34ffaebd3e
Run cs-fix, ensure we only install dependency versions supporting 7.4+
2022-05-04 19:01:29 -04:00
5120590e47
ref: remove google analytics ( #3912 )
2022-02-05 09:08:43 -08:00
dfa329ddf2
[security] ensure session is only for that request when authenticating user API key
...
https://github.com/pterodactyl/panel/security/advisories/GHSA-7v3x-h7r2-34jv
2022-01-19 21:09:17 -05:00
28f7a809a5
fix: exception localization ( #3850 )
...
resolves #3849
2022-01-15 08:10:37 -08:00
bf9cbe2c6d
Add consistent CSRF token verification to API endpoints; address security concern with non-CSRF protected endpoints
2021-11-16 20:02:18 -08:00
17c03e9a4d
Fix broken session management for application api
2021-11-03 21:33:21 -07:00
60eff40a0c
Fix session management on client API requests; closes #3727
...
Versions of Pterodactyl prior to 1.6.3 used a different throttle pathway for
requests. That pathway found the current request user before continuing on to
other in-app middleware, thus the user was available downstream.
Changes introduced in 1.6.3 changed the throttler logic, therefore removing this
step. As a result, the client API could not always get the currently authenticated
user when cookies were used (aka, requests from the Panel UI, and not API directly).
This change corrects the logic to get the session setup correctly before falling
through to authenticating as a user using the API key. If a cookie is present and a
user is found as a result that session will be used. If an API key is provided it is
ignored when a cookie is also present.
In order to keep the API stateless any session created for an API request stemming
from an API key will have the associated session deleted at the end of the request,
and the 'Set-Cookies' header will be stripped from the response.
2021-11-03 20:51:39 -07:00
22a8b2b3a2
Use more standardized rate limiting in Laravel; apply limits to auth routes
2021-10-23 12:17:16 -07:00
4a84c36009
Fix security vulnerability when authenticating a two-factor authentication token for a user
...
See associated security advisory for technical details on the content of this security fix.
GHSA ID: GHSA-5vfx-8w6m-h3v4
2021-09-21 21:30:08 -07:00
e96ead4c4d
Update API calls to Wings to only pass the required details with the changes to the installer system
2021-08-29 14:09:43 -07:00
b4cae916ac
transfers: fix allocation array merging logic ( #3551 )
2021-08-18 12:58:41 -06:00
2b3303c46b
Fix changing a user password to not incorrectly handle logging out old sessions; closes #3531
2021-08-15 17:37:12 -07:00
25d9ba4779
Run php-cs-fixer
2021-08-15 17:20:36 -07:00
10b357b71e
ui(server): fix used backup count ( #3526 )
...
* ui(server): fix used backup count
* ui(server): refactor backup count code
2021-08-04 20:34:00 -07:00
970f281859
backups: default is_successful to false ( #3522 )
...
* backups: default is_successful to false
* backups: properly query backups
2021-08-03 19:45:25 -07:00
bda1ff50ab
[UI] Display the 2FA token, show spinner on load ( #3367 )
...
Co-authored-by: Dane Everitt <dane@daneeveritt.com>
2021-08-02 20:39:12 -07:00
1a79b4827c
backups: allow updating a failed backup ( #3470 )
2021-07-18 08:46:20 -07:00
d049839ffc
Fix deleting a backup that is locked and failed; closes #3404
2021-06-13 10:26:47 -07:00
d45c67a6e1
Allow to find servers by short UUID (Application API) ( #3340 )
2021-06-05 08:43:57 -07:00
9656378783
Fix 401 error typo ( #3393 )
2021-06-03 13:35:51 -07:00
76ac1998cf
Don't allow backups to be made via schedules if limit = 0 ( #3323 )
2021-05-16 09:47:36 -07:00
5d5e4ca7b1
Add support for locking backups to prevent any accidental deletions
2021-05-03 21:26:09 -07:00
92cd659db3
Add underlying data changes necessary for new task & schedule features
2021-05-01 10:44:40 -07:00
552b9d3c33
Add possibility to run disabled cron
2021-04-24 15:06:21 -07:00
77a3ca682f
Change to actual function names to support MariaDB
2021-04-08 17:34:25 -04:00
45680cab47
Don't use tagging, closes #3224
2021-04-03 10:53:41 -07:00
48ad8f538e
Always allow specifying a page size with the API; closes #3218
2021-03-26 09:03:51 -07:00
9b46d59045
Cache resource lookup results for 20 seconds for each server
2021-03-21 12:29:18 -07:00
8c7d785c9e
Ensure a created_at value is set on recovery tokens; closes #3163
2021-03-21 10:43:01 -07:00
582521f419
fix: backup restore delete all files
2021-03-12 14:47:49 -07:00
1476104b30
Fix inability to download files from the panel; closes #3151
...
