DaneEveritt
2d836156d2
Update totp disable modal; require password for enable operation
2022-07-03 14:27:37 -04:00
DaneEveritt
48af9bced1
Fix activity log rendering; closes #4208
2022-06-30 21:06:50 -04:00
DaneEveritt
4aa163b76f
Hide IP addresses from activity logs not generated by the user themselves
2022-06-27 20:52:27 -04:00
DaneEveritt
43156e8d53
Improve error messaging for validation exceptions
2022-06-26 16:31:48 -04:00
DaneEveritt
271197e823
Fix cs-fix run
2022-06-26 16:21:07 -04:00
DaneEveritt
ca39830333
allow filtering servers by description; closes #4150
2022-06-26 13:26:12 -04:00
DaneEveritt
b3a57bd0ad
fix includes for client API keys on admin accounts; closes #4164
2022-06-26 13:23:22 -04:00
DaneEveritt
76472411e3
Some better activity translations
2022-06-18 16:36:19 -04:00
DaneEveritt
cf01490883
Support hiding activity from admin accounts not associated with the server
2022-06-18 15:48:22 -04:00
DaneEveritt
95de4c30fc
Abuse the translation engine to handle more of the formatting for us
2022-06-18 15:28:42 -04:00
DaneEveritt
7224ca81de
Fix bug preventing the creation of API keys with CIDR ranges
2022-06-18 14:21:20 -04:00
DaneEveritt
4f3651b578
Fix typo with identifier
2022-06-18 12:16:54 -04:00
DaneEveritt
0520014c0f
Add support for tracking when an activity event is triggered from an API key
2022-06-18 12:07:44 -04:00
DaneEveritt
92c1c162af
Code cleanup for facades
2022-06-18 12:07:32 -04:00
DaneEveritt
6ffe5730da
Log when an API key is blocked due to IP restrictions
2022-06-18 12:04:51 -04:00
DaneEveritt
68a654f9e8
Selectively show the additional metadata if it isn't in the display string at all
2022-06-12 15:30:49 -04:00
DaneEveritt
2f1c8ae91d
Add basic server activity log view
2022-06-12 15:16:48 -04:00
DaneEveritt
0b4936ff1c
Break out rows for activity; show metadata icon
2022-06-12 15:08:26 -04:00
DaneEveritt
986c375052
Improve support for use of i18next; rely on browser caching to keep things simple
2022-06-11 14:04:09 -04:00
DaneEveritt
d1da46c5aa
Fix incorrect API definitions
2022-06-05 18:28:08 -04:00
DaneEveritt
8771597560
Fix database deletion; closes #4114
...
Co-Authored-By: Dawid <minerpl03@gmail.com>
2022-06-05 13:28:46 -04:00
DaneEveritt
03a497fb8a
Use a post request to delete SSH keys, some hashes use slashes which cause 404 errors; closes #4100
2022-05-30 17:28:42 -04:00
DaneEveritt
4213775b5c
Fix mounting behavior to work correctly when adding to a server
2022-05-30 11:33:42 -04:00
Boy132
025e1a21ae
fix validator import ( #4094 )
2022-05-30 10:24:59 -04:00
DaneEveritt
9300e1116d
Fix failing tests
2022-05-29 20:39:51 -04:00
DaneEveritt
a5521ecb79
Add support for returning transforming activity logs on the front-end
2022-05-29 20:34:48 -04:00
DaneEveritt
e15985ea39
Add support for automatically pruning activity logs
2022-05-29 19:45:00 -04:00
DaneEveritt
9b7af02690
Add activity logging to most of the endpoints
2022-05-29 19:26:28 -04:00
DaneEveritt
287fd60891
Log activity when modifying account details
2022-05-29 18:48:35 -04:00
DaneEveritt
0b2c0db170
Remove last references to audit logs
2022-05-29 18:20:54 -04:00
DaneEveritt
0621d8475d
Return tests to passing now that we don't ignore a critical event...
