57 Commits

Author SHA1 Message Date
9bb25b3c40 feat: add SEO meta tags, Open Graph, Twitter Cards, JSON-LD schema, sitemap, robots.txt 2026-06-14 10:21:12 -04:00
c76f92886c fix: replace deprecated apple-mobile-web-app-capable with mobile-web-app-capable 2026-06-14 10:19:22 -04:00
639af6371e feat: add PWA support - manifest, service worker, offline page, icons 2026-06-14 10:15:20 -04:00
01f1215cef fix: replace confirm() with proper delete confirmation modal 2026-06-14 10:07:21 -04:00
a25ebdcb75 feat: add resend notification action with push 2026-06-14 10:05:19 -04:00
aea0a4d189 feat: add delete notification button with confirmation in admin notifications 2026-06-14 10:03:59 -04:00
6b2300de07 fix: style custom checkbox with checkmark icon, add disabled button colors 2026-06-14 09:58:44 -04:00
e6a70c427e fix: add terms/privacy checkbox to download modal, button disabled until checked 2026-06-14 09:56:43 -04:00
448a593423 fix: add required permissions section to download modal, use direct download to avoid blob HTTPS warning 2026-06-14 09:54:30 -04:00
5453a5d856 feat: add download modal with app summary and progress bar for APK download 2026-06-14 09:52:18 -04:00
f8ce4066fe fix: remove Notifications link from sidebar 2026-06-14 09:41:42 -04:00
e6017b80da feat: group admin sidebar items into single Administration page with action cards 2026-06-14 09:39:33 -04:00
8fbc0f164a fix: restore profile card layout, simplify user menu to My Account and Log out 2026-06-14 09:34:27 -04:00
379158ac93 fix: center profile page content 2026-06-14 09:33:05 -04:00
00bad074d3 fix: remove notifications link from user menu, add view-all button to notification dropdown, fix admin link 2026-06-14 09:31:27 -04:00
74cf9739d6 refactor: replace sidebar user footer with topbar dropdown menu 2026-06-14 09:26:52 -04:00
d1da560764 fix: sync CSS classes with refactored layout, restore missing sidebar items, add asset versioning, fix routes and auth 2026-06-14 08:54:37 -04:00
c9ab2ca98b fix: correct asset paths in layout - app.css->style.css, favicon.svg->server.svg 2026-06-14 08:09:06 -04:00
88f3c1f964 refactor: extract inline CSS/JS from views into separate asset files (20+ files)
Phase A — HTML removed from PHP files:
- RateLimitMiddleware.php: heredoc moved to views/errors/429.php
- public/index.php: inline HTML replaced with View::error()
- AuthMiddleware.php: <script> redirect replaced with <meta refresh>

Phase B — Inline CSS/JS extracted from views:
- CSS: landing.css (459 lines), legal.css (shared by terms+privacy)
- JS: 17 new files extracted from ~20 view files
  - main.js (layout sidebar + notifications)
  - dashboard-chart.js, server-show.js, server-services.js
  - nginx-manager.js, database-manager.js
  - terminal.js, team-show.js, team-index.js
  - server-list.js, server-permissions.js (shared by edit+create)
  - server-ssl.js, server-processes.js, system-users.js
  - admin-users.js, audit-log.js, admin-notifications.js, admin-security.js
  - notifications.js

Total: -3264 lines from views, +288 lines in new assets
2026-06-14 08:04:01 -04:00
a5eb101d98 security: fix auth bypass, XSS, IDOR, command injection, session hardening, rate limiting
- Phase 1: Require authentication for API register endpoint; restrict role creation
- Phase 2: Add $fillable whitelist to Server model to prevent mass assignment
- Phase 3: Fix XSS via escapeHtml in sidebar, JSON_HEX_TAG in script embeds
- Phase 4: Add canView() checks to TerminalController history/clearHistory
- Phase 5: escapeshellarg() on certbot params, sanitize service names, regex-based command blocklist, suppress exception messages
- Phase 6: SESSION_SECURE=true, SameSite=Strict, logout via POST+CSRF, chmod 640 .env
