3638ce3dd2
chore: check -> ping
2026-03-17 09:28:45 +04:00
081d3ad6e2
chore: simplify global network card copy
2026-03-17 09:27:50 +04:00
6cf11dadde
feat: replace response time card with global monitoring network
2026-03-17 09:26:49 +04:00
486c94f4ff
chore: strengthen security section on privacy page
2026-03-17 08:42:01 +04:00
6965a114f0
chore: lifetime -> with strikethrough
2026-03-17 08:36:25 +04:00
ca686403d9
chore: drop XEC ticker
2026-03-17 08:31:53 +04:00
3fa6c5f1f6
chore: add eCash/XEC to accepted crypto
2026-03-17 08:31:08 +04:00
7d67312a1b
feat: replace SSRF card with crypto payments feature card
2026-03-17 08:30:23 +04:00
a5d321f198
chore: drop Stripe from privacy page, add crypto payments mention
2026-03-17 08:26:58 +04:00
62b67aaa7c
feat: privacy page at /privacy, drop query language nav link
2026-03-17 08:22:17 +04:00
5dd514aa94
feat: update landing features to reflect current product
2026-03-17 08:17:15 +04:00
24bf97ae7d
chore: pro interval 2.5s -> 1s
2026-03-17 08:15:06 +04:00
0e6c27eca9
chore: pro plan -> /mo
2026-03-17 08:13:53 +04:00
e925e9b0ed
feat: add lifetime plan at to pricing section
2026-03-17 08:09:35 +04:00
819a979f28
chore: pro plan priced at /mo
2026-03-17 08:02:56 +04:00
08e5039d81
chore: free plan 5 monitors / 20s interval
2026-03-17 08:02:04 +04:00
98c0cc35b2
chore: pro plan interval 5s -> 2.5s
2026-03-17 07:58:42 +04:00
1495da41fa
chore: remove limits during testing
2026-03-17 07:57:42 +04:00
34fd66f784
feat: pricing page — 10 monitors/30s free, unlimited/5s pro coming soon; enforce 30s min interval
2026-03-17 07:55:07 +04:00
cf8903f95d
fix: fixed width on text column prevents layout shift when timestamp changes
2026-03-17 07:48:00 +04:00
017d489e2e
fix: mutate polyline points in place on SSE ping, no fetch, no flicker
2026-03-17 07:44:09 +04:00
2c32bc1115
Revert "fix: client-side sparkline with local buffer, no server fetch on update"
...
This reverts commit 72bc11813d
2026-03-17 07:42:36 +04:00
72bc11813d
fix: client-side sparkline with local buffer, no server fetch on update
2026-03-17 07:38:26 +04:00
6929d8f51f
fix: atomic SVG replaceWith() on sparkline update, no empty-frame bounce
2026-03-17 07:35:54 +04:00
0874583a4f
Revert "fix: static HTML label spans outside swap zone, chart only returns SVG + label update script"
...
This reverts commit e8bfaa42d7
2026-03-17 07:34:02 +04:00
e8bfaa42d7
fix: static HTML label spans outside swap zone, chart only returns SVG + label update script
2026-03-17 07:32:39 +04:00
1e90b5f3c2
fix: move min/max labels out of SVG into HTML overlays, no more text stretch
2026-03-17 07:30:28 +04:00
5eb463a03a
fix: SVG h-full so it fills container exactly, no overflow or clipping
2026-03-17 07:28:57 +04:00
51baf7c495
fix: chart container w-full overflow-hidden prevents graph escaping bounds
2026-03-17 07:27:05 +04:00
f00c78116b
fix: detail page updates all stats, status bar, pings table in realtime via SSE
2026-03-17 07:23:54 +04:00
93c3a1e84a
fix: pin sparkline container to 120x32 to prevent layout shift on update
2026-03-17 07:20:56 +04:00
ed5e213b1a
fix: migrate() uses CREATE IF NOT EXISTS — no more data wipe on restart
2026-03-17 07:17:54 +04:00
1794c05b4f
fix: restore status dot, latency, last-ping time updates on SSE
2026-03-17 07:15:31 +04:00
94d24bac35
fix: fetch sparkline/chart immediately on SSE ping, no debounce delay
2026-03-17 07:12:48 +04:00
b802c7c68b
fix: bust Cloudflare cache on app.js with version query string
2026-03-17 07:10:27 +04:00
66b368453d
refactor: single account-level SSE stream instead of per-monitor connections
2026-03-17 07:06:09 +04:00
55f9f6d8ed
refactor: SSE just refreshes sparkline/chart from server, no DOM stat patching
2026-03-17 07:03:10 +04:00
749c6f391e
fix: SSE stream 500 — replace error() with plain Response in stream handler
2026-03-17 06:59:43 +04:00
