I feel very sad right now#7
Merged
Someone-193 merged 59 commits into1.0-developfrom Apr 21, 2026
Merged
Conversation
…tyl#5447) Removes the need to load any external resources for fonts. Resolves pterodactyl#5343
…rodactyl#5396) The field was renamed to match the column name in the database and to maintain consistency across the codebase.
* Add throttling to resource creation endpoints * Fix middleware registration for the throttlers * Lock the server's resource models when adding new ones * Throttle subusers even more --------- Co-authored-by: DaneEveritt <dane@daneeveritt.com>
This PR add modal related to requiring auth to download or update hytale server. Egg feature to use: `hytale_oauth` Preview: https://github.com/user-attachments/assets/77bd4f16-ba5b-4652-88b1-7abfd4ab45b8
…terodactyl#5176) This PR closes Issue pterodactyl#5175. For context, I am aware that Application API Keys are deprecated in favour of Client API Keys however they are still operational within Pterodactyl and thus, not fully removed. Currently in Pterodactyl, as an Admin, you can only view your Application API Keys on the Admin Panel. In this PR, I made it so all Application Keys are visible and deletable. The key strings are obfuscated if the key does not belong to the user viewing.  The reason for adding this is primarily so other admin users can be aware of and delete another admin user's Application API keys from the UI. This functionality is useful in the event of a malicious user compromising an admin account, creating some API Keys to continue their attacks and the owner of the compromised admin account being unaware of Application API Keys. In this instance, even after a password reset, the attack could continue via the Application API without the admin realising it. I've tested the creation and deleting of keys along with using keys via the Application API to ensure no breakages have occurred. --------- Co-authored-by: DaneEveritt <dane@daneeveritt.com>
…ckups/transfers (pterodactyl#5476) Improves the security posture of things more by limiting the servers that a node can even communicate about with the Panel.
…s [TO FIX pterodactyl#2484] (pterodactyl#5524) fixes pterodactyl#2484 Co-authored-by: cesarmr-github <167689141+cesarmr-github@users.noreply.github.com>
… deletion (pterodactyl#5568) This expands upon previous work done to better disconnect users from SFTP when different events occur within Pterodactyl. This new logic also accounts for password changes and their account being deleted entirely from the system. These events now trigger background jobs that will reach out to every node they are associated with to ensure they're disconnected if currently connected.
Very minor changes, just adding some default headers in the event people don't configure this on their webserver. Also updating some packages to resolve open security alerts.
pterodactyl#5548) This is a partial implementation to begin moving towards stripe-style identifiers for resources in the system. Any models with an existing `uuid` column can easily be updated to return an identifier in the format of `prfx_xyz` where `prfx` is a four character prefix, and `xyz` is the UUID, encoded using base-32. These are quite easy to use within the API layer because we just need to do one quick transformation to extract the UUID for those models. This PR implements that logic for servers in the `SubstituteClientBindings` logic. A future PR will need to come through and handle identifiers for models that _don't_ currently use UUIDs for reference that we want to expose to clients. In those cases it is easier to just generate base-32 encoded UUID7s that get stored in the database and indexed. They follow the same base approach, but you don't need to do any transformations in the code (other than stripping the prefix, unless we decide to store the prefix). There is also now a `PTERODACTYL_USE_SERVER_IDENTIFIERS` environment variable, that when set to true, updates the front-end and API response to use this new identifier in place of the `uuidShort` value.
This minor change removes the deprecated `version` property from the Docker Compose file to avoid the warning when running it, aligning it with current best practices and recommendations.
…odactyl#5607) This change reverts changes that were made to the traits (direct and inherited) to RunTaskJob in https://github.com/pterodactyl/panel/pull/5568/changes#diff-772e8e2cf1167529b09210b934e9c0ec4fe12d99c35317f293d504aaee5cb95c Closes pterodactyl#5600
…h functionality now working) (pterodactyl#5590) closes pterodactyl#5588
…erodactyl#5605) - Fixes issue where the panel would create activity logs even when the value didn't change - Log an empty string instead of displaying "null" when the variable is empty Closes pterodactyl#5604
…hat have been showing up since the v1.12.0 update (pterodactyl#5324)
Update paper egg to use new fill API and add Java 25
This reverts commit f9e3b5c.
…velop-2 # Conflicts: # .github/FUNDING.yml # .github/ISSUE_TEMPLATE/bug-report.yml # .github/ISSUE_TEMPLATE/config.yml # .github/ISSUE_TEMPLATE/feature-request.yml # .github/docker/entrypoint.sh # .github/workflows/build.yaml # .github/workflows/ci.yaml # .github/workflows/docker.yaml # .github/workflows/lint.yaml # .github/workflows/release.yaml # .php-cs-fixer.dist.php # CHANGELOG.md # CODE_OF_CONDUCT.md # CONTRIBUTING.md # app/Http/Controllers/Admin/DatabaseController.php # app/Http/Controllers/Admin/NodeAutoDeployController.php # app/Http/Controllers/Admin/Nodes/NodeViewController.php # app/Http/Controllers/Admin/Servers/CreateServerController.php # app/Http/Controllers/Admin/Servers/ServerViewController.php # app/Http/Controllers/Admin/Settings/AdvancedController.php # app/Http/Controllers/Admin/Settings/IndexController.php # app/Http/Controllers/Admin/Settings/MailController.php # app/Http/Controllers/Api/Client/Servers/SubuserController.php # app/Http/Controllers/Api/Remote/Backups/BackupRemoteUploadController.php # app/Http/Controllers/Api/Remote/Servers/ServerTransferController.php # app/Http/Controllers/Auth/AbstractLoginController.php # app/Http/Controllers/Auth/LoginCheckpointController.php # app/Http/Kernel.php # app/Http/Requests/Api/Client/Servers/Settings/SetDockerImageRequest.php # app/Http/Requests/Api/Client/Servers/Subusers/SubuserRequest.php # app/Models/ActivityLogSubject.php # app/Models/AuditLog.php # app/Models/Egg.php # app/Models/Node.php # app/Models/Schedule.php # app/Models/User.php # app/Repositories/Eloquent/NestRepository.php # app/Repositories/Wings/DaemonServerRepository.php # app/Services/Backups/InitiateBackupService.php # app/Services/Users/UserDeletionService.php # composer.json # composer.lock # package.json # phpstan.neon # phpunit.xml # public/themes/pterodactyl/css/pterodactyl.css # resources/scripts/components/NavigationBar.tsx # resources/scripts/components/server/console/ChartBlock.tsx # resources/scripts/components/server/console/ServerConsoleContainer.tsx # resources/scripts/components/server/files/FileEditContainer.tsx # resources/scripts/components/server/files/UploadButton.tsx # resources/scripts/components/server/startup/VariableBox.tsx # resources/views/templates/wrapper.blade.php # routes/admin.php # routes/api-client.php # tests/Integration/Api/Client/AccountControllerTest.php # tests/Integration/Api/Client/ClientControllerTest.php # tests/Integration/Api/Client/Server/Subuser/DeleteSubuserTest.php # tests/Integration/Api/Client/Server/Subuser/SubuserAuthorizationTest.php # tests/Integration/Api/Client/Server/Subuser/UpdateSubuserTest.php # tests/TestCase.php # yarn.lock
Someone-193
added a commit
that referenced
this pull request
Apr 21, 2026
This reverts commit f5cc8ca.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
16 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.