Commit Graph

845 Commits

Author SHA1 Message Date
Dane Everitt e09659a88f
support for pack editing 2016-11-16 16:09:28 -05:00
Dane Everitt 09c2dcc1b6
Support for viewing and exporting packs 2016-11-15 23:12:47 -05:00
Dane Everitt a1bc6fa2d3
Push changes that support creations of service packs and basic listing 2016-11-15 20:20:32 -05:00
Dane Everitt cfd5e0e854
Implement base service file modification through panel 2016-11-09 17:58:14 -05:00
Dane Everitt 659c33f0e8
Fixes a bug that allows a user to bypass 2FA authentication requirements
This bug was reported to us by a user (@Ferry#1704) on Discord on
Monday, November 7th, 2016.

It was disclosed that it was possible to bypass the 2FA checkpoint by
clicking outside of the modal which would prompt the modal to close,
but not submit the form. The user could then press the login button
which would trigger an error. Due to this error being triggered the
authentication attempt was not cancelled. On the next page load the
application recognized the user as logged in and continued on to the
panel.

At no time was it possible to login without using the correct email
address and password.

As a result of this bug we have re-factored the Authentication code for
logins to address the persistent session. Previously accounts were
manually logged back out on 2FA failure. However, as this bug
demonstrated, causing a fatal error in the code would prevent the
logout code from firing, thus preserving their session state.

This commit modifies the code to use a non-persistent login to handle
2FA checking. In order for the session to be saved the application must
complete all portions of the login without any errors, at which point
the user is persistently authenticated using Auth::login().

This resolves the ability to cause an exception and bypass 2FA
verification.
2016-11-07 15:55:57 -05:00
Dane Everitt 48994c1354
Fix the other user bug... 2016-11-04 21:50:47 -04:00
Dane Everitt 4359252545
Fix a @schrej bug 2016-11-04 21:46:16 -04:00
Dane Everitt 61e65294af
Fix bug preventing rendering of database hosts when not linked to a node. 2016-11-04 20:44:56 -04:00
Jakob e65dc5708d Validate password on reset according to rules (#158)
* move password rules to Models\User::PASSWORD_RULES

* validate new password according to rules on password reset

* add password requirements info to auth.passwords.reset view
2016-10-30 16:02:39 -04:00
Dane Everitt 6fd7c78f0c
Add server deletion to a queue.
This action allows servers to be deleted, but only be soft-deleted for
10 minutes. After that time period the server will be completely
removed from the database and daemon. This allows some safety if a
server is accidentally deleted.

Force deleting a server will still work. If the daemon is in-accessible
the server will fail to be deleted. When server is soft-deleted admins
can still view its information page in the admin CP, however the server
will be suspended and inaccessible on the front-end or though the
daemon.

