn't anything
 		// we can do to fix that in this process (it doesn't make sense at least). In those
 		// cases just return without doing anything since we still want to save the configuration
@@ -150,7 +154,7 @@ func (e *Environment) Create() error {
 	// If the container already exists don't hit the user with an error, just return
 	// the current information about it which is what we would do when creating the
 	// container anyways.
-	if _, err := e.client.ContainerInspect(context.Background(), e.Id); err == nil {
+	if _, err := e.ContainerInspect(context.Background()); err == nil {
 		return nil
 	} else if !client.IsErrNotFound(err) {
 		return errors.Wrap(err, "environment/docker: failed to inspect container")
@@ -175,7 +179,7 @@ func (e *Environment) Create() error {
 	conf := &container.Config{
 		Hostname:     e.Id,
 		Domainname:   config.Get().Docker.Domainname,
-		User:         strconv.Itoa(config.Get().System.User.Uid),
+		User:         strconv.Itoa(config.Get().System.User.Uid) + ":" + strconv.Itoa(config.Get().System.User.Gid),
 		AttachStdin:  true,
 		AttachStdout: true,
 		AttachStderr: true,
@@ -342,10 +346,10 @@ func (e *Environment) followOutput() error {
 func (e *Environment) scanOutput(reader io.ReadCloser) {
 	defer reader.Close()
 
-	events := e.Events()
-
-	if err := system.ScanReader(reader, func(line string) {
-		events.Publish(environment.ConsoleOutputEvent, line)
+	if err := system.ScanReader(reader, func(v []byte) {
+		e.logCallbackMx.Lock()
+		defer e.logCallbackMx.Unlock()
+		e.logCallback(v)
 	}); err != nil && err != io.EOF {
 		log.WithField("error", err).WithField("container_id", e.Id).Warn("error processing scanner line in console output")
 		return
@@ -364,11 +368,6 @@ func (e *Environment) scanOutput(reader io.ReadCloser) {
 	go e.followOutput()
 }
 
-type imagePullStatus struct {
-	Status   string `json:"status"`
-	Progress string `json:"progress"`
-}
-
 // Pulls the image from Docker. If there is an error while pulling the image
 // from the source but the image already exists locally, we will report that
 // error to the logger but continue with the process.
@@ -454,12 +453,11 @@ func (e *Environment) ensureImageExists(image string) error {
 	scanner := bufio.NewScanner(out)
 
 	for scanner.Scan() {
-		s := imagePullStatus{}
-		fmt.Println(scanner.Text())
+		b := scanner.Bytes()
+		status, _ := jsonparser.GetString(b, "status")
+		progress, _ := jsonparser.GetString(b, "progress")
 
-		if err := json.Unmarshal(scanner.Bytes(), &s); err == nil {
-			e.Events().Publish(environment.DockerImagePullStatus, s.Status+" "+s.Progress)
-		}
+		e.Events().Publish(environment.DockerImagePullStatus, status+" "+progress)
 	}
 
 	if err := scanner.Err(); err != nil {

environment/docker/environment.go

@@ -10,7 +10,6 @@ import (
 	"github.com/apex/log"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
-
 	"github.com/pterodactyl/wings/environment"
 	"github.com/pterodactyl/wings/events"
 	"github.com/pterodactyl/wings/remote"
@@ -49,7 +48,10 @@ type Environment struct {
 	// Holds the stats stream used by the polling commands so that we can easily close it out.
 	stats io.ReadCloser
 
-	emitter *events.EventBus
+	emitter *events.Bus
+
+	logCallbackMx sync.Mutex
+	logCallback   func([]byte)
 
 	// Tracks the environment state.
 	st *system.AtomicString
@@ -100,9 +102,9 @@ func (e *Environment) IsAttached() bool {
 	return e.stream != nil
 }
 
-func (e *Environment) Events() *events.EventBus {
+func (e *Environment) Events() *events.Bus {
 	e.eventMu.Do(func() {
-		e.emitter = events.New()
+		e.emitter = events.NewBus()
 	})
 
 	return e.emitter
@@ -113,8 +115,7 @@ func (e *Environment) Events() *events.EventBus {
 // will work fine when using the container name as the lookup parameter in addition to the longer
 // ID auto-assigned when the container is created.
 func (e *Environment) Exists() (bool, error) {
-	_, err := e.client.ContainerInspect(context.Background(), e.Id)
-
+	_, err := e.ContainerInspect(context.Background())
 	if err != nil {
 		// If this error is because the container instance wasn't found via Docker we
 		// can safely ignore the error and just return false.
@@ -138,7 +139,7 @@ func (e *Environment) Exists() (bool, error) {
 //
 // @see docker/client/errors.go
 func (e *Environment) IsRunning(ctx context.Context) (bool, error) {
-	c, err := e.client.ContainerInspect(ctx, e.Id)
+	c, err := e.ContainerInspect(ctx)
 	if err != nil {
 		return false, err
 	}
@@ -148,7 +149,7 @@ func (e *Environment) IsRunning(ctx context.Context) (bool, error) {
 // Determine the container exit state and return the exit code and whether or not
 // the container was killed by the OOM killer.
 func (e *Environment) ExitState() (uint32, bool, error) {
-	c, err := e.client.ContainerInspect(context.Background(), e.Id)
+	c, err := e.ContainerInspect(context.Background())
 	if err != nil {
 		// I'm not entirely sure how this can happen to be honest. I tried deleting a
 		// container _while_ a server was running and wings gracefully saw the crash and
@@ -215,3 +216,10 @@ func (e *Environment) SetState(state string) {
 		e.Events().Publish(environment.StateChangeEvent, state)
 	}
 }
+
+func (e *Environment) SetLogCallback(f func([]byte)) {
+	e.logCallbackMx.Lock()
+	defer e.logCallbackMx.Unlock()
+
+	e.logCallback = f
+}

environment/docker/power.go

@@ -66,7 +66,7 @@ func (e *Environment) Start(ctx context.Context) error {
 		}
 	}()
 
-	if c, err := e.client.ContainerInspect(ctx, e.Id); err != nil {
+	if c, err := e.ContainerInspect(ctx); err != nil {
 		// Do nothing if the container is not found, we just don't want to continue
 		// to the next block of code here. This check was inlined here to guard against
 		// a nil-pointer when checking c.State below.
@@ -111,14 +111,19 @@ func (e *Environment) Start(ctx context.Context) error {
 	actx, cancel := context.WithTimeout(ctx, time.Second*30)
 	defer cancel()
 
+	if err := e.Attach(actx); err != nil {
+		return err
+	}
+
+	e.log().Debug("attempting to start container...")
 	if err := e.client.ContainerStart(actx, e.Id, types.ContainerStartOptions{}); err != nil {
 		return errors.WrapIf(err, "environment/docker: failed to start container")
 	}
+	e.log().Debug("started container!")
 
 	// No errors, good to continue through.
 	sawError = false
-
-	return e.Attach(actx)
+	return nil
 }
 
 // Stop stops the container that the server is running in. This will allow up to
@@ -235,7 +240,7 @@ func (e *Environment) WaitForStop(seconds uint, terminate bool) error {
 
 // Terminate forcefully terminates the container using the signal provided.
 func (e *Environment) Terminate(signal os.Signal) error {
-	c, err := e.client.ContainerInspect(context.Background(), e.Id)
+	c, err := e.ContainerInspect(context.Background())
 	if err != nil {
 		// Treat missing containers as an okay error state, means it is obviously
 		// already terminated at this point.

environment/docker/stats.go

@@ -2,13 +2,13 @@ package docker
 
 import (
 	"context"
-	"encoding/json"
 	"io"
 	"math"
 	"time"
 
 	"emperror.dev/errors"
 	"github.com/docker/docker/api/types"
+	"github.com/goccy/go-json"
 
 	"github.com/pterodactyl/wings/environment"
 )
@@ -16,7 +16,7 @@ import (
 // Uptime returns the current uptime of the container in milliseconds. If the
 // container is not currently running this will return 0.
 func (e *Environment) Uptime(ctx context.Context) (int64, error) {
-	ins, err := e.client.ContainerInspect(ctx, e.Id)
+	ins, err := e.ContainerInspect(ctx)
 	if err != nil {
 		return 0, errors.Wrap(err, "environment: could not inspect container")
 	}
@@ -90,11 +90,7 @@ func (e *Environment) pollResources(ctx context.Context) error {
 				st.Network.TxBytes += nw.TxBytes
 			}
 
-			if b, err := json.Marshal(st); err != nil {
-				e.log().WithField("error", err).Warn("error while marshaling stats object for environment")
-			} else {
-				e.Events().Publish(environment.ResourceEvent, string(b))
-			}
+			e.Events().Publish(environment.ResourceEvent, st)
 		}
 	}
 }

environment/environment.go

@@ -8,7 +8,6 @@ import (
 )
 
 const (
-	ConsoleOutputEvent       = "console output"
 	StateChangeEvent         = "state change"
 	ResourceEvent            = "resources"
 	DockerImagePullStarted   = "docker image pull started"
@@ -35,7 +34,7 @@ type ProcessEnvironment interface {
 	// Returns an event emitter instance that can be hooked into to listen for different
 	// events that are fired by the environment. This should not allow someone to publish
 	// events, only subscribe to them.
-	Events() *events.EventBus
+	Events() *events.Bus
 
 	// Determines if the server instance exists. For example, in a docker environment
 	// this should confirm that the container is created and in a bootable state. In
@@ -108,4 +107,7 @@ type ProcessEnvironment interface {
 	// Uptime returns the current environment uptime in milliseconds. This is
 	// the time that has passed since it was last started.
 	Uptime(ctx context.Context) (int64, error)
+
+	// SetLogCallback sets the callback that the container's log output will be passed to.
+	SetLogCallback(func([]byte))
 }

environment/settings.go

@@ -75,13 +75,7 @@ func (l Limits) ConvertedCpuLimit() int64 {
 // server is < 4G, use 10%, if less than 2G use 15%. This avoids unexpected
 // crashes from processes like Java which run over the limit.
 func (l Limits) MemoryOverheadMultiplier() float64 {
-	if l.MemoryLimit <= 2048 {
-		return 1.15
-	} else if l.MemoryLimit <= 4096 {
-		return 1.10
-	}
-
-	return 1.05
+	return config.Get().Docker.Overhead.GetMultiplier(l.MemoryLimit)
 }
 
 func (l Limits) BoundedMemoryLimit() int64 {

events/events.go

@@ -1,32 +1,85 @@
 package events
 
 import (
-	"encoding/json"
 	"strings"
 	"sync"
-
-	"github.com/gammazero/workerpool"
 )
 
+type Listener chan Event
+
+// Event represents an Event sent over a Bus.
 type Event struct {
-	Data  string
 	Topic string
+	Data  interface{}
 }
 
-type EventBus struct {
-	mu    sync.RWMutex
-	pools map[string]*CallbackPool
+// Bus represents an Event Bus.
+type Bus struct {
+	listenersMx sync.Mutex
+	listeners   map[string][]Listener
 }
 
-func New() *EventBus {
-	return &EventBus{
-		pools: make(map[string]*CallbackPool),
+// NewBus returns a new empty Event Bus.
+func NewBus() *Bus {
+	return &Bus{
+		listeners: make(map[string][]Listener),
 	}
 }
 
-// Publish data to a given topic.
-func (e *EventBus) Publish(topic string, data string) {
-	t := topic
+// Off unregisters a listener from the specified topics on the Bus.
+func (b *Bus) Off(listener Listener, topics ...string) {
+	b.listenersMx.Lock()
+	defer b.listenersMx.Unlock()
+
+	var closed bool
+
+	for _, topic := range topics {
+		ok := b.off(topic, listener)
+		if !closed && ok {
+			close(listener)
+			closed = true
+		}
+	}
+}
+
+func (b *Bus) off(topic string, listener Listener) bool {
+	listeners, ok := b.listeners[topic]
+	if !ok {
+		return false
+	}
+	for i, l := range listeners {
+		if l != listener {
+			continue
+		}
+
+		listeners = append(listeners[:i], listeners[i+1:]...)
+		b.listeners[topic] = listeners
+		return true
+	}
+	return false
+}
+
+// On registers a listener to the specified topics on the Bus.
+func (b *Bus) On(listener Listener, topics ...string) {
+	b.listenersMx.Lock()
+	defer b.listenersMx.Unlock()
+
+	for _, topic := range topics {
+		b.on(topic, listener)
+	}
+}
+
+func (b *Bus) on(topic string, listener Listener) {
+	listeners, ok := b.listeners[topic]
+	if !ok {
+		b.listeners[topic] = []Listener{listener}
+	} else {
+		b.listeners[topic] = append(listeners, listener)
+	}
+}
+
+// Publish publishes a message to the Bus.
+func (b *Bus) Publish(topic string, data interface{}) {
 	// Some of our topics for the socket support passing a more specific namespace,
 	// such as "backup completed:1234" to indicate which specific backup was completed.
 	//
@@ -36,87 +89,63 @@ func (e *EventBus) Publish(topic string, data string) {
 		parts := strings.SplitN(topic, ":", 2)
 
 		if len(parts) == 2 {
-			t = parts[0]
+			topic = parts[0]
 		}
 	}
 
-	e.mu.RLock()
-	defer e.mu.RUnlock()
+	b.listenersMx.Lock()
+	defer b.listenersMx.Unlock()
 
-	// Acquire a read lock and loop over all the channels registered for the topic. This
-	// avoids a panic crash if the process tries to unregister the channel while this routine
-	// is running.
-	if cp, ok := e.pools[t]; ok {
-		for _, callback := range cp.callbacks {
-			c := *callback
-			evt := Event{Data: data, Topic: topic}
-			// Using the workerpool with one worker allows us to execute events in a FIFO manner. Running
-			// this using goroutines would cause things such as console output to just output in random order
-			// if more than one event is fired at the same time.
-			//
-			// However, the pool submission does not block the execution of this function itself, allowing
-			// us to call publish without blocking any of the other pathways.
-			//
-			// @see https://github.com/pterodactyl/panel/issues/2303
-			cp.pool.Submit(func() {
-				c(evt)
-			})
-		}
+	listeners, ok := b.listeners[topic]
+	if !ok {
+		return
 	}
-}
-
-// PublishJson publishes a JSON message to a given topic.
-func (e *EventBus) PublishJson(topic string, data interface{}) error {
-	b, err := json.Marshal(data)
-	if err != nil {
-		return err
+	if len(listeners) < 1 {
+		return
 	}
 
