658a959e5d
Fix trailing comma in DaemonAuthenticate.php, change ServerDetailsController.php to use node authentication
2020-04-10 17:54:50 -06:00
2532a73425
Don't throw errors if bad data is sent in the header
2020-04-10 15:53:19 -07:00
7557dddf49
Store node daemon tokens in an encrypted manner
2020-04-10 15:15:38 -07:00
be05d2df81
Add support for generating a signed URL for downloading a file from the daemon
2020-04-04 19:54:59 -07:00
1f92a7de33
Authenticate that the request is coming from someone that should even know about the server
2020-03-28 16:23:18 -07:00
7543ef085d
Format files
2019-09-05 21:32:57 -07:00
95d19bf09e
Update logic that handles creation of folders for a server
2019-05-01 21:45:39 -07:00
0999ec93c3
More logic for deleting databases
2018-08-25 15:07:42 -07:00
9be2aa4ca9
Push beginning of DB deletion stuff
2018-08-25 14:43:21 -07:00
8bbe6bc279
Add test, fix behavior of model creation
2018-07-14 22:58:33 -07:00
550c622d3b
Obliterate JWT from codebase
2018-07-14 22:48:09 -07:00
6336e5191f
Strip out JWT usage and use cookies to track the currently logged in user
2018-07-14 22:42:58 -07:00
c82f273d85
Fix remaining broken tests
2018-07-04 19:38:23 -07:00
e7faf979a1
Change login handling to automatically redirect a user if their session will need renewal.
2018-06-16 14:05:39 -07:00
03c83c084a
Revert use of cookies, go back to using a JWT
2018-06-06 22:49:44 -07:00
5bcabbde35
Get dashboard in a more working state
2018-06-05 23:42:34 -07:00
a1444b047e
Fix JWT handling for API access when logging in
2018-05-28 14:59:48 -07:00
6e5c365018
Use the client API to load servers on the listing page
2018-05-28 13:23:40 -07:00
ad69193ac0
Add JWT to login forms
2018-05-28 12:48:42 -07:00
e2dc0638d9
Fix app/ spelling errors
2018-05-13 11:12:41 -04:00
ef371a508d
Change check on debugbar to use debug not environment
2018-03-10 12:03:23 -06:00
8f72571895
Fix IP access middleware
2018-02-28 23:39:59 -06:00
cef3e4ced4
Add base routes for managing servers as a client
2018-02-27 21:28:43 -06:00
9a32b9fd03
Merge branch 'develop' into feature/client-api
2018-02-27 21:04:18 -06:00
23e07689a7
Handle 404 errors in API bindings correctly to avoid explosing that a resource exists before validating a key
2018-02-27 21:04:04 -06:00
e28973bcae
Move everything around as needed to get things setup for the client API
2018-02-25 15:30:56 -06:00
5b6d3b8325
Slightly more clear errors
2018-02-24 12:27:41 -06:00
2ec76d283b
Fix bad API behavior
2018-02-04 15:38:38 -06:00
8afced3410
Add nests & eggs
...
Cleanup middleware handling and parameters on controllers...
2018-01-27 12:38:56 -06:00
de07b3cc7f
Add server database management support to API.
2018-01-25 22:34:53 -06:00
3e327b8b0e
Use more logical route binding to not reveal resources on the API unless authenticated.
2018-01-20 15:33:04 -06:00
0e7f8cedf0
Reorganize API files
2018-01-19 19:58:57 -06:00
c3b9738364
Implement application API Keys
2018-01-18 21:36:15 -06:00
f9fc3f4370
Update interface to begin change to seperate account API keys and application keys
...
Main difference is permissions, cleaner UI for normal users, and account keys use permissions assigned to servers and subusers while application keys use R/W ACLs stored in the key table.
2018-01-14 13:30:55 -06:00
ad3a954256
Rename APIKey to ApiKey
2018-01-14 12:06:15 -06:00
e3df0738da
Change the way API keys are stored and validated; clarify API namespacing
...
Previously, a single key was used to access the API, this has not changed in terms of what the user sees. However, API keys now use an identifier and token internally. The identifier is the first 16 characters of the key, and the token is the remaining 32. The token is stored encrypted at rest in the database and the identifier is used by the API middleware to grab that record and make a timing attack safe comparison.
2018-01-13 16:06:19 -06:00
Matthew Penner
Dane Everitt
Lance Pioch