Commit graph

1200 commits

Author SHA1 Message Date
DaneEveritt
2f1c8ae91d
Add basic server activity log view 2022-06-12 15:16:48 -04:00
DaneEveritt
0b4936ff1c
Break out rows for activity; show metadata icon 2022-06-12 15:08:26 -04:00
DaneEveritt
986c375052
Improve support for use of i18next; rely on browser caching to keep things simple 2022-06-11 14:04:09 -04:00
DaneEveritt
d1da46c5aa
Fix incorrect API definitions 2022-06-05 18:28:08 -04:00
DaneEveritt
8771597560
Fix database deletion; closes #4114
Co-Authored-By: Dawid <minerpl03@gmail.com>
2022-06-05 13:28:46 -04:00
DaneEveritt
03a497fb8a
Use a post request to delete SSH keys, some hashes use slashes which cause 404 errors; closes #4100 2022-05-30 17:28:42 -04:00
DaneEveritt
4213775b5c
Fix mounting behavior to work correctly when adding to a server 2022-05-30 11:33:42 -04:00
Boy132
025e1a21ae
fix validator import (#4094) 2022-05-30 10:24:59 -04:00
DaneEveritt
9300e1116d
Fix failing tests 2022-05-29 20:39:51 -04:00
DaneEveritt
a5521ecb79
Add support for returning transforming activity logs on the front-end 2022-05-29 20:34:48 -04:00
DaneEveritt
9b7af02690
Add activity logging to most of the endpoints 2022-05-29 19:26:28 -04:00
DaneEveritt
287fd60891
Log activity when modifying account details 2022-05-29 18:48:35 -04:00
DaneEveritt
0b2c0db170
Remove last references to audit logs 2022-05-29 18:20:54 -04:00
DaneEveritt
2fc5a734f9
Update backup logic to use activity logs, not audit logs 2022-05-29 16:19:04 -04:00
DaneEveritt
cbecfff6da
Add activity logging for files 2022-05-29 13:56:39 -04:00
DaneEveritt
0999ad7ff0
Add activity logging for authentication events 2022-05-28 17:03:58 -04:00
DaneEveritt
5bb66a00d8
Add new activity logging code to replace audit log 2022-05-28 15:36:26 -04:00
DaneEveritt
c14c7b436e
Pass along new fields to Wings instance when endpoint is used; closes #4048 2022-05-28 13:45:23 -04:00
DaneEveritt
b051718afe
Fix up API handling logic for keys and set a prefix on all keys 2022-05-22 19:03:51 -04:00
DaneEveritt
dca53611ff
Ensure we don't cause a mess with the auth providers 2022-05-22 18:16:47 -04:00
DaneEveritt
3ae70efc14
Use existing method to handle the login 2022-05-22 17:26:32 -04:00
DaneEveritt
4d3362b24f
Perform a bit of code cleanup 2022-05-22 17:23:48 -04:00
DaneEveritt
56f15c15a1
We can make this middleware significantly simpler 2022-05-22 16:54:07 -04:00
DaneEveritt
0fa33e0438
Mark a request as being stateful if a cookie for the session is provided at all
This accounts for poorly configured API clients that try to use cookies for authentication purposes. Treat everything with a session cookie as being a stateful request from the front-end.
2022-05-22 16:50:36 -04:00
DaneEveritt
33bafe9277
Simplify transformer logic 2022-05-22 16:23:22 -04:00
DaneEveritt
f7fc67344e
Ensure tokens are found in the database using the expected logic 2022-05-22 16:05:58 -04:00
DaneEveritt
e9c633fd03
Update transformers and controllers to no longer pull an API key attribute 2022-05-22 15:37:39 -04:00
DaneEveritt
bd37978a98
Initial pass at implementing Laravel Sanctum for authorization on the API 2022-05-22 14:57:06 -04:00
DaneEveritt
e313dff674
Massively simplify API binding logic
Changes the API internals to use normal Laravel binding which automatically supports nested-models and can determine their relationships. This removes a lot of confusingly complex internal logic and replaces it with standard Laravel code.

This also removes a deprecated "getModel" method and fully replaces it with a "parameter" method that does stricter type-checking.
2022-05-22 14:10:01 -04:00
DaneEveritt
d4bf6bd46a
Add test coverage and fix permissions mistake 2022-05-15 17:30:57 -04:00
DaneEveritt
a9364061c1
Store keys in standard format; query with fingerprint not public key 2022-05-15 16:41:15 -04:00
DaneEveritt
b563f13d09
Trim the key provided to query correctly; don't increment throttles when keys aren't found 2022-05-15 16:23:17 -04:00
DaneEveritt
3d6a30c9fd
Oops, don't make this abstract 2022-05-15 16:06:00 -04:00
DaneEveritt
412ac5ef39
Have the panel handle all of the authorization for both public key and password based attempts 2022-05-15 16:00:08 -04:00
DaneEveritt
e856daee19
Reject requests for public key auth when the user has no keys 2022-05-15 15:47:06 -04:00
DaneEveritt
12927a3202
Update SFTP authentication endpoint to support returning user public keys 2022-05-15 15:37:58 -04:00
DaneEveritt
6554164252
Add test coverage for the SSH key endpoints 2022-05-14 18:08:48 -04:00
DaneEveritt
97280a62a2
Add support for storing SSH keys on user accounts 2022-05-14 17:31:53 -04:00
DaneEveritt
5705d7dbdd
Run php-cs-fixer 2022-05-14 16:03:50 -04:00
DaneEveritt
65f27d41a2
Switch to more recent Laravel route definition methods 2022-05-14 15:51:05 -04:00
DaneEveritt
c8faf64059
Support naming docker images on eggs; closes #4052
Bumps PTDL_v1 export images to PTDL_v2, updates the Minecraft specific eggs to use named images.
2022-05-07 17:45:22 -04:00
DaneEveritt
634b80ed42
Add support for filtering allocations to determine if they're assigned or not; closes #3872 2022-05-07 16:16:11 -04:00
DaneEveritt
e88d24e0db
Don't allow allocations to be deleted by users if no limit is defined; closes #3703 2022-05-07 15:05:28 -04:00
DaneEveritt
c751ce7f44
Allow more values for remote field when creating a database; closes #3842 2022-05-07 14:17:10 -04:00
DaneEveritt
530558b0f8
Update deprecated JSON response creation and unnecessary middleware 2022-05-04 19:23:01 -04:00
DaneEveritt
34ffaebd3e
Run cs-fix, ensure we only install dependency versions supporting 7.4+ 2022-05-04 19:01:29 -04:00
Alex
5120590e47
ref: remove google analytics (#3912) 2022-02-05 09:08:43 -08:00
Dane Everitt
dfa329ddf2
[security] ensure session is only for that request when authenticating user API key
https://github.com/pterodactyl/panel/security/advisories/GHSA-7v3x-h7r2-34jv
2022-01-19 21:09:17 -05:00
Alex
28f7a809a5
fix: exception localization (#3850)
resolves #3849
2022-01-15 08:10:37 -08:00
Dane Everitt
bf9cbe2c6d
Add consistent CSRF token verification to API endpoints; address security concern with non-CSRF protected endpoints 2021-11-16 20:02:18 -08:00