panel

Pterodactyl® is a free, open-source game server management panel built with PHP, React, and Go. Designed with security in mind, Pterodactyl runs all game servers in isolated Docker containers while exposing a beautiful and intuitive UI to end users.

OTHER License

Downloads
121
Stars
6.1K
Committers
188

Bot releases are visible (Hide)

panel - v0.7.1 (Derelict Dermodactylus)

Published by DaneEveritt over 6 years ago

Fixed

  • Fixes an exception when no token is entered on the 2-Factor enable/disable page and the form is submitted.
  • Fixes an exception when trying to perform actions aganist a User model due to a validator that could not be cast to a string correctly.
  • Allow FQDNs in database host creation UI correctly.
  • Fixes database naming scheme using d###_ rather than s###_ when creating server databases.
  • Fix exception thrown when attempting to update an existing database host.

Changed

  • Adjusted exception handler behavior to log more stack information for PDO exceptions while not exposing credentials.

Added

  • Very basic cache busting until asset management can be changed to make use of better systems.

SHA256 Checksum

518490710221001cc8ad83650339bfb3dce113c435da5caf4bde8c2332e4b144  panel.tar.gz
panel - v0.7.0 (Derelict Dermodactylus)

Published by DaneEveritt over 6 years ago

Fixed

  • [rc.2] — Fixes bad API behavior on /user routes.
  • [rc.2] — Fixes Admin CP user editing resetting a password on users unintentionally.
  • [rc.2] — Fixes bug with server creation API endpoint that would fail to validate allocation.default correctly.
  • [rc.2] — Fix data integrity exception occuring due to invalid data being passed to server creation service on the API.
  • [rc.2] — Fix data integrity exception that could occur when an email containing non-username characters was passed.
  • [rc.2] — Fix data integrity exception occurring when no default value is provided for an egg variable.
  • [rc.2] — Fixes a bug that would cause non-editable variables on the front-end to throw a validation error.
  • [rc.2] — Fixes a data integrity exception occurring when saving egg variables with no value.
  • Fixes a design bug in the database that prevented the storage of negative numbers, thus preventing a server from being assigned unlimited swap.
  • Fixes a bug where the 'Assign New Allocations' box would only show IPs that were present in the current pagination block.
  • Unable to change the daemon secret for a server via the Admin CP.
  • Using default value in rules when creating a new variable if the rules is empty.
  • Fixes a design-flaw in the allocation management part of nodes that would run a MySQL query for each port being allocated. This behavior is now changed to only execute one query to add multiple ports at once.
  • Attempting to create a server when no nodes are configured now redirects to the node creation page.
  • Fixes missing library issue for teamspeak when used with mariadb.
  • Fixes inability to change the default port on front-end when viewing a server.
  • Fixes bug preventing deletion of nests that have other nests referencing them as children.
  • Fixes console sometimes not loading properly on slow connections

Added

  • Added ability to search the following API endpoints: list users, list servers, and list locations.
  • Add support for finding a user by external ID using /api/application/users/external/<id> or by passing it as the search term when listing all users.
  • Added a unique key to the servers table to data integrity issues where an allocation would be assigned to more than one server at once.
  • Added support for editing an existing schedule.
  • Added support for editing symlinked files on the Panel.
  • Added new application specific API to Panel with endpoints at /api/application. Includes new Admin CP interface for managing keys and an easier permissions system.
  • Nest and Egg listings now show the associated ID in order to make API requests easier.
  • Added star indicators to user listing in Admin CP to indicate users who are set as a root admin.
  • Creating a new node will now requires a SSL connection if the Panel is configured to use SSL as well.
  • Socketio error messages due to permissions are now rendered correctly in the UI rather than causing a silent failure.
  • File manager now supports mass deletion option for files and folders.
  • Support for CS:GO as a default service option selection.
  • Support for GMOD as a default service option selection.
  • Added test suite for core aspects of the project (Services, Repositories, Commands, etc.) to lessen the chances for bugs to escape into releases.
  • New CLI command to disabled 2-Factor Authentication on an account if necessary.
  • Ability to delete users and locations via the CLI.
  • You can now require 2FA for all users, admins only, or at will using a simple configuration in the Admin CP.
  • Added ability to export and import service options and their associated settings and environment variables via the Admin CP.
  • Default allocation for a server can be changed on the front-end by users. This includes two new subuser permissions as well.
  • Significant improvements to environment variable control for servers. Now ships with built-in abilities to define extra variables in the Panel's configuration file, or in-code for those heavily modifying the Panel.
  • Quick link to server edit view in ACP on frontend when viewing servers.
  • Databases created in the Panel now include EXECUTE privilege.

