diff --git a/panel/api/endpoints/dns.php b/panel/api/endpoints/dns.php index e475874..5d0b277 100644 --- a/panel/api/endpoints/dns.php +++ b/panel/api/endpoints/dns.php @@ -24,11 +24,10 @@ match ($action) { })(), 'records' => (function() use ($db, $body) { - $zoneId = (int)($_GET['zone_id'] ?? 0); + $zoneId = (int)($_GET['zone_id'] ?? $body['zone_id'] ?? 0); if (!$zoneId) Response::error("zone_id required"); $records = $db->fetchAll("SELECT * FROM dns_records WHERE zone_id = ? ORDER BY type, name", [$zoneId]); - $zone = $db->fetchOne("SELECT * FROM dns_zones WHERE id = ?", [$zoneId]); - Response::success(['zone' => $zone, 'records' => $records]); + Response::success($records); })(), 'add-record' => (function() use ($db, $body, $accountId) { @@ -68,10 +67,11 @@ match ($action) { 'create-zone' => (function() use ($db, $body, $accountId, $user) { Auth::getInstance()->require('admin', 'reseller'); - $domain = strtolower(trim($body['domain'] ?? '')); - $acctId = (int)($body['account_id'] ?? $accountId ?? 0); + $domain = strtolower(trim($body['domain'] ?? '')); + $acctId = (int)($body['account_id'] ?? $accountId ?? 0); if (!$domain) Response::error("Domain required"); - if (!$acctId) Response::error("account_id required"); + // Admins can create zones not tied to any account (acctId = 0) + if (!$acctId && $user['role'] !== 'admin') Response::error("account_id required"); DNSManager::createZone($acctId, $domain); audit('dns.create-zone', $domain); Response::success(null, "DNS zone created for $domain"); @@ -80,6 +80,10 @@ match ($action) { 'delete-zone' => (function() use ($db, $body, $user) { Auth::getInstance()->require('admin'); $domain = trim($body['domain'] ?? ''); + if (!$domain && isset($body['zone_id'])) { + $row = $db->fetchOne("SELECT domain FROM dns_zones WHERE id = ?", [(int)$body['zone_id']]); + $domain = $row['domain'] ?? ''; + } if (!$domain) Response::error("Domain required"); DNSManager::removeZone($domain); audit('dns.delete-zone', $domain); diff --git a/panel/api/endpoints/ssl.php b/panel/api/endpoints/ssl.php index 5d545f9..5a115bc 100644 --- a/panel/api/endpoints/ssl.php +++ b/panel/api/endpoints/ssl.php @@ -31,6 +31,34 @@ match ($action) { Response::success($result, "SSL certificate issued for $domain"); })(), + 'generate-csr' => (function() use ($body, $accountId) { + $domain = preg_replace('/[^a-zA-Z0-9\-\.]/', '', trim($body['domain'] ?? '')); + $country = preg_replace('/[^A-Z]/', '', strtoupper(substr(trim($body['country'] ?? 'US'), 0, 2))); + $state = substr(trim($body['state'] ?? 'State'), 0, 64); + $city = substr(trim($body['city'] ?? 'City'), 0, 64); + $org = substr(trim($body['org'] ?? 'Organization'), 0, 64); + if (!$domain) Response::error("Domain required"); + + $keyFile = tempnam('/tmp', 'ncpx_key_'); + $csrFile = tempnam('/tmp', 'ncpx_csr_'); + $subj = "/C={$country}/ST={$state}/L={$city}/O={$org}/CN={$domain}"; + $sanConf = "[req]\ndistinguished_name=req\n[san]\nsubjectAltName=DNS:{$domain},DNS:www.{$domain}"; + $confFile = tempnam('/tmp', 'ncpx_conf_'); + file_put_contents($confFile, $sanConf); + + shell_exec("openssl req -newkey rsa:2048 -nodes -keyout " . escapeshellarg($keyFile) + . " -out " . escapeshellarg($csrFile) + . " -subj " . escapeshellarg($subj) + . " -reqexts san -config " . escapeshellarg($confFile) . " 2>/dev/null"); + + $csr = file_exists($csrFile) ? trim(file_get_contents($csrFile)) : ''; + $key = file_exists($keyFile) ? trim(file_get_contents($keyFile)) : ''; + foreach ([$keyFile, $csrFile, $confFile] as $f) { @unlink($f); } + + if (!$csr || !