Pi-Hole/FTL
1
0
Fork 0
mirror of https://github.com/pi-hole/FTL.git synced 2025-12-20 10:19:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,029 Commits 50 Branches 122 Tags
933e6f605ffb45c44d2f208b0dda1d2475aa7286
Commit Graph

17 Commits

Author SHA1 Message Date
DL6ER
a96c283c0c Add authentication via query string 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2023-11-03 19:41:08 +01:00
DL6ER
2141db3d64 Add rate-limiting on password login attempts 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2023-10-07 19:59:32 +02:00
DL6ER
813509841b Accept cookie authentication only when CSRF header is provided (and correct) 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2023-06-04 19:29:54 +02:00
DL6ER
19c72d354e !!! BREAKING CHANGE !!! Switch to the proven memory-hard password-hashing alogorithm BALLOON. The stored password hash will be upgraded on the first successdful login. To wave the necessity to implement BALLOON with every client trying to access the API, we remove the existing challenge-response authentication in favor of allowing login straight with the password. This has been avoided in the past, however, seems now acceptable that FTL (even by default) offers secure end-to-end encryption over HTTPS. 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2023-05-30 21:22:45 +02:00
DL6ER
149ec4e0dd Add test for re-importing the just exported Teleporter file during the tests 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2023-01-26 20:11:55 +01:00
DL6ER
48fc06d46b Add POST /api/teleporter to upload and install backed up configuration 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2023-01-25 21:51:12 +01:00
DL6ER
13168c377b Add GET /api/teleporter 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2023-01-23 21:56:11 +01:00
DL6ER
88e8ab9fd5 !!! BREAKING CHANGE !!! Redesign TOML config structure 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2023-01-22 12:32:10 +01:00
DL6ER
47ac129a53 !!! BREAKING CHANGE !!! Rename pihole-FTL.toml to pihole.toml and it is a Pi-hole wide config file also covering all the dnsmasq settings, etc. 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2023-01-22 10:01:54 +01:00
DL6ER
c34975180e Rename /api/ftl/endpoints -> /api/endpoints 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2023-01-16 21:37:11 +01:00
DL6ER
5e96022e63 Group endpoints in /api/ftl/endpoints by supported methods 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2023-01-16 21:11:57 +01:00
DL6ER
140a365806 Tests: Set api.pwhash and dns.blocking.mode using PATCH /api/config 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2023-01-08 21:29:55 +01:00
DL6ER
1414e0d397 Ensure checkAPI.py also accepts situations with localAPIauth = false 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2023-01-08 20:59:18 +01:00
DL6ER
4ac52263e9 Implement login for python API checking script 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2023-01-08 16:04:26 +01:00
DL6ER
8efd253529 Merge remote-tracking branch 'origin/development' into new/http 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2023-01-07 18:37:13 +01:00
DL6ER
e145d20d28 Rewrite the entire config-related code to allow for changing data without having to restart. Hereby, we greatly reduce code duplication in the TOML routines so we won't have to touch tme in the future when adding additional options. 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2023-01-07 18:06:41 +01:00
DL6ER
f2d68f20d7 Also verify endpoint structure: Query endpoints from FTL and check if all properties mentioned in the docs are present (and of correct type) and that there are no extra properties we forgot to document. Furthermore, also verify that the provided examples are of correct type, too. 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2023-01-03 21:51:13 +01:00