Admins can manually delete the server ahead of the delete timer, or if
it failed to delete previously they can do an immediate retry.
2016-10-27 20:05:29 -04:00
Dane Everitt bef717b202
add typeahead support for owner email when adding new server
closes #144
pic: http://s3.pterodactyl.io/UpPSJ.png
2016-10-21 15:22:47 -04:00
Dane Everitt f24347d1bd
Remove old admin routes, fix display to non-admins
Complete!
2016-10-20 18:40:16 -04:00
Dane Everitt 53ec2c55ec
Add front-end support for adding and deleting API keys. 2016-10-20 18:20:58 -04:00
Dane Everitt dfeed013ba
Server API obey's the subuser permissions as well 2016-10-20 17:04:58 -04:00
Dane Everitt 125856d92f
Support for server info and minor changes to API setup 2016-10-20 16:42:54 -04:00
Dane Everitt 5a03ce7e1a
Add support for controlling server power from API. 2016-10-20 13:39:39 -04:00
Dane Everitt 745c735b32
Add initial basic API changes
New route is `/api/me`
2016-10-14 20:22:23 -04:00
Dane Everitt 7cf7a5a961
Split account things into own controllers. 2016-10-14 17:15:36 -04:00
Dane Everitt 63058d8c8e
Super early base implementation of notifications from daemon 2016-10-14 16:20:24 -04:00
Dane Everitt 649b18c8d1
support for server filtering
closes #125
2016-10-12 17:12:27 -04:00
Dane Everitt 84a4c8b7f4
API enhancements, return node config, return 200 not 201 2016-10-12 15:42:23 -04:00
Dane Everitt 06422b2055
fix up API route return 2016-10-07 14:26:50 -04:00
Dane Everitt 06756af994
add ?daemon=true option to API for servers 2016-10-06 23:56:32 -04:00
Dane Everitt 9d10c2a757
Support custom user id though API, closes #115 2016-10-06 22:36:59 -04:00
Dane Everitt 77198b48df
Support folders within folders for JS path 2016-10-06 17:27:30 -04:00
Dane Everitt 8330e26b39
Update routes to reflect daemon changes 2016-10-04 21:38:32 -04:00
Dane Everitt 4d922b6a0c
Clean up file adding and listing 2016-10-03 21:09:20 -04:00
Dane Everitt fb4d122a2a
More updates to file manager
Not doing individual commits for this, tons of changes for tons of
different aspects across multiple files.
2016-10-01 23:09:55 -04:00
Dane Everitt 71245cb531
Minor changes to support better dynamic JS loading 2016-09-30 20:53:08 -04:00
Dane Everitt 831399184f
clean up front-end port allocation handling 2016-09-30 18:21:02 -04:00
Dane Everitt bd7fd836ff
clean up node allocation 2016-09-30 17:12:36 -04:00
Dane Everitt 16222d1bd7
redirect if no locations 2016-09-30 16:05:39 -04:00
Dane Everitt 2e88c51ac7
If value is empty set to null 2016-09-30 16:01:36 -04:00
Dane Everitt a9d0b4a4fe
Add support for setting IP aliases though panel 2016-09-29 21:34:20 -04:00
Dane Everitt 723e34a784
redirect to allocation tab when created 2016-09-29 17:47:47 -04:00
Dane Everitt d9f1a7faf7 allow setting variable options to "0", closes #87 2016-09-17 20:25:13 -04:00
Dane Everitt 812b869be8 add ability to change servers docker image 2016-09-17 20:14:36 -04:00
Dane Everitt 7dd00d6d88 Fix startup executable display bug 2016-09-16 18:44:12 -04:00
Dane Everitt bcd4b35890 Startup not required, fix display executable bug 2016-09-16 18:39:36 -04:00
Dane Everitt 06c680ee52 Fix redirect on server delete 2016-09-14 18:36:33 -04:00
Dane Everitt c2d0a5adb3 Fix exception loading typo 2016-09-14 18:36:33 -04:00
Dane Everitt 228d6b1b21 Clean up exception handling code, closes #81
Makes sure things get logged properly.
2016-09-07 16:12:06 -04:00
Dane Everitt e0bff4db8e closes #85, also fixes route names 2016-09-07 15:28:57 -04:00
Dane Everitt 9fb0cb420e Add subuser support to tasks
Also allow task creation…
2016-09-05 17:39:58 -04:00
Dane Everitt 9b4a0ed143 Add task toggle and delete 2016-09-05 17:13:22 -04:00
Dane Everitt 7529e961de Add back API (#80)
Re-implements the API after it was removed in the Laravel 5.3 upgrade.
2016-09-05 16:21:36 -04:00
Dane Everitt b02df8e610 Implement base notifications support (#77)
* initial implementation of notifications
* typehint UUID returns. Fixes that notifications bug
2016-09-05 12:00:56 -04:00
Dane Everitt b3ca8a3732 Fix password reset redirection path 2016-09-04 19:08:46 -04:00
Dane Everitt afb5011fbe Update to Laravel 5.3
[BREAKING] — REMOVES REMOTE API

A new API will need to be implemented properly using the new Laravel
Passport OAuth2 system. DingoAPI was becoming too unstable and
development wasn’t really moving along enough to continue to rely on it.
2016-09-03 17:09:00 -04:00
Dane Everitt 8e657a0bf0 Remove old 'active' column and replace some references with 'suspended' in place 2016-09-01 21:21:01 -04:00
Dane Everitt 38eae88bd0 Add support for suspension 2016-09-01 21:16:38 -04:00
Dane Everitt e8c175f385 Add IP Aliasing (#72)
* complete support for IP Alias's throughout panel