$key) Response::error("OpenSSL CSR generation failed — is openssl installed?"); + Response::success(['csr' => $csr, 'private_key' => $key, 'domain' => $domain], 'CSR generated'); + })(), + 'install-custom' => (function() use ($body, $accountId) { $domain = trim($body['domain'] ?? ''); $cert = trim($body['cert'] ?? ''); diff --git a/panel/api/endpoints/system.php b/panel/api/endpoints/system.php index 0b059aa..6489af4 100644 --- a/panel/api/endpoints/system.php +++ b/panel/api/endpoints/system.php @@ -114,6 +114,7 @@ match ($action) { // ── Apply OS update ─────────────────────────────────────────────────────── 'apply-os-update' => (function() use ($db) { Auth::getInstance()->require('admin'); + set_time_limit(300); $panelPorts = [PORT_USER, PORT_RESELLER, PORT_ADMIN]; $webSvc = defined('WEB_SERVER') && WEB_SERVER === 'nginx' ? 'nginx' : 'apache2'; @@ -199,6 +200,7 @@ match ($action) { // ── Apply NovaCPX update ───────────────────────────────────────────────── 'apply-novacpx-update' => (function() use ($db) { Auth::getInstance()->require('admin'); + set_time_limit(180); $srcDir = '/opt/novacpx-src'; $webRoot = defined('WEB_ROOT') ? WEB_ROOT : '/srv/novacpx/public'; $webSvc = defined('WEB_SERVER') && WEB_SERVER === 'nginx' ? 'nginx' : 'apache2'; @@ -255,19 +257,22 @@ match ($action) { } // Reload PHP-FPM to pick up new code - shell_exec("systemctl reload php8.3-fpm 2>/dev/null || true"); + shell_exec("systemctl reload php8.3-fpm 2>/dev/null || systemctl reload php8.2-fpm 2>/dev/null || true"); - // Verify panel is still up + // Verify panel is still up using curl (handles both HTTP and HTTPS) sleep(2); - $panelOk = @fsockopen('127.0.0.1', PORT_ADMIN, $e, $es, 3); + $port = defined('PORT_ADMIN') ? PORT_ADMIN : 8882; + $schemes = ['https','http']; + $panelOk = false; + foreach ($schemes as $scheme) { + $code = trim(shell_exec("curl -sk -o /dev/null -w '%{http_code}' {$scheme}://127.0.0.1:{$port}/api/system/version --max-time 5 2>/dev/null") ?: ''); + if (in_array($code, ['200','401','302','301'])) { $panelOk = true; break; } + } if (!$panelOk) { - // Restore backup and reload shell_exec("rsync -a --delete " . escapeshellarg("$backupDir/public/") . " " . escapeshellarg("$webRoot/") . " 2>&1"); shell_exec("systemctl reload $webSvc 2>/dev/null"); novacpx_log('error', "NovaCPX update failed — panel down after deploy; restored from backup"); Response::error('Update deployed but panel went down — auto-restored from backup. Check logs.'); - } else { - fclose($panelOk); } audit('system.novacpx-update', "novacpx:$before→$after"); @@ -331,6 +336,14 @@ match ($action) { ]); })(), + // ── Single-service status check (lightweight) ───────────────────────────── + 'svc-check' => (function() { + Auth::getInstance()->require('admin'); + $svc = preg_replace('/[^a-z0-9\-_.]/', '', $_GET['service'] ?? ''); + $status = $svc ? trim(shell_exec("systemctl is-active " . escapeshellarg($svc) . " 2>/dev/null") ?: 'unknown') : 'unknown'; + Response::success(['service' => $svc, 'status' => $status]); + })(), + // ── Service control (start/stop/restart) ────────────────────────────────── 'service' => (function() use ($body, $db) { Auth::getInstance()->require('admin'); diff --git a/panel/public/assets/css/nova.css b/panel/public/assets/css/nova.css index 0c49803..3bceb03 100644 --- a/panel/public/assets/css/nova.css +++ b/panel/public/assets/css/nova.css @@ -71,15 +71,19 @@ body { .form-group label { display: block; font-size: .85rem; font-weight: 500; margin-bottom: .4rem; color: var(--text-muted); } input[type="text"], input[type="password"], input[type="email"], -input[type="number"], input[type="url"], select, textarea { +input[type="number"], input[type="url"], input[type="search"], +input[type="date"], input[type="time"], input[type="tel"], +input:not([type]), .form-control, select, textarea { width: 100%; padding: .65rem .9rem; background: var(--bg3); border: 1px solid var(--border); border-radius: var(--radius); color: var(--text); font-family: var(--font); font-size: .9rem; transition: border-color .15s; outline: none; + box-sizing: border-box; } -input:focus, select:focus, textarea:focus { border-color: var(--primary); } +input:focus, select:focus, textarea:focus, .form-control:focus { border-color: var(--primary); } +input[type="date"]::-webkit-calendar-picker-indicator { filter: invert(1) opacity(.5); } .input-with-icon { position: relative; } .input-with-icon input { padding-right: 2.5rem; } diff --git a/panel/public/assets/js/admin.js b/panel/public/assets/js/admin.js index 9f6372a..edad38a 100644 --- a/panel/public/assets/js/admin.js +++ b/panel/public/assets/js/admin.js @@ -153,8 +153,8 @@ ${Object.entries(s.services || {}).map(([svc, status]) => ` - - + + - `).join(''); + const records = Array.isArray(res.data) ? res.data : []; + const rows = records.map(r => ` + `).join(''); Nova.modal(`DNS: ${domain}`, ` -
${Nova.serviceDot(status)} ${svc}${Nova.badge(status, status === 'active' ? 'green' : 'red')}${Nova.serviceDot(status)} ${svc}${Nova.badge(status, status === 'active' ? 'green' : 'red')} @@ -483,7 +483,7 @@
PHP ${v.version} - ${v.installed ? Nova.badge(v.fpm_active ? 'active' : 'stopped', v.fpm_active ? 'green' : 'yellow') : Nova.badge('not installed','muted')} + ${v.installed ? Nova.badge(v.fpm_active ? 'active' : 'stopped', v.fpm_active ? 'green' : 'yellow') : Nova.badge('not installed','muted')}
${v.is_default ? `
Panel default
` : ''}
@@ -522,7 +522,7 @@ window.phpFpmAction = async (ver, cmd) => { const r = await Nova.api('php', 'fpm-action', { method: 'POST', body: { version: ver, command: cmd } }); - if (r?.success) { Nova.toast(r.message, 'success'); adminPage('php-manager'); } + if (r?.success) { Nova.toast(r.message, 'success'); refreshSvcStatus(`php${ver}-fpm`); } else Nova.toast(r?.message || 'Action failed', 'error'); }; @@ -964,19 +964,20 @@ window.adminEditZone = async (id, domain) => { const res = await Nova.api('dns', 'records', {params:{zone_id:id}}); if (!res?.success) { Nova.toast('Failed to load records','error'); return; } - const rows = res.data.map(r => `
${r.name}${Nova.badge(r.type,'default')}${r.value}${r.ttl}
${Nova.escHtml(r.name)}${Nova.badge(r.type,'default')}${Nova.escHtml(r.content||r.value||'')}${r.ttl||3600}
${rows}
NameTypeValueTTL
`); +
${rows||''}
NameTypeContentTTL
No records yet.
`); }; window.adminAddRecord = (zoneId, domain) => { Nova.modal('Add Record', `
-
-
+
+
`, - ``); + ``); }; window.adminDelRecord = async (id, zoneId, domain) => { Nova.confirm('Delete this record?', async () => { @@ -1034,7 +1035,7 @@
${Object.entries(svcs).map(([s,st]) => `
- ${s}${Nova.badge(st,st==='active'?'green':'red')} + ${s}${Nova.badge(st,st==='active'?'green':'red')}
@@ -1052,34 +1053,47 @@ const res = await Nova.api('ssl', 'list', {params:{account_id:0}}); const certs = res?.data || []; return ` -
+ + +
- SSL Certificate Manager - + Certificates +
+ + + +
- ${certs.length ? ` + ${certs.length ? `
DomainAccountTypeExpiresDaysActions
${certs.map(c => { const days = c.days_remaining; const badge = days !== null ? Nova.badge(days+'d', days<7?'red':days<30?'yellow':'green') : Nova.badge('unknown','muted'); return ` - - - + + + `; }).join('')} -
DomainAccountTypeExpiresDaysActions
${c.domain}${c.username||'—'}${Nova.badge(c.type,'default')}${Nova.escHtml(c.domain)}${Nova.escHtml(c.username||'—')}${Nova.badge(c.type||'lets-encrypt','default')} ${c.expires_at||'—'} ${badge} - +
` - : '
No SSL certificates issued yet.
'} +
` + : '
No SSL certificates yet.
'} +
+ +
+
About SSL Options
+
+