Changed

  • PHP 7.2 is now the minimum required version for this software.
  • Egg variable default values are no longer validated aganist the ruleset when configuring them. Validation of those rules will only occur when editing or creating a server.
  • Changed logger to skip reporting stack-traces on PDO exceptions due to sensitive information being contained within.
  • Changed behavior of allocation IP Address/Ports box to automatically store the value entered if a user unfocuses the field without hitting space.
  • Changed order in which allocations are displayed to prioritize those with servers attached (in ascending IP & port order) followed by ascending IP & port order where no server is attached.
  • Revoking the administrative status for an admin will revoke all authentication tokens currently assigned to their account.
  • Updated core framework to Laravel 5.5. This includes many dependency updates.
  • Certain AWS specific environment keys were changed, this should have minimal impact on users unless you specifically enabled AWS specific features. The renames are: AWS_KEY -> AWS_ACCESS_KEY_ID, AWS_SECRET -> AWS_SECRET_ACCESS_KEY, AWS_REGION -> AWS_DEFAULT_REGION
  • API keys have been changed to only use a single public key passed in a bearer token. All existing keys can continue being used, however only the first 32 characters should be sent.
  • Moved Docker image setting to be on the startup management page for a server rather than the details page. This value changes based on the Nest and Egg that are selected.
  • Two-Factor authentication tokens are now 32 bytes in length, and are stored encrypted at rest in the database.
  • Login page UI has been improved to be more sleek and welcoming to users.
  • Changed 2FA login process to be more secure. Previously authentication checking happened on the 2FA post page, now it happens prior and is passed along to the 2FA page to avoid storing any credentials.
  • Services renamed to Nests. Service Options renamed to Eggs. 🥚
  • Theme colors and login pages updated to give a more unique feel to the project.
  • Massive overhaul to the backend code that allows for much easier updating of core functionality as well as support for better testing. This overhaul also reduces complex code logic, and allows for faster response times in the application.
  • CLI commands updated to be easier to type, now stored in the p: namespace.
  • Logout icon is now more universal and not just a power icon.
  • Administrative logout notice now uses SWAL rather than a generic javascript popup.
  • Server creation page now only asks for a node to deploy to, rather than requiring a location and then a node.
  • Database passwords are now hidden by default and will only show if clicked on. In addition, database view in ACP now indicates that passwords must be viewed on the front-end.
  • Localhost cannot be used as a connection address in the environment configuration script. 127.0.0.1 is allowed.
  • Application locale can now be quickly set using an environment variable APP_LOCALE rather than having to edit core files.

Removed

  • OOM exceptions can no longer be disabled on servers due to a startling number of users that were using it to avoid allocating proper amounts of resources to servers.
  • SFTP settings page now only displays connection address and username. Password setting was removed as it is no longer necessary with Daemon changes.

SHA256 Checksum

1b542ea735b89e8b9817b8f2d0ea4c351fc8db908d58236ecf50490d9377dc1d  panel.tar.gz
panel - v0.7.0-rc.2 (Derelict Dermodactylus)

Published by DaneEveritt over 6 years ago

Fixed

  • [rc.1] — Fixes exception thrown when revoking user sessions.
  • [rc.1] — Fixes exception that would occur when trying to delete allocations from a node.
  • [rc.1] — Fixes exception thown when attempting to adjust mail settings as well as a validation error thrown afterwards.
  • [rc.1] — Fixes bug preventing modification of the default value for an Egg variable.
  • [rc.1] — Fixed a bug that would occur when attempting to reset the daemon secret for a node.
  • [rc.1] — Fix exception thrown when attempting to modify an existing database host.

Changed

  • Changed logger to skip reporting stack-traces on PDO exceptions due to sensitive information being contained within.

Added

  • Added support for editing an existing schedule.

SHA256 Checksum

62ecaa71544ca88f13cd51c067ac7ea50c90133eb751a804b466f2c0d55cfb5f  panel.tar.gz
panel - v0.7.0-rc.1 (Derelict Dermodactylus)

Published by DaneEveritt over 6 years ago

v0.7.0-rc.1 (Derelict Dermodactylus)

Fixed

  • [beta.4] — Fixes some bad search and replace action that happened previously and was throwing errors when validating user permissions.
  • [beta.4] — Fixes behavior of variable validation to not break the page when no rules are provided.
  • [beta.4] — Fix bug preventing the editing of files in the file manager.

Added

  • Added support for editing symlinked files on the Panel.
  • Added new application specific API to Panel with endpoints at /api/application. Includes new Admin CP interface for managing keys and an easier permissions system.

SHA256 Checksum

4147f8121ed16869a8aa3f490794b68b1d4b98e6add78eb848170c5116e9b739  panel.tar.gz
panel - v0.7.0-beta.4 (Derelict Dermodactylus)

Published by DaneEveritt almost 7 years ago

Fixed

  • [beta.3] — Fixes a bug with the default environment file that was causing an inability to perform a fresh install when running package discovery.
  • [beta.3] — Fixes an edge case caused by the Laravel 5.5 upgrade that would try to perform an in_array check aganist a null value.
  • [beta.3] — Fixes a bug that would cause an error when attempting to create a new user on the Panel.
  • [beta.3] — Fixes error handling of the settings service provider when no migrations have been run.
  • [beta.3] — Fixes validation error when trying to use 'None' as the 'Copy Script From' option for an egg script.
  • Fixes a design bug in the database that prevented the storage of negative numbers, thus preventing a server from being assigned unlimited swap.
  • Fixes a bug where the 'Assign New Allocations' box would only show IPs that were present in the current pagination block.

Added

  • Nest and Egg listings now show the associated ID in order to make API requests easier.

