Commit Graph

194 Commits

Author SHA1 Message Date
myron 844f571231 fix: docker catalog CHECK constraint — change status='starting' to 'pending'
'starting' is not in the CHECK constraint list. Using 'pending' which is
already set by the INSERT in createStack (the UPDATE was redundant anyway).
2026-06-22 14:24:12 +00:00
github-actions[bot] 06e43b1297 chore: bump version to 1.0.59 [skip ci] 2026-06-22 12:51:59 +00:00
myron 960a29f508 fix: image-remove use POST not DELETE (body was stripped by proxy); keep list visible on refresh 2026-06-22 12:51:49 +00:00
github-actions[bot] 63ec5f48b3 chore: bump version to 1.0.58 [skip ci] 2026-06-22 12:44:59 +00:00
myron 6aa96e6265 fix: docker container actions update row immediately (optimistic UI), keep list visible during reload
- Row badge updates to 'stopping…'/'starting…' instantly on click
- Buttons disabled while action runs so no double-clicks
- List stays visible while refreshing after action (no blank flash)
- container-remove changed to POST so body passes through proxies correctly
2026-06-22 12:44:45 +00:00
github-actions[bot] 12e03304af chore: bump version to 1.0.57 [skip ci] 2026-06-22 12:32:56 +00:00
myron 1c4a06d31e fix: docker image-remove throws on daemon error; add sync-orphans endpoint
- removeImage now throws RuntimeException when docker rmi output contains
  'Error' or 'conflict' so the API returns success:false with the message
- Added docker/sync-orphans endpoint (admin only) to register existing
  Docker containers not tracked in the NovaCPX DB (e.g. after a restore)
2026-06-22 12:32:45 +00:00
github-actions[bot] 55f5fc1da9 chore: bump version to 1.0.56 [skip ci] 2026-06-22 12:24:20 +00:00
myron b00cf10120 fix: escape apostrophe in FTP empty-state string — caused SyntaxError in template literal 2026-06-22 12:24:07 +00:00
github-actions[bot] e88a5e6fdc chore: bump version to 1.0.55 [skip ci] 2026-06-22 12:21:05 +00:00
myron 76726dc47c feat: #41-#47 admin root controls — enhanced pages + new APIs
#41 phpMyAdmin: quick-access links in database manager
#43 PostgreSQL: Adminer at /adminer.php (MySQL + PostgreSQL)
#44 Mail server: virtual domains list, mail log tail, better service controls
#45 FTP server: full account list from DB, better service controls
#47 Web server: stats cards, PHP defaults, log viewer

New APIs: system/read-log, email/domains
Fix: PHP-FPM pm.max_children increased to 20 (was 5, causing exhaustion)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-22 12:20:53 +00:00
github-actions[bot] 8405772e01 chore: bump version to 1.0.54 [skip ci] 2026-06-22 05:11:11 +00:00
myron 6b59730bec fix: user account settings page — use stats/account instead of forbidden accounts/usage+me 2026-06-22 05:11:00 +00:00
github-actions[bot] 9157307ae1 chore: bump version to 1.0.53 [skip ci] 2026-06-22 05:02:31 +00:00
myron e0447bc5f5 sync: admin/index.php sidebar cleanup (subdomains/parked nav onclick attrs removed) 2026-06-22 05:02:20 +00:00
github-actions[bot] b278effdfb chore: bump version to 1.0.52 [skip ci] 2026-06-22 04:52:20 +00:00
myron 697763f333 fix: wrap server_stats INSERT in try/catch — SQLite lock was killing stats API
Concurrent cron writes (collect-stats.php every 5min) caused DB lock errors
that aborted the entire stats response, leaving web/mail/FTP pages empty.
History insert is now non-fatal.
2026-06-22 04:52:08 +00:00
github-actions[bot] fcde84d2ad chore: bump version to 1.0.51 [skip ci] 2026-06-22 04:33:42 +00:00
myron 9caaa65b31 fix: broken adminSubdomains/adminParked JS from bad patch; CORS PORT_* constants 2026-06-22 04:33:32 +00:00
github-actions[bot] fe41a97e74 chore: bump version to 1.0.50 [skip ci] 2026-06-22 04:29:23 +00:00
myron 2ecf93a344 fix: hardcode panel ports in CORS check — PORT_USER etc undefined before Core.php loads
Using PORT_USER ?? 8880 threw Error in PHP 8 since the constant isn't defined
until Core.php is require_once'd later in the file. Every API request was
hitting the exception handler and returning 'An internal error occurred.',
breaking all logins and API calls.
2026-06-22 04:29:15 +00:00
github-actions[bot] a5bb5dfddd chore: bump version to 1.0.49 [skip ci] 2026-06-22 04:22:08 +00:00
myron 6f494e96fd feat: #38 account settings page (user panel); #39 better default index template
#38 — User panel Account > Settings page: account info, resource usage
gauges, PHP config (version/memory/upload/exec), quick links to SSL/2FA/password.