Co-Authored-By: xcgc <74693042+xcgc@users.noreply.github.com>
2021-03-07 09:45:27 -08:00
397df3bf71
Update ServerInstallController.php
2021-03-06 15:52:24 +08:00
1b2c4931ee
Add endpoint logic necessary to reset server states if they get stuck installing/restoring when wings restarts
2021-02-23 21:20:02 -08:00
94ea9c37d0
Don't require auto-allocation settings if not enabled; closes #3085
2021-02-17 21:11:23 -08:00
352910f897
api(remote): fix inproper reading of boolean for installation status
2021-02-06 10:16:08 -07:00
00da092e45
Fix tests
2021-01-30 19:12:22 -08:00
e30a765071
Simplify logic when a server is in an unsupported state
2021-01-30 13:28:31 -08:00
be26921fcc
Merge branch 'develop' into dane/restore-backups
2021-01-30 10:10:29 -08:00
5515871b2f
Turns out I hate that huge space formatting, disable that mess
2021-01-27 20:52:11 -08:00
b00def2537
Switch to JSON from TEXT when storing denylist items for an egg; closes #3034
2021-01-26 21:08:53 -08:00
0dd0f09238
Formatting cleanup for backups
2021-01-25 19:25:15 -08:00
0a2c89e9f4
Reeformat with new rules post merge
2021-01-25 19:20:51 -08:00
663143de0b
Merge branch 'develop' into dane/restore-backups
2021-01-25 19:16:40 -08:00
b480a9e4e2
Make php-cs-fixer work in phpstorm
2021-01-23 13:44:35 -08:00
c449ca5155
Use more standardized phpcs
2021-01-23 12:33:34 -08:00
a043071e3c
Update to Laravel 8
...
Co-authored-by: Matthew Penner <me@matthewp.io>
2021-01-23 12:12:54 -08:00
aab353d91e
Merge pull request #3011 from AreYouRlyScared/addcronmonth
...
Adds months for schedules
2021-01-20 20:10:26 -08:00
e8dcd30e0c
[security] fix resources not properly returning an error when they don't match the server in the URL
...
Prior to this fix certain resources were accessible even when their assigned server was not the same as the server in the URL. This causes the resource server relationship to not match the server variable present on the request.
Due to this failed logic it was possible for users to access resources they should not have been able to access otherwise for some areas of the panel.
2021-01-19 21:19:17 -08:00
f24193801a
Add endpoint for triggering restoration completion
2021-01-18 21:14:49 -08:00
8d69a60e28
Only allow restoring valid backups, set the server correctly on the repository
2021-01-18 20:11:49 -08:00
87371901c0
Add base logic to support sending a request to restore a backup for a server
2021-01-17 17:51:09 -08:00
8db3a05498
;-;
2021-01-17 16:08:41 -08:00
cb40b280a4
Fix single failing test
2021-01-17 15:55:46 -08:00
a75a347d65
Remove suspended & installing fields, replace with single status field
2021-01-17 15:51:56 -08:00
4c29be2e54
Adjust some naming real quick
2021-01-17 15:25:49 -08:00
bfc6f34c50
Audit when a backup is successful or fails
2021-01-17 15:22:02 -08:00
291c65275a
Update audit design
2021-01-17 11:52:44 -08:00
ccecaa6694
Add basic auditing for filesystem actions
...
