51 lines
1.4 KiB
Go
51 lines
1.4 KiB
Go
package remote
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"regexp"
|
|
|
|
"github.com/apex/log"
|
|
"github.com/pterodactyl/wings/api"
|
|
)
|
|
|
|
// Usernames all follow the same format, so don't even bother hitting the API if the username is not
|
|
// at least in the expected format. This is very basic protection against random bots finding the SFTP
|
|
// server and sending a flood of usernames.
|
|
var validUsernameRegexp = regexp.MustCompile(`^(?i)(.+)\.([a-z0-9]{8})$`)
|
|
|
|
func (c *client) ValidateSftpCredentials(ctx context.Context, request api.SftpAuthRequest) (api.SftpAuthResponse, error) {
|
|
if !validUsernameRegexp.MatchString(request.User) {
|
|
log.WithFields(log.Fields{
|
|
"subsystem": "sftp",
|
|
"username": request.User,
|
|
"ip": request.IP,
|
|
}).Warn("failed to validate user credentials (invalid format)")
|
|
return api.SftpAuthResponse{}, new(sftpInvalidCredentialsError)
|
|
}
|
|
|
|
res, err := c.post(ctx, "/sftp/auth", request)
|
|
if err != nil {
|
|
return api.SftpAuthResponse{}, err
|
|
}
|
|
|
|
e := res.Error()
|
|
if e != nil {
|
|
if res.StatusCode >= 400 && res.StatusCode < 500 {
|
|
log.WithFields(log.Fields{
|
|
"subsystem": "sftp",
|
|
"username": request.User,
|
|
"ip": request.IP,
|
|
}).Warn(e.Error())
|
|
|
|
return api.SftpAuthResponse{}, &sftpInvalidCredentialsError{}
|
|
}
|
|
|
|
return api.SftpAuthResponse{}, errors.New(e.Error())
|
|
}
|
|
|
|
r := api.SftpAuthResponse{}
|
|
err = res.BindJSON(&r)
|
|
return r, err
|
|
}
|