Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
826 commits 62 branches 124 tags 29 MiB
Commit graph

286 commits

Author SHA1 Message Date
Jakob Schrettenbrunner
e1e159b7de add ability to generate a token to retrieve the config for a specific node 2017-01-07 18:10:11 +01:00
Dane Everitt
d9de884de3 Apply fixes from StyleCI 2017-01-03 22:46:30 +00:00
Dane Everitt
c1bf757623
Fix service option name being set wrongly after adding a new variable. closes #208 2017-01-03 17:44:48 -05:00
Dane Everitt
aa6e733ba5
Switch filemanager and EULA check to use pure Javascript methods 
Removes the need for the javascript to be parsed by Blade template
engine by using a defined javascript variable with the values that are
necessary for checking everything and passing the correct values.

This does make it so that if a user does not have permission to do
something they could theoretically make the option show up in the
context menu, however when they click it, it will simply return an
error by the daemon.
 2017-01-03 16:47:33 -05:00
Dane Everitt
39731f99da Merge pull request #226 from hammerdawn/APICHANGE 
Allow listing a user by both ID and email. Useful for checking if a u…
 2017-01-02 22:00:45 -05:00
Emmet Young
3f5bf099ae Use DaneEveritt's shortened query call. 2017-01-03 13:40:35 +11:00
Dane Everitt
a1dff5cda0
Push updated languages 2016-12-30 17:17:36 -05:00
Emmet Young
b5d3417167 Allow listing a user by both ID and email. Useful for checking if a user exists by its email. 2016-12-29 22:56:45 +11:00
Dane Everitt
a49dee2416
Add base implementation of service retrieval. 🏇 
There is currently no authentication middleware on this route.
 2016-12-14 18:54:43 -05:00
Dane Everitt
efda0dd009 Apply fixes from StyleCI 2016-12-14 21:56:25 +00:00
Dane Everitt
fc38b09e1f
Merge branch 'develop' into feature/service-changes 2016-12-14 16:53:53 -05:00
spaceemotion
a85ac87ae8 Refactor to use more laravel logic and improve compatibility with older PHP versions (#206) 
* Fix @param namespaces for PHPDocs in ServerPolicy

* Reduce permission check duplication in ServerPolicy

This introduces a new checkPermission method to reduce code duplication when checking for permissions.

* Simplify logic to list accessible servers for the user

We can directly use the pluck function that laravel collections provide to simplify the logic.

* Fix pagination issue when databases/servers exceed 20

Laravels strips out the currently selected tab (or any GET query for that matter) by default when using pagination. the appends() methods helps with keeping that information.

* Refactor unnecessary array_merge calls

We can just append to the array instead of constantly merging a new copy.

* Fix accessing “API Access” on some versions of PHP

The “new” word is reserved and should not be used as a method name.

http://stackoverflow.com/questions/9575590/why-am-i-getting-an-unexpected-t-new-error-in-php

* Fix revoking API keys on older versions of php (5.6)

“string” was not a valid function argument type yet, so revoking keys results in an error on older installations.

* Fix issues with API due to methods named “list”

“list” is yet another reserved keyword in PHP and messes up older installations of PHP (5.6).
This renames all methods named “list” to “lists”. The API route names are left untouched (e.g. still called “api.admin.users.list”).

* Refactor and shorten some API logic

Used laravel collection methods where applicable to directly transform the values instead of converting back and forth.
This also removes some dead variables that were never used as well as getting rid of a n+1 problem in the Service API (loading service variables afterwards, not during the model creation).

* Return model save status in repositories where applicable

* Fix typo in ServicePolicy#powerStart

* Apply StyleCI corrections
 2016-12-12 14:30:57 -05:00
Dane Everitt
c1fb0a665f Apply fixes from StyleCI 2016-12-07 22:46:38 +00:00
Emmet Young
f687fab9a2 API: ability to search for an allocation based on the assigned server id (#194) 2016-12-04 22:17:35 -05:00
Dane Everitt
9ae716ee42
show container ID for server in panel 
Also shows the UID of the user to ease permissions setting

