Boy132 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							032e4f2e31 
							
						 
					 
					
						
						
							
							Apply node maintenance mode to servers ( #4421 )  
						
						
						
						
					 
					
						2022-11-06 16:02:30 -07:00 
						 
				 
			
				
					
						
							
							
								Matthew Penner 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							cbcf62086f 
							
						 
					 
					
						
						
							
							Upgrade to Laravel 9 ( #4413 )  
						
						... 
						
						
						
						Co-authored-by: DaneEveritt <dane@daneeveritt.com> 
						
						
					 
					
						2022-10-14 10:59:20 -06:00 
						 
				 
			
				
					
						
							
							
								DaneEveritt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							6ffe5730da 
							
						 
					 
					
						
						
							
							Log when an API key is blocked due to IP restrictions  
						
						
						
						
					 
					
						2022-06-18 12:04:51 -04:00 
						 
				 
			
				
					
						
							
							
								DaneEveritt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							b051718afe 
							
						 
					 
					
						
						
							
							Fix up API handling logic for keys and set a prefix on all keys  
						
						
						
						
					 
					
						2022-05-22 19:03:51 -04:00 
						 
				 
			
				
					
						
							
							
								DaneEveritt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							bd37978a98 
							
						 
					 
					
						
						
							
							Initial pass at implementing Laravel Sanctum for authorization on the API  
						
						
						
						
					 
					
						2022-05-22 14:57:06 -04:00 
						 
				 
			
				
					
						
							
							
								DaneEveritt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e313dff674 
							
						 
					 
					
						
						
							
							Massively simplify API binding logic  
						
						... 
						
						
						
						Changes the API internals to use normal Laravel binding which automatically supports nested-models and can determine their relationships. This removes a lot of confusingly complex internal logic and replaces it with standard Laravel code.
This also removes a deprecated "getModel" method and fully replaces it with a "parameter" method that does stricter type-checking. 
						
						
					 
					
						2022-05-22 14:10:01 -04:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							dfa329ddf2 
							
						 
					 
					
						
						
							
							[security] ensure session is only for that request when authenticating user API key  
						
						... 
						
						
						
						https://github.com/pterodactyl/panel/security/advisories/GHSA-7v3x-h7r2-34jv  
					
						2022-01-19 21:09:17 -05:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							bf9cbe2c6d 
							
						 
					 
					
						
						
							
							Add consistent CSRF token verification to API endpoints; address security concern with non-CSRF protected endpoints  
						
						
						
						
					 
					
						2021-11-16 20:02:18 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							60eff40a0c 
							
						 
					 
					
						
						
							
							Fix session management on client API requests;  closes   #3727  
						
						... 
						
						
						
						Versions of Pterodactyl prior to 1.6.3 used a different throttle pathway for
requests. That pathway found the current request user before continuing on to
other in-app middleware, thus the user was available downstream.
Changes introduced in 1.6.3 changed the throttler logic, therefore removing this
step. As a result, the client API could not always get the currently authenticated
user when cookies were used (aka, requests from the Panel UI, and not API directly).
This change corrects the logic to get the session setup correctly before falling
through to authenticating as a user using the API key. If a cookie is present and a
user is found as a result that session will be used. If an API key is provided it is
ignored when a cookie is also present.
In order to keep the API stateless any session created for an API request stemming
from an API key will have the associated session deleted at the end of the request,
and the 'Set-Cookies' header will be stripped from the response. 
						
						
					 
					
						2021-11-03 20:51:39 -07:00 
						 
				 
			
				
					
						
							
							
								Alex 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							9656378783 
							
						 
					 
					
						
						
							
							Fix 401 error typo ( #3393 )  
						
						
						
						
					 
					
						2021-06-03 13:35:51 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e30a765071 
							
						 
					 
					
						
						
							
							Simplify logic when a server is in an unsupported state  
						
						
						
						
					 
					
						2021-01-30 13:28:31 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							c449ca5155 
							
						 
					 
					
						
						
							
							Use more standardized phpcs  
						
						
						
						
					 
					
						2021-01-23 12:33:34 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							a043071e3c 
							
						 
					 
					
						
						
							
							Update to Laravel 8  
						
						... 
						
