Commit graph

189 commits

Author SHA1 Message Date
Matthew Penner
658a959e5d Fix trailing comma in DaemonAuthenticate.php, change ServerDetailsController.php to use node authentication 2020-04-10 17:54:50 -06:00
Dane Everitt
2532a73425
Don't throw errors if bad data is sent in the header 2020-04-10 15:53:19 -07:00
Dane Everitt
7557dddf49
Store node daemon tokens in an encrypted manner 2020-04-10 15:15:38 -07:00
Dane Everitt
be05d2df81
Add support for generating a signed URL for downloading a file from the daemon 2020-04-04 19:54:59 -07:00
Dane Everitt
1f92a7de33
Authenticate that the request is coming from someone that should even know about the server 2020-03-28 16:23:18 -07:00
Dane Everitt
d9d4c0590c
Fix silent failure mode when recaptcha is enabled 2019-12-15 16:13:44 -08:00
Dane Everitt
c17f9ba8a9
Move server view management parts to new controller and clean up code 2019-11-24 12:50:16 -08:00
Dane Everitt
7543ef085d
Format files 2019-09-05 21:32:57 -07:00
Dane Everitt
95d19bf09e
Update logic that handles creation of folders for a server 2019-05-01 21:45:39 -07:00
Dane Everitt
5ca13839cf
Merge branch 'develop' into feature/vue-serverview 2018-09-05 21:34:59 -07:00
Dane Everitt
fd49e524c8
Update middleware code 2018-09-03 15:17:53 -07:00
Dane Everitt
4d62e4c7b9
Merge branch 'develop' into pr/1128 2018-09-03 15:10:23 -07:00
Dane Everitt
f3efe546da
Fix broken namespace for autoloader 2018-08-31 20:34:57 -07:00
Dane Everitt
0999ec93c3
More logic for deleting databases 2018-08-25 15:07:42 -07:00
Dane Everitt
9be2aa4ca9
Push beginning of DB deletion stuff 2018-08-25 14:43:21 -07:00
Dane Everitt
8bbe6bc279
Add test, fix behavior of model creation 2018-07-14 22:58:33 -07:00
Dane Everitt
550c622d3b
Obliterate JWT from codebase 2018-07-14 22:48:09 -07:00
Dane Everitt
6336e5191f
Strip out JWT usage and use cookies to track the currently logged in user 2018-07-14 22:42:58 -07:00
Dane Everitt
eafc4408eb
Fix broken unit tests 2018-07-14 21:49:49 -07:00
Dane Everitt
c82f273d85
Fix remaining broken tests 2018-07-04 19:38:23 -07:00
Dane Everitt
e7faf979a1
Change login handling to automatically redirect a user if their session will need renewal. 2018-06-16 14:05:39 -07:00
Dane Everitt
03c83c084a
Revert use of cookies, go back to using a JWT 2018-06-06 22:49:44 -07:00
Dane Everitt
5bcabbde35
Get dashboard in a more working state 2018-06-05 23:42:34 -07:00
stanjg
b56f3a8671
Expanded the middleware test 2018-06-01 16:22:06 +02:00
stanjg
e9ac014bf4
Removed the use of Auth facade and removed unnecesary option 2018-06-01 16:10:32 +02:00
stanjg
3bb9e5e8a8 Merge branch 'develop' of https://github.com/stanjg/panel into feature/user-specific-language 2018-06-01 15:58:09 +02:00
Dane Everitt
6c598f9100
Merge branch 'feature/vuejs' into feature/vuejs-serverlist 2018-05-31 22:59:39 -07:00
stanjg
013dde75ae
Renamed the field and made some improvements 2018-05-31 16:34:35 +02:00
Dane Everitt
a1444b047e
Fix JWT handling for API access when logging in 2018-05-28 14:59:48 -07:00
Dane Everitt
6e5c365018
Use the client API to load servers on the listing page 2018-05-28 13:23:40 -07:00
Dane Everitt
ad69193ac0
Add JWT to login forms 2018-05-28 12:48:42 -07:00
Dane Everitt
e648e50d90
Write some example tests for @stanjg 2018-05-26 11:00:28 -07:00
Dane Everitt
e3bbd85f3f
Merge branch 'develop' into pr/1129 2018-05-26 10:34:29 -07:00
Dane Everitt
b4e510fbe3
Fixes before release 2018-05-20 16:49:54 -07:00
Dane Everitt
7e2e5fd7c1
Merge branch 'develop' into feature/upgrade-laravel-to-5.6 2018-05-20 16:30:42 -07:00
Lance Pioch
53829399de Make sure this trust proxies is also changed 2018-05-13 11:59:25 -04:00