Specifically skipping read actions since there isn't much to say there, and it generally wouldn't be very helpful (plus, likely to generate lots of logs).
2021-01-17 11:46:08 -08:00
ffeedf17e4
Adds months for schedules
...
Adds month variable for schedules
2021-01-16 22:07:39 -05:00
239984f92c
Add internal support for file denylist on eggs; closes #569
2021-01-10 17:02:14 -08:00
ff21d83e2d
Add endpoint to get all nodes meeting memory & disk requirements for a server; closes #1012
2021-01-10 13:08:43 -08:00
a7fef8b736
Correctly handle backups that fail without an upload_id attached to them
2020-12-27 11:56:28 -08:00
952715facc
Fix handling of upload IDs on backups
2020-12-27 11:34:55 -08:00
951d92b143
Store S3 upload_id in the database for backups
2020-12-26 11:59:21 -07:00
6c39288def
Clarify error messaging for transfers
2020-12-24 10:14:10 -08:00
a2548c14ac
Fix logic since this accepts arrays now
2020-12-24 10:12:01 -08:00
25e53d9f22
Merge branch 'matthewpi/transfer-improvements' of https://github.com/Pterodactyl/Panel into matthewpi/transfer-improvements
2020-12-24 10:10:41 -08:00
2ee08a1a3d
Update logic for server transfer controller
2020-12-24 10:10:40 -08:00
6c61577699
Simplify logic in websocket control
2020-12-24 09:20:23 -08:00
6fa24d4979
Merge branch 'develop' into matthewpi/transfer-improvements
2020-12-24 09:17:21 -08:00
9a57011071
Merge branch 'develop' of https://github.com/Pterodactyl/Panel into develop
2020-12-24 09:15:05 -08:00
087c41d5ac
Add endpoint to pull a remote file down
2020-12-24 09:15:03 -08:00
2f17e75395
Merge pull request #2879 from pterodactyl/fix/backups-failing-early
...
Allow changing the prune age for backups
2020-12-24 09:12:59 -08:00
d8f75fa0b7
Fix failed transfers locking a server into a unaccessible state
2020-12-17 11:14:58 -07:00
37cfa151b6
Use ServerTransferringException
2020-12-17 10:37:14 -07:00
e69d9b2c26
Update comment in AuthenticateServerAccess.php
2020-12-17 10:35:54 -07:00
fd848985ee
Add ServerTransferringException, use is_null
2020-12-17 10:35:54 -07:00
8d297a0918
Release reserved allocations upon archive failure
2020-12-17 10:35:54 -07:00
01926e2896
Improve logic for logging into the websocket of the target node
2020-12-17 10:35:54 -07:00
5c5e2e24f1
📯 tRaNsFeR lOgS 📯
2020-12-17 10:35:54 -07:00
e6c4a68e4a
Update logic for tracking a server's transfer state
2020-12-17 10:35:54 -07:00
5d03c0d2e5
Properly handle loading files with special characters
2020-12-16 21:38:46 -08:00
e34d31a58c
Allow changing the prune age for backups
2020-12-16 14:15:07 -07:00
5bbb36b3cf
Support updating docker image for a server from the frontend
2020-12-13 11:07:29 -08:00
638ea2e815
Support creating/updating docker images on eggs
2020-12-13 10:13:32 -08:00
78c4ac80bc
Basic implemention of multiple selectable images for an egg
...
The admin side of this is quite ugly when creating/editing a server, but I'm not putting effort into that right now with React Admin soon™
2020-12-13 09:53:17 -08:00
3e65a2d055
Pass one at unfucking the stupid file encoding issues
2020-12-08 21:24:17 -08:00
fcff9085b8
Merge pull request #2781 from pterodactyl/matthewpi/server-details-patch-1
...
