Reuse GuzzleClient with timeouts for presigned S3 requests

Some S3-compatible providers (e.g., Hetzner) require presigned requests.
Previously only GetObject and UploadPart were presigned; the remaining
operations (CreateMultipartUpload, ListParts, CompleteMultipartUpload,
AbortMultipartUpload, DeleteObject) used header-based auth. This adds an
executeS3Command() method to S3Filesystem that sends all commands via
presigned URLs with manual XML response parsing, giving universal
compatibility with all S3-compatible providers.

app/Enums/SubuserPermission.php

@@ -58,9 +58,6 @@ enum SubuserPermission: string
     case SettingsDescription = 'settings.description';
     case SettingsReinstall = 'settings.reinstall';
 
-    case MountRead = 'mount.read';
-    case MountUpdate = 'mount.update';
-
     /** @return string[] */
     public function split(): array
     {
@@ -87,7 +84,6 @@ enum SubuserPermission: string
             'schedule' => TablerIcon::Clock,
             'settings' => TablerIcon::Settings,
             'activity' => TablerIcon::Stack,
-            'mount' => TablerIcon::LayersLinked,
             default => null,
         };
     }

app/Extensions/Filesystem/S3Filesystem.php

@@ -2,11 +2,18 @@
 
 namespace App\Extensions\Filesystem;
 
+use Aws\CommandInterface;
+use Aws\Result;
 use Aws\S3\S3ClientInterface;
+use GuzzleHttp\Client as GuzzleClient;
 use League\Flysystem\AwsS3V3\AwsS3V3Adapter;
+use RuntimeException;
+use SimpleXMLElement;
 
 class S3Filesystem extends AwsS3V3Adapter
 {
+    private ?GuzzleClient $guzzle = null;
+
     /**
      * @param  array<mixed>  $options
      */
@@ -26,6 +33,18 @@ class S3Filesystem extends AwsS3V3Adapter
         );
     }
 
+    private function getGuzzleClient(): GuzzleClient
+    {
+        if ($this->guzzle === null) {
+            $this->guzzle = new GuzzleClient([
+                'timeout' => 30,
+                'connect_timeout' => 10,
+            ]);
+        }
+
+        return $this->guzzle;
+    }
+
     public function getClient(): S3ClientInterface
     {
         return $this->client;
@@ -35,4 +54,78 @@ class S3Filesystem extends AwsS3V3Adapter
     {
         return $this->bucket;
     }
+
+    /**
+     * Execute an S3 command using a presigned URL for maximum compatibility
+     * with S3-compatible providers.
+     *
+     * @return Result<array<string, mixed>>
+     */
+    public function executeS3Command(CommandInterface $command): Result
+    {
+        $presignedRequest = $this->client->createPresignedRequest($command, '+60 minutes');
+
+        $response = $this->getGuzzleClient()->send($presignedRequest);
+
+        $body = (string) $response->getBody();
+        $commandName = $command->getName();
+
+        // S3's CompleteMultipartUpload can return HTTP 200 with an <Error> body
+        if ($body !== '' && str_contains($body, '<Error>')) {
+            throw new RuntimeException("S3 returned an error for $commandName: $body");
+        }
+
+        return new Result($this->parseS3Response($commandName, $body));
+    }
+
+    /**
+     * Parse the XML response body based on the S3 command type.
+     *
+     * @return array<string, mixed>
+     */
+    private function parseS3Response(string $commandName, string $body): array
+    {
+        if ($body === '') {
+            return [];
+        }
+
+        $xml = @simplexml_load_string($body);
+        if ($xml === false) {
+            throw new RuntimeException("Failed to parse S3 XML response for $commandName: $body");
+        }
+
+        return match ($commandName) {
+            'CreateMultipartUpload' => $this->parseCreateMultipartUpload($xml),
+            'ListParts' => $this->parseListParts($xml),
+            'CompleteMultipartUpload' => [],
+            default => [],
+        };
+    }
+
+    /**
+     * @return array{UploadId: string}
+     */
+    private function parseCreateMultipartUpload(SimpleXMLElement $xml): array
+    {
+        return [
+            'UploadId' => (string) $xml->UploadId,
+        ];
+    }
+
+    /**
+     * @return array{Parts: array<int, array{ETag: string, PartNumber: int}>}
+     */
+    private function parseListParts(SimpleXMLElement $xml): array
+    {
+        $parts = [];
+
+        foreach ($xml->Part as $part) {
+            $parts[] = [
+                'ETag' => (string) $part->ETag,
+                'PartNumber' => (int) $part->PartNumber,
+            ];
+        }
+
+        return ['Parts' => $parts];
+    }
 }