Changed

  • Changed behavior of allocation IP Address/Ports box to automatically store the value entered if a user unfocuses the field without hitting space.
  • Changed order in which allocations are displayed to prioritize those with servers attached (in ascending IP & port order) followed by ascending IP & port order where no server is attached.

Removed

  • OOM exceptions can no longer be disabled on servers due to a startling number of users that were using it to avoid allocating proper amounts of resources to servers.

SHA256 Checksum

b96b63ff58529f9dfe31961ad547341c2eee445c50d379ea12d4abf7bb364f95  panel.tar.gz
panel - v0.7.0-beta.3 (Derelict Dermodactylus)

Published by DaneEveritt almost 7 years ago

Fixed

  • [beta.2] — Fixes a bug that would cause an endless exception message stream in the console when attemping to setup environment settings in certain instances.
  • [beta.2] — Fixes a bug causing the dropdown menu for a server's egg to display the wrong selected value.
  • [beta.2] — Fixes a bug that would throw a red page of death when submitting an invalid egg variable value for a server in the Admin CP.
  • [beta.2] — Someone found a @todo that I never @todid and thus database hosts could not be created without being linked to a node. This is fixed...
  • [beta.2] — Fixes bug that caused incorrect rendering of CPU usage on server graphs due to missing variable.
  • [beta.2] — Fixes bug causing schedules to be un-deletable.
  • [beta.2] — Fixes bug that prevented the deletion of nodes due to an allocation deletion cascade issue with the SQL schema.
  • [beta.2] — Fixes a bug causing eggs not extending other eggs to fail validation.

Changed

  • Revoking the administrative status for an admin will revoke all authentication tokens currently assigned to their account.
  • Updated core framework to Laravel 5.5. This includes many dependency updates.
  • Certain AWS specific environment keys were changed, this should have minimal impact on users unless you specifically enabled AWS specific features. The renames are: AWS_KEY -> AWS_ACCESS_KEY_ID, AWS_SECRET -> AWS_SECRET_ACCESS_KEY, AWS_REGION -> AWS_DEFAULT_REGION
  • API keys have been changed to only use a single public key passed in a bearer token. All existing keys can continue being used, however only the first 32 characters should be sent.

Added

  • Added star indicators to user listing in Admin CP to indicate users who are set as a root admin.
  • Creating a new node will now requires a SSL connection if the Panel is configured to use SSL as well.

SHA256 Checksum

aca122403939b9412d6b3ff7638a700be3ddae3b1e74a4ab8d7b717a5a3900d8  panel.tar.gz
panel - v0.7.0-beta.2 (Derelict Dermodactylus)

Published by DaneEveritt almost 7 years ago

Fixed

  • [beta.1] — Fixes a CORS header issue due to a wrong API endpoint being provided in the administrative node listing.
  • [beta.1] — Fixes bug that would prevent root admins from accessing servers they were not set as the owner of.
  • [beta.1] — Fixes wrong URL redirect being provided when creating a subuser.
  • [beta.1] — Fixes missing check in environment setup that would leave the Hashids salt empty.
  • [beta.1] — Fixes bug preventing loading of allocations when trying to create a new server.
  • [beta.1] — Fixes bug causing inability to create new servers on the Panel.
  • [beta.1] — Fixes bug causing inability to delete an allocation due to misconfigured JS.
  • [beta.1] — Fixes bug causing inability to set the IP alias for an allocation to an empty value.
  • [beta.1] — Fixes bug that caused startup changes to not propigate to the server correctly on the first save.
  • [beta.1] — Fixes bug that prevented subusers from accessing anything over socketio due to a missing permission.

Changed

  • Moved Docker image setting to be on the startup management page for a server rather than the details page. This value changes based on the Nest and Egg that are selected.
  • Two-Factor authentication tokens are now 32 bytes in length, and are stored encrypted at rest in the database.
  • Login page UI has been improved to be more sleek and welcoming to users.
  • Changed 2FA login process to be more secure. Previously authentication checking happened on the 2FA post page, now it happens prior and is passed along to the 2FA page to avoid storing any credentials.

Added

  • Socketio error messages due to permissions are now rendered correctly in the UI rather than causing a silent failure.

SHA256 Checksum

d7478cedeebc4404b0e92efef4de447e1e70796511b17ec9c5fdb3bb7afa2f92  panel.tar.gz
panel - v0.7.0-beta.1 (Derelict Dermodactylus)

Published by DaneEveritt almost 7 years ago

This is pre-release software. Do not use this on a mission critical server where you cannot handle bugs or potential downtime or data loss!

Added

  • File manager now supports mass deletion option for files and folders.
  • Support for CS:GO as a default service option selection.
  • Support for GMOD as a default service option selection.
  • Added test suite for core aspects of the project (Services, Repositories, Commands, etc.) to lessen the chances for bugs to escape into releases.
  • New CLI command to disabled 2-Factor Authentication on an account if necessary.
  • Ability to delete users and locations via the CLI.
  • You can now require 2FA for all users, admins only, or at will using a simple configuration in the Admin CP.
  • Added ability to export and import service options and their associated settings and environment variables via the Admin CP.
  • Default allocation for a server can be changed on the front-end by users. This includes two new subuser permissions as well.
  • Significant improvements to environment variable control for servers. Now ships with built-in abilities to define extra variables in the Panel's configuration file, or in-code for those heavily modifying the Panel.
  • Quick link to server edit view in ACP on frontend when viewing servers.
  • Databases created in the Panel now include EXECUTE privilege.

