Malin/domnitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5b932aa56590251c13aaf720c9379946c627421e
domnitor/CHANGELOG.md
Hosteroid 67bacc36e3 Add user avatar system and fix WHOIS parsing/cron synchronization 
- Add avatar upload with Gravatar fallback and initials
- Fix false "available" detection for registered domains
- Clean up WHOIS status parsing and server display
- Update cron job to sync all WHOIS fields
- Fix TLD cache and .me domain parsing issues
2025-10-27 18:13:38 +02:00

16 KiB
Raw Blame History

Changelog

All notable changes to Domain Monitor will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[1.1.0] - 2025-10-09

Added

  • User Notifications System - In-app notification center with filtering and pagination
  • Welcome Notifications - Automatically sent to new users on registration or fresh install
  • System Upgrade Notifications - Admins notified when system is upgraded with migration details
  • Notification Types:
    • System: Welcome, Upgrade notifications
    • Domain: Expiring, Expired, Updated
    • Security: New login detection
    • WHOIS: Lookup failures
  • Notification Features:
    • Unread notification count in top navigation
    • Dropdown preview of recent notifications
    • Full notification page with filtering (status, type, date range)
    • Pagination and sorting
    • Mark as read / Mark all as read
    • Delete individual / Clear all notifications
  • Database-Backed Sessions - Full session management stored in database
  • Active Session Management - View, monitor, and control all logged-in devices
  • Geolocation Tracking - IP-based location detection (country, city, region, ISP)
  • Session Details Display:
    • Country flags with flag-icons library
    • City and country name
    • ISP/Network provider
    • Device type detection (Desktop/Mobile/Tablet)
    • Browser detection (Chrome/Firefox/Safari/Edge/Opera)
    • Session age and last activity timestamps
    • Remember me indicator (cookie badge)
  • Remote Session Control:
    • Terminate individual sessions with delete button
    • Logout all other sessions with one click
    • Immediate logout validation (deleted sessions can't access anything)
  • Enhanced Profile Page:
    • Sidebar navigation layout
    • Four sections: Profile Information, Security, Active Sessions, Danger Zone
    • URL hash navigation (#profile, #security, #sessions, #danger)
    • Clean design matching application theme
  • Remember Token Security:
    • Remember tokens linked to specific sessions
    • Deleting session also invalidates remember token
    • Prevents auto-login after remote logout
  • Session Validator Middleware - Validates sessions on every request
  • Auto-Detected Cron Paths - Settings page shows actual installation paths (thanks @jadeops)
  • Automatic Session Cleanup - Multiple cleanup triggers (no cron job needed)
  • User registration with email verification
  • Password reset via email
  • Remember me functionality (30-day cookies)
  • User profile management
  • Change password
  • Email verification with token expiry (24h)
  • Password reset tokens (1h expiry)
  • Registration enable/disable toggle
  • User CRUD management (admin-only)
  • Role-based access control (admin/user)
  • Centralized app version in database
  • Web-based installer (replaces CLI migrate.php)
  • Web-based updater for new migrations
  • Auto-detection of installation status
  • Migration tracking system
  • Consolidated database schema for v1.1.0 fresh installs
  • Smart migration system (consolidated for new, incremental for upgrades)
  • Two-Factor Authentication (2FA) System:
    • TOTP (Time-based One-Time Password) implementation
    • Email backup codes for 2FA recovery
    • 2FA verification attempts tracking with rate limiting
    • 2FA policy settings (optional/required/disabled)
    • Complete 2FA setup, verification, and management flow
    • Backup codes generation and verification system
  • CAPTCHA Security System:
    • Support for reCAPTCHA v2, reCAPTCHA v3, and Cloudflare Turnstile
    • Configurable CAPTCHA settings in admin panel
    • Score-based verification for reCAPTCHA v3
    • Integration with login and registration forms
    • CAPTCHA provider selection and configuration
  • Domain Tags System:
    • Domain tagging for organization and categorization
    • Comma-separated tags field in domains table
    • Tag-based domain filtering and organization
    • Indexed tag searches for performance
  • Advanced Error Logging System:
    • Database-backed error logging and tracking
    • Error deduplication and occurrence counting
    • Request context capture (method, URI, data)
    • User context (IP, user agent, session data)
    • System context (PHP version, memory usage)
    • Error resolution tracking and management
    • Admin error log interface for debugging
  • Enhanced Logger Service:
    • Structured logging with context arrays
    • Multiple log levels (debug, info, warning, error, critical)
    • Date-based log file rotation
    • Context-aware logging throughout the application
    • JSON-formatted log entries with timestamps
  • User Avatar System:
    • Avatar upload and deletion functionality
    • Gravatar integration with fallback to user initials
    • Dynamic web root detection for file uploads
    • Avatar display in profile, navigation, and user listings
    • File validation and security measures
  • WHOIS Parsing Improvements:
    • Enhanced WHOIS data parsing and processing
    • Better referral server handling and following
    • Improved domain availability detection
    • Status parsing cleanup and consistency
    • WHOIS server display improvements