closes #160
 2016-12-02 19:35:08 -05:00
Dane Everitt
2ac734d595
Update node config sent over API 2016-12-02 19:12:29 -05:00
Dane Everitt
3cd0a8337f
Add ability to filter user list 2016-12-02 18:41:52 -05:00
Dane Everitt
ed5b7559ec
Fixes potential for generated password to not meet own validation requirements 2016-12-01 19:16:40 -05:00
Jakob
03c6f986d2 fix api /servers/{id}/build 
remove unrelated error thrown every time
 2016-11-30 12:26:23 +01:00
Dane Everitt
75de060a55
Fix pack selector 2016-11-27 14:57:23 -05:00
Dane Everitt
c4a4b84bd3
Add service pack reference to server and send to daemon 2016-11-27 14:50:10 -05:00
Dane Everitt
238f08f222
Add pack selection to view 2016-11-27 14:30:44 -05:00
Dane Everitt
9eb14614c2
Merge branch 'develop' into feature/service-changes 2016-11-27 14:01:13 -05:00
Dane Everitt
946512bac9
search for owner:<email> correctly. 2016-11-26 20:18:46 -05:00
Dane Everitt
723b608e0c
Implement node deletion properly, fixes #173 2016-11-26 16:29:13 -05:00
Dane Everitt
0e89ecb427
Handle node:<param> properly when doing server searches 
Uses the node name rather than the node’s ID by default.
 2016-11-26 16:19:25 -05:00
Dane Everitt
5600f3201c
Add support for deleting service packs. 2016-11-18 17:31:57 -05:00
Dane Everitt
d4729427aa
Support for uploading templates for installing packs 2016-11-16 17:22:22 -05:00
Dane Everitt
e09659a88f
support for pack editing 2016-11-16 16:09:28 -05:00
Dane Everitt
09c2dcc1b6
Support for viewing and exporting packs 2016-11-15 23:12:47 -05:00
Dane Everitt
a1bc6fa2d3
Push changes that support creations of service packs and basic listing 2016-11-15 20:20:32 -05:00
Dane Everitt
cfd5e0e854
Implement base service file modification through panel 2016-11-09 17:58:14 -05:00
Dane Everitt
659c33f0e8
Fixes a bug that allows a user to bypass 2FA authentication requirements 
This bug was reported to us by a user (@Ferry#1704) on Discord on
Monday, November 7th, 2016.

It was disclosed that it was possible to bypass the 2FA checkpoint by
clicking outside of the modal which would prompt the modal to close,
but not submit the form. The user could then press the login button
which would trigger an error. Due to this error being triggered the
authentication attempt was not cancelled. On the next page load the
application recognized the user as logged in and continued on to the
panel.

At no time was it possible to login without using the correct email
address and password.

As a result of this bug we have re-factored the Authentication code for
logins to address the persistent session. Previously accounts were
manually logged back out on 2FA failure. However, as this bug
demonstrated, causing a fatal error in the code would prevent the
logout code from firing, thus preserving their session state.

This commit modifies the code to use a non-persistent login to handle
2FA checking. In order for the session to be saved the application must
complete all portions of the login without any errors, at which point
the user is persistently authenticated using Auth::login().

This resolves the ability to cause an exception and bypass 2FA
verification.
 2016-11-07 15:55:57 -05:00
Dane Everitt
48994c1354
Fix the other user bug... 2016-11-04 21:50:47 -04:00
Dane Everitt
4359252545
Fix a @schrej bug 2016-11-04 21:46:16 -04:00
Dane Everitt
61e65294af
Fix bug preventing rendering of database hosts when not linked to a node. 2016-11-04 20:44:56 -04:00
Jakob
e65dc5708d Validate password on reset according to rules (#158) 
* move password rules to Models\User::PASSWORD_RULES

* validate new password according to rules on password reset

* add password requirements info to auth.passwords.reset view
 2016-10-30 16:02:39 -04:00
Dane Everitt
6fd7c78f0c
Add server deletion to a queue. 
This action allows servers to be deleted, but only be soft-deleted for
10 minutes. After that time period the server will be completely
removed from the database and daemon. This allows some safety if a
server is accidentally deleted.

Force deleting a server will still work. If the daemon is in-accessible
the server will fail to be deleted. When server is soft-deleted admins
can still view its information page in the admin CP, however the server
will be suspended and inaccessible on the front-end or though the
daemon.

