Commit graph

22 commits

Author SHA1 Message Date
Dane Everitt
f9fc3f4370
Update interface to begin change to seperate account API keys and application keys
Main difference is permissions, cleaner UI for normal users, and account keys use permissions assigned to servers and subusers while application keys use R/W ACLs stored in the key table.
2018-01-14 13:30:55 -06:00
Dane Everitt
7aa540b895
Remove api permissions table 2018-01-14 12:05:18 -06:00
Dane Everitt
e3df0738da
Change the way API keys are stored and validated; clarify API namespacing
Previously, a single key was used to access the API, this has not changed in terms of what the user sees. However, API keys now use an identifier and token internally. The identifier is the first 16 characters of the key, and the token is the remaining 32. The token is stored encrypted at rest in the database and the identifier is used by the API middleware to grab that record and make a timing attack safe comparison.
2018-01-13 16:06:19 -06:00
Dane Everitt
47e14ccaae
API key UI changes and backend storage of the keys 2017-11-19 13:32:17 -06:00
Dane Everitt
4203cdcb77
Merge branch 'develop' of https://github.com/Pterodactyl/Panel into develop 2017-09-02 00:21:17 -05:00
Dane Everitt
53d1182645
Add unit tests for API key controller 2017-09-02 00:21:15 -05:00
Dane Everitt
30660cfac2 Apply fixes from StyleCI (#609) 2017-08-30 21:14:20 -05:00
Dane Everitt
e045ef443a
Should wrap up the base landing page stuff for accounts, next step is server rendering 2017-08-30 21:11:14 -05:00
Dane Everitt
3ee5803416
Massive PHPCS linting 2017-08-21 22:10:48 -05:00
Dane Everitt
2588c25b0b
Service refactor to improve organization 2017-07-08 15:04:59 -05:00
Dane Everitt
4ee9d38ad1
Add ApiKey service, cleanup old API key methods
https://zube.io/pterodactyl/panel/c/525
2017-06-25 15:31:50 -05:00
Dane Everitt
722fd614a1
Add new dynamic view for creating API keys 2017-04-09 18:59:54 -04:00
Dane Everitt
0312c974f5
Update doc blocks for all app/ 2017-03-19 19:36:50 -04:00
Dane Everitt
b8c3ab6960
closes #339 2017-03-16 19:56:58 -04:00
Dane Everitt
b11029a666 Apply fixes from StyleCI (#312)
* Bump for release

* Apply fixes from StyleCI
2017-02-18 22:57:50 -05:00
Dane Everitt
516e2dc5ee
Add back API key deletion 2017-02-16 12:57:48 -05:00
Dane Everitt
3b3002b77a
API Model updates. 2017-02-10 17:29:10 -05:00
Dane Everitt
bf7b58470a
Update copyright headers 2017-01-24 17:57:08 -05:00
spaceemotion
a85ac87ae8 Refactor to use more laravel logic and improve compatibility with older PHP versions (#206)
* Fix @param namespaces for PHPDocs in ServerPolicy

* Reduce permission check duplication in ServerPolicy

This introduces a new checkPermission method to reduce code duplication when checking for permissions.

* Simplify logic to list accessible servers for the user

We can directly use the pluck function that laravel collections provide to simplify the logic.

* Fix pagination issue when databases/servers exceed 20

Laravels strips out the currently selected tab (or any GET query for that matter) by default when using pagination. the appends() methods helps with keeping that information.

* Refactor unnecessary array_merge calls

We can just append to the array instead of constantly merging a new copy.

* Fix accessing “API Access” on some versions of PHP

The “new” word is reserved and should not be used as a method name.

http://stackoverflow.com/questions/9575590/why-am-i-getting-an-unexpected-t-new-error-in-php

* Fix revoking API keys on older versions of php (5.6)

“string” was not a valid function argument type yet, so revoking keys results in an error on older installations.

* Fix issues with API due to methods named “list”

“list” is yet another reserved keyword in PHP and messes up older installations of PHP (5.6).
This renames all methods named “list” to “lists”. The API route names are left untouched (e.g. still called “api.admin.users.list”).

* Refactor and shorten some API logic

Used laravel collection methods where applicable to directly transform the values instead of converting back and forth.
This also removes some dead variables that were never used as well as getting rid of a n+1 problem in the Service API (loading service variables afterwards, not during the model creation).

* Return model save status in repositories where applicable

* Fix typo in ServicePolicy#powerStart

* Apply StyleCI corrections
2016-12-12 14:30:57 -05:00
Dane Everitt
c1fb0a665f Apply fixes from StyleCI 2016-12-07 22:46:38 +00:00
Dane Everitt
53ec2c55ec
Add front-end support for adding and deleting API keys. 2016-10-20 18:20:58 -04:00
Dane Everitt
745c735b32
Add initial basic API changes
New route is `/api/me`
2016-10-14 20:22:23 -04:00