app/Filament/Admin/Resources/Mounts/MountResource.php

@@ -143,24 +143,6 @@ class MountResource extends Resource
                         ])
                         ->inline()
                         ->default(false),
-                    ToggleButtons::make('user_mountable')
-                        ->label(trans('admin/mount.user_mountable'))
-                        ->helperText(trans('admin/mount.user_mountable_help'))
-                        ->stateCast(new BooleanStateCast(false, true))
-                        ->options([
-                            false => trans('admin/mount.toggles.not_user_mountable'),
-                            true => trans('admin/mount.toggles.user_mountable'),
-                        ])
-                        ->icons([
-                            false => TablerIcon::Users,
-                            true => TablerIcon::Users,
-                        ])
-                        ->colors([
-                            false => 'warning',
-                            true => 'success',
-                        ])
-                        ->inline()
-                        ->default(true),
                     TextInput::make('source')
                         ->label(trans('admin/mount.source'))
                         ->required()

app/Filament/Admin/Resources/Mounts/Pages/CreateMount.php

@@ -42,6 +42,7 @@ class CreateMount extends CreateRecord
     protected function handleRecordCreation(array $data): Model
     {
         $data['uuid'] ??= Str::uuid()->toString();
+        $data['user_mountable'] = 1;
 
         return parent::handleRecordCreation($data);
     }

app/Filament/Server/Pages/Console.php

@@ -78,11 +78,15 @@ class Console extends Page
         $feature = data_get($data, 'key');
 
         $feature = $this->featureService->get($feature);
-        if (!$feature || $this->getMountedAction()) {
+        if (!$feature) {
             return;
         }
-        $this->mountAction($feature->getId());
-        sleep(2); // TODO find a better way
+
+        if ($this->getMountedAction()) {
+            $this->replaceMountedAction($feature->getId());
+        } else {
+            $this->mountAction($feature->getId());
+        }
     }
 