Changed

  • Services renamed to Nests. Service Options renamed to Eggs. 🥚
  • Theme colors and login pages updated to give a more unique feel to the project.
  • Massive overhaul to the backend code that allows for much easier updating of core functionality as well as support for better testing. This overhaul also reduces complex code logic, and allows for faster response times in the application.
  • CLI commands updated to be easier to type, now stored in the p: namespace.
  • Logout icon is now more universal and not just a power icon.
  • Administrative logout notice now uses SWAL rather than a generic javascript popup.
  • Server creation page now only asks for a node to deploy to, rather than requiring a location and then a node.
  • Database passwords are now hidden by default and will only show if clicked on. In addition, database view in ACP now indicates that passwords must be viewed on the front-end.
  • Localhost cannot be used as a connection address in the environment configuration script. 127.0.0.1 is allowed.
  • Application locale can now be quickly set using an environment variable APP_LOCALE rather than having to edit core files.

Fixed

  • Unable to change the daemon secret for a server via the Admin CP.
  • Using default value in rules when creating a new variable if the rules is empty.
  • Fixes a design-flaw in the allocation management part of nodes that would run a MySQL query for each port being allocated. This behavior is now changed to only execute one query to add multiple ports at once.
  • Attempting to create a server when no nodes are configured now redirects to the node creation page.
  • Fixes missing library issue for teamspeak when used with mariadb.
  • Fixes inability to change the default port on front-end when viewing a server.
  • Fixes bug preventing deletion of nests that have other nests referencing them as children.
  • Fixes console sometimes not loading properly on slow connections

Removed

  • SFTP settings page now only displays connection address and username. Password setting was removed as it is no longer necessary with Daemon changes.

SHA256 Checksum

6204c8cebd490ef6ee3f582c72ed6b121e30a98a6c8576722f74483b8d42aa66  panel.tar.gz
panel - v0.6.4 (Courageous Carniadactylus)

Published by DaneEveritt over 7 years ago

Fixed

  • Fixed the console rendering on page load, I guess people don't like watching it load line-by-line for 10 minutes. Who would have guessed...
  • Re-added support for up/down arrows loading previous commands in the console window.

Changed

  • Panel API for Daemon now responds with a HTTP/401 Unauthorized error when unable to locate a node with a given authentication token, rather than a HTTP/404 Not Found response.
  • Added better colors and styling for the terminal that can be adjusted per-theme.
  • Session timeout adjusted to be 7 days by default.

SHA256 Checksum

83f1d542d94c97aedb24dce41aad14421db333ac07901dd6fb9e9d6ec147845f  v0.6.4.tar.gz
panel - v0.6.3 (Courageous Carniadactylus)

Published by DaneEveritt over 7 years ago

This is a critical security release. All users should update immediately.

Attn: Critical Pterodactyl Security Disclosure

On June 26th, 2017 at approximately 15:00 U.S. Central Time we were alerted to a critical vulnerability in the display of server output in the panel by Trixter#0125 on Discord. An investigation was launched at 18:00 and subsequent fix was pushed to the develop branch at 22:36.

This vulnerability allowed malicious users to execute a specifically crafted command on a running game server and execute arbitrary code as a console user. This exploit did not require any access to the panel, or advanced knowledge of the system setup. At no time was any private user information or data accessible via this exploit, and it did not allow access to the host system.

This exploit is present in all versions of the Panel from v0.4.0-beta to v0.6.2. You should immediately upgrade your panel to patch this issue. We will not be back-porting a fix to the v0.5.x branch, anyone who is currently using that version should update to the latest releases.

Due to the severity of this vulnerability we are purposely withholding specifics about this exploit in order to give affected individuals the chance to update. A full, detailed disclosure will be released on July 10th, 2017.


Fixed

  • [Security] — Addresses an oversight in how the terminal rendered information sent from the server feed which allowed a malicious user to execute arbitrary commands on the game-server process itself by using a specifically crafted in-game command.

Changed

  • Removed jquery.terminal and replaced it with an in-house developed terminal with less potential for security issues.

SHA256 Checksum

865326ff67a091a9830ab50e944cef7f3f41ae4a558e53011bb93f022002bc32  v0.6.3.tar.gz
panel - v0.6.2 (Courageous Carniadactylus)

Published by DaneEveritt over 7 years ago

Fixed

  • Fixes a few typos throughout the panel, there are more don't worry.
  • Fixes bug when disabling 2FA due to a misnamed route.
  • API now returns a 404 error when deleting a user that doesn't exist, rather than saying it was successful.
  • Service variables that allow empty input now allow you to empty out the assigned value and set it back to blank.
  • Fixes a bug where changing the default allocation for a server would not actually apply that allocation as the default on the daemon.
  • Newly created service variables are now backfilled and assigned to existing servers properly.

Added

  • Added a Vagrantfile to the repository to help speed up development and testing for those who don't want to do a full dedicated install.
  • Added a confirmation dialog to the logout button for admins to prevent misguided clickers from accidentally logging out when they wanted to switch to Admin or Server views.

