If there's one thing I learned in this exercise, it's that letting
people add random python scripts to the repo like gpltext.py that
promise to be easier than find and replace is a bad idea.
Added token bucket and timer to degrade token bucket
Modified REST API rate limiting
Changed limiting to only be on token create and v2 token create
Added config options to choose time limits
Passed HttpContext to the execute method of endpoints
Made blocking failed API logins optional
Changed error codes on failed login to be ambiguous
Added config to decide whether all or failed logins are limited
Changed config variable names
Cleaned up duplicate code in REST rate limiting
Fixed my typo
Changed error 431 to 403
Currently, this is an extremely complex looking field in the config file now. I don't think we should add a placeholder tho as servers wouldn't realize they had a rest token there. Perhaps when we do a dump of the config file, someone can add the format for this field.
Closes#520
-Added REST endpoint "/v2/server/restart".
-Added REST endpoint "/v2/server/reload".
-Added REST endpoint "/v3/server/rawcmd", will output all returned lines as an array instead.
-Added "uptime", "serverpassword", "rules/ServerSideInventory" fields to REST endpoint "/v2/server/status".
-REST requests are now logged.
-Endpoint "/v2/server/rawcmd" does now check whether the user has the sufficient permission to execute the command.
-Fixed Config.EnableTokenEndpointAuthentication not working properly before.
-Removed obsolete "api" permission (only "restapi" now).
- /v2/token/password?username={user}
TSHOCKPLUGINS-1 #resolve #time 5m #comment Deprecating old token create syntax, new endpoint added as a replacement.