						
						
						Co-authored-by: Matthew Penner <me@matthewp.io> 
						
						
					 
					
						2021-01-23 12:12:54 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e8dcd30e0c 
							
						 
					 
					
						
						
							
							[security] fix resources not properly returning an error when they don't match the server in the URL  
						
						... 
						
						
						
						Prior to this fix certain resources were accessible even when their assigned server was not the same as the server in the URL. This causes the resource server relationship to not match the server variable present on the request.
Due to this failed logic it was possible for users to access resources they should not have been able to access otherwise for some areas of the panel. 
						
						
					 
					
						2021-01-19 21:19:17 -08:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							6c39288def 
							
						 
					 
					
						
						
							
							Clarify error messaging for transfers  
						
						
						
						
					 
					
						2020-12-24 10:14:10 -08:00 
						 
				 
			
				
					
						
							
							
								Matthew Penner 
							
						 
					 
					
						
						
						
						
							
						
						
							37cfa151b6 
							
						 
					 
					
						
						
							
							Use ServerTransferringException  
						
						
						
						
					 
					
						2020-12-17 10:37:14 -07:00 
						 
				 
			
				
					
						
							
							
								Matthew Penner 
							
						 
					 
					
						
						
						
						
							
						
						
							e69d9b2c26 
							
						 
					 
					
						
						
							
							Update comment in AuthenticateServerAccess.php  
						
						
						
						
					 
					
						2020-12-17 10:35:54 -07:00 
						 
				 
			
				
					
						
							
							
								Matthew Penner 
							
						 
					 
					
						
						
						
						
							
						
						
							fd848985ee 
							
						 
					 
					
						
						
							
							Add ServerTransferringException, use is_null  
						
						
						
						
					 
					
						2020-12-17 10:35:54 -07:00 
						 
				 
			
				
					
						
							
							
								Matthew Penner 
							
						 
					 
					
						
						
						
						
							
						
						
							e6c4a68e4a 
							
						 
					 
					
						
						
							
							Update logic for tracking a server's transfer state  
						
						
						
						
					 
					
						2020-12-17 10:35:54 -07:00 
						 
				 
			
				
					
						
							
							
								Matt Malec 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							df64026449 
							
						 
					 
					
						
						
							
							Update AuthenticateIPAccess.php  
						
						... 
						
						
						
						Fix a 500 error when processing a request with an IP filter 
						
						
					 
					
						2020-11-08 21:57:22 -05:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							c00e5b36a5 
							
						 
					 
					
						
						
							
							Return all servers for a node as a paginated response  
						
						... 
						
						
						
						Avoids crashing the PHP process and avoids a bad runaway N+1 query issue that previously existed. 
						
						
					 
					
						2020-10-31 11:14:28 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							f31a6d3967 
							
						 
					 
					
						
						
							
							Fix parameter bindings for client API routes;  closes   pterodactyl/panel#2359  
						
						
						
						
					 
					
						2020-09-27 10:39:18 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							906cfce81c 
							
						 
					 
					
						
						
							
							Don't return a 403 when returning resources for a suspended server;  closes   #2279  
						
						
						
						
					 
					
						2020-08-30 09:54:59 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							540cc82e3d 
							
						 
					 
					
						
						
							
							Don't resolve database hosts;  closes   #2237  
						
						
						
						
					 
					
						2020-08-19 20:38:51 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							61e9771333 
							
						 
					 
					
						
						
							
							Code cleanup for subuser API endpoints;  closes   #2247  
						
						
						
						
					 
					
						2020-08-19 20:21:12 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							2278927fb6 
							
						 
					 
					
						
						
							
							Update allocations to support ids; protect endpoints; support notes  
						
						
						
						
					 
					
						2020-07-09 20:36:08 -07:00 
						 
				 
			
				
					
						
							
							
								DarthShmev 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							06ece0e624 
							
						 
					 
					
						
						
							
							Fix AuthenticateServerAccess middleware spelling issue.  
						