     public function getWidgetData(): array

app/Filament/Server/Pages/Mounts.php

@@ -1,114 +0,0 @@
-<?php
-
-namespace App\Filament\Server\Pages;
-
-use App\Enums\SubuserPermission;
-use App\Enums\TablerIcon;
-use App\Facades\Activity;
-use App\Models\Mount;
-use App\Models\Server;
-use BackedEnum;
-use Filament\Facades\Filament;
-use Filament\Forms\Components\CheckboxList;
-use Filament\Notifications\Notification;
-use Filament\Schemas\Components\Section;
-use Filament\Schemas\Schema;
-
-class Mounts extends ServerFormPage
-{
-    protected static string|BackedEnum|null $navigationIcon = TablerIcon::LayersLinked;
-
-    protected static ?int $navigationSort = 11;
-
-    public static function canAccess(): bool
-    {
-        return parent::canAccess() && user()?->can(SubuserPermission::MountRead, Filament::getTenant());
-    }
-
-    protected function authorizeAccess(): void
-    {
-        abort_unless(user()?->can(SubuserPermission::MountRead, Filament::getTenant()), 403);
-    }
-
-    protected function fillForm(): void
-    {
-        $this->form->fill([
-            'mounts' => $this->getRecord()->mounts->pluck('id')->toArray(),
-        ]);
-    }
-
-    public function form(Schema $schema): Schema
-    {
-        /** @var Server $server */
-        $server = $this->getRecord();
-
-        $allowedMounts = Mount::query()
-            ->where('user_mountable', true)
-            ->where(function ($query) use ($server) {
-                $query->whereDoesntHave('nodes')
-                    ->orWhereHas('nodes', fn ($q) => $q->where('nodes.id', $server->node_id));
-            })
-            ->where(function ($query) use ($server) {
-                $query->whereDoesntHave('eggs')
-                    ->orWhereHas('eggs', fn ($q) => $q->where('eggs.id', $server->egg_id));
-            })
-            ->get();
-
-        return parent::form($schema)
-            ->components([
-                Section::make(trans('server/mount.description'))
-                    ->schema([
-                        CheckboxList::make('mounts')
-                            ->hiddenLabel()
-                            ->relationship('mounts')
-                            ->options(fn () => $allowedMounts->mapWithKeys(fn (Mount $mount) => [$mount->id => $mount->name]))
-                            ->descriptions(fn () => $allowedMounts->mapWithKeys(fn (Mount $mount) => [$mount->id => "$mount->source -> $mount->target"]))
-                            ->helperText(fn () => $allowedMounts->isEmpty() ? trans('server/mount.no_mounts') : null)
-                            ->disabled(fn (Server $server) => !user()?->can(SubuserPermission::MountUpdate, $server))
-                            ->bulkToggleable()
-                            ->live()
-                            ->afterStateUpdated(function ($state) {
-                                $this->save();
-                            })
-                            ->columnSpanFull(),
-                    ]),
-            ]);
-    }
-
-    public function save(): void
-    {
-        /** @var Server $server */
-        $server = $this->getRecord();
-
-        abort_unless(user()?->can(SubuserPermission::MountUpdate, $server), 403);
-
-        try {
-            $this->form->getState();
-            $this->form->saveRelationships();
-
-            Activity::event('server:mount.update')
-                ->log();
-
-            Notification::make()
-                ->title(trans('server/mount.notification_updated'))
-                ->success()
-                ->send();
-        } catch (\Exception $exception) {
-            Notification::make()
-                ->title(trans('server/mount.notification_failed'))
-                ->body($exception->getMessage())
-                ->danger()
-                ->send();
-        }
-    }
-
-    public function getTitle(): string
-    {
-        return trans('server/mount.title');
-    }
-
-    public static function getNavigationLabel(): string
-    {
-        return trans('server/mount.title');
-    }
-}

app/Filament/Server/Resources/Files/Pages/ListFiles.php

@@ -209,16 +209,18 @@ class ListFiles extends ListRecords
                                 ->required()
                                 ->live(),
                             TextEntry::make('new_location')
-                                ->state(fn (Get $get, File $file) => resolve_path(join_paths($this->path, $get('location') ?? '/', $file->name))),
+                                ->state(fn (Get $get, File $file) => resolve_path(join_paths($this->path, str_ends_with($get('location') ?? '/', '/') ? join_paths($get('location') ?? '/', $file->name) : $get('location') ?? '/'))),
                         ])
                         ->action(function ($data, File $file) {
                             $location = $data['location'];
-                            $files = [['to' => join_paths($location, $file->name), 'from' => $file->name]];
+                            $endsWithSlash = str_ends_with($location, '/');
+                            $to = $endsWithSlash ? join_paths($location, $file->name) : $location;
+                            $files = [['to' => $to, 'from' => $file->name]];
 
                             $this->getDaemonFileRepository()->renameFiles($this->path, $files);
 
                             $oldLocation = join_paths($this->path, $file->name);
-                            $newLocation = resolve_path(join_paths($this->path, $location, $file->name));
+                            $newLocation = resolve_path(join_paths($this->path, $to));
 
                             Activity::event('server:file.rename')
                                 ->property('directory', $this->path)

app/Http/Controllers/Api/Remote/Backups/BackupRemoteUploadController.php

@@ -91,7 +91,7 @@ class BackupRemoteUploadController extends Controller
         }
 
         // Execute the CreateMultipartUpload request
-        $result = $client->execute($client->getCommand('CreateMultipartUpload', $params));
+        $result = $adapter->executeS3Command($client->getCommand('CreateMultipartUpload', $params));
 
         // Get the UploadId from the CreateMultipartUpload request, this is needed to create
         // the other presigned urls.

