M1
|
a246b60cbe
|
fix: space between time and jitter label
|
2026-03-17 11:23:01 +04:00 |
|
M1
|
e7ec457d0e
|
feat: show jitter_ms in pings table time column
|
2026-03-17 10:48:24 +04:00 |
|
M1
|
5c91cbc522
|
refactor: convert all static HTML to EJS with cssHash cache-busting, remove stale html files
|
2026-03-17 09:54:44 +04:00 |
|
M1
|
41bfe52f10
|
feat: cache-bust static assets with CSS content hash on startup
|
2026-03-17 09:44:18 +04:00 |
|
M1
|
a995fe3c94
|
feat: replace Tailwind CDN with self-hosted pre-built CSS
|
2026-03-17 09:32:34 +04:00 |
|
M1
|
cf8903f95d
|
fix: fixed width on text column prevents layout shift when timestamp changes
|
2026-03-17 07:48:00 +04:00 |
|
M1
|
017d489e2e
|
fix: mutate polyline points in place on SSE ping, no fetch, no flicker
|
2026-03-17 07:44:09 +04:00 |
|
M1
|
2c32bc1115
|
Revert "fix: client-side sparkline with local buffer, no server fetch on update"
This reverts commit 72bc11813d.
|
2026-03-17 07:42:36 +04:00 |
|
M1
|
72bc11813d
|
fix: client-side sparkline with local buffer, no server fetch on update
|
2026-03-17 07:38:26 +04:00 |
|
M1
|
6929d8f51f
|
fix: atomic SVG replaceWith() on sparkline update, no empty-frame bounce
|
2026-03-17 07:35:54 +04:00 |
|
M1
|
0874583a4f
|
Revert "fix: static HTML label spans outside swap zone, chart only returns SVG + label update script"
This reverts commit e8bfaa42d7.
|
2026-03-17 07:34:02 +04:00 |
|
M1
|
e8bfaa42d7
|
fix: static HTML label spans outside swap zone, chart only returns SVG + label update script
|
2026-03-17 07:32:39 +04:00 |
|
M1
|
5eb463a03a
|
fix: SVG h-full so it fills container exactly, no overflow or clipping
|
2026-03-17 07:28:57 +04:00 |
|
M1
|
51baf7c495
|
fix: chart container w-full overflow-hidden prevents graph escaping bounds
|
2026-03-17 07:27:05 +04:00 |
|
M1
|
f00c78116b
|
fix: detail page updates all stats, status bar, pings table in realtime via SSE
|
2026-03-17 07:23:54 +04:00 |
|
M1
|
93c3a1e84a
|
fix: pin sparkline container to 120x32 to prevent layout shift on update
|
2026-03-17 07:20:56 +04:00 |
|
M1
|
1794c05b4f
|
fix: restore status dot, latency, last-ping time updates on SSE
|
2026-03-17 07:15:31 +04:00 |
|
M1
|
94d24bac35
|
fix: fetch sparkline/chart immediately on SSE ping, no debounce delay
|
2026-03-17 07:12:48 +04:00 |
|
M1
|
b802c7c68b
|
fix: bust Cloudflare cache on app.js with version query string
|
2026-03-17 07:10:27 +04:00 |
|
M1
|
66b368453d
|
refactor: single account-level SSE stream instead of per-monitor connections
|
2026-03-17 07:06:09 +04:00 |
|
M1
|
55f9f6d8ed
|
refactor: SSE just refreshes sparkline/chart from server, no DOM stat patching
|
2026-03-17 07:03:10 +04:00 |
|
M1
|
e461d73ce3
|
refactor: drop all hashing, store keys plaintext
|
2026-03-17 06:47:22 +04:00 |
|
M1
|
54c89a5a11
|
fix: store key_plain on sub-keys, display always in settings with copy button
|
2026-03-17 06:40:33 +04:00 |
|
M1
|
c684d96d90
|
fix: rename API Keys -> Sub-Keys, show key inline on creation, no reload
|
2026-03-17 06:37:29 +04:00 |
|
M1
|
ab4f60e159
|
fix: rotate button inline with key field, updates in place
|
2026-03-17 06:34:57 +04:00 |
|
M1
|
0c65b5e3fa
|
fix: just show the login key on settings page
|
2026-03-17 06:33:13 +04:00 |
|
M1
|
2ec1915ef5
|
fix: remove pointless internal UUID from settings, show login key label instead
|
2026-03-17 06:31:41 +04:00 |
|
M1
|
9d8982ae50
|