-	e.Publish(topic, string(b))
-
-	return nil
+	var wg sync.WaitGroup
+	event := Event{Topic: topic, Data: data}
+	for _, listener := range listeners {
+		l := listener
+		wg.Add(1)
+		go func(l Listener, event Event) {
+			defer wg.Done()
+			l <- event
+		}(l, event)
+	}
+	wg.Wait()
 }
 
-// On adds a callback function that will be executed each time one of the events using the topic
-// name is called.
-func (e *EventBus) On(topic string, callback *func(Event)) {
-	e.mu.Lock()
-	defer e.mu.Unlock()
+// Destroy destroys the Event Bus by unregistering and closing all listeners.
+func (b *Bus) Destroy() {
+	b.listenersMx.Lock()
+	defer b.listenersMx.Unlock()
 
-	// Check if this topic has been registered at least once for the event listener, and if
-	// not create an empty struct for the topic.
-	if _, exists := e.pools[topic]; !exists {
-		e.pools[topic] = &CallbackPool{
-			callbacks: make([]*func(Event), 0),
-			pool:      workerpool.New(1),
+	// Track what listeners have already been closed. Because the same listener
+	// can be listening on multiple topics, we need a way to essentially
+	// "de-duplicate" all the listeners across all the topics.
+	var closed []Listener
+
+	for _, listeners := range b.listeners {
+		for _, listener := range listeners {
+			if contains(closed, listener) {
+				continue
+			}
+
+			close(listener)
+			closed = append(closed, listener)
 		}
 	}
 
-	// If this callback is not already registered as an event listener, go ahead and append
-	// it to the array of callbacks for this topic.
-	e.pools[topic].Add(callback)
+	b.listeners = make(map[string][]Listener)
 }
 
-// Off removes an event listener from the bus.
-func (e *EventBus) Off(topic string, callback *func(Event)) {
-	e.mu.Lock()
-	defer e.mu.Unlock()
-
-	if cp, ok := e.pools[topic]; ok {
-		cp.Remove(callback)
+func contains(closed []Listener, listener Listener) bool {
+	for _, c := range closed {
+		if c == listener {
+			return true
+		}
 	}
-}
-
-// Destroy removes all the event listeners that have been registered for any topic. Also stops the worker
-// pool to close that routine.
-func (e *EventBus) Destroy() {
-	e.mu.Lock()
-	defer e.mu.Unlock()
-
-	// Stop every pool that exists for a given callback topic.
-	for _, cp := range e.pools {
-		cp.pool.Stop()
-	}
-
-	e.pools = make(map[string]*CallbackPool)
+	return false
 }

events/events_test.go

@@ -0,0 +1,170 @@
+package events
+
+import (
+	"testing"
+	"time"
+
+	. "github.com/franela/goblin"
+)
+
+func TestNewBus(t *testing.T) {
+	g := Goblin(t)
+	bus := NewBus()
+
+	g.Describe("NewBus", func() {
+		g.It("is not nil", func() {
+			g.Assert(bus).IsNotNil("Bus expected to not be nil")
+			g.Assert(bus.listeners).IsNotNil("Bus#listeners expected to not be nil")
+		})
+	})
+}
+
+func TestBus_Off(t *testing.T) {
+	g := Goblin(t)
+
+	const topic = "test"
+
+	g.Describe("Off", func() {
+		g.It("unregisters listener", func() {
+			bus := NewBus()
+
+			g.Assert(bus.listeners[topic]).IsNotNil()
+			g.Assert(len(bus.listeners[topic])).IsZero()
+			listener := make(chan Event)
+			bus.On(listener, topic)
+			g.Assert(len(bus.listeners[topic])).Equal(1, "Listener was not registered")
+
+			bus.Off(listener, topic)
+			g.Assert(len(bus.listeners[topic])).Equal(0, "Topic still has one or more listeners")
+		})
+
+		g.It("unregisters correct listener", func() {
+			bus := NewBus()
+
+			listener := make(chan Event)
+			listener2 := make(chan Event)
+			listener3 := make(chan Event)
+			bus.On(listener, topic)
+			bus.On(listener2, topic)
+			bus.On(listener3, topic)
+			g.Assert(len(bus.listeners[topic])).Equal(3, "Listeners were not registered")
+
+			bus.Off(listener, topic)
+			bus.Off(listener3, topic)
+			g.Assert(len(bus.listeners[topic])).Equal(1, "Expected 1 listener to remain")
+
+			if bus.listeners[topic][0] != listener2 {
+				// A normal Assert does not properly compare channels.
+				g.Fail("wrong listener unregistered")
+			}
+
+			// Cleanup
+			bus.Off(listener2, topic)
+		})
+	})
+}
+
+func TestBus_On(t *testing.T) {
+	g := Goblin(t)
+
+	const topic = "test"
+
+	g.Describe("On", func() {
+		g.It("registers listener", func() {
+			bus := NewBus()
+
+			g.Assert(bus.listeners[topic]).IsNotNil()
+			g.Assert(len(bus.listeners[topic])).IsZero()
+			listener := make(chan Event)
+			bus.On(listener, topic)
+			g.Assert(len(bus.listeners[topic])).Equal(1, "Listener was not registered")
+
+			if bus.listeners[topic][0] != listener {
+				// A normal Assert does not properly compare channels.
+				g.Fail("wrong listener registered")
+			}
+
+			// Cleanup
+			bus.Off(listener, topic)
+		})
+	})
+}
+
+func TestBus_Publish(t *testing.T) {
+	g := Goblin(t)
+
+	const topic = "test"
+	const message = "this is a test message!"
+
+	g.Describe("Publish", func() {
+		g.It("publishes message", func() {
+			bus := NewBus()
+
+			g.Assert(bus.listeners[topic]).IsNotNil()
+			g.Assert(len(bus.listeners[topic])).IsZero()
+			listener := make(chan Event)
+			bus.On(listener, topic)
+			g.Assert(len(bus.listeners[topic])).Equal(1, "Listener was not registered")
+
+			done := make(chan struct{}, 1)
+			go func() {
+				select {
+				case m := <-listener:
+					g.Assert(m.Topic).Equal(topic)
+					g.Assert(m.Data).Equal(message)
+				case <-time.After(1 * time.Second):
+					g.Fail("listener did not receive message in time")
+				}
+				done <- struct{}{}
+			}()
+			bus.Publish(topic, message)
+			<-done
+
+			// Cleanup
+			bus.Off(listener, topic)
+		})
+
+		g.It("publishes message to all listeners", func() {
+			bus := NewBus()
+
+			g.Assert(bus.listeners[topic]).IsNotNil()
+			g.Assert(len(bus.listeners[topic])).IsZero()
+			listener := make(chan Event)
+			listener2 := make(chan Event)
+			listener3 := make(chan Event)
+			bus.On(listener, topic)
+			bus.On(listener2, topic)
+			bus.On(listener3, topic)
+			g.Assert(len(bus.listeners[topic])).Equal(3, "Listener was not registered")
+
+			done := make(chan struct{}, 1)
+			go func() {
+				for i := 0; i < 3; i++ {
+					select {
+					case m := <-listener:
+						g.Assert(m.Topic).Equal(topic)
+						g.Assert(m.Data).Equal(message)
+					case m := <-listener2:
+						g.Assert(m.Topic).Equal(topic)
+						g.Assert(m.Data).Equal(message)
+					case m := <-listener3:
+						g.Assert(m.Topic).Equal(topic)
+						g.Assert(m.Data).Equal(message)
+					case <-time.After(1 * time.Second):
+						g.Fail("all listeners did not receive the message in time")
+						i = 3
+					}
+				}
+
+				done <- struct{}{}
+			}()
+			bus.Publish(topic, message)
+			<-done
+
+			// Cleanup
+			bus.Off(listener, topic)
+			bus.Off(listener2, topic)
+			bus.Off(listener3, topic)
+		})
+	})
+}

events/pool.go

@@ -1,50 +0,0 @@
-package events
-
-import (
-	"reflect"
-
-	"github.com/gammazero/workerpool"
-)
-
-type CallbackPool struct {
-	callbacks []*func(Event)
-	pool      *workerpool.WorkerPool
-}
-
-// Pushes a new callback into the array of listeners for the pool.
-func (cp *CallbackPool) Add(callback *func(Event)) {
-	if cp.index(reflect.ValueOf(callback)) < 0 {
-		cp.callbacks = append(cp.callbacks, callback)
-	}
-}
-
-// Removes a callback from the array of registered callbacks if it exists.
-func (cp *CallbackPool) Remove(callback *func(Event)) {
-	i := cp.index(reflect.ValueOf(callback))
-
-	// If i < 0 it means there was no index found for the given callback, meaning it was
-	// never registered or was already unregistered from the listeners. Also double check
-	// that we didn't somehow escape the length of the topic callback (not sure how that
-	// would happen, but lets avoid a panic condition).
-	if i < 0 || i >= len(cp.callbacks) {
-		return
-	}
-
-	// We can assume that the topic still exists at this point since we acquire an exclusive
-	// lock on the process, and the "e.index" function cannot return a value >= 0 if there is
-	// no topic already existing.
-	cp.callbacks = append(cp.callbacks[:i], cp.callbacks[i+1:]...)
-}
-
-// Finds the index of a given callback in the topic by comparing all of the registered callback
-// pointers to the passed function. This function does not aquire a lock as it should only be called
-// within the confines of a function that has already acquired a lock for the duration of the lookup.
-func (cp *CallbackPool) index(v reflect.Value) int {
-	for i, handler := range cp.callbacks {
-		if reflect.ValueOf(handler).Pointer() == v.Pointer() {
-			return i
-		}
-	}
-
-	return -1
-}

go.mod

@@ -1,22 +1,18 @@
 module github.com/pterodactyl/wings
 
-go 1.16
+go 1.17
 
 require (
 	emperror.dev/errors v0.8.0
 	github.com/AlecAivazis/survey/v2 v2.2.15
 	github.com/Jeffail/gabs/v2 v2.6.1
-	github.com/Microsoft/go-winio v0.5.0 // indirect
-	github.com/Microsoft/hcsshim v0.8.20 // indirect
 	github.com/NYTimes/logrotate v1.0.0
-	github.com/andybalholm/brotli v1.0.3 // indirect
 	github.com/apex/log v1.9.0
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
 	github.com/beevik/etree v1.1.0
 	github.com/buger/jsonparser v1.1.1
 	github.com/cenkalti/backoff/v4 v4.1.1
 	github.com/cobaugh/osrelease v0.0.0-20181218015638-a93a0a55a249
-	github.com/containerd/containerd v1.5.5 // indirect
 	github.com/creasty/defaults v1.5.1
 	github.com/docker/docker v20.10.7+incompatible
 	github.com/docker/go-connections v0.4.0
@@ -26,47 +22,97 @@ require (
 	github.com/gammazero/workerpool v1.1.2
 	github.com/gbrlsnchs/jwt/v3 v3.0.1
 	github.com/gin-gonic/gin v1.7.2
-	github.com/go-playground/validator/v10 v10.8.0 // indirect
-	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/uuid v1.3.0
-	github.com/gorilla/mux v1.7.4 // indirect
 	github.com/gorilla/websocket v1.4.2
 	github.com/iancoleman/strcase v0.2.0
 	github.com/icza/dyno v0.0.0-20210726202311-f1bafe5d9996
 	github.com/juju/ratelimit v1.0.1
 	github.com/karrick/godirwalk v1.16.1
-	github.com/klauspost/compress v1.13.2 // indirect
 	github.com/klauspost/pgzip v1.2.5
-	github.com/magefile/mage v1.11.0 // indirect
 	github.com/magiconair/properties v1.8.5
 	github.com/mattn/go-colorable v0.1.8
-	github.com/mattn/go-isatty v0.0.13 // indirect
-	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
 	github.com/mholt/archiver/v3 v3.5.0
 	github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db
-	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
-	github.com/morikuni/aec v1.0.0 // indirect
-	github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
-	github.com/nwaples/rardecode v1.1.1 // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible
-	github.com/pierrec/lz4/v4 v4.1.8 // indirect
 	github.com/pkg/profile v1.6.0
 	github.com/pkg/sftp v1.13.2
-	github.com/prometheus/common v0.30.0 // indirect
-	github.com/prometheus/procfs v0.7.1 // indirect
 	github.com/sabhiram/go-gitignore v0.0.0-20201211210132-54b8a0bf510f
 	github.com/spf13/cobra v1.2.1
 	github.com/stretchr/testify v1.7.0
-	github.com/ulikunitz/xz v0.5.10 // indirect
-	go.uber.org/atomic v1.9.0 // indirect
-	go.uber.org/multierr v1.7.0 // indirect
 	golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97
-	golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985 // indirect
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
-	golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b // indirect
-	golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
-	google.golang.org/genproto v0.0.0-20210729151513-df9385d47c1b // indirect
-	gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect
 	gopkg.in/ini.v1 v1.62.0
 	gopkg.in/yaml.v2 v2.4.0
 )
+
+require github.com/goccy/go-json v0.9.4
+
+require golang.org/x/sys v0.0.0-20211110154304-99a53858aa08 // indirect
+
+require (
+	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
+	github.com/Microsoft/go-winio v0.5.0 // indirect
+	github.com/Microsoft/hcsshim v0.8.20 // indirect
+	github.com/andybalholm/brotli v1.0.3 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.1.1 // indirect
+	github.com/containerd/containerd v1.5.5 // indirect
+	github.com/containerd/fifo v1.0.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/docker/distribution v2.7.1+incompatible // indirect
+	github.com/docker/go-metrics v0.0.1 // indirect
+	github.com/docker/go-units v0.4.0 // indirect
+	github.com/dsnet/compress v0.0.1 // indirect
+	github.com/fsnotify/fsnotify v1.4.9 // indirect
+	github.com/gammazero/deque v0.1.0 // indirect
+	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/go-playground/locales v0.13.0 // indirect
+	github.com/go-playground/universal-translator v0.17.0 // indirect
+	github.com/go-playground/validator/v10 v10.8.0 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/golang/snappy v0.0.4 // indirect
+	github.com/gorilla/mux v1.7.4 // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.11 // indirect
+	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
+	github.com/klauspost/compress v1.13.2 // indirect
+	github.com/kr/fs v0.1.0 // indirect
+	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/magefile/mage v1.11.0 // indirect
+	github.com/mattn/go-isatty v0.0.13 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
+	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
+	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.1 // indirect
+	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
+	github.com/nwaples/rardecode v1.1.1 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/image-spec v1.0.1 // indirect
+	github.com/pierrec/lz4/v4 v4.1.8 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/prometheus/client_golang v1.11.0 // indirect
+	github.com/prometheus/client_model v0.2.0 // indirect
+	github.com/prometheus/common v0.30.0 // indirect
+	github.com/prometheus/procfs v0.7.1 // indirect
+	github.com/sirupsen/logrus v1.8.1 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/ugorji/go/codec v1.1.7 // indirect
+	github.com/ulikunitz/xz v0.5.10 // indirect
+	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
+	go.uber.org/atomic v1.9.0 // indirect
+	go.uber.org/multierr v1.7.0 // indirect
+	golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985 // indirect
+	golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b // indirect
+	golang.org/x/text v0.3.6 // indirect
+	golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
+	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
+	google.golang.org/genproto v0.0.0-20210729151513-df9385d47c1b // indirect
+	google.golang.org/grpc v1.39.0 // indirect
+	google.golang.org/protobuf v1.27.1 // indirect
+	gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
+)

