Commit graph

1920 commits

Author SHA1 Message Date
FabianS
82818414a3
Ability to create nodes with artisan (#3319) 2022-03-28 12:28:16 -07:00
Георгий Пронюк
281256e17c
Grant all necessary permissions to generated SQL users (#3800)
* grant all necessary permissions to users

* fix CREATE TEMPORARY TABLES

Co-authored-by: A248 <theanandbeh@gmail.com>

Co-authored-by: A248 <theanandbeh@gmail.com>
Co-authored-by: Matthew Penner <me@matthewp.io>
2022-03-28 12:22:37 -07:00
Alex
5120590e47
ref: remove google analytics (#3912) 2022-02-05 09:08:43 -08:00
Dane Everitt
0a4ba6a7dc
Force https on URLs when behind proxy; closes #3623 2022-01-23 12:58:44 -05:00
Dane Everitt
dfa329ddf2
[security] ensure session is only for that request when authenticating user API key
https://github.com/pterodactyl/panel/security/advisories/GHSA-7v3x-h7r2-34jv
2022-01-19 21:09:17 -05:00
Matthew Penner
1eaf411cb4
node: lowercase fqdn in letsencrypt path (#3890) 2022-01-17 19:56:57 -07:00
Alex
28f7a809a5
fix: exception localization (#3850)
resolves #3849
2022-01-15 08:10:37 -08:00
Alex
b8bf537737
cmd(setup): validate email input, closes #3175 (#3716) 2021-12-04 10:52:09 -08:00
Dane Everitt
bf9cbe2c6d
Add consistent CSRF token verification to API endpoints; address security concern with non-CSRF protected endpoints 2021-11-16 20:02:18 -08:00
Dane Everitt
17c03e9a4d
Fix broken session management for application api 2021-11-03 21:33:21 -07:00
Dane Everitt
60eff40a0c
Fix session management on client API requests; closes #3727
Versions of Pterodactyl prior to 1.6.3 used a different throttle pathway for
requests. That pathway found the current request user before continuing on to
other in-app middleware, thus the user was available downstream.

Changes introduced in 1.6.3 changed the throttler logic, therefore removing this
step. As a result, the client API could not always get the currently authenticated
user when cookies were used (aka, requests from the Panel UI, and not API directly).

This change corrects the logic to get the session setup correctly before falling
through to authenticating as a user using the API key. If a cookie is present and a
user is found as a result that session will be used. If an API key is provided it is
ignored when a cookie is also present.

In order to keep the API stateless any session created for an API request stemming
from an API key will have the associated session deleted at the end of the request,
and the 'Set-Cookies' header will be stripped from the response.
2021-11-03 20:51:39 -07:00
Alex
ef4410bac6
expose uptime to client resources API endpoint (#3705)
resolves #3704
2021-10-24 10:12:17 -07:00
Dane Everitt
22a8b2b3a2
Use more standardized rate limiting in Laravel; apply limits to auth routes 2021-10-23 12:17:16 -07:00
Alex
f77932a617
cmd(upgrade): Attempt to gain users attention during upgrade (#3678)
* cmd(upgrade):  Attempt to gain users attention during upgrade

Changes color of the user and group to gain attention, common issue is having wrong user/group which breaks the panel. Outputs termination message when users spam enter skipping the upgrade wondering why it didn't upgrade.

Reminder to update wings, because users forget it.

* cmd(upgrade): Display wings upgrade documentation link
2021-10-10 11:08:22 -07:00
Matthew Penner
4fa38b8e9c
Fix wings receiving wrong suspended status on sync (#3667)
Due to wings pulling the server configuration rather than the Panel pushing it,
wings gets the wrong status for a server if both the status update and sync request
are ran in a transaction due to the status not being persisted in the database.

Fixes #3639
2021-10-07 08:46:09 -07:00
Dane Everitt
4a84c36009
Fix security vulnerability when authenticating a two-factor authentication token for a user
See associated security advisory for technical details on the content of this security fix.

