* Add new panel
* Add some basic resource pages
* Wip
* Wip terminal
* Wip
* Add new panel
* Add some basic resource pages
* Wip
* [Sub-Users] Add Invite
TODO: The logic with permissions
* [Sub-Users] Fix Creation
* [Cron] Add basics
* Add basic auth and messages
* Add basic buttons
* WIP on issue/353
* WIP on issue/353
* Add Database page
* Update Database Page
* Start of Backup Page
* Composer Update
* Changes
* Send input
* Remove this includes
* Better offline handling
* Consolidate top nav config
* Update Backups Page
* Update Backups
* Change name
* Add Assign All, Layout Fixes.
* conflict
* update schedule pages
* fix phpstan
* update pint.json
* add cron presets to schedule
* fix tests
* fix task creation
* schedules: disable task creation if limit is reached & disable backup action if backup limit is 0
* update activity pages
* update resources
* Update Edit User
TODO: actually save permissions when they're changed.
TODO: Figure out why Control does not update it's state... but the rest do...
* .... Sure it works.
TODO: Update permissions when you save editing a sub user.
* user: update canAccessPanel & canAccessTenant
* add helper to convert bytes into readable format
* very basic file explorer
* files: fix some stuff & remove dummy data
* files: better error handling
* files: basic file editor
* files: add some actions
* File manager updates
* files: fix paths
* Revery Composer Upgrade, Fixes SQLite
* fix: Pint (#517)
feat: MenuItems to and from admin
* Update File Editing
Updated File Editing to its own page,
Added Permission checks for file manager.
Co-authored-by: Boy132 <Boy132@users.noreply.github.com>
* add enum for editor langs
* files: add upload & pull actions
* fix build
* files: handle images
* Update to Filament v3.2.98
* files: add remaining actions
* use `authorize` instead of `hidden`
* fix canAccessTenant
* update date columns
* files: testing & fixes
* Fix File Names
Co-authored-by: lancepioch <git@lance.sh>
* Combine Pull/Upload
* Fix BulkDelete
* Uncontained tabs
* Hide Lang Selection, Move Actions
* Update Monaco, more custom
* Add livewire config
livewire limits uploads to 12MB... who knows why...
Fixed uploading a single files failing
* files: fix record url
* basic setup for settings & startup page
* make abstract class for simple app pages
* Basic Startup Page
* Update nav sort
* small cleanup
* startup: fix shouldHideComponent & getSelectOptionsFromRules
* startup: fix non editable fields & set default value
* startup: add todo for save button
* Save Variables after update & off click
Variables update when the user clicks off the input.
* Notifications are cool
* Add rule validation
* Sort variables by sortid
* pint
* Settings Page + Startup Changes
* settings: cleanup
* refactor: use server model for ServerFormPage (formerly known as SimplePage)
* Use Repeater for variables
* Add Network, Remove breadcrumbs
* Add paginated to file explorer
* Fix updating variables
* Add link to go to new client area
* fix after merge
* Add graphs to console page
Graphs still need to get the data from the web socket.
* fix pint & phpstan
* fix authorizeAccess for EditFiles and Startup page
* Fix rules on startup page
* Update console size
* Fix node name
* add "global search" to files list
requires https://github.com/pelican-dev/wings/pull/44
* remove debug dummy data
* update view action on ListServers
* enable SPA mode for app panel
* remove colors from app panel
they are defined globally in AppServiceProvider
* update global search ui a bit
(to be replaced with a custom page that is similar to the list files table)
* add own page for global search
untested - and route needs cleanup (if possible)
* fix File getRows
* remove "path" from SearchFiles (for now)
* fix caching for searched files
* add title and breadcrumbs to global search page
* make cpu & memory charts on console page working
* fix phpstan
* add missing import
* cleanup console views & widgets
* add overview stats to console
* don't be so lazy, console!
