2183 Commits

Author	SHA1	Message	Date
Jonathan Miller	50c472991a	fix(auth): add login form with OAuth to all error pages ... - 403: OAuth buttons moved below password form (matches regular login) - 404: Login form with OAuth added for unauthenticated users - Both pages load OAuth2 providers and show Sign In with Google etc.	2026-06-06 18:25:51 -05:00
Jonathan Miller	7d03541201	fix(auth): show OAuth providers on 403 login form ... The 403 Access Denied page login form now shows OAuth2 provider buttons (Sign in with Google, etc.) alongside the username/password form. Previously only showed password login even when OAuth was configured.	2026-06-06 18:15:25 -05:00
Jonathan Miller	f7c1904625	feat(security): built-in security scanning platform (#508) ... Add a pluggable security scanning framework with secret detection as the first scanner module. Scans run on push to default branch and on-demand via the Security settings page. Includes: - Scanner interface for pluggable scanner types - Secret scanner with 15 built-in patterns (AWS, GitHub, Stripe, etc.) - SecurityAlert model with fingerprint-based dedup - SecurityScannerConfig per-repo settings - Migration v349 for security tables - Repo settings Security page with alerts table - Scan Now button for on-demand scanning - Alert resolve/dismiss actions - Push-time scanning in post-receive hook	2026-06-06 16:23:08 -05:00
Jonathan Miller	41c42b968e	fix(wiki): preserve slashes in page titles for folder creation ... UserTitleToWebPath now splits on / and sanitizes each segment independently, preserving the directory structure. This allows creating pages like "features/Custom-Fields" as actual nested files.	2026-06-06 15:15:57 -05:00
Jonathan Miller	6010841ee7	feat(wiki): hierarchical folder navigation with sidebar tree (#79) ... Support real subdirectories in wiki instead of escaping / to %2F. When navigating to a folder, tries README.md, Home.md, index.md as index pages. If none found, shows a file/folder listing. Includes: - Stop escaping / in WebPathFromRequest (wiki_path.go) - Folder detection with index file fallback - Auto-generated sidebar folder tree - Breadcrumb navigation for nested paths - Folder listing view when no index page exists - CSS for tree sidebar and folder listing	2026-06-06 15:09:23 -05:00
Jonathan Miller	dd6e114c70	chore: move CLAUDE.md to .mokogitea/ directory ... Also includes: - Auto-sync manifest.xml to DB on push to default branch - Wiki pages for custom fields, custom statuses, manifest settings - Updated wiki home page with all current features Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-06 09:43:15 -05:00
Jonathan Miller	8e0388c9d8	fix(custom-fields): log errors instead of silently discarding them ... - saveCustomFieldsFromForm: log GetCustomFieldsByOwner errors - resolveExtensionMetadata: log DB errors on custom field lookup - NewIssue/ViewIssue: log errors from GetCustomFieldsByOwner and GetCustomFieldValuesMap instead of blank-assigning - Composer: fix misleading comment about override source Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-04 22:14:10 -05:00
Jonathan Miller	cd4c701cb6	fix(custom-fields): address code review findings ... - API: return 500 on GetCustomFieldsByOwner failure instead of silently swallowing the error - resolveExtensionMetadata: add DownloadGating/KeyPrefix to metadata struct instead of mutating the caller's cfg pointer (side effect) - resolveExtensionMetadata: add Description custom field mapping - Composer: use meta.PHPMinimum instead of bypassing the cascade - Web form: flash error on custom field save failure instead of silent log Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-04 21:59:50 -05:00
Jonathan Miller	1935889f6b	feat(updateserver): resolve extension metadata from custom fields with config fallback ... Add resolveExtensionMetadata() with cascading priority: org-level repo-scoped custom fields → update_stream_config table → repo-derived defaults. All six feed generators (Joomla, WordPress, Composer, Drupal, PrestaShop, WHMCS) now use this unified resolver. Repos can be migrated to custom fields gradually since the config table remains as fallback. Ref #492 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-04 21:48:14 -05:00
Jonathan Miller	5665bc545e	fix(updateserver): use client=0 for packages to fix Joomla extension matching (#482) ... Joomla matches updates to installed extensions via element+type+client_id. Packages in #__extensions have client_id=0. Omitting <client> caused Joomla to default to client_id=1, resulting in extension_id=0 in #__updates and updates not appearing. Fix: output <client>0</client> for package types. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-04 18:44:46 -05:00