2022-05-29 17:52:14 -04:00
DaneEveritt
09832cc558
Ensure we can properly create an activity log entry; always return soft-deleted models
2022-05-29 17:07:54 -04:00
DaneEveritt
2fc5a734f9
Update backup logic to use activity logs, not audit logs
2022-05-29 16:19:04 -04:00
DaneEveritt
cbecfff6da
Add activity logging for files
2022-05-29 13:56:39 -04:00
DaneEveritt
0999ad7ff0
Add activity logging for authentication events
2022-05-28 17:03:58 -04:00
DaneEveritt
5bb66a00d8
Add new activity logging code to replace audit log
2022-05-28 15:36:26 -04:00
DaneEveritt
c14c7b436e
Pass along new fields to Wings instance when endpoint is used; closes #4048
2022-05-28 13:45:23 -04:00
DaneEveritt
b051718afe
Fix up API handling logic for keys and set a prefix on all keys
2022-05-22 19:03:51 -04:00
DaneEveritt
3f99b00cf7
Fix display exception handling
2022-05-22 18:21:38 -04:00
DaneEveritt
dca53611ff
Ensure we don't cause a mess with the auth providers
2022-05-22 18:16:47 -04:00
DaneEveritt
3ae70efc14
Use existing method to handle the login
2022-05-22 17:26:32 -04:00
DaneEveritt
4d3362b24f
Perform a bit of code cleanup
2022-05-22 17:23:48 -04:00
DaneEveritt
be88e4e893
Ignore migrations, pass credentials
2022-05-22 17:01:39 -04:00
DaneEveritt
56f15c15a1
We can make this middleware significantly simpler
2022-05-22 16:54:07 -04:00
DaneEveritt
0fa33e0438
Mark a request as being stateful if a cookie for the session is provided at all
...
This accounts for poorly configured API clients that try to use cookies for authentication purposes. Treat everything with a session cookie as being a stateful request from the front-end.
2022-05-22 16:50:36 -04:00
DaneEveritt
33bafe9277
Simplify transformer logic
2022-05-22 16:23:22 -04:00
DaneEveritt
f7fc67344e
Ensure tokens are found in the database using the expected logic
2022-05-22 16:05:58 -04:00
DaneEveritt
e9c633fd03
Update transformers and controllers to no longer pull an API key attribute
2022-05-22 15:37:39 -04:00
DaneEveritt
bd37978a98
Initial pass at implementing Laravel Sanctum for authorization on the API
2022-05-22 14:57:06 -04:00
DaneEveritt
e313dff674
Massively simplify API binding logic
...
Changes the API internals to use normal Laravel binding which automatically supports nested-models and can determine their relationships. This removes a lot of confusingly complex internal logic and replaces it with standard Laravel code.
This also removes a deprecated "getModel" method and fully replaces it with a "parameter" method that does stricter type-checking.
2022-05-22 14:10:01 -04:00
DaneEveritt
05f41a2ca8
Don't trim strings on file manager endpoints; ref #4081
2022-05-21 16:58:06 -04:00
DaneEveritt
d4bf6bd46a
Add test coverage and fix permissions mistake
2022-05-15 17:30:57 -04:00
DaneEveritt
a9364061c1
Store keys in standard format; query with fingerprint not public key
2022-05-15 16:41:15 -04:00
DaneEveritt
b563f13d09
Trim the key provided to query correctly; don't increment throttles when keys aren't found
2022-05-15 16:23:17 -04:00
DaneEveritt
3d6a30c9fd
Oops, don't make this abstract
2022-05-15 16:06:00 -04:00
DaneEveritt
412ac5ef39
Have the panel handle all of the authorization for both public key and password based attempts
2022-05-15 16:00:08 -04:00
DaneEveritt
e856daee19
Reject requests for public key auth when the user has no keys
2022-05-15 15:47:06 -04:00
DaneEveritt
12927a3202
Update SFTP authentication endpoint to support returning user public keys
2022-05-15 15:37:58 -04:00
DaneEveritt
cca0010a00
Update egg import/update logic to all use the same pathwaus
2022-05-15 14:40:19 -04:00
DaneEveritt
6554164252
Add test coverage for the SSH key endpoints
2022-05-14 18:08:48 -04:00
DaneEveritt
97280a62a2
Add support for storing SSH keys on user accounts
2022-05-14 17:31:53 -04:00
DaneEveritt
5705d7dbdd
Run php-cs-fixer
2022-05-14 16:03:50 -04:00
DaneEveritt
65f27d41a2
Switch to more recent Laravel route definition methods
2022-05-14 15:51:05 -04:00
DaneEveritt
97a7959096
Support outputting all of the nodes on the instance
2022-05-13 21:49:06 -04:00
DaneEveritt
3f47d7a12c
Allow returning the node configuration from the CLI; closes pterodactyl/panel#4047
2022-05-13 21:30:16 -04:00
DaneEveritt
100d4ee726
Remove more unnecessary translations
2022-05-12 17:53:29 -04:00
DaneEveritt
c8faf64059
Support naming docker images on eggs; closes #4052
...