go.sum

@@ -371,6 +371,8 @@ github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn
 github.com/go-playground/validator/v10 v10.8.0 h1:1kAa0fCrnpv+QYdkdcRzrRM7AyYs5o8+jZdJCz9xj6k=
 github.com/go-playground/validator/v10 v10.8.0/go.mod h1:9JhgTzTaE31GZDpH/HSvHiRJrJ3iKAgqqH0Bl/Ocjdk=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/goccy/go-json v0.9.4 h1:L8MLKG2mvVXiQu07qB6hmfqeSYQdOnqPot2GhsIwIaI=
+github.com/goccy/go-json v0.9.4/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
 github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
 github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
@@ -1111,8 +1113,9 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c h1:F1jZWGFhYfh0Ci55sIpILtKKK8p3i2/krTr0H1rg74I=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211110154304-99a53858aa08 h1:WecRHqgE09JBkh/584XIE6PMz5KKE/vER4izNUi30AQ=
+golang.org/x/sys v0.0.0-20211110154304-99a53858aa08/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210503060354-a79de5458b56/go.mod h1:tfny5GFUkzUvx4ps4ajbZsCe5lw1metzhBm9T3x7oIY=
 golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b h1:9zKuko04nR4gjZ4+DNjHqRlAJqbJETHwiNKDqTfOjfE=

loggers/cli/cli.go

@@ -15,9 +15,11 @@ import (
 	"github.com/mattn/go-colorable"
 )
 
-var Default = New(os.Stderr, true)
-var bold = color2.New(color2.Bold)
-var boldred = color2.New(color2.Bold, color2.FgRed)
+var (
+	Default = New(os.Stderr, true)
+	bold    = color2.New(color2.Bold)
+	boldred = color2.New(color2.Bold, color2.FgRed)
+)
 
 var Strings = [...]string{
 	log.DebugLevel: "DEBUG",

parser/helpers.go

@@ -2,7 +2,7 @@ package parser
 
 import (
 	"bytes"
-	"io/ioutil"
+	"io"
 	"os"
 	"regexp"
 	"strconv"
@@ -38,13 +38,13 @@ var xmlValueMatchRegex = regexp.MustCompile(`^\[([\w]+)='(.*)'\]$`)
 // Gets the []byte representation of a configuration file to be passed through to other
 // handler functions. If the file does not currently exist, it will be created.
 func readFileBytes(path string) ([]byte, error) {
-	file, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR, 0644)
+	file, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR, 0o644)
 	if err != nil {
 		return nil, err
 	}
 	defer file.Close()
 
-	return ioutil.ReadAll(file)
+	return io.ReadAll(file)
 }
 
 // Gets the value of a key based on the value type defined.

parser/parser.go

@@ -2,8 +2,6 @@ package parser
 
 import (
 	"bufio"
-	"encoding/json"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strconv"
@@ -15,6 +13,7 @@ import (
 	"github.com/buger/jsonparser"
 	"github.com/icza/dyno"
 	"github.com/magiconair/properties"
+	"github.com/goccy/go-json"
 	"gopkg.in/ini.v1"
 	"gopkg.in/yaml.v2"
 
@@ -81,8 +80,8 @@ func (cp ConfigurationParser) String() string {
 	return string(cp)
 }
 
-// Defines a configuration file for the server startup. These will be looped over
-// and modified before the server finishes booting.
+// ConfigurationFile defines a configuration file for the server startup. These
+// will be looped over and modified before the server finishes booting.
 type ConfigurationFile struct {
 	FileName string                         `json:"file"`
 	Parser   ConfigurationParser            `json:"parser"`
@@ -93,12 +92,10 @@ type ConfigurationFile struct {
 	configuration []byte
 }
 
-// Custom unmarshaler for configuration files. If there is an error while parsing out the
-// replacements, don't fail the entire operation, just log a global warning so someone can
-// find the issue, and return an empty array of replacements.
-//
-// I imagine people will notice configuration replacement isn't working correctly and then
-// the logs should help better expose that issue.
+// UnmarshalJSON is a custom unmarshaler for configuration files. If there is an
+// error while parsing out the replacements, don't fail the entire operation,
+// just log a global warning so someone can find the issue, and return an empty
+// array of replacements.
 func (f *ConfigurationFile) UnmarshalJSON(data []byte) error {
 	var m map[string]*json.RawMessage
 	if err := json.Unmarshal(data, &m); err != nil {
@@ -212,7 +209,7 @@ func (f *ConfigurationFile) Parse(path string, internal bool) error {
 		}
 
 		b := strings.TrimSuffix(path, filepath.Base(path))
-		if err := os.MkdirAll(b, 0755); err != nil {
+		if err := os.MkdirAll(b, 0o755); err != nil {
 			return errors.WithMessage(err, "failed to create base directory for missing configuration file")
 		} else {
 			if _, err := os.Create(path); err != nil {
@@ -229,7 +226,7 @@ func (f *ConfigurationFile) Parse(path string, internal bool) error {
 // Parses an xml file.
 func (f *ConfigurationFile) parseXmlFile(path string) error {
 	doc := etree.NewDocument()
-	file, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR, 0644)
+	file, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR, 0o644)
 	if err != nil {
 		return err
 	}
@@ -322,7 +319,7 @@ func (f *ConfigurationFile) parseIniFile(path string) error {
 	// Ini package can't handle a non-existent file, so handle that automatically here
 	// by creating it if not exists. Then, immediately close the file since we will use
 	// other methods to write the new contents.
-	file, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR, 0644)
+	file, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR, 0o644)
 	if err != nil {
 		return err
 	}
@@ -334,7 +331,29 @@ func (f *ConfigurationFile) parseIniFile(path string) error {
 	}
 
 	for _, replacement := range f.Replace {
-		path := strings.SplitN(replacement.Match, ".", 2)
+		var (
+			path         []string
+			bracketDepth int
+			v            []int32
+		)
+		for _, c := range replacement.Match {
+			switch c {
+			case '[':
+				bracketDepth++
+			case ']':
+				bracketDepth--
+			case '.':
+				if bracketDepth > 0 || len(path) == 1 {
+					v = append(v, c)
+					continue
+				}
+				path = append(path, string(v))
+				v = v[:0]
+			default:
+				v = append(v, c)
+			}
+		}
+		path = append(path, string(v))
 
 		value, err := f.LookupConfigurationValue(replacement)
 		if err != nil {
@@ -387,7 +406,7 @@ func (f *ConfigurationFile) parseJsonFile(path string) error {
 	}
 
 	output := []byte(data.StringIndent("", "    "))
-	return ioutil.WriteFile(path, output, 0644)
+	return os.WriteFile(path, output, 0o644)
 }
 
 // Parses a yaml file and updates any matching key/value pairs before persisting
@@ -424,14 +443,14 @@ func (f *ConfigurationFile) parseYamlFile(path string) error {
 		return err
 	}
 
-	return ioutil.WriteFile(path, marshaled, 0644)
+	return os.WriteFile(path, marshaled, 0o644)
 }
 
 // Parses a text file using basic find and replace. This is a highly inefficient method of
 // scanning a file and performing a replacement. You should attempt to use anything other
 // than this function where possible.
 func (f *ConfigurationFile) parseTextFile(path string) error {
-	input, err := ioutil.ReadFile(path)
+	input, err := os.ReadFile(path)
 	if err != nil {
 		return err
 	}
@@ -449,7 +468,7 @@ func (f *ConfigurationFile) parseTextFile(path string) error {
 		}
 	}
 
-	if err := ioutil.WriteFile(path, []byte(strings.Join(lines, "\n")), 0644); err != nil {
+	if err := os.WriteFile(path, []byte(strings.Join(lines, "\n")), 0o644); err != nil {
 		return err
 	}
 
@@ -545,7 +564,7 @@ func (f *ConfigurationFile) parsePropertiesFile(path string) error {
 	}
 
 	// Open the file for writing.
-	w, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0644)
+	w, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o644)
 	if err != nil {
 		return err
 	}

remote/errors.go

@@ -57,8 +57,7 @@ func (re *RequestError) StatusCode() int {
 	return re.response.StatusCode
 }
 
-type SftpInvalidCredentialsError struct {
-}
+type SftpInvalidCredentialsError struct{}
 
 func (ice SftpInvalidCredentialsError) Error() string {
 	return "the credentials provided were invalid"

remote/http.go

@@ -3,10 +3,8 @@ package remote
 import (
 	"bytes"
 	"context"
-	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"strconv"
 	"strings"
@@ -15,6 +13,7 @@ import (
 	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/cenkalti/backoff/v4"
+	"github.com/goccy/go-json"
 
 	"github.com/pterodactyl/wings/system"
 )
@@ -224,9 +223,9 @@ func (r *Response) Read() ([]byte, error) {
 		return nil, errors.New("remote: attempting to read missing response")
 	}
 	if r.Response.Body != nil {
-		b, _ = ioutil.ReadAll(r.Response.Body)
+		b, _ = io.ReadAll(r.Response.Body)
 	}
-	r.Response.Body = ioutil.NopCloser(bytes.NewBuffer(b))
+	r.Response.Body = io.NopCloser(bytes.NewBuffer(b))
 	return b, nil
 }
 

remote/http_test.go

@@ -87,7 +87,6 @@ func TestPost(t *testing.T) {
 	}
 	c, _ := createTestClient(func(rw http.ResponseWriter, r *http.Request) {
 		assert.Equal(t, http.MethodPost, r.Method)
-
 	})
 	r, err := c.Post(context.Background(), "/test", test)
 	assert.NoError(t, err)

remote/types.go

@@ -1,11 +1,11 @@
 package remote
 
 import (
-	"encoding/json"
 	"regexp"
 	"strings"
 
 	"github.com/apex/log"
+	"github.com/goccy/go-json"
 
 	"github.com/pterodactyl/wings/parser"
 )

router/downloader/downloader.go

@@ -2,7 +2,6 @@ package downloader
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"io"
 	"net"
@@ -15,6 +14,7 @@ import (
 
 	"emperror.dev/errors"
 	"github.com/google/uuid"
+	"github.com/goccy/go-json"
 
 	"github.com/pterodactyl/wings/server"
 )

router/middleware/middleware.go

@@ -218,19 +218,29 @@ func CaptureErrors() gin.HandlerFunc {
 // SetAccessControlHeaders sets the access request control headers on all of
 // the requests.
 func SetAccessControlHeaders() gin.HandlerFunc {
-	origins := config.Get().AllowedOrigins
-	location := config.Get().PanelLocation
+	cfg := config.Get()
+	origins := cfg.AllowedOrigins
+	location := cfg.PanelLocation
+	allowPrivateNetwork := cfg.AllowCORSPrivateNetwork
 
 	return func(c *gin.Context) {
+		c.Header("Access-Control-Allow-Origin", location)
 		c.Header("Access-Control-Allow-Credentials", "true")
 		c.Header("Access-Control-Allow-Methods", "GET, POST, PATCH, PUT, DELETE, OPTIONS")
+		c.Header("Access-Control-Allow-Headers", "Accept, Accept-Encoding, Authorization, Cache-Control, Content-Type, Content-Length, Origin, X-Real-IP, X-CSRF-Token")
+
+		// CORS for Private Networks (RFC1918)
+		// @see https://developer.chrome.com/blog/private-network-access-update/?utm_source=devtools
+		if allowPrivateNetwork {
+			c.Header("Access-Control-Request-Private-Network", "true")
+		}
+
 		// Maximum age allowable under Chromium v76 is 2 hours, so just use that since
 		// anything higher will be ignored (even if other browsers do allow higher values).
 		//
 		// @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age#Directives
 		c.Header("Access-Control-Max-Age", "7200")
-		c.Header("Access-Control-Allow-Origin", location)
-		c.Header("Access-Control-Allow-Headers", "Accept, Accept-Encoding, Authorization, Cache-Control, Content-Type, Content-Length, Origin, X-Real-IP, X-CSRF-Token")
+
 		// Validate that the request origin is coming from an allowed origin. Because you
 		// cannot set multiple values here we need to see if the origin is one of the ones
 		// that we allow, and if so return it explicitly. Otherwise, just return the default

router/router_server.go

@@ -52,7 +52,8 @@ func postServerPower(c *gin.Context) {
 	s := ExtractServer(c)
 
 	var data struct {
-		Action server.PowerAction `json:"action"`
+		Action      server.PowerAction `json:"action"`
+		WaitSeconds int                `json:"wait_seconds"`
 	}
 
 	if err := c.BindJSON(&data); err != nil {
@@ -83,12 +84,16 @@ func postServerPower(c *gin.Context) {
 	// we can immediately return a response from the server. Some of these actions
 	// can take quite some time, especially stopping or restarting.
 	go func(s *server.Server) {
-		if err := s.HandlePowerAction(data.Action, 30); err != nil {
+		if data.WaitSeconds < 0 || data.WaitSeconds > 300 {
+			data.WaitSeconds = 30
+		}
+		if err := s.HandlePowerAction(data.Action, data.WaitSeconds); err != nil {
 			if errors.Is(err, context.DeadlineExceeded) {
-				s.Log().WithField("action", data.Action).
-					Warn("could not acquire a lock while attempting to perform a power action")
+				s.Log().WithField("action", data.Action).WithField("error", err).Warn("could not process server power action")
+			} else if errors.Is(err, server.ErrIsRunning) {
+				// Do nothing, this isn't something we care about for logging,
 			} else {
-				s.Log().WithFields(log.Fields{"action": data, "error": err}).
+				s.Log().WithFields(log.Fields{"action": data.Action, "wait_seconds": data.WaitSeconds, "error": err}).
 					Error("encountered error processing a server power action in the background")
 			}
 		}
@@ -182,13 +187,7 @@ func deleteServer(c *gin.Context) {
 	// Immediately suspend the server to prevent a user from attempting
 	// to start it while this process is running.
 	s.Config().SetSuspended(true)
-
-	// Stop all running background tasks for this server that are using the context on
-	// the server struct. This will cancel any running install processes for the server
-	// as well.
-	s.CtxCancel()
-	s.Events().Destroy()
-	s.Websockets().CancelAll()
+	s.CleanupForDestroy()
 