15227b9c6e
fix: key_plain -> key in dashboard query
2026-03-17 06:51:27 +04:00
e461d73ce3
refactor: drop all hashing, store keys plaintext
2026-03-17 06:47:22 +04:00
54c89a5a11
fix: store key_plain on sub-keys, display always in settings with copy button
2026-03-17 06:40:33 +04:00
c684d96d90
fix: rename API Keys -> Sub-Keys, show key inline on creation, no reload
2026-03-17 06:37:29 +04:00
ab4f60e159
fix: rotate button inline with key field, updates in place
2026-03-17 06:34:57 +04:00
0c65b5e3fa
fix: just show the login key on settings page
2026-03-17 06:33:13 +04:00
2ec1915ef5
fix: remove pointless internal UUID from settings, show login key label instead
2026-03-17 06:31:41 +04:00
9d8982ae50
fix: key rotation shows new key in dedicated reveal, not sub-key div; clarify account ID label
2026-03-17 06:29:58 +04:00
b80f4673b2
fix: use standard UUID v4 for keys instead of custom 256-bit hex format
2026-03-17 06:26:52 +04:00
bbd5df8c46
fix: 8 groups of 8 chars, not 16 groups of 4
2026-03-17 06:26:14 +04:00
43a1abc2ed
fix: format keys as XXXX-XXXX-...-XXXX (8 groups), normalize before hashing
...
Keys are now human-readable grouped hex instead of raw 64-char blobs.
resolveKey() strips dashes before sha256/bcrypt so both formats work.
All key creation paths (register, reset-key, sub-keys) hash the
normalized form. Login placeholder and maxlength updated to match.
2026-03-17 06:25:19 +04:00
b8ac4e7b1f
fix: redirect loop on stale cookie, login broken for 64-char keys, stale docs
...
- /dashboard now validates key before redirecting to /home — bad/old keys
clear the cookie and show login instead of looping
- Login form: remove old 4-group auto-formatter, fix maxlength 19→64,
fix min length validation 19→10, update placeholder
- New key display: break-all so 64-char hex wraps properly
- docs.html: update example key format and description
2026-03-17 06:22:16 +04:00
6bdd76b4f0
security: auth redesign, SSRF protection, CORS lockdown, and 13 other fixes
...
- Auth (#2/#3): UUID PK, 256-bit keys, SHA-256 lookup + bcrypt hash
- SSRF (#1 ): validate URLs, block private IPs, cloud metadata endpoints
- CORS (#4 ): lock to pingql.com origins, not wildcard
- SSE limit (#6 ): 10 connections per monitor max
- ReDoS (#7 ): cap $regex patterns at 200 chars
- Monitor limit (#8 ): 100 per account default
- Cookie env config (#9 ): secure/domain from env vars
- Bearer parsing (#10 ): case-insensitive RFC 6750
- Pings retention (#11 ): 90-day pruner, hourly interval
- monitors.enabled index (#12 ): partial index for /internal/due
- Runner locking (#14 ): locked_until for horizontal scale safety
- COALESCE nullable bug (#17 ): dynamic PATCH with explicit undefined checks
- MONITOR_TOKEN null guard (#18 ): startup validation + middleware hardening
- reset-key cookie fix (#16 ): sets new cookie in response
2026-03-17 06:10:10 +04:00
5071e340c7
fix: SSE-driven chart/sparkline refresh, debounced server-side partials
2026-03-16 21:21:56 +04:00
2f7273604b
refactor: full SSR dashboard, minimal SSE DOM patches, poll-based refresh
2026-03-16 21:14:45 +04:00
878829111f
fix: use raw ETA tag for timestamp HTML in SSR monitor list
2026-03-16 17:37:48 +04:00
31f95288e6
fix: missing closing ETA block tag in home.ejs SSR section
2026-03-16 17:32:22 +04:00
0597c7f6e7
fix: set cookie domain to .pingql.com so it works on both subdomains
2026-03-16 17:26:56 +04:00
ef56b47b09
feat: cookie-based auth, SSR dashboard, JS-optional login
2026-03-16 17:25:59 +04:00
8e4cb84599
ux: widen dashboard layout to max-w-7xl, consistent px-8 padding
2026-03-16 17:15:45 +04:00
d41d3a3737
fix: latency chart red dots — track up/down with latency values
2026-03-16 17:13:48 +04:00
923f0349dc
feat: fully SSE-driven detail/home pages, kill polling intervals
2026-03-16 17:10:12 +04:00
037013b564
fix: SSE ping rows match existing table row style