Jonathan Miller	d553c87a9d	fix(updateserver): derive maintainer from org profile, infourl from support_url ... - Maintainer name: org FullName (from org profile) - Maintainer URL: org Website (from org profile) - Info URL: support_url (product page), falls back to releases page - Removes dependency on separate maintainer/maintainer_url/info_url fields in update_stream_config Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-04 18:17:51 -05:00
Jonathan Miller	c948696488	feat(ui): show Update Server tab when no gating, Licenses tab when gated ... - No gating: tab shows as "Update Server" with broadcast icon - Gated (prerelease/all): tab shows as "Licenses" with key icon and package count badge - Licensing disabled: tab hidden entirely Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-04 16:38:49 -05:00
Jonathan Miller	5a80b8da33	docs(updateserver): correct joomlaTagName comment with Joomla source reference ... Joomla's Update.php maps tags via STABILITY_ + strtoupper(tag). Valid values: dev, alpha, beta, rc, stable. Full names like "development" silently fall back to STABILITY_STABLE. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-04 14:29:26 -05:00
Jonathan Miller	0de02fdce5	fix(updateserver): prevent stream name tag from overriding asset-derived version ... When the tag is a stream name (e.g. "release-candidate"), the version extracted from the asset filename was being overwritten by the release title version. Remove the isStreamName check since the priority chain (filename -> tag -> title) already handles this correctly. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-04 12:22:40 -05:00
Jonathan Miller	f0aa2c3034	fix(updateserver): extract version from asset filename, omit client for packages ... - Version now extracted from the zip asset filename first (most accurate), falling back to tag name then release title. Fixes mismatch where title version was updated but asset was stale. - Omit <client> element for package extension types (packages manage their own sub-extension clients per Joomla spec). - Make Client field omitempty so empty string doesn't render empty tag. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-04 12:14:29 -05:00
Jonathan Miller	e5aa0c343d	fix(updates): default Joomla target version to 5/6 ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 21:57:03 -05:00
Jonathan Miller	ba0d180e39	fix(updates): correct infourl/maintainerurl mapping ... <infourl> = InfoURL field (product/release info page), fallback /releases <maintainerurl> = SupportURL field (support site), fallback MaintainerURL, fallback org profile Previously SupportURL was mapped to <infourl> which was wrong. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 21:54:01 -05:00
Jonathan Miller	963fa6d384	fix(licenses): always allow anonymous download path access on licensed repos ... RepoAssignment now always grants LicensedReadOnly for download paths (/releases/, /archive/) on licensed repos. The actual download gating (none/prerelease/all) is enforced by CheckDownloadGating in the handler. Previously only download_gating=none allowed anonymous access. Now prerelease gating also allows through (CheckDownloadGating blocks non-stable downloads without a key). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 15:50:23 -05:00
Jonathan Miller	6405163e60	fix(licenses): restrict downloadsPublic to release/download paths only ... The downloadsPublic flag was granting LicensedReadOnly to all routes including the main repo page, causing 404 on private repos. Now only applies to paths containing /releases/ or /archive/. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 15:30:23 -05:00
Jonathan Miller	01011f6115	fix(licenses): allow anonymous downloads when download_gating=none on private repos ... RepoAssignment now checks the download_gating setting. When set to "none" (all downloads public), anonymous users can access release downloads on licensed private repos without a key. Previously, anonymous users always got 403 on private repos even when download gating was set to public. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 15:25:28 -05:00
Jonathan Miller	a22fa57ab1	fix(ui): embed login form on 403 Access Denied page ... Anonymous users seeing the 403 page now get an inline login form with username, password, and submit button. After login, redirects back to the page they were trying to access. Compact form centered with tw-max-w-sm, includes CSRF token and redirect_to hidden field pointing to CurrentURL. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 13:55:52 -05:00
