Dane Everitt
9b654d2c76
Fix bug with client API denying access to routes, closes #1366
2018-11-10 15:27:50 -08:00
Lance Pioch
e2dc0638d9
Fix app/ spelling errors
2018-05-13 11:12:41 -04:00
Dane Everitt
ef371a508d
Change check on debugbar to use debug not environment
2018-03-10 12:03:23 -06:00
Dane Everitt
8f72571895
Fix IP access middleware
2018-02-28 23:39:59 -06:00
Dane Everitt
cef3e4ced4
Add base routes for managing servers as a client
2018-02-27 21:28:43 -06:00
Dane Everitt
9a32b9fd03
Merge branch 'develop' into feature/client-api
2018-02-27 21:04:18 -06:00
Dane Everitt
23e07689a7
Handle 404 errors in API bindings correctly to avoid explosing that a resource exists before validating a key
2018-02-27 21:04:04 -06:00
Dane Everitt
e28973bcae
Move everything around as needed to get things setup for the client API
2018-02-25 15:30:56 -06:00
Dane Everitt
5b6d3b8325
Slightly more clear errors
2018-02-24 12:27:41 -06:00
Dane Everitt
2ec76d283b
Fix bad API behavior
2018-02-04 15:38:38 -06:00
Dane Everitt
8afced3410
Add nests & eggs
...
Cleanup middleware handling and parameters on controllers...
2018-01-27 12:38:56 -06:00
Dane Everitt
de07b3cc7f
Add server database management support to API.
2018-01-25 22:34:53 -06:00
Dane Everitt
3e327b8b0e
Use more logical route binding to not reveal resources on the API unless authenticated.
2018-01-20 15:33:04 -06:00
Dane Everitt
0e7f8cedf0
Reorganize API files
2018-01-19 19:58:57 -06:00
Dane Everitt
c3b9738364
Implement application API Keys
2018-01-18 21:36:15 -06:00
Dane Everitt
f9fc3f4370
Update interface to begin change to seperate account API keys and application keys
...
Main difference is permissions, cleaner UI for normal users, and account keys use permissions assigned to servers and subusers while application keys use R/W ACLs stored in the key table.
2018-01-14 13:30:55 -06:00
Dane Everitt
ad3a954256
Rename APIKey to ApiKey
2018-01-14 12:06:15 -06:00
Dane Everitt
e3df0738da
Change the way API keys are stored and validated; clarify API namespacing
...
Previously, a single key was used to access the API, this has not changed in terms of what the user sees. However, API keys now use an identifier and token internally. The identifier is the first 16 characters of the key, and the token is the remaining 32. The token is stored encrypted at rest in the database and the identifier is used by the API middleware to grab that record and make a timing attack safe comparison.
2018-01-13 16:06:19 -06:00