 	// Remove any pending remote file downloads for the server.
 	for _, dl := range downloader.ByServer(s.ID()) {

router/router_server_ws.go

@@ -2,11 +2,11 @@ package router
 
 import (
 	"context"
-	"encoding/json"
 	"time"
 
 	"github.com/gin-gonic/gin"
 	ws "github.com/gorilla/websocket"
+	"github.com/goccy/go-json"
 
 	"github.com/pterodactyl/wings/router/middleware"
 	"github.com/pterodactyl/wings/router/websocket"

router/router_system.go

@@ -103,15 +103,17 @@ func postUpdateConfiguration(c *gin.Context) {
 	if err := c.BindJSON(&cfg); err != nil {
 		return
 	}
+
 	// Keep the SSL certificates the same since the Panel will send through Lets Encrypt
 	// default locations. However, if we picked a different location manually we don't
 	// want to override that.
 	//
 	// If you pass through manual locations in the API call this logic will be skipped.
 	if strings.HasPrefix(cfg.Api.Ssl.KeyFile, "/etc/letsencrypt/live/") {
-		cfg.Api.Ssl.KeyFile = strings.ToLower(config.Get().Api.Ssl.KeyFile)
-		cfg.Api.Ssl.CertificateFile = strings.ToLower(config.Get().Api.Ssl.CertificateFile)
+		cfg.Api.Ssl.KeyFile = config.Get().Api.Ssl.KeyFile
+		cfg.Api.Ssl.CertificateFile = config.Get().Api.Ssl.CertificateFile
 	}
+
 	// Try to write this new configuration to the disk before updating our global
 	// state with it.
 	if err := config.WriteToDisk(cfg); err != nil {

router/tokens/websocket.go

@@ -1,13 +1,13 @@
 package tokens
 
 import (
-	"encoding/json"
 	"strings"
 	"sync"
 	"time"
 
 	"github.com/apex/log"
 	"github.com/gbrlsnchs/jwt/v3"
+	"github.com/goccy/go-json"
 )
 
 // The time at which Wings was booted. No JWT's created before this time are allowed to

router/websocket/listeners.go

@@ -6,6 +6,8 @@ import (
 	"time"
 
 	"emperror.dev/errors"
+	"github.com/goccy/go-json"
+
 	"github.com/pterodactyl/wings/events"
 	"github.com/pterodactyl/wings/server"
 )
@@ -35,7 +37,6 @@ func (h *Handler) registerListenerEvents(ctx context.Context) {
 	go h.listenForExpiration(ctx)
 }
 
-
 // ListenForExpiration checks the time to expiration on the JWT every 30 seconds
 // until the token has expired. If we are within 3 minutes of the token expiring,
 // send a notice over the socket that it is expiring soon. If it has expired,
@@ -54,9 +55,9 @@ func (h *Handler) listenForExpiration(ctx context.Context) {
 			jwt := h.GetJwt()
 			if jwt != nil {
 				if jwt.ExpirationTime.Unix()-time.Now().Unix() <= 0 {
-					_ = h.SendJson(&Message{Event: TokenExpiredEvent})
+					_ = h.SendJson(Message{Event: TokenExpiredEvent})
 				} else if jwt.ExpirationTime.Unix()-time.Now().Unix() <= 60 {
-					_ = h.SendJson(&Message{Event: TokenExpiringEvent})
+					_ = h.SendJson(Message{Event: TokenExpiringEvent})
 				}
 			}
 		}
@@ -80,38 +81,77 @@ var e = []string{
 // ListenForServerEvents will listen for different events happening on a server
 // and send them along to the connected websocket client. This function will
 // block until the context provided to it is canceled.
-func (h *Handler) listenForServerEvents(pctx context.Context) error {
+func (h *Handler) listenForServerEvents(ctx context.Context) error {
 	var o sync.Once
 	var err error
-	ctx, cancel := context.WithCancel(pctx)
 
-	callback := func(e events.Event) {
-		if sendErr := h.SendJson(&Message{Event: e.Topic, Args: []string{e.Data}}); sendErr != nil {
-			h.Logger().WithField("event", e.Topic).WithField("error", sendErr).Error("failed to send event over server websocket")
-			// Avoid race conditions by only setting the error once and then canceling
-			// the context. This way if additional processing errors come through due
-			// to a massive flood of things you still only report and stop at the first.
-			o.Do(func() {
-				err = sendErr
-				cancel()
-			})
-		}
+	ctx, cancel := context.WithCancel(ctx)
+	defer cancel()
+
+	eventChan := make(chan events.Event)
+	logOutput := make(chan []byte)
+	installOutput := make(chan []byte)
+	h.server.Events().On(eventChan, e...)
+	h.server.Sink(server.LogSink).On(logOutput)
+	h.server.Sink(server.InstallSink).On(installOutput)
+
+	onError := func(evt string, err2 error) {
+		h.Logger().WithField("event", evt).WithField("error", err2).Error("failed to send event over server websocket")
+		// Avoid race conditions by only setting the error once and then canceling
+		// the context. This way if additional processing errors come through due
+		// to a massive flood of things you still only report and stop at the first.
+		o.Do(func() {
+			err = err2
+		})
+		cancel()
 	}
 
-	// Subscribe to all of the events with the same callback that will push the
-	// data out over the websocket for the server.
-	for _, evt := range e {
-		h.server.Events().On(evt, &callback)
+	for {
+		select {
+		case <-ctx.Done():
+			break
+		case e := <-logOutput:
+			sendErr := h.SendJson(Message{Event: server.ConsoleOutputEvent, Args: []string{string(e)}})
+			if sendErr == nil {
+				continue
+			}
+			onError(server.ConsoleOutputEvent, sendErr)
+		case e := <-installOutput:
+			sendErr := h.SendJson(Message{Event: server.InstallOutputEvent, Args: []string{string(e)}})
+			if sendErr == nil {
+				continue
+			}
+			onError(server.InstallOutputEvent, sendErr)
+		case e := <-eventChan:
+			var sendErr error
+			message := Message{Event: e.Topic}
+			if str, ok := e.Data.(string); ok {
+				message.Args = []string{str}
+			} else if b, ok := e.Data.([]byte); ok {
+				message.Args = []string{string(b)}
+			} else {
+				b, sendErr = json.Marshal(e.Data)
+				if sendErr == nil {
+					message.Args = []string{string(b)}
+				}
+			}
+
+			if sendErr == nil {
+				sendErr = h.SendJson(message)
+				if sendErr == nil {
+					continue
+				}
+			}
+			onError(message.Event, sendErr)
+		}
+		break
 	}
 
-	// When this function returns de-register all of the event listeners.
-	defer func() {
-		for _, evt := range e {
-			h.server.Events().Off(evt, &callback)
-		}
-	}()
+	// These functions will automatically close the channel if it hasn't been already.
+	h.server.Events().Off(eventChan, e...)
+	h.server.Sink(server.LogSink).Off(logOutput)
+	h.server.Sink(server.InstallSink).Off(installOutput)
 
-	<-ctx.Done()
 	// If the internal context is stopped it is either because the parent context
 	// got canceled or because we ran into an error. If the "err" variable is nil
 	// we can assume the parent was canceled and need not perform any actions.

router/websocket/websocket.go

@@ -2,7 +2,6 @@ package websocket
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"net/http"
 	"strings"
@@ -14,6 +13,7 @@ import (
 	"github.com/gbrlsnchs/jwt/v3"
 	"github.com/google/uuid"
 	"github.com/gorilla/websocket"
+	"github.com/goccy/go-json"
 
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/environment"
@@ -122,18 +122,17 @@ func (h *Handler) Logger() *log.Entry {
 		WithField("server", h.server.ID())
 }
 
-func (h *Handler) SendJson(v *Message) error {
+func (h *Handler) SendJson(v Message) error {
 	// Do not send JSON down the line if the JWT on the connection is not valid!
 	if err := h.TokenValid(); err != nil {
-		h.unsafeSendJson(Message{
+		_ = h.unsafeSendJson(Message{
 			Event: JwtErrorEvent,
 			Args:  []string{err.Error()},
 		})
 		return nil
 	}
 
-	j := h.GetJwt()
-	if j != nil {
+	if j := h.GetJwt(); j != nil {
 		// If we're sending installation output but the user does not have the required
 		// permissions to see the output, don't send it down the line.
 		if v.Event == server.InstallOutputEvent {
@@ -297,7 +296,7 @@ func (h *Handler) HandleInbound(ctx context.Context, m Message) error {
 			h.setJwt(token)
 
 			// Tell the client they authenticated successfully.
-			h.unsafeSendJson(Message{Event: AuthenticationSuccessEvent})
+			_ = h.unsafeSendJson(Message{Event: AuthenticationSuccessEvent})
 
 			// Check if the client was refreshing their authentication token
 			// instead of authenticating for the first time.
@@ -315,7 +314,7 @@ func (h *Handler) HandleInbound(ctx context.Context, m Message) error {
 			// On every authentication event, send the current server status back
 			// to the client. :)
 			state := h.server.Environment.State()
-			h.SendJson(&Message{
+			_ = h.SendJson(Message{
 				Event: server.StatusEvent,
 				Args:  []string{state},
 			})
@@ -327,7 +326,7 @@ func (h *Handler) HandleInbound(ctx context.Context, m Message) error {
 					_ = h.server.Filesystem().HasSpaceAvailable(false)
 
 					b, _ := json.Marshal(h.server.Proc())
-					h.SendJson(&Message{
+					_ = h.SendJson(Message{
 						Event: server.StatsEvent,
 						Args:  []string{string(b)},
 					})
@@ -357,7 +356,7 @@ func (h *Handler) HandleInbound(ctx context.Context, m Message) error {
 			if errors.Is(err, context.DeadlineExceeded) {
 				m, _ := h.GetErrorMessage("another power action is currently being processed for this server, please try again later")
 
-				h.SendJson(&Message{
+				_ = h.SendJson(Message{
 					Event: ErrorEvent,
 					Args:  []string{m},
 				})
@@ -369,7 +368,7 @@ func (h *Handler) HandleInbound(ctx context.Context, m Message) error {
 		}
 	case SendServerLogsEvent:
 		{
-			ctx, cancel := context.WithTimeout(context.Background(), time.Second * 5)
+			ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
 			defer cancel()
 			if running, _ := h.server.Environment.IsRunning(ctx); !running {
 				return nil
@@ -381,7 +380,7 @@ func (h *Handler) HandleInbound(ctx context.Context, m Message) error {
 			}
 
 			for _, line := range logs {
-				h.SendJson(&Message{
+				_ = h.SendJson(Message{
 					Event: server.ConsoleOutputEvent,
 					Args:  []string{line},
 				})
@@ -392,7 +391,7 @@ func (h *Handler) HandleInbound(ctx context.Context, m Message) error {
 	case SendStatsEvent:
 		{
 			b, _ := json.Marshal(h.server.Proc())
-			h.SendJson(&Message{
+			_ = h.SendJson(Message{
 				Event: server.StatsEvent,
 				Args:  []string{string(b)},
 			})

rpm/ptero-wings.spec

@@ -1,5 +1,5 @@
 Name:       ptero-wings
-Version:    1.5.0
+Version:    1.5.3
 Release:    1%{?dist}
 Summary:    The server control plane for Pterodactyl Panel. Written from the ground-up with security, speed, and stability in mind.
 BuildArch:  x86_64
@@ -91,6 +91,13 @@ rm -rf /var/log/pterodactyl
 wings --version
 
 %changelog
+* Wed Oct 27 2021 Capitol Hosting Solutions Systems Engineering <syseng@chs.gg> - 1.5.3-1
+- specfile by Capitol Hosting Solutions, Upstream by Pterodactyl
+- Rebased for https://github.com/pterodactyl/wings/releases/tag/v1.5.3
+- Fixes improper event registration and error handling during socket authentication that would cause the incorrect error message to be returned to the client, or no error in some scenarios. Event registration is now delayed until the socket is fully authenticated to ensure needless listeners are not registed.
+- Fixes dollar signs always being evaluated as environment variables with no way to escape them. They can now be escaped as $$ which will transform into a single dollar sign.
+- A websocket connection to a server will be closed by Wings if there is a send error encountered and the client will be left to handle reconnections, rather than simply logging the error and continuing to listen for new events.
+
 * Sun Sep 12 2021 Capitol Hosting Solutions Systems Engineering <syseng@chs.gg> - 1.5.0-1
 - specfile by Capitol Hosting Solutions, Upstream by Pterodactyl
 - Rebased for https://github.com/pterodactyl/wings/releases/tag/v1.5.0

server/backup.go

@@ -3,7 +3,6 @@ package server
 import (
 	"io"
 	"io/fs"
-	"io/ioutil"
 	"os"
 	"time"
 
@@ -49,7 +48,7 @@ func (s *Server) getServerwideIgnoredFiles() (string, error) {
 		// Don't read a symlinked ignore file, or a file larger than 32KiB in size.
 		return "", nil
 	}
-	b, err := ioutil.ReadAll(f)
+	b, err := io.ReadAll(f)
 	if err != nil {
 		return "", err
 	}
@@ -80,7 +79,7 @@ func (s *Server) Backup(b backup.BackupInterface) error {
 			s.Log().WithField("backup", b.Identifier()).Info("notified panel of failed backup state")
 		}
 
-		_ = s.Events().PublishJson(BackupCompletedEvent+":"+b.Identifier(), map[string]interface{}{
+		s.Events().Publish(BackupCompletedEvent+":"+b.Identifier(), map[string]interface{}{
 			"uuid":          b.Identifier(),
 			"is_successful": false,
 			"checksum":      "",
@@ -104,7 +103,7 @@ func (s *Server) Backup(b backup.BackupInterface) error {
 