GHSA ID: GHSA-5vfx-8w6m-h3v4
2021-09-21 21:30:08 -07:00
Dane Everitt
5fdb0a5909
Correctly expose OOM disable state for a server 2021-09-13 21:02:12 -07:00
Matthew Penner
bc25468802
server: fix build modification not being persisted (#3610) 2021-09-12 23:18:17 -06:00
Dane Everitt
7b429831ce
Fix missing user agent headers to store an empty string rather than null value 2021-09-11 13:00:53 -07:00
Dane Everitt
e96ead4c4d
Update API calls to Wings to only pass the required details with the changes to the installer system 2021-08-29 14:09:43 -07:00
Dane Everitt
2d47f986ee
Replace calls to server patch with a manual sync method 2021-08-29 13:32:55 -07:00
Dane Everitt
d8d1eacb42
Don't require Wings API call to pass in order to update server details 2021-08-29 13:19:24 -07:00
Matthew Penner
b4cae916ac
transfers: fix allocation array merging logic (#3551) 2021-08-18 12:58:41 -06:00
Dane Everitt
2b3303c46b
Fix changing a user password to not incorrectly handle logging out old sessions; closes #3531 2021-08-15 17:37:12 -07:00
Dane Everitt
25d9ba4779
Run php-cs-fixer 2021-08-15 17:20:36 -07:00
Matthew Penner
10b357b71e
ui(server): fix used backup count (#3526)
* ui(server): fix used backup count