Changed

  • Profile page completely redesigned with sidebar layout
  • Session system migrated from file-based to database-backed
  • Top navigation dropdown links updated with hash navigation
  • Settings → System tab now shows auto-detected cron paths
  • Help & Support menu links to GitHub repository
  • Auth views refactored with base layout
  • System section (Settings/Users) restricted to admins
  • TLD Registry read-only for regular users
  • Sidebar shows role-based links
  • Profile integrated with dashboard layout
  • Installation now via web UI instead of CLI
  • Auto-redirect to installer on first run
  • Domain management enhanced with tagging system
  • Error handling improved with comprehensive logging
  • WHOIS parsing enhanced with better data extraction
  • User interface updated with avatar display throughout

Security

  • Database Session Storage - True session control with remote termination
  • Session Validation - Every request validates session exists in database
  • Geolocation Logging - Track suspicious login locations
  • Remember Token Linking - Tokens tied to sessions, deleted together
  • Immediate Logout - Deleted sessions invalidated within seconds
  • Bcrypt password hashing
  • Secure 32-byte tokens
  • Time-limited tokens
  • One-time use reset tokens
  • HttpOnly secure cookies
  • Email enumeration protection
  • Session-based verification resend
  • Admin-only route protection
  • Two-Factor Authentication - TOTP and email backup codes for enhanced security
  • CAPTCHA Protection - Anti-bot protection for login and registration
  • Advanced Error Logging - Comprehensive error tracking and debugging
  • File Upload Security - Avatar upload validation and secure file handling

Technical

  • MVC Architecture Refactoring - Complete separation of concerns
    • LayoutHelper - Global layout data (notifications, stats, settings)
    • DomainHelper - Domain formatting and business logic
    • SessionHelper - Session display formatting
    • NotificationService - Notification creation and management
    • All business logic removed from views (~265 lines cleaned)
  • Database session handler implementing SessionHandlerInterface
  • IP geolocation via ip-api.com (free, 45 req/min)
  • Session validator middleware for real-time validation
  • Automatic session cleanup (no cron needed for sessions)
  • Flag-icons library integration for country flags
  • User-agent parsing for device and browser detection
  • Remember token cascade deletion on session termination
  • Notification system with 7 notification types
  • Welcome notifications on user creation and fresh install
  • Upgrade notifications for admins with version tracking
  • TwoFactorService - Complete 2FA implementation with TOTP and backup codes
  • CaptchaService - Multi-provider CAPTCHA verification system
  • ErrorHandler - Centralized error handling with database logging
  • Logger - Enhanced logging service with structured context
  • AvatarHelper - User avatar management with Gravatar integration
  • Tag Model - Domain tagging system with user isolation
  • ErrorLog Model - Error tracking and deduplication system

Contributors

  • Special thanks to @jadeops for auto-detected cron path improvement & XSS protection enhancement (PR #1)

[1.0.0] - 2024-10-08

Added

  • Initial release of Domain Monitor
  • Modern PHP 8.1+ MVC architecture
  • Domain management system with CRUD operations
  • Automatic WHOIS lookup for domain information
  • Multi-channel notification system:
    • Email notifications via PHPMailer
    • Telegram bot integration
    • Discord webhook support
    • Slack webhook support
  • Notification groups feature
  • Assign domains to notification groups
  • Dashboard with real-time statistics
  • Domain status tracking (active, expiring_soon, expired, error)
  • Notification logging system
  • Customizable notification intervals
  • Cron job for automated domain checks
  • Test notification script
  • Responsive, modern UI design
  • Database migration system
  • Comprehensive documentation
  • Installation guide
  • Basic login/logout authentication
  • Security features (prepared statements, session management)
  • TLD Registry System with IANA integration
    • Import and manage TLD data (RDAP servers, WHOIS servers, registry URLs)
    • Progressive import workflow with real-time progress tracking
    • Support for 1,400+ TLDs with automatic updates
    • Import logs and history tracking
  • Advanced domain verification using TLD registry data
  • RDAP protocol support for modern domain queries
  • Automatic WHOIS server discovery per TLD
  • Monitoring status change notifications (activated/deactivated alerts)
  • Notification group assignment change alerts
  • Enhanced domain detail view with channel status indicators
  • Comprehensive notification threshold configuration
  • Debug logging for notification thresholds

Changed

  • Unified design system across all views
    • Consistent header styles (bordered instead of gradients)
    • Standardized button sizes and padding
    • Consistent form input styling
    • Unified empty state designs
    • Removed emojis from UI elements
  • Improved navigation flow (edit page returns to detail view)
  • Enhanced cron job logging with threshold display
  • Streamlined installation process
    • Encryption key auto-generation during migration
    • No separate script needed for encryption key setup

Fixed

  • Notification channel type display error in domain view
  • Navigation redirect after domain update
  • Cancel button redirect in domain edit page
  • Design inconsistencies in notification group views

