Commit graph

46 commits

Author SHA1 Message Date
Dane Everitt
f31a6d3967
Fix parameter bindings for client API routes; closes pterodactyl/panel#2359 2020-09-27 10:39:18 -07:00
Dane Everitt
906cfce81c
Don't return a 403 when returning resources for a suspended server; closes #2279 2020-08-30 09:54:59 -07:00
Dane Everitt
540cc82e3d
Don't resolve database hosts; closes #2237 2020-08-19 20:38:51 -07:00
Dane Everitt
61e9771333
Code cleanup for subuser API endpoints; closes #2247 2020-08-19 20:21:12 -07:00
Dane Everitt
2278927fb6
Update allocations to support ids; protect endpoints; support notes 2020-07-09 20:36:08 -07:00
DarthShmev
06ece0e624
Fix AuthenticateServerAccess middleware spelling issue. 2020-07-05 15:48:02 -04:00
Dane Everitt
fde8465f35
Show a better error when JSON data cannot be parsed in the request 2020-06-30 20:05:11 -07:00
Dane Everitt
536180ed0c
Return Http test cases to a passing state 2020-06-23 21:59:37 -07:00
Dane Everitt
16e14621c8
Better error messaging when server is suspended 2020-06-22 20:22:52 -07:00
Dane Everitt
6056b6f45d
Show console when an admin is viewing an installing server 2020-04-26 13:21:39 -07:00
Matthew Penner
658a959e5d Fix trailing comma in DaemonAuthenticate.php, change ServerDetailsController.php to use node authentication 2020-04-10 17:54:50 -06:00
Dane Everitt
2532a73425
Don't throw errors if bad data is sent in the header 2020-04-10 15:53:19 -07:00
Dane Everitt
7557dddf49
Store node daemon tokens in an encrypted manner 2020-04-10 15:15:38 -07:00
Dane Everitt
be05d2df81
Add support for generating a signed URL for downloading a file from the daemon 2020-04-04 19:54:59 -07:00
Dane Everitt
1f92a7de33
Authenticate that the request is coming from someone that should even know about the server 2020-03-28 16:23:18 -07:00
Dane Everitt
7543ef085d
Format files 2019-09-05 21:32:57 -07:00
Dane Everitt
95d19bf09e
Update logic that handles creation of folders for a server 2019-05-01 21:45:39 -07:00
Dane Everitt
0999ec93c3
More logic for deleting databases 2018-08-25 15:07:42 -07:00
Dane Everitt
9be2aa4ca9
Push beginning of DB deletion stuff 2018-08-25 14:43:21 -07:00
Dane Everitt
8bbe6bc279
Add test, fix behavior of model creation 2018-07-14 22:58:33 -07:00
Dane Everitt
550c622d3b
Obliterate JWT from codebase 2018-07-14 22:48:09 -07:00
Dane Everitt
6336e5191f
Strip out JWT usage and use cookies to track the currently logged in user 2018-07-14 22:42:58 -07:00
Dane Everitt
c82f273d85
Fix remaining broken tests 2018-07-04 19:38:23 -07:00
Dane Everitt
e7faf979a1
Change login handling to automatically redirect a user if their session will need renewal. 2018-06-16 14:05:39 -07:00
Dane Everitt
03c83c084a
Revert use of cookies, go back to using a JWT 2018-06-06 22:49:44 -07:00
Dane Everitt
5bcabbde35
Get dashboard in a more working state 2018-06-05 23:42:34 -07:00
Dane Everitt
a1444b047e
Fix JWT handling for API access when logging in 2018-05-28 14:59:48 -07:00
Dane Everitt
6e5c365018
Use the client API to load servers on the listing page 2018-05-28 13:23:40 -07:00
Dane Everitt
ad69193ac0
Add JWT to login forms 2018-05-28 12:48:42 -07:00
Lance Pioch
e2dc0638d9 Fix app/ spelling errors 2018-05-13 11:12:41 -04:00
Dane Everitt
ef371a508d
Change check on debugbar to use debug not environment 2018-03-10 12:03:23 -06:00
Dane Everitt
8f72571895
Fix IP access middleware 2018-02-28 23:39:59 -06:00
Dane Everitt
cef3e4ced4
Add base routes for managing servers as a client 2018-02-27 21:28:43 -06:00
Dane Everitt
9a32b9fd03
Merge branch 'develop' into feature/client-api 2018-02-27 21:04:18 -06:00
Dane Everitt
23e07689a7
Handle 404 errors in API bindings correctly to avoid explosing that a resource exists before validating a key 2018-02-27 21:04:04 -06:00
Dane Everitt
e28973bcae
Move everything around as needed to get things setup for the client API 2018-02-25 15:30:56 -06:00
Dane Everitt
5b6d3b8325
Slightly more clear errors 2018-02-24 12:27:41 -06:00
Dane Everitt
2ec76d283b
Fix bad API behavior 2018-02-04 15:38:38 -06:00
Dane Everitt
8afced3410
Add nests & eggs
Cleanup middleware handling and parameters on controllers...
2018-01-27 12:38:56 -06:00
Dane Everitt
de07b3cc7f
Add server database management support to API. 2018-01-25 22:34:53 -06:00
Dane Everitt
3e327b8b0e
Use more logical route binding to not reveal resources on the API unless authenticated. 2018-01-20 15:33:04 -06:00
Dane Everitt
0e7f8cedf0
Reorganize API files 2018-01-19 19:58:57 -06:00
Dane Everitt
c3b9738364
Implement application API Keys 2018-01-18 21:36:15 -06:00
Dane Everitt
f9fc3f4370
Update interface to begin change to seperate account API keys and application keys
Main difference is permissions, cleaner UI for normal users, and account keys use permissions assigned to servers and subusers while application keys use R/W ACLs stored in the key table.
2018-01-14 13:30:55 -06:00
Dane Everitt
ad3a954256
Rename APIKey to ApiKey 2018-01-14 12:06:15 -06:00
Dane Everitt
e3df0738da
Change the way API keys are stored and validated; clarify API namespacing
Previously, a single key was used to access the API, this has not changed in terms of what the user sees. However, API keys now use an identifier and token internally. The identifier is the first 16 characters of the key, and the token is the remaining 32. The token is stored encrypted at rest in the database and the identifier is used by the API middleware to grab that record and make a timing attack safe comparison.
2018-01-13 16:06:19 -06:00