Commit graph

4338 commits

Author SHA1 Message Date
Dane Everitt
30bb629bad
Update CHANGELOG.md 2021-11-16 20:36:53 -08:00
Dane Everitt
bf9cbe2c6d
Add consistent CSRF token verification to API endpoints; address security concern with non-CSRF protected endpoints 2021-11-16 20:02:18 -08:00
Matthew Penner
cc31a0a6d0
tests(integration): don't expect non-required fields 2021-11-15 11:29:22 -07:00
Alex
01871d8a6c
add Java 17 LTS image to Minecraft eggs (#3744)
* feat: add Java 17 LTS for Minecraft

* feat: add java 17 option to java modal
2021-11-15 08:15:27 -08:00
Dane Everitt
17c03e9a4d
Fix broken session management for application api 2021-11-03 21:33:21 -07:00
Dane Everitt
e8a8405899
Remove tests 2021-11-03 21:22:14 -07:00
Dane Everitt
60eff40a0c
Fix session management on client API requests; closes #3727
Versions of Pterodactyl prior to 1.6.3 used a different throttle pathway for
requests. That pathway found the current request user before continuing on to
other in-app middleware, thus the user was available downstream.

Changes introduced in 1.6.3 changed the throttler logic, therefore removing this
step. As a result, the client API could not always get the currently authenticated
user when cookies were used (aka, requests from the Panel UI, and not API directly).

This change corrects the logic to get the session setup correctly before falling
through to authenticating as a user using the API key. If a cookie is present and a
user is found as a result that session will be used. If an API key is provided it is
ignored when a cookie is also present.

In order to keep the API stateless any session created for an API request stemming
from an API key will have the associated session deleted at the end of the request,
and the 'Set-Cookies' header will be stripped from the response.
2021-11-03 20:51:39 -07:00
Alex
d0663dcbd4
fix: use POST for admin logout route (#3710)
Quick fix for logging out from the admin panel as the auth route was changed from GET to POST.
2021-10-30 13:27:59 -07:00
Alex
4dca4f0aa9
change display format of the container uptime (#3706)
* change display format of the container uptime

Display `day, hour, min` if days is more than 0, otherwise default to existing `hour, min, sec`. Removes pads to make it more clean in this new format.

* clean the return
2021-10-24 14:41:01 -07:00
Samuel Ryberg
c4ab318d5a
Update docker-compose.example.yml (#3707) 2021-10-24 10:21:58 -07:00
Alex
ef4410bac6
expose uptime to client resources API endpoint (#3705)
resolves #3704
2021-10-24 10:12:17 -07:00
Anders G. Jørgensen
72680fc954
Don't force enable-query (#3700)
But make sure the query.port is set correctly, if query is enabled.
2021-10-23 13:11:45 -07:00
Dane Everitt
d65e2978d0
Update CHANGELOG.md 2021-10-23 13:02:25 -07:00
Dane Everitt
45999ba4ee
(security) use POST for logout rather than GET
see https://github.com/pterodactyl/panel/security/advisories/GHSA-m49f-hcxp-6hm6
2021-10-23 13:00:21 -07:00
Dane Everitt
22a8b2b3a2
Use more standardized rate limiting in Laravel; apply limits to auth routes 2021-10-23 12:17:16 -07:00
Alex
f77932a617
cmd(upgrade): Attempt to gain users attention during upgrade (#3678)
* cmd(upgrade):  Attempt to gain users attention during upgrade

Changes color of the user and group to gain attention, common issue is having wrong user/group which breaks the panel. Outputs termination message when users spam enter skipping the upgrade wondering why it didn't upgrade.

Reminder to update wings, because users forget it.

* cmd(upgrade): Display wings upgrade documentation link
2021-10-10 11:08:22 -07:00
Alex
c12f1463b0
eggs(forge): Add support for 1.17+ Forge (#3676)
Support new 1.17+ Forge JPMS arguments that don't ship any executable jar. It will use unix_args.txt file for 1.17+ when one exists, otherwise defaults to using the jar file

Fix forge latest build version option to actually use latest instead of recommended
Set build version input rules to only accept valid values of the latest and recommended
Remove spaces from the version variables to avoid issues with curl. Forge site displays versions with spaces to end users
2021-10-10 10:50:01 -07:00
Alex
5b6de4df6f
eggs(rust): custom map url (#3625)
Introduces custom map URL variable. If none is provided, it will default to using normal map size and seed. Otherwise, it will use the custom map and remove map size/seed from the startup as required.
2021-10-09 10:31:47 -07:00
Waseem Hassan Shahid
8b236c6907
Fix SSL config docker (#3616)
* Don't copy default nginx config at build time

* Use http.d folder for nginx configs

* Add default config back

* Change the panel config name
2021-10-09 10:31:29 -07:00
Matthew Penner
4fa38b8e9c
Fix wings receiving wrong suspended status on sync (#3667)
Due to wings pulling the server configuration rather than the Panel pushing it,
wings gets the wrong status for a server if both the status update and sync request
are ran in a transaction due to the status not being persisted in the database.