Changed

  • Blocked out the Reinstall button for servers that have failed installation to avoid confusion and bugs causing the daemon to break.
  • Updated dependencies, listed below.
aws/aws-sdk-php (3.26.5 => 3.29.7)       
laravel/framework (v5.4.21 => v5.4.27)        
barryvdh/laravel-debugbar (v2.3.2 => v2.4.0)     
fideloper/proxy (3.3.0 => 3.3.3)
igaster/laravel-theme (v1.14 => v1.16)    
laravel/tinker (v1.0.0 => v1.0.1)  
spatie/laravel-fractal (4.0.0 => 4.0.1)

SHA256 Checksum

b25e497145fa1a48285783ba4d44e6089b0ea655546aae7f8af55dcf833f5226  v0.6.2.tar.gz
panel - v0.6.1 (Courageous Carniadactylus)

Published by DaneEveritt over 7 years ago

Fixed

  • Fixes a bug preventing the use of services that have no variables attached to them.
  • Fixes 'Remember Me' checkbox being ignored when using 2FA on an account.
  • API now returns a useful error displaying what went wrong rather than an obscure 'An Error was Encountered' message when API issues arise.
  • Fixes bug preventing the creation of new files in the file manager due to a missing JS dependency on page load.
  • Prevent using a service option tag that contains special characters that are not valid. Now only allows alpha-numeric, no spaces or underscores.
  • Fix unhandled excpetion due to missing Log class when using the API and causing an error.

Changed

  • Renamed session cookies from laravel_session to pterodactyl_session.
  • Sessions are now encrypted before being stored as an additional layer of security.
  • It is now possible to clear out a server description and have it be blank, rather than throwing an error about the field being required.

SHA256 Checksum

94d29c7127aacd1cb46da604aabf6267d7b7ade1cb7c280f04b3713eab4e9e28  Panel-0.6.1.tar.gz
panel - v0.6.0 (Courageous Carniadactylus)

Published by DaneEveritt over 7 years ago

Fixed

  • Bug causing error logs to be spammed if someone timed out on an ajax based page.
  • Fixes edge case where specific server names could cause daemon errors due to an invalid SFTP username being created by the panel.
  • Fixes sessions being removed on browser close, and set sessions to idle for up to 3 hours before being marked as expired.
  • Emails sending with 'Pterodactyl Panel' as the from name. Now configurable by using php artisan pterodactyl:mail to update.
  • Fixes potential bug with invalid CIDR notation (ex: 192.168.1.1/z) when adding allocations that could cause over 4 million records to be created at once.
  • Fixes bug where daemon was unable to register that certain games had fully booted and were ready to play on.
  • Fixes bug causing MySQL user accounts to be corrupted when resetting a password via the panel.
  • Fixes remote timing attack vulnerability due to hmac comparsion in API middleware.
  • [rc.1] — Server deletion is fixed, caused by removed download table.
  • [rc.1] — Server status indication on front-end no longer shows Error when server is marked as installing or suspended.
  • [rc.1] — Fixes issues with SteamCMD not registering and installing games properly.

Changed

  • Admin API and base routes for user management now define the fields that should be passed to repositories rather than passing all fields.
  • User model now defines mass assignment fields using $fillable rather than $guarded.
  • 2FA checkpoint on login is now its own page, and not an AJAX based call. Improves security on that front.
  • Updated Server model code to be more efficient, as well as make life easier for backend changes and work.
  • Reduced the number of database queries being executed when viewing a specific server. This is done by caching the query for up to 15 minutes in memcached.
  • User creation emails include more information and are sent by the event listener rather than the repository.
  • Account password reset emails now auto-fill the email when clicking the link.
  • New theme applied to Admin CP. Many graphical changes were made, some data was moved around and some display data changed. Too much was changed to feasibly log it all in here. Major breaking changes or notable new features will be logged.
  • New server creation page now makes significantly less AJAX calls and is much quicker to respond.
  • Server and Node view pages wee modified to split tabs into individual pages to make re-themeing and modifications significantly easier, and reduce MySQL query loads on page.
  • Most of the backend UnhandledException display errors now include a clearer error that directs admins to the program's logs.
  • Table seeders for services now can be run during upgrades and will attempt to locate and update, or create new if not found in the database.
  • Many structural changes to the database and Pterodactyl\Models classes that would flood this changelog if they were all included. All required migrations included to handle database changes.
  • Clarified details for database hosts to prevent users entering invalid account details, as well as renamed tables and columns relating to it to keep things clearer.
  • Updated all code to be Laravel compliant when using env() and moved to using config() throughout non config/*.php files.
  • Subuser permissions are now stored in Permission::listPermissions() to make views way cleaner and make adding to views significantly cleaner.
  • Attempting to reset a password for an account that does not exist no longer returns an error, rather it displays a success message. Failed resets trigger a Pterodactyl\Events\Auth\FailedPasswordReset event that can be caught if needed to perform other actions.
  • Servers are no longer queued for deletion due to the general hassle and extra logic required.
  • Updated all panel components to run on Laravel v5.4 rather than 5.3 which is EOL.
  • Routes are now handled in the routes/ folder, and use a significantly cleaner syntax. Controller names and methods have been updated as well to be clearer as well as avoid conflicts with PHP reserved keywords.
  • API has been completely overhauled to use new permissions system. Any old API keys will immediately become invalid and fail to operate properly anymore. You will need to generate new keys.
  • Cleaned up dynamic database connection setting to use a single function call from the host model.
  • Deleting a server safely now continues even if the daemon reports a HTTP/404 missing server error (requires [email protected])
  • Changed behavior when modifying server allocation information. You can now remove the default allocation assuming you assing a new allocation at the same time. Reduces the number of steps to change the default allocation for a server.
  • Environment setting commands now attempt to auto-quote strings with spaces in them, as well as comment lines that are edited to avoid manual changes being overwritten.
  • Version in footer of panel now displays correctly if panel is installed using Git rather than a download from source.
  • Mobile views are now more... viewable. Fixes col-xs-6 usage thoughout the Admin CP where it was intended to be col-md-6.
  • Node Configuration tokens and Download tokens are stored using the cache helpers rather than a database to speed up functions and make use of auto-expiration/deletion functions.
  • Old daemon routes using /remote have been changed to use /daemon, panel changes now reflect this.
  • Only display servers that a user is owner of or subuser of in the Admin CP rather than all servers if the user is marked as an admin.
  • Panel now sends all non-default allocations as ALLOC_#__IP and ALLOC_#__PORT to the daemon, as well as the location.