app/Http/Controllers/Api/Remote/Backups/BackupStatusController.php

@@ -138,7 +138,7 @@ class BackupStatusController extends Controller
 
         $client = $adapter->getClient();
         if (!$successful) {
-            $client->execute($client->getCommand('AbortMultipartUpload', $params));
+            $adapter->executeS3Command($client->getCommand('AbortMultipartUpload', $params));
 
             return;
         }
@@ -149,7 +149,7 @@ class BackupStatusController extends Controller
         ];
 
         if (is_null($parts)) {
-            $params['MultipartUpload']['Parts'] = $client->execute($client->getCommand('ListParts', $params))['Parts'];
+            $params['MultipartUpload']['Parts'] = $adapter->executeS3Command($client->getCommand('ListParts', $params))['Parts'];
         } else {
             foreach ($parts as $part) {
                 $params['MultipartUpload']['Parts'][] = [
@@ -159,6 +159,6 @@ class BackupStatusController extends Controller
             }
         }
 
-        $client->execute($client->getCommand('CompleteMultipartUpload', $params));
+        $adapter->executeS3Command($client->getCommand('CompleteMultipartUpload', $params));
     }
 }

app/Http/Controllers/Auth/OAuthController.php

@@ -74,7 +74,7 @@ class OAuthController extends Controller
         $email = $oauthUser->getEmail();
 
         if (!$email) {
-            return $this->errorRedirect();
+            return $this->errorRedirect('No email was linked to your account on the OAuth provider.');
         }
 
         $user = User::whereEmail($email)->first();

app/Models/Node.php

@@ -358,7 +358,7 @@ class Node extends Model implements Validatable
             'disk_used' => 0,
         ];
 
-        return cache()->remember("nodes.$this->id.statistics", now()->addSeconds(360), function () use ($default) {
+        return cache()->flexible("nodes.$this->id.statistics", [5, 30], function () use ($default) {
             try {
 
                 $data = Http::daemon($this)

app/Notifications/AccountCreated.php

@@ -23,14 +23,16 @@ class AccountCreated extends Notification implements ShouldQueue
 
     public function toMail(User $notifiable): MailMessage
     {
+        $locale = $notifiable->language ?? 'en';
+
         $message = (new MailMessage())
-            ->greeting('Hello ' . $notifiable->username . '!')
-            ->line('You are receiving this email because an account has been created for you on ' . config('app.name') . '.')
-            ->line('Username: ' . $notifiable->username)
-            ->line('Email: ' . $notifiable->email);
+            ->greeting(trans('mail.greeting', ['name' => $notifiable->username], $locale))
+            ->line(trans('mail.account_created.body', ['app' => config('app.name')], $locale))
+            ->line(trans('mail.account_created.username', ['username' => $notifiable->username], $locale))
+            ->line(trans('mail.account_created.email', ['email' => $notifiable->email], $locale));
 
         if (!is_null($this->token)) {
-            return $message->action('Setup Your Account', Filament::getPanel('app')->getResetPasswordUrl($this->token, $notifiable));
+            return $message->action(trans('mail.account_created.action', locale: $locale), Filament::getPanel('app')->getResetPasswordUrl($this->token, $notifiable));
         }
 
         return $message;

app/Notifications/AddedToServer.php

@@ -24,10 +24,12 @@ class AddedToServer extends Notification implements ShouldQueue
 
     public function toMail(User $notifiable): MailMessage
     {
+        $locale = $notifiable->language ?? 'en';
+
         return (new MailMessage())
-            ->greeting('Hello ' . $notifiable->username . '!')
-            ->line('You have been added as a subuser for the following server, allowing you certain control over the server.')
-            ->line('Server Name: ' . $this->server->name)
-            ->action('Visit Server', Console::getUrl(panel: 'server', tenant: $this->server));
+            ->greeting(trans('mail.greeting', ['name' => $notifiable->username], $locale))
+            ->line(trans('mail.added_to_server.body', locale: $locale))
+            ->line(trans('mail.added_to_server.server_name', ['name' => $this->server->name], $locale))
+            ->action(trans('mail.added_to_server.action', locale: $locale), Console::getUrl(panel: 'server', tenant: $this->server));
     }
 }

app/Notifications/MailTested.php

@@ -20,9 +20,11 @@ class MailTested extends Notification
 
     public function toMail(): MailMessage
     {
+        $locale = $this->user->language ?? 'en';
+
         return (new MailMessage())
-            ->subject('Panel Test Message')
-            ->greeting('Hello ' . $this->user->username . '!')
-            ->line('This is a test of the Panel mail system. You\'re good to go!');
+            ->subject(trans('mail.mail_tested.subject', locale: $locale))
+            ->greeting(trans('mail.greeting', ['name' => $this->user->username], $locale))
+            ->line(trans('mail.mail_tested.body', locale: $locale));
     }
 }