Includes a database change and probably better allocation handling
anyways

closes #37
2016-08-31 16:03:37 -04:00
Dane Everitt 4d31004cf4 Suppress overly verbose error output to users 2016-08-16 19:20:58 -04:00
Dane Everitt 445b2f20eb closes #69 2016-08-16 19:06:03 -04:00
Dane Everitt 5233d6e87b Add database password change support and fix column name 2016-08-16 00:07:10 -04:00
Dane Everitt 67d9f9f4ab Improve scheduled task layout and data handling 2016-03-18 16:23:10 -04:00
Dane Everitt e7436aab2b Add active session management 2016-02-26 00:35:23 -05:00
Dane Everitt f6be06164f fix user controller; closes #58, closes #59 2016-02-21 01:15:37 -05:00
Dane Everitt 48b9bc0c52 add support for variable creation and deletion 2016-02-21 00:38:03 -05:00
Dane Everitt dcf2f6fa0a fix up urls to follow a cleaner pattern 2016-02-21 00:07:03 -05:00
Dane Everitt dcfdb89e3c add support for deleting service option 2016-02-20 16:55:05 -05:00
Dane Everitt 1e9bf1c220 Add support for adding new service option 2016-02-20 16:45:13 -05:00
Dane Everitt 177bd4ec9d add ability to delete a service 2016-02-20 16:23:04 -05:00
Dane Everitt a50bb5da14 add ability to create new service 2016-02-20 16:02:49 -05:00
Dane Everitt e42547a1ff add support for editing service options 2016-02-20 15:59:37 -05:00
Dane Everitt ad5e253a07 Really basic initial implementation of service management 2016-02-15 15:21:28 -05:00
Dane Everitt 217762a2eb More complete implementation of database management in panel.
Still missing ability to change passwords for databases, but that will
come soon.
2016-02-14 21:43:20 -05:00
Dane Everitt a36f3dd875 Fix startup variable editing to allow admin full control 2016-02-13 17:36:03 -05:00
Dane Everitt a903ae313a Add per-service-option startup & executable
Also fixes display issue on front-end where users could see and edit
hidden settings
Fixes a bug in relation to #57
2016-02-13 17:29:52 -05:00
Dane Everitt 5678d643cd Very basic view of databases and database servers on the system 2016-02-13 00:18:32 -05:00
Dane Everitt 7013d10987 Add basic support for per-server databases
Still missing ability to define database servers
2016-02-08 18:03:05 -05:00
Dane Everitt a9ced7d474 Very basic initial auto-deploy script setup 2016-02-05 23:41:16 -05:00
Dane Everitt 4d99d57820 fix associated server display; closes #43 2016-01-25 19:14:32 -05:00
Dane Everitt 333aa73be5 Remove exception logging for connection error; closes #40 2016-01-25 18:42:27 -05:00
Dane Everitt 873f39d574 fix download error; closes #39 2016-01-25 18:39:34 -05:00
Dane Everitt be48fbd418 Fix allocation selection 2016-01-22 21:43:56 -05:00
Dane Everitt fbd1b3f097 Improved display for server view if not installed 2016-01-22 20:39:16 -05:00
Dane Everitt be47565c78 Update to match new installer processing. 2016-01-22 20:31:47 -05:00
Dane Everitt 4719b20a27 Implement server startup stuff 2016-01-22 19:40:48 -05:00
Dane Everitt 52229d5d2e Add SFTP management to server front-end 2016-01-21 23:58:08 -05:00
Dane Everitt 63f4d08f0f Add language switching support 2016-01-20 22:39:02 -05:00
Dane Everitt b63fc02cef Add settings to panel 2016-01-20 22:08:13 -05:00
Dane Everitt 591cc8648d Fix user creation 2016-01-20 22:08:13 -05:00
Dane Everitt 40c68a5391 Add title to copyright 2016-01-20 16:05:16 -05:00
Dane Everitt 026df6a36f Relicense project under MIT
Permission obtained from @DDynamic. Contributions from other users were
removed since we did not obtain permission from them for the re-license.