Lance Pioch
e2dc0638d9 Fix app/ spelling errors 2018-05-13 11:12:41 -04:00
stanjg
86c8ecdcdf
Added the actual logic 2018-05-04 15:02:51 +02:00
stanjg
17a72d0895
StyleCI fixes 2018-05-04 14:05:42 +02:00
stanjg
9a06647435
Added support for user specific languages 2018-05-04 12:56:30 +02:00
Dane Everitt
ef371a508d
Change check on debugbar to use debug not environment 2018-03-10 12:03:23 -06:00
Dane Everitt
a4f03f5d02
Handle missing daemon keys better and fix subuser missing key errors 2018-03-03 21:31:44 -06:00
Dane Everitt
bcb69603ad
Add support for user management of databases 2018-03-02 19:03:55 -06:00
Dane Everitt
8f72571895
Fix IP access middleware 2018-02-28 23:39:59 -06:00
Dane Everitt
cef3e4ced4
Add base routes for managing servers as a client 2018-02-27 21:28:43 -06:00
Dane Everitt
9a32b9fd03
Merge branch 'develop' into feature/client-api 2018-02-27 21:04:18 -06:00
Dane Everitt
23e07689a7
Handle 404 errors in API bindings correctly to avoid explosing that a resource exists before validating a key 2018-02-27 21:04:04 -06:00
Dane Everitt
e28973bcae
Move everything around as needed to get things setup for the client API 2018-02-25 15:30:56 -06:00
Dane Everitt
5b6d3b8325
Slightly more clear errors 2018-02-24 12:27:41 -06:00
Dane Everitt
2ec76d283b
Fix bad API behavior 2018-02-04 15:38:38 -06:00
Dane Everitt
8afced3410
Add nests & eggs
Cleanup middleware handling and parameters on controllers...
2018-01-27 12:38:56 -06:00
Dane Everitt
de07b3cc7f
Add server database management support to API. 2018-01-25 22:34:53 -06:00
Dane Everitt
3e327b8b0e
Use more logical route binding to not reveal resources on the API unless authenticated. 2018-01-20 15:33:04 -06:00
Dane Everitt
0e7f8cedf0
Reorganize API files 2018-01-19 19:58:57 -06:00
Dane Everitt
c3b9738364
Implement application API Keys 2018-01-18 21:36:15 -06:00
Dane Everitt
f9fc3f4370
Update interface to begin change to seperate account API keys and application keys
Main difference is permissions, cleaner UI for normal users, and account keys use permissions assigned to servers and subusers while application keys use R/W ACLs stored in the key table.
2018-01-14 13:30:55 -06:00
Dane Everitt
ad3a954256
Rename APIKey to ApiKey 2018-01-14 12:06:15 -06:00
Dane Everitt
e3df0738da
Change the way API keys are stored and validated; clarify API namespacing
Previously, a single key was used to access the API, this has not changed in terms of what the user sees. However, API keys now use an identifier and token internally. The identifier is the first 16 characters of the key, and the token is the remaining 32. The token is stored encrypted at rest in the database and the identifier is used by the API middleware to grab that record and make a timing attack safe comparison.
2018-01-13 16:06:19 -06:00
Dane Everitt
a31e5875dc
First round of changes to API to support simpler permissions. 2018-01-11 22:49:46 -06:00
Dane Everitt
60eb60013c
Update repository base code to be cleaner and make use of PHP 7 features 2018-01-04 22:49:50 -06:00
Dane Everitt
b9d67459b2
Update to Laravel 5.5 (#814) 2017-12-17 13:07:38 -06:00
Dane Everitt
f9df463d32
Implement a better management interface for Settings (#809) 2017-12-14 21:05:26 -06:00
Dane Everitt
285485d7b0
Change how API keys are validated (#771) 2017-12-03 14:29:14 -06:00
Dane Everitt
975597b4d0
Implement changes to administrative user revocation, closes #733 2017-12-03 14:00:47 -06:00
Dane Everitt
20beb2f280 Fix error causing tasks to be un-deletable.
closes #786
2017-12-01 20:10:06 -06:00
Dane Everitt
6409fffdad
Implement fix to allow root admins to view all servers.
