Role isolation, impersonation, account ownership, loading spinners, Docker fixes

- Enforce portal role isolation: admin/reseller/user can only auth on their own port
- Admin/reseller impersonation: Login As with cookie handoff + Return banner in user panel
- Account ownership: admin can reassign accounts to resellers, DNS NS follows
- accounts/update: ownership change cascades package + NS to new owner
- users.php endpoint: admin list/filter by role (reseller dropdown)
- Docker launch fix: uDockerUpdateParams defined before call
- Nova.loading() spinners: login, SSL, PHP switch/save, backup create, docker launch/actions
- Logo consistency: gradient CPX text on all login pages, novacpx_logo_html() in all sidebars
- BackupManager: fix DB class name, table name, column name
- DNSManager: fix settings keys (ns1_hostname/ns2_hostname)
- docker.php: resolve account_id from user uid for all actions
- Auth: impersonate sets cookie + stores return_token for seamless round-trip

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-06-09 02:56:45 +00:00
parent f75f124725
commit 537d52dafa
16 changed files with 618 additions and 230 deletions
+50 -10
View File
@@ -743,16 +743,17 @@
function renderAccountTable(accts) {
if (!accts.length) return '<div class="empty" style="padding:2rem">No accounts found.</div>';
return `<table class="table"><thead><tr><th>Username</th><th>Domain</th><th>Package</th><th>PHP</th><th>Status</th><th>Created</th><th>Actions</th></tr></thead><tbody>
return `<table class="table"><thead><tr><th>Username</th><th>Domain</th><th>Owner</th><th>Package</th><th>Status</th><th>Created</th><th>Actions</th></tr></thead><tbody>
${accts.map(a => `<tr>
<td><strong>${a.username}</strong></td>
<td>${a.domain}</td>
<td>${a.package_name || '<span class="text-muted"></span>'}</td>
<td class="text-muted text-sm">${a.php_version || '—'}</td>
<td><strong>${Nova.escHtml(a.username)}</strong></td>
<td>${Nova.escHtml(a.domain)}</td>
<td class="text-sm">${a.reseller_username ? `<span class="badge badge-blue">${Nova.escHtml(a.reseller_username)}</span>` : '<span class="text-muted">Admin</span>'}</td>
<td>${a.package_name ? Nova.escHtml(a.package_name) : '<span class="text-muted">—</span>'}</td>
<td>${Nova.badge(a.status, a.status==='active'?'green':a.status==='suspended'?'yellow':'red')}</td>
<td class="text-muted text-sm">${Nova.relTime(a.created_at)}</td>
<td style="display:flex;gap:.25rem;flex-wrap:wrap">
<button class="btn btn-xs btn-primary" onclick="adminEditAccount(${a.id})">Edit</button>
<button class="btn btn-xs btn-primary" onclick="adminLoginAs(${a.user_id},'${Nova.escHtml(a.username)}')">Login As</button>
<button class="btn btn-xs" onclick="adminEditAccount(${a.id})">Edit</button>
${a.status==='active'
? `<button class="btn btn-xs btn-warning" onclick="adminSuspend(${a.id},'${a.username}')">Suspend</button>`
: `<button class="btn btn-xs btn-success" onclick="adminUnsuspend(${a.id})">Unsuspend</button>`}
@@ -763,6 +764,19 @@
</tbody></table>`;
}
window.adminLoginAs = async (userId, username) => {
Nova.confirm(`Login as ${username}? You'll be taken to their panel. Use the banner to return.`, async () => {
Nova.loading(`Switching to ${username}`);
const res = await Nova.api('auth', 'impersonate', { method: 'POST', body: { user_id: userId } });
Nova.loadingDone();
if (res?.success) {
window.location.href = res.data?.portal_url || 'https://' + location.hostname + ':8880/';
} else {
Nova.toast(res?.message || 'Impersonation failed', 'error');
}
});
};
window.adminSearchAccounts = async (q) => {
const res = await Nova.api('accounts', 'list', { params: q ? { search: q } : {}});
const el = document.getElementById('admin-acct-table');
@@ -793,28 +807,51 @@
};
window.adminEditAccount = async (id) => {
const [acctRes, pkgRes] = await Promise.all([
Nova.loading('Loading account…');
const [acctRes, pkgRes, usersRes, dnsRes] = await Promise.all([
Nova.api('accounts', 'get', { params: { id } }),
Nova.api('packages', 'list'),
Nova.api('users', 'list', { params: { role: 'reseller' } }),
Nova.api('dns', 'zones'),
]);
Nova.loadingDone();
if (!acctRes?.success) { Nova.toast(acctRes?.message || 'Failed to load account', 'error'); return; }
const a = acctRes.data;
const pkgs = pkgRes?.data || [];
const resellers = (usersRes?.data || []).filter(u => u.role === 'reseller');
const zone = (dnsRes?.data || []).find(z => z.account_id == id || z.domain === a.domain);
const pkgOpts = `<option value="">— No package —</option>` +
pkgs.map(p => `<option value="${p.id}" ${a.package_id == p.id ? 'selected' : ''}>${Nova.escHtml(p.name)}</option>`).join('');
const phpOpts = ['8.3','8.2','8.1','7.4'].map(v =>
`<option value="${v}" ${a.php_version === v ? 'selected' : ''}>PHP ${v}</option>`).join('');
const ownerOpts = `<option value="">— Admin (no reseller) —</option>` +
