myron
|
6fdccc6dbd
|
feat: items #9-13 — password change, webmail SSO, DKIM live, file manager security, cache busting
#9 auth.php: add self-service change-password action (current+new+confirm)
accounts.php: fix admin change-password — accept account_id, fetch username
for chpasswd (was using int ID), add Auth::require('admin') guard
user.js: add Change Password page + navItem + submitChangePassword()
#10 EmailManager: store AES-256-CBC enc_password alongside SHA512-CRYPT hash
webmail.php: rewrite login-url to use webmail_sso_tokens table
novacpx-sso.php: Roundcube SSO bridge (validate token, decrypt, autosubmit)
Migration 005: add enc_password column + webmail_sso_tokens table
#11 opendkim: installed, configured (/etc/opendkim.conf, signing.table,
key.table, trusted.hosts), socket at /var/spool/postfix/opendkim/,
Postfix milter wired, service enabled+running, key generation verified
#12 files.php: fix safe_path() for non-existent paths (write/mkdir),
add safe_path_new() helper using parent-dir realpath check,
fix delete guard (block deleting account root dirs),
fix rename destination, clamp chmod to 0777
#13 nova.js: api() handles network errors, 429 rate-limit with retry-after,
non-JSON responses (PHP fatal pages) — graceful error instead of throw
admin/user/reseller index.php: filemtime-based cache-busting on all assets
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-06-08 01:19:33 +00:00 |
|
myron
|
e94dc719c8
|
feat: feature registry, auto-deploy, IP management, Docker support
Feature Manager (70+ features across 20 categories):
- Web servers: Apache2, nginx, OpenLiteSpeed, Varnish
- PHP: 7.4/8.1/8.2/8.3 multi-version, Composer
- Databases: MySQL 8, MariaDB, PostgreSQL, Redis, Memcached, phpMyAdmin, phpPgAdmin
- Email: Postfix, Dovecot, Roundcube, RainLoop, SpamAssassin, Rspamd, DKIM
- DNS: BIND9, PowerDNS
- FTP: ProFTPD, vsftpd, Pure-FTPd
- SSL: Certbot/Let's Encrypt, acme.sh
- Security: Fail2Ban, ModSecurity WAF, ImunifyAV, ClamAV, UFW, CrowdSec
- Containers: Docker Engine, Docker Compose, Portainer CE, per-account Docker hosting
- IP Management: Shared IPs (SNI), Dedicated IPs, IPv6
- Monitoring: Netdata, AWStats, GoAccess, Grafana+Prometheus
- Backup: BorgBackup, rclone (S3/B2/GCS), Duplicati
- CDN: Cloudflare API, PageSpeed Module
- Dev: Gitea, Phusion Passenger, JupyterHub
- One-click apps: WordPress+WP-CLI, auto-installer (50+ apps)
- Billing: WHMCS bridge, BoxBilling
- Reseller: White label, custom nameservers
- Notifications: Email, Slack, Telegram
- Compliance: Auditd, OSSEC HIDS
Auto-deploy pipeline (deploy/):
- webhook.php: HMAC-verified GitHub push webhook
- deploy-runner.sh: PHP syntax validation → git pull → rsync → DB migrations → PHP-FPM reload
- setup-deploy.sh: one-shot setup script, outputs GitHub webhook config
- Runs every minute via cron; locked to prevent concurrent deploys
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-06-07 05:11:36 +00:00 |
|