* ui(server): refactor backup count code
2021-08-04 20:34:00 -07:00
Matthew Penner
81c788f524
cmd(upgrade): fix force and seed flags being ignored (#3519) 2021-08-03 19:48:34 -07:00
Matthew Penner
970f281859
backups: default is_successful to false (#3522)
* backups: default is_successful to false
* backups: properly query backups
2021-08-03 19:45:25 -07:00
Mia
bda1ff50ab
[UI] Display the 2FA token, show spinner on load (#3367)
Co-authored-by: Dane Everitt <dane@daneeveritt.com>
2021-08-02 20:39:12 -07:00
Matthew Penner
1a79b4827c
backups: allow updating a failed backup (#3470) 2021-07-18 08:46:20 -07:00
ClumsyAdmin
57987c0f79
Update Allocation.php (#3468)
Max port typo
2021-07-17 10:02:15 -07:00
Charles Morgan
91ea0a4f41
Update core eggs to new docker yolk images (#3382) 2021-07-17 10:02:00 -07:00
Leystryku
298e985d74
Permission for referencing other tables (foreign keys) (#3419) 2021-07-17 10:01:37 -07:00
Dane Everitt
d3e3b1db38
Test that a deleted backup makes an audit log entry 2021-07-11 12:15:39 -07:00
Matthew Penner
1260965dfd
ServerCreationService: send 'start_on_completion' option to wings (#3431) 2021-07-04 15:15:19 -07:00
Dane Everitt
d049839ffc
Fix deleting a backup that is locked and failed; closes #3404 2021-06-13 10:26:47 -07:00
Mark Ross
d45c67a6e1
Allow to find servers by short UUID (Application API) (#3340) 2021-06-05 08:43:57 -07:00
Lukas
75d254a6a4
Add support for mailgun API endpoint (#3364) 2021-06-05 08:38:47 -07:00
Stephen White
8459b11019
Allow database users to create/alter/drop routines (#3389)
Database users may wish to create/alter/drop stored procedures on their databases in order to use extra MySQL functionality.
2021-06-05 08:37:10 -07:00
Alex
9656378783
Fix 401 error typo (#3393) 2021-06-03 13:35:51 -07:00
Matthew Penner
c5b6d0bf45
Fix query to avoid pruning actively running backups (#3379) 2021-05-27 15:33:43 -07:00
Charles Morgan
76ac1998cf
Don't allow backups to be made via schedules if limit = 0 (#3323) 2021-05-16 09:47:36 -07:00
Dane Everitt
5d5e4ca7b1
Add support for locking backups to prevent any accidental deletions 2021-05-03 21:26:09 -07:00
Dane Everitt
5f48712c28
Add test coverage for RunTaskJob 2021-05-01 12:24:42 -07:00
Dane Everitt
7a85c31553
Add internal code support for stopping tasks if server is not running or continuing through on task error 2021-05-01 11:52:02 -07:00
Dane Everitt
92cd659db3
Add underlying data changes necessary for new task & schedule features 2021-05-01 10:44:40 -07:00
Dane Everitt
fd8259f33d
Merge branch 'develop' into patch-1 2021-04-25 11:06:29 -07:00
Julien Tant
f7f972b33d rename now variable & fix condition 2021-04-24 18:18:29 -07:00
Julien Tant
2cd64c0af4 Merge remote-tracking branch 'upstream/develop' into develop 2021-04-24 17:14:18 -07:00
Dane Everitt
6ef60633d3
Additional coverage to ensure values are wrapped as expected; ref #3287 2021-04-24 16:39:56 -07:00
Julien Tant
552b9d3c33 Add possibility to run disabled cron 2021-04-24 15:06:21 -07:00
Boy132
c56e699985
Separated user from group 2021-04-20 17:39:34 +02:00
Boy132
2f6351ec00
Small fix 2021-04-20 10:08:21 +02:00
Boy132
3ca835e661
Add group input to upgrade command 2021-04-20 10:06:19 +02:00
Lance Pioch
77a3ca682f
Change to actual function names to support MariaDB 2021-04-08 17:34:25 -04:00
Dane Everitt
f973285e04
Guard against unexpected panic conditions from wings 2021-04-04 10:45:33 -07:00
Dane Everitt
18e5ce310a
Use updated response from wings 2021-04-04 10:25:54 -07:00
Dane Everitt
45680cab47
Don't use tagging, closes #3224 2021-04-03 10:53:41 -07:00
Dane Everitt
48ad8f538e
Always allow specifying a page size with the API; closes #3218 2021-03-26 09:03:51 -07:00
Dane Everitt
9b46d59045
Cache resource lookup results for 20 seconds for each server 2021-03-21 12:29:18 -07:00
Dane Everitt
7676f7dd66
Allow modification of server build settings even when node is offline 2021-03-21 11:49:42 -07:00