resellers.map(r => `<option value="${r.id}" ${a.reseller_id == r.id ? 'selected' : ''}>${Nova.escHtml(r.username)}</option>`).join('');
Nova.modal(`Edit Account — ${Nova.escHtml(a.username)}`,
`<div style="display:grid;grid-template-columns:1fr 1fr;gap:.75rem">
<div class="form-group"><label class="form-label">Username</label>
<input class="form-control" value="${Nova.escHtml(a.username)}" disabled></div>
<div class="form-group"><label class="form-label">Domain</label>
<input class="form-control" value="${Nova.escHtml(a.domain)}" disabled></div>
<div class="form-group"><label class="form-label">Email</label>
<input id="ae-email" class="form-control" type="email" value="${Nova.escHtml(a.email || '')}"></div>
<div class="form-group"><label class="form-label">Domain</label>
<input class="form-control" value="${Nova.escHtml(a.domain)}" disabled title="Domain cannot be changed"></div>
<div class="form-group"><label class="form-label">Owner (Reseller)</label>
<select id="ae-owner" class="form-control">${ownerOpts}</select></div>
<div class="form-group"><label class="form-label">Package</label>
<select id="ae-pkg" class="form-control">${pkgOpts}</select></div>
<div class="form-group"><label class="form-label">PHP Version</label>
<select id="ae-php" class="form-control">${phpOpts}</select></div>
</div>
<div style="margin-top:.75rem;padding:.75rem;background:var(--bg2);border-radius:8px;border:1px solid var(--border)">
<div style="font-size:.78rem;font-weight:600;color:var(--text-muted);text-transform:uppercase;letter-spacing:.06em;margin-bottom:.5rem">DNS Zone — ${Nova.escHtml(a.domain)}</div>
<div style="display:grid;grid-template-columns:1fr 1fr;gap:.5rem">
<div class="form-group" style="margin:0"><label class="form-label" style="font-size:.78rem">Primary NS</label>
<input id="ae-ns1" class="form-control form-control-sm" value="${Nova.escHtml(zone?.primary_ns || '')}"></div>
<div class="form-group" style="margin:0"><label class="form-label" style="font-size:.78rem">Secondary NS</label>
<input id="ae-ns2" class="form-control form-control-sm" value="${Nova.escHtml(zone?.secondary_ns || '')}"></div>
</div>
${zone ? `<div style="margin-top:.4rem;font-size:.72rem;color:var(--text-muted)">Zone ID: ${zone.id} &nbsp;·&nbsp; Serial: ${zone.serial}</div>` : '<div style="font-size:.72rem;color:var(--red);margin-top:.4rem">No DNS zone found for this account</div>'}
</div>`,
`<button class="btn btn-ghost" onclick="this.closest('.modal-overlay').remove()">Cancel</button>
<button class="btn btn-primary" onclick="adminEditAccountSave(${id})">Save Changes</button>`
@@ -825,10 +862,13 @@
const body = {
id,
email: document.getElementById('ae-email')?.value?.trim(),
reseller_id: document.getElementById('ae-owner')?.value || null,
package_id: document.getElementById('ae-pkg')?.value || null,
php_version: document.getElementById('ae-php')?.value,
ns1: document.getElementById('ae-ns1')?.value?.trim(),
ns2: document.getElementById('ae-ns2')?.value?.trim(),
};
Nova.loading('Saving…');
Nova.loading('Saving account…');
const res = await Nova.api('accounts', 'update', { method: 'POST', body });
Nova.loadingDone();
if (res?.success) {
+1 -1
View File
@@ -56,7 +56,7 @@ window.Nova = (() => {
return { success: false, message: 'Network error — check your connection' };
}
_barDone();
if (res.status === 401) { location.href = '/?redirect=' + encodeURIComponent(location.pathname); return null; }
if (res.status === 401) { try { return await res.json(); } catch { return { success: false, message: 'Unauthorized' }; } }
if (res.status === 429) {
const reset = res.headers.get('X-RateLimit-Reset');
const wait = reset ? Math.max(0, Math.ceil(Number(reset) - Date.now() / 1000)) : 60;
+77 -19
View File
@@ -34,7 +34,9 @@ function renderLogin() {
}
async function doLogin() {
Nova.loading('Signing in…');
const res = await Nova.api('auth', 'login', { method: 'POST', body: { username: document.getElementById('li-user')?.value, password: document.getElementById('li-pass')?.value }});
Nova.loadingDone();
if (res?.success) {
if (res.data?.portal_url && !res.data.portal_url.includes(':8881')) location.href = res.data.portal_url;
else location.reload();
@@ -101,12 +103,13 @@ async function loadRAccounts(search = '') {
if (!res?.success || !acctRows.length) { el.innerHTML = '<div class="empty">No accounts found.</div>'; return; }
el.innerHTML = `<table class="table"><thead><tr><th>Username</th><th>Domain</th><th>Package</th><th>Disk</th><th>Status</th><th>Actions</th></tr></thead><tbody>
${acctRows.map(a => `<tr>
<td><strong>${a.username}</strong></td>
<td>${a.domain}</td>
<td>${a.package_name || '—'}</td>
<td><strong>${Nova.escHtml(a.username)}</strong></td>
<td>${Nova.escHtml(a.domain)}</td>
<td>${a.package_name ? Nova.escHtml(a.package_name) : '—'}</td>
<td>${a.disk_usage_mb || 0} MB</td>
<td>${Nova.badge(a.status, a.status==='active'?'green':a.status==='suspended'?'yellow':'red')}</td>
<td style="display:flex;gap:.25rem">