- Phase 7: DB-based rate limiting replacing session-based, applied to API login/register
2026-06-14 07:32:18 -04:00
c16236314e fix: hide scroll-indicator on mobile to prevent overlap with hero terminal 2026-06-14 07:16:04 -04:00
fee7f3b24a fix: widen policy page containers to 85% width 2026-06-13 21:42:16 -04:00
9ef4eb2856 Merge pull request 'Privacy Policy, Terms & animated landing page' (#83) from feat/privacy-terms-landing into master
Reviewed-on: #83
Reviewed-by: rafaga21 <rafaelminaya20@hotmail.com>
2026-06-13 21:34:46 -04:00
b05c1120f0 feat: add privacy policy, terms, and animated landing page 2026-06-13 21:33:42 -04:00
60e0719eda fix: allow toggling notifications without password 2026-06-13 17:37:27 -04:00
ec38afe3e9 feat: add notifications_enabled toggle for users (web + Android) 2026-06-13 17:31:07 -04:00
045f33bbc1 fix: use server-side time_ago for notification timestamps 2026-06-13 16:56:43 -04:00
edd9933430 fix: move script block outside foreach to prevent const redeclaration error 2026-06-13 16:51:44 -04:00
e1b6650454 feat: notification dropdown panel and /notifications page 2026-06-13 16:48:05 -04:00
25dfb517ee feat: notification bell with modal showing 10 latest notifications 2026-06-13 16:41:56 -04:00
e92f51e36b replace number inputs with range sliders in threshold modal 2026-06-13 16:32:53 -04:00
dc34f29169 improve threshold modal design with card-based layout and color-coded inputs 2026-06-13 16:32:53 -04:00
c63c5ffcfd feat: per-server notification thresholds with alert on agent metrics push 2026-06-13 16:12:36 -04:00
12c3e23d9c feat: track notification read receipts per user
- New notification_reads table (migration 008) with unique (notification_id, user_id)
- Notification model: markAsRead inserts into notification_reads; getForUser JOINs
  to show per-user read status; getUnreadCount checks NOT EXISTS in reads table
- getAll() includes read_count subquery for admin view
- Admin view shows 'X / Y' read count for broadcast notifications,
  'Read'/'Unread' badge for user-targeted ones
- Migrates existing read notifications into notification_reads
- AGENTS.md updated with new conventions
2026-06-13 11:48:05 -04:00
b94ae16f69 fix: remove duplicate old() function causing 500 on create page
- Removed the local old() function definition from views/servers/create.php
  which conflicted with the global old() in src/Helpers/functions.php:37
- Replaced all old() calls with direct htmlspecialchars([...]) lookups
2026-06-13 11:31:52 -04:00
0cfed5bf27 feat: validate required SSH permissions before creating server
- New server_permissions table (migration 007) stores required SSH permissions per server
- PermissionValidator service connects via SSH and validates each permission before save
- ServerPermission model for CRUD on server_permissions table
- Web flow: create/edit forms include dynamic permission rows with quick-add presets
- API flow: serverAdd/serverUpdate accept permissions array, return 400 on failure
- Show view displays required permissions on server detail page
- Form input preserved on validation failure (credentials excluded)
- AGENTS.md updated with new conventions
2026-06-13 10:41:18 -04:00
8f3b5bd7ce feat: add aggregated resource usage chart to dashboard 2026-06-11 21:46:33 -04:00
85bb70fe0f fix: add sudo fallback to agent installer + improve error output
- AgentService: try sudo -n first, fall back to bash without sudo
- AgentService: add sudo to uninstall command
- AgentService: trim error output to last 20 lines for readability
- View: show SSH output inline in error toast
- Fix undefined $path variable in success path
2026-06-11 18:45:14 -04:00
bfa102cf97 feat: push-based monitoring with remote agent