 	// Emit an event over the socket so we can update the backup in realtime on
 	// the frontend for the server.
-	_ = s.Events().PublishJson(BackupCompletedEvent+":"+b.Identifier(), map[string]interface{}{
+	s.Events().Publish(BackupCompletedEvent+":"+b.Identifier(), map[string]interface{}{
 		"uuid":          b.Identifier(),
 		"is_successful": true,
 		"checksum":      ad.Checksum,

server/errors.go

@@ -12,8 +12,7 @@ var (
 	ErrServerIsRestoring    = errors.New("server is currently being restored")
 )
 
-type crashTooFrequent struct {
-}
+type crashTooFrequent struct{}
 
 func (e *crashTooFrequent) Error() string {
 	return "server has crashed too soon after the last detected crash"
@@ -25,8 +24,7 @@ func IsTooFrequentCrashError(err error) bool {
 	return ok
 }
 
-type serverDoesNotExist struct {
-}
+type serverDoesNotExist struct{}
 
 func (e *serverDoesNotExist) Error() string {
 	return "server does not exist on remote system"

server/events.go

@@ -21,12 +21,12 @@ const (
 )
 
 // Returns the server's emitter instance.
-func (s *Server) Events() *events.EventBus {
+func (s *Server) Events() *events.Bus {
 	s.emitterLock.Lock()
 	defer s.emitterLock.Unlock()
 
 	if s.emitter == nil {
-		s.emitter = events.New()
+		s.emitter = events.NewBus()
 	}
 
 	return s.emitter

server/filesystem/archive.go

@@ -45,7 +45,7 @@ type Archive struct {
 // Create creates an archive at dst with all of the files defined in the
 // included files struct.
 func (a *Archive) Create(dst string) error {
-	f, err := os.OpenFile(dst, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	f, err := os.OpenFile(dst, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o600)
 	if err != nil {
 		return err
 	}

server/filesystem/compress_test.go

@@ -1,7 +1,7 @@
 package filesystem
 
 import (
-	"io/ioutil"
+	"os"
 	"sync/atomic"
 	"testing"
 
@@ -19,11 +19,10 @@ func TestFilesystem_DecompressFile(t *testing.T) {
 	fs, rfs := NewFs()
 
 	g.Describe("Decompress", func() {
-
 		for _, ext := range []string{"zip", "rar", "tar", "tar.gz"} {
 			g.It("can decompress a "+ext, func() {
 				// copy the file to the new FS
-				c, err := ioutil.ReadFile("./testdata/test." + ext)
+				c, err := os.ReadFile("./testdata/test." + ext)
 				g.Assert(err).IsNil()
 				err = rfs.CreateServerFile("./test."+ext, c)
 				g.Assert(err).IsNil()

server/filesystem/filesystem.go

@@ -85,7 +85,7 @@ func (fs *Filesystem) Touch(p string, flag int) (*os.File, error) {
 	if err != nil {
 		return nil, err
 	}
-	f, err := os.OpenFile(cleaned, flag, 0644)
+	f, err := os.OpenFile(cleaned, flag, 0o644)
 	if err == nil {
 		return f, nil
 	}
@@ -97,7 +97,7 @@ func (fs *Filesystem) Touch(p string, flag int) (*os.File, error) {
 	if _, err := os.Stat(filepath.Dir(cleaned)); errors.Is(err, os.ErrNotExist) {
 		// Create the path leading up to the file we're trying to create, setting the final perms
 		// on it as we go.
-		if err := os.MkdirAll(filepath.Dir(cleaned), 0755); err != nil {
+		if err := os.MkdirAll(filepath.Dir(cleaned), 0o755); err != nil {
 			return nil, errors.Wrap(err, "server/filesystem: touch: failed to create directory tree")
 		}
 		if err := fs.Chown(filepath.Dir(cleaned)); err != nil {
@@ -107,7 +107,7 @@ func (fs *Filesystem) Touch(p string, flag int) (*os.File, error) {
 	o := &fileOpener{}
 	// Try to open the file now that we have created the pathing necessary for it, and then
 	// Chown that file so that the permissions don't mess with things.
-	f, err = o.open(cleaned, flag, 0644)
+	f, err = o.open(cleaned, flag, 0o644)
 	if err != nil {
 		return nil, errors.Wrap(err, "server/filesystem: touch: failed to open file with wait")
 	}
@@ -181,7 +181,7 @@ func (fs *Filesystem) CreateDirectory(name string, p string) error {
 	if err != nil {
 		return err
 	}
-	return os.MkdirAll(cleaned, 0755)
+	return os.MkdirAll(cleaned, 0o755)
 }
 
 // Moves (or renames) a file or directory.
@@ -210,7 +210,7 @@ func (fs *Filesystem) Rename(from string, to string) error {
 	// Ensure that the directory we're moving into exists correctly on the system. Only do this if
 	// we're not at the root directory level.
 	if d != fs.Path() {
-		if mkerr := os.MkdirAll(d, 0755); mkerr != nil {
+		if mkerr := os.MkdirAll(d, 0o755); mkerr != nil {
 			return errors.WithMessage(mkerr, "failed to create directory structure for file rename")
 		}
 	}
@@ -377,7 +377,7 @@ func (fs *Filesystem) TruncateRootDirectory() error {
 	if err := os.RemoveAll(fs.Path()); err != nil {
 		return err
 	}
-	if err := os.Mkdir(fs.Path(), 0755); err != nil {
+	if err := os.Mkdir(fs.Path(), 0o755); err != nil {
 		return err
 	}
 	atomic.StoreInt64(&fs.diskUsed, 0)
@@ -485,7 +485,7 @@ func (fs *Filesystem) ListDirectory(p string) ([]Stat, error) {
 			defer wg.Done()
 
 			var m *mimetype.MIME
-			var d = "inode/directory"
+			d := "inode/directory"
 			if !f.IsDir() {
 				cleanedp := filepath.Join(cleaned, f.Name())
 				if f.Mode()&os.ModeSymlink != 0 {

server/filesystem/filesystem_test.go

@@ -3,7 +3,6 @@ package filesystem
 import (
 	"bytes"
 	"errors"
-	"io/ioutil"
 	"math/rand"
 	"os"
 	"path/filepath"
@@ -25,7 +24,7 @@ func NewFs() (*Filesystem, *rootFs) {
 		},
 	})
 
-	tmpDir, err := ioutil.TempDir(os.TempDir(), "pterodactyl")
+	tmpDir, err := os.MkdirTemp(os.TempDir(), "pterodactyl")
 	if err != nil {
 		panic(err)
 	}
@@ -71,7 +70,7 @@ func (rfs *rootFs) reset() {
 		}
 	}
 
-	if err := os.Mkdir(filepath.Join(rfs.root, "/server"), 0755); err != nil {
+	if err := os.Mkdir(filepath.Join(rfs.root, "/server"), 0o755); err != nil {
 		panic(err)
 	}
 }
@@ -99,7 +98,7 @@ func TestFilesystem_Readfile(t *testing.T) {
 		})
 
 		g.It("returns an error if the \"file\" is a directory", func() {
-			err := os.Mkdir(filepath.Join(rfs.root, "/server/test.txt"), 0755)
+			err := os.Mkdir(filepath.Join(rfs.root, "/server/test.txt"), 0o755)
 			g.Assert(err).IsNil()
 
 			err = fs.Readfile("test.txt", buf)
@@ -341,7 +340,7 @@ func TestFilesystem_Rename(t *testing.T) {
 		})
 
 		g.It("allows a folder to be renamed", func() {
-			err := os.Mkdir(filepath.Join(rfs.root, "/server/source_dir"), 0755)
+			err := os.Mkdir(filepath.Join(rfs.root, "/server/source_dir"), 0o755)
 			g.Assert(err).IsNil()
 
 			err = fs.Rename("source_dir", "target_dir")
@@ -405,7 +404,7 @@ func TestFilesystem_Copy(t *testing.T) {
 		})
 
 		g.It("should return an error if the source directory is outside the root", func() {
-			err := os.MkdirAll(filepath.Join(rfs.root, "/nested/in/dir"), 0755)
+			err := os.MkdirAll(filepath.Join(rfs.root, "/nested/in/dir"), 0o755)
 			g.Assert(err).IsNil()
 
 			err = rfs.CreateServerFileFromString("/../nested/in/dir/ext-source.txt", "external content")
@@ -421,7 +420,7 @@ func TestFilesystem_Copy(t *testing.T) {
 		})
 
 		g.It("should return an error if the source is a directory", func() {
-			err := os.Mkdir(filepath.Join(rfs.root, "/server/dir"), 0755)
+			err := os.Mkdir(filepath.Join(rfs.root, "/server/dir"), 0o755)
 			g.Assert(err).IsNil()
 
 			err = fs.Copy("dir")
@@ -466,7 +465,7 @@ func TestFilesystem_Copy(t *testing.T) {
 		})
 
 		g.It("should create a copy inside of a directory", func() {
-			err := os.MkdirAll(filepath.Join(rfs.root, "/server/nested/in/dir"), 0755)
+			err := os.MkdirAll(filepath.Join(rfs.root, "/server/nested/in/dir"), 0o755)
 			g.Assert(err).IsNil()
 
 			err = rfs.CreateServerFileFromString("nested/in/dir/source.txt", "test content")
@@ -545,7 +544,7 @@ func TestFilesystem_Delete(t *testing.T) {
 				"foo/bar/baz/source.txt",
 			}
 
-			err := os.MkdirAll(filepath.Join(rfs.root, "/server/foo/bar/baz"), 0755)
+			err := os.MkdirAll(filepath.Join(rfs.root, "/server/foo/bar/baz"), 0o755)
 			g.Assert(err).IsNil()
 
 			for _, s := range sources {

server/filesystem/path.go

@@ -115,8 +115,8 @@ func (fs *Filesystem) ParallelSafePath(paths []string) ([]string, error) {
 	var cleaned []string
 
 	// Simple locker function to avoid racy appends to the array of cleaned paths.
-	var m = new(sync.Mutex)
-	var push = func(c string) {
+	m := new(sync.Mutex)
+	push := func(c string) {
 		m.Lock()
 		cleaned = append(cleaned, c)
 		m.Unlock()

server/filesystem/path_test.go

@@ -107,7 +107,7 @@ func TestFilesystem_Blocks_Symlinks(t *testing.T) {
 		panic(err)
 	}
 
-	if err := os.Mkdir(filepath.Join(rfs.root, "/malicious_dir"), 0777); err != nil {
+	if err := os.Mkdir(filepath.Join(rfs.root, "/malicious_dir"), 0o777); err != nil {
 		panic(err)
 	}
 

server/filesystem/stat.go

@@ -1,12 +1,12 @@
 package filesystem
 
 import (
-	"encoding/json"
 	"os"
 	"strconv"
 	"time"
 
 	"github.com/gabriel-vasile/mimetype"
+	"github.com/goccy/go-json"
 )
 
 type Stat struct {

server/install.go

@@ -215,11 +215,11 @@ func (ip *InstallationProcess) tempDir() string {
 func (ip *InstallationProcess) writeScriptToDisk() error {
 	// Make sure the temp directory root exists before trying to make a directory within it. The
 	// ioutil.TempDir call expects this base to exist, it won't create it for you.
-	if err := os.MkdirAll(ip.tempDir(), 0700); err != nil {
+	if err := os.MkdirAll(ip.tempDir(), 0o700); err != nil {
 		return errors.WithMessage(err, "could not create temporary directory for install process")
 	}
 
-	f, err := os.OpenFile(filepath.Join(ip.tempDir(), "install.sh"), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)
+	f, err := os.OpenFile(filepath.Join(ip.tempDir(), "install.sh"), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o644)
 	if err != nil {
 		return errors.WithMessage(err, "failed to write server installation script to disk before mount")
 	}
@@ -350,7 +350,7 @@ func (ip *InstallationProcess) AfterExecute(containerId string) error {
 		return err
 	}
 
-	f, err := os.OpenFile(ip.GetLogPath(), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	f, err := os.OpenFile(ip.GetLogPath(), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o600)
 	if err != nil {
 		return err
 	}
@@ -507,25 +507,21 @@ func (ip *InstallationProcess) Execute() (string, error) {
 	return r.ID, nil
 }
 
-// Streams the output of the installation process to a log file in the server configuration
-// directory, as well as to a websocket listener so that the process can be viewed in
-// the panel by administrators.
+// StreamOutput streams the output of the installation process to a log file in
+// the server configuration directory, as well as to a websocket listener so
+// that the process can be viewed in the panel by administrators.
 func (ip *InstallationProcess) StreamOutput(ctx context.Context, id string) error {
 	reader, err := ip.client.ContainerLogs(ctx, id, types.ContainerLogsOptions{
 		ShowStdout: true,
 		ShowStderr: true,
 		Follow:     true,
 	})
-
 	if err != nil {
 		return err
 	}
 	defer reader.Close()
 
-	evts := ip.Server.Events()
-	err = system.ScanReader(reader, func(line string) {
-		evts.Publish(InstallOutputEvent, line)
-	})
+	err = system.ScanReader(reader, ip.Server.Sink(InstallSink).Push)
 	if err != nil {
 		ip.Server.Log().WithFields(log.Fields{"container_id": id, "error": err}).Warn("error processing install output lines")
 	}

server/listeners.go

@@ -1,7 +1,6 @@
 package server
 
 import (
-	"encoding/json"
 	"regexp"
 	"strconv"
 	"sync"
@@ -51,99 +50,103 @@ func (dsl *diskSpaceLimiter) Trigger() {
 	})
 }
 
+func (s *Server) processConsoleOutputEvent(v []byte) {
+	t := s.Throttler()
+	err := t.Increment(func() {
+		s.PublishConsoleOutputFromDaemon("Your server is outputting too much data and is being throttled.")
+	})
+	// An error is only returned if the server has breached the thresholds set.
+	if err != nil {
+		// If the process is already stopping, just let it continue with that action rather than attempting
+		// to terminate again.
+		if s.Environment.State() != environment.ProcessStoppingState {
+			s.Environment.SetState(environment.ProcessStoppingState)
+
+			go func() {
+				s.Log().Warn("stopping server instance, violating throttle limits")
+				s.PublishConsoleOutputFromDaemon("Your server is being stopped for outputting too much data in a short period of time.")
+
+				// Completely skip over server power actions and terminate the running instance. This gives the
+				// server 15 seconds to finish stopping gracefully before it is forcefully terminated.
+				if err := s.Environment.WaitForStop(config.Get().Throttles.StopGracePeriod, true); err != nil {
+					// If there is an error set the process back to running so that this throttler is called
+					// again and hopefully kills the server.
+					if s.Environment.State() != environment.ProcessOfflineState {
+						s.Environment.SetState(environment.ProcessRunningState)
+					}
+
+					s.Log().WithField("error", err).Error("failed to terminate environment after triggering throttle")
+				}
+			}()
+		}
+	}
+
+	// If we are not throttled, go ahead and output the data.
+	if !t.Throttled() {
+		s.Sink(LogSink).Push(v)
+	}
+
+	// Also pass the data along to the console output channel.
+	s.onConsoleOutput(string(v))
+}
+
 // StartEventListeners adds all the internal event listeners we want to use for a server. These listeners can only be
 // removed by deleting the server as they should last for the duration of the process' lifetime.
 func (s *Server) StartEventListeners() {
-	console := func(e events.Event) {
-		t := s.Throttler()
-		err := t.Increment(func() {
-			s.PublishConsoleOutputFromDaemon("Your server is outputting too much data and is being throttled.")
-		})
+	state := make(chan events.Event)
+	stats := make(chan events.Event)
+	docker := make(chan events.Event)
 