<td style="display:flex;gap:.25rem;flex-wrap:wrap">
<button class="btn btn-xs btn-primary" onclick="rLoginAs(${a.user_id},'${Nova.escHtml(a.username)}')">Login As</button>
${a.status === 'active'
? `<button class="btn btn-xs btn-warning" onclick="rSuspend(${a.id},'${a.username}')">Suspend</button>`
: `<button class="btn btn-xs btn-success" onclick="rUnsuspend(${a.id},'${a.username}')">Unsuspend</button>`}
@@ -119,6 +122,19 @@ async function loadRAccounts(search = '') {
window.loadRAccounts = loadRAccounts;
window.rSearchAccounts = (v) => loadRAccounts(v);
window.rLoginAs = async (userId, username) => {
Nova.confirm(`Login as ${username}? You'll be taken to their panel. Use the banner to return.`, async () => {
Nova.loading(`Switching to ${username}`);
const res = await Nova.api('auth', 'impersonate', { method: 'POST', body: { user_id: userId } });
Nova.loadingDone();
if (res?.success) {
window.location.href = res.data?.portal_url || 'https://' + location.hostname + ':8880/';
} else {
Nova.toast(res?.message || 'Impersonation failed', 'error');
}
});
};
window.rSuspend = async (id, user) => {
Nova.confirm(`Suspend account ${user}? Their website will show a suspension page.`, async () => {
const res = await Nova.api('accounts', 'suspend', { method:'POST', body:{ account_id: id }});
@@ -171,6 +187,7 @@ async function rCreateAccount(el) {
window.submitCreateAccount = async () => {
const btn = document.querySelector('#ca-result');
if (btn) btn.textContent = '';
Nova.loading('Creating hosting account…');
const res = await Nova.api('accounts', 'create', { method:'POST', body:{
username: document.getElementById('ca-user')?.value,
password: document.getElementById('ca-pass')?.value,
@@ -178,6 +195,7 @@ window.submitCreateAccount = async () => {
domain: document.getElementById('ca-domain')?.value,
package_id: document.getElementById('ca-pkg')?.value,
}});
Nova.loadingDone();
if (res?.success) {
Nova.toast('Account created successfully!','success');
if (btn) btn.innerHTML = `<div class="alert alert-success">Account created! <a href="#" onclick="resellerNav('accounts')">View accounts →</a></div>`;
@@ -294,14 +312,29 @@ window.rDeleteRecord = async (id, zoneId, domain) => {
};
/* ── Nav ────────────────────────────────────────────────────────────────── */
const rNavItems = [
{ id:'dashboard', label:'Dashboard', icon:'ni-dashboard' },
{ id:'accounts', label:'Accounts', icon:'ni-accounts' },
{ id:'createAccount', label:'New Account', icon:'ni-add' },
{ id:'packages', label:'Packages', icon:'ni-packages' },
{ id:'dns', label:'DNS Zones', icon:'ni-dns' },
{ id:'docker', label:'Docker', icon:'ni-docker' },
{ id:'whitelabel', label:'White Label', icon:'ni-settings' },
const rNavGroups = [
{ label: 'Overview', items: [
{ id: 'dashboard', label: 'Dashboard',
svg: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="3" y="3" width="7" height="7"/><rect x="14" y="3" width="7" height="7"/><rect x="3" y="14" width="7" height="7"/><rect x="14" y="14" width="7" height="7"/></svg>' },
]},
{ label: 'Accounts', items: [
{ id: 'accounts', label: 'All Accounts',
svg: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M17 21v-2a4 4 0 0 0-4-4H5a4 4 0 0 0-4 4v2"/><circle cx="9" cy="7" r="4"/><path d="M23 21v-2a4 4 0 0 0-3-3.87"/><path d="M16 3.13a4 4 0 0 1 0 7.75"/></svg>' },
{ id: 'createAccount', label: 'New Account',
svg: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M16 21v-2a4 4 0 0 0-4-4H5a4 4 0 0 0-4 4v2"/><circle cx="8.5" cy="7" r="4"/><line x1="20" y1="8" x2="20" y2="14"/><line x1="17" y1="11" x2="23" y2="11"/></svg>' },
{ id: 'packages', label: 'Packages',
svg: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><line x1="16.5" y1="9.4" x2="7.5" y2="4.21"/><path d="M21 16V8a2 2 0 0 0-1-1.73l-7-4a2 2 0 0 0-2 0l-7 4A2 2 0 0 0 3 8v8a2 2 0 0 0 1 1.73l7 4a2 2 0 0 0 2 0l7-4A2 2 0 0 0 21 16z"/><polyline points="3.27 6.96 12 12.01 20.73 6.96"/><line x1="12" y1="22.08" x2="12" y2="12"/></svg>' },
]},
{ label: 'DNS', items: [
{ id: 'dns', label: 'DNS Zones',
svg: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><circle cx="12" cy="12" r="10"/><line x1="2" y1="12" x2="22" y2="12"/><path d="M12 2a15.3 15.3 0 0 1 4 10 15.3 15.3 0 0 1-4 10 15.3 15.3 0 0 1-4-10 15.3 15.3 0 0 1 4-10z"/></svg>' },
]},
{ label: 'Tools', items: [
{ id: 'docker', label: 'Docker',
svg: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="2" y="9" width="4" height="4"/><rect x="7" y="9" width="4" height="4"/><rect x="12" y="9" width="4" height="4"/><rect x="7" y="4" width="4" height="4"/><path d="M22 11c0 5-3.9 9-10 9-8 0-10-7-10-7"/></svg>' },
{ id: 'whitelabel', label: 'White Label',
svg: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><circle cx="12" cy="12" r="3"/><path d="M19.07 4.93a10 10 0 0 1 0 14.14M4.93 4.93a10 10 0 0 0 0 14.14"/></svg>' },
]},
];
const rPages = { dashboard: rDashboard, accounts: rAccounts, createAccount: rCreateAccount, packages: rPackages, dns: rDNS, docker: rDocker, whitelabel: rWhiteLabel };