Bumps PTDL_v1 export images to PTDL_v2, updates the Minecraft specific eggs to use named images.
2022-05-07 17:45:22 -04:00
DaneEveritt
634b80ed42
Add support for filtering allocations to determine if they're assigned or not; closes #3872
2022-05-07 16:16:11 -04:00
DaneEveritt
e88d24e0db
Don't allow allocations to be deleted by users if no limit is defined; closes #3703
2022-05-07 15:05:28 -04:00
DaneEveritt
c751ce7f44
Allow more values for remote field when creating a database; closes #3842
2022-05-07 14:17:10 -04:00
DaneEveritt
b07fdc100c
Don't run schedules when a server is suspended or installing; closes #4008
2022-05-04 20:41:53 -04:00
DaneEveritt
8c63eebf13
Fix fractal errors
2022-05-04 19:35:10 -04:00
DaneEveritt
530558b0f8
Update deprecated JSON response creation and unnecessary middleware
2022-05-04 19:23:01 -04:00
DaneEveritt
4252014d18
Update includes definition to match updated package requirements
2022-05-04 19:11:42 -04:00
DaneEveritt
34ffaebd3e
Run cs-fix, ensure we only install dependency versions supporting 7.4+
2022-05-04 19:01:29 -04:00
Jim C K Flaten
2680fe4c8e
Feature/task order ( #3807 )
2022-03-28 12:31:35 -07:00
FabianS
82818414a3
Ability to create nodes with artisan ( #3319 )
2022-03-28 12:28:16 -07:00
Георгий Пронюк
281256e17c
Grant all necessary permissions to generated SQL users ( #3800 )
...
* grant all necessary permissions to users
* fix CREATE TEMPORARY TABLES
Co-authored-by: A248 <theanandbeh@gmail.com>
Co-authored-by: A248 <theanandbeh@gmail.com>
Co-authored-by: Matthew Penner <me@matthewp.io>
2022-03-28 12:22:37 -07:00
Alex
5120590e47
ref: remove google analytics ( #3912 )
2022-02-05 09:08:43 -08:00
Dane Everitt
0a4ba6a7dc
Force https on URLs when behind proxy; closes #3623
2022-01-23 12:58:44 -05:00
Dane Everitt
dfa329ddf2
[security] ensure session is only for that request when authenticating user API key
...
https://github.com/pterodactyl/panel/security/advisories/GHSA-7v3x-h7r2-34jv
2022-01-19 21:09:17 -05:00
Matthew Penner
1eaf411cb4
node: lowercase fqdn in letsencrypt path ( #3890 )
2022-01-17 19:56:57 -07:00
Alex
28f7a809a5
fix: exception localization ( #3850 )
...
resolves #3849
2022-01-15 08:10:37 -08:00
Alex
b8bf537737
cmd(setup): validate email input, closes #3175 ( #3716 )
2021-12-04 10:52:09 -08:00
Dane Everitt
bf9cbe2c6d
Add consistent CSRF token verification to API endpoints; address security concern with non-CSRF protected endpoints
2021-11-16 20:02:18 -08:00
Dane Everitt
17c03e9a4d
Fix broken session management for application api
2021-11-03 21:33:21 -07:00
Dane Everitt
60eff40a0c
Fix session management on client API requests; closes #3727
...
Versions of Pterodactyl prior to 1.6.3 used a different throttle pathway for
requests. That pathway found the current request user before continuing on to
other in-app middleware, thus the user was available downstream.
Changes introduced in 1.6.3 changed the throttler logic, therefore removing this
step. As a result, the client API could not always get the currently authenticated
user when cookies were used (aka, requests from the Panel UI, and not API directly).
This change corrects the logic to get the session setup correctly before falling
through to authenticating as a user using the API key. If a cookie is present and a
user is found as a result that session will be used. If an API key is provided it is
ignored when a cookie is also present.
In order to keep the API stateless any session created for an API request stemming
from an API key will have the associated session deleted at the end of the request,
and the 'Set-Cookies' header will be stripped from the response.
2021-11-03 20:51:39 -07:00
Alex
ef4410bac6
expose uptime to client resources API endpoint ( #3705 )
...
resolves #3704
2021-10-24 10:12:17 -07:00
Dane Everitt
22a8b2b3a2
Use more standardized rate limiting in Laravel; apply limits to auth routes
2021-10-23 12:17:16 -07:00
Alex
f77932a617
cmd(upgrade): Attempt to gain users attention during upgrade ( #3678 )
...