Added

  • Remote routes for daemon to contact in order to allow Daemon to retrieve updated service configuration files on boot. Centralizes services to the panel rather than to each daemon.
  • Basic service pack implementation to allow assignment of modpacks or software to a server to pre-install applications and allow users to update.
  • Users can now have a username as well as client name assigned to their account.
  • Ability to create a node through the CLI using pterodactyl:node as well as locations via pterodactyl:location.
  • New theme (AdminLTE) for front-end with tweaks to backend files to work properly with it.
  • Add support for PhraseApp's in-context editor
  • Notifications when a user is added or removed as a subuser for a server.
  • New cache policy for ServerPolicy to avoid making 15+ queries per page load when confirming if a user has permission to perform an action.
  • Ability to assign multiple allocations at once when creating a new server.
  • New humanReadable macro on File facade that accepts a file path and returns a human readable size. (File::humanReadable(path, precision))
  • Added ability to edit database host details after creation on the system.
  • Login attempts and pasword reset requests are now protected by invisible ReCaptcha. This feature can be disabled with a .env variable.
  • Server listing for individual users is now searchable on the front-end.
  • Servers that a user is assocaited with as a subuser are now displayed in addition to owned servers when listing users in the Admin CP.
  • Ability to launch the console in a new window as an individual unit. https://s3.kelp.in/IrTyE.png
  • Server listing and view in Admin CP now shows the SFTP username/Docker container name.
  • Administrative server view includes link in navigation to go to server console/frontend management.
  • Added new scripts for service options that allows installation of software in a privileged Docker container on the node prior to marking a server as installed.
  • Added ability to reinstall a server using the currently assigned service and option.
  • Added ability to change a server's service and service option, as well as change pack assignments and other management services in that regard.
  • Added support for using a proxy such as Cloudflare with a node connection. Previously there was no way to tell the panel to connect over SSL without marking the Daemon as also using SSL.

Removed

  • Removed all old theme JS and CSS folders to cleanup and avoid confusion in the future.
  • Old API calls to Server::create will fail due to changed data structure.
  • Many old routes were modified to reflect new standards in panel, and many of the controller functions being called were also modified. This shouldn't really impact anyone unless you have been digging into the code and modifying things.
  • Server::getUserDaemonSecret(Server $server) was removed and replaced with User::daemonSecret(Server $server) in order to clean up models.
  • Server::getByUUID() was replaced with Server::byUuid() as well as various other functions through-out the Server model.
  • Server::getHeaders() was removed and replaced with Server::getClient() which returns a Guzzle Client with the correct headers already assigned.

SHA256 Checksum

be521acefdf6252f356a66af9c6a46bfc0d00d6e57c152e92375d2d62cc7f5fe  Panel-0.6.0.tar.gz
panel - v0.6.0-rc.1 (Courageous Carniadactylus)

Published by DaneEveritt over 7 years ago

Fixed

  • [beta.2.1] — Fixed a bug preventing the deletion of a server.
  • It is now possible to modify a server's disk limits after the server is created.
  • [beta.2.1] — Fixes a bug causing login issues and password reset failures when reCAPTCHA is enabled.
  • Fixes remote timing attack vulnerability due to hmac comparsion in API middleware.
  • [beta.2.1] — Fixes bug requiring docker image field to be filled out when adding a service option.
  • [beta.2.1] — Fixes inability to mark a user as a non-admin once they were assigned the role.

Added

  • Added new scripts for service options that allows installation of software in a privileged Docker container on the node prior to marking a server as installed.
  • Added ability to reinstall a server using the currently assigned service and option.
  • Added ability to change a server's service and service option, as well as change pack assignments and other management services in that regard.
  • Added support for using a proxy such as Cloudflare with a node connection. Previously there was no way to tell the panel to connect over SSL without marking the Daemon as also using SSL.