@@ -310,19 +343,39 @@ let _rActivePage = 'dashboard';
function renderRNav() {
const nav = document.getElementById('sidebar-nav');
if (!nav) return;
nav.innerHTML = rNavItems.map(n => `
<a class="nav-item ${n.id === _rActivePage ? 'active' : ''}" href="#" onclick="resellerNav('${n.id}');return false">
<svg width="18" height="18"><use href="/assets/img/nova-icons.svg#${n.icon}"/></svg>
<span>${n.label}</span>
</a>`).join('');
nav.innerHTML = rNavGroups.map(g => `
<div class="sidebar-section">
<div class="sidebar-section-label">${g.label}</div>
${g.items.map(n => `
<a href="#" class="sidebar-link${n.id === _rActivePage ? ' active' : ''}" data-page="${n.id}">
${n.svg}
${n.label}
</a>`).join('')}
</div>`).join('');
nav.querySelectorAll('[data-page]').forEach(link => {
link.addEventListener('click', e => {
e.preventDefault();
if (window.innerWidth <= 768) {
document.getElementById('sidebar')?.classList.remove('open');
document.getElementById('sidebar-overlay')?.classList.remove('open');
document.body.style.overflow = '';
}
resellerNav(link.dataset.page);
});
});
}
window.resellerNav = (page) => {
_rActivePage = page;
renderRNav();
const allItems = rNavGroups.flatMap(g => g.items);
const item = allItems.find(n => n.id === page);
const titleEl = document.getElementById('page-title');
if (titleEl && item) titleEl.textContent = item.label;
const content = document.getElementById('page-content');
if (!content) return;
content.innerHTML = '<div class="loading">Loading…</div>';
content.innerHTML = '<div style="padding:2rem;color:var(--text-muted);text-align:center">Loading…</div>';
if (rPages[page]) rPages[page](content);
};
@@ -435,7 +488,9 @@ ${Object.entries(catalog).map(([key,app])=>`
}
window.rDockerAct = async (cid, action) => {
Nova.loading(`${action.charAt(0).toUpperCase()+action.slice(1)}ing container…`);
const r = await Nova.api('docker', 'container-action', { method: 'POST', body: { container_id: cid, action } });
Nova.loadingDone();
Nova.toast(r?.success ? `Container ${action}ed` : (r?.message||'Failed'), r?.success?'success':'error');
if (r?.success) rDockerLoadTab('containers');
};
@@ -485,8 +540,9 @@ window.rDockerLaunchModal = async (appKey, appName) => {
const params = {};
(app.params||[]).forEach(p => { params[p.key] = document.getElementById('rl-'+p.key)?.value||''; });
ov.remove();
Nova.toast('Deploying…', 'info', 10000);
Nova.loading(`Deploying ${appName}… this may take a minute`);
const r = await Nova.api('docker', 'launch', { method:'POST', body:{ account_id: acctId, app_key: key, params }});
Nova.loadingDone();
Nova.toast(r?.success?`${appName} deployed!`:(r?.message||'Deploy failed'), r?.success?'success':'error');
if (r?.success) rDockerLoadTab('containers');
};
@@ -636,7 +692,9 @@ window.rWlSave = async () => {
hide_powered_by: document.getElementById('wl-hide-powered')?.checked ? 1 : 0,
custom_css: document.getElementById('wl-css')?.value || '',
};
Nova.loading('Saving branding…');
const r = await Nova.api('branding', 'save', { method: 'POST', body });
Nova.loadingDone();
Nova.toast(r?.success ? 'Branding saved — reload to see changes' : (r?.message || 'Save failed'),
r?.success ? 'success' : 'error');
};
+221 -61
View File
@@ -16,9 +16,49 @@ async function initUser() {
document.getElementById('user-name').textContent = _user.username || 'User';
document.getElementById('auth-check').style.display = 'none';
document.getElementById('main-layout').style.display = '';
// Show impersonation banner if an admin/reseller is acting as this user
if (_user.impersonated_by) {
const imp = _user.impersonated_by;
const returnUrl = imp.role === 'reseller'
? location.href.replace(/:\d+/, ':8881')
: location.href.replace(/:\d+/, ':8882');
const banner = document.createElement('div');
banner.id = 'impersonation-banner';
banner.style.cssText = [
'position:fixed;top:0;left:0;right:0;z-index:99998',
'background:linear-gradient(135deg,#f59e0b,#d97706)',
'color:#fff;font-size:.82rem;font-weight:600',
'display:flex;align-items:center;justify-content:center;gap:1rem',
'padding:.45rem 1rem',
'box-shadow:0 2px 8px rgba(0,0,0,.25)',
].join(';');
banner.innerHTML = `
<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" width="16" height="16"><path d="M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2"/><circle cx="12" cy="7" r="4"/></svg>
Acting as <strong>${Nova.escHtml(_user.username)}</strong> logged in as ${Nova.escHtml(imp.username)} (${imp.role})
<button onclick="exitImpersonation()" style="background:rgba(0,0,0,.25);border:none;color:#fff;padding:.2rem .75rem;border-radius:4px;cursor:pointer;font-weight:600;font-size:.8rem">
Return to ${imp.role === 'reseller' ? 'Reseller' : 'Admin'} Panel
</button>`;
document.body.prepend(banner);
// Push content down so the fixed banner doesn't overlap
const layout = document.getElementById('main-layout');