closes #722
2017-11-05 12:38:39 -06:00
Dane Everitt
ecdd133b75
Fix daemon auth 2017-11-04 17:16:44 -05:00
Dane Everitt
71b90650de
Fix failing test suite 2017-11-04 12:49:05 -05:00
Dane Everitt
7882250baf
Add more middleware tests 2017-11-03 18:16:49 -05:00
Dane Everitt
7b3393aff9
More middleware tests 2017-11-01 20:45:43 -05:00
Dane Everitt
d844a36167
Begin adding unit tests for middleware 2017-10-29 21:40:34 -05:00
Dane Everitt
79decafdc8
Update all the middlewares 2017-10-29 12:37:25 -05:00
Dane Everitt
e0d03513e4
Cleanup frontend controllers and middleware 2017-10-27 21:42:53 -05:00
Dane Everitt
058e490ec4 Implement Panel changes to support internal SFTP subsystem on Daemon (#703) 2017-10-25 00:35:25 -04:00
Dane Everitt
97dc0519d6
Add database management back to front-end and begin some refactoring
Here we go again boys...
2017-10-18 22:32:19 -05:00
Dane Everitt
048784607d
Minor bug fixes 2017-09-30 11:45:24 -05:00
Dane Everitt
fb8a26f141
Merge branch 'develop' into feature/api-daemon-changes 2017-09-25 21:46:44 -05:00
Dane Everitt
e56f4cdd33
Update license headers on files. 2017-09-25 21:43:01 -05:00
Lance Pioch
09d958249d Add togglable 2FA user requirements (#635) 2017-09-25 15:58:16 -10:00
Dane Everitt
7d1c233c49
Final adjustments to Daemon <-> Panel communication change 2017-09-24 21:12:30 -05:00
Dane Everitt
906a699ee2
Begin implementation of new daemon authentication scheme 2017-09-23 20:45:25 -05:00
Dane Everitt
7f76684453
More schedule changes 2017-09-13 21:46:43 -05:00
Dane Everitt
2ac90b50f2
Begin refactoring Tasks to be apart of the Scheduler system 2017-09-12 23:45:19 -05:00
Dane Everitt
f157c06d04
Fix PHPCS to order by length not alphabetical 2017-09-04 19:07:00 -05:00
Dane Everitt
dc310ffdea
Finish subuser controller 2017-09-04 18:12:13 -05:00
Dane Everitt
8f14ee989d Apply fixes from StyleCI 2017-09-03 21:41:03 +00:00
Dane Everitt
4532811fcd
Improved middleware, console page now using new setup 2017-09-02 21:35:33 -05:00
Dane Everitt
3ee5803416
Massive PHPCS linting 2017-08-21 22:10:48 -05:00
Dane Everitt
9515128b8a
Respond 401 not 404 when bad request token 2017-06-28 20:05:50 -05:00
Dane Everitt
5bdd75eb94
Fix IP checking in API middleware, closes #425 2017-05-06 23:02:12 -04:00
Dane Everitt
4306eaa00e
For english language, will be fixed in 0.6.1 when translations are more complete and better implemented. 2017-05-06 22:06:57 -04:00
Dane Everitt
5651d9ae2b
Fix authentication code for daemon requests. 2017-05-02 20:11:56 -04:00
Fillerino
5cc28a0716 Fixing timing attack vuln. on HMAC comparison (#409) 2017-04-24 16:49:03 -04:00
Dane Everitt
93d79994f8 Apply fixes from StyleCI (#372) 2017-04-09 19:16:39 -04:00
Dane Everitt
db4df2bfa1
Push basis of new API key policy
Will need to revisit this another day when I’m fresh to figure out the
best method to do this.
2017-04-07 21:25:17 -04:00
Dane Everitt
c071efd008
Finish API routes for users. 2017-04-02 15:52:53 -04:00
Dane Everitt
97773300ed
Better middleware for routes, cleaned up API, removed old API calls
New API routes for Server allow specifying which fractal objects to
load into the request, thus making it possible to fine-tune what data
is returned.
2017-04-02 13:19:39 -04:00
Dane Everitt
ddb82ac3ca
Add initial user server transformer for API. 2017-04-02 00:49:53 -04:00
Dane Everitt
87530cdc01
Initial moves to new API scheme.
Implements a better middleware for handling API authentication, as well
as cleaner route handling.
2017-04-02 00:11:52 -04:00
Dane Everitt
9c303456fb Update codebase to L5.4 (#367) 2017-04-01 17:59:43 -04:00