From this point forward all contributors must have a signed Contributor
License Agreement on file.
2016-01-20 15:56:40 -05:00
Dane Everitt b0bcb879d0 Add license details to add app files. 2016-01-19 19:10:39 -05:00
Dane Everitt ac6edc4d64 Completed subuser system 2016-01-18 19:57:10 -05:00
Dane Everitt b7666bdb05 Basic initial subuser management 2016-01-18 01:24:33 -05:00
Dane Everitt 644f26fbfe Add location creation 2016-01-16 23:10:46 -05:00
Dane Everitt fb5533f107 add location editing 2016-01-16 22:57:28 -05:00
Dane Everitt 21a95a5d0e Add location delete support 2016-01-16 22:29:35 -05:00
Dane Everitt 861af87e93 Fix password reset system 2016-01-16 21:57:10 -05:00
Dane Everitt 3e595ca856 Add API Management to admin CP 2016-01-16 19:56:48 -05:00
Dane Everitt a6bc36a710 add initial api management page 2016-01-16 01:20:27 -05:00
Dane Everitt ac65d5fa21 Finish base API.
Making PR, any additional API functions or modifications can be done
within the repository now.
2016-01-16 00:25:21 -05:00
Dane Everitt 77e3744b40 Change authentication method for API. 2016-01-15 19:26:50 -05:00
Dane Everitt 63f377a038 Add more API routes
Servers: list all, list single
Nodes: list all, list single, list single allocations, add node
Locations: list all
2016-01-15 17:54:29 -05:00
Dane Everitt 0ccaa16ea4 Fix exceptions thrown to mimic proper HTTP status codes 2016-01-15 00:20:58 -05:00
Dane Everitt 69c2e89fe0 Fix some missing exceptions and validation handling for users 2016-01-15 00:08:50 -05:00
Dane Everitt 8c9e797210 Finish user portion of API 2016-01-14 23:13:26 -05:00
Dane Everitt 4604500349 Replace tabs with Spaces
I *really* wish Atom would stop doing this to me.
2016-01-12 23:49:56 -05:00
Dane Everitt 695728295a Add support for creating a user using the API 2016-01-12 23:43:33 -05:00
Dane Everitt 3114c1f73e Add user specific listing route 2016-01-12 22:59:34 -05:00
Dane Everitt 72acf06353 Improve API auth to rate limit requests and verify they are root_admin 2016-01-12 22:59:24 -05:00
Dane Everitt 98b3355158 very basic initial push of API 2016-01-12 01:05:44 -05:00
Dane Everitt a3eb4b7dc4 Update to Laravel 5.2 2016-01-11 22:04:11 -05:00
Dane Everitt 02f6bf428e Show initial locations list 2016-01-10 19:22:21 -05:00
Dane Everitt 1d97b0be98 Add support for modification of server startup variables and command 2016-01-10 18:57:22 -05:00
Dane Everitt 232c05c31d Add support for deleting nodes
Finishes node management
2016-01-10 16:59:19 -05:00
Dane Everitt 179481c547 Add support for allocation management on nodes.
Allows deleting entire IP blocks, as well as allocating new IPs and
Ports via CIDR ranges, single IP, and single ports or a port range.
2016-01-10 00:38:16 -05:00
Dane Everitt a1c6aa6358 Clean up setting allocation front-end 2016-01-08 22:36:57 -05:00
Dane Everitt 54bef1e7d5 Basic allocation information
Allows deleting ports, nothing else yet
2016-01-08 20:01:18 -05:00
Dane Everitt 2160613163 Add EULA acceptance popup when starting server 2016-01-08 19:54:06 -05:00
Dane Everitt 6e0c5d16af Allow updating settings and show configuration for node 2016-01-05 18:31:25 -05:00
Dane Everitt 09d28bf145 adds support for viewing server stats from 'Your Servers' page
http://s3.pterodactyl.io/bnSTK.png
2016-01-05 01:15:23 -05:00
Dane Everitt 69f0340c48 Add very basic node information view
Adds a servers tab with 30 second interval data from the daemon for
each displayed server.
2016-01-05 00:52:20 -05:00
Dane Everitt d381c691ba Add support for node creation 2016-01-04 23:59:45 -05:00
Dane Everitt 98d2a1e1fd Delete account is no longer a GET request 2016-01-04 16:22:57 -05:00
Dane Everitt 4ae8a45ed3 Clean up routes and middleware checking 2016-01-04 16:09:39 -05:00
Dane Everitt 99a67127c9 Add toggle install status support 2016-01-04 16:09:22 -05:00
