sonot
/
PteroTheme
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4,183 Commits 61 Branches 128 Tags 29 MiB
Commit Graph

411 Commits

Author SHA1 Message Date
Dane Everitt 60eff40a0c
Fix session management on client API requests; closes #3727 
Versions of Pterodactyl prior to 1.6.3 used a different throttle pathway for
requests. That pathway found the current request user before continuing on to
other in-app middleware, thus the user was available downstream.

Changes introduced in 1.6.3 changed the throttler logic, therefore removing this
step. As a result, the client API could not always get the currently authenticated
user when cookies were used (aka, requests from the Panel UI, and not API directly).

This change corrects the logic to get the session setup correctly before falling
through to authenticating as a user using the API key. If a cookie is present and a
user is found as a result that session will be used. If an API key is provided it is
ignored when a cookie is also present.

In order to keep the API stateless any session created for an API request stemming
from an API key will have the associated session deleted at the end of the request,
and the 'Set-Cookies' header will be stripped from the response.
 2021-11-03 20:51:39 -07:00
Dane Everitt d65e2978d0
Update CHANGELOG.md 2021-10-23 13:02:25 -07:00
Dane Everitt c57eb2c9e6
Update CHANGELOG.md 2021-09-21 21:36:29 -07:00
Dane Everitt 5fdb0a5909
Correctly expose OOM disable state for a server 2021-09-13 21:02:12 -07:00
Dane Everitt f5a1ce13b8
Update CHANGELOG.md 2021-09-13 20:47:30 -07:00
Dane Everitt dbb061d6f3
Update CHANGELOG.md 2021-09-12 11:26:37 -07:00
Dane Everitt 869bc22103
Update CHANGELOG.md 2021-08-29 13:42:49 -07:00
Matthew Penner 7e91a33a67
Update CHANGELOG.md (#3524) 2021-08-03 20:51:18 -07:00
Dane Everitt b19a1640f0
Update CHANGELOG.md 2021-08-02 20:48:16 -07:00
Dane Everitt aa3ea8b24b
Update CHANGELOG.md 2021-06-05 09:02:21 -07:00
Dane Everitt 8ab3ad3f1a
Update CHANGELOG.md 2021-05-01 11:54:23 -07:00
Dane Everitt d0c7e2c0e6
Update CHANGELOG.md 2021-04-24 16:45:54 -07:00
Dane Everitt b5f5185a9b
Update CHANGELOG.md 2021-03-26 09:18:54 -07:00
Dane Everitt 9d500f1c49
Update CHANGELOG.md 2021-03-07 17:38:42 -08:00
Dane Everitt ca6068fa6d
Update CHANGELOG.md 2021-03-06 10:49:08 -08:00
Dane Everitt 4192bcab4b
Update CHANGELOG.md 2021-03-03 21:17:20 -08:00
Dane Everitt 3053a896f4
Update CHANGELOG.md 2021-01-19 21:45:32 -08:00
Dane Everitt ef3f8586c5
Update CHANGELOG.md 2021-01-06 21:45:06 -08:00
Dane Everitt 5f284dad1d
Update CHANGELOG.md 2020-12-30 18:13:28 -08:00
Dane Everitt 1fcffc7eb9
Update CHANGELOG.md 2020-12-06 15:44:26 -08:00
Stepan Fedotov e32c4d4f05
Documentate fix 2020-12-04 19:58:09 +02:00
Dane Everitt 16f49f8dc1
Close cleanup; only try to run power actions against non-suspended & installed servers; closes #2760 2020-11-29 12:50:22 -08:00
Dane Everitt aaaa05be93
Fix docker build 2020-11-14 20:46:37 -08:00
Dane Everitt 6795bae335
Fix server state not being updated correctly when adding/removing allocation; closes #2680 2020-11-08 17:12:07 -08:00
Dane Everitt 74e90e087f
Fix allocation permission 2020-11-08 17:07:26 -08:00
Dane Everitt 2d19c12a5a
Update CHANGELOG.md 2020-11-08 15:29:23 -08:00
Dane Everitt ad4df56f7c
Update CHANGELOG.md 2020-10-25 18:12:22 -07:00
Dane Everitt fd3b11e9cc
Update CHANGELOG.md 2020-10-22 21:27:15 -07:00
Dane Everitt 110b2568d5
Update changelog 2020-10-12 21:12:31 -07:00
Dane Everitt d4db80b5c9
Update CHANGELOG.md 2020-10-11 16:19:56 -07:00
Stepan Fedotov 62856556b9
Apply security fixes from #2441 to 1.0 2020-10-03 11:34:36 -07:00
Dane Everitt b3fb658511
Merge branch '0.7-develop' into develop 2020-03-15 17:30:28 -07:00
Dane Everitt 468d426ebd
Limit to 5 API keys at a time. 
Ref advisory #GHSA-pjmh-7xfm-r4x9
 2020-03-15 17:05:53 -07:00
Dane Everitt 41cbdb8d59
Dont require an IP address for hostnames; closes #1728 2020-03-15 16:29:05 -07:00
Dane Everitt 05d859c985
Ensure password used when creating a database is valid; closes #1852 2020-03-15 16:25:29 -07:00
Dane Everitt 51defae917
Merge branch 'master' into develop 2019-12-28 11:49:08 -08:00
Dane Everitt 66ead2f682
Update subuser API output to work correctly 2019-12-28 11:39:44 -08:00
Dane Everitt 34bf452bef
Update CHANGELOG.md 2019-12-28 11:23:07 -08:00
TrixterTheTux ab09c7db28 Fix couple of issues with /api/application/servers 2019-08-31 11:29:44 +03:00
TrixterTheTux 20c594ae3b Include the egg name in egg model's response from the application API 2019-08-24 15:47:11 +03:00
Dane Everitt 81143e231a
Merge branch 'master' into develop 2019-08-04 13:49:26 -07:00
Dane Everitt d430acf768
LOCK TABLES not LOCK 2019-08-03 14:57:01 -07:00
Dane Everitt e200277655
Add LOCK permission 2019-08-03 14:52:35 -07:00
Dane Everitt eb81e1ed20
Support special characters in database password, closes #1508 2019-08-03 14:42:32 -07:00
Dane Everitt e7e41d8ee8
Fix bulk power when spanning multiple nodes, closes #1526 2019-08-03 14:04:31 -07:00
Dane Everitt 81409947cf
Default to OOM killer being disabled, add back configuration option per-server 2019-08-03 13:41:24 -07:00
Dane Everitt 2198269a65
Fix allocations requiring an alias when generated via API. 2019-08-03 13:03:54 -07:00
Dane Everitt 58796e7441
Fix Server model to use correct relationship when returning subusers, closes #1589 2019-08-03 12:56:32 -07:00
Dane Everitt fe9d86b66b
Add support for filtering servers in client list-all endpoint 
closes #1608
 2019-08-03 12:44:15 -07:00
Dane Everitt 47c12929c4
Fix two-factor token creation for iOS devices, closes #1624 2019-08-03 12:37:02 -07:00