Admins can manually delete the server ahead of the delete timer, or if
it failed to delete previously they can do an immediate retry.
 2016-10-27 20:05:29 -04:00
Dane Everitt
bef717b202
add typeahead support for owner email when adding new server 
closes #144
pic: http://s3.pterodactyl.io/UpPSJ.png
 2016-10-21 15:22:47 -04:00
Dane Everitt
f24347d1bd
Remove old admin routes, fix display to non-admins 
Complete!
 2016-10-20 18:40:16 -04:00
Dane Everitt
b1a9a59707
Update middleware to handle wildcards correctly. 2016-10-20 18:35:55 -04:00
Dane Everitt
53ec2c55ec
Add front-end support for adding and deleting API keys. 2016-10-20 18:20:58 -04:00
Dane Everitt
dfeed013ba
Server API obey's the subuser permissions as well 2016-10-20 17:04:58 -04:00
Dane Everitt
125856d92f
Support for server info and minor changes to API setup 2016-10-20 16:42:54 -04:00
Dane Everitt
5a03ce7e1a
Add support for controlling server power from API. 2016-10-20 13:39:39 -04:00
Dane Everitt
745c735b32
Add initial basic API changes 
New route is `/api/me`
 2016-10-14 20:22:23 -04:00
Dane Everitt
126df09152
Fix route handling 2016-10-14 17:17:35 -04:00
Dane Everitt
7cf7a5a961
Split account things into own controllers. 2016-10-14 17:15:36 -04:00
Dane Everitt
63058d8c8e
Super early base implementation of notifications from daemon 2016-10-14 16:20:24 -04:00
Dane Everitt
649b18c8d1
support for server filtering 
closes #125
 2016-10-12 17:12:27 -04:00
Dane Everitt
84a4c8b7f4
API enhancements, return node config, return 200 not 201 2016-10-12 15:42:23 -04:00
Dane Everitt
c8a73fa608
Log the error output for API 2016-10-07 16:10:54 -04:00
Dane Everitt
af68dbed8f
Add support for base API logging of all requests 
ref #31
 2016-10-07 16:06:09 -04:00
Dane Everitt
06422b2055
fix up API route return 2016-10-07 14:26:50 -04:00
Dane Everitt
06756af994
add ?daemon=true option to API for servers 2016-10-06 23:56:32 -04:00
Dane Everitt
9d10c2a757
Support custom user id though API, closes #115 2016-10-06 22:36:59 -04:00
Dane Everitt
77198b48df
Support folders within folders for JS path 2016-10-06 17:27:30 -04:00
Dane Everitt
8330e26b39
Update routes to reflect daemon changes 2016-10-04 21:38:32 -04:00
Dane Everitt
4d922b6a0c
Clean up file adding and listing 2016-10-03 21:09:20 -04:00
Dane Everitt
fb4d122a2a
More updates to file manager 
Not doing individual commits for this, tons of changes for tons of
different aspects across multiple files.
 2016-10-01 23:09:55 -04:00
Dane Everitt
71245cb531
Minor changes to support better dynamic JS loading 2016-09-30 20:53:08 -04:00
Dane Everitt
831399184f
clean up front-end port allocation handling 2016-09-30 18:21:02 -04:00
Dane Everitt
bd7fd836ff
clean up node allocation 2016-09-30 17:12:36 -04:00
Dane Everitt
16222d1bd7
redirect if no locations 2016-09-30 16:05:39 -04:00
Dane Everitt
2e88c51ac7
If value is empty set to null 2016-09-30 16:01:36 -04:00
Dane Everitt
a9d0b4a4fe
Add support for setting IP aliases though panel 2016-09-29 21:34:20 -04:00
Dane Everitt
723e34a784
redirect to allocation tab when created 2016-09-29 17:47:47 -04:00
Dane Everitt
d9f1a7faf7 allow setting variable options to "0", closes #87 2016-09-17 20:25:13 -04:00
Dane Everitt
812b869be8 add ability to change servers docker image 2016-09-17 20:14:36 -04:00
Dane Everitt
7dd00d6d88 Fix startup executable display bug 2016-09-16 18:44:12 -04:00
Dane Everitt
bcd4b35890 Startup not required, fix display executable bug 2016-09-16 18:39:36 -04:00
Dane Everitt
06c680ee52 Fix redirect on server delete 2016-09-14 18:36:33 -04:00
Dane Everitt
c2d0a5adb3 Fix exception loading typo 2016-09-14 18:36:33 -04:00
Dane Everitt
228d6b1b21 Clean up exception handling code, closes #81 
Makes sure things get logged properly.
 2016-09-07 16:12:06 -04:00
Dane Everitt
e0bff4db8e closes #85, also fixes route names 2016-09-07 15:28:57 -04:00
Dane Everitt
9fb0cb420e Add subuser support to tasks 
Also allow task creation…
 2016-09-05 17:39:58 -04:00
Dane Everitt
9b4a0ed143 Add task toggle and delete 2016-09-05 17:13:22 -04:00
Dane Everitt
7529e961de Add back API (#80) 
Re-implements the API after it was removed in the Laravel 5.3 upgrade.
 2016-09-05 16:21:36 -04:00
Dane Everitt
b02df8e610 Implement base notifications support (#77) 
* initial implementation of notifications
* typehint UUID returns. Fixes that notifications bug
 2016-09-05 12:00:56 -04:00
Dane Everitt
b3ca8a3732 Fix password reset redirection path 2016-09-04 19:08:46 -04:00
Dane Everitt
afb5011fbe Update to Laravel 5.3 
[BREAKING] — REMOVES REMOTE API