Changed

  • Environment setting commands now attempt to auto-quote strings with spaces in them, as well as comment lines that are edited to avoid manual changes being overwritten.
  • Version in footer of panel now displays correctly if panel is installed using Git rather than a download from source.
  • Mobile views are now more... viewable. Fixes col-xs-6 usage thoughout the Admin CP where it was intended to be col-md-6.
  • Node Configuration tokens and Download tokens are stored using the cache helpers rather than a database to speed up functions and make use of auto-expiration/deletion functions.
  • Old daemon routes using /remote have been changed to use /daemon, panel changes now reflect this.
  • Only display servers that a user is owner of or subuser of in the Admin CP rather than all servers if the user is marked as an admin.

SHA256 Checksum

b2462fd2217ed189b1e59ea93c3b78823f13187068d7ad20fbc5ee81f988e834  Panel-0.6.0-rc.1.tar.gz
panel - v0.6.0-beta.2.1 (Courageous Carniadactylus)

Published by DaneEveritt over 7 years ago

Fixed

  • [beta.2] — Suspended servers now show as suspended.
  • [beta.2] — Corrected the information when a task has not run yet.
  • [beta.2] — Fixes filemanager 404 when editing a file within a directory.
  • [beta.2] — Fixes exception in tasks when deleting a server.
  • [beta.2] — Fixes bug with Terarria and Voice servers reporting a TypeError: Service is not a constructor in the daemon due to a missing service configuration.
  • [beta.2] — Fixes password reset form throwing a MethodNotAllowed error when accessed.
  • [beta.2] — Fixes invalid password bug when attempting to change account email address.
  • [beta.2] — New attempt at fixing the issues when rendering files in the browser file editor on certain browsers.
  • [beta.2] — Fixes broken auto-deploy time checking causing no tokens to work.
  • [beta.2] — Fixes display of subusers after creation.
  • [beta.2] — Fixes bug throwing model not found exception when editing an existing subuser.

Changed

  • Deleting a server safely now continues even if the daemon reports a HTTP/404 missing server error (requires [email protected])
  • Changed behavior when modifying server allocation information. You can now remove the default allocation assuming you assing a new allocation at the same time. Reduces the number of steps to change the default allocation for a server.

Added

  • Server listing and view in Admin CP now shows the SFTP username/Docker container name.
  • Administrative server view includes link in navigation to go to server console/frontend management.

SHA256 Checksum

8ae04150b684d91c21f9207a412ea3c78148aca4adb96fdea9427feb18f0d828  Panel-0.6.0-beta.2.1.tar.gz
panel - v0.6.0-beta.2 (Courageous Carniadactylus)

Published by DaneEveritt over 7 years ago

Fixed

  • [beta.1] — Fixes task management ststem not running correctly.
  • [beta.1] — Fixes API endpoint for command sending missing the required class definition.
  • [beta.1] — Fixes panel looking for an old compiled classfile that is no longer used. This was causing errors relating to missing class DingoAPI when trying to upgrade the panel.
  • [beta.1] — Should fix render issues when trying to edit some files via the panel file editor.

Added

SHA256 Checksum

c43da32123897bbf505c3ef8f126e038c0bbe48fc2d0d6bd843640254a873521  Panel-0.6.0-beta.2.tar.gz
panel - v0.6.0-beta.1 (Courageous Carniadactylus)

Published by DaneEveritt over 7 years ago

Fixed

  • [pre.7] — Fixes bug with subuser checkbox display.
  • [pre.7] — Fixes bug with injected JS that was causing <!DOCTYPE html> to be ignored in templates.
  • [pre.7] — Fixes exception thrown when trying to delete a node due to a misnamed model.
  • [pre.7] — Fixes username vanishing on failed login attempts.
  • [pre.7] — Terminal is now fixed to actually output all lines, rather than leaving one hanging in neverland until the browser is resized.

Added

  • Login attempts and pasword reset requests are now protected by invisible ReCaptcha. This feature can be disabled with a .env variable.
  • Server listing for individual users is now searchable on the front-end.
  • Servers that a user is assocaited with as a subuser are now displayed in addition to owned servers when listing users in the Admin CP.

Changed

  • Subuser permissions are now stored in Permission::list() to make views way cleaner and make adding to views significantly cleaner.
  • [pre.7] — Sidebar for file manager now is a single link rather than a dropdown.
  • Attempting to reset a password for an account that does not exist no longer returns an error, rather it displays a success message. Failed resets trigger a Pterodactyl\Events\Auth\FailedPasswordReset event that can be caught if needed to perform other actions.
  • Servers are no longer queued for deletion due to the general hassle and extra logic required.
  • Updated all panel components to run on Laravel v5.4 rather than 5.3 which is EOL.
  • Routes are now handled in the routes/ folder, and use a significantly cleaner syntax. Controller names and methods have been updated as well to be clearer as well as avoid conflicts with PHP reserved keywords.
  • API has been completely overhauled to use new permissions system. Any old API keys will immediately become invalid and fail to operate properly anymore. You will need to generate new keys.
  • Cleaned up dynamic database connection setting to use a single function call from the host model.
  • [pre.7] — Corrected a config option for spigot servers to set a boolean value as boolean, and not as a string.