app/Notifications/RemovedFromServer.php

@@ -23,11 +23,13 @@ class RemovedFromServer extends Notification implements ShouldQueue
 
     public function toMail(User $notifiable): MailMessage
     {
+        $locale = $notifiable->language ?? 'en';
+
         return (new MailMessage())
             ->error()
-            ->greeting('Hello ' . $notifiable->username . '.')
-            ->line('You have been removed as a subuser for the following server.')
-            ->line('Server Name: ' . $this->server->name)
-            ->action('Visit Panel', url(''));
+            ->greeting(trans('mail.greeting', ['name' => $notifiable->username], $locale))
+            ->line(trans('mail.removed_from_server.body', locale: $locale))
+            ->line(trans('mail.removed_from_server.server_name', ['name' => $this->server->name], $locale))
+            ->action(trans('mail.removed_from_server.action', locale: $locale), url(''));
     }
 }

app/Notifications/ServerInstalled.php

@@ -24,10 +24,12 @@ class ServerInstalled extends Notification implements ShouldQueue
 
     public function toMail(User $notifiable): MailMessage
     {
+        $locale = $notifiable->language ?? 'en';
+
         return (new MailMessage())
-            ->greeting('Hello ' . $notifiable->username . '.')
-            ->line('Your server has finished installing and is now ready for you to use.')
-            ->line('Server Name: ' . $this->server->name)
-            ->action('Login and Begin Using', Console::getUrl(panel: 'server', tenant: $this->server));
+            ->greeting(trans('mail.greeting', ['name' => $notifiable->username], $locale))
+            ->line(trans('mail.server_installed.body', locale: $locale))
+            ->line(trans('mail.server_installed.server_name', ['name' => $this->server->name], $locale))
+            ->action(trans('mail.server_installed.action', locale: $locale), Console::getUrl(panel: 'server', tenant: $this->server));
     }
 }

app/Services/Activity/ActivityLogService.php

@@ -10,7 +10,6 @@ use Filament\Facades\Filament;
 use Illuminate\Contracts\Auth\Factory as AuthFactory;
 use Illuminate\Database\ConnectionInterface;
 use Illuminate\Database\Eloquent\Model;
-use Illuminate\Support\Arr;
 use Illuminate\Support\Collection;
 use Illuminate\Support\Facades\Request;
 use Throwable;
@@ -71,7 +70,7 @@ class ActivityLogService
      */
     public function subject(...$subjects): self
     {
-        foreach (Arr::wrap($subjects) as $subject) {
+        foreach ($subjects as $subject) {
             if (is_null($subject)) {
                 continue;
             }

app/Services/Backups/DeleteBackupService.php

@@ -7,7 +7,6 @@ use App\Extensions\Backups\BackupManager;
 use App\Extensions\Filesystem\S3Filesystem;
 use App\Models\Backup;
 use App\Repositories\Daemon\DaemonBackupRepository;
-use Aws\S3\S3Client;
 use Exception;
 use Illuminate\Database\ConnectionInterface;
 use Illuminate\Http\Response;
@@ -72,14 +71,12 @@ class DeleteBackupService
 
             /** @var S3Filesystem $adapter */
             $adapter = $this->manager->adapter(Backup::ADAPTER_AWS_S3);
-
-            /** @var S3Client $client */
             $client = $adapter->getClient();
 
-            $client->deleteObject([
+            $adapter->executeS3Command($client->getCommand('DeleteObject', [
                 'Bucket' => $adapter->getBucket(),
                 'Key' => sprintf('%s/%s.tar.gz', $backup->server->uuid, $backup->uuid),
-            ]);
+            ]));
         });
     }
 }

lang/en/admin/mount.php

@@ -17,13 +17,9 @@ return [
     'no_mounts' => 'No Mounts',
     'eggs' => 'Eggs',
     'nodes' => 'Nodes',
-    'user_mountable' => 'User Mountable?',
-    'user_mountable_help' => 'Allow users to toggle this mount on or off for their servers.',
     'toggles' => [
         'writable' => 'Writable',
         'read_only' => 'Read Only',
-        'user_mountable' => 'User Mountable',
-        'not_user_mountable' => 'Admin Only',
     ],
     'table' => [
         'name' => 'Name',