* cmd(upgrade): Attempt to gain users attention during upgrade
Changes color of the user and group to gain attention, common issue is having wrong user/group which breaks the panel. Outputs termination message when users spam enter skipping the upgrade wondering why it didn't upgrade.
Reminder to update wings, because users forget it.
* cmd(upgrade): Display wings upgrade documentation link
2021-10-10 11:08:22 -07:00
Matthew Penner
4fa38b8e9c
Fix wings receiving wrong suspended status on sync ( #3667 )
...
Due to wings pulling the server configuration rather than the Panel pushing it,
wings gets the wrong status for a server if both the status update and sync request
are ran in a transaction due to the status not being persisted in the database.
Fixes #3639
2021-10-07 08:46:09 -07:00
Dane Everitt
4a84c36009
Fix security vulnerability when authenticating a two-factor authentication token for a user
...
See associated security advisory for technical details on the content of this security fix.
GHSA ID: GHSA-5vfx-8w6m-h3v4
2021-09-21 21:30:08 -07:00
Dane Everitt
5fdb0a5909
Correctly expose OOM disable state for a server
2021-09-13 21:02:12 -07:00
Matthew Penner
bc25468802
server: fix build modification not being persisted ( #3610 )
2021-09-12 23:18:17 -06:00
Dane Everitt
7b429831ce
Fix missing user agent headers to store an empty string rather than null value
2021-09-11 13:00:53 -07:00
Dane Everitt
e96ead4c4d
Update API calls to Wings to only pass the required details with the changes to the installer system
2021-08-29 14:09:43 -07:00
Dane Everitt
2d47f986ee
Replace calls to server patch with a manual sync method
2021-08-29 13:32:55 -07:00
Dane Everitt
d8d1eacb42
Don't require Wings API call to pass in order to update server details
2021-08-29 13:19:24 -07:00
Matthew Penner
b4cae916ac
transfers: fix allocation array merging logic ( #3551 )
2021-08-18 12:58:41 -06:00
Dane Everitt
2b3303c46b
Fix changing a user password to not incorrectly handle logging out old sessions; closes #3531
2021-08-15 17:37:12 -07:00
Dane Everitt
25d9ba4779
Run php-cs-fixer
2021-08-15 17:20:36 -07:00
Matthew Penner
10b357b71e
ui(server): fix used backup count ( #3526 )
...
* ui(server): fix used backup count
* ui(server): refactor backup count code
2021-08-04 20:34:00 -07:00
Matthew Penner
81c788f524
cmd(upgrade): fix force and seed flags being ignored ( #3519 )
2021-08-03 19:48:34 -07:00
Matthew Penner
970f281859
backups: default is_successful to false ( #3522 )
...
* backups: default is_successful to false
* backups: properly query backups
2021-08-03 19:45:25 -07:00
Mia
bda1ff50ab
[UI] Display the 2FA token, show spinner on load ( #3367 )
...
Co-authored-by: Dane Everitt <dane@daneeveritt.com>
2021-08-02 20:39:12 -07:00
Matthew Penner
1a79b4827c
backups: allow updating a failed backup ( #3470 )
2021-07-18 08:46:20 -07:00
ClumsyAdmin
57987c0f79
Update Allocation.php ( #3468 )
...
Max port typo
2021-07-17 10:02:15 -07:00
Charles Morgan
91ea0a4f41
Update core eggs to new docker yolk images ( #3382 )
2021-07-17 10:02:00 -07:00
Leystryku
298e985d74
Permission for referencing other tables (foreign keys) ( #3419 )
2021-07-17 10:01:37 -07:00
Dane Everitt
d3e3b1db38
Test that a deleted backup makes an audit log entry
2021-07-11 12:15:39 -07:00
Matthew Penner
1260965dfd
ServerCreationService: send 'start_on_completion' option to wings ( #3431 )
2021-07-04 15:15:19 -07:00
Dane Everitt
d049839ffc
Fix deleting a backup that is locked and failed; closes #3404
2021-06-13 10:26:47 -07:00
Mark Ross
d45c67a6e1
Allow to find servers by short UUID (Application API) ( #3340 )
2021-06-05 08:43:57 -07:00
Lukas
75d254a6a4
Add support for mailgun API endpoint ( #3364 )
2021-06-05 08:38:47 -07:00
Stephen White
8459b11019
Allow database users to create/alter/drop routines ( #3389 )
...
Database users may wish to create/alter/drop stored procedures on their databases in order to use extra MySQL functionality.