Dane Everitt 4fe4881f77 Add delete server support as well as fix a few other bugs
Also a few JS fixes to make things work better and not clear the
console every time the server is booted
2016-01-03 23:16:03 -05:00
Dane Everitt 9d2d726992 🎉 Finishes server creation 🎉 2016-01-03 18:10:28 -05:00
Dane Everitt a7fdb9618c support for changing allocation on frontend 2016-01-03 15:15:14 -05:00
Dane Everitt fb77e23eb4 Make server overview cleaner and easier to follow
Also adds allocation information tab, still need to make it so users
can actually change their default connection address
2016-01-03 00:28:33 -05:00
Dane Everitt 4953608aee Add build configuration to server management.
Allows modification of certain settings, as well as assigning
additional IP addresses and ports.
2016-01-02 23:21:22 -05:00
Dane Everitt 2c054e7edc Add initial support for viewing basic server details
Includes support for changing server name, owner, and daemon secret.
2016-01-02 18:04:18 -05:00
Dane Everitt f467c3f0eb Improved user management in Admin CP
Fixes a few bugs from PR#17
2016-01-02 15:08:33 -05:00
BlameDylan 6810375d2b View and Delete Users
This commit implements an interface into the Admin Panel that allows
users to be viewed, modified, and deleted.
2016-01-02 00:38:15 -06:00
Dane Everitt 6b25a163fc Improved server creation and options 2016-01-01 22:53:43 -05:00
Dane Everitt 59fb0eae4f Improved file downloading 2016-01-01 19:27:44 -05:00
Dane Everitt 46117afc77 Code cleanup and fixes filemanager 2016-01-01 18:08:15 -05:00
Dane Everitt 264431a271 Whats this? We can add new servers now?! 2015-12-15 15:08:41 -05:00
Dane Everitt 22b0bbf6ce Model fixing, moving things around to improve code.
Adds unique UUID generator, moves functions into repositories for
adding servers and users, cleans up code, adding more comments.
2015-12-13 22:22:16 -05:00
Dane Everitt 5955b1453c Fix authentication handler
Check email & password before token to handle case where email is
invalid.
2015-12-13 21:30:57 -05:00
Dane Everitt 9c9d33c127 Merge pull request #13 from DDynamic/development
Account Creation in AdminCP
2015-12-13 20:36:39 -05:00
BlameDylan 3d80c5b7e6 Account Creation in AdminCP 2015-12-13 19:03:04 -06:00
Dane Everitt b6ac96550b Fairly basic implementation of adding a server. Does not actually do anything yet.
Pushing this for commit sake.
2015-12-11 23:29:00 -05:00
Dane Everitt d0e4592377 Initial validator implementation for server creation 2015-12-10 23:13:34 -05:00
Dane Everitt 288ee1a258 Improved TOTp handling in login.
Cleaned up the code a bit, also checks TOTP before attemping to verify
user.

This addresses the potential for an attacker to try at a password
and/or confirm that the password is correct unless they have a valid
TOTP code for the request. A failed TOTP response will trigger a
throttle count on the login as well.
2015-12-10 21:58:17 -05:00
BlameDylan 4585753d04 Implement Two-factor authentication 2015-12-10 19:40:59 -06:00
Dane Everitt 59ff1ebbe6 Finish front-end server creation page. 2015-12-10 18:30:49 -05:00
BlameDylan 2d57772528 Migrate ability to reset passwords 2015-12-08 18:28:49 -06:00
Dane Everitt f47f0cd549 More additions to server creation page.
Adds memory/disk/etc. fields as well as selecting the service type and
option. Still need to add in the ability to set the variables once an
option is selected.
2015-12-08 18:34:18 -05:00
Dane Everitt 47235b670a Push some basic add server functionality
Doesn’t support adding the server, but adds improved support for
handling picking server location, node, and ip+port
2015-12-07 00:47:19 -05:00
Dane Everitt 1489f7a694 Initial Commit of Files
PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0
2015-12-06 13:58:49 -05:00