Dane Everitt
e95a532da9
Make rate limit configurable; closes #1695
2020-07-02 21:11:16 -07:00
Dane Everitt
fde8465f35
Show a better error when JSON data cannot be parsed in the request
2020-06-30 20:05:11 -07:00
Dane Everitt
756a21ff04
Remove unused code
2020-06-24 20:38:13 -07:00
Dane Everitt
536180ed0c
Return Http test cases to a passing state
2020-06-23 21:59:37 -07:00
Dane Everitt
7557dddf49
Store node daemon tokens in an encrypted manner
2020-04-10 15:15:38 -07:00
Dane Everitt
6336e5191f
Strip out JWT usage and use cookies to track the currently logged in user
2018-07-14 22:42:58 -07:00
Dane Everitt
eafc4408eb
Fix broken unit tests
2018-07-14 21:49:49 -07:00
Dane Everitt
48cb01f438
Merge branch 'develop' into feature/vuejs
2018-07-02 21:00:42 -07:00
Dane Everitt
974318ffb4
Logout other sessions when password is changed
...
closes #1222
2018-06-30 17:50:58 -07:00
Dane Everitt
03c83c084a
Revert use of cookies, go back to using a JWT
2018-06-06 22:49:44 -07:00
Dane Everitt
5bcabbde35
Get dashboard in a more working state
2018-06-05 23:42:34 -07:00
Dane Everitt
969b16a563
Apply fixes from StyleCI
...
[ci skip] [skip ci]
2018-06-02 21:32:26 +00:00
stanjg
ccf3e3511f
Renamed middleware, and fixed the test
2018-05-31 16:40:18 +02:00
Dane Everitt
e3bbd85f3f
Merge branch 'develop' into pr/1129
2018-05-26 10:34:29 -07:00
Lance Pioch
e2dc0638d9
Fix app/ spelling errors
2018-05-13 11:12:41 -04:00
stanjg
86c8ecdcdf
Added the actual logic
2018-05-04 15:02:51 +02:00
Dane Everitt
cef3e4ced4
Add base routes for managing servers as a client
2018-02-27 21:28:43 -06:00
Dane Everitt
e28973bcae
Move everything around as needed to get things setup for the client API
2018-02-25 15:30:56 -06:00
Dane Everitt
3e327b8b0e
Use more logical route binding to not reveal resources on the API unless authenticated.
2018-01-20 15:33:04 -06:00
Dane Everitt
0e7f8cedf0
Reorganize API files
2018-01-19 19:58:57 -06:00
Dane Everitt
c3b9738364
Implement application API Keys
2018-01-18 21:36:15 -06:00
Dane Everitt
e3df0738da
Change the way API keys are stored and validated; clarify API namespacing
...
Previously, a single key was used to access the API, this has not changed in terms of what the user sees. However, API keys now use an identifier and token internally. The identifier is the first 16 characters of the key, and the token is the remaining 32. The token is stored encrypted at rest in the database and the identifier is used by the API middleware to grab that record and make a timing attack safe comparison.
2018-01-13 16:06:19 -06:00
Dane Everitt
a31e5875dc
First round of changes to API to support simpler permissions.
2018-01-11 22:49:46 -06:00
Dane Everitt
0dcf2aaed6
Inital upgrade to 5.5
...
This simply updates dependencies and gets all of the providers and config files updated based on what the laravel/laravel currently ships with
2017-12-16 12:20:09 -06:00
Dane Everitt
285485d7b0
Change how API keys are validated ( #771 )
2017-12-03 14:29:14 -06:00
Dane Everitt
ecdd133b75
Fix daemon auth
2017-11-04 17:16:44 -05:00
Dane Everitt
e9aecfe6db
Shorten imports
2017-10-29 15:57:43 -05:00
Dane Everitt
79decafdc8
Update all the middlewares
2017-10-29 12:37:25 -05:00
Dane Everitt
e0d03513e4
Cleanup frontend controllers and middleware
2017-10-27 21:42:53 -05:00
Dane Everitt
97dc0519d6
Add database management back to front-end and begin some refactoring
...
Here we go again boys...
2017-10-18 22:32:19 -05:00
Dane Everitt
fb8a26f141
Merge branch 'develop' into feature/api-daemon-changes
2017-09-25 21:46:44 -05:00
Lance Pioch
09d958249d
Add togglable 2FA user requirements ( #635 )
2017-09-25 15:58:16 -10:00
Lance Pioch
8197b1733f
Fix some more routes
2017-09-24 21:27:57 -04:00
Dane Everitt
906a699ee2
Begin implementation of new daemon authentication scheme
2017-09-23 20:45:25 -05:00
Lance Pioch
8bfebf5b32
Use proper route name instead of using class in route file
2017-09-21 13:48:57 -04:00
Dane Everitt
4532811fcd
Improved middleware, console page now using new setup
2017-09-02 21:35:33 -05:00
Dane Everitt
87530cdc01
Initial moves to new API scheme.
...
Implements a better middleware for handling API authentication, as well
as cleaner route handling.
2017-04-02 00:11:52 -04:00
Dane Everitt
d80c59aad3
Cleanup routing mechanisms
2017-04-01 21:01:10 -04:00
Jakob Schrettenbrunner
142cbb0641
Add invisible ReCAPTCHA to login and password reset
2017-03-31 12:19:44 +02:00
Jakob Schrettenbrunner
24650b67be
Merge branch 'develop' into fix/trusted-proxies
...
sorry
2017-02-01 20:35:10 +01:00
Jakob Schrettenbrunner
8ab4faad8a
remove TRUSTED_PROXIES from .env.example
...
make style ci happy
2017-02-01 20:31:24 +01:00
Jakob Schrettenbrunner
ee26a7e8dd
add fideloper/proxy to support reverse proxies and load balancers
2017-02-01 20:10:28 +01:00
Dane Everitt
4b0197f2be
Implement basic security policy on daemon remote routes
2017-01-27 16:34:46 -05:00
Dane Everitt
afb5011fbe
Update to Laravel 5.3
...
[BREAKING] — REMOVES REMOTE API
A new API will need to be implemented properly using the new Laravel
Passport OAuth2 system. DingoAPI was becoming too unstable and
development wasn’t really moving along enough to continue to rely on it.
2016-09-03 17:09:00 -04:00
Dane Everitt
63f4d08f0f
Add language switching support
2016-01-20 22:39:02 -05:00
Dane Everitt
98b3355158
very basic initial push of API
2016-01-12 01:05:44 -05:00
Dane Everitt
edf0939ff3
MiddleWare !== Middleware
2016-01-08 15:08:29 -05:00
Dane Everitt
1489f7a694
Initial Commit of Files
...
PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0
2015-12-06 13:58:49 -05:00