lang/en/mail.php

@@ -0,0 +1,35 @@
+<?php
+
+return [
+    'greeting' => 'Hello :name!',
+
+    'account_created' => [
+        'body' => 'You are receiving this email because an account has been created for you on :app.',
+        'username' => 'Username: :username',
+        'email' => 'Email: :email',
+        'action' => 'Setup Your Account',
+    ],
+
+    'added_to_server' => [
+        'body' => 'You have been added as a subuser for the following server, allowing you certain control over the server.',
+        'server_name' => 'Server Name: :name',
+        'action' => 'Visit Server',
+    ],
+
+    'removed_from_server' => [
+        'body' => 'You have been removed as a subuser for the following server.',
+        'server_name' => 'Server Name: :name',
+        'action' => 'Visit Panel',
+    ],
+
+    'server_installed' => [
+        'body' => 'Your server has finished installing and is now ready for you to use.',
+        'server_name' => 'Server Name: :name',
+        'action' => 'Login and Begin Using',
+    ],
+
+    'mail_tested' => [
+        'subject' => 'Panel Test Message',
+        'body' => 'This is a test of the Panel mail system. You\'re good to go!',
+    ],
+];

lang/en/server/mount.php

@@ -1,9 +0,0 @@
-<?php
-
-return [
-    'title' => 'Mounts',
-    'description' => 'Manage the mounts attached to your server.',
-    'no_mounts' => 'There are no user-mountable mounts available for this server.',
-    'notification_updated' => 'Mounts updated successfully.',
-    'notification_failed' => 'Failed to update mounts.',
-];

lang/en/server/user.php

@@ -69,8 +69,5 @@ return [
         'backup_delete' => 'Allows a user to remove backups from the system.',
         'backup_download' => 'Allows a user to download a backup for the server. Danger: this allows a user to access all files for the server in the backup.',
         'backup_restore' => 'Allows a user to restore a backup for the server. Danger: this allows the user to delete all of the server files in the process.',
-        'mount_desc' => 'Permissions that control a user\'s ability to manage mounts for this server.',
-        'mount_read' => 'Allows a user to view the mounts page and see available mounts.',
-        'mount_update' => 'Allows a user to toggle mounts on or off for the server.',
     ],
 ];

public/.htaccess

@@ -5,6 +5,10 @@
 
     RewriteEngine On
 
+    # Handle X-Forwarded-Proto Header
+    RewriteCond %{HTTP:X-Forwarded-Proto} =https [NC]
+    RewriteRule .* - [E=HTTPS:on]
+
     # Handle Authorization Header
     RewriteCond %{HTTP:Authorization} .
     RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

tests/Integration/Services/Backups/DeleteBackupServiceTest.php

@@ -9,8 +9,10 @@ use App\Models\Backup;
 use App\Repositories\Daemon\DaemonBackupRepository;
 use App\Services\Backups\DeleteBackupService;
 use App\Tests\Integration\IntegrationTestCase;
+use Aws\CommandInterface;
 use GuzzleHttp\Psr7\Response;
 use Illuminate\Http\Client\ConnectionException;
+use Mockery;
 
 class DeleteBackupServiceTest extends IntegrationTestCase
 {
@@ -92,10 +94,12 @@ class DeleteBackupServiceTest extends IntegrationTestCase
         $manager->expects('adapter')->with(Backup::ADAPTER_AWS_S3)->andReturn($adapter);
 
         $adapter->expects('getBucket')->andReturn('foobar');
-        $adapter->expects('getClient->deleteObject')->with([
+        $mockCommand = Mockery::mock(CommandInterface::class);
+        $adapter->expects('getClient->getCommand')->with('DeleteObject', [
             'Bucket' => 'foobar',
             'Key' => sprintf('%s/%s.tar.gz', $server->uuid, $backup->uuid),
-        ]);
+        ])->andReturn($mockCommand);
+        $adapter->expects('executeS3Command')->with($mockCommand);
 
         $this->app->make(DeleteBackupService::class)->handle($backup);