Show installing status instead of offline when a server is installing
2020-12-06 15:27:03 -08:00
3ad1e90bad
Merge branch 'develop' into matthewpi/backups-patch-1
2020-12-06 15:17:12 -08:00
00429c3911
Cleanup remote backup controllers
2020-12-06 15:19:54 -07:00
d22456d9ca
Block API access when 2FA is required on account; closes #2791
2020-12-06 13:56:14 -08:00
a5cebd6bcf
s3 backups: handle CompleteMultipartUpload and AbortMultipartUpload on the panel instead of in wings, add BACKUP_PRESIGNED_URL_LIFESPAN environment variable
2020-12-06 13:53:55 -07:00
ac8b7fec28
Merge branch 'develop' into matthewpi/server-details-patch-1
2020-12-06 13:30:56 -07:00
11054de5b3
Attempt revocation of JWT access when changing a server's owner
...
closes #2771
2020-12-06 12:16:12 -08:00
af360d49dd
Merge branch 'develop' of https://github.com/Pterodactyl/Panel into develop
2020-12-06 12:01:43 -08:00
a8d9eccf9c
Support pagination of server backups, closes #2787
2020-12-06 12:01:42 -08:00
f9a1bc6c9b
Show installing status instead of offline when a server is installing
2020-12-04 09:48:47 -07:00
3e1dbbaedd
Fix validation rules for ChmodFilesRequest.php, again..
2020-12-04 09:24:06 -07:00
bd0b7127d2
Fix validation rules for ChmodFilesRequest.php
2020-12-04 09:24:06 -07:00
8611ebb2d6
Add /api/client/servers/{server}/files/chmod endpoint
2020-12-04 09:24:06 -07:00
7ebe04fb91
Don't allow blank passwords on the password change endpoint; closes #2750
2020-11-29 13:28:46 -08:00
df64026449
Update AuthenticateIPAccess.php
...
Fix a 500 error when processing a request with an IP filter
2020-11-08 21:57:22 -05:00
f99ac0ecde
Fix some failing test cases
2020-11-06 22:33:39 -08:00
625fd92130
Fix URKL encoding hellscape; closes #2664 closes #2663
2020-11-06 20:47:03 -08:00
009f9c297d
Revoke JWT JTIs when modifying a subuser's permissions
2020-11-03 21:01:15 -08:00
b482632af4
Remove unnecessary calls to Wings to add/remove mounts
2020-11-02 19:58:14 -08:00
964a1436ce
Code cleanup for signed URL generation endpoint
2020-11-01 14:46:01 -08:00
6af848ccea
Tweaks to BackupRemoteUploadController.php
2020-11-01 15:27:43 -07:00
63ac81586d
Tweaks to BackupRemoteUploadController.php
2020-11-01 15:27:43 -07:00
85af073438
Switch to s3 multipart uploads for backups
2020-11-01 15:27:43 -07:00
23d2352a9b
Don't ever return per_page as a string here...
2020-11-01 14:27:14 -08:00
f029b7239e
re-remove console limiting options
2020-11-01 03:16:30 -05:00
d493685518
Add test coverage for allocation assignment endpoint
2020-10-31 21:57:27 -07:00
b2be067f38
Support deleting an allocation for a server
2020-10-31 21:22:44 -07:00
c6bd7ff661
Improve logic handle auto-allocation of ports for a server
2020-10-31 14:58:15 -07:00
665a4dd8a4
Merge branch 'develop' into develop
2020-10-31 13:47:12 -07:00
ff64220741
Avoid N+1 location query for servers
2020-10-31 11:28:31 -07:00
c00e5b36a5
Return all servers for a node as a paginated response
...
Avoids crashing the PHP process and avoids a bad runaway N+1 query issue that previously existed.