						
						
						
					 
					
						2020-07-05 15:48:02 -04:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							fde8465f35 
							
						 
					 
					
						
						
							
							Show a better error when JSON data cannot be parsed in the request  
						
						
						
						
					 
					
						2020-06-30 20:05:11 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							536180ed0c 
							
						 
					 
					
						
						
							
							Return Http test cases to a passing state  
						
						
						
						
					 
					
						2020-06-23 21:59:37 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							16e14621c8 
							
						 
					 
					
						
						
							
							Better error messaging when server is suspended  
						
						
						
						
					 
					
						2020-06-22 20:22:52 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							6056b6f45d 
							
						 
					 
					
						
						
							
							Show console when an admin is viewing an installing server  
						
						
						
						
					 
					
						2020-04-26 13:21:39 -07:00 
						 
				 
			
				
					
						
							
							
								Matthew Penner 
							
						 
					 
					
						
						
						
						
							
						
						
							658a959e5d 
							
						 
					 
					
						
						
							
							Fix trailing comma in DaemonAuthenticate.php, change ServerDetailsController.php to use node authentication  
						
						
						
						
					 
					
						2020-04-10 17:54:50 -06:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							2532a73425 
							
						 
					 
					
						
						
							
							Don't throw errors if bad data is sent in the header  
						
						
						
						
					 
					
						2020-04-10 15:53:19 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							7557dddf49 
							
						 
					 
					
						
						
							
							Store node daemon tokens in an encrypted manner  
						
						
						
						
					 
					
						2020-04-10 15:15:38 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							be05d2df81 
							
						 
					 
					
						
						
							
							Add support for generating a signed URL for downloading a file from the daemon  
						
						
						
						
					 
					
						2020-04-04 19:54:59 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							1f92a7de33 
							
						 
					 
					
						
						
							
							Authenticate that the request is coming from someone that should even know about the server  
						
						
						
						
					 
					
						2020-03-28 16:23:18 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							7543ef085d 
							
						 
					 
					
						
						
							
							Format files  
						
						
						
						
					 
					
						2019-09-05 21:32:57 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							95d19bf09e 
							
						 
					 
					
						
						
							
							Update logic that handles creation of folders for a server  
						
						
						
						
					 
					
						2019-05-01 21:45:39 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							0999ec93c3 
							
						 
					 
					
						
						
							
							More logic for deleting databases  
						
						
						
						
					 
					
						2018-08-25 15:07:42 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							9be2aa4ca9 
							
						 
					 
					
						
						
							
							Push beginning of DB deletion stuff  
						
						
						
						
					 
					
						2018-08-25 14:43:21 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							8bbe6bc279 
							
						 
					 
					
						
						
							
							Add test, fix behavior of model creation  
						
						
						
						
					 
					
						2018-07-14 22:58:33 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							550c622d3b 
							
						 
					 
					
						
						
							
							Obliterate JWT from codebase  
						
						
						
						
					 
					
						2018-07-14 22:48:09 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							6336e5191f 
							
						 
					 
					
						
						
							
							Strip out JWT usage and use cookies to track the currently logged in user  
						
						
						
						
					 
					
						2018-07-14 22:42:58 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							c82f273d85 
							
						 
					 
					
						
						
							
							Fix remaining broken tests  
						
						
						
						
					 
					
						2018-07-04 19:38:23 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e7faf979a1 
							
						 
					 
					
						
						
							
							Change login handling to automatically redirect a user if their session will need renewal.  
						
						
						
						
					 
					
						2018-06-16 14:05:39 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							03c83c084a 
							
						 
					 
					
						
						
							
							Revert use of cookies, go back to using a JWT  
						
						
						
						
					 
					
						2018-06-06 22:49:44 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							5bcabbde35 
							
						 
					 
					
						
						
							
							Get dashboard in a more working state  
						
						
						
						
					 
					
						2018-06-05 23:42:34 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							a1444b047e 
							
						 
					 
					
						
						
							
							Fix JWT handling for API access when logging in  
						
						
						
						
					 
					
						2018-05-28 14:59:48 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							6e5c365018 
							
						 
					 
					
						
						
							
							Use the client API to load servers on the listing page  
						
						
						
						
					 
					
						2018-05-28 13:23:40 -07:00 
						 
				 
			
				
					
						
							
							
								Dane Everitt 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							ad69193ac0 
							
						 
					 
					
						
						
							
							Add JWT to login forms  
						
						
						
						
					 
					
						2018-05-28 12:48:42 -07:00