A new API will need to be implemented properly using the new Laravel
Passport OAuth2 system. DingoAPI was becoming too unstable and
development wasn’t really moving along enough to continue to rely on it.
 2016-09-03 17:09:00 -04:00
Dane Everitt
8e657a0bf0 Remove old 'active' column and replace some references with 'suspended' in place 2016-09-01 21:21:01 -04:00
Dane Everitt
38eae88bd0 Add support for suspension 2016-09-01 21:16:38 -04:00
Dane Everitt
e8c175f385 Add IP Aliasing (#72) 
* complete support for IP Alias's throughout panel

Includes a database change and probably better allocation handling
anyways

closes #37
 2016-08-31 16:03:37 -04:00
Dane Everitt
4d31004cf4 Suppress overly verbose error output to users 2016-08-16 19:20:58 -04:00
Dane Everitt
445b2f20eb closes #69 2016-08-16 19:06:03 -04:00
Dane Everitt
5233d6e87b Add database password change support and fix column name 2016-08-16 00:07:10 -04:00
Dane Everitt
67d9f9f4ab Improve scheduled task layout and data handling 2016-03-18 16:23:10 -04:00
Dane Everitt
e7436aab2b Add active session management 2016-02-26 00:35:23 -05:00
Dane Everitt
f6be06164f fix user controller; closes #58, closes #59 2016-02-21 01:15:37 -05:00
Dane Everitt
48b9bc0c52 add support for variable creation and deletion 2016-02-21 00:38:03 -05:00
Dane Everitt
dcf2f6fa0a fix up urls to follow a cleaner pattern 2016-02-21 00:07:03 -05:00
Dane Everitt
dcfdb89e3c add support for deleting service option 2016-02-20 16:55:05 -05:00
Dane Everitt
1e9bf1c220 Add support for adding new service option 2016-02-20 16:45:13 -05:00
Dane Everitt
177bd4ec9d add ability to delete a service 2016-02-20 16:23:04 -05:00
Dane Everitt
a50bb5da14 add ability to create new service 2016-02-20 16:02:49 -05:00
Dane Everitt
e42547a1ff add support for editing service options 2016-02-20 15:59:37 -05:00
Dane Everitt
ad5e253a07 Really basic initial implementation of service management 2016-02-15 15:21:28 -05:00
Dane Everitt
217762a2eb More complete implementation of database management in panel. 
Still missing ability to change passwords for databases, but that will
come soon.
 2016-02-14 21:43:20 -05:00
Dane Everitt
a36f3dd875 Fix startup variable editing to allow admin full control 2016-02-13 17:36:03 -05:00
Dane Everitt
a903ae313a Add per-service-option startup & executable 
Also fixes display issue on front-end where users could see and edit
hidden settings
Fixes a bug in relation to #57
 2016-02-13 17:29:52 -05:00
Dane Everitt
5678d643cd Very basic view of databases and database servers on the system 2016-02-13 00:18:32 -05:00
Dane Everitt
7013d10987 Add basic support for per-server databases 
Still missing ability to define database servers
 2016-02-08 18:03:05 -05:00
Dane Everitt
a9ced7d474 Very basic initial auto-deploy script setup 2016-02-05 23:41:16 -05:00
Dane Everitt
4d99d57820 fix associated server display; closes #43 2016-01-25 19:14:32 -05:00
Dane Everitt
333aa73be5 Remove exception logging for connection error; closes #40 2016-01-25 18:42:27 -05:00
Dane Everitt
873f39d574 fix download error; closes #39 2016-01-25 18:39:34 -05:00
Dane Everitt
7bb0190ffa Change hmac method 2016-01-22 21:56:54 -05:00
Dane Everitt
aac498808c closes #30 2016-01-22 21:53:11 -05:00
Dane Everitt
be48fbd418 Fix allocation selection 2016-01-22 21:43:56 -05:00
Dane Everitt
fbd1b3f097 Improved display for server view if not installed 2016-01-22 20:39:16 -05:00
Dane Everitt
be47565c78 Update to match new installer processing. 2016-01-22 20:31:47 -05:00
Dane Everitt
4719b20a27 Implement server startup stuff 2016-01-22 19:40:48 -05:00
Dane Everitt
52229d5d2e Add SFTP management to server front-end 2016-01-21 23:58:08 -05:00
Dane Everitt
63f4d08f0f Add language switching support 2016-01-20 22:39:02 -05:00
Dane Everitt
b63fc02cef Add settings to panel 2016-01-20 22:08:13 -05:00
Dane Everitt
591cc8648d Fix user creation 2016-01-20 22:08:13 -05:00
Dane Everitt
40c68a5391 Add title to copyright 2016-01-20 16:05:16 -05:00
Dane Everitt
026df6a36f Relicense project under MIT 
Permission obtained from @DDynamic. Contributions from other users were
removed since we did not obtain permission from them for the re-license.