fix: key rotation shows new key in dedicated reveal, not sub-key div; clarify account ID label
|
2026-03-17 06:29:58 +04:00 |
|
M1
|
6bdd76b4f0
|
security: auth redesign, SSRF protection, CORS lockdown, and 13 other fixes
- Auth (#2/#3): UUID PK, 256-bit keys, SHA-256 lookup + bcrypt hash
- SSRF (#1): validate URLs, block private IPs, cloud metadata endpoints
- CORS (#4): lock to pingql.com origins, not wildcard
- SSE limit (#6): 10 connections per monitor max
- ReDoS (#7): cap $regex patterns at 200 chars
- Monitor limit (#8): 100 per account default
- Cookie env config (#9): secure/domain from env vars
- Bearer parsing (#10): case-insensitive RFC 6750
- Pings retention (#11): 90-day pruner, hourly interval
- monitors.enabled index (#12): partial index for /internal/due
- Runner locking (#14): locked_until for horizontal scale safety
- COALESCE nullable bug (#17): dynamic PATCH with explicit undefined checks
- MONITOR_TOKEN null guard (#18): startup validation + middleware hardening
- reset-key cookie fix (#16): sets new cookie in response
|
2026-03-17 06:10:10 +04:00 |
|
M1
|
5071e340c7
|
fix: SSE-driven chart/sparkline refresh, debounced server-side partials
|
2026-03-16 21:21:56 +04:00 |
|
M1
|
2f7273604b
|
refactor: full SSR dashboard, minimal SSE DOM patches, poll-based refresh
|
2026-03-16 21:14:45 +04:00 |
|
M1
|
878829111f
|
fix: use raw ETA tag for timestamp HTML in SSR monitor list
|
2026-03-16 17:37:48 +04:00 |
|
M1
|
31f95288e6
|
fix: missing closing ETA block tag in home.ejs SSR section
|
2026-03-16 17:32:22 +04:00 |
|
M1
|
ef56b47b09
|
feat: cookie-based auth, SSR dashboard, JS-optional login
|
2026-03-16 17:25:59 +04:00 |
|
M1
|
8e4cb84599
|
ux: widen dashboard layout to max-w-7xl, consistent px-8 padding
|
2026-03-16 17:15:45 +04:00 |
|
M1
|
d41d3a3737
|
fix: latency chart red dots — track up/down with latency values
|
2026-03-16 17:13:48 +04:00 |
|
M1
|
923f0349dc
|
feat: fully SSE-driven detail/home pages, kill polling intervals
|
2026-03-16 17:10:12 +04:00 |
|
M1
|
037013b564
|
fix: SSE ping rows match existing table row style
|
2026-03-16 17:07:31 +04:00 |
|
M1
|
a681833d8d
|
feat: detail edit form matches new monitor form (method, headers, body, timeout)
|
2026-03-16 17:04:30 +04:00 |
|
M1
|
ef2b2c043d
|
feat: live sparkline updates on SSE ping
|
2026-03-16 16:20:34 +04:00 |
|
M1
|
31d1fa7b04
|
fix: SSE via fetch for auth headers, remove query param auth, add heartbeat every 10s
|
2026-03-16 16:17:33 +04:00 |
|
M1
|
6d48a83560
|
feat: SSE live ping stream for monitors
|
2026-03-16 16:14:23 +04:00 |
|
M1
|
1e95149456
|
feat: live-updating timestamps via data-ts attribute
|
2026-03-16 16:10:04 +04:00 |
|
M1
|
2bfe3a0272
|
fix: remove double popup on key rotation
|
2026-03-16 16:07:12 +04:00 |
|
M1
|
3368dbdd7f
|
feat: custom method, headers, body, timeout on monitors
|
2026-03-16 15:30:35 +04:00 |
|
M1
|
d98aa5e46f
|
fix: query-builder.js missing from monitor detail page
|
2026-03-16 15:25:16 +04:00 |
|
M1
|
5944fae824
|
fix: query-builder.js missing from new monitor EJS page
|
2026-03-16 15:21:21 +04:00 |
|
M1
|
4c5e426292
|
fix: remove defer from app.js so functions available to inline scripts
|
2026-03-16 15:19:33 +04:00 |
|
M1
|
87c924d8d0
|
fix: app.js deferred in head (fixes requireAuth undefined), extract app.css
|
2026-03-16 15:16:59 +04:00 |
|
M1
|
e36c239000
|
refactor: ETA templating engine for dashboard, shared nav/head/foot partials
|
2026-03-16 15:14:26 +04:00 |