if (layout) layout.style.marginTop = '36px';
}
return true;
}
window.exitImpersonation = async () => {
Nova.loading('Returning…');
const res = await Nova.api('auth', 'unimpersonate', { method: 'POST' });
Nova.loadingDone();
if (res?.success && res.data?.portal_url) {
window.location.href = res.data.portal_url;
} else {
Nova.toast(res?.message || 'Could not return', 'error');
}
};
function renderLogin() {
return `<div class="login-wrap">
<div class="login-card">
@@ -44,7 +84,9 @@ async function doLogin() {
const u = document.getElementById('li-user')?.value;
const p = document.getElementById('li-pass')?.value;
const err = document.getElementById('li-err');
Nova.loading('Signing in…');
const res = await Nova.api('auth', 'login', { method: 'POST', body: { username: u, password: p } });
Nova.loadingDone();
if (res?.success) {
if (res.data?.portal_url && !res.data.portal_url.includes(':8880')) {
location.href = res.data.portal_url;
@@ -76,27 +118,32 @@ const userPages = {
};
/* ── Dashboard ───────────────────────────────────────────────────────────── */
const _quickIcons = {
domains: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" width="24" height="24"><circle cx="12" cy="12" r="10"/><line x1="2" y1="12" x2="22" y2="12"/><path d="M12 2a15.3 15.3 0 0 1 4 10 15.3 15.3 0 0 1-4 10 15.3 15.3 0 0 1-4-10 15.3 15.3 0 0 1 4-10z"/></svg>',
email: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" width="24" height="24"><path d="M4 4h16c1.1 0 2 .9 2 2v12c0 1.1-.9 2-2 2H4c-1.1 0-2-.9-2-2V6c0-1.1.9-2 2-2z"/><polyline points="22,6 12,13 2,6"/></svg>',
databases: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" width="24" height="24"><ellipse cx="12" cy="5" rx="9" ry="3"/><path d="M21 12c0 1.66-4 3-9 3s-9-1.34-9-3"/><path d="M3 5v14c0 1.66 4 3 9 3s9-1.34 9-3V5"/></svg>',
ftp: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" width="24" height="24"><path d="M22 19a2 2 0 0 1-2 2H4a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h5l2 3h9a2 2 0 0 1 2 2z"/></svg>',
ssl: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" width="24" height="24"><rect x="3" y="11" width="18" height="11" rx="2"/><path d="M7 11V7a5 5 0 0 1 10 0v4"/></svg>',
php: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" width="24" height="24"><polyline points="16 18 22 12 16 6"/><polyline points="8 6 2 12 8 18"/></svg>',
cron: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" width="24" height="24"><circle cx="12" cy="12" r="10"/><polyline points="12 6 12 12 16 14"/></svg>',
files: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" width="24" height="24"><path d="M13 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V9z"/><polyline points="13 2 13 9 20 9"/></svg>',
};
async function dashboard(el) {
el.innerHTML = `<div class="page-header"><h2 class="page-title">Dashboard</h2></div>
<div id="dash-rings" class="stats-grid">
${['Disk','Bandwidth','Emails','Databases'].map(l => `<div class="stat-card"><div class="stat-label">${l}</div><div class="stat-value">—</div></div>`).join('')}
${['Disk','Databases','Email Accts','FTP Accts'].map(l => `<div class="stat-card"><div class="stat-label">${l}</div><div class="stat-value">—</div></div>`).join('')}
</div>
<div class="card" style="margin-top:1.5rem">
<div class="card-header"><span class="card-title">Quick Access</span></div>
<div style="display:grid;grid-template-columns:repeat(auto-fill,minmax(130px,1fr));gap:1rem;padding:1.25rem">
${[
['ni-domains','Domains','domains'],
['ni-email','Email','email'],
['ni-databases','Databases','databases'],
['ni-ftp','FTP','ftp'],
['ni-ssl','SSL','ssl'],
['ni-php','PHP','php'],
['ni-cron','Cron Jobs','cron'],
['ni-files','File Manager','files'],
].map(([icon,label,page]) => `
<button class="btn" style="display:flex;flex-direction:column;align-items:center;gap:.5rem;padding:1rem;background:var(--bg3);border:1px solid var(--border);border-radius:var(--radius)" onclick="userNav('${page}')">
<svg width="24" height="24" style="color:var(--primary)"><use href="/assets/img/nova-icons.svg#${icon}"/></svg>
<span style="font-size:.8rem">${label}</span>
['domains','Domains'],['email','Email'],['databases','Databases'],['ftp','FTP'],
['ssl','SSL'],['php','PHP'],['cron','Cron Jobs'],['files','File Manager'],
].map(([page, label]) => `
<button class="btn" style="display:flex;flex-direction:column;align-items:center;gap:.5rem;padding:1rem;background:var(--bg3);border:1px solid var(--border);border-radius:var(--radius);color:var(--primary)" onclick="userNav('${page}')">
${_quickIcons[page] || ''}
<span style="font-size:.8rem;color:var(--text)">${label}</span>
</button>`).join('')}
</div>
</div>`;
@@ -194,8 +241,9 @@ window.removeDomain = (id, domain) => {
};
window.issueSSL = async (domainId, domain) => {
Nova.toast(`Issuing Let's Encrypt SSL for ${domain}`,'info',6000);
Nova.loading(`Issuing SSL for ${domain}`);
