Commit graph

4553 commits

Author SHA1 Message Date
Alex
b8bf537737
cmd(setup): validate email input, closes #3175 (#3716) 2021-12-04 10:52:09 -08:00
Charles Morgan
0d5ff6afac
Add Pug / Jade to file editor, closes #3512 (#3514) 2021-12-04 10:51:52 -08:00
Alex
5cde059f21
docs(docker): display correct variable for certificates (#3723)
Docker image and compose file uses `LE_EMAIL` and not `LETSENCRYPT_EMAIL`

Co-authored-by: Matthew Penner <me@matthewp.io>
2021-12-04 10:51:15 -08:00
Alex
0db772a82b
eggs: update source install script (#3604)
Installing basic packages are unnecessary as they already exist in yolks installer image. This also gets rid of Debian 10 lib32gcc package not being found, since installer image is Debian 11.
2021-12-04 10:50:50 -08:00
Paul Vogel
dcbc1360a9
Improve test coverage for LocationController (#3779)
By adding tests for create, update, delete
2021-12-04 10:50:36 -08:00
Patrick R
622b939f00
Show ipv6 with correct in-url syntax (#3776) 2021-12-04 10:35:55 -08:00
Lukas Moucka
e8e2911a92
Change order of docker images in JavaVersionModalFeature (#3782)
This changes the order of the Docker images in JavaVersionModalFeature, and also sets the default state to Java 17. Previously it was Java 16, even though the first entry in the list was Java 8, that confused a lot of people
2021-12-04 10:35:39 -08:00
Boy132
96c3338e96
Add the MC 1.18 message to Java Version Modal (#3778) 2021-12-04 10:35:20 -08:00
Alex
49d5ef271d
ARM64 support for the Panel Docker image, closes #3580 (#3709)
Co-authored-by: Dane Everitt <dane@daneeveritt.com>
2021-12-04 10:33:42 -08:00
Boy132
4cc8658334
GSL Token Modal Feature (#3746) 2021-12-04 10:29:24 -08:00
Yusta
a6e0e5dbda
Add app_url for mail sender (#3753)
Co-authored-by: Dane Everitt <dane@daneeveritt.com>
2021-12-04 10:26:00 -08:00
Desjardins Jérôme
10aaf00e83
use DB_PORT for mysql database connection (#3762)
DB_PORT is the env variable defined for the mysql port into Panel Configuration.
2021-12-04 10:25:02 -08:00
Paul Vogel
b9d73afb63
Fix typo in messsage when deleting a database (#3777) 2021-12-04 10:24:06 -08:00
Alex
59d47e746b
fix: Forge version regex for 1.17+ JPMS (#3783)
For 1.17 JPMS arguments, fix regex to match`^1\.(17|18|19|20|21|22|23)` or latest instead of only dot . minor versions, which is something I didn't notice in a previous PR. This should future proof it.

Changes Java image display order defaulting to 17, which the 1.17+ requires for unix args.
2021-12-04 10:23:37 -08:00
Alex
01e7a45cc5
fix(eggs): Forge latest version fetching (#3770)
Fixes a typo in fetching the latest versions. It was overwritten to "recommended" by mistake.

Easy to read diff: <https://www.diffchecker.com/U04gJTRu>
2021-11-29 10:14:08 -08:00
Dane Everitt
30bb629bad
Update CHANGELOG.md 2021-11-16 20:36:53 -08:00
Dane Everitt
bf9cbe2c6d
Add consistent CSRF token verification to API endpoints; address security concern with non-CSRF protected endpoints 2021-11-16 20:02:18 -08:00
Matthew Penner
cc31a0a6d0
tests(integration): don't expect non-required fields 2021-11-15 11:29:22 -07:00
Alex
01871d8a6c
add Java 17 LTS image to Minecraft eggs (#3744)
* feat: add Java 17 LTS for Minecraft

* feat: add java 17 option to java modal
2021-11-15 08:15:27 -08:00
Dane Everitt
17c03e9a4d
Fix broken session management for application api 2021-11-03 21:33:21 -07:00
Dane Everitt
e8a8405899
Remove tests 2021-11-03 21:22:14 -07:00
Dane Everitt
60eff40a0c
Fix session management on client API requests; closes #3727
Versions of Pterodactyl prior to 1.6.3 used a different throttle pathway for
requests. That pathway found the current request user before continuing on to
other in-app middleware, thus the user was available downstream.

Changes introduced in 1.6.3 changed the throttler logic, therefore removing this
step. As a result, the client API could not always get the currently authenticated
user when cookies were used (aka, requests from the Panel UI, and not API directly).

This change corrects the logic to get the session setup correctly before falling
through to authenticating as a user using the API key. If a cookie is present and a
user is found as a result that session will be used. If an API key is provided it is
ignored when a cookie is also present.

In order to keep the API stateless any session created for an API request stemming
from an API key will have the associated session deleted at the end of the request,
and the 'Set-Cookies' header will be stripped from the response.
2021-11-03 20:51:39 -07:00
Alex
d0663dcbd4
fix: use POST for admin logout route (#3710)
Quick fix for logging out from the admin panel as the auth route was changed from GET to POST.
2021-10-30 13:27:59 -07:00
Alex
4dca4f0aa9
change display format of the container uptime (#3706)
* change display format of the container uptime

Display `day, hour, min` if days is more than 0, otherwise default to existing `hour, min, sec`. Removes pads to make it more clean in this new format.

