Commit Graph

20 Commits

Author SHA1 Message Date
Matthew Penner
14ad268af4
go: update dependencies
Signed-off-by: Matthew Penner <me@matthewp.io>
2024-07-24 15:13:04 -06:00
Matthew Penner
c152e36101
downloader: move internal subnet validation into http Transport 2024-04-10 15:22:09 -06:00
Matthew Penner
d1c0ca5260
server(filesystem): rebuild everything imaginable
This wonderfully large commit replaces basically everything under the
`server/filesystem` package, re-implementing essentially everything.

This is related to
https://github.com/pterodactyl/wings/security/advisories/GHSA-494h-9924-xww9

If any vulnerabilities related to symlinks persist after this commit, I
will be very upset.

Signed-off-by: Matthew Penner <me@matthewp.io>
2024-03-13 12:27:29 -06:00
Matthew Penner
93664fd112
router: add additional fields to remote file pull 2022-02-23 15:03:15 -07:00
Matthew Penner
3a738e44d6
run gofumpt 2022-02-23 15:02:19 -07:00
Dane Everitt
34c0db9dff Replace encoding/json with goccy/go-json for cpu and memory usage improvement
This new package has significant better resource usage, and we do a _lot_ of JSON parsing in this application, so any amount of improvement becomes significant
2022-01-23 15:17:40 -05:00
Matthew Penner
2a370a8776 downloader: fix internal range check 2021-08-02 15:16:38 -06:00
Matthew Penner
3c54c1f840 break everything
- upgrade dependencies
- run gofmt and goimports to organize code
- fix typos
- other small tweaks
2021-08-02 15:07:00 -06:00
Matthew Penner
00195b4a5b downloader: properly detect and handle integer IPs 2021-02-12 16:35:51 -07:00
Dane Everitt
96256ac63e
[security] fix vulnerability when handling remote file redirects
Also adds the ability for an admin to just completely disable this service if it is not needed on the node.
2021-01-09 17:52:27 -08:00
Dane Everitt
b82f5f9a32
[security] deny downloading files from internal locations 2021-01-06 21:34:18 -08:00
Matthew Penner
3a7c4822f8 Improve logged stacktraces 2020-12-27 13:55:58 -07:00
Dane Everitt
3842f054a5
These need spaces? 2020-12-25 15:14:21 -08:00
Dane Everitt
510d46289b
security: don't reveal wings version in remote API calls 2020-12-25 15:06:17 -08:00
Dane Everitt
f7f5623c71
Set UA and limit simultaneous downloads 2020-12-24 09:01:00 -08:00
Dane Everitt
184013b652
Include endpoints for getting active downloads for a server 2020-12-20 13:14:07 -08:00
Dane Everitt
c8d297a056
Support canceling an in-progress download 2020-12-20 12:53:40 -08:00
Dane Everitt
c718da20e3
Check disk space before trying a write from the downloader; don't make empty directories if we can't even write the file 2020-12-20 11:17:53 -08:00
Dane Everitt
9c53436470
Check disk before even trying to run the download 2020-12-20 11:08:01 -08:00
Dane Everitt
17daa2071f
Update base logic for handling server file downloads 2020-12-20 10:59:07 -08:00