Commit graph

4230 commits

Author SHA1 Message Date
Dane Everitt
dfa329ddf2
[security] ensure session is only for that request when authenticating user API key
https://github.com/pterodactyl/panel/security/advisories/GHSA-7v3x-h7r2-34jv
2022-01-19 21:09:17 -05:00
Mrxbox98
21f74a835c
Fixed error (#3870) 2022-01-19 17:06:31 -08:00
Dane Everitt
ee870d45e8
Update CHANGELOG.md 2022-01-19 19:55:33 -05:00
Alex
0ff2f28ced
feat(egg): Add Steam out of disk space modal (#3891) 2022-01-18 13:00:10 -07:00
Mrxbox98
1f3217c3c5
fix(server/files): duplicate entry when making a nested folder (#3813) 2022-01-18 12:49:06 -07:00
Alex
5f308feb3f
feat(model/pid): lowercase error array element (#3892) 2022-01-18 12:34:44 -07:00
Alex
e881285ef1
ci(release): add ESLint config (#3747) 2022-01-17 20:17:13 -07:00
Wuzado
99ebd2e75c
Add the DB_PORT environmental variable to the example Docker Compose config (#3796) 2022-01-17 20:12:14 -07:00
Boy132
7d0d71baec
Checkbox & Dropdown for Startup Variables (#3769) 2022-01-17 20:08:53 -07:00
Paperboypaddy16
e7884e4f0b
Fixed link for docker-compose.yml under Setup (#3829) 2022-01-17 20:05:04 -07:00
Charles Morgan
aed9f85bce
Add PID Modal (#3845) 2022-01-17 20:02:10 -07:00
Matthew Penner
1eaf411cb4
node: lowercase fqdn in letsencrypt path (#3890) 2022-01-17 19:56:57 -07:00
Alex
28f7a809a5
fix: exception localization (#3850)
resolves #3849
2022-01-15 08:10:37 -08:00
Wuzado
49dd719117
fix(docker): handle cases where DB_PORT is not defined (#3808)
Co-authored-by: Alex <admin@softwarenoob.com>
2022-01-15 08:10:19 -08:00
Paul Vogel
04656f8da8
Fix anchor in link to docker docs (#3793)
The former version does not "scroll" to the section
2022-01-15 08:10:01 -08:00
Jelco
95ff5f88c3
update required versions (#3881) 2022-01-12 13:53:36 -08:00
Dane Everitt
f2e92d80ac
Adjust copyright in footer to be more consistent 2022-01-02 07:25:07 -08:00
Dane Everitt
a6a9b31278
Avoid having to update the license each year 2022-01-02 07:21:56 -08:00
Dane Everitt
4dc6121e5c
Update README.md 2022-01-02 07:19:16 -08:00
SirEpiclyAmazing
e771d36d41
Disallow crawlers (#3832) 2021-12-28 08:02:08 -05:00
Boy132
1d02365efe
Fix eslint warnings (#3814) 2021-12-19 09:50:18 -08:00
wingdings255
1564742606
Update egg-ark--survival-evolved.json (#3809) 2021-12-19 09:44:32 -08:00
Mrxbox98
66c56b0da8
CPU Graph change (#3804) 2021-12-12 10:19:06 -08:00
Mrxbox98
15619fb8e4
Fixes overlapping Two Factor Authentication Box (#3803) 2021-12-12 10:15:44 -08:00
Alex
4e6fe112b0
fix(forge): actually fix forge regex (#3801)
For whatever reason, stupid me rebased the wrong branch in previous PR #3783 and didn't notice it, which contained the old egg instead.

This one actually fixes the regex and includes more debugging steps for easier troubleshooting.

Easy to view diff: <https://www.diffchecker.com/3iJ9lVzH>
2021-12-12 10:14:25 -08:00
Mrxbox98
f04b87a37c
FireFox Font Fix (#3805) 2021-12-12 10:14:09 -08:00
hz-ad
928b060647
Include HostEZ in sponsors list (#3788)
Update to append HostEZ to the sponsors list
2021-12-06 11:00:29 -08:00
Alex
b8bf537737
cmd(setup): validate email input, closes #3175 (#3716) 2021-12-04 10:52:09 -08:00
Charles Morgan
0d5ff6afac
Add Pug / Jade to file editor, closes #3512 (#3514) 2021-12-04 10:51:52 -08:00
Alex
5cde059f21
docs(docker): display correct variable for certificates (#3723)
Docker image and compose file uses `LE_EMAIL` and not `LETSENCRYPT_EMAIL`