* make history working
* decode data to get array
* add missing On
* fix json_decode
* change polling to 1 sec
* hide "0" cpu/ memory
* add data to network chart
* Remove data labels
* fix data on network chart
* fix data on network chart (2nd try)
* WIP Network Stats
* Remove test
* Change MaxWidth
* run pint
* fix phpstan
* Fix storeStats cast
* make $data a string
this time for real
* update visible check for "admin" menu item
* remove account widget
* rebrand "Dashboard" to "Server List"
WIP - doesn't look good but is somewhat working
* fix canAccessPanel
* separate server list into own panel
* change path to avoid conflicts with old client area (and remove sidebar width)
* display correct icon and color on server list entries
* show total memory if server is offline
* replace custom server list page with ListRecords page
* fix tests
* fix namespace
* remove "open" button and make whole column clickable
* Update EditProfile
* run pint
* fix access to server list
* add new login page to panels
* fix next_run_at for new schedules
* use new DateTimeColumn
* add own column for file bytes
* return to server list when clicking title
* fix console loading
* handle server with "conflict state"
* add banner if server is in "conflict state"
* fix phpstan
* update docker image select
* fix permission checks on Settings & Startup pages
* fix query for activity log page
* fix activity log not being logged
* adjust ListActivities
* fix phpstan
* fix pint
* fix profile menu item link on server panel
* add ip tooltip to activity logs (and role permission)
* change backup icon
* update navigation sort
* general code cleanup
* more cleanup
* Disable Restart/Stop if server is offline
* Change rename notification
* Remove negation on abort_unless
* Add notification on save
* Single disabled closure & comment unused import
* Add required to Server Name & Nullable to description
* mutateFormDataBeforeSave doesn't work since we use forceFill
* Fix web socket connection not existing.
* Fix some subuser permissions
* add permission checks to resources
* do not allow self-deletion
* Update editing file permissions
* Fix of the previous fix
* add service for subuser updating
* Only allow save if they have file_update
* Remove unused import
* Update backup delete button
* Add Delete, remove bulks
* Update Database page
* Use Allocation Permissions
* add canAccess check to startup
* Add Permission checks to Settings page
* add service for subuser deletion
* Remove Kill permission
* Updates
* fix move files
* add redirects
* fix phpstan
* activity: remove properties from tans for now
* If alias, use that, else ip
---------
Co-authored-by: notCharles <charles@pelican.dev>
Co-authored-by: Boy132 <mail@boy132.de>
Co-authored-by: Senna <62171904+Poseidon281@users.noreply.github.com>
Co-authored-by: Boy132 <Boy132@users.noreply.github.com>
Co-authored-by: RMartinOscar <40749467+RMartinOscar@users.noreply.github.com>
* add laravel turnstile
* add config & settings for turnstile
* publish view to center captcha
* completely replace reCAPTCHA
* update FailedCaptcha event
* add back config for domain verification
* don't set language so browser lang is used
* add spatie/permissions
* add policies
* add role resource
* add root admin role handling
* replace some "root_admin" with function
* add model specific permissions
* make permission selection nicer
* fix user creation
* fix tests
* add back subuser checks in server policy
* add custom model for role
* assign new users to role if root_admin is set
* add api for roles
* fix phpstan
* add permissions for settings page
* remove "restore" and "forceDelete" permissions
* add user count to list
* prevent deletion if role has users
* update user list
* fix server policy
* remove old `root_admin` column
* small refactor
* fix tests
* forgot can checks here
* forgot use
* disable editing own roles & disable assigning root admin
* don't allow to rename root admin role
* remove php bombing exception handler
* fix role assignment when creating a user
* fix disableOptionWhen
* fix missing `root_admin` attribute on react frontend
* add permission check for bulk delete
* rename viewAny to viewList
* improve canAccessPanel check
* fix admin not displaying for non-root admins
* make sure non root admins can't edit root admins
* fix import
* fix settings page permission check
* fix server permissions for non-subusers
* fix settings page permission check v2
* small cleanup
* cleanup config file
* move consts from resouce into enum & model
* Update database/migrations/2024_08_01_114538_remove_root_admin_column.php
Co-authored-by: Lance Pioch <lancepioch@gmail.com>
* fix config
* fix phpstan
* fix phpstan 2.0
---------
Co-authored-by: Lance Pioch <lancepioch@gmail.com>
This accounts for poorly configured API clients that try to use cookies for authentication purposes. Treat everything with a session cookie as being a stateful request from the front-end.
Changes the API internals to use normal Laravel binding which automatically supports nested-models and can determine their relationships. This removes a lot of confusingly complex internal logic and replaces it with standard Laravel code.
This also removes a deprecated "getModel" method and fully replaces it with a "parameter" method that does stricter type-checking.
Versions of Pterodactyl prior to 1.6.3 used a different throttle pathway for
requests. That pathway found the current request user before continuing on to
other in-app middleware, thus the user was available downstream.
Changes introduced in 1.6.3 changed the throttler logic, therefore removing this
step. As a result, the client API could not always get the currently authenticated
user when cookies were used (aka, requests from the Panel UI, and not API directly).
This change corrects the logic to get the session setup correctly before falling
through to authenticating as a user using the API key. If a cookie is present and a
user is found as a result that session will be used. If an API key is provided it is
ignored when a cookie is also present.
In order to keep the API stateless any session created for an API request stemming
from an API key will have the associated session deleted at the end of the request,
and the 'Set-Cookies' header will be stripped from the response.
