Alex 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							5120590e47 
							
						 
					 
					
						
						
							
							ref: remove google analytics ( #3912 )  
						
						
						
						
					 
					
						2022-02-05 09:08:43 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							dfa329ddf2 
							
						 
					 
					
						
						
							
							[security] ensure session is only for that request when authenticating user API key  
						
						... 
						
						
						
						https://github.com/pterodactyl/panel/security/advisories/GHSA-7v3x-h7r2-34jv  
					
						2022-01-19 21:09:17 -05:00 
						 
				 
			
				
					
						
							
							
								Alex 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							28f7a809a5 
							
						 
					 
					
						
						
							
							fix: exception localization ( #3850 )  
						
						... 
						
						
						
						resolves  #3849  
					
						2022-01-15 08:10:37 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							bf9cbe2c6d 
							
						 
					 
					
						
						
							
							Add consistent CSRF token verification to API endpoints; address security concern with non-CSRF protected endpoints  
						
						
						
						
					 
					
						2021-11-16 20:02:18 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							17c03e9a4d 
							
						 
					 
					
						
						
							
							Fix broken session management for application api  
						
						
						
						
					 
					
						2021-11-03 21:33:21 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							60eff40a0c 
							
						 
					 
					
						
						
							
							Fix session management on client API requests;  closes   #3727  
						
						... 
						
						
						
						Versions of Pterodactyl prior to 1.6.3 used a different throttle pathway for
requests. That pathway found the current request user before continuing on to
other in-app middleware, thus the user was available downstream.
Changes introduced in 1.6.3 changed the throttler logic, therefore removing this
step. As a result, the client API could not always get the currently authenticated
user when cookies were used (aka, requests from the Panel UI, and not API directly).
This change corrects the logic to get the session setup correctly before falling
through to authenticating as a user using the API key. If a cookie is present and a
user is found as a result that session will be used. If an API key is provided it is
ignored when a cookie is also present.
In order to keep the API stateless any session created for an API request stemming
from an API key will have the associated session deleted at the end of the request,
and the 'Set-Cookies' header will be stripped from the response. 
						
						
					 
					
						2021-11-03 20:51:39 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							22a8b2b3a2 
							
						 
					 
					
						
						
							
							Use more standardized rate limiting in Laravel; apply limits to auth routes  
						
						
						
						
					 
					
						2021-10-23 12:17:16 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							4a84c36009 
							
						 
					 
					
						
						
							
							Fix security vulnerability when authenticating a two-factor authentication token for a user  
						
						... 
						
						
						
						See associated security advisory for technical details on the content of this security fix.
GHSA ID: GHSA-5vfx-8w6m-h3v4 
						
						
					 
					
						2021-09-21 21:30:08 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e96ead4c4d 
							
						 
					 
					
						
						
							
							Update API calls to Wings to only pass the required details with the changes to the installer system  
						
						
						
						
					 
					
						2021-08-29 14:09:43 -07:00 
						 
				 
			
				
					
						
							
							
								Matthew Penner 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							b4cae916ac 
							
						 
					 
					
						
						
							
							transfers: fix allocation array merging logic ( #3551 )  
						
						
						
						
					 
					
						2021-08-18 12:58:41 -06:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							2b3303c46b 
							
						 
					 
					
						
						
							
							Fix changing a user password to not incorrectly handle logging out old sessions;  closes   #3531  
						
						
						
						
					 
					
						2021-08-15 17:37:12 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							25d9ba4779 
							
						 
					 
					
						
						
							
							Run php-cs-fixer  
						
						
						
						
					 
					
						2021-08-15 17:20:36 -07:00 
						 
				 
			
				
					
						
							
							
								Matthew Penner 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							10b357b71e 
							
						 
					 
					
						
						
							
							ui(server): fix used backup count ( #3526 )  
						
						... 
						
						
						
						* ui(server): fix used backup count
* ui(server): refactor backup count code 
						
						
					 
					
						2021-08-04 20:34:00 -07:00 
						 
				 
			
				
					
						
							
							
								Matthew Penner 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							970f281859 
							
						 
					 
					
						
						
							
							backups: default is_successful to false ( #3522 )  
						
						... 
						
