Commit Graph

206 Commits

Author SHA1 Message Date
myron a98f08e45a fix: add Adminer install/remove handler to db-tools-stream; fix sudo tty for phpMyAdmin 2026-06-22 23:58:59 +00:00
github-actions[bot] c872ee2449 chore: bump version to 1.0.65 [skip ci] 2026-06-22 21:29:23 +00:00
myron 568e0a0891 feat: #41 #43 — phpMyAdmin + Adminer + PostgreSQL in DB Manager
- Adminer installed at /adminer.php (MySQL + PostgreSQL)
- db-tools API now detects adminer.php file and returns its URL
- Tool cards: phpMyAdmin, Adminer (MySQL/PG), pgAdmin4
- Open buttons use API-provided URL (adminer.php for Adminer)
- Separate MySQL and PostgreSQL database sections in DB Manager
- PostgreSQL section has direct link to Adminer PG mode
- #42 Docker: already complete (full docker page with all tabs)
2026-06-22 21:29:12 +00:00
github-actions[bot] 732b7d16ca chore: bump version to 1.0.64 [skip ci] 2026-06-22 21:20:07 +00:00
myron e209df0dc2 revert: restore admin.js to last known-good state (01b0995) 2026-06-22 21:19:54 +00:00
github-actions[bot] 9691cc0853 chore: bump version to 1.0.63 [skip ci] 2026-06-22 21:13:39 +00:00
myron 42055ccdcc fix: dashboard setTimeout inside function, history chart properly merged 2026-06-22 21:13:28 +00:00
github-actions[bot] 2327f1b958 chore: bump version to 1.0.62 [skip ci] 2026-06-22 19:13:17 +00:00
myron 3ca3a1dae6 fix: surgical dashboard merge — only remove serverStatus(), keep all other pages
Previous merge accidentally deleted 38KB of page functions (accounts, packages,
DNS, etc.) by using wrong boundary. This time only removes the serverStatus()
function body. Dashboard now includes history chart + setTimeout to render it.
All other pages intact.
2026-06-22 19:13:07 +00:00
github-actions[bot] a91b67de10 chore: bump version to 1.0.61 [skip ci] 2026-06-22 19:03:57 +00:00
myron d39559a058 feat: merge Dashboard + Server Status into one page (admin panel) 2026-06-22 19:03:41 +00:00
github-actions[bot] 01b099509f chore: bump version to 1.0.60 [skip ci] 2026-06-22 14:24:25 +00:00
myron 844f571231 fix: docker catalog CHECK constraint — change status='starting' to 'pending'
'starting' is not in the CHECK constraint list. Using 'pending' which is
already set by the INSERT in createStack (the UPDATE was redundant anyway).
2026-06-22 14:24:12 +00:00
github-actions[bot] 06e43b1297 chore: bump version to 1.0.59 [skip ci] 2026-06-22 12:51:59 +00:00
myron 960a29f508 fix: image-remove use POST not DELETE (body was stripped by proxy); keep list visible on refresh 2026-06-22 12:51:49 +00:00
github-actions[bot] 63ec5f48b3 chore: bump version to 1.0.58 [skip ci] 2026-06-22 12:44:59 +00:00
myron 6aa96e6265 fix: docker container actions update row immediately (optimistic UI), keep list visible during reload
- Row badge updates to 'stopping…'/'starting…' instantly on click
- Buttons disabled while action runs so no double-clicks
- List stays visible while refreshing after action (no blank flash)
- container-remove changed to POST so body passes through proxies correctly
2026-06-22 12:44:45 +00:00
github-actions[bot] 12e03304af chore: bump version to 1.0.57 [skip ci] 2026-06-22 12:32:56 +00:00
myron 1c4a06d31e fix: docker image-remove throws on daemon error; add sync-orphans endpoint
- removeImage now throws RuntimeException when docker rmi output contains
  'Error' or 'conflict' so the API returns success:false with the message
- Added docker/sync-orphans endpoint (admin only) to register existing
  Docker containers not tracked in the NovaCPX DB (e.g. after a restore)
2026-06-22 12:32:45 +00:00
github-actions[bot] 55f5fc1da9 chore: bump version to 1.0.56 [skip ci] 2026-06-22 12:24:20 +00:00
myron b00cf10120 fix: escape apostrophe in FTP empty-state string — caused SyntaxError in template literal 2026-06-22 12:24:07 +00:00
github-actions[bot] e88a5e6fdc chore: bump version to 1.0.55 [skip ci] 2026-06-22 12:21:05 +00:00
myron 76726dc47c feat: #41-#47 admin root controls — enhanced pages + new APIs
#41 phpMyAdmin: quick-access links in database manager
#43 PostgreSQL: Adminer at /adminer.php (MySQL + PostgreSQL)
#44 Mail server: virtual domains list, mail log tail, better service controls
#45 FTP server: full account list from DB, better service controls
#47 Web server: stats cards, PHP defaults, log viewer