#39 — AccountManager: dark-themed modern default index.html on account
creation; supports custom HTML template from admin Server Options
(saved as default_index_template setting, {domain}/{username} placeholders).
Admin Server Options: new card to set/reset the custom template.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-22 04:21:58 +00:00
github-actions[bot] 5a2e81e754 chore: bump version to 1.0.48 [skip ci] 2026-06-22 04:12:49 +00:00
myron 5d1d47a007 feat: #36 subdomains + #37 parked domains sections in all 3 panels
Admin: global view of all subdomains/parked across accounts; nav items added
Reseller: filtered view scoped to their customers' accounts
User: create/remove subdomains and parked domains for own account

Backend already existed in api/endpoints/domains.php (add-subdomain,
add-alias, list, remove actions).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-22 04:12:41 +00:00
github-actions[bot] 6b945bb0fa chore: bump version to 1.0.47 [skip ci] 2026-06-22 04:07:11 +00:00
myron 7b11439f9c feat: #48 collapsible nav in all 3 panels; #50 post-restore automation script
- nova.js: _initCollapsibleNav() exposed as window._initCollapsibleNav
- user.js + reseller.js: call _initCollapsibleNav after renderNav()
- deploy/novacpx-post-restore.sh: fixes config.ini, pools, vhost, dashboard

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-22 04:07:00 +00:00
github-actions[bot] 3684f7c6c2 chore: bump version to 1.0.46 [skip ci] 2026-06-21 16:03:35 +00:00
myron 956defc34b fix: all code review security findings
- CORS: replace open regex with explicit hostname allowlist + port whitelist
- Exception handler: only expose RuntimeException/InvalidArgumentException
  messages; PDOException and others return generic 'internal error'
- Auth::portalUrl(): allowlist-validate HTTP_HOST before using it in
  redirect URL — prevents open redirect via Host header injection
- _branding.php custom_css: strip HTML tags, js: URLs, @import, expression()
  instead of just </style> which was trivially bypassable
- accounts create: check accounts table as well as users for username
  uniqueness (TOCTOU fix); wrap user INSERT + provisioning in single
  transaction so rollback is atomic on failure

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-21 16:03:26 +00:00
github-actions[bot] 21dd846508 chore: bump version to 1.0.45 [skip ci] 2026-06-21 03:44:46 +00:00
myron 60004a29d6 fix: default web server to nginx, add php-fpm pool cron, sudoers for pool rm, disable apache on install (#49)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-21 03:44:37 +00:00
github-actions[bot] b281768685 chore: bump version to 1.0.44 [skip ci] 2026-06-20 21:17:16 +00:00
myron 1a907d18b0 feat: collapsible sidebar nav with localStorage state (#48)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-20 21:17:08 +00:00
github-actions[bot] c0cc88ac3b chore: bump version to 1.0.43 [skip ci] 2026-06-20 21:04:27 +00:00
myron 65a8690750 fix: use /bin/rm explicitly in removePool so sudoers path matches
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-20 21:04:17 +00:00
github-actions[bot] 29e2744609 chore: bump version to 1.0.42 [skip ci] 2026-06-20 17:07:01 +00:00
myron 91d0e625c4 fix: decouple php-fpm reload from HTTP request using flag file + cron
Reload during account creation was causing 502 by killing the fpm worker
before nginx finished reading the response. Flag file picked up by cron
within 60s instead.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-20 17:06:52 +00:00
github-actions[bot] 99829f628d chore: bump version to 1.0.41 [skip ci] 2026-06-20 16:44:17 +00:00
myron e12f569460 fix: replace global email UNIQUE with partial index scoped to role=user
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-20 16:44:09 +00:00
github-actions[bot] def6edf4d5 chore: bump version to 1.0.40 [skip ci] 2026-06-20 16:42:24 +00:00
myron 9aa67f7efd fix: email uniqueness check only applies to hosting accounts, not admin/reseller users
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-20 16:42:16 +00:00
github-actions[bot] a8a80bff5e chore: bump version to 1.0.39 [skip ci] 2026-06-20 16:39:57 +00:00
myron eb84504689 fix: remove php-fpm pool on account creation rollback to prevent fpm crash
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-20 16:39:48 +00:00
github-actions[bot] 2d074ea25e chore: bump version to 1.0.38 [skip ci] 2026-06-20 16:35:08 +00:00
myron 8e623427e3 fix: reload php-fpm async to prevent killing the account-creation request
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-20 16:34:59 +00:00
github-actions[bot] 79857a750a chore: bump version to 1.0.37 [skip ci] 2026-06-20 16:09:42 +00:00
myron 3ad7ee44c2 fix: nova.js 401 handler in correct panel/public path
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-20 16:09:33 +00:00
github-actions[bot] 15bbe955fa chore: bump version to 1.0.36 [skip ci] 2026-06-20 15:59:42 +00:00
myron 3dab4ffe0f fix: show real error message on login 401, not misleading 'Session expired'
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-20 15:59:34 +00:00
github-actions[bot] ee7e488f3d chore: bump version to 1.0.35 [skip ci] 2026-06-20 05:46:41 +00:00