nate
f013890c40
refactor: extract monitor form into shared partial for create and edit
2026-03-18 19:41:31 +04:00
nate
5b7a211c21
fix: show latest latency from fastest region instead of average on home
2026-03-18 19:36:24 +04:00
nate
688245b0c2
fix: match client-side sparkline behavior to SSR region-aware rendering
2026-03-18 19:31:41 +04:00
nate
6beb7f8039
update: tos
2026-03-18 19:27:10 +04:00
nate
5be1f85365
fix: run cert expiry check concurrently to avoid delaying results
2026-03-18 19:04:30 +04:00
nate
42024a9fc3
fix: use monitor-side checked_at timestamp instead of coordinator arrival time
2026-03-18 18:50:16 +04:00
nate
425bfbfc39
perf: optimize monitor runner, fix SSE leak, deduplicate shared utils
2026-03-18 18:44:08 +04:00
980261632e
fix: deserialize scheduled_at_ms as string or number (postgres bigint serializes as string)
2026-03-18 17:17:29 +04:00
c5eb514990
feat: lookahead scheduling — API returns scheduled_at_ms, nodes sleep-until for tight coordination
2026-03-18 17:14:28 +04:00
7b98ae78e5
fix: run_id = hash(monitor_id, interval_bucket) — unique per window, consistent across regions
2026-03-18 17:03:17 +04:00
b6a66ddb21
fix: run_id derived from scheduled_at bucket so all regions share same ID per window
2026-03-18 16:46:30 +04:00
77534a037c
feat: show run_id (first 8 chars) in recent pings table
2026-03-18 16:42:50 +04:00
f7ab3b96b2
feat: per-region due scheduling + run_id to group pings across regions
2026-03-18 16:36:35 +04:00
e057a65535
fix: avgLatency NaN — extract .latency_ms from ping objects
2026-03-18 16:31:08 +04:00
07648672ad
feat: per-region chart lines and lowest-avg sparkline
2026-03-18 16:25:47 +04:00
e1bb39431d
fix: use URL.searchParams to parse region query param in /internal/due
2026-03-18 16:21:24 +04:00
8c39fb45c1
feat: add region selector to monitor edit form
2026-03-18 16:15:19 +04:00
93db31db3b
feat: multi-region monitor support — region selector in UI, region flag on pings
2026-03-18 16:08:39 +04:00
52f7f8102b
feat: update user-agent to Mozilla-compatible string
2026-03-18 14:43:33 +04:00
957674fca4
fix: clear in-flight after post_result to prevent double-pings, revert poll to 50ms
2026-03-18 14:29:37 +04:00
d3ee0ef9d5
fix: revert grace period, increase poll interval to 500ms to prevent doubles without adding jitter
2026-03-18 14:27:38 +04:00
5836c44228
fix: add 200ms grace period to due query to prevent double-pings
2026-03-18 14:21:21 +04:00
6882162d7f
fix: use system CA store for ureq TLS to verify Cloudflare-issued certs
2026-03-18 14:10:28 +04:00
1b8cbc6e23
fix: force ureq to use ring crypto provider to match main.rs init
2026-03-18 14:05:04 +04:00
f17bfbfd4b
fix: switch ureq from native-tls to rustls (bundled roots)
2026-03-18 13:54:39 +04:00
3fa624eff8
fix: replace curl subprocess with ureq blocking client in std::thread
2026-03-18 13:40:28 +04:00
6b8e1fc9d9
cleanup: remove debug warn logs from monitor runner
2026-03-18 13:30:19 +04:00
6e1d642c77
fix: allow null status_code in ingest schema; check HTTP status in post_result
2026-03-18 13:28:42 +04:00
5037222846
fix: add 10s timeout to post_result to prevent hung API calls
2026-03-18 13:24:52 +04:00
3ce89a88bf
debug: log post_result calls
2026-03-18 13:22:35 +04:00
749a06b9d7
debug: log check errors and trace post_result calls
2026-03-18 13:19:35 +04:00
cb8d0f81b1
debug: add warn logs to curl thread, fix temp file uniqueness
2026-03-18 13:17:11 +04:00
556729b881
fix: use std::thread + tokio oneshot for curl — fully decoupled from tokio thread pool
2026-03-18 13:10:04 +04:00
5e76b2212f