Let's Encrypt — Free automatic SSL via Certbot. Requires a publicly reachable domain (port 80 open). Use "Issue LE for All Domains" to auto-issue for every account.

+

Custom SSL — Upload a certificate from any CA (Comodo, DigiCert, GlobalSign, etc). Paste the certificate, private key, and CA chain. Use "Generate CSR" to create a signing request to send to your CA.

+
`; } window.adminIssueBulkSSL = async () => { Nova.toast('Queuing SSL for all domains without certificates…','info',6000); - // Get all accounts, then issue SSL for each domain const accts = await Nova.api('accounts','list',{params:{limit:1000}}); let count = 0; for (const a of (accts?.data?.accounts || [])) { @@ -1102,6 +1116,60 @@ else Nova.toast(r?.message,'error'); }, true); }; + window.adminGenerateCSR = () => { + Nova.modal('Generate CSR', ` +

Fill in your details. Submit to CA, keep the private key safe.

+
+
+
+
+
+
+
`, + ``); + }; + window.adminDoGenerateCSR = async () => { + const domain = document.getElementById('csr-domain')?.value?.trim(); + const country = document.getElementById('csr-country')?.value?.trim(); + const state = document.getElementById('csr-state')?.value?.trim(); + const city = document.getElementById('csr-city')?.value?.trim(); + const org = document.getElementById('csr-org')?.value?.trim(); + if (!domain) { Nova.toast('Domain required','error'); return; } + Nova.toast('Generating CSR…','info'); + const r = await Nova.api('ssl','generate-csr',{method:'POST',body:{domain,country,state,city,org}}); + if (!r?.success) { Nova.toast(r?.message||'Failed','error'); return; } + document.querySelector('.modal-overlay')?.remove(); + Nova.modal(`CSR for ${domain}`, ` +

Submit the CSR to your certificate authority. Store the private key securely — you'll need it when uploading the issued cert.

+
+
+
+
+ + `); + }; + window.adminInstallCustomSSL = () => { + Nova.modal('Upload Custom SSL Certificate', ` +

Paste the certificate and key from your CA. Chain/CA bundle is optional but recommended.