Dane Everitt
aa0b7977bb
Fix error spam in logs due to missing cron month 2021-03-21 10:49:23 -07:00
Dane Everitt
8c7d785c9e
Ensure a created_at value is set on recovery tokens; closes #3163 2021-03-21 10:43:01 -07:00
Matthew Penner
582521f419 fix: backup restore delete all files 2021-03-12 14:47:49 -07:00
Alex
76f507656c
remove file archive flag 2021-03-08 12:19:20 +02:00
Dane Everitt
1476104b30
Fix inability to download files from the panel; closes #3151
Co-Authored-By: xcgc <74693042+xcgc@users.noreply.github.com>
2021-03-07 09:45:27 -08:00
xcgc
397df3bf71
Update ServerInstallController.php 2021-03-06 15:52:24 +08:00
Dane Everitt
1943c7a98b
Prevent catastrophic boot failure in wings when a server egg has bad data; closes #3055 2021-03-03 21:02:11 -08:00
Dane Everitt
19279644df
Show more user friendly error when allocation fails to parse; closes #3056 2021-03-03 20:19:00 -08:00
Dane Everitt
1b2c4931ee
Add endpoint logic necessary to reset server states if they get stuck installing/restoring when wings restarts 2021-02-23 21:20:02 -08:00
Dane Everitt
94ea9c37d0
Don't require auto-allocation settings if not enabled; closes #3085 2021-02-17 21:11:23 -08:00
Matthew Penner
352910f897 api(remote): fix inproper reading of boolean for installation status 2021-02-06 10:16:08 -07:00
Dane Everitt
00da092e45
Fix tests 2021-01-30 19:12:22 -08:00
Dane Everitt
f558bc880a
Correctly handle error; don't overwrite laravel method 2021-01-30 18:07:48 -08:00
Dane Everitt
e30a765071
Simplify logic when a server is in an unsupported state 2021-01-30 13:28:31 -08:00
Dane Everitt
be26921fcc
Merge branch 'develop' into dane/restore-backups 2021-01-30 10:10:29 -08:00
Dane Everitt
5515871b2f
Turns out I hate that huge space formatting, disable that mess 2021-01-27 20:52:11 -08:00
Dane Everitt
0ae90eacaa
Don't try to store null values in the DB for variables; closes #3038 2021-01-27 20:45:26 -08:00
Dane Everitt
b00def2537
Switch to JSON from TEXT when storing denylist items for an egg; closes #3034 2021-01-26 21:08:53 -08:00
Dane Everitt
0dd0f09238
Formatting cleanup for backups 2021-01-25 19:25:15 -08:00
Dane Everitt
0a2c89e9f4
Reeformat with new rules post merge 2021-01-25 19:20:51 -08:00
Dane Everitt
663143de0b
Merge branch 'develop' into dane/restore-backups 2021-01-25 19:16:40 -08:00
Dane Everitt
bf2291357f
Just stop people right there. 2021-01-23 16:32:43 -08:00
Dane Everitt
2a8d336336
Ensure slow commands have time to run 2021-01-23 16:29:18 -08:00
Dane Everitt
fd9245b2c5
Make sure we chown the files at the end of the process 2021-01-23 16:27:23 -08:00
Dane Everitt
db5c9b3675
Allow specification of a version 2021-01-23 16:12:13 -08:00
Dane Everitt
fb98b1892d
Add simple logic to download and unpack the archive 2021-01-23 16:07:49 -08:00
Dane Everitt
6f3ea462a7
Add command to execute all of the normal upgrade commands for the application 2021-01-23 15:52:57 -08:00
Dane Everitt
fa9431c54d
Slightly cleanup 2021-01-23 14:12:15 -08:00
Dane Everitt
07798b7366
Update file contents 2021-01-23 13:59:52 -08:00
Dane Everitt
b480a9e4e2
Make php-cs-fixer work in phpstorm 2021-01-23 13:44:35 -08:00
Dane Everitt
c449ca5155
Use more standardized phpcs 2021-01-23 12:33:34 -08:00
Dane Everitt
a043071e3c
Update to Laravel 8
Co-authored-by: Matthew Penner <me@matthewp.io>
2021-01-23 12:12:54 -08:00
Dane Everitt
aab353d91e
Merge pull request #3011 from AreYouRlyScared/addcronmonth
Adds months for schedules
2021-01-20 20:10:26 -08:00
Dane Everitt
e8dcd30e0c
[security] fix resources not properly returning an error when they don't match the server in the URL
Prior to this fix certain resources were accessible even when their assigned server was not the same as the server in the URL. This causes the resource server relationship to not match the server variable present on the request.