const res = await Nova.api('ssl', 'issue', { method: 'POST', body: { domain } });
Nova.loadingDone();
if (res?.success) { Nova.toast('SSL issued successfully','success'); loadDomainsList(); }
else Nova.toast(res?.message || 'SSL failed — check domain DNS','error',6000);
};
@@ -468,9 +516,11 @@ window.issueNewSSL = () => {
};
window.submitIssueSSL = async () => {
const domain = document.getElementById('ssl-dom')?.value;
Nova.toast(`Issuing SSL for ${domain}`, 'info', 8000);
const email = document.getElementById('ssl-email')?.value;
document.querySelector('.modal-overlay')?.remove();
const res = await Nova.api('ssl', 'issue', { method:'POST', body:{ domain, email: document.getElementById('ssl-email')?.value }});
Nova.loading(`Issuing SSL for ${domain}`);
const res = await Nova.api('ssl', 'issue', { method:'POST', body:{ domain, email }});
Nova.loadingDone();
if (res?.success) { Nova.toast('SSL issued!','success'); loadSSLList(); }
else Nova.toast(res?.message || 'SSL issue failed','error',8000);
};
@@ -507,7 +557,7 @@ async function phpPage(el) {
]);
if (versRes?.success) {
document.getElementById('php-versions').innerHTML = versRes.data.map(v => `
document.getElementById('php-versions').innerHTML = (versRes.data?.versions || []).map(v => `
<div style="display:flex;align-items:center;justify-content:space-between;padding:.75rem 0;border-bottom:1px solid var(--border)">
<div>
<strong>PHP ${v.version}</strong>
@@ -532,17 +582,21 @@ async function phpPage(el) {
}
window.switchPHP = async (ver) => {
Nova.loading(`Switching to PHP ${ver}`);
const res = await Nova.api('php', 'switch-version', { method:'POST', body:{ version: ver }});
Nova.loadingDone();
if (res?.success) { Nova.toast(`Switched to PHP ${ver}`,'success'); phpPage(document.getElementById('page-content')); }
else Nova.toast(res?.message,'error');
};
window.savePHPSettings = async () => {
Nova.loading('Saving PHP settings…');
const res = await Nova.api('php', 'update-config', { method:'POST', body:{
memory_limit: document.getElementById('php-mem')?.value,
max_execution_time: document.getElementById('php-exec')?.value,
upload_max_filesize: document.getElementById('php-upload')?.value,
post_max_size: document.getElementById('php-post')?.value,
}});
Nova.loadingDone();
if (res?.success) Nova.toast('PHP settings saved','success');
else Nova.toast(res?.message,'error');
};
@@ -748,36 +802,119 @@ async function statsPage(el) {
/* ── Backups ────────────────────────────────────────────────────────────── */
async function backups(el) {
el.innerHTML = `<div class="page-header">
<h2 class="page-title">Backups</h2>
<button class="btn btn-primary btn-sm" onclick="createBackup()">+ Create Backup</button>
</div>
<div class="card"><div id="backup-list"><div class="loading">Loading</div></div></div>`;
const res = await Nova.api('system', 'audit-log', { params:{ limit:5 }});
document.getElementById('backup-list').innerHTML = `<div style="padding:1.5rem;text-align:center;color:var(--muted)">
<svg width="48" height="48" style="opacity:.4"><use href="/assets/img/nova-icons.svg#ni-backups"/></svg>
<div style="margin-top:.75rem">Backup management is being configured by your hosting provider.</div>
<div style="font-size:.85rem;margin-top:.25rem">Contact support to request a manual backup.</div>
</div>`;
el.innerHTML = `
<div class="page-header">
<h2 class="page-title">Backups</h2>
<button class="btn btn-primary btn-sm" onclick="createBackup()">+ Create Backup</button>
</div>
<div class="card">
<div id="backup-list"><div style="padding:2rem;text-align:center;color:var(--text-muted)">Loading</div></div>
</div>`;
await loadBackupList();
}
window.createBackup = () => Nova.toast('Backup request submitted — you will be notified when ready.','info');
async function loadBackupList() {
const el = document.getElementById('backup-list');
if (!el) return;
const res = await Nova.api('backup', 'list');
const list = res?.data?.backups || [];
if (!list.length) {
el.innerHTML = `<div style="padding:2.5rem;text-align:center;color:var(--text-muted)">
<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" width="48" height="48" style="opacity:.35;margin-bottom:.75rem">
<polyline points="23 4 23 10 17 10"/><polyline points="1 20 1 14 7 14"/>
<path d="M3.51 9a9 9 0 0 1 14.85-3.36L23 10M1 14l4.64 4.36A9 9 0 0 0 20.49 15"/>
</svg>
<div style="margin-bottom:.25rem">No backups yet.</div>
<div style="font-size:.82rem">Click <strong>+ Create Backup</strong> to create your first backup.</div>
</div>`;
return;
}
el.innerHTML = `<div style="overflow-x:auto"><table class="table">
<thead><tr><th>Date</th><th>Type</th><th>Size</th><th>Status</th><th>Actions</th></tr></thead>
<tbody>
${list.map(b => `<tr>
<td>${Nova.relTime(b.created_at)}</td>
<td>${Nova.badge(b.type, 'blue')}</td>
<td>${b.size ? Nova.bytes(parseInt(b.size)) : '—'}</td>
<td>${Nova.badge(b.status, b.status==='complete'?'green':b.status==='running'?'yellow':'red')}</td>