+
+
+
+
`, + ``); + }; + window.adminDoInstallCustomSSL = async () => { + const domain = document.getElementById('cssl-domain')?.value?.trim(); + const cert = document.getElementById('cssl-cert')?.value?.trim(); + const key = document.getElementById('cssl-key')?.value?.trim(); + const chain = document.getElementById('cssl-chain')?.value?.trim(); + if (!domain || !cert || !key) { Nova.toast('Domain, certificate, and key are required','error'); return; } + const r = await Nova.api('ssl','install-custom',{method:'POST',body:{domain,cert,key,chain}}); + if (r?.success) { + Nova.toast('Custom SSL installed','success'); + document.querySelector('.modal-overlay')?.remove(); + adminPage('ssl-manager'); + } else { Nova.toast(r?.message||'Failed','error'); } + }; // ── Firewall ─────────────────────────────────────────────────────────────── // ── Firewall ─────────────────────────────────────────────────────────────── @@ -1712,7 +1780,7 @@ ${dbs.map(d=>`
${[['postfix',mailStatus],['dovecot',doveStatus]].map(([s,st]) => `
- ${s} ${Nova.badge(st,st==='active'?'green':'red')} + ${s} ${Nova.badge(st,st==='active'?'green':'red')}
@@ -1749,7 +1817,7 @@ ${dbs.map(d=>`
FTP Server (${label}) - ${Nova.badge(status, status==='active'?'green':'red')} + ${Nova.badge(status, status==='active'?'green':'red')}
@@ -1823,6 +1891,21 @@ ${dbs.map(d=>` window.adminServiceAction = async (svc, cmd) => { const res = await Nova.api('system', 'service', { method: 'POST', body: { service: svc, command: cmd } }); Nova.toast(`${svc}: ${cmd} → ${res?.success ? 'OK' : res?.message}`, res?.success ? 'success' : 'error'); + if (res?.success && cmd !== 'flush') refreshSvcStatus(svc); + }; + + // Polls is-active after a short delay and updates all [data-svc-status] / [data-svc-dot] in the DOM + window.refreshSvcStatus = async (svc, delay = 1500) => { + await new Promise(r => setTimeout(r, delay)); + const r = await Nova.api('system', 'svc-check', { params: { service: svc } }); + const status = r?.data?.status || 'unknown'; + const color = status === 'active' ? 'green' : 'red'; + document.querySelectorAll(`[data-svc-status="${svc}"]`).forEach(el => { + el.innerHTML = Nova.badge(status, color); + }); + document.querySelectorAll(`[data-svc-dot="${svc}"]`).forEach(el => { + el.innerHTML = Nova.serviceDot(status); + }); }; window.phpAction = async (ver, cmd) => { const svc = `php${ver}-fpm`; @@ -2666,13 +2749,19 @@ window.sessionsRevokeAll = () => { }; // ── #31-35 Docker Management ─────────────────────────────────────────────── -async function docker(el) { - el.innerHTML = '
Loading Docker status…
'; +async function docker() { const st = await Nova.api('docker', 'status'); const status = st?.data || {}; + window.dockerInstall = async (btn) => { + btn.disabled = true; btn.textContent = 'Installing… (this may take 2-3 minutes)'; + const r = await Nova.api('docker', 'install', { method: 'POST', body: {} }); + Nova.toast(r?.message || (r?.success ? 'Installed' : 'Failed'), r?.success ? 'success' : 'error'); + if (r?.success) Nova.loadPage('docker', window._novaPages); + }; + if (!status.installed) { - el.innerHTML = ` + return `
🐳
@@ -2680,19 +2769,27 @@ async function docker(el) {

Install Docker CE + Compose on this server to enable container management.

`; - window.dockerInstall = async (btn) => { - btn.disabled = true; btn.textContent = 'Installing… (this may take 2-3 minutes)'; - const r = await Nova.api('docker', 'install', { method: 'POST', body: {} }); - Nova.toast(r?.message || (r?.success ? 'Installed' : 'Failed'), r?.success ? 'success' : 'error'); - if (r?.success) Nova.loadPage('docker', window._novaPages); - }; - return; } - const tab = (id, label) => ``; window._dockerTab = window._dockerTab || 'containers'; + const tab = (id, label) => ``; - el.innerHTML = ` + window.dockerTab = async (id) => { + window._dockerTab = id; + document.querySelectorAll('[onclick^="dockerTab"]').forEach(b => { + b.className = 'btn btn-sm ' + (b.getAttribute('onclick').includes(`'${id}'`) ? 'btn-primary' : 'btn-ghost'); + }); + await dockerLoadTab(id); + }; + window.dockerPrune = () => Nova.confirm('Remove all stopped containers, unused images, and build cache?', async () => { + const r = await Nova.api('docker', 'prune', { method: 'POST', body: { volumes: false } }); + Nova.toast(r?.success ? 'Pruned' : 'Failed', r?.success ? 'success' : 'error'); + if (r?.success) dockerLoadTab(window._dockerTab); + }, true); + + setTimeout(() => dockerLoadTab(window._dockerTab), 100); + + return `
Engine
${Nova.escHtml(status.version || '—')}
${status.running ? 'Running' : 'Stopped'}
@@ -2703,22 +2800,6 @@ async function docker(el) {
Loading…
`; - - window.dockerTab = async (id) => { - window._dockerTab = id; - document.querySelectorAll('[onclick^="dockerTab"]').forEach(b => { - b.className = 'btn btn-sm ' + (b.getAttribute('onclick').includes(`'${id}'`) ? 'btn-primary' : 'btn-ghost'); - }); - await dockerLoadTab(id); - }; - - window.dockerPrune = () => Nova.confirm('Remove all stopped containers, unused images, and build cache?', async () => { - const r = await Nova.api('docker', 'prune', { method: 'POST', body: { volumes: false } }); - Nova.toast(r?.success ? 'Pruned' : 'Failed', r?.success ? 'success' : 'error'); - if (r?.success) dockerLoadTab(_dockerTab); - }, true); - - await dockerLoadTab(window._dockerTab); } async function dockerLoadTab(tab) {