ico
/
pingql
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
260 Commits 1 Branch 0 Tags 3.2 MiB
Commit Graph

42 Commits

Author SHA1 Message Date
nate 57bf994926 fix: more nojs 2026-03-19 10:18:31 +04:00
nate 96a58233fd fix: flashbang 2026-03-19 10:08:20 +04:00
nate d8d1952304 fix: elysia issues 2 2026-03-19 10:06:14 +04:00
nate 03fe13e707 fix: elysia issues 2026-03-19 10:00:30 +04:00
nate 61560ae521 feat: no-JS support for all core UI — registration, settings, monitor CRUD, logout 2026-03-19 09:55:08 +04:00
nate 955b26f942 update: .... 2026-03-19 01:02:52 +04:00
nate c3103f06ce feat: invoices section on settings page, show paid and active payments 2026-03-19 00:16:33 +04:00
M1 36a7d309fa feat: /dashboard/checkout/:id route so invoices survive refresh 2026-03-18 23:37:20 +04:00
nate c9130243e8 feat: crypto payment system with HD wallets, Freedom.st integration, and checkout UI 2026-03-18 23:04:17 +04:00
nate c89b63bd97 feat: implement free/pro plan system with monitor and interval limits 2026-03-18 22:40:45 +04:00
nate 5295fcfe79 chore: move TOS to /terms, remove from header, remove pricing from footer 2026-03-18 20:59:23 +04:00
nate 13beacbc5a chore: remove us-east and ap-southeast regions from UI 2026-03-18 20:20:25 +04:00
nate 2d46491dee chore: remove us-east region from UI, charts, and region selectors 2026-03-18 20:13:11 +04:00
M1 07648672ad feat: per-region chart lines and lowest-avg sparkline 2026-03-18 16:25:47 +04:00
M1 eeb0318c4d fix: hide login key and sub-keys from sub-key sessions 2026-03-18 11:48:51 +04:00
M1 641af86779 fix: separate jsHash for app.js cache busting 2026-03-18 09:43:11 +04:00
M1 7db2889960 feat: add Terms of Service page 2026-03-18 03:52:58 +04:00
M1 3df7f4b702 fix: logout properly expires cookie with matching domain/path attributes 2026-03-18 03:08:00 +04:00
M1 5c91cbc522 refactor: convert all static HTML to EJS with cssHash cache-busting, remove stale html files 2026-03-17 09:54:44 +04:00
M1 ac693e55e0 fix: immutable cache-control headers for versioned static assets 2026-03-17 09:45:24 +04:00
M1 41bfe52f10 feat: cache-bust static assets with CSS content hash on startup 2026-03-17 09:44:18 +04:00
M1 a995fe3c94 feat: replace Tailwind CDN with self-hosted pre-built CSS 2026-03-17 09:32:34 +04:00
M1 62b67aaa7c feat: privacy page at /privacy, drop query language nav link 2026-03-17 08:22:17 +04:00
M1 0874583a4f Revert "fix: static HTML label spans outside swap zone, chart only returns SVG + label update script" 
This reverts commit e8bfaa42d7.
 2026-03-17 07:34:02 +04:00
M1 e8bfaa42d7 fix: static HTML label spans outside swap zone, chart only returns SVG + label update script 2026-03-17 07:32:39 +04:00
M1 1e90b5f3c2 fix: move min/max labels out of SVG into HTML overlays, no more text stretch 2026-03-17 07:30:28 +04:00
M1 5eb463a03a fix: SVG h-full so it fills container exactly, no overflow or clipping 2026-03-17 07:28:57 +04:00
M1 15227b9c6e fix: key_plain -> key in dashboard query 2026-03-17 06:51:27 +04:00
M1 54c89a5a11 fix: store key_plain on sub-keys, display always in settings with copy button 2026-03-17 06:40:33 +04:00
M1 0c65b5e3fa fix: just show the login key on settings page 2026-03-17 06:33:13 +04:00
M1 b8ac4e7b1f fix: redirect loop on stale cookie, login broken for 64-char keys, stale docs 
- /dashboard now validates key before redirecting to /home — bad/old keys
  clear the cookie and show login instead of looping
- Login form: remove old 4-group auto-formatter, fix maxlength 19→64,
  fix min length validation 19→10, update placeholder
- New key display: break-all so 64-char hex wraps properly
- docs.html: update example key format and description
 2026-03-17 06:22:16 +04:00
M1 6bdd76b4f0 security: auth redesign, SSRF protection, CORS lockdown, and 13 other fixes 
- Auth (#2/#3): UUID PK, 256-bit keys, SHA-256 lookup + bcrypt hash
- SSRF (#1): validate URLs, block private IPs, cloud metadata endpoints
- CORS (#4): lock to pingql.com origins, not wildcard
- SSE limit (#6): 10 connections per monitor max
- ReDoS (#7): cap $regex patterns at 200 chars
- Monitor limit (#8): 100 per account default
- Cookie env config (#9): secure/domain from env vars
- Bearer parsing (#10): case-insensitive RFC 6750
- Pings retention (#11): 90-day pruner, hourly interval
- monitors.enabled index (#12): partial index for /internal/due
- Runner locking (#14): locked_until for horizontal scale safety
- COALESCE nullable bug (#17): dynamic PATCH with explicit undefined checks
- MONITOR_TOKEN null guard (#18): startup validation + middleware hardening
- reset-key cookie fix (#16): sets new cookie in response
 2026-03-17 06:10:10 +04:00
M1 5071e340c7 fix: SSE-driven chart/sparkline refresh, debounced server-side partials 2026-03-16 21:21:56 +04:00
M1 2f7273604b refactor: full SSR dashboard, minimal SSE DOM patches, poll-based refresh 2026-03-16 21:14:45 +04:00
M1 ef56b47b09 feat: cookie-based auth, SSR dashboard, JS-optional login 2026-03-16 17:25:59 +04:00
M1 87c924d8d0 fix: app.js deferred in head (fixes requireAuth undefined), extract app.css 2026-03-16 15:16:59 +04:00
M1 e36c239000 refactor: ETA templating engine for dashboard, shared nav/head/foot partials 2026-03-16 15:14:26 +04:00
M1 ce155cd338 feat: settings page — email, key rotation, sub-keys 2026-03-16 15:05:39 +04:00
M1 7b38ff192e feat: custom docs page at /docs, drop swagger 2026-03-16 14:07:30 +04:00
M1 33d1209ac9 feat: query language docs page at /dashboard/docs 2026-03-16 14:00:29 +04:00
M1 fd4af848bc fix: hide dashboard + internal routes from swagger docs 2026-03-16 13:33:44 +04:00
M1 500132ba05 feat: dashboard, visual query builder, expanded query language, cert expiry support 2026-03-16 12:26:17 +04:00