2021-06-05 08:37:10 -07:00
Alex
9656378783
Fix 401 error typo ( #3393 )
2021-06-03 13:35:51 -07:00
Matthew Penner
c5b6d0bf45
Fix query to avoid pruning actively running backups ( #3379 )
2021-05-27 15:33:43 -07:00
Charles Morgan
76ac1998cf
Don't allow backups to be made via schedules if limit = 0 ( #3323 )
2021-05-16 09:47:36 -07:00
Dane Everitt
5d5e4ca7b1
Add support for locking backups to prevent any accidental deletions
2021-05-03 21:26:09 -07:00
Dane Everitt
5f48712c28
Add test coverage for RunTaskJob
2021-05-01 12:24:42 -07:00
Dane Everitt
7a85c31553
Add internal code support for stopping tasks if server is not running or continuing through on task error
2021-05-01 11:52:02 -07:00
Dane Everitt
92cd659db3
Add underlying data changes necessary for new task & schedule features
2021-05-01 10:44:40 -07:00
Dane Everitt
fd8259f33d
Merge branch 'develop' into patch-1
2021-04-25 11:06:29 -07:00
Julien Tant
f7f972b33d
rename now variable & fix condition
2021-04-24 18:18:29 -07:00
Julien Tant
2cd64c0af4
Merge remote-tracking branch 'upstream/develop' into develop
2021-04-24 17:14:18 -07:00
Dane Everitt
6ef60633d3
Additional coverage to ensure values are wrapped as expected; ref #3287
2021-04-24 16:39:56 -07:00
Julien Tant
552b9d3c33
Add possibility to run disabled cron
2021-04-24 15:06:21 -07:00
Boy132
c56e699985
Separated user from group
2021-04-20 17:39:34 +02:00
Boy132
2f6351ec00
Small fix
2021-04-20 10:08:21 +02:00
Boy132
3ca835e661
Add group input to upgrade command
2021-04-20 10:06:19 +02:00
Lance Pioch
77a3ca682f
Change to actual function names to support MariaDB
2021-04-08 17:34:25 -04:00
Dane Everitt
f973285e04
Guard against unexpected panic conditions from wings
2021-04-04 10:45:33 -07:00
Dane Everitt
18e5ce310a
Use updated response from wings
2021-04-04 10:25:54 -07:00
Dane Everitt
45680cab47
Don't use tagging, closes #3224
2021-04-03 10:53:41 -07:00
Dane Everitt
48ad8f538e
Always allow specifying a page size with the API; closes #3218
2021-03-26 09:03:51 -07:00
Dane Everitt
9b46d59045
Cache resource lookup results for 20 seconds for each server
2021-03-21 12:29:18 -07:00
Dane Everitt
7676f7dd66
Allow modification of server build settings even when node is offline
2021-03-21 11:49:42 -07:00
Dane Everitt
aa0b7977bb
Fix error spam in logs due to missing cron month
2021-03-21 10:49:23 -07:00
Dane Everitt
8c7d785c9e
Ensure a created_at value is set on recovery tokens; closes #3163
2021-03-21 10:43:01 -07:00
Matthew Penner
582521f419
fix: backup restore delete all files
2021-03-12 14:47:49 -07:00
Alex
76f507656c
remove file archive flag
2021-03-08 12:19:20 +02:00
Dane Everitt
1476104b30
Fix inability to download files from the panel; closes #3151
...
Co-Authored-By: xcgc <74693042+xcgc@users.noreply.github.com>
2021-03-07 09:45:27 -08:00
xcgc
397df3bf71
Update ServerInstallController.php
2021-03-06 15:52:24 +08:00
Dane Everitt
1943c7a98b
Prevent catastrophic boot failure in wings when a server egg has bad data; closes #3055
2021-03-03 21:02:11 -08:00
Dane Everitt
19279644df
Show more user friendly error when allocation fails to parse; closes #3056
2021-03-03 20:19:00 -08:00
Dane Everitt
1b2c4931ee
Add endpoint logic necessary to reset server states if they get stuck installing/restoring when wings restarts
2021-02-23 21:20:02 -08:00
Dane Everitt
94ea9c37d0
Don't require auto-allocation settings if not enabled; closes #3085
2021-02-17 21:11:23 -08:00
Matthew Penner
352910f897
api(remote): fix inproper reading of boolean for installation status
2021-02-06 10:16:08 -07:00
Dane Everitt
00da092e45
Fix tests
2021-01-30 19:12:22 -08:00
Dane Everitt
f558bc880a
Correctly handle error; don't overwrite laravel method
2021-01-30 18:07:48 -08:00