sonot
/
PteroTheme
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4,186 Commits 61 Branches 128 Tags 29 MiB
Commit Graph

1150 Commits

Author SHA1 Message Date
Dane Everitt 17c03e9a4d
Fix broken session management for application api 2021-11-03 21:33:21 -07:00
Dane Everitt 60eff40a0c
Fix session management on client API requests; closes #3727 
Versions of Pterodactyl prior to 1.6.3 used a different throttle pathway for
requests. That pathway found the current request user before continuing on to
other in-app middleware, thus the user was available downstream.

Changes introduced in 1.6.3 changed the throttler logic, therefore removing this
step. As a result, the client API could not always get the currently authenticated
user when cookies were used (aka, requests from the Panel UI, and not API directly).

This change corrects the logic to get the session setup correctly before falling
through to authenticating as a user using the API key. If a cookie is present and a
user is found as a result that session will be used. If an API key is provided it is
ignored when a cookie is also present.

In order to keep the API stateless any session created for an API request stemming
from an API key will have the associated session deleted at the end of the request,
and the 'Set-Cookies' header will be stripped from the response.
 2021-11-03 20:51:39 -07:00
Dane Everitt 22a8b2b3a2
Use more standardized rate limiting in Laravel; apply limits to auth routes 2021-10-23 12:17:16 -07:00
Dane Everitt 4a84c36009
Fix security vulnerability when authenticating a two-factor authentication token for a user 
See associated security advisory for technical details on the content of this security fix.

GHSA ID: GHSA-5vfx-8w6m-h3v4
 2021-09-21 21:30:08 -07:00
Dane Everitt e96ead4c4d
Update API calls to Wings to only pass the required details with the changes to the installer system 2021-08-29 14:09:43 -07:00
Matthew Penner b4cae916ac
transfers: fix allocation array merging logic (#3551) 2021-08-18 12:58:41 -06:00
Dane Everitt 2b3303c46b
Fix changing a user password to not incorrectly handle logging out old sessions; closes #3531 2021-08-15 17:37:12 -07:00
Dane Everitt 25d9ba4779
Run php-cs-fixer 2021-08-15 17:20:36 -07:00
Matthew Penner 10b357b71e
ui(server): fix used backup count (#3526) 
* ui(server): fix used backup count