						
						
						* backups: default is_successful to false
* backups: properly query backups 
						
						
					 
					
						2021-08-03 19:45:25 -07:00 
						 
				 
			
				
					
						
							
							
								Mia 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							bda1ff50ab 
							
						 
					 
					
						
						
							
							[UI] Display the 2FA token, show spinner on load ( #3367 )  
						
						... 
						
						
						
						Co-authored-by: Dane Everitt <dane@daneeveritt.com> 
						
						
					 
					
						2021-08-02 20:39:12 -07:00 
						 
				 
			
				
					
						
							
							
								Matthew Penner 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							1a79b4827c 
							
						 
					 
					
						
						
							
							backups: allow updating a failed backup ( #3470 )  
						
						
						
						
					 
					
						2021-07-18 08:46:20 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							d049839ffc 
							
						 
					 
					
						
						
							
							Fix deleting a backup that is locked and failed;  closes   #3404  
						
						
						
						
					 
					
						2021-06-13 10:26:47 -07:00 
						 
				 
			
				
					
						
							
							
								Mark Ross 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							d45c67a6e1 
							
						 
					 
					
						
						
							
							Allow to find servers by short UUID (Application API) ( #3340 )  
						
						
						
						
					 
					
						2021-06-05 08:43:57 -07:00 
						 
				 
			
				
					
						
							
							
								Alex 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							9656378783 
							
						 
					 
					
						
						
							
							Fix 401 error typo ( #3393 )  
						
						
						
						
					 
					
						2021-06-03 13:35:51 -07:00 
						 
				 
			
				
					
						
							
							
								Charles Morgan 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							76ac1998cf 
							
						 
					 
					
						
						
							
							Don't allow backups to be made via schedules if limit = 0 ( #3323 )  
						
						
						
						
					 
					
						2021-05-16 09:47:36 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							5d5e4ca7b1 
							
						 
					 
					
						
						
							
							Add support for locking backups to prevent any accidental deletions  
						
						
						
						
					 
					
						2021-05-03 21:26:09 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							92cd659db3 
							
						 
					 
					
						
						
							
							Add underlying data changes necessary for new task & schedule features  
						
						
						
						
					 
					
						2021-05-01 10:44:40 -07:00 
						 
				 
			
				
					
						
							
							
								Julien Tant 
							
						 
					 
					
						
						
						
						
							
						
						
							552b9d3c33 
							
						 
					 
					
						
						
							
							Add possibility to run disabled cron  
						
						
						
						
					 
					
						2021-04-24 15:06:21 -07:00 
						 
				 
			
				
					
						
							
							
								Lance Pioch 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							77a3ca682f 
							
						 
					 
					
						
						
							
							Change to actual function names to support MariaDB  
						
						
						
						
					 
					
						2021-04-08 17:34:25 -04:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							45680cab47 
							
						 
					 
					
						
						
							
							Don't use tagging,  closes   #3224  
						
						
						
						
					 
					
						2021-04-03 10:53:41 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							48ad8f538e 
							
						 
					 
					
						
						
							
							Always allow specifying a page size with the API;  closes   #3218  
						
						
						
						
					 
					
						2021-03-26 09:03:51 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							9b46d59045 
							
						 
					 
					
						
						
							
							Cache resource lookup results for 20 seconds for each server  
						
						
						
						
					 
					
						2021-03-21 12:29:18 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							8c7d785c9e 
							
						 
					 
					
						
						
							
							Ensure a created_at value is set on recovery tokens;  closes   #3163  
						
						
						
						
					 
					
						2021-03-21 10:43:01 -07:00 
						 
				 
			
				
					
						
							
							
								Matthew Penner 
							
						 
					 
					
						
						
						
						
							
						
						
							582521f419 
							
						 
					 
					
						
						
							
							fix: backup restore delete all files  
						
						
						
						
					 
					
						2021-03-12 14:47:49 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							1476104b30 
							
						 
					 
					
						
						
							
							Fix inability to download files from the panel;  closes   #3151  
						
						... 
						
