Dane Everitt
8f72571895
Fix IP access middleware
2018-02-28 23:39:59 -06:00
Dane Everitt
cef3e4ced4
Add base routes for managing servers as a client
2018-02-27 21:28:43 -06:00
Dane Everitt
9a32b9fd03
Merge branch 'develop' into feature/client-api
2018-02-27 21:04:18 -06:00
Dane Everitt
23e07689a7
Handle 404 errors in API bindings correctly to avoid explosing that a resource exists before validating a key
2018-02-27 21:04:04 -06:00
Dane Everitt
e28973bcae
Move everything around as needed to get things setup for the client API
2018-02-25 15:30:56 -06:00
Dane Everitt
5b6d3b8325
Slightly more clear errors
2018-02-24 12:27:41 -06:00
Dane Everitt
2ec76d283b
Fix bad API behavior
2018-02-04 15:38:38 -06:00
Dane Everitt
8afced3410
Add nests & eggs
...
Cleanup middleware handling and parameters on controllers...
2018-01-27 12:38:56 -06:00
Dane Everitt
de07b3cc7f
Add server database management support to API.
2018-01-25 22:34:53 -06:00
Dane Everitt
3e327b8b0e
Use more logical route binding to not reveal resources on the API unless authenticated.
2018-01-20 15:33:04 -06:00
Dane Everitt
0e7f8cedf0
Reorganize API files
2018-01-19 19:58:57 -06:00
Dane Everitt
c3b9738364
Implement application API Keys
2018-01-18 21:36:15 -06:00
Dane Everitt
f9fc3f4370
Update interface to begin change to seperate account API keys and application keys
...
Main difference is permissions, cleaner UI for normal users, and account keys use permissions assigned to servers and subusers while application keys use R/W ACLs stored in the key table.
2018-01-14 13:30:55 -06:00
Dane Everitt
ad3a954256
Rename APIKey to ApiKey
2018-01-14 12:06:15 -06:00
Dane Everitt
e3df0738da
Change the way API keys are stored and validated; clarify API namespacing
...
Previously, a single key was used to access the API, this has not changed in terms of what the user sees. However, API keys now use an identifier and token internally. The identifier is the first 16 characters of the key, and the token is the remaining 32. The token is stored encrypted at rest in the database and the identifier is used by the API middleware to grab that record and make a timing attack safe comparison.
2018-01-13 16:06:19 -06:00
Dane Everitt
a31e5875dc
First round of changes to API to support simpler permissions.
2018-01-11 22:49:46 -06:00
Dane Everitt
60eb60013c
Update repository base code to be cleaner and make use of PHP 7 features
2018-01-04 22:49:50 -06:00
Dane Everitt
b9d67459b2
Update to Laravel 5.5 ( #814 )
2017-12-17 13:07:38 -06:00
Dane Everitt
f9df463d32
Implement a better management interface for Settings ( #809 )
2017-12-14 21:05:26 -06:00
Dane Everitt
285485d7b0
Change how API keys are validated ( #771 )
2017-12-03 14:29:14 -06:00
Dane Everitt
975597b4d0
Implement changes to administrative user revocation, closes #733
2017-12-03 14:00:47 -06:00
Dane Everitt
20beb2f280
Fix error causing tasks to be un-deletable.
...
closes #786
2017-12-01 20:10:06 -06:00
Dane Everitt
6409fffdad
Implement fix to allow root admins to view all servers.
...
closes #722
2017-11-05 12:38:39 -06:00
Dane Everitt
ecdd133b75
Fix daemon auth
2017-11-04 17:16:44 -05:00
Dane Everitt
71b90650de
Fix failing test suite
2017-11-04 12:49:05 -05:00
Dane Everitt
7882250baf
Add more middleware tests
2017-11-03 18:16:49 -05:00
Dane Everitt
7b3393aff9
More middleware tests
2017-11-01 20:45:43 -05:00
Dane Everitt
d844a36167
Begin adding unit tests for middleware
2017-10-29 21:40:34 -05:00
Dane Everitt
79decafdc8
Update all the middlewares
2017-10-29 12:37:25 -05:00
Dane Everitt
e0d03513e4
Cleanup frontend controllers and middleware
2017-10-27 21:42:53 -05:00
Dane Everitt
058e490ec4
Implement Panel changes to support internal SFTP subsystem on Daemon ( #703 )
2017-10-25 00:35:25 -04:00
Dane Everitt
97dc0519d6
Add database management back to front-end and begin some refactoring
...