Fixes #3639
2021-10-07 08:46:09 -07:00
Cyra
de0d5c9b8a
Updated CHS sponsor entry to use new domain (#3659)
Updated CHS sponsor entry to use new domain
Updated from captiolsolutions.cloud to chs.gg
2021-10-04 08:23:10 -07:00
Dane Everitt
81ba333270
If uptime is present in stats output, display it for the server; closes #3653 2021-10-03 12:59:44 -07:00
Dane Everitt
63e01f9aee
Update SECURITY.md 2021-10-02 08:21:04 -07:00
Dane Everitt
c57eb2c9e6
Update CHANGELOG.md 2021-09-21 21:36:29 -07:00
Dane Everitt
4a84c36009
Fix security vulnerability when authenticating a two-factor authentication token for a user
See associated security advisory for technical details on the content of this security fix.

GHSA ID: GHSA-5vfx-8w6m-h3v4
2021-09-21 21:30:08 -07:00
Dane Everitt
5fdb0a5909
Correctly expose OOM disable state for a server 2021-09-13 21:02:12 -07:00
Dane Everitt
f5a1ce13b8
Update CHANGELOG.md 2021-09-13 20:47:30 -07:00
Matthew Penner
bc25468802
server: fix build modification not being persisted (#3610) 2021-09-12 23:18:17 -06:00
Dane Everitt
dbb061d6f3
Update CHANGELOG.md 2021-09-12 11:26:37 -07:00
Dane Everitt
8f0eda21c5
Fix all screens on the panel unintentionally loading the root directory for a server 2021-09-11 14:17:20 -07:00
Dane Everitt
52588beeb0
Fix state management of overrides not properly resetting loader; closes #3429 2021-09-11 13:24:57 -07:00
Dane Everitt
7b429831ce
Fix missing user agent headers to store an empty string rather than null value 2021-09-11 13:00:53 -07:00
Boy132
5e5d7d6689
Update egg-garrys-mod.json (#3606)
Co-authored-by: Dane Everitt <dane@daneeveritt.com>
2021-09-11 12:20:15 -07:00
Matthew Penner
4d7140bd3b
actions(tests): backport v2 workflow (#3558)
Co-authored-by: Dane Everitt <dane@daneeveritt.com>
2021-09-11 12:20:04 -07:00
Dane Everitt
0b521c011f
Fix test workflow matrix for databases 2021-09-11 12:13:15 -07:00
Dane Everitt
db74b0024d
Merge branch 'develop' of github.com:pterodactyl/panel into develop 2021-09-11 12:02:24 -07:00
Dane Everitt
fde0660e6c
Return tests to passing state 2021-09-11 12:02:15 -07:00
Alex
a775f3ccf2
egg(ark): Fix inverted OR operation (#3605) 2021-09-11 11:45:48 -07:00
Dane Everitt
e96ead4c4d
Update API calls to Wings to only pass the required details with the changes to the installer system 2021-08-29 14:09:43 -07:00
Dane Everitt
869bc22103
Update CHANGELOG.md 2021-08-29 13:42:49 -07:00
Dane Everitt
2d47f986ee
Replace calls to server patch with a manual sync method 2021-08-29 13:32:55 -07:00
Dane Everitt
d8d1eacb42
Don't require Wings API call to pass in order to update server details 2021-08-29 13:19:24 -07:00
Matthew Penner
7330a747b7
migrations: add foreign keys for mount relations (#3574) 2021-08-24 13:12:35 -06:00
Josh Miles
bd271e2e62
Consistency in Java version modal (#3569) 2021-08-24 12:42:58 -06:00
Alex
e1a667aaaf
Disable blank issues (#3566) 2021-08-24 11:35:30 -06:00
Omar Kamel
b67aceb685
Add environment variable for per_schedule_task_limit (#3557)
The environment variable `PTERODACTYL_PER_SCHEDULE_TASK_LIMIT` can be used to change the maximum number of tasks per schedule.
2021-08-20 11:07:05 -06:00
Matthew Penner
b4cae916ac
transfers: fix allocation array merging logic (#3551) 2021-08-18 12:58:41 -06:00
Alex
b94d69bbab
Introduce OOM Killer to Server Creation (#3548) 2021-08-18 12:32:45 -06:00
Cam White
5d41ac09fd
Grammatical fix on SetupTwoFactorModal (#3549) 2021-08-18 11:48:06 -06:00
Dane Everitt
ddf43bb4c5
Update README.md 2021-08-15 18:32:40 -07:00