* clean the return
2021-10-24 14:41:01 -07:00
Samuel Ryberg
c4ab318d5a
Update docker-compose.example.yml (#3707) 2021-10-24 10:21:58 -07:00
Alex
ef4410bac6
expose uptime to client resources API endpoint (#3705)
resolves #3704
2021-10-24 10:12:17 -07:00
Anders G. Jørgensen
72680fc954
Don't force enable-query (#3700)
But make sure the query.port is set correctly, if query is enabled.
2021-10-23 13:11:45 -07:00
Dane Everitt
d65e2978d0
Update CHANGELOG.md 2021-10-23 13:02:25 -07:00
Dane Everitt
45999ba4ee
(security) use POST for logout rather than GET
see https://github.com/pterodactyl/panel/security/advisories/GHSA-m49f-hcxp-6hm6
2021-10-23 13:00:21 -07:00
Dane Everitt
22a8b2b3a2
Use more standardized rate limiting in Laravel; apply limits to auth routes 2021-10-23 12:17:16 -07:00
Alex
f77932a617
cmd(upgrade): Attempt to gain users attention during upgrade (#3678)
* cmd(upgrade):  Attempt to gain users attention during upgrade

Changes color of the user and group to gain attention, common issue is having wrong user/group which breaks the panel. Outputs termination message when users spam enter skipping the upgrade wondering why it didn't upgrade.

Reminder to update wings, because users forget it.

* cmd(upgrade): Display wings upgrade documentation link
2021-10-10 11:08:22 -07:00
Alex
c12f1463b0
eggs(forge): Add support for 1.17+ Forge (#3676)
Support new 1.17+ Forge JPMS arguments that don't ship any executable jar. It will use unix_args.txt file for 1.17+ when one exists, otherwise defaults to using the jar file

Fix forge latest build version option to actually use latest instead of recommended
Set build version input rules to only accept valid values of the latest and recommended
Remove spaces from the version variables to avoid issues with curl. Forge site displays versions with spaces to end users
2021-10-10 10:50:01 -07:00
Alex
5b6de4df6f
eggs(rust): custom map url (#3625)
Introduces custom map URL variable. If none is provided, it will default to using normal map size and seed. Otherwise, it will use the custom map and remove map size/seed from the startup as required.
2021-10-09 10:31:47 -07:00
Waseem Hassan Shahid
8b236c6907
Fix SSL config docker (#3616)
* Don't copy default nginx config at build time

* Use http.d folder for nginx configs

* Add default config back

* Change the panel config name
2021-10-09 10:31:29 -07:00
Matthew Penner
4fa38b8e9c
Fix wings receiving wrong suspended status on sync (#3667)
Due to wings pulling the server configuration rather than the Panel pushing it,
wings gets the wrong status for a server if both the status update and sync request
are ran in a transaction due to the status not being persisted in the database.

Fixes #3639
2021-10-07 08:46:09 -07:00
Cyra
de0d5c9b8a
Updated CHS sponsor entry to use new domain (#3659)
Updated CHS sponsor entry to use new domain
Updated from captiolsolutions.cloud to chs.gg
2021-10-04 08:23:10 -07:00
Dane Everitt
81ba333270
If uptime is present in stats output, display it for the server; closes #3653 2021-10-03 12:59:44 -07:00
Dane Everitt
63e01f9aee
Update SECURITY.md 2021-10-02 08:21:04 -07:00
Dane Everitt
c57eb2c9e6
Update CHANGELOG.md 2021-09-21 21:36:29 -07:00
Dane Everitt
4a84c36009
Fix security vulnerability when authenticating a two-factor authentication token for a user
See associated security advisory for technical details on the content of this security fix.

GHSA ID: GHSA-5vfx-8w6m-h3v4
2021-09-21 21:30:08 -07:00
Dane Everitt
5fdb0a5909
Correctly expose OOM disable state for a server 2021-09-13 21:02:12 -07:00
Dane Everitt
f5a1ce13b8
Update CHANGELOG.md 2021-09-13 20:47:30 -07:00
Matthew Penner
bc25468802
server: fix build modification not being persisted (#3610) 2021-09-12 23:18:17 -06:00
Dane Everitt
dbb061d6f3
Update CHANGELOG.md 2021-09-12 11:26:37 -07:00
Dane Everitt
8f0eda21c5
Fix all screens on the panel unintentionally loading the root directory for a server 2021-09-11 14:17:20 -07:00
Dane Everitt
52588beeb0
Fix state management of overrides not properly resetting loader; closes #3429 2021-09-11 13:24:57 -07:00
Dane Everitt
7b429831ce
Fix missing user agent headers to store an empty string rather than null value 2021-09-11 13:00:53 -07:00
Boy132
5e5d7d6689
Update egg-garrys-mod.json (#3606)
Co-authored-by: Dane Everitt <dane@daneeveritt.com>
2021-09-11 12:20:15 -07:00
Matthew Penner
4d7140bd3b
actions(tests): backport v2 workflow (#3558)
Co-authored-by: Dane Everitt <dane@daneeveritt.com>
2021-09-11 12:20:04 -07:00
Dane Everitt
0b521c011f
Fix test workflow matrix for databases 2021-09-11 12:13:15 -07:00