myron
6fdccc6dbd
feat: items #9-13 — password change, webmail SSO, DKIM live, file manager security, cache busting
...
#9 auth.php: add self-service change-password action (current+new+confirm)
accounts.php: fix admin change-password — accept account_id, fetch username
for chpasswd (was using int ID), add Auth::require('admin') guard
user.js: add Change Password page + navItem + submitChangePassword()
#10 EmailManager: store AES-256-CBC enc_password alongside SHA512-CRYPT hash
webmail.php: rewrite login-url to use webmail_sso_tokens table
novacpx-sso.php: Roundcube SSO bridge (validate token, decrypt, autosubmit)
Migration 005: add enc_password column + webmail_sso_tokens table
#11 opendkim: installed, configured (/etc/opendkim.conf, signing.table,
key.table, trusted.hosts), socket at /var/spool/postfix/opendkim/,
Postfix milter wired, service enabled+running, key generation verified
#12 files.php: fix safe_path() for non-existent paths (write/mkdir),
add safe_path_new() helper using parent-dir realpath check,
fix delete guard (block deleting account root dirs),
fix rename destination, clamp chmod to 0777
#13 nova.js: api() handles network errors, 429 rate-limit with retry-after,
non-JSON responses (PHP fatal pages) — graceful error instead of throw
admin/user/reseller index.php: filemtime-based cache-busting on all assets
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-08 01:19:33 +00:00
myron
88e98b4727
feat: polish items #26-29 — mobile CSS, error pages, rate limiting, session manager
...
#26 Mobile responsive:
- Hamburger button (SVG) in topbar for all three panels (admin/user/reseller)
- Sidebar overlay div for click-outside-to-close on mobile
- nova.js: DOMContentLoaded toggle handler with overlay and auto-close on nav click
- nova.css: sidebar-overlay, page-header, panel/panel-header, table, btn-success/warning/danger/secondary/xs,
badge-muted; mobile media query shows toggle, fixes stats-grid/modal/panel-header layout
#27 Custom error pages:
- /errors/404.php and /errors/500.php with NovaCPX dark theme matching panel design
- Apache ErrorDocument 400/401/403/404/500/503 for ports 8880/8881/8882 with Alias /errors
#28 API rate limiting:
- api_rate_limits table (migration 004) with per-IP per-bucket counters
- api/index.php: 10 req/min for auth endpoint, 120 req/min for all others
- Returns X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset headers
- Returns 429 Too Many Requests when exceeded; rate limit failure is non-fatal
#29 Session Manager:
- sessions.php endpoint: list/revoke/revoke-user/revoke-all
- Admin panel Sessions page: table of active sessions with user, role, IP, browser, timestamps
- Revoke single session, revoke all for user, revoke all sessions (self-evicts)
2026-06-08 00:50:21 +00:00
myron
0ab3d8d584
feat: Nginx Proxy Manager admin panel section (#22-proxy)
...
- ProxyManager.php: install, start/stop/restart/reload, manage proxy hosts,
write nginx configs, sync from accounts, setup script generator
- proxy.php API endpoint: full CRUD for proxy hosts + control/install/sync
- Admin panel: Nginx Proxy sidebar nav (Services section) with status cards,
host table, add/edit/toggle/delete, auto-sync accounts, setup guide modal
- DB migration 003: proxy_hosts table + settings entries
- Sudoers: nginx systemctl/install rules for www-data
- Setup guide covers: local install, remote VM, automated script, vhost integration
2026-06-08 00:29:04 +00:00
myron
135bbcb0b3
Features #14-17: WordPress Manager, Backup, Cloudflare, TOTP 2FA
...
- WordPressManager.php: wp-cli wrapper for install/update/clone/delete
- BackupManager.php: tar+mysqldump, schedules, retention, rclone
- CloudflareManager.php: zone/record management, sync, cache purge
- TOTP.php: RFC 6238 pure-PHP with backup codes
- Auth.php: TOTP_REQUIRED two-step login flow
- 4 new API endpoints: wordpress, backup, cloudflare, totp
- DB migration 002: TOTP cols, CF cols, wordpress_installs, backups tables
- admin.js: full UI for all 4 features + TOTP login step
- admin/index.php: sidebar nav for WordPress, 2FA Manager, Cloudflare
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-07 21:13:59 +00:00
myron
e94dc719c8
feat: feature registry, auto-deploy, IP management, Docker support
...
Feature Manager (70+ features across 20 categories):
- Web servers: Apache2, nginx, OpenLiteSpeed, Varnish
- PHP: 7.4/8.1/8.2/8.3 multi-version, Composer
- Databases: MySQL 8, MariaDB, PostgreSQL, Redis, Memcached, phpMyAdmin, phpPgAdmin
- Email: Postfix, Dovecot, Roundcube, RainLoop, SpamAssassin, Rspamd, DKIM
- DNS: BIND9, PowerDNS
- FTP: ProFTPD, vsftpd, Pure-FTPd
- SSL: Certbot/Let's Encrypt, acme.sh
- Security: Fail2Ban, ModSecurity WAF, ImunifyAV, ClamAV, UFW, CrowdSec
- Containers: Docker Engine, Docker Compose, Portainer CE, per-account Docker hosting
- IP Management: Shared IPs (SNI), Dedicated IPs, IPv6
- Monitoring: Netdata, AWStats, GoAccess, Grafana+Prometheus
- Backup: BorgBackup, rclone (S3/B2/GCS), Duplicati
- CDN: Cloudflare API, PageSpeed Module
- Dev: Gitea, Phusion Passenger, JupyterHub
- One-click apps: WordPress+WP-CLI, auto-installer (50+ apps)
- Billing: WHMCS bridge, BoxBilling
- Reseller: White label, custom nameservers
- Notifications: Email, Slack, Telegram
- Compliance: Auditd, OSSEC HIDS
Auto-deploy pipeline (deploy/):
- webhook.php: HMAC-verified GitHub push webhook
- deploy-runner.sh: PHP syntax validation → git pull → rsync → DB migrations → PHP-FPM reload
- setup-deploy.sh: one-shot setup script, outputs GitHub webhook config
- Runs every minute via cron; locked to prevent concurrent deploys
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-07 05:11:36 +00:00