SHA256 Checksum

c7b67d4aa8a167b8e15040b1dd07a56d9826e84fe5335b8c43fbd36373269eac  Panel-0.6.0-beta.1.tar.gz
panel - v0.6.0-pre.7 (Courageous Carniadactylus)

Published by DaneEveritt over 7 years ago

⚠️ READ ME ⚠️ This is a pre-release version of Pterodactyl Panel, do not install this on mission critical servers or use for services that cannot experience hiccups and potential downtime. While I strive to keep as many bugs out of releases as possible, the v0.6.0 branch is receiving many major core updates and functionality changes. Please do not install this release and then complain when something doesn't work and we don't fix it immediately.

As noted in the documentation in a giant red box: do not install these pre-releases if you are using custom services. THESE RELEASES WILL DESTROY THOSE CUSTOM SERVICES AND BREAK YOUR SERVERS USING THEM.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

Fixed

  • [pre.6] — Addresses misconfigured console queue that was still sending data way to quickly thus causing the console to explode on some devices when large amounts of data were sent.
  • [pre.6] — Fixes bug in allocation parsing for a node that prevented adding new allocations.
  • [pre.6] — Fixes typo in migrations that wouldn't save custom regex for non-required variables.
  • [pre.6] — Fixes auto-deploy checkbox on server creation causing validation error.

SHA256 Checksum

945a0defe08c54cc5d8894cb9c127c9f3da3b77fe1cf79bb3f60d366123653c2  Panel-0.6.0-pre.7.tar.gz
panel - v0.6.0-pre.6 (Courageous Carniadactylus)

Published by DaneEveritt over 7 years ago

This is pre-release software. Do not use this on a mission critical server where you cannot handle bugs or potential downtime or data loss!

Fixed

  • [pre.5] — Console based server rebuild tool now actually rebuilds the servers with the correct information.
  • [pre.5] — Fixes typo and wrong docker contaienr for certain applications.

Changed

  • Removed all old theme JS and CSS folders to cleanup and avoid confusion in the future.

Added

  • [pre.5] — Added foreign key to pack_id to ensure nothing eds up breaking there.

SHA256 Checksum

81f131608d6cac6ed2c7e78f39773528b603d0de0ff93f2aa75f956c141c6416  Panel-0.6.0-pre.6.tar.gz
panel - v0.6.0-pre.5 (Courageous Carniadactylus)

Published by DaneEveritt over 7 years ago

This is pre-release software. Do not use this on a mission critical server where you cannot handle bugs or potential downtime or data loss!

Changed

  • New theme applied to Admin CP. Many graphical changes were made, some data was moved around and some display data changed. Too much was changed to feasibly log it all in here. Major breaking changes or notable new features will be logged.
  • New server creation page now makes significantly less AJAX calls and is much quicker to respond.
  • Server and Node view pages wee modified to split tabs into individual pages to make re-themeing and modifications significantly easier, and reduce MySQL query loads on page.
  • [pre.4] — Services and Pack magement overhauled to be faster, cleaner, and more extensible in the future.
  • Most of the backend UnhandledException display errors now include a clearer error that directs admins to the program's logs.
  • Table seeders for services now can be run during upgrades and will attempt to locate and update, or create new if not found in the database.
  • Many structural changes to the database and Pterodactyl\Models classes that would flood this changelog if they were all included. All required migrations included to handle database changes.
  • [pre.4] — Service pack files are now stored in the database rather than on the host system to make updates easier.
  • Clarified details for database hosts to prevent users entering invalid account details, as well as renamed tables and columns relating to it to keep things clearer.
  • Updated all code to be Laravel compliant when using env() and moved to using config() throughout non config/*.php files.

Fixed

  • Fixes potential bug with invalid CIDR notation (ex: 192.168.1.1/z) when adding allocations that could cause over 4 million records to be created at once.
  • [pre.4] — Fixes bug preventing server updates from occurring by the system due to undefined Auth::user() in the event listener.
  • [pre.4] — Fixes Server::byUuid() caching to actually clear the cache for all users, rather than the logged in user by using cache tags.
  • [pre.4] — Fixes server listing on frontend not displaying a page selector when more than 10 servers exist.
  • [pre.4] — Fixes non-admin users being unable to create personal API keys.
  • Fixes bug where daemon was unable to register that certain games had fully booted and were ready to play on.
  • Fixes bug causing MySQL user accounts to be corrupted when resetting a password via the panel.
  • [pre.4] — Multiple clients refreshing the console no longer clears the console for all parties involved... sorry about that.
  • [pre.4] — Fixes bug in environment setting script that would not remeber defaults and try to re-assign values.

Added

  • Ability to assign multiple allocations at once when creating a new server.
  • New humanReadable macro on File facade that accepts a file path and returns a human readable size. (File::humanReadable(path, precision))
  • Added ability to edit database host details after creation on the system.

Deprecated

  • Old API calls to Server::create will fail due to changed data structure.
  • Many old routes were modified to reflect new standards in panel, and many of the controller functions being called were also modified. This shouldn't really impact anyone unless you have been digging into the code and modifying things.

SHA256 Checksum

66d03e2c0d92af595fc22a754682a1791bc1f10a249bf2410940bf274d92af78  Panel-0.6.0-pre.5.tar.gz