Co-authored-by: Matthew Penner <me@matthewp.io>
2021-12-04 10:51:15 -08:00
Alex
0db772a82b
eggs: update source install script (#3604)
Installing basic packages are unnecessary as they already exist in yolks installer image. This also gets rid of Debian 10 lib32gcc package not being found, since installer image is Debian 11.
2021-12-04 10:50:50 -08:00
Paul Vogel
dcbc1360a9
Improve test coverage for LocationController (#3779)
By adding tests for create, update, delete
2021-12-04 10:50:36 -08:00
Patrick R
622b939f00
Show ipv6 with correct in-url syntax (#3776) 2021-12-04 10:35:55 -08:00
Lukas Moucka
e8e2911a92
Change order of docker images in JavaVersionModalFeature (#3782)
This changes the order of the Docker images in JavaVersionModalFeature, and also sets the default state to Java 17. Previously it was Java 16, even though the first entry in the list was Java 8, that confused a lot of people
2021-12-04 10:35:39 -08:00
Boy132
96c3338e96
Add the MC 1.18 message to Java Version Modal (#3778) 2021-12-04 10:35:20 -08:00
Alex
49d5ef271d
ARM64 support for the Panel Docker image, closes #3580 (#3709)
Co-authored-by: Dane Everitt <dane@daneeveritt.com>
2021-12-04 10:33:42 -08:00
Boy132
4cc8658334
GSL Token Modal Feature (#3746) 2021-12-04 10:29:24 -08:00
Yusta
a6e0e5dbda
Add app_url for mail sender (#3753)
Co-authored-by: Dane Everitt <dane@daneeveritt.com>
2021-12-04 10:26:00 -08:00
Desjardins Jérôme
10aaf00e83
use DB_PORT for mysql database connection (#3762)
DB_PORT is the env variable defined for the mysql port into Panel Configuration.
2021-12-04 10:25:02 -08:00
Paul Vogel
b9d73afb63
Fix typo in messsage when deleting a database (#3777) 2021-12-04 10:24:06 -08:00
Alex
59d47e746b
fix: Forge version regex for 1.17+ JPMS (#3783)
For 1.17 JPMS arguments, fix regex to match`^1\.(17|18|19|20|21|22|23)` or latest instead of only dot . minor versions, which is something I didn't notice in a previous PR. This should future proof it.

Changes Java image display order defaulting to 17, which the 1.17+ requires for unix args.
2021-12-04 10:23:37 -08:00
Alex
01e7a45cc5
fix(eggs): Forge latest version fetching (#3770)
Fixes a typo in fetching the latest versions. It was overwritten to "recommended" by mistake.

Easy to read diff: <https://www.diffchecker.com/U04gJTRu>
2021-11-29 10:14:08 -08:00
Dane Everitt
30bb629bad
Update CHANGELOG.md 2021-11-16 20:36:53 -08:00
Dane Everitt
bf9cbe2c6d
Add consistent CSRF token verification to API endpoints; address security concern with non-CSRF protected endpoints 2021-11-16 20:02:18 -08:00
Matthew Penner
cc31a0a6d0
tests(integration): don't expect non-required fields 2021-11-15 11:29:22 -07:00
Alex
01871d8a6c
add Java 17 LTS image to Minecraft eggs (#3744)
* feat: add Java 17 LTS for Minecraft

* feat: add java 17 option to java modal
2021-11-15 08:15:27 -08:00
Dane Everitt
17c03e9a4d
Fix broken session management for application api 2021-11-03 21:33:21 -07:00
Dane Everitt
e8a8405899
Remove tests 2021-11-03 21:22:14 -07:00
Dane Everitt
60eff40a0c
Fix session management on client API requests; closes #3727
Versions of Pterodactyl prior to 1.6.3 used a different throttle pathway for
requests. That pathway found the current request user before continuing on to
other in-app middleware, thus the user was available downstream.

Changes introduced in 1.6.3 changed the throttler logic, therefore removing this
step. As a result, the client API could not always get the currently authenticated
user when cookies were used (aka, requests from the Panel UI, and not API directly).

This change corrects the logic to get the session setup correctly before falling
through to authenticating as a user using the API key. If a cookie is present and a
user is found as a result that session will be used. If an API key is provided it is
ignored when a cookie is also present.

In order to keep the API stateless any session created for an API request stemming
from an API key will have the associated session deleted at the end of the request,
and the 'Set-Cookies' header will be stripped from the response.
2021-11-03 20:51:39 -07:00
Alex
d0663dcbd4
fix: use POST for admin logout route (#3710)
Quick fix for logging out from the admin panel as the auth route was changed from GET to POST.
2021-10-30 13:27:59 -07:00