Jonathan Miller	e2c738a8d8	feat(repos): three-level visibility — Public, Private, Hidden ... Add IsHidden field to Repository model. Three visibility modes: - Public: visible to everyone (green label) - Private: members only, non-members see 403 Access Denied (orange) - Hidden: members only, non-members see 404 Not Found (red) Private mode is for commercial repos — customers know the repo exists and see a styled 403 page with sign-in button. Licensed update feeds and key-gated downloads still work. Hidden mode is for internal/secret repos — complete stealth, as if the repo doesn't exist. Settings UI: radio button selector in danger zone replaces the old binary toggle. Each option shows a colored label with description. Migration v342: adds is_hidden column to repository table. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 13:42:25 -05:00
Jonathan Miller	6c7a6e4061	fix(licenses): RequireUnitReader allows LicensedReadOnly access ... RequireUnitReader now checks for LicensedReadOnly context flag before checking standard permissions. This lets the releases download route pass through for licensed private repos where RepoAssignment granted read-only access via license key. Fixes the 404 on /releases/download/ with valid dlid= param. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 10:23:38 -05:00
Jonathan Miller	02424c3f75	fix(licenses): allow download access on private licensed repos with license key ... RepoAssignment now checks for dlid/key/download_key query params when licensing is enabled. Anonymous Joomla/WordPress clients with valid license keys can access release download routes on private repos without being signed in. Access flow for licensed private repos: - Anonymous + no key → 403 (styled page) - Anonymous + valid dlid → access granted (CheckDownloadGating validates) - Signed in + no membership → access granted (releases visible, downloads hidden) - Org member → full access Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 10:12:45 -05:00
Jonathan Miller	449af83e2b	fix(ui): styled 403 Access Denied page matching the 404 page layout ... Add templates/status/403.tmpl mirroring the 404 page design with a centered error message and sign-in button for anonymous users. New Forbidden() method on Context renders the styled 403 template for HTML requests, falls back to plain text for API/non-HTML. RepoAssignment now calls ctx.Forbidden() instead of raw HTTPError for both anonymous and signed-in users without access. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 10:05:24 -05:00
Jonathan Miller	3ad37e48e1	fix(security): return 403 for all users on private repos, not 404 ... Both anonymous and signed-in users now get 403 Access Denied when accessing a private repo they lack permission for. Previously anonymous users got 404 which hid the repo's existence. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 09:57:29 -05:00
Jonathan Miller	021a054348	fix(licenses): licensed private repos allow signed-in users to view releases ... When licensing is enabled on a private repo, signed-in users who are not repo members can now view the releases page (with downloads hidden). The RepoAssignment permission check detects licensing and grants read-only access instead of returning 403. This enables the commercial pattern: private source code, but release notes visible to any authenticated user. Download files are gated by license key via HideReleaseDownloads. Anonymous users still get 404 (no information leak). Non-licensed private repos still return 403 for non-members. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 09:52:05 -05:00
Jonathan Miller	ead620daf9	fix(updates): allow update feeds on private repos via lightweight repo loader ... Update feed endpoints (updates.xml, dolibarr.json, wordpress.json, packages.json, prestashop.xml, drupal.xml, whmcs.json, changelog.xml) now use RepoAssignmentPublicFeed instead of the full RepoAssignment. The lightweight loader fetches the repo by owner/name without checking user permissions. Feed handlers gate access via license keys, not repo membership. This allows private repos to serve update feeds to anonymous Joomla/WordPress/Composer clients with valid license keys. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 09:36:06 -05:00
Jonathan Miller	0add8bda72	fix(security): show 403 Access Denied instead of 404 for signed-in users on private repos ... Signed-in users who lack permission to a private repo now see a 403 "You do not have permission" instead of a misleading 404. Anonymous users still get 404 to prevent repo enumeration. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 09:26:21 -05:00
Jonathan Miller	bd81616432	fix(build): remove unused time import in drupal.go ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 09:10:11 -05:00