-		// An error is only returned if the server has breached the thresholds set.
-		if err != nil {
-			// If the process is already stopping, just let it continue with that action rather than attempting
-			// to terminate again.
-			if s.Environment.State() != environment.ProcessStoppingState {
-				s.Environment.SetState(environment.ProcessStoppingState)
+	go func() {
+		l := newDiskLimiter(s)
 
+		for {
+			select {
+			case e := <-state:
 				go func() {
-					s.Log().Warn("stopping server instance, violating throttle limits")
-					s.PublishConsoleOutputFromDaemon("Your server is being stopped for outputting too much data in a short period of time.")
+					// Reset the throttler when the process is started.
+					if e.Data == environment.ProcessStartingState {
+						l.Reset()
+						s.Throttler().Reset()
+					}
 
-					// Completely skip over server power actions and terminate the running instance. This gives the
-					// server 15 seconds to finish stopping gracefully before it is forcefully terminated.
-					if err := s.Environment.WaitForStop(config.Get().Throttles.StopGracePeriod, true); err != nil {
-						// If there is an error set the process back to running so that this throttler is called
-						// again and hopefully kills the server.
-						if s.Environment.State() != environment.ProcessOfflineState {
-							s.Environment.SetState(environment.ProcessRunningState)
-						}
+					s.OnStateChange()
+				}()
+			case e := <-stats:
+				go func() {
+					// Update the server resource tracking object with the resources we got here.
+					s.resources.mu.Lock()
+					s.resources.Stats = e.Data.(environment.Stats)
+					s.resources.mu.Unlock()
 
-						s.Log().WithField("error", err).Error("failed to terminate environment after triggering throttle")
+					// If there is no disk space available at this point, trigger the server disk limiter logic
+					// which will start to stop the running instance.
+					if !s.Filesystem().HasSpaceAvailable(true) {
+						l.Trigger()
+					}
+
+					s.Events().Publish(StatsEvent, s.Proc())
+				}()
+			case e := <-docker:
+				go func() {
+					switch e.Topic {
+					case environment.DockerImagePullStatus:
+						s.Events().Publish(InstallOutputEvent, e.Data)
+					case environment.DockerImagePullStarted:
+						s.PublishConsoleOutputFromDaemon("Pulling Docker container image, this could take a few minutes to complete...")
+					default:
+						s.PublishConsoleOutputFromDaemon("Finished pulling Docker container image")
 					}
 				}()
 			}
 		}
-
-		// If we are not throttled, go ahead and output the data.
-		if !t.Throttled() {
-			s.Events().Publish(ConsoleOutputEvent, e.Data)
-		}
-
-		// Also pass the data along to the console output channel.
-		s.onConsoleOutput(e.Data)
-	}
-
-	l := newDiskLimiter(s)
-	state := func(e events.Event) {
-		// Reset the throttler when the process is started.
-		if e.Data == environment.ProcessStartingState {
-			l.Reset()
-			s.Throttler().Reset()
-		}
-
-		s.OnStateChange()
-	}
-
-	stats := func(e events.Event) {
-		var st environment.Stats
-		if err := json.Unmarshal([]byte(e.Data), &st); err != nil {
-			s.Log().WithField("error", err).Warn("failed to unmarshal server environment stats")
-			return
-		}
-
-		// Update the server resource tracking object with the resources we got here.
-		s.resources.mu.Lock()
-		s.resources.Stats = st
-		s.resources.mu.Unlock()
-
-		// If there is no disk space available at this point, trigger the server disk limiter logic
-		// which will start to stop the running instance.
-		if !s.Filesystem().HasSpaceAvailable(true) {
-			l.Trigger()
-		}
-
-		s.emitProcUsage()
-	}
-
-	docker := func(e events.Event) {
-		if e.Topic == environment.DockerImagePullStatus {
-			s.Events().Publish(InstallOutputEvent, e.Data)
-		} else if e.Topic == environment.DockerImagePullStarted {
-			s.PublishConsoleOutputFromDaemon("Pulling Docker container image, this could take a few minutes to complete...")
-		} else {
-			s.PublishConsoleOutputFromDaemon("Finished pulling Docker container image")
-		}
-	}
+	}()
 
 	s.Log().Debug("registering event listeners: console, state, resources...")
-	s.Environment.Events().On(environment.ConsoleOutputEvent, &console)
-	s.Environment.Events().On(environment.StateChangeEvent, &state)
-	s.Environment.Events().On(environment.ResourceEvent, &stats)
-	for _, evt := range dockerEvents {
-		s.Environment.Events().On(evt, &docker)
-	}
+	s.Environment.SetLogCallback(s.processConsoleOutputEvent)
+	s.Environment.Events().On(state, environment.StateChangeEvent)
+	s.Environment.Events().On(stats, environment.ResourceEvent)
+	s.Environment.Events().On(docker, dockerEvents...)
 }
 
 var stripAnsiRegex = regexp.MustCompile("[\u001B\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[a-zA-Z\\d]*)*)?\u0007)|(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PRZcf-ntqry=><~]))")

server/manager.go

@@ -2,10 +2,8 @@ package server
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"runtime"
@@ -15,6 +13,7 @@ import (
 	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/gammazero/workerpool"
+	"github.com/goccy/go-json"
 
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/environment"
@@ -137,7 +136,7 @@ func (m *Manager) PersistStates() error {
 	if err != nil {
 		return errors.WithStack(err)
 	}
-	if err := ioutil.WriteFile(config.Get().System.GetStatesPath(), data, 0644); err != nil {
+	if err := os.WriteFile(config.Get().System.GetStatesPath(), data, 0o644); err != nil {
 		return errors.WithStack(err)
 	}
 	return nil
@@ -145,7 +144,7 @@ func (m *Manager) PersistStates() error {
 
 // ReadStates returns the state of the servers.
 func (m *Manager) ReadStates() (map[string]string, error) {
-	f, err := os.OpenFile(config.Get().System.GetStatesPath(), os.O_RDONLY|os.O_CREATE, 0644)
+	f, err := os.OpenFile(config.Get().System.GetStatesPath(), os.O_RDONLY|os.O_CREATE, 0o644)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}

server/power.go

@@ -2,12 +2,13 @@ package server
 
 import (
 	"context"
+	"fmt"
 	"os"
+	"sync"
 	"time"
 
 	"emperror.dev/errors"
-	"golang.org/x/sync/semaphore"
-
+	"github.com/google/uuid"
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/environment"
 )
@@ -40,19 +41,85 @@ func (pa PowerAction) IsStart() bool {
 	return pa == PowerActionStart || pa == PowerActionRestart
 }
 
-// ExecutingPowerAction checks if there is currently a power action being processed for the server.
+type powerLocker struct {
+	mu sync.RWMutex
+	ch chan bool
+}
+
+func newPowerLocker() *powerLocker {
+	return &powerLocker{
+		ch: make(chan bool, 1),
+	}
+}
+
+type errPowerLockerLocked struct{}
+
+func (e errPowerLockerLocked) Error() string {
+	return "cannot acquire a lock on the power state: already locked"
+}
+
+var ErrPowerLockerLocked error = errPowerLockerLocked{}
+
+// IsLocked returns the current state of the locker channel. If there is
+// currently a value in the channel, it is assumed to be locked.
+func (pl *powerLocker) IsLocked() bool {
+	pl.mu.RLock()
+	defer pl.mu.RUnlock()
+	return len(pl.ch) == 1
+}
+
+// Acquire will acquire the power lock if it is not currently locked. If it is
+// already locked, acquire will fail to acquire the lock, and will return false.
+func (pl *powerLocker) Acquire() error {
+	pl.mu.Lock()
+	defer pl.mu.Unlock()
+	if len(pl.ch) == 1 {
+		return errors.WithStack(ErrPowerLockerLocked)
+	}
+	pl.ch <- true
+	return nil
+}
+
+// TryAcquire will attempt to acquire a power-lock until the context provided
+// is canceled.
+func (pl *powerLocker) TryAcquire(ctx context.Context) error {
+	select {
+	case pl.ch <- true:
+		return nil
+	case <-ctx.Done():
+		if err := ctx.Err(); err != nil {
+			return errors.WithStack(err)
+		}
+		return nil
+	}
+}
+
+// Release will drain the locker channel so that we can properly re-acquire it
+// at a later time.
+func (pl *powerLocker) Release() {
+	pl.mu.Lock()
+	if len(pl.ch) == 1 {
+		<-pl.ch
+	}
+	pl.mu.Unlock()
+}
+
+// Destroy cleans up the power locker by closing the channel.
+func (pl *powerLocker) Destroy() {
+	pl.mu.Lock()
+	if pl.ch != nil {
+		if len(pl.ch) == 1 {
+			<-pl.ch
+		}
+		close(pl.ch)
+	}
+	pl.mu.Unlock()
+}
+
+// ExecutingPowerAction checks if there is currently a power action being
+// processed for the server.
 func (s *Server) ExecutingPowerAction() bool {
-	if s.powerLock == nil {
-		return false
-	}
-
-	ok := s.powerLock.TryAcquire(1)
-	if ok {
-		s.powerLock.Release(1)
-	}
-
-	// Remember, if we acquired a lock it means nothing was running.
-	return !ok
+	return s.powerLock.IsLocked()
 }
 
 // HandlePowerAction is a helper function that can receive a power action and then process the
@@ -63,22 +130,29 @@ func (s *Server) ExecutingPowerAction() bool {
 // function rather than making direct calls to the start/stop/restart functions on the
 // environment struct.
 func (s *Server) HandlePowerAction(action PowerAction, waitSeconds ...int) error {
-	if s.IsInstalling() {
+	if s.IsInstalling() || s.IsTransferring() || s.IsRestoring() {
+		if s.IsRestoring() {
+			return ErrServerIsRestoring
+		} else if s.IsTransferring() {
+			return ErrServerIsTransferring
+		}
 		return ErrServerIsInstalling
 	}
 
-	if s.IsTransferring() {
-		return ErrServerIsTransferring
+	lockId, _ := uuid.NewUUID()
+	log := s.Log().WithField("lock_id", lockId.String()).WithField("action", action)
+
+	cleanup := func() {
+		log.Info("releasing exclusive lock for power action")
+		s.powerLock.Release()
 	}
 
-	if s.IsRestoring() {
-		return ErrServerIsRestoring
-	}
-
-	if s.powerLock == nil {
-		s.powerLock = semaphore.NewWeighted(1)
+	var wait int
+	if len(waitSeconds) > 0 && waitSeconds[0] > 0 {
+		wait = waitSeconds[0]
 	}
 
+	log.WithField("wait_seconds", wait).Debug("acquiring power action lock for instance")
 	// Only attempt to acquire a lock on the process if this is not a termination event. We want to
 	// just allow those events to pass right through for good reason. If a server is currently trying
 	// to process a power action but has gotten stuck you still should be able to pass through the
@@ -87,33 +161,38 @@ func (s *Server) HandlePowerAction(action PowerAction, waitSeconds ...int) error
 	if action != PowerActionTerminate {
 		// Determines if we should wait for the lock or not. If a value greater than 0 is passed
 		// into this function we will wait that long for a lock to be acquired.
-		if len(waitSeconds) > 0 && waitSeconds[0] != 0 {
-			ctx, cancel := context.WithTimeout(context.Background(), time.Second*time.Duration(waitSeconds[0]))
+		if wait > 0 {
+			ctx, cancel := context.WithTimeout(s.ctx, time.Second*time.Duration(wait))
 			defer cancel()
 
 			// Attempt to acquire a lock on the power action lock for up to 30 seconds. If more
 			// time than that passes an error will be propagated back up the chain and this
 			// request will be aborted.
-			if err := s.powerLock.Acquire(ctx, 1); err != nil {
-				return errors.WithMessage(err, "could not acquire lock on power state")
+			if err := s.powerLock.TryAcquire(ctx); err != nil {
+				return errors.Wrap(err, fmt.Sprintf("could not acquire lock on power action after %d seconds", wait))
 			}
 		} else {
 			// If no wait duration was provided we will attempt to immediately acquire the lock
 			// and bail out with a context deadline error if it is not acquired immediately.
-			if ok := s.powerLock.TryAcquire(1); !ok {
-				return errors.WithMessage(context.DeadlineExceeded, "could not acquire lock on power state")
+			if err := s.powerLock.Acquire(); err != nil {
+				return errors.Wrap(err, "failed to acquire exclusive lock for power actions")
 			}
 		}
 