2020-10-31 11:14:28 -07:00
092c942764
Fix server owner filtering; improve searching for servers; closes #2581
2020-10-25 17:29:57 -07:00
65d04d0c05
Correctly handle schedule task deletion and avoid errors; closes #2534
2020-10-22 20:54:58 -07:00
c370e08f65
[security] add login throttling to the 2FA verification endpoint
2020-10-17 14:46:10 -07:00
9621f923f5
Merge branch 'develop' of https://github.com/Pterodactyl/Panel into develop
2020-10-17 14:23:06 -07:00
5763493c6c
Allow setting the backup limit via the API; closes #2535
2020-10-17 14:23:00 -07:00
66b9169458
Cleanup code in MountController.php, again.
2020-10-17 14:42:08 -06:00
050075b835
Cleanup code in MountController.php
2020-10-17 14:37:35 -06:00
f7520b721b
Deny /etc/pterodactyl as a source path for mounts
2020-10-17 14:29:29 -06:00
c52c5d6736
Deny certain paths for mounts
2020-10-17 14:28:02 -06:00
f30dab053b
Support much better server querying from frontend
...
Search all servers if making a query as an admin, allow searching by a more complex set of data, fix unfocus on search field when loading indicator was rendered
2020-10-15 21:21:38 -07:00
e7c64bc60e
Add test coverage for schedule execution
2020-10-14 21:06:27 -07:00
c1ee0ac4f8
Add support for executing a scheduled task right now
2020-10-14 20:38:59 -07:00
ea778e9345
Merge branch 'develop' into develop
2020-10-13 15:35:38 -04:00
3ef3c2a461
Remove commented code
2020-10-12 11:12:23 -06:00
abd60ee6f8
Fix 500 error when mounting a mount and fix the actual mount being deleted instead of the relation
2020-10-12 11:11:40 -06:00
9112de4bfb
Merge pull request #2481 from AreYouRlyScared/fix-2435
...
Yeh Yeh.... Remove validation rules
2020-10-11 15:36:18 -07:00
4b8a275a78
Update AdvancedSettingsFormRequest.php
2020-10-11 18:33:25 -04:00
8697185900
Fix up database creation and handling code for servers; ref #2447
2020-10-11 11:59:46 -07:00
a4d7170fac
Don't allow creation of a database with an identical name for the same server; closes #2447
2020-10-10 18:17:04 -07:00
7b0f998f0b
Return the correct server & subuser counts for user listing; closes #2469
2020-10-10 18:06:42 -07:00
1f7fe093ae
Correctly validate description for API keys to match model expectations; closes #2457
2020-10-10 17:15:30 -07:00
1f28fb94e2
Ensure the UUID is set correctly; closes #2450
2020-10-10 17:11:27 -07:00
d8228f2da8
Allow passing empty values through for variables, covers with test, closes #2433
2020-10-10 16:45:24 -07:00
2560163655
Modify how deletion service works (actually fixes #2085 ); cover changes with test
2020-10-08 21:08:55 -07:00
83efb2d7b6
More fixes for broken unit tests
2020-10-05 21:54:29 -07:00
0c2bd416ee
Fix unit tests for eggs
2020-10-05 21:29:35 -07:00
2d01c7b988
Reset is_processing state of a schedule when toggling active/inactive; closes #2425
2020-10-03 19:47:52 -07:00
2d56cacbab
Don't trigger a 500 error with bad data; closes #2442
...
This whole chunk of code needs some cleanup but I'll defer that for the new admin area in the future
2020-10-03 19:05:04 -07:00
4ff5de7e1b
decode before encoding URLs, closes #2440
2020-10-03 12:51:41 -07:00
99c9682f67
Fix errors with mounts; closes #2374
2020-10-03 12:42:27 -07:00
4770af453b
Removed loggin and reverted changes to webpack
2020-09-29 14:42:02 -04:00
fb33824e10
Added admin controls.
...
Removed the note in the server settings that stated that the allocations feature is currently not implemented.
Properly check to make sure that there are allocations available in range before trying to create it.
2020-09-29 12:00:59 -04:00
DaneEveritt
Alex
Matthew Penner
Mia
Mark Ross
Charles Morgan
Julien Tant
Lance Pioch
xcgc
Matt Malec
Caleb
Caleb