Jonathan Miller	02f3ed88f1	feat(updates): PrestaShop (#352), Drupal (#353), WHMCS (#355) update feeds ... PrestaShop: GET /updates/prestashop.xml — module update XML with name, version, download URL, author, SHA256. Serves stable only. Drupal: GET /updates/drupal.xml — update status XML per Drupal API spec. Includes project metadata, all releases with status, download links, SHA256. Uses TargetVersion config for api_version field. WHMCS: GET /updates/whmcs.json — simple JSON with latest stable version, download URL (with dlid), changelog, author. License key embedded in download URL when provided. All three use ResolveReleaseStream for manual/auto stream mapping, readSHA256FromSidecar for integrity hashes, and extractVersion with stream-name tag fallback. Routes registered under the update server group alongside Joomla, Dolibarr, WordPress, and Composer feeds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 09:08:03 -05:00
Jonathan Miller	0fb0aea719	feat(updates): Composer packages.json feed (#354), hide menu items for guests ... Composer feed: new endpoint GET /updates/packages.json serving Composer/Packagist-compatible packages.json. Includes version, dist URL with SHA256, authors, PHP requirement. License key embedded in download URL when provided. Menu visibility: Actions and Licenses tabs in repo header now require .IsSigned — anonymous users no longer see tabs they can't access. Previously the tabs were visible but clicking redirected to login (confusing UX). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 09:02:00 -05:00
Jonathan Miller	b65b155446	SECURITY: fix release download gating and require login for actions ... Release gating: HideReleaseDownloads now checks download_gating setting in addition to feed_visibility. When licensing is enabled and download_gating != "none", anonymous users see "Sign in to download" instead of download links on the release page. Actions: changed from optSignIn to reqSignIn on the repo actions route group. Anonymous users can no longer view CI/CD runs, logs, or artifacts. This is a MokoGitea policy override — upstream Gitea allows public actions on public repos. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 08:40:40 -05:00
Jonathan Miller	d85ae6aa21	fix(build): add UpdateStream to EditReleaseForm ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 07:56:11 -05:00
Jonathan Miller	1b9b82d59a	fix(build): pass ctx to buildWordPressChangelog for ResolveReleaseStream ... Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 07:47:42 -05:00
Jonathan Miller	37322e4212	feat(updates): manual release-to-stream mapping ... Add release_stream_map table for explicitly assigning releases to update streams. When a mapping exists, it overrides automatic tag detection. When absent, falls back to tag name/suffix matching. New model: ReleaseStreamMap with SetReleaseStream, GetReleaseStream, ResolveReleaseStream (manual first, auto fallback). UI: stream selector dropdown on release create/edit page, shown when licensing is enabled. Options: auto-detect (default) or any configured stream (stable, release-candidate, beta, etc.). All three feed generators (Joomla, Dolibarr, WordPress) now use ResolveReleaseStream instead of MatchStreamFromTag. Migration v340 updated with release_stream_map table creation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 07:37:02 -05:00
Jonathan Miller	2f9097a254	fix(updates): check tag name not extracted version for stream name detection ... isStreamName was checking the extracted version (empty for stream tags) instead of the original tag name. Now checks rel.TagName directly, and also falls through when extractVersion returns empty. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 07:29:43 -05:00
Jonathan Miller	ce3af35c40	fix(updates): extract version numbers from release titles via regex ... When tags are stream names, extractVersion falls back to finding a version pattern (digits.digits.digits) anywhere in the release title. Handles titles like "Package - MokoWaaS (VERSION: 02.31.00)". Previously the full title was used as the version, producing invalid entries like "Package - MokoWaaS (VERSION: 02.31.00)" in the XML. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 07:27:06 -05:00
Jonathan Miller	0a3cd3115f	feat(updates): support stream-name tags alongside version tags ... MatchStreamFromTag now checks if the tag name directly matches a stream name (e.g. "stable", "release-candidate", "development") before falling back to suffix matching. Supports both conventions: 1. Stream-name tags: tag IS the stream (MokoWaaS style) 2. Version tags: tag has version + suffix (v1.0.0-rc1 style) When a stream-name tag is detected, the version number is extracted from the release title instead of the tag. Falls back to tag name if no version found in title. Applied across all feed generators: