mirror of
https://github.com/myronblair/novacpx
synced 2026-06-30 17:50:41 -05:00
dbc5a01de9
#4: Postfix virtual mailbox config (virtual_mailbox_domains/maps, vmail user, maildir at /var/mail/vhosts/%d/%n). Dovecot SQL backend pointed at novacpx.email_accounts with SHA512-CRYPT passdb and per-domain Maildir userdb. #5: BIND9 confirmed working — dig @localhost resolves testdomain1.com correctly. #6: Certbot 2.9.0 confirmed installed; domains.document_root wired; infrastructure ready for live domain issuance (testdomain1.com not publicly resolvable so dry-run expected to fail). #7: Fixed all broken user-panel API queries — missing tables (databases, ftp_accounts, ssl_certs, cron_jobs, php_configs, notifications) created; `databases` reserved-word backtick-quoted across DatabaseManager+endpoints; domains.php is_primary→type=main, doc_root→document_root column fixes; DNSManager::createZone call signature fixed; stats/account auto-resolves account_id for user role. #8: assert_account_access() helper added to api/index.php; reseller ownership check wired into email, ftp, databases, domains, dns, ssl endpoints. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
70 lines
3.4 KiB
PHP
70 lines
3.4 KiB
PHP
<?php
|
|
$db = DB::getInstance();
|
|
$body = json_decode(file_get_contents('php://input'), true) ?? [];
|
|
require_once NOVACPX_LIB . '/DatabaseManager.php';
|
|
|
|
$user = Auth::getInstance()->user();
|
|
if ($user['role'] === 'user') {
|
|
$accountId = (int)($db->fetchOne("SELECT id FROM accounts WHERE user_id = ?", [$user['uid']])['id'] ?? 0);
|
|
} else {
|
|
$accountId = (int)($body['account_id'] ?? $_GET['account_id'] ?? 0);
|
|
if ($accountId && $user['role'] === 'reseller') assert_account_access($accountId);
|
|
}
|
|
|
|
match ($action) {
|
|
|
|
'list' => (function() use ($db, $accountId) {
|
|
if (!$accountId) Response::error("account_id required");
|
|
$rows = $db->fetchAll("SELECT id, db_name, db_user, db_type, size_mb, created_at FROM `databases` WHERE account_id = ?", [$accountId]);
|
|
foreach ($rows as &$r) { $r['size_mb'] = DatabaseManager::getSize($r['db_name'], $r['db_type']); }
|
|
Response::success($rows);
|
|
})(),
|
|
|
|
'create' => (function() use ($db, $body, $accountId) {
|
|
if (!$accountId) Response::error("account_id required");
|
|
// Package limit check
|
|
$acctPkg = $db->fetchOne("SELECT p.max_databases FROM accounts a LEFT JOIN packages p ON p.id=a.package_id WHERE a.id=?", [$accountId]);
|
|
if ($acctPkg && $acctPkg['max_databases'] > 0) {
|
|
$count = (int)$db->fetchOne("SELECT COUNT(*) c FROM `databases` WHERE account_id=?", [$accountId])['c'];
|
|
if ($count >= (int)$acctPkg['max_databases']) Response::error("Database limit ({$acctPkg['max_databases']}) reached for this package", 403);
|
|
}
|
|
$type = $body['type'] ?? 'mysql';
|
|
$dbName = trim($body['db_name'] ?? '');
|
|
$dbUser = trim($body['db_user'] ?? $dbName . '_user');
|
|
$dbPass = $body['db_pass'] ?? bin2hex(random_bytes(8));
|
|
if (!$dbName) Response::error("db_name required");
|
|
|
|
// Prefix with account username to avoid conflicts
|
|
$acct = $db->fetchOne("SELECT username FROM accounts WHERE id = ?", [$accountId]);
|
|
$prefix = $acct['username'] . '_';
|
|
if (!str_starts_with($dbName, $prefix)) $dbName = $prefix . $dbName;
|
|
if (!str_starts_with($dbUser, $prefix)) $dbUser = $prefix . $dbUser;
|
|
|
|
$id = $type === 'postgresql'
|
|
? DatabaseManager::createPostgres($accountId, $dbName, $dbUser, $dbPass)
|
|
: DatabaseManager::createMySQL($accountId, $dbName, $dbUser, $dbPass);
|
|
|
|
audit('database.create', $dbName, ['type' => $type]);
|
|
Response::success(['id' => $id, 'db_name' => $dbName, 'db_user' => $dbUser, 'db_pass' => $dbPass], 'Database created');
|
|
})(),
|
|
|
|
'drop' => (function() use ($db, $body) {
|
|
$id = (int)($body['id'] ?? 0);
|
|
$dbe = $db->fetchOne("SELECT db_name, db_user, db_type FROM `databases` WHERE id = ?", [$id]);
|
|
if (!$dbe) Response::error("Database not found", 404);
|
|
DatabaseManager::drop($dbe['db_name'], $dbe['db_user'], $dbe['db_type']);
|
|
audit('database.drop', $dbe['db_name']);
|
|
Response::success(null, 'Database deleted');
|
|
})(),
|
|
|
|
'change-password' => (function() use ($body) {
|
|
$id = (int)($body['id'] ?? 0);
|
|
$pass = $body['password'] ?? '';
|
|
if (strlen($pass) < 8) Response::error("Password must be at least 8 characters");
|
|
DatabaseManager::changePassword($id, $pass);
|
|
Response::success(null, 'Database password updated');
|
|
})(),
|
|
|
|
default => Response::error("Unknown databases action: $action", 404),
|
|
};
|