						
						
						Co-Authored-By: xcgc <74693042+xcgc@users.noreply.github.com> 
						
						
					 
					
						2021-03-07 09:45:27 -08:00 
						 
				 
			
				
					
						
							
							
								xcgc 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							397df3bf71 
							
						 
					 
					
						
						
							
							Update ServerInstallController.php  
						
						
						
						
					 
					
						2021-03-06 15:52:24 +08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							1b2c4931ee 
							
						 
					 
					
						
						
							
							Add endpoint logic necessary to reset server states if they get stuck installing/restoring when wings restarts  
						
						
						
						
					 
					
						2021-02-23 21:20:02 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							94ea9c37d0 
							
						 
					 
					
						
						
							
							Don't require auto-allocation settings if not enabled;  closes   #3085  
						
						
						
						
					 
					
						2021-02-17 21:11:23 -08:00 
						 
				 
			
				
					
						
							
							
								Matthew Penner 
							
						 
					 
					
						
						
						
						
							
						
						
							352910f897 
							
						 
					 
					
						
						
							
							api(remote): fix inproper reading of boolean for installation status  
						
						
						
						
					 
					
						2021-02-06 10:16:08 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							00da092e45 
							
						 
					 
					
						
						
							
							Fix tests  
						
						
						
						
					 
					
						2021-01-30 19:12:22 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e30a765071 
							
						 
					 
					
						
						
							
							Simplify logic when a server is in an unsupported state  
						
						
						
						
					 
					
						2021-01-30 13:28:31 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							be26921fcc 
							
						 
					 
					
						
						
							
							Merge branch 'develop' into dane/restore-backups  
						
						
						
						
					 
					
						2021-01-30 10:10:29 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							5515871b2f 
							
						 
					 
					
						
						
							
							Turns out I hate that huge space formatting, disable that mess  
						
						
						
						
					 
					
						2021-01-27 20:52:11 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							b00def2537 
							
						 
					 
					
						
						
							
							Switch to JSON from TEXT when storing denylist items for an egg;  closes   #3034  
						
						
						
						
					 
					
						2021-01-26 21:08:53 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							0dd0f09238 
							
						 
					 
					
						
						
							
							Formatting cleanup for backups  
						
						
						
						
					 
					
						2021-01-25 19:25:15 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							0a2c89e9f4 
							
						 
					 
					
						
						
							
							Reeformat with new rules post merge  
						
						
						
						
					 
					
						2021-01-25 19:20:51 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							663143de0b 
							
						 
					 
					
						
						
							
							Merge branch 'develop' into dane/restore-backups  
						
						
						
						
					 
					
						2021-01-25 19:16:40 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							b480a9e4e2 
							
						 
					 
					
						
						
							
							Make php-cs-fixer work in phpstorm  
						
						
						
						
					 
					
						2021-01-23 13:44:35 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							c449ca5155 
							
						 
					 
					
						
						
							
							Use more standardized phpcs  
						
						
						
						
					 
					
						2021-01-23 12:33:34 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							a043071e3c 
							
						 
					 
					
						
						
							
							Update to Laravel 8  
						
						... 
						
						
						
						Co-authored-by: Matthew Penner <me@matthewp.io> 
						
						
					 
					
						2021-01-23 12:12:54 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							aab353d91e 
							
						 
					 
					
						
						
							
							Merge pull request  #3011  from AreYouRlyScared/addcronmonth  
						
						... 
						
						
						
						Adds months for schedules 
						
						
					 
					
						2021-01-20 20:10:26 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e8dcd30e0c 
							
						 
					 
					
						
						
							
							[security] fix resources not properly returning an error when they don't match the server in the URL  
						
						... 
						
						
						
						Prior to this fix certain resources were accessible even when their assigned server was not the same as the server in the URL. This causes the resource server relationship to not match the server variable present on the request.
Due to this failed logic it was possible for users to access resources they should not have been able to access otherwise for some areas of the panel. 
						
						
					 
					
						2021-01-19 21:19:17 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							f24193801a 
							
						 
					 
					
						
						
							
							Add endpoint for triggering restoration completion  
						
						
						
						
					 
					
						2021-01-18 21:14:49 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							8d69a60e28 
							
						 
					 
					
						
						
							
							Only allow restoring valid backups, set the server correctly on the repository  
						
						
						
						
					 
					
						2021-01-18 20:11:49 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							87371901c0 
							
						 
					 
					
						
						
							
							Add base logic to support sending a request to restore a backup for a server  
						
						
						
						
					 
					
						2021-01-17 17:51:09 -08:00