<td>
${b.status === 'complete'
? `<a href="/api/?endpoint=backup&action=download&id=${b.id}" class="btn btn-xs btn-ghost">Download</a>`
: ''}
</td>
</tr>`).join('')}
</tbody>
</table></div>`;
}
window.createBackup = () => {
Nova.modal('Create Backup',
`<div class="form-group">
<label class="form-label">Backup Type</label>
<select id="bk-type" class="form-control">
<option value="full">Full backup files + all databases</option>
<option value="files">Files only</option>
<option value="database">Databases only</option>
</select>
</div>
<p style="font-size:.82rem;color:var(--text-muted);margin-top:.5rem">Backups run on the server and may take a few minutes for large accounts.</p>`,
`<button class="btn btn-ghost" onclick="this.closest('.modal-overlay').remove()">Cancel</button>
<button class="btn btn-primary" onclick="submitCreateBackup()">Create Backup</button>`
);
};
window.submitCreateBackup = async () => {
const type = document.getElementById('bk-type')?.value || 'full';
document.querySelector('.modal-overlay')?.remove();
Nova.loading('Creating backup… this may take a few minutes');
const res = await Nova.api('backup', 'create', { method: 'POST', body: { type } });
Nova.loadingDone();
if (res?.success) {
Nova.toast('Backup created successfully', 'success');
loadBackupList();
} else {
Nova.toast(res?.message || 'Backup failed', 'error');
}
};
/* ── Navigation ─────────────────────────────────────────────────────────── */
const navItems = [
{ id: 'dashboard', label: 'Dashboard', icon: 'ni-dashboard' },
{ id: 'domains', label: 'Domains', icon: 'ni-domains' },
{ id: 'email', label: 'Email', icon: 'ni-email' },
{ id: 'databases', label: 'Databases', icon: 'ni-databases' },
{ id: 'ftp', label: 'FTP', icon: 'ni-ftp' },
{ id: 'ssl', label: 'SSL / TLS', icon: 'ni-ssl' },
{ id: 'php', label: 'PHP', icon: 'ni-php' },
{ id: 'cron', label: 'Cron Jobs', icon: 'ni-cron' },
{ id: 'files', label: 'File Manager', icon: 'ni-files' },
{ id: 'stats', label: 'Statistics', icon: 'ni-stats' },
{ id: 'backups', label: 'Backups', icon: 'ni-backups' },
{ id: 'docker', label: 'Docker', icon: 'ni-docker' },
{ id: 'change-password', label: 'Change Password', icon: 'ni-lock' },
const navGroups = [
{ label: 'Overview', items: [
{ id: 'dashboard', label: 'Dashboard',
svg: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="3" y="3" width="7" height="7"/><rect x="14" y="3" width="7" height="7"/><rect x="3" y="14" width="7" height="7"/><rect x="14" y="14" width="7" height="7"/></svg>' },
]},
{ label: 'Hosting', items: [
{ id: 'domains', label: 'Domains',
svg: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><circle cx="12" cy="12" r="10"/><line x1="2" y1="12" x2="22" y2="12"/><path d="M12 2a15.3 15.3 0 0 1 4 10 15.3 15.3 0 0 1-4 10 15.3 15.3 0 0 1-4-10 15.3 15.3 0 0 1 4-10z"/></svg>' },
{ id: 'email', label: 'Email',
svg: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M4 4h16c1.1 0 2 .9 2 2v12c0 1.1-.9 2-2 2H4c-1.1 0-2-.9-2-2V6c0-1.1.9-2 2-2z"/><polyline points="22,6 12,13 2,6"/></svg>' },
{ id: 'databases', label: 'Databases',
svg: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><ellipse cx="12" cy="5" rx="9" ry="3"/><path d="M21 12c0 1.66-4 3-9 3s-9-1.34-9-3"/><path d="M3 5v14c0 1.66 4 3 9 3s9-1.34 9-3V5"/></svg>' },
{ id: 'ftp', label: 'FTP',
svg: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M22 19a2 2 0 0 1-2 2H4a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h5l2 3h9a2 2 0 0 1 2 2z"/></svg>' },
{ id: 'ssl', label: 'SSL / TLS',
svg: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="3" y="11" width="18" height="11" rx="2"/><path d="M7 11V7a5 5 0 0 1 10 0v4"/></svg>' },
]},
{ label: 'Management', items: [
{ id: 'php', label: 'PHP',
svg: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><polyline points="16 18 22 12 16 6"/><polyline points="8 6 2 12 8 18"/></svg>' },
{ id: 'cron', label: 'Cron Jobs',
svg: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><circle cx="12" cy="12" r="10"/><polyline points="12 6 12 12 16 14"/></svg>' },
{ id: 'files', label: 'File Manager',
svg: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M13 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V9z"/><polyline points="13 2 13 9 20 9"/></svg>' },
{ id: 'stats', label: 'Statistics',
svg: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><line x1="18" y1="20" x2="18" y2="10"/><line x1="12" y1="20" x2="12" y2="4"/><line x1="6" y1="20" x2="6" y2="14"/></svg>' },
]},
{ label: 'Tools', items: [
{ id: 'backups', label: 'Backups',
svg: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><polyline points="23 4 23 10 17 10"/><polyline points="1 20 1 14 7 14"/><path d="M3.51 9a9 9 0 0 1 14.85-3.36L23 10M1 14l4.64 4.36A9 9 0 0 0 20.49 15"/></svg>' },
{ id: 'docker', label: 'Docker',