* ui(server): refactor backup count code
 2021-08-04 20:34:00 -07:00
Matthew Penner 970f281859
backups: default is_successful to false (#3522) 
* backups: default is_successful to false
* backups: properly query backups
 2021-08-03 19:45:25 -07:00
Mia bda1ff50ab
[UI] Display the 2FA token, show spinner on load (#3367) 
Co-authored-by: Dane Everitt <dane@daneeveritt.com>
 2021-08-02 20:39:12 -07:00
Matthew Penner 1a79b4827c
backups: allow updating a failed backup (#3470) 2021-07-18 08:46:20 -07:00
Dane Everitt d049839ffc
Fix deleting a backup that is locked and failed; closes #3404 2021-06-13 10:26:47 -07:00
Mark Ross d45c67a6e1
Allow to find servers by short UUID (Application API) (#3340) 2021-06-05 08:43:57 -07:00
Alex 9656378783
Fix 401 error typo (#3393) 2021-06-03 13:35:51 -07:00
Charles Morgan 76ac1998cf
Don't allow backups to be made via schedules if limit = 0 (#3323) 2021-05-16 09:47:36 -07:00
Dane Everitt 5d5e4ca7b1
Add support for locking backups to prevent any accidental deletions 2021-05-03 21:26:09 -07:00
Dane Everitt 92cd659db3
Add underlying data changes necessary for new task & schedule features 2021-05-01 10:44:40 -07:00
Julien Tant 552b9d3c33 Add possibility to run disabled cron 2021-04-24 15:06:21 -07:00
Lance Pioch 77a3ca682f
Change to actual function names to support MariaDB 2021-04-08 17:34:25 -04:00
Dane Everitt 45680cab47
Don't use tagging, closes #3224 2021-04-03 10:53:41 -07:00
Dane Everitt 48ad8f538e
Always allow specifying a page size with the API; closes #3218 2021-03-26 09:03:51 -07:00
Dane Everitt 9b46d59045
Cache resource lookup results for 20 seconds for each server 2021-03-21 12:29:18 -07:00
Dane Everitt 8c7d785c9e
Ensure a created_at value is set on recovery tokens; closes #3163 2021-03-21 10:43:01 -07:00
Matthew Penner 582521f419 fix: backup restore delete all files 2021-03-12 14:47:49 -07:00
Dane Everitt 1476104b30
Fix inability to download files from the panel; closes #3151 
Co-Authored-By: xcgc <74693042+xcgc@users.noreply.github.com>
 2021-03-07 09:45:27 -08:00
xcgc 397df3bf71
Update ServerInstallController.php 2021-03-06 15:52:24 +08:00
Dane Everitt 1b2c4931ee
Add endpoint logic necessary to reset server states if they get stuck installing/restoring when wings restarts 2021-02-23 21:20:02 -08:00
Dane Everitt 94ea9c37d0
Don't require auto-allocation settings if not enabled; closes #3085 2021-02-17 21:11:23 -08:00
Matthew Penner 352910f897 api(remote): fix inproper reading of boolean for installation status 2021-02-06 10:16:08 -07:00
Dane Everitt 00da092e45
Fix tests 2021-01-30 19:12:22 -08:00
Dane Everitt e30a765071
Simplify logic when a server is in an unsupported state 2021-01-30 13:28:31 -08:00
Dane Everitt be26921fcc
Merge branch 'develop' into dane/restore-backups 2021-01-30 10:10:29 -08:00
Dane Everitt 5515871b2f
Turns out I hate that huge space formatting, disable that mess 2021-01-27 20:52:11 -08:00
Dane Everitt b00def2537
Switch to JSON from TEXT when storing denylist items for an egg; closes #3034 2021-01-26 21:08:53 -08:00
Dane Everitt 0dd0f09238
Formatting cleanup for backups 2021-01-25 19:25:15 -08:00
Dane Everitt 0a2c89e9f4
Reeformat with new rules post merge 2021-01-25 19:20:51 -08:00
Dane Everitt 663143de0b
Merge branch 'develop' into dane/restore-backups 2021-01-25 19:16:40 -08:00
Dane Everitt b480a9e4e2
Make php-cs-fixer work in phpstorm 2021-01-23 13:44:35 -08:00
Dane Everitt c449ca5155
Use more standardized phpcs 2021-01-23 12:33:34 -08:00
Dane Everitt a043071e3c
Update to Laravel 8 
Co-authored-by: Matthew Penner <me@matthewp.io>
 2021-01-23 12:12:54 -08:00
Dane Everitt aab353d91e
Merge pull request #3011 from AreYouRlyScared/addcronmonth 
Adds months for schedules
 2021-01-20 20:10:26 -08:00
Dane Everitt e8dcd30e0c
[security] fix resources not properly returning an error when they don't match the server in the URL 
Prior to this fix certain resources were accessible even when their assigned server was not the same as the server in the URL. This causes the resource server relationship to not match the server variable present on the request.

Due to this failed logic it was possible for users to access resources they should not have been able to access otherwise for some areas of the panel.
 2021-01-19 21:19:17 -08:00
Dane Everitt f24193801a
Add endpoint for triggering restoration completion 2021-01-18 21:14:49 -08:00
Dane Everitt 8d69a60e28
Only allow restoring valid backups, set the server correctly on the repository 2021-01-18 20:11:49 -08:00
Dane Everitt 87371901c0
Add base logic to support sending a request to restore a backup for a server 2021-01-17 17:51:09 -08:00
Dane Everitt 8db3a05498
;-; 2021-01-17 16:08:41 -08:00
Dane Everitt cb40b280a4
Fix single failing test 2021-01-17 15:55:46 -08:00
Dane Everitt a75a347d65
Remove suspended & installing fields, replace with single status field 2021-01-17 15:51:56 -08:00
Dane Everitt 4c29be2e54
Adjust some naming real quick 2021-01-17 15:25:49 -08:00