Here we go again boys...
2017-10-18 22:32:19 -05:00
Dane Everitt
048784607d
Minor bug fixes
2017-09-30 11:45:24 -05:00
Dane Everitt
fb8a26f141
Merge branch 'develop' into feature/api-daemon-changes
2017-09-25 21:46:44 -05:00
Dane Everitt
e56f4cdd33
Update license headers on files.
2017-09-25 21:43:01 -05:00
Lance Pioch
09d958249d
Add togglable 2FA user requirements ( #635 )
2017-09-25 15:58:16 -10:00
Dane Everitt
7d1c233c49
Final adjustments to Daemon <-> Panel communication change
2017-09-24 21:12:30 -05:00
Dane Everitt
906a699ee2
Begin implementation of new daemon authentication scheme
2017-09-23 20:45:25 -05:00
Dane Everitt
7f76684453
More schedule changes
2017-09-13 21:46:43 -05:00
Dane Everitt
2ac90b50f2
Begin refactoring Tasks to be apart of the Scheduler system
2017-09-12 23:45:19 -05:00
Dane Everitt
f157c06d04
Fix PHPCS to order by length not alphabetical
2017-09-04 19:07:00 -05:00
Dane Everitt
dc310ffdea
Finish subuser controller
2017-09-04 18:12:13 -05:00
Dane Everitt
8f14ee989d
Apply fixes from StyleCI
2017-09-03 21:41:03 +00:00
Dane Everitt
4532811fcd
Improved middleware, console page now using new setup
2017-09-02 21:35:33 -05:00
Dane Everitt
3ee5803416
Massive PHPCS linting
2017-08-21 22:10:48 -05:00
Dane Everitt
9515128b8a
Respond 401 not 404 when bad request token
2017-06-28 20:05:50 -05:00
Dane Everitt
5bdd75eb94
Fix IP checking in API middleware, closes #425
2017-05-06 23:02:12 -04:00
Dane Everitt
4306eaa00e
For english language, will be fixed in 0.6.1 when translations are more complete and better implemented.
2017-05-06 22:06:57 -04:00
Dane Everitt
5651d9ae2b
Fix authentication code for daemon requests.
2017-05-02 20:11:56 -04:00
Fillerino
5cc28a0716
Fixing timing attack vuln. on HMAC comparison ( #409 )
2017-04-24 16:49:03 -04:00
Dane Everitt
93d79994f8
Apply fixes from StyleCI ( #372 )
2017-04-09 19:16:39 -04:00
Dane Everitt
db4df2bfa1
Push basis of new API key policy
...
Will need to revisit this another day when I’m fresh to figure out the
best method to do this.
2017-04-07 21:25:17 -04:00
Dane Everitt
c071efd008
Finish API routes for users.
2017-04-02 15:52:53 -04:00
Dane Everitt
97773300ed
Better middleware for routes, cleaned up API, removed old API calls
...
New API routes for Server allow specifying which fractal objects to
load into the request, thus making it possible to fine-tune what data
is returned.
2017-04-02 13:19:39 -04:00
Dane Everitt
ddb82ac3ca
Add initial user server transformer for API.
2017-04-02 00:49:53 -04:00
Dane Everitt
87530cdc01
Initial moves to new API scheme.
...
Implements a better middleware for handling API authentication, as well
as cleaner route handling.
2017-04-02 00:11:52 -04:00
Dane Everitt
9c303456fb
Update codebase to L5.4 ( #367 )
2017-04-01 17:59:43 -04:00
Dane Everitt
2dec659dd1
Fix syntax error.
2017-03-31 21:47:53 -04:00
Dane Everitt
c7d4c3aa76
Send default response
2017-03-31 21:16:00 -04:00
Dane Everitt
ff57e2ff85
Cleanup recaptcha middleware
2017-03-31 21:12:49 -04:00
Dane Everitt
451dd7ebc8
Apply fixes from StyleCI ( #364 )
2017-03-31 20:48:35 -04:00
Jakob Schrettenbrunner
0ee80b1fec
fix captcha middleware using wrong function when disabled
2017-04-01 01:54:42 +02:00
Jakob Schrettenbrunner
142cbb0641
Add invisible ReCAPTCHA to login and password reset
2017-03-31 12:19:44 +02:00
Dane Everitt
0312c974f5
Update doc blocks for all app/
2017-03-19 19:36:50 -04:00
Dane Everitt
bbf9fd12ae
Apply fixes from StyleCI ( #325 )
2017-02-24 18:23:03 -05:00
Dane Everitt
b926d432e8
Thats enough re-theming for the day...
