Files
novacpx/panel/api/endpoints/proxy.php
T
myron 6fdccc6dbd feat: items #9-13 — password change, webmail SSO, DKIM live, file manager security, cache busting
#9  auth.php: add self-service change-password action (current+new+confirm)
    accounts.php: fix admin change-password — accept account_id, fetch username
    for chpasswd (was using int ID), add Auth::require('admin') guard
    user.js: add Change Password page + navItem + submitChangePassword()

#10 EmailManager: store AES-256-CBC enc_password alongside SHA512-CRYPT hash
    webmail.php: rewrite login-url to use webmail_sso_tokens table
    novacpx-sso.php: Roundcube SSO bridge (validate token, decrypt, autosubmit)
    Migration 005: add enc_password column + webmail_sso_tokens table

#11 opendkim: installed, configured (/etc/opendkim.conf, signing.table,
    key.table, trusted.hosts), socket at /var/spool/postfix/opendkim/,
    Postfix milter wired, service enabled+running, key generation verified

#12 files.php: fix safe_path() for non-existent paths (write/mkdir),
    add safe_path_new() helper using parent-dir realpath check,
    fix delete guard (block deleting account root dirs),
    fix rename destination, clamp chmod to 0777

#13 nova.js: api() handles network errors, 429 rate-limit with retry-after,
    non-JSON responses (PHP fatal pages) — graceful error instead of throw
    admin/user/reseller index.php: filemtime-based cache-busting on all assets

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-08 01:19:33 +00:00

109 lines
4.5 KiB
PHP

<?php
/**
* Proxy endpoint — manage Nginx reverse proxy
* Routes:
* GET /api/proxy/status — nginx status
* POST /api/proxy/install — install nginx
* POST /api/proxy/control — {action: start|stop|restart|reload}
* GET /api/proxy/hosts — list proxy hosts
* POST /api/proxy/hosts — add proxy host
* PUT /api/proxy/host — {id, ...fields} update host
* DELETE /api/proxy/host — {id} delete host
* POST /api/proxy/toggle — {id, enabled} toggle host
* POST /api/proxy/sync — sync hosts from accounts
* POST /api/proxy/write-configs — regenerate all nginx configs
* GET /api/proxy/setup-script — return bash install script
*/
Auth::getInstance()->require('admin');
$body = json_decode(file_get_contents('php://input'), true) ?? [];
require_once NOVACPX_LIB . '/ProxyManager.php';
try {
$method = $_SERVER['REQUEST_METHOD'];
match (true) {
// GET status
$action === 'status' && $method === 'GET' =>
Response::json(['success' => true, 'data' => ProxyManager::status()]),
// POST install
$action === 'install' && $method === 'POST' =>
Response::json(['success' => true, 'data' => ['result' => ProxyManager::install()]]),
// POST control
$action === 'control' && $method === 'POST' => (function() use ($body) {
$act = $body['action'] ?? '';
if (!in_array($act, ['start','stop','restart','reload'])) Response::error('Invalid action', 400);
$result = match($act) {
'start' => ProxyManager::start(),
'stop' => ProxyManager::stop(),
'restart' => ProxyManager::restart(),
'reload' => ProxyManager::reload(),
};
Response::json(['success' => true, 'data' => ['result' => $result, 'running' => ProxyManager::isRunning()]]);
})(),
// GET hosts list
$action === 'hosts' && $method === 'GET' =>
Response::json(['success' => true, 'data' => ProxyManager::listHosts()]),
// POST hosts — add
$action === 'hosts' && $method === 'POST' => (function() use ($body) {
if (empty($body['domain'])) Response::error('domain required', 400);
if (empty($body['upstream'])) Response::error('upstream required', 400);
$id = ProxyManager::addHost($body);
Response::json(['success' => true, 'data' => ['id' => $id]]);
})(),
// PUT host — update (body has id)
$action === 'host' && $method === 'PUT' => (function() use ($body) {
if (empty($body['id'])) Response::error('id required', 400);
ProxyManager::updateHost((int)$body['id'], $body);
Response::json(['success' => true]);
})(),
// DELETE host (body has id)
$action === 'host' && $method === 'DELETE' => (function() use ($body) {
$id = (int)($body['id'] ?? $_GET['id'] ?? 0);
if (!$id) Response::error('id required', 400);
ProxyManager::deleteHost($id);
Response::json(['success' => true]);
})(),
// POST toggle
$action === 'toggle' && $method === 'POST' => (function() use ($body) {
if (empty($body['id'])) Response::error('id required', 400);
ProxyManager::toggleHost((int)$body['id'], (bool)($body['enabled'] ?? true));
Response::json(['success' => true]);
})(),
// POST sync
$action === 'sync' && $method === 'POST' => (function() {
$added = ProxyManager::syncFromAccounts();
Response::json(['success' => true, 'data' => ['added' => $added]]);
})(),
// POST write-configs
($action === 'write-configs' || $action === 'write_configs') && $method === 'POST' => (function() {
ProxyManager::writeAllConfigs();
Response::json(['success' => true, 'data' => ['result' => 'configs written']]);
})(),
// GET setup-script
($action === 'setup-script' || $action === 'setup_script') && $method === 'GET' => (function() {
header('Content-Type: text/plain');
echo ProxyManager::setupScript();
exit;
})(),
default => Response::error('Not found', 404),
};
} catch (Throwable $e) {
novacpx_log('error', 'proxy endpoint: ' . $e->getMessage());
Response::error($e->getMessage(), 500);
}