-		// Release the lock once the process being requested has finished executing.
-		defer s.powerLock.Release(1)
+		log.Info("acquired exclusive lock on power actions, processing event...")
+		defer cleanup()
 	} else {
-		// Still try to acquire the lock if terminating, and it is available, just so that other power
-		// actions are blocked until it has completed. However, if it is unavailable we won't stop
-		// the entire process.
-		if ok := s.powerLock.TryAcquire(1); ok {
-			// If we managed to acquire the lock be sure to released it once this process is completed.
-			defer s.powerLock.Release(1)
+		// Still try to acquire the lock if terminating, and it is available, just so that
+		// other power actions are blocked until it has completed. However, if it cannot be
+		// acquired we won't stop the entire process.
+		//
+		// If we did successfully acquire the lock, make sure we release it once we're done
+		// executiong the power actions.
+		if err := s.powerLock.Acquire(); err == nil {
+			log.Info("acquired exclusive lock on power actions, processing event...")
+			defer cleanup()
+		} else {
+			log.Warn("failed to acquire exclusive lock, ignoring failure for termination event")
 		}
 	}
 

server/power_test.go

@@ -0,0 +1,158 @@
+package server
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"emperror.dev/errors"
+	. "github.com/franela/goblin"
+)
+
+func TestPower(t *testing.T) {
+	g := Goblin(t)
+
+	g.Describe("PowerLocker", func() {
+		var pl *powerLocker
+		g.BeforeEach(func() {
+			pl = newPowerLocker()
+		})
+
+		g.Describe("PowerLocker#IsLocked", func() {
+			g.It("should return false when the channel is empty", func() {
+				g.Assert(cap(pl.ch)).Equal(1)
+				g.Assert(pl.IsLocked()).IsFalse()
+			})
+
+			g.It("should return true when the channel is at capacity", func() {
+				pl.ch <- true
+
+				g.Assert(pl.IsLocked()).IsTrue()
+				<-pl.ch
+				g.Assert(pl.IsLocked()).IsFalse()
+
+				// We don't care what the channel value is, just that there is
+				// something in it.
+				pl.ch <- false
+				g.Assert(pl.IsLocked()).IsTrue()
+				g.Assert(cap(pl.ch)).Equal(1)
+			})
+		})
+
+		g.Describe("PowerLocker#Acquire", func() {
+			g.It("should acquire a lock when channel is empty", func() {
+				err := pl.Acquire()
+
+				g.Assert(err).IsNil()
+				g.Assert(cap(pl.ch)).Equal(1)
+				g.Assert(len(pl.ch)).Equal(1)
+			})
+
+			g.It("should return an error when the channel is full", func() {
+				pl.ch <- true
+
+				err := pl.Acquire()
+
+				g.Assert(err).IsNotNil()
+				g.Assert(errors.Is(err, ErrPowerLockerLocked)).IsTrue()
+				g.Assert(cap(pl.ch)).Equal(1)
+				g.Assert(len(pl.ch)).Equal(1)
+			})
+		})
+
+		g.Describe("PowerLocker#TryAcquire", func() {
+			g.It("should acquire a lock when channel is empty", func() {
+				g.Timeout(time.Second)
+
+				err := pl.TryAcquire(context.Background())
+
+				g.Assert(err).IsNil()
+				g.Assert(cap(pl.ch)).Equal(1)
+				g.Assert(len(pl.ch)).Equal(1)
+				g.Assert(pl.IsLocked()).IsTrue()
+			})
+
+			g.It("should block until context is canceled if channel is full", func() {
+				g.Timeout(time.Second)
+				ctx, cancel := context.WithTimeout(context.Background(), time.Millisecond*500)
+				defer cancel()
+
+				pl.ch <- true
+				err := pl.TryAcquire(ctx)
+
+				g.Assert(err).IsNotNil()
+				g.Assert(errors.Is(err, context.DeadlineExceeded)).IsTrue()
+				g.Assert(cap(pl.ch)).Equal(1)
+				g.Assert(len(pl.ch)).Equal(1)
+				g.Assert(pl.IsLocked()).IsTrue()
+			})
+
+			g.It("should block until lock can be acquired", func() {
+				g.Timeout(time.Second)
+
+				ctx, cancel := context.WithTimeout(context.Background(), time.Millisecond*200)
+				defer cancel()
+
+				pl.Acquire()
+				go func() {
+					time.AfterFunc(time.Millisecond * 50, func() {
+						pl.Release()
+					})
+				}()
+
+				err := pl.TryAcquire(ctx)
+				g.Assert(err).IsNil()
+				g.Assert(cap(pl.ch)).Equal(1)
+				g.Assert(len(pl.ch)).Equal(1)
+				g.Assert(pl.IsLocked()).IsTrue()
+			})
+		})
+
+		g.Describe("PowerLocker#Release", func() {
+			g.It("should release when channel is full", func() {
+				pl.Acquire()
+				g.Assert(pl.IsLocked()).IsTrue()
+				pl.Release()
+				g.Assert(cap(pl.ch)).Equal(1)
+				g.Assert(len(pl.ch)).Equal(0)
+				g.Assert(pl.IsLocked()).IsFalse()
+			})
+
+			g.It("should release when channel is empty", func() {
+				g.Assert(pl.IsLocked()).IsFalse()
+				pl.Release()
+				g.Assert(cap(pl.ch)).Equal(1)
+				g.Assert(len(pl.ch)).Equal(0)
+				g.Assert(pl.IsLocked()).IsFalse()
+			})
+		})
+
+		g.Describe("PowerLocker#Destroy", func() {
+			g.It("should unlock and close the channel", func() {
+				pl.Acquire()
+				g.Assert(pl.IsLocked()).IsTrue()
+				pl.Destroy()
+				g.Assert(pl.IsLocked()).IsFalse()
+
+				defer func() {
+					r := recover()
+
+					g.Assert(r).IsNotNil()
+					g.Assert(r.(error).Error()).Equal("send on closed channel")
+				}()
+
+				pl.Acquire()
+			})
+		})
+	})
+
+	g.Describe("Server#ExecutingPowerAction", func() {
+		g.It("should return based on locker status", func() {
+			s := &Server{powerLock: newPowerLocker()}
+
+			g.Assert(s.ExecutingPowerAction()).IsFalse()
+			s.powerLock.Acquire()
+			g.Assert(s.ExecutingPowerAction()).IsTrue()
+		})
+	})
+}

server/resources.go

@@ -50,9 +50,3 @@ func (ru *ResourceUsage) Reset() {
 	ru.Network.TxBytes = 0
 	ru.Network.RxBytes = 0
 }
-
-func (s *Server) emitProcUsage() {
-	if err := s.Events().PublishJson(StatsEvent, s.Proc()); err != nil {
-		s.Log().WithField("error", err).Warn("error while emitting server resource usage to listeners")
-	}
-}

server/server.go

@@ -2,7 +2,6 @@ package server
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"net/http"
 	"os"
@@ -12,7 +11,7 @@ import (
 	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/creasty/defaults"
-	"golang.org/x/sync/semaphore"
+	"github.com/goccy/go-json"
 
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/environment"
@@ -32,7 +31,7 @@ type Server struct {
 	ctxCancel *context.CancelFunc
 
 	emitterLock  sync.Mutex
-	powerLock    *semaphore.Weighted
+	powerLock    *powerLocker
 	throttleOnce sync.Once
 
 	// Maintains the configuration for the server. This is the data that gets returned by the Panel
@@ -49,7 +48,7 @@ type Server struct {
 	fs *filesystem.Filesystem
 
 	// Events emitted by the server instance.
-	emitter *events.EventBus
+	emitter *events.Bus
 
 	// Defines the process configuration for the server instance. This is dynamically
 	// fetched from the Pterodactyl Server instance each time the server process is
@@ -70,6 +69,11 @@ type Server struct {
 	// Tracks open websocket connections for the server.
 	wsBag       *WebsocketBag
 	wsBagLocker sync.Mutex
+
+	sinks map[SinkName]*sinkPool
+
+	logSink     *sinkPool
+	installSink *sinkPool
 }
 
 // New returns a new server instance with a context and all of the default
@@ -83,6 +87,11 @@ func New(client remote.Client) (*Server, error) {
 		installing:   system.NewAtomicBool(false),
 		transferring: system.NewAtomicBool(false),
 		restoring:    system.NewAtomicBool(false),
+		powerLock:    newPowerLocker(),
+		sinks: map[SinkName]*sinkPool{
+			LogSink:     newSinkPool(),
+			InstallSink: newSinkPool(),
+		},
 	}
 	if err := defaults.Set(&s); err != nil {
 		return nil, errors.Wrap(err, "server: could not set default values for struct")
@@ -94,6 +103,17 @@ func New(client remote.Client) (*Server, error) {
 	return &s, nil
 }
 
+// CleanupForDestroy stops all running background tasks for this server that are
+// using the context on the server struct. This will cancel any running install
+// processes for the server as well.
+func (s *Server) CleanupForDestroy() {
+	s.CtxCancel()
+	s.Events().Destroy()
+	s.DestroyAllSinks()
+	s.Websockets().CancelAll()
+	s.powerLock.Destroy()
+}
+
 // ID returns the UUID for the server instance.
 func (s *Server) ID() string {
 	return s.Config().GetUuid()
@@ -293,7 +313,7 @@ func (s *Server) OnStateChange() {
 	// views in the Panel correctly display 0.
 	if st == environment.ProcessOfflineState {
 		s.resources.Reset()
-		s.emitProcUsage()
+		s.Events().Publish(StatsEvent, s.Proc())
 	}
 
 	// If server was in an online state, and is now in an offline state we should handle

server/sink.go

@@ -0,0 +1,117 @@
+package server
+
+import (
+	"sync"
+)
+
+// SinkName represents one of the registered sinks for a server.
+type SinkName string
+
+const (
+	// LogSink handles console output for game servers, including messages being
+	// sent via Wings to the console instance.
+	LogSink SinkName = "log"
+	// InstallSink handles installation output for a server.
+	InstallSink SinkName = "install"
+)
+
+// sinkPool represents a pool with sinks.
+type sinkPool struct {
+	mu    sync.RWMutex
+	sinks []chan []byte
+}
+
+// newSinkPool returns a new empty sinkPool. A sink pool generally lives with a
+// server instance for it's full lifetime.
+func newSinkPool() *sinkPool {
+	return &sinkPool{}
+}
+
+// On adds a channel to the sink pool instance.
+func (p *sinkPool) On(c chan []byte) {
+	p.mu.Lock()
+	p.sinks = append(p.sinks, c)
+	p.mu.Unlock()
+}
+
+// Off removes a given channel from the sink pool. If no matching sink is found
+// this function is a no-op. If a matching channel is found, it will be removed.
+func (p *sinkPool) Off(c chan []byte) {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	sinks := p.sinks
+	for i, sink := range sinks {
+		if c != sink {
+			continue
+		}
+
+		// We need to maintain the order of the sinks in the slice we're tracking,
+		// so shift everything to the left, rather than changing the order of the
+		// elements.
+		copy(sinks[i:], sinks[i+1:])
+		sinks[len(sinks)-1] = nil
+		sinks = sinks[:len(sinks)-1]
+		p.sinks = sinks
+
+		// Avoid a panic if the sink channel is nil at this point.
+		if c != nil {
+			close(c)
+		}
+
+		return
+	}
+}
+
+// Destroy destroys the pool by removing and closing all sinks and destroying
+// all of the channels that are present.
+func (p *sinkPool) Destroy() {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	for _, c := range p.sinks {
+		if c != nil {
+			close(c)
+		}
+	}
+
+	p.sinks = nil
+}
+
+// Push sends a given message to each of the channels registered in the pool.
+func (p *sinkPool) Push(data []byte) {
+	p.mu.RLock()
+	// Attempt to send the data over to the channels. If the channel buffer is full,
+	// or otherwise blocked for some reason (such as being a nil channel), just discard
+	// the event data and move on to the next channel in the slice. If you don't
+	// implement the "default" on the select you'll block execution until the channel
+	// becomes unblocked, which is not what we want to do here.
+	for _, c := range p.sinks {
+		select {
+		case c <- data:
+		default:
+		}
+	}
+	p.mu.RUnlock()
+}
+
+// Sink returns the instantiated and named sink for a server. If the sink has
+// not been configured yet this function will cause a panic condition.
+func (s *Server) Sink(name SinkName) *sinkPool {
+	sink, ok := s.sinks[name]
+	if !ok {
+		s.Log().Fatalf("attempt to access nil sink: %s", name)
+	}
+	return sink
+}
+
+// DestroyAllSinks iterates over all of the sinks configured for the server and
+// destroys their instances. Note that this will cause a panic if you attempt
+// to call Server.Sink() again after. This function is only used when a server
+// is being deleted from the system.
+func (s *Server) DestroyAllSinks() {
+	s.Log().Info("destroying all registered sinks for server instance")
+	for _, sink := range s.sinks {
+		sink.Destroy()
+	}
+}