svg: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="2" y="9" width="4" height="4"/><rect x="7" y="9" width="4" height="4"/><rect x="12" y="9" width="4" height="4"/><rect x="7" y="4" width="4" height="4"/><path d="M22 11c0 5-3.9 9-10 9-8 0-10-7-10-7"/></svg>' },
]},
{ label: 'Account', items: [
{ id: 'change-password', label: 'Change Password',
svg: '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="3" y="11" width="18" height="11" rx="2"/><path d="M7 11V7a5 5 0 0 1 10 0v4"/></svg>' },
]},
];
let _activePage = 'dashboard';
@@ -785,19 +922,39 @@ let _activePage = 'dashboard';
function renderNav() {
const nav = document.getElementById('sidebar-nav');
if (!nav) return;
nav.innerHTML = navItems.map(n => `
<a class="nav-item ${n.id === _activePage ? 'active' : ''}" href="#" onclick="userNav('${n.id}');return false">
<svg width="18" height="18"><use href="/assets/img/nova-icons.svg#${n.icon}"/></svg>
<span>${n.label}</span>
</a>`).join('');
nav.innerHTML = navGroups.map(g => `
<div class="sidebar-section">
<div class="sidebar-section-label">${g.label}</div>
${g.items.map(n => `
<a href="#" class="sidebar-link${n.id === _activePage ? ' active' : ''}" data-page="${n.id}">
${n.svg}
${n.label}
</a>`).join('')}
</div>`).join('');
nav.querySelectorAll('[data-page]').forEach(link => {
link.addEventListener('click', e => {
e.preventDefault();
if (window.innerWidth <= 768) {
document.getElementById('sidebar')?.classList.remove('open');
document.getElementById('sidebar-overlay')?.classList.remove('open');
document.body.style.overflow = '';
}
userNav(link.dataset.page);
});
});
}
window.userNav = (page) => {
_activePage = page;
renderNav();
const allItems = navGroups.flatMap(g => g.items);
const item = allItems.find(n => n.id === page);
const titleEl = document.getElementById('page-title');
if (titleEl && item) titleEl.textContent = item.label;
const content = document.getElementById('page-content');
if (!content) return;
content.innerHTML = '<div class="loading">Loading…</div>';
content.innerHTML = '<div style="padding:2rem;color:var(--text-muted);text-align:center">Loading…</div>';
if (userPages[page]) userPages[page](content);
};
@@ -944,7 +1101,9 @@ ${Object.entries(catalog).map(([key,app])=>`
}
window.uDockerAct = async (cid, action) => {
Nova.loading(`${action.charAt(0).toUpperCase()+action.slice(1)}ing container…`);
const r = await Nova.api('docker', 'container-action', { method: 'POST', body: { container_id: cid, action } });
Nova.loadingDone();
Nova.toast(r?.success ? `Container ${action}ed` : (r?.message||'Failed'), r?.success?'success':'error');
if (r?.success) {
const c = (window._uDockerContainers||[]).find(x=>x.container_id===cid);
@@ -965,6 +1124,16 @@ window.uDockerLaunchApp = async (preselect) => {
const entries = Object.entries(catalog);
const appOpts = entries.map(([k,a])=>`<option value="${k}" ${k===preselect?'selected':''}>${Nova.escHtml(a.name)}</option>`).join('');
window.uDockerUpdateParams = (key) => {
const app = catalog[key];
if (!app) return;
const tc = document.getElementById('ul-params');
if (!tc) return;
tc.innerHTML = (app.params||[]).map(p=>`
<div class="form-group"><label>${Nova.escHtml(p.label)}${p.required?' *':''}</label>
<input id="ul-${Nova.escHtml(p.key)}" type="${p.type||'text'}" class="form-control" ${p.placeholder?`placeholder="${Nova.escHtml(p.placeholder)}"`:''}></div>`).join('');
};
const ov = Nova.modal('Launch App',
`<div class="form-group"><label>App</label>
<select id="ul-app" class="form-control" onchange="uDockerUpdateParams(this.value)">${appOpts}</select></div>
@@ -976,16 +1145,6 @@ window.uDockerLaunchApp = async (preselect) => {
const initialKey = preselect || entries[0]?.[0];
if (initialKey) uDockerUpdateParams(initialKey);
window.uDockerUpdateParams = (key) => {
const app = catalog[key];
if (!app) return;
const tc = document.getElementById('ul-params');
if (!tc) return;
tc.innerHTML = (app.params||[]).map(p=>`
<div class="form-group"><label>${Nova.escHtml(p.label)}${p.required?' *':''}</label>
<input id="ul-${Nova.escHtml(p.key)}" type="${p.type||'text'}" class="form-control" ${p.placeholder?`placeholder="${Nova.escHtml(p.placeholder)}"`:''}></div>`).join('');
};
window.uDockerLaunchSubmit = async () => {
const key = document.getElementById('ul-app')?.value;
const app = catalog[key];
@@ -995,8 +1154,9 @@ window.uDockerLaunchApp = async (preselect) => {
const missing = (app.params||[]).filter(p=>p.required && !params[p.key]);
if (missing.length) { Nova.toast(`Required: ${missing.map(p=>p.label).join(', ')}`, 'error'); return; }
ov.remove();
Nova.toast(`Launching ${app.name}… this may take a minute`, 'info', 15000);
Nova.loading(`Launching ${app.name}… this may take a minute`);
const r = await Nova.api('docker', 'launch', { method: 'POST', body: { app_key: key, params } });
Nova.loadingDone();
Nova.toast(r?.success ? `${app.name} launched!` : (r?.message||'Launch failed'), r?.success?'success':'error');
if (r?.success) {
const cr = await Nova.api('docker', 'containers');