New APIs: system/read-log, email/domains
Fix: PHP-FPM pm.max_children increased to 20 (was 5, causing exhaustion)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-22 12:20:53 +00:00
github-actions[bot] 8405772e01 chore: bump version to 1.0.54 [skip ci] 2026-06-22 05:11:11 +00:00
myron 6b59730bec fix: user account settings page — use stats/account instead of forbidden accounts/usage+me 2026-06-22 05:11:00 +00:00
github-actions[bot] 9157307ae1 chore: bump version to 1.0.53 [skip ci] 2026-06-22 05:02:31 +00:00
myron e0447bc5f5 sync: admin/index.php sidebar cleanup (subdomains/parked nav onclick attrs removed) 2026-06-22 05:02:20 +00:00
github-actions[bot] b278effdfb chore: bump version to 1.0.52 [skip ci] 2026-06-22 04:52:20 +00:00
myron 697763f333 fix: wrap server_stats INSERT in try/catch — SQLite lock was killing stats API
Concurrent cron writes (collect-stats.php every 5min) caused DB lock errors
that aborted the entire stats response, leaving web/mail/FTP pages empty.
History insert is now non-fatal.
2026-06-22 04:52:08 +00:00
github-actions[bot] fcde84d2ad chore: bump version to 1.0.51 [skip ci] 2026-06-22 04:33:42 +00:00
myron 9caaa65b31 fix: broken adminSubdomains/adminParked JS from bad patch; CORS PORT_* constants 2026-06-22 04:33:32 +00:00
github-actions[bot] fe41a97e74 chore: bump version to 1.0.50 [skip ci] 2026-06-22 04:29:23 +00:00
myron 2ecf93a344 fix: hardcode panel ports in CORS check — PORT_USER etc undefined before Core.php loads
Using PORT_USER ?? 8880 threw Error in PHP 8 since the constant isn't defined
until Core.php is require_once'd later in the file. Every API request was
hitting the exception handler and returning 'An internal error occurred.',
breaking all logins and API calls.
2026-06-22 04:29:15 +00:00
github-actions[bot] a5bb5dfddd chore: bump version to 1.0.49 [skip ci] 2026-06-22 04:22:08 +00:00
myron 6f494e96fd feat: #38 account settings page (user panel); #39 better default index template
#38 — User panel Account > Settings page: account info, resource usage
gauges, PHP config (version/memory/upload/exec), quick links to SSL/2FA/password.

#39 — AccountManager: dark-themed modern default index.html on account
creation; supports custom HTML template from admin Server Options
(saved as default_index_template setting, {domain}/{username} placeholders).
Admin Server Options: new card to set/reset the custom template.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-22 04:21:58 +00:00
github-actions[bot] 5a2e81e754 chore: bump version to 1.0.48 [skip ci] 2026-06-22 04:12:49 +00:00
myron 5d1d47a007 feat: #36 subdomains + #37 parked domains sections in all 3 panels
Admin: global view of all subdomains/parked across accounts; nav items added
Reseller: filtered view scoped to their customers' accounts
User: create/remove subdomains and parked domains for own account

Backend already existed in api/endpoints/domains.php (add-subdomain,
add-alias, list, remove actions).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-22 04:12:41 +00:00
github-actions[bot] 6b945bb0fa chore: bump version to 1.0.47 [skip ci] 2026-06-22 04:07:11 +00:00
myron 7b11439f9c feat: #48 collapsible nav in all 3 panels; #50 post-restore automation script
- nova.js: _initCollapsibleNav() exposed as window._initCollapsibleNav
- user.js + reseller.js: call _initCollapsibleNav after renderNav()
- deploy/novacpx-post-restore.sh: fixes config.ini, pools, vhost, dashboard

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-22 04:07:00 +00:00
github-actions[bot] 3684f7c6c2 chore: bump version to 1.0.46 [skip ci] 2026-06-21 16:03:35 +00:00
myron 956defc34b fix: all code review security findings
- CORS: replace open regex with explicit hostname allowlist + port whitelist
- Exception handler: only expose RuntimeException/InvalidArgumentException
  messages; PDOException and others return generic 'internal error'
- Auth::portalUrl(): allowlist-validate HTTP_HOST before using it in
  redirect URL — prevents open redirect via Host header injection
- _branding.php custom_css: strip HTML tags, js: URLs, @import, expression()
  instead of just </style> which was trivially bypassable
- accounts create: check accounts table as well as users for username
  uniqueness (TOCTOU fix); wrap user INSERT + provisioning in single
  transaction so rollback is atomic on failure

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-21 16:03:26 +00:00
github-actions[bot] 21dd846508 chore: bump version to 1.0.45 [skip ci] 2026-06-21 03:44:46 +00:00
myron 60004a29d6 fix: default web server to nginx, add php-fpm pool cron, sudoers for pool rm, disable apache on install (#49)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-21 03:44:37 +00:00
github-actions[bot] b281768685 chore: bump version to 1.0.44 [skip ci] 2026-06-20 21:17:16 +00:00
myron 1a907d18b0 feat: collapsible sidebar nav with localStorage state (#48)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-20 21:17:08 +00:00
github-actions[bot] c0cc88ac3b chore: bump version to 1.0.43 [skip ci] 2026-06-20 21:04:27 +00:00
myron 65a8690750 fix: use /bin/rm explicitly in removePool so sudoers path matches
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-20 21:04:17 +00:00
github-actions[bot] 29e2744609 chore: bump version to 1.0.42 [skip ci] 2026-06-20 17:07:01 +00:00
myron 91d0e625c4 fix: decouple php-fpm reload from HTTP request using flag file + cron
Reload during account creation was causing 502 by killing the fpm worker
before nginx finished reading the response. Flag file picked up by cron
within 60s instead.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
2026-06-20 17:06:52 +00:00
github-actions[bot] 99829f628d chore: bump version to 1.0.41 [skip ci] 2026-06-20 16:44:17 +00:00