server/sink_test.go

@@ -0,0 +1,189 @@
+package server
+
+import (
+	"reflect"
+	"sync"
+	"testing"
+
+	. "github.com/franela/goblin"
+)
+
+func MutexLocked(m *sync.RWMutex) bool {
+	v := reflect.ValueOf(m).Elem()
+
+	state := v.FieldByName("w").FieldByName("state")
+
+	return state.Int()&1 == 1 || v.FieldByName("readerCount").Int() > 0
+}
+
+func TestSink(t *testing.T) {
+	g := Goblin(t)
+
+	g.Describe("SinkPool#On", func() {
+		g.It("pushes additional channels to a sink", func() {
+			pool := &sinkPool{}
+
+			g.Assert(pool.sinks).IsZero()
+
+			c1 := make(chan []byte, 1)
+			pool.On(c1)
+
+			g.Assert(len(pool.sinks)).Equal(1)
+			g.Assert(MutexLocked(&pool.mu)).IsFalse()
+		})
+	})
+
+	g.Describe("SinkPool#Off", func() {
+		var pool *sinkPool
+		g.BeforeEach(func() {
+			pool = &sinkPool{}
+		})
+
+		g.It("works when no sinks are registered", func() {
+			ch := make(chan []byte, 1)
+
+			g.Assert(pool.sinks).IsZero()
+			pool.Off(ch)
+
+			g.Assert(pool.sinks).IsZero()
+			g.Assert(MutexLocked(&pool.mu)).IsFalse()
+		})
+
+		g.It("does not remove any sinks when the channel does not match", func() {
+			ch := make(chan []byte, 1)
+			ch2 := make(chan []byte, 1)
+
+			pool.On(ch)
+			g.Assert(len(pool.sinks)).Equal(1)
+
+			pool.Off(ch2)
+			g.Assert(len(pool.sinks)).Equal(1)
+			g.Assert(pool.sinks[0]).Equal(ch)
+			g.Assert(MutexLocked(&pool.mu)).IsFalse()
+		})
+
+		g.It("removes a channel and maintains the order", func() {
+			channels := make([]chan []byte, 8)
+            for i := 0; i < len(channels); i++ {
+				channels[i] = make(chan []byte, 1)
+                pool.On(channels[i])
+            }
+
+			g.Assert(len(pool.sinks)).Equal(8)
+
+			pool.Off(channels[2])
+			g.Assert(len(pool.sinks)).Equal(7)
+			g.Assert(pool.sinks[1]).Equal(channels[1])
+			g.Assert(pool.sinks[2]).Equal(channels[3])
+			g.Assert(MutexLocked(&pool.mu)).IsFalse()
+		})
+
+		g.It("does not panic if a nil channel is provided", func() {
+			ch := make([]chan []byte, 1)
+
+			defer func () {
+				if r := recover(); r != nil {
+                    g.Fail("removing a nil channel should not cause a panic")
+                }
+			}()
+
+			pool.On(ch[0])
+			pool.Off(ch[0])
+
+			g.Assert(len(pool.sinks)).Equal(0)
+		})
+	})
+
+	g.Describe("SinkPool#Push", func() {
+		var pool *sinkPool
+		g.BeforeEach(func() {
+			pool = &sinkPool{}
+		})
+
+		g.It("works when no sinks are registered", func() {
+			g.Assert(len(pool.sinks)).IsZero()
+			pool.Push([]byte("test"))
+			g.Assert(MutexLocked(&pool.mu)).IsFalse()
+		})
+
+		g.It("sends data to every registered sink", func() {
+			ch1 := make(chan []byte, 1)
+			ch2 := make(chan []byte, 1)
+
+			pool.On(ch1)
+			pool.On(ch2)
+
+			g.Assert(len(pool.sinks)).Equal(2)
+			b := []byte("test")
+			pool.Push(b)
+
+			g.Assert(MutexLocked(&pool.mu)).IsFalse()
+			g.Assert(<-ch1).Equal(b)
+			g.Assert(<-ch2).Equal(b)
+			g.Assert(len(pool.sinks)).Equal(2)
+		})
+
+		g.It("does not block if a channel is nil or otherwise full", func() {
+			ch := make([]chan []byte, 2)
+			ch[1] = make(chan []byte, 1)
+			ch[1] <- []byte("test")
+
+			pool.On(ch[0])
+			pool.On(ch[1])
+
+			pool.Push([]byte("testing"))
+
+			g.Assert(MutexLocked(&pool.mu)).IsFalse()
+			g.Assert(<-ch[1]).Equal([]byte("test"))
+
+			pool.Push([]byte("test2"))
+			g.Assert(<-ch[1]).Equal([]byte("test2"))
+			g.Assert(MutexLocked(&pool.mu)).IsFalse()
+		})
+	})
+
+	g.Describe("SinkPool#Destroy", func() {
+		var pool *sinkPool
+		g.BeforeEach(func() {
+			pool = &sinkPool{}
+		})
+
+		g.It("works if no sinks are registered", func() {
+			pool.Destroy()
+
+			g.Assert(MutexLocked(&pool.mu)).IsFalse()
+		})
+
+		g.It("closes all channels fully", func() {
+			ch1 := make(chan []byte, 1)
+			ch2 := make(chan []byte, 1)
+
+			pool.On(ch1)
+			pool.On(ch2)
+
+			g.Assert(len(pool.sinks)).Equal(2)
+			pool.Destroy()
+			g.Assert(pool.sinks).IsZero()
+
+			defer func() {
+				r := recover()
+
+				g.Assert(r).IsNotNil()
+				g.Assert(r.(error).Error()).Equal("send on closed channel")
+			}()
+
+			ch1 <- []byte("test")
+		})
+
+		g.It("works when a sink channel is nil", func() {
+			ch := make([]chan []byte, 2)
+
+			pool.On(ch[0])
+			pool.On(ch[1])
+
+			pool.Destroy()
+
+			g.Assert(MutexLocked(&pool.mu)).IsFalse()
+		})
+	})
+}

sftp/handler.go

@@ -119,6 +119,9 @@ func (h *Handler) Filewrite(request *sftp.Request) (io.WriterAt, error) {
 		l.WithField("flags", request.Flags).WithField("error", err).Error("failed to open existing file on system")
 		return nil, sftp.ErrSSHFxFailure
 	}
+	// Chown may or may not have been called in the touch function, so always do
+	// it at this point to avoid the file being improperly owned.
+	_ = h.server.Filesystem().Chown(request.Filepath)
 	return f, nil
 }
 
@@ -142,12 +145,12 @@ func (h *Handler) Filecmd(request *sftp.Request) error {
 		}
 		mode := request.Attributes().FileMode().Perm()
 		// If the client passes an invalid FileMode just use the default 0644.
-		if mode == 0000 {
-			mode = os.FileMode(0644)
+		if mode == 0o000 {
+			mode = os.FileMode(0o644)
 		}
 		// Force directories to be 0755.
 		if request.Attributes().FileMode().IsDir() {
-			mode = 0755
+			mode = 0o755
 		}
 		if err := h.fs.Chmod(request.Filepath, mode); err != nil {
 			if errors.Is(err, os.ErrNotExist) {
@@ -260,7 +263,6 @@ func (h *Handler) Filelist(request *sftp.Request) (sftp.ListerAt, error) {
 		files, err := ioutil.ReadDir(p)
 		if err != nil {
 			h.logger.WithField("source", request.Filepath).WithField("error", err).Error("error while listing directory")
-
 			return nil, sftp.ErrSSHFxFailure
 		}
 		return ListerAt(files), nil

sftp/server.go

@@ -6,7 +6,6 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"io"
-	"io/ioutil"
 	"net"
 	"os"
 	"path"
@@ -59,7 +58,7 @@ func (c *SFTPServer) Run() error {
 	} else if err != nil {
 		return errors.Wrap(err, "sftp: could not stat private key file")
 	}
-	pb, err := ioutil.ReadFile(c.PrivateKeyPath())
+	pb, err := os.ReadFile(c.PrivateKeyPath())
 	if err != nil {
 		return errors.Wrap(err, "sftp: could not read private key file")
 	}
@@ -159,10 +158,10 @@ func (c *SFTPServer) generateED25519PrivateKey() error {
 	if err != nil {
 		return errors.Wrap(err, "sftp: failed to generate ED25519 private key")
 	}
-	if err := os.MkdirAll(path.Dir(c.PrivateKeyPath()), 0755); err != nil {
+	if err := os.MkdirAll(path.Dir(c.PrivateKeyPath()), 0o755); err != nil {
 		return errors.Wrap(err, "sftp: could not create internal sftp data directory")
 	}
-	o, err := os.OpenFile(c.PrivateKeyPath(), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
+	o, err := os.OpenFile(c.PrivateKeyPath(), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o600)
 	if err != nil {
 		return errors.WithStack(err)
 	}
@@ -221,4 +220,4 @@ func (c *SFTPServer) passwordCallback(conn ssh.ConnMetadata, pass []byte) (*ssh.
 // PrivateKeyPath returns the path the host private key for this server instance.
 func (c *SFTPServer) PrivateKeyPath() string {
 	return path.Join(c.BasePath, ".sftp/id_ed25519")
-}
+}

sftp/utils.go

@@ -6,15 +6,15 @@ import (
 )
 
 const (
-	// Extends the default SFTP server to return a quota exceeded error to the client.
+	// ErrSSHQuotaExceeded extends the default SFTP server to return a quota exceeded error to the client.
 	//
 	// @see https://tools.ietf.org/id/draft-ietf-secsh-filexfer-13.txt
-	ErrSSHQuotaExceeded = fxerr(15)
+	ErrSSHQuotaExceeded = fxErr(15)
 )
 
 type ListerAt []os.FileInfo
 
-// Returns the number of entries copied and an io.EOF error if we made it to the end of the file list.
+// ListAt returns the number of entries copied and an io.EOF error if we made it to the end of the file list.
 // Take a look at the pkg/sftp godoc for more information about how this function should work.
 func (l ListerAt) ListAt(f []os.FileInfo, offset int64) (int, error) {
 	if offset >= int64(len(l)) {
@@ -28,9 +28,9 @@ func (l ListerAt) ListAt(f []os.FileInfo, offset int64) (int, error) {
 	}
 }
 
-type fxerr uint32
+type fxErr uint32
 
-func (e fxerr) Error() string {
+func (e fxErr) Error() string {
 	switch e {
 	case ErrSSHQuotaExceeded:
 		return "Quota Exceeded"

system/const.go

@@ -1,6 +1,3 @@
 package system
 
-var (
-	// The current version of this software.
-	Version = "0.0.1"
-)
+var Version = "develop"

system/utils.go

@@ -4,19 +4,25 @@ import (
 	"bufio"
 	"bytes"
 	"context"
-	"encoding/json"
 	"fmt"
 	"io"
 	"strconv"
-	"strings"
 	"sync"
 	"time"
 
 	"emperror.dev/errors"
+	"github.com/goccy/go-json"
 )
 
-var cr = []byte(" \r")
-var crr = []byte("\r\n")
+var (
+	cr  = []byte(" \r")
+	crr = []byte("\r\n")
+)
+
+// The maximum size of the buffer used to send output over the console to
+// clients. Once this length is reached, the line will be truncated and sent
+// as is.
+var maxBufferSize = 64 * 1024
 
 // FirstNotEmpty returns the first string passed in that is not an empty value.
 func FirstNotEmpty(v ...string) string {
@@ -36,14 +42,24 @@ func MustInt(v string) int {
 	return i
 }
 
-func ScanReader(r io.Reader, callback func(line string)) error {
-	br := bufio.NewReader(r)
+// ScanReader reads up to 64KB of line from the reader and emits that value
+// over the websocket. If a line exceeds that size, it is truncated and only that
+// amount is sent over.
+func ScanReader(r io.Reader, callback func(line []byte)) error {
+	// Based on benchmarking this seems to be the best size for the reader buffer
+	// to maintain fast enough workflows without hammering the CPU for allocations.
+	//
+	// Additionally, most games are outputting a high-frequency of smaller lines,
+	// rather than a bunch of massive lines. This allocation amount is the total
+	// number of bytes being output for each call to ReadLine() before it moves on
+	// to the next data pull.
+	br := bufio.NewReaderSize(r, 256)
 	// Avoid constantly re-allocating memory when we're flooding lines through this
 	// function by using the same buffer for the duration of the call and just truncating
 	// the value back to 0 every loop.
-	var str strings.Builder
+	var buf bytes.Buffer
 	for {
-		str.Reset()
+		buf.Reset()
 		var err error
 		var line []byte
 		var isPrefix bool
@@ -51,29 +67,54 @@ func ScanReader(r io.Reader, callback func(line string)) error {
 		for {
 			// Read the line and write it to the buffer.
 			line, isPrefix, err = br.ReadLine()
+
 			// Certain games like Minecraft output absolutely random carriage returns in the output seemingly
 			// in line with that it thinks is the terminal size. Those returns break a lot of output handling,
 			// so we'll just replace them with proper new-lines and then split it later and send each line as
 			// its own event in the response.
-			str.Write(bytes.Replace(line, cr, crr, -1))
-			// Finish this loop and begin outputting the line if there is no prefix (the line fit into
-			// the default buffer), or if we hit the end of the line.
+			line = bytes.Replace(line, cr, crr, -1)
+			ns := buf.Len() + len(line)
+
+			// If the length of the line value and the current value in the buffer will
+			// exceed the maximum buffer size, chop it down to hit the maximum size and
+			// then send that data over the socket before ending this loop.
+			//
+			// This ensures that we send as much data as possible, without allowing very
+			// long lines to grow the buffer size excessively and potentially DOS the Wings
+			// instance. If the line is not too long, just store the whole value into the
+			// buffer. This is kind of a re-implementation of the bufio.Scanner.Scan() logic
+			// without triggering an error when you exceed this buffer size.
+			if ns > maxBufferSize {
+				buf.Write(line[:len(line)-(ns-maxBufferSize)])
+				break
+			} else {
+				buf.Write(line)
+			}
+			// Finish this loop and begin outputting the line if there is no prefix
+			// (the line fit into the default buffer), or if we hit the end of the line.
 			if !isPrefix || err == io.EOF {
 				break
 			}
-			// If we encountered an error with something in ReadLine that was not an EOF just abort
-			// the entire process here.
+			// If we encountered an error with something in ReadLine that was not an
+			// EOF just abort the entire process here.
 			if err != nil {
 				return err
 			}
 		}
-		// Publish the line for this loop. Break on new-line characters so every line is sent as a single
-		// output event, otherwise you get funky handling in the browser console.
-		for _, line := range strings.Split(str.String(), "\r\n") {
-			callback(line)
+
+		// Send the full buffer length over to the event handler to be emitted in
+		// the websocket. The front-end can handle the linebreaks in the middle of
+		// the output, it simply expects that the end of the event emit is a newline.
+		if buf.Len() > 0 {
+			// You need to make a copy of the buffer here because the callback will encounter
+			// a race condition since "buf.Bytes()" is going to be by-reference if passed directly.
+			c := make([]byte, buf.Len())
+			copy(c, buf.Bytes())
+			callback(c)
 		}
-		// If the error we got previously that lead to the line being output is an io.EOF we want to
-		// exit the entire looping process.
+
+		// If the error we got previously that lead to the line being output is
+		// an io.EOF we want to exit the entire looping process.
 		if err == io.EOF {
 			break
 		}

system/utils_test.go

@@ -0,0 +1,59 @@
+package system
+
+import (
+	"math/rand"
+	"strings"
+	"testing"
+	"time"
+
+	. "github.com/franela/goblin"
+)
+
+func Test_Utils(t *testing.T) {
+	g := Goblin(t)
+
+	g.Describe("ScanReader", func() {
+		g.BeforeEach(func() {
+			maxBufferSize = 10
+		})
+
+		g.It("should truncate and return long lines", func() {
+			reader := strings.NewReader("hello world this is a long line\nof text that should be truncated\nnot here\nbut definitely on this line")
+
+			var lines []string
+			err := ScanReader(reader, func(line []byte) {
+				lines = append(lines, string(line))
+			})
+
+			g.Assert(err).IsNil()
+			g.Assert(lines).Equal([]string{"hello worl", "of text th", "not here", "but defini"})
+		})
+
+		g.It("should replace cariage returns with newlines", func() {
+			reader := strings.NewReader("test\rstring\r\nanother\rline\nhodor\r\r\rheld the door\nmaterial gourl\n")
+			var lines []string
+			err := ScanReader(reader, func(line []byte) {
+				lines = append(lines, string(line))
+			})
+
+			g.Assert(err).IsNil()
+			g.Assert(lines).Equal([]string{"test\rstrin", "another\rli", "hodor\r\r\rhe", "material g"})
+		})
+	})
+}
+
+func Benchmark_ScanReader(b *testing.B) {
+	r := rand.New(rand.NewSource(time.Now().UnixNano()))
+	var str string
+	for i := 0; i < 10; i++ {
+		str += strings.Repeat("hello \rworld", r.Intn(2000)) + "\n"
+	}
+	reader := strings.NewReader(str)
+
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		_ = ScanReader(reader, func(line []byte) {
+			// no op
+		})
+	}
+}