Security

  • Random secure password generation on installation
  • One-time password display during migration
  • Removed hardcoded default credentials
  • 16-character cryptographically secure admin passwords

Features

  • Add, edit, delete, and view domains
  • Automatic expiration date detection via WHOIS
  • Support for multiple notification channels per group
  • Flexible notification scheduling (60, 30, 21, 14, 7, 5, 3, 2, 1 days before)
  • Email notifications with HTML templates
  • Rich Discord embeds with color coding
  • Telegram messages with formatting
  • Slack blocks for structured messages
  • Notification deduplication (prevent spam)
  • Manual domain refresh
  • Active/inactive domain toggle
  • Comprehensive logging
  • Statistics dashboard
  • Recent notifications view
  • Domain details with WHOIS data
  • Nameserver display
  • Notification history per domain

Technical

  • PHP 8.1+ with modern features (match expressions, typed properties)
  • MySQL/MariaDB database
  • PSR-4 autoloading
  • Environment-based configuration
  • MVC pattern implementation
  • Service layer architecture
  • Repository pattern for data access
  • Interface-based notification channels
  • JSON configuration storage
  • Prepared statements for SQL injection prevention
  • CSRF token support ready
  • Responsive CSS with CSS variables
  • No JavaScript framework dependencies (vanilla JS where needed)

Documentation

  • README.md with comprehensive guide
  • Inline code documentation
  • Configuration examples
  • Troubleshooting guide

Roadmap - Future Enhancements

  • User authentication system (completed - v1.1.0)
  • Session management with geolocation (completed - v1.1.0)
  • TLD Registry System (completed - v1.0.0)
  • Remote session termination (completed - v1.1.0)
  • In-app user notifications (completed - v1.1.0)
  • Multi-user support with advanced permissions and roles
  • API for external integrations
  • Domain grouping/tagging
  • Custom notification templates
  • SMS notifications (Twilio)
  • WhatsApp notifications
  • Export functionality (CSV, PDF)
  • Import domains from CSV
  • Domain transfer tracking
  • DNS record monitoring
  • SSL certificate monitoring
  • Downtime monitoring
  • 2FA for login
  • Mobile app
  • Docker support
  • Redis caching
  • Rate limiting
  • Webhook support for third-party integrations
  • Dark mode UI toggle
  • Multi-language support
  • Advanced filtering and search
  • Bulk operations
  • Scheduled reports
  • Integration with domain registrars

Version History

1.1.0 (2025-10-09)

  • User Notifications System - In-app notification center with 7 notification types, filtering, pagination
  • Advanced Session Management - Database-backed sessions with geolocation (country, city, ISP)
  • Remote Session Control - Terminate any device instantly with immediate logout validation
  • Enhanced Profile Page - Sidebar navigation with 4 tabs, hash-based routing (#profile, #security, #sessions)
  • Two-Factor Authentication - Complete TOTP implementation with email backup codes and rate limiting
  • CAPTCHA Security System - Support for reCAPTCHA v2/v3 and Cloudflare Turnstile with admin configuration
  • Domain Tags System - Organize domains with custom tags for better categorization and filtering
  • Advanced Error Logging - Database-backed error tracking with deduplication, context capture, and admin interface
  • User Avatar System - Avatar upload with Gravatar integration and fallback to user initials
  • Enhanced Logger Service - Structured logging with context arrays and multiple log levels
  • WHOIS Parsing Improvements - Enhanced domain data parsing, referral handling, and availability detection
  • MVC Architecture Refactoring - 3 new Helpers (Layout, Domain, Session), ~265 lines cleaned from views
  • Geolocation Tracking - IP-based location detection using ip-api.com, country flags with flag-icons
  • Device Detection - Browser & device type parsing (Chrome/Firefox/Safari, Desktop/Mobile/Tablet)
  • Auto-Detected Cron Paths - Settings show actual installation paths (thanks @jadeops)
  • Welcome Notifications - Sent to new users on registration or fresh install
  • Upgrade Notifications - Admins notified on system updates with version & migration count
  • Web-Based Installer - Replaces CLI, auto-generates encryption key, one-time password display
  • Web-Based Updater - /install/update for running new migrations with smart detection
  • User Registration - Full signup flow with email verification, password reset, resend verification
  • User Management - CRUD for users with filtering, sorting, pagination (admin-only)
  • Remember Me - 30-day secure tokens linked to sessions, cascade deletion on logout
  • Session Validator - Middleware validates sessions on every request for instant remote logout
  • Consistent UI/UX - Unified filtering, sorting, pagination across Domains, Users, Notifications, TLD Registry
  • Smart Migrations - Consolidated schema for fresh installs, incremental for upgrades
  • XSS Protection - htmlspecialchars() applied across all user-facing data (thanks @jadeops)

1.0.0 (2024-10-08)

  • Initial public release
  • Created by Hosteroid - Premium Hosting Solutions

🙏 Special Thanks

Contributors

  • @jadeops - Auto-detected cron path improvement & XSS protection enhancement (PR #1)
Reference in New Issue View Git Blame Copy Permalink