fix: use std::process::Command+spawn_blocking+temp file to avoid all pipe/async hang issues
2026-03-18 13:08:08 +04:00
289ec8e038
fix: hard task-level timeout as failsafe so in-flight lock always clears
2026-03-18 13:05:43 +04:00
0edce8c555
fix: use spawn+manual read+wait instead of output() to avoid stdout pipe hang
2026-03-18 13:03:06 +04:00
94200b430f
fix: set kill_on_drop and explicit stdio pipes so curl doesn't inherit parent fds
2026-03-18 12:59:34 +04:00
79bf7d9295
fix: wrap curl output() in tokio timeout in case process hangs on stdout
2026-03-18 12:58:12 +04:00
554d95cfb4
fix: correctly handle curl non-zero exit codes as errors
2026-03-18 12:55:00 +04:00
5730a3cb83
fix: replace reqwest with curl subprocess for reliable hard timeouts
2026-03-18 12:52:17 +04:00
c68700da46
fix: use blocking reqwest in spawn_blocking for reliable OS-level timeout
2026-03-18 12:48:30 +04:00
4035a3b215
fix: switch reqwest to native-tls so connect_timeout covers TLS handshake
2026-03-18 12:45:52 +04:00
5b0bce65c6
fix: pre-flight TCP connect check with hard tokio timeout before reqwest attempt
2026-03-18 12:43:27 +04:00
b8b0a9d5e2
fix: per-check client with connect_timeout to guarantee OS-level TCP timeout
2026-03-18 12:42:09 +04:00
7905a8003b
fix: clean up cert check - only runs after successful response, no more borrow errors
2026-03-18 12:40:03 +04:00
de6e24e973
fix: move cert check to after successful HTTP response, never runs on down/timeout hosts
2026-03-18 12:39:18 +04:00
d49cfa70f5
fix: add connect_timeout to reqwest client to prevent indefinite TCP SYN hangs
2026-03-18 12:37:09 +04:00
68093131fa
fix: spawn cert check as independent task, never blocks main request timeout
2026-03-18 12:35:58 +04:00
dbbc9c00cc
fix: run cert check concurrently with request so a hanging TCP connect can't block the timeout
2026-03-18 12:33:22 +04:00
b41faff2ad
fix: move timeout definition before cert check
2026-03-18 12:27:00 +04:00
81ac8f0c20
fix: apply timeout to cert check — was hanging indefinitely before request even started
2026-03-18 12:26:27 +04:00
05c60db605
fix: wrap full request+body read in timeout to catch slow response bodies
2026-03-18 12:17:55 +04:00
baea9f8e7e
fix: sub-key notice as separate card below account section
2026-03-18 12:05:24 +04:00
6d057d5797
fix: move sub-key notice inside account section
2026-03-18 12:04:40 +04:00
988c43090b
fix: make sub-key notice match page style
2026-03-18 12:03:02 +04:00
a9a1e43146
feat: add sub-key notice banner on settings page
2026-03-18 12:01:35 +04:00
f7d6eff972
fix: block sub-keys from accessing/modifying email, account key, and other sub-keys
2026-03-18 11:51:52 +04:00
eeb0318c4d
fix: hide login key and sub-keys from sub-key sessions
2026-03-18 11:48:51 +04:00
c56af82053
fix: increase key input maxlength to 64 for new key format
2026-03-18 11:45:31 +04:00
1a7bc4dfa5
fix: sameSite=none for cross-origin cookie (pingql.com → api.pingql.com)
2026-03-18 11:41:00 +04:00
nate
5a0cf5033b
fix: harden auth, SSRF, query engine, and cookie security
2026-03-18 11:37:33 +04:00
d278ab0458
fix: use credentials:include for cross-origin API requests
2026-03-18 09:44:50 +04:00
641af86779
fix: separate jsHash for app.js cache busting
2026-03-18 09:43:11 +04:00
fa8ff8b361
fix: explicit OPTIONS handler for CORS preflight
2026-03-18 09:41:25 +04:00
7a9417297f
fix: add preflight CORS options for api.pingql.com
2026-03-18 09:41:09 +04:00
9fb90d9ea8
fix: point dashboard API calls to api.pingql.com
2026-03-18 09:39:07 +04:00
841a852491
feat: split web and api into separate apps
2026-03-18 09:33:46 +04:00
ba437e3c5a