- Add database migration 006 for agent_key, agent_installed, agent_install_path, agent_last_seen_at columns
- Add Server model methods: findByAgentKey, generateAgentKey, regenerateAgentKey, updateAgentLastSeen, setAgentInstalled
- Auto-generate agent_key on server creation
- Create AgentService for SSH-based install/uninstall of remote agent
- Create bin/agent.sh - bash agent script for remote servers
- Create install/agent-install.sh and install/agent-uninstall.sh
- Create install/servermanager-agent.service systemd unit
- Add POST /api/metrics/push endpoint (auth via agent_key)
- Add web routes for agent install/uninstall/regenerate-key
- Add agent status section to server detail view with install/uninstall modals
- Make MonitoringService::saveMetrics() public for reuse
2026-06-11 18:28:22 -04:00
c4277c937f feat: v1.5.0 + service actions + remove duplicate apk
- Services tab: start/stop/restart/reload via dialog
- Backend: POST /api/servers/:id/service-action
- Removed duplicate APK download from dashboard view
- Version bump to 1.5.0
2026-06-09 19:02:41 -04:00
e6717d0578 bump to 1.3.0 + teams filter client-side sin recarga 2026-06-09 18:19:27 -04:00
13f14416a4 feat: teams redesign — cards, filter, user autocomplete
- Teams index: cards with animation, search filter
- Team detail: user autocomplete via AJAX (search on type)
- CSS: card grid styles, autocomplete dropdown
- Backend: searchUsers endpoint, filter support
2026-06-09 18:11:20 -04:00
086bbda6e8 fix: app version form now uses POST redirect with flash message instead of AJAX 2026-06-09 17:15:47 -04:00
53e9b92a8d feat: admin app version mgmt + notification system
- New tables: app_config, notifications
- Admin views: App Version editor, Notification sender
- API: GET /api/notifications, POST /api/notifications/:id/read, POST /api/notifications/read-all
- App version now stored in DB, editable by super admin
- Notifications: send to all users or specific user
- Android notification models + API client
- Sidebar: App Version + Notifications links for super_admin
2026-06-09 17:06:22 -04:00
b613e43ab3 feat: redesign Android app with animations, charts, profile, and registration
- Register screen with validation (username, email, password, confirm)
- Profile screen with email editing and password change
- User greeting on dashboard showing logged-in username
- 401 auto-logout via SessionManager + AuthInterceptor
- MetricsChart with Canvas line graphs (CPU, RAM, Disk)
- Animated StatCard with counters and icons
- ServerCard with progress bars, pulsating status dot, dynamic elevation
- Shimmer loading placeholders
- Dark mode support with Material3
- Navigation transitions (slide + fade)
- New server rack launcher icon
- Splash screen
- Backend API: register, profile (GET/PUT) endpoints
2026-06-09 16:38:04 -04:00
c45354db11 Fix theme toggle (add light theme CSS) and improve mobile sidebar usability 2026-06-07 13:02:31 -04:00
cd24cc53a0 Add per-column filters, smart pagination (25/page), and date range filter to audit logs 2026-06-07 12:43:50 -04:00
e207ece614 Remove stale Team button from server detail page 2026-06-07 08:00:11 -04:00
5b13518672 Refactor sidebar: use is_super_admin/is_admin helpers, restrict Users/Audit/Security to super_admin only 2026-06-07 07:36:34 -04:00
016584e907 Restrict Users, Audit Logs, Security routes to super_admin only
- Sidebar: Users, Audit Logs and Security now only visible to super_admin
- AdminController: requireSuperAdmin() check on users() and auditLogs()
- AdminController: super_admin check on createUser, updateUser, deleteUser JSON endpoints
- securitySettings() already had the check in place
2026-06-07 07:34:16 -04:00