2026-03-16 17:07:31 +04:00
a681833d8d
feat: detail edit form matches new monitor form (method, headers, body, timeout)
2026-03-16 17:04:30 +04:00
ef2b2c043d
feat: live sparkline updates on SSE ping
2026-03-16 16:20:34 +04:00
31d1fa7b04
fix: SSE via fetch for auth headers, remove query param auth, add heartbeat every 10s
2026-03-16 16:17:33 +04:00
6d48a83560
feat: SSE live ping stream for monitors
2026-03-16 16:14:23 +04:00
1e95149456
feat: live-updating timestamps via data-ts attribute
2026-03-16 16:10:04 +04:00
2bfe3a0272
fix: remove double popup on key rotation
2026-03-16 16:07:12 +04:00
c73951ea91
fix: ON UPDATE CASCADE on account FK so key rotation propagates
2026-03-16 15:58:52 +04:00
0b69fbfc72
fix: requireAuth uses onBeforeHandle instead of error() in derive
2026-03-16 15:56:33 +04:00
3368dbdd7f
feat: custom method, headers, body, timeout on monitors
2026-03-16 15:30:35 +04:00
d98aa5e46f
fix: query-builder.js missing from monitor detail page
2026-03-16 15:25:16 +04:00
5944fae824
fix: query-builder.js missing from new monitor EJS page
2026-03-16 15:21:21 +04:00
4c5e426292
fix: remove defer from app.js so functions available to inline scripts
2026-03-16 15:19:33 +04:00
87c924d8d0
fix: app.js deferred in head (fixes requireAuth undefined), extract app.css
2026-03-16 15:16:59 +04:00
e36c239000
refactor: ETA templating engine for dashboard, shared nav/head/foot partials
2026-03-16 15:14:26 +04:00
389c88e124
ux: move new monitor button to content area next to heading
2026-03-16 15:09:15 +04:00
ce155cd338
feat: settings page — email, key rotation, sub-keys
2026-03-16 15:05:39 +04:00
eb3ef7745f
fix: emails used for recovery only, not notifications (notifications coming later)
2026-03-16 14:59:17 +04:00
4e7fdfa07c
fix: tighten hero bottom padding
2026-03-16 14:54:56 +04:00
2627ad756f
fix: align hero comment with actual query
2026-03-16 14:50:45 +04:00
e12e5e682c
copy: hero example uses $.db.status to show JSON inspection, shorter comment
2026-03-16 14:49:59 +04:00
bf02243708
fix: replace $json latency with $responseTime in hero example
2026-03-16 14:48:23 +04:00
6f7127aded
copy: use real field names in hero code comment
2026-03-16 14:46:47 +04:00
5613fb9cf4
fix: reduce gap between header and hero
2026-03-16 14:44:53 +04:00
6f5f51e390
copy: update API section tagline
2026-03-16 14:41:56 +04:00
729529b7fa
fix: checked_at field name in dashboard UI + landing copy
2026-03-16 14:37:44 +04:00
f4283a0915
feat: sticky header with nav links on landing page
2026-03-16 14:21:24 +04:00
d11488ecbf
feat: landing page at /
2026-03-16 14:16:25 +04:00
7b38ff192e
feat: custom docs page at /docs, drop swagger
2026-03-16 14:07:30 +04:00
eb45152c29
feat: query language docs in swagger description
2026-03-16 14:02:55 +04:00
33d1209ac9
feat: query language docs page at /dashboard/docs
2026-03-16 14:00:29 +04:00
27c9044a8b
feat: add $consider (UP/DOWN) toggle to query builder and evaluators
2026-03-16 13:56:36 +04:00
5328471229
Revert "feat: grouped query builder with $upIf/$downIf condition groups"
...
This reverts commit 99b59070a2
2026-03-16 13:53:27 +04:00
99b59070a2
feat: grouped query builder with $upIf/$downIf condition groups
2026-03-16 13:52:06 +04:00
b20f463d53
fix: correct pings import path in index.ts
2026-03-16 13:46:49 +04:00
eb2d173cb0
rename: checks → pings throughout (DB, API, UI, Rust)
2026-03-16 13:45:09 +04:00
b4f95fa375
refactor: merge checks into monitors (/monitors/:id/history), ingest moves to /internal/ingest
2026-03-16 13:43:55 +04:00
a22112dc77
refactor: merge auth into account prefix (/account/register, /account/email)
2026-03-16 13:37:20 +04:00
fd4af848bc
fix: hide dashboard + internal routes from swagger docs
2026-03-16 13:33:44 +04:00
fe7a0bf19b
refactor: nested $json/$select syntax, migrate stored queries
2026-03-16 13:14:22 +04:00
M1