Due to this failed logic it was possible for users to access resources they should not have been able to access otherwise for some areas of the panel.
2021-01-19 21:19:17 -08:00
Dane Everitt
f24193801a
Add endpoint for triggering restoration completion 2021-01-18 21:14:49 -08:00
Dane Everitt
e700b4da78
Whoops, don't store the model until we've successfully completed the transaction internals 2021-01-18 20:14:38 -08:00
Dane Everitt
8d69a60e28
Only allow restoring valid backups, set the server correctly on the repository 2021-01-18 20:11:49 -08:00
Dane Everitt
575eab9072
Less obtuse error messaging, include the request ID in the output 2021-01-17 20:51:41 -08:00
Dane Everitt
87371901c0
Add base logic to support sending a request to restore a backup for a server 2021-01-17 17:51:09 -08:00
Dane Everitt
8db3a05498
;-; 2021-01-17 16:08:41 -08:00
Dane Everitt
b38b8f6465
Mark some fields as deprecated in the API 2021-01-17 16:02:11 -08:00
Dane Everitt
cb40b280a4
Fix single failing test 2021-01-17 15:55:46 -08:00
Dane Everitt
a75a347d65
Remove suspended & installing fields, replace with single status field 2021-01-17 15:51:56 -08:00
Dane Everitt
4c29be2e54
Adjust some naming real quick 2021-01-17 15:25:49 -08:00
Dane Everitt
bfc6f34c50
Audit when a backup is successful or fails 2021-01-17 15:22:02 -08:00
Dane Everitt
291c65275a
Update audit design 2021-01-17 11:52:44 -08:00
Dane Everitt
ccecaa6694
Add basic auditing for filesystem actions
Specifically skipping read actions since there isn't much to say there, and it generally wouldn't be very helpful (plus, likely to generate lots of logs).
2021-01-17 11:46:08 -08:00
Dane Everitt
b15679d3bb
Add base logic for audit logging 2021-01-17 10:49:36 -08:00
Charles Morgan
ffeedf17e4 Adds months for schedules
Adds month variable for schedules
2021-01-16 22:07:39 -05:00
Dane Everitt
9684456480
Add a todo for later 2021-01-10 17:05:41 -08:00
Dane Everitt
239984f92c
Add internal support for file denylist on eggs; closes #569 2021-01-10 17:02:14 -08:00
Dane Everitt
ff21d83e2d
Add endpoint to get all nodes meeting memory & disk requirements for a server; closes #1012 2021-01-10 13:08:43 -08:00
Dane Everitt
7666aee1c7
Merge pull request #2956 from pterodactyl/fix/files-urlencoding
fix urlencoding in the file manager
2021-01-03 17:19:42 -08:00
Jakob Schrettenbrunner
44c668e208 url encode email in password reset link 2021-01-02 03:30:27 +01:00
Jakob Schrettenbrunner
4fd2af028d fix urlencoding in the filemanager 2021-01-02 02:15:32 +01:00
Oreo Oreoniv
421d838e35
Fix retry after header 2020-12-29 19:11:47 +03:00
Dane Everitt
dbb6f69e00
Use proper newline, not literal \n 2020-12-27 16:47:51 -08:00
Dane Everitt
794cf9d9dd
Make backup throttling configurable 2020-12-27 16:41:53 -08:00
Dane Everitt
a7fef8b736
Correctly handle backups that fail without an upload_id attached to them 2020-12-27 11:56:28 -08:00
Dane Everitt
952715facc
Fix handling of upload IDs on backups 2020-12-27 11:34:55 -08:00
Matthew Penner
951d92b143 Store S3 upload_id in the database for backups 2020-12-26 11:59:21 -07:00
Dane Everitt
6c39288def
Clarify error messaging for transfers 2020-12-24 10:14:10 -08:00
Dane Everitt
a2548c14ac
Fix logic since this accepts arrays now 2020-12-24 10:12:01 -08:00
Dane Everitt
25e53d9f22
Merge branch 'matthewpi/transfer-improvements' of https://github.com/Pterodactyl/Panel into matthewpi/transfer-improvements 2020-12-24 10:10:41 -08:00
Dane Everitt
2ee08a1a3d
Update logic for server transfer controller 2020-12-24 10:10:40 -08:00
Dane Everitt
6c61577699
Simplify logic in websocket control 2020-12-24 09:20:23 -08:00
Dane Everitt
6fa24d4979
Merge branch 'develop' into matthewpi/transfer-improvements 2020-12-24 09:17:21 -08:00
Dane Everitt
9a57011071
Merge branch 'develop' of https://github.com/Pterodactyl/Panel into develop 2020-12-24 09:15:05 -08:00
Dane Everitt
087c41d5ac
Add endpoint to pull a remote file down 2020-12-24 09:15:03 -08:00
Dane Everitt
2f17e75395
Merge pull request #2879 from pterodactyl/fix/backups-failing-early
Allow changing the prune age for backups
2020-12-24 09:12:59 -08:00
Matthew Penner
4b9eab8950 Send ignored_files as a string to wings 2020-12-22 19:31:52 -07:00
Matthew Penner
17ca3659c5 Change 'backups.prune_age' default to 6 hours 2020-12-19 11:50:35 -07:00
Matthew Penner
d8f75fa0b7 Fix failed transfers locking a server into a unaccessible state 2020-12-17 11:14:58 -07:00
Matthew Penner
37cfa151b6 Use ServerTransferringException 2020-12-17 10:37:14 -07:00
Matthew Penner
e69d9b2c26 Update comment in AuthenticateServerAccess.php 2020-12-17 10:35:54 -07:00
Matthew Penner
fd848985ee Add ServerTransferringException, use is_null 2020-12-17 10:35:54 -07:00
Matthew Penner
8d297a0918 Release reserved allocations upon archive failure 2020-12-17 10:35:54 -07:00
Matthew Penner
01926e2896 Improve logic for logging into the websocket of the target node 2020-12-17 10:35:54 -07:00
Matthew Penner
5c5e2e24f1 📯 tRaNsFeR lOgS 📯 2020-12-17 10:35:54 -07:00
Matthew Penner
e6c4a68e4a Update logic for tracking a server's transfer state 2020-12-17 10:35:54 -07:00
Dane Everitt
5d03c0d2e5
Properly handle loading files with special characters 2020-12-16 21:38:46 -08:00
Matthew Penner
e34d31a58c Allow changing the prune age for backups 2020-12-16 14:15:07 -07:00
Dane Everitt
5bbb36b3cf
Support updating docker image for a server from the frontend 2020-12-13 11:07:29 -08:00
Dane Everitt
1dacd703df
Fix egg importing from seeder 2020-12-13 10:34:51 -08:00
Dane Everitt
638ea2e815
Support creating/updating docker images on eggs 2020-12-13 10:13:32 -08:00
Dane Everitt
78c4ac80bc
Basic implemention of multiple selectable images for an egg
The admin side of this is quite ugly when creating/editing a server, but I'm not putting effort into that right now with React Admin soon™
2020-12-13 09:53:17 -08:00
Dane Everitt
3e65a2d055
Pass one at unfucking the stupid file encoding issues 2020-12-08 21:24:17 -08:00
Matthew Penner
911d85c230 Delete the oldest backup, not the newest backup, closes #2800 2020-12-07 09:31:44 -07:00
Dane Everitt
fcff9085b8
Merge pull request #2781 from pterodactyl/matthewpi/server-details-patch-1
Show installing status instead of offline when a server is installing
2020-12-06 15:27:03 -08:00