From this point forward all contributors must have a signed Contributor
License Agreement on file.
 2016-01-20 15:56:40 -05:00
Dane Everitt
b0bcb879d0 Add license details to add app files. 2016-01-19 19:10:39 -05:00
Dane Everitt
ac6edc4d64 Completed subuser system 2016-01-18 19:57:10 -05:00
Dane Everitt
b7666bdb05 Basic initial subuser management 2016-01-18 01:24:33 -05:00
Dane Everitt
644f26fbfe Add location creation 2016-01-16 23:10:46 -05:00
Dane Everitt
fb5533f107 add location editing 2016-01-16 22:57:28 -05:00
Dane Everitt
21a95a5d0e Add location delete support 2016-01-16 22:29:35 -05:00
Dane Everitt
861af87e93 Fix password reset system 2016-01-16 21:57:10 -05:00
Dane Everitt
8e92f96999 Fix logout 2016-01-16 21:45:35 -05:00
Dane Everitt
c701aa0825 Add support for CIDR ranges on API 2016-01-16 20:17:46 -05:00
Dane Everitt
317698a84a encrypt API keys 2016-01-16 20:11:31 -05:00
Dane Everitt
3e595ca856 Add API Management to admin CP 2016-01-16 19:56:48 -05:00
Dane Everitt
ade16e64c8 Fix api route permission 2016-01-16 17:34:07 -05:00
Dane Everitt
a6bc36a710 add initial api management page 2016-01-16 01:20:27 -05:00
Dane Everitt
ac65d5fa21 Finish base API. 
Making PR, any additional API functions or modifications can be done
within the repository now.
 2016-01-16 00:25:21 -05:00
Dane Everitt
77e3744b40 Change authentication method for API. 2016-01-15 19:26:50 -05:00
Dane Everitt
63f377a038 Add more API routes 
Servers: list all, list single
Nodes: list all, list single, list single allocations, add node
Locations: list all
 2016-01-15 17:54:29 -05:00
Dane Everitt
0ccaa16ea4 Fix exceptions thrown to mimic proper HTTP status codes 2016-01-15 00:20:58 -05:00
Dane Everitt
69c2e89fe0 Fix some missing exceptions and validation handling for users 2016-01-15 00:08:50 -05:00
Dane Everitt
8c9e797210 Finish user portion of API 2016-01-14 23:13:26 -05:00
Dane Everitt
4604500349 Replace tabs with Spaces 
I *really* wish Atom would stop doing this to me.
 2016-01-12 23:49:56 -05:00
Dane Everitt
695728295a Add support for creating a user using the API 2016-01-12 23:43:33 -05:00
Dane Everitt
3114c1f73e Add user specific listing route 2016-01-12 22:59:34 -05:00
Dane Everitt
72acf06353 Improve API auth to rate limit requests and verify they are root_admin 2016-01-12 22:59:24 -05:00
Dane Everitt
2def94c958 Update routes to use CSRF protection 2016-01-12 21:50:43 -05:00
Dane Everitt
98b3355158 very basic initial push of API 2016-01-12 01:05:44 -05:00
Dane Everitt
a3eb4b7dc4 Update to Laravel 5.2 2016-01-11 22:04:11 -05:00
Dane Everitt
02f6bf428e Show initial locations list 2016-01-10 19:22:21 -05:00
Dane Everitt
1d97b0be98 Add support for modification of server startup variables and command 2016-01-10 18:57:22 -05:00
Dane Everitt
232c05c31d Add support for deleting nodes 
Finishes node management
 2016-01-10 16:59:19 -05:00
Dane Everitt
179481c547 Add support for allocation management on nodes. 
Allows deleting entire IP blocks, as well as allocating new IPs and
Ports via CIDR ranges, single IP, and single ports or a port range.
 2016-01-10 00:38:16 -05:00
Dane Everitt
a1c6aa6358 Clean up setting allocation front-end 2016-01-08 22:36:57 -05:00