2017-02-18 19:31:44 -05:00
Dane Everitt
32a1dc17ed
API model updates, as well as general model updates and code fixes.
2017-02-10 20:26:38 -05:00
Dane Everitt
d4bcf0be59
Initial implementation of improved sever model and logic
2017-02-02 18:21:36 -05:00
Dane Everitt
4b0197f2be
Implement basic security policy on daemon remote routes
2017-01-27 16:34:46 -05:00
Dane Everitt
bf7b58470a
Update copyright headers
2017-01-24 17:57:08 -05:00
Dane Everitt
355697dbb5
Apply fixes from StyleCI ( #260 )
2017-01-21 15:56:32 -05:00
Dane Everitt
994588c82d
Set the old theme on admin center until new theme is done
2017-01-20 17:19:42 -05:00
Dane Everitt
c1fb0a665f
Apply fixes from StyleCI
2016-12-07 22:46:38 +00:00
Dane Everitt
b1a9a59707
Update middleware to handle wildcards correctly.
2016-10-20 18:35:55 -04:00
Dane Everitt
5a03ce7e1a
Add support for controlling server power from API.
2016-10-20 13:39:39 -04:00
Dane Everitt
745c735b32
Add initial basic API changes
...
New route is `/api/me`
2016-10-14 20:22:23 -04:00
Dane Everitt
c8a73fa608
Log the error output for API
2016-10-07 16:10:54 -04:00
Dane Everitt
af68dbed8f
Add support for base API logging of all requests
...
ref #31
2016-10-07 16:06:09 -04:00
Dane Everitt
7529e961de
Add back API ( #80 )
...
Re-implements the API after it was removed in the Laravel 5.3 upgrade.
2016-09-05 16:21:36 -04:00
Dane Everitt
afb5011fbe
Update to Laravel 5.3
...
[BREAKING] — REMOVES REMOTE API
A new API will need to be implemented properly using the new Laravel
Passport OAuth2 system. DingoAPI was becoming too unstable and
development wasn’t really moving along enough to continue to rely on it.
2016-09-03 17:09:00 -04:00
Dane Everitt
38eae88bd0
Add support for suspension
2016-09-01 21:16:38 -04:00
Dane Everitt
7bb0190ffa
Change hmac method
2016-01-22 21:56:54 -05:00
Dane Everitt
aac498808c
closes #30
2016-01-22 21:53:11 -05:00
Dane Everitt
63f4d08f0f
Add language switching support
2016-01-20 22:39:02 -05:00
Dane Everitt
40c68a5391
Add title to copyright
2016-01-20 16:05:16 -05:00
Dane Everitt
026df6a36f
Relicense project under MIT
...
Permission obtained from @DDynamic. Contributions from other users were
removed since we did not obtain permission from them for the re-license.
From this point forward all contributors must have a signed Contributor
License Agreement on file.
2016-01-20 15:56:40 -05:00
Dane Everitt
b0bcb879d0
Add license details to add app files.
2016-01-19 19:10:39 -05:00
Dane Everitt
c701aa0825
Add support for CIDR ranges on API
2016-01-16 20:17:46 -05:00
Dane Everitt
317698a84a
encrypt API keys
2016-01-16 20:11:31 -05:00
Dane Everitt
77e3744b40
Change authentication method for API.
2016-01-15 19:26:50 -05:00
Dane Everitt
98b3355158
very basic initial push of API
2016-01-12 01:05:44 -05:00
Dane Everitt
65a91baa16
Fix inner join bug
2016-01-08 20:39:16 -05:00
Dane Everitt
4ae8a45ed3
Clean up routes and middleware checking
2016-01-04 16:09:39 -05:00
Dane Everitt
59fb0eae4f
Improved file downloading
2016-01-01 19:27:44 -05:00
BlameDylan
4585753d04
Implement Two-factor authentication
2015-12-10 19:40:59 -06:00
Dane Everitt
1489f7a694
Initial Commit of Files
...
PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0
2015-12-06 13:58:49 -05:00