feat: block web UI routes on api.pingql.com, serve JSON root
2026-03-18 09:30:13 +04:00
3a9cd62cdd
fix: increase tos top padding to pt-28
2026-03-18 09:26:18 +04:00
1325512c6d
fix: reduce tos page padding and section spacing
2026-03-18 04:04:47 +04:00
7a6a1fdd10
build: rebuild css with pt-40 and pt-2 for tos page
2026-03-18 04:02:47 +04:00
143868eb21
fix: increase TOS top padding, add spacing above h2s
2026-03-18 03:59:52 +04:00
7db2889960
feat: add Terms of Service page
2026-03-18 03:52:58 +04:00
705073b508
fix: center hero section vertically on pageload
2026-03-18 03:45:14 +04:00
7e3c651db7
fix: define brand color via @theme for tailwind v4 compat
2026-03-18 03:25:34 +04:00
ce4411b13b
feat: add 1-20s interval options, lower API minimum to 1s
2026-03-18 03:20:33 +04:00
3df7f4b702
fix: logout properly expires cookie with matching domain/path attributes
2026-03-18 03:08:00 +04:00
8221b3a33d
fix: remove redundant 'jitter' word from pings table
2026-03-18 03:05:39 +04:00
a246b60cbe
fix: space between time and jitter label
2026-03-17 11:23:01 +04:00
1e3a5ff4d1
perf: reduce monitor poll interval to 50ms for tighter jitter
2026-03-17 10:58:28 +04:00
bd3c33dda4
fix: jitter = actual check start minus ideal scheduled time, not wall clock at dispatch
2026-03-17 10:54:36 +04:00
27be1fa8bf
fix: jitter_ms now measured in Rust at check start, excludes latency and return trip
2026-03-17 10:52:08 +04:00
e7ec457d0e
feat: show jitter_ms in pings table time column
2026-03-17 10:48:24 +04:00
f71388a51a
feat: jitter_ms tracking — scheduled_at stamped at dispatch, jitter computed on ingest
2026-03-17 10:44:35 +04:00
5c91cbc522
refactor: convert all static HTML to EJS with cssHash cache-busting, remove stale html files
2026-03-17 09:54:44 +04:00
ac693e55e0
fix: immutable cache-control headers for versioned static assets
2026-03-17 09:45:24 +04:00
41bfe52f10
feat: cache-bust static assets with CSS content hash on startup
2026-03-17 09:44:18 +04:00
6342ec907f
fix: tailwind v4 @source directives, rebuild CSS (8.9KB → 33KB)
2026-03-17 09:42:24 +04:00
ea5f1840df
fix: use @tailwindcss/cli for cross-platform compat
2026-03-17 09:33:28 +04:00
a995fe3c94
feat: replace Tailwind CDN with self-hosted pre-built CSS
2026-03-17 09:32:34 +04:00
3638ce3dd2
chore: check -> ping
2026-03-17 09:28:45 +04:00
081d3ad6e2
chore: simplify global network card copy
2026-03-17 09:27:50 +04:00
6cf11dadde
feat: replace response time card with global monitoring network
2026-03-17 09:26:49 +04:00
486c94f4ff
chore: strengthen security section on privacy page
2026-03-17 08:42:01 +04:00
6965a114f0
chore: lifetime -> with strikethrough
2026-03-17 08:36:25 +04:00
ca686403d9
chore: drop XEC ticker
2026-03-17 08:31:53 +04:00
3fa6c5f1f6
chore: add eCash/XEC to accepted crypto
2026-03-17 08:31:08 +04:00
7d67312a1b
feat: replace SSRF card with crypto payments feature card
2026-03-17 08:30:23 +04:00
a5d321f198
chore: drop Stripe from privacy page, add crypto payments mention
2026-03-17 08:26:58 +04:00
62b67aaa7c
feat: privacy page at /privacy, drop query language nav link
2026-03-17 08:22:17 +04:00
5dd514aa94
feat: update landing features to reflect current product
2026-03-17 08:17:15 +04:00
24bf97ae7d
chore: pro interval 2.5s -> 1s
2026-03-17 08:15:06 +04:00
0e6c27eca9
chore: pro plan -> /mo
2026-03-17 08:13:53 +04:00
e925e9b0ed
feat: add lifetime plan at to pricing section
2026-03-17 08:09:35 +04:00
819a979f28
chore: pro plan priced at /mo
2026-03-17 08:02:56 +04:00
08e5039d81
chore: free plan 5 monitors / 20s interval
2026-03-17 08:02:04 +04:00
98c0cc35b2
chore: pro plan interval 5s -> 2.5s
2026-03-17 07:58:42 +04:00
1495da41fa
chore: remove limits during testing
2026-03-17 07:57:42 +04:00
34fd66f784
feat: pricing page — 10 monitors/30s free, unlimited/5s pro coming soon; enforce 30s min interval
2026-03-17 07:55:07 +04:00
cf8903f95d
fix: fixed width on text column prevents layout shift when timestamp changes
2026-03-17 07:48:00 +04:00
017d489e2e
fix: mutate polyline points in place on SSE ping, no fetch, no flicker
2026-03-17 07:44:09 +04:00
2c32bc1115
Revert "fix: client-side sparkline with local buffer, no server fetch on update"
...
This reverts commit 72bc11813d
2026-03-17 07:42:36 +04:00
72bc11813d
fix: client-side sparkline with local buffer, no server fetch on update
2026-03-17 07:38:26 +04:00
6929d8f51f
fix: atomic SVG replaceWith() on sparkline update, no empty-frame bounce
2026-03-17 07:35:54 +04:00
0874583a4f
Revert "fix: static HTML label spans outside swap zone, chart only returns SVG + label update script"
...
This reverts commit e8bfaa42d7
2026-03-17 07:34:02 +04:00
e8bfaa42d7
fix: static HTML label spans outside swap zone, chart only returns SVG + label update script
2026-03-17 07:32:39 +04:00
1e90b5f3c2
fix: move min/max labels out of SVG into HTML overlays, no more text stretch
2026-03-17 07:30:28 +04:00
5eb463a03a
fix: SVG h-full so it fills container exactly, no overflow or clipping
2026-03-17 07:28:57 +04:00
51baf7c495
fix: chart container w-full overflow-hidden prevents graph escaping bounds
2026-03-17 07:27:05 +04:00
f00c78116b
fix: detail page updates all stats, status bar, pings table in realtime via SSE
2026-03-17 07:23:54 +04:00
93c3a1e84a
fix: pin sparkline container to 120x32 to prevent layout shift on update
2026-03-17 07:20:56 +04:00
ed5e213b1a
fix: migrate() uses CREATE IF NOT EXISTS — no more data wipe on restart
2026-03-17 07:17:54 +04:00
1794c05b4f
fix: restore status dot, latency, last-ping time updates on SSE
2026-03-17 07:15:31 +04:00
94d24bac35
fix: fetch sparkline/chart immediately on SSE ping, no debounce delay
2026-03-17 07:12:48 +04:00
b802c7c68b
fix: bust Cloudflare cache on app.js with version query string
2026-03-17 07:10:27 +04:00
66b368453d
refactor: single account-level SSE stream instead of per-monitor connections
2026-03-17 07:06:09 +04:00
55f9f6d8ed
refactor: SSE just refreshes sparkline/chart from server, no DOM stat patching
2026-03-17 07:03:10 +04:00
749c6f391e
fix: SSE stream 500 — replace error() with plain Response in stream handler
2026-03-17 06:59:43 +04:00
15227b9c6e
fix: key_plain -> key in dashboard query
2026-03-17 06:51:27 +04:00
e461d73ce3
refactor: drop all hashing, store keys plaintext
2026-03-17 06:47:22 +04:00
54c89a5a11
fix: store key_plain on sub-keys, display always in settings with copy button
2026-03-17 06:40:33 +04:00
c684d96d90
fix: rename API Keys -> Sub-Keys, show key inline on creation, no reload
2026-03-17 06:37:29 +04:00
ab4f60e159
fix: rotate button inline with key field, updates in place
2026-03-17 06:34:57 +04:00
0c65b5e3fa
fix: just show the login key on settings page
2026-03-17 06:33:13 +04:00
2ec1915ef5
fix: remove pointless internal UUID from settings, show login key label instead
2026-03-17 06:31:41 +04:00
9d8982ae50
fix: key rotation shows new key in dedicated reveal, not sub-key div; clarify account ID label
2026-03-17 06:29:58 +04:00
b80f4673b2
fix: use standard UUID v4 for keys instead of custom 256-bit hex format
2026-03-17 06:26:52 +04:00
bbd5df8c46
fix: 8 groups of 8 chars, not 16 groups of 4
2026-03-17 06:26:14 +04:00
43a1abc2ed
fix: format keys as XXXX-XXXX-...-XXXX (8 groups), normalize before hashing
...
Keys are now human-readable grouped hex instead of raw 64-char blobs.
resolveKey() strips dashes before sha256/bcrypt so both formats work.
All key creation paths (register, reset-key, sub-keys) hash the
normalized form. Login placeholder and maxlength updated to match.
2026-03-17 06:25:19 +04:00
b8ac4e7b1f
fix: redirect loop on stale cookie, login broken for 64-char keys, stale docs
...
- /dashboard now validates key before redirecting to /home — bad/old keys
clear the cookie and show login instead of looping
- Login form: remove old 4-group auto-formatter, fix maxlength 19→64,
fix min length validation 19→10, update placeholder
- New key display: break-all so 64-char hex wraps properly
- docs.html: update example key format and description
2026-03-17 06:22:16 +04:00
6bdd76b4f0
security: auth redesign, SSRF protection, CORS lockdown, and 13 other fixes
...
- Auth (#2/#3): UUID PK, 256-bit keys, SHA-256 lookup + bcrypt hash
- SSRF (#1 ): validate URLs, block private IPs, cloud metadata endpoints
- CORS (#4 ): lock to pingql.com origins, not wildcard
- SSE limit (#6 ): 10 connections per monitor max
- ReDoS (#7 ): cap $regex patterns at 200 chars
- Monitor limit (#8 ): 100 per account default
- Cookie env config (#9 ): secure/domain from env vars
- Bearer parsing (#10 ): case-insensitive RFC 6750
- Pings retention (#11 ): 90-day pruner, hourly interval
- monitors.enabled index (#12 ): partial index for /internal/due
- Runner locking (#14 ): locked_until for horizontal scale safety
- COALESCE nullable bug (#17 ): dynamic PATCH with explicit undefined checks
- MONITOR_TOKEN null guard (#18 ): startup validation + middleware hardening
- reset-key cookie fix (#16 ): sets new cookie in response
2026-03-17 06:10:10 +04:00
5071e340c7
fix: SSE-driven chart/sparkline refresh, debounced server-side partials
2026-03-16 21:21:56 +04:00
2f7273604b
refactor: full SSR dashboard, minimal SSE DOM patches, poll-based refresh
2026-03-16 21:14:45 +04:00
878829111f
fix: use raw ETA tag for timestamp HTML in SSR monitor list
2026-03-16 17:37:48 +04:00
31f95288e6
fix: missing closing ETA block tag in home.ejs SSR section
2026-03-16 17:32:22 +04:00
0597c7f6e7
fix: set cookie domain to .pingql.com so it works on both subdomains
2026-03-16 17:26:56 +04:00
ef56b47b09
feat: cookie-based auth, SSR dashboard, JS-optional login
2026-03-16 17:25:59 +04:00
8e4cb84599
ux: widen dashboard layout to max-w-7xl, consistent px-8 padding
2026-03-16 17:15:45 +04:00
d41d3a3737
fix: latency chart red dots — track up/down with latency values
2026-03-16 17:13:48 +04:00
923f0349dc
feat: fully SSE-driven detail/home pages, kill polling intervals
2026-03-16 17:10:12 +04:00
nate
M1