Commit Graph

21 Commits

Author SHA1 Message Date
52947f7b21 fix: filter FCM sends by notifications_enabled preference 2026-06-13 17:48:53 -04:00
756a6d8d14 move install scripts to bin/, remove unused install directory 2026-06-13 15:55:49 -04:00
d231af1c91 fix: remove invalid priority field from AndroidNotification in FCM v1 payload 2026-06-13 14:41:56 -04:00
f1f263225f fix: FCM push not sending — add v1 API + better diagnostics
- FCMService now supports both HTTP v1 API (service account) and legacy API (server key)
- v1 API uses OAuth2 JWT auth with Firebase service account; tries this first
- Falls back to legacy HTTP API if only server key is configured
- Removes invalid tokens from DB automatically (NotRegistered, INVALID_ARGUMENT, etc.)
- AdminController now logs push result status and shows in UI response
- .env updated with FCM_SERVER_KEY placeholder and docs
- Migration 010 run in dev
2026-06-13 13:11:12 -04:00
136eebc4c3 feat: Firebase Cloud Messaging push notifications
Backend:
- New user_fcm_tokens table (migration 010) for storing device tokens
- FCMService sends push via Firebase HTTP legacy API (server key from .env)
- POST /api/fcm/register endpoint for Android to register its FCM token
- AdminController::sendNotification() triggers FCM push after DB insert
- FCM config added to config.php

Android:
- Firebase Cloud Messaging service (ServerManagerFirebaseService)
  receives push notifications and shows them via NotificationHelper
- FCM token registered with backend on new token and on login
- google-services.json template (must be replaced with real Firebase config)
- firebase-setup.sh script with configuration instructions
- FCM dependency + google-services plugin added to Gradle
- Bump to v1.8.0 (versionCode 12)
2026-06-13 12:37:40 -04:00
0cfed5bf27 feat: validate required SSH permissions before creating server
- New server_permissions table (migration 007) stores required SSH permissions per server
- PermissionValidator service connects via SSH and validates each permission before save
- ServerPermission model for CRUD on server_permissions table
- Web flow: create/edit forms include dynamic permission rows with quick-add presets
- API flow: serverAdd/serverUpdate accept permissions array, return 400 on failure
- Show view displays required permissions on server detail page
- Form input preserved on validation failure (credentials excluded)
- AGENTS.md updated with new conventions
2026-06-13 10:41:18 -04:00
8f3b5bd7ce feat: add aggregated resource usage chart to dashboard 2026-06-11 21:46:33 -04:00
26e35c6bc7 fix: use ['HTTP_HOST'] dynamically for agent URL 2026-06-11 20:28:35 -04:00
4d3a7e4d65 fix: use correct server URL instead of localhost
AgentService now replaces 'localhost' in the server URL with
sysadmin.lan before sending to the remote agent. Also added
URL/hostname debug output to the agent startup log.
2026-06-11 20:26:37 -04:00
fd3cc6825c fix: dual-mode installer — works with or without sudo
Installer now detects at runtime if it can get root access:
- Root/NOPASSWD sudo: installs to system directories with systemd
- No root: installs to ~/.local/bin with @reboot cron job

Self-elevation uses 'script -qc sudo bash' for requiretty, or falls
back to user mode without hanging on password prompts.

Uninstaller checks both system and user paths.
2026-06-11 19:12:57 -04:00
0edc882f2e fix: installer self-elevates with script PTY instead of external sudo chain
- agent-install.sh and agent-uninstall.sh now detect if running as root
  at startup and re-execute via 'script -qc sudo bash' if needed
- AgentService commands simplified: just write to /tmp and run bash,
  the scripts handle privilege escalation internally
- Fixes exit code propagation: the script's exit code now correctly
  flows back through exec -> script -> sudo -> bash -> SSH
2026-06-11 19:07:14 -04:00
0ce24c4b8f fix: use script command for PTY instead of modifying SSHService
- Revert SSHService exec() back to original (remove PTY parameter)
- AgentService now writes installer to /tmp/ first, then runs via
  script -q -c to create a PTY for sudo (handles requiretty)
- Falls back to direct sudo bash if script is unavailable
- Cleans up temp files after execution
- Added mkdir -p for /usr/local/bin in installer
- Added file verification and byte-count after writing agent binary
2026-06-11 19:01:27 -04:00
63bf125420 fix: allocate PTY for agent install to work with sudo requiretty
The remote server has 'Defaults requiretty' in sudoers, which prevents
sudo from running without a TTY. Modified SSHService::exec() to accept
an optional  parameter that allocates a pseudo-terminal, and
extracts the exit status from output when PTY is used (since phpseclib
doesn't return exit status in PTY mode).
2026-06-11 18:52:40 -04:00
f4c534c020 fix: always use sudo for agent install (remove fallback check)
The sudo -n check was incorrectly detecting that sudo required a
password, causing fallback to plain bash without root permissions.
Now we always run the installer via sudo bash, consistent with how
all other SSH commands work (systemctl, reboot, etc.).
2026-06-11 18:48:23 -04:00
85bb70fe0f fix: add sudo fallback to agent installer + improve error output
- AgentService: try sudo -n first, fall back to bash without sudo
- AgentService: add sudo to uninstall command
- AgentService: trim error output to last 20 lines for readability
- View: show SSH output inline in error toast
- Fix undefined $path variable in success path
2026-06-11 18:45:14 -04:00
bfa102cf97 feat: push-based monitoring with remote agent
- Add database migration 006 for agent_key, agent_installed, agent_install_path, agent_last_seen_at columns
- Add Server model methods: findByAgentKey, generateAgentKey, regenerateAgentKey, updateAgentLastSeen, setAgentInstalled
- Auto-generate agent_key on server creation
- Create AgentService for SSH-based install/uninstall of remote agent
- Create bin/agent.sh - bash agent script for remote servers
- Create install/agent-install.sh and install/agent-uninstall.sh
- Create install/servermanager-agent.service systemd unit
- Add POST /api/metrics/push endpoint (auth via agent_key)
- Add web routes for agent install/uninstall/regenerate-key
- Add agent status section to server detail view with install/uninstall modals
- Make MonitoringService::saveMetrics() public for reuse
2026-06-11 18:28:22 -04:00
1741545318 Add soft deletes via status column
- Add status ENUM('active','disabled','deleted') to 8 tables
- Change all physical DELETE to UPDATE status='deleted'
- All SELECT queries filter by status='active'
- toggleActive now alternates between active/disabled status
- Exceptions: monitoring_history, rate_limits, sessions keep physical purge
- audit_logs remains immutable
2026-06-07 17:26:29 -04:00
cd24cc53a0 Add per-column filters, smart pagination (25/page), and date range filter to audit logs 2026-06-07 12:43:50 -04:00
4448dec60d Filter recent activity to show only current user's activity 2026-06-07 12:25:04 -04:00
b105b27124 Dashboard stats now scoped to user's accessible servers; super_admin sees all 2026-06-07 07:43:37 -04:00
9c0bc7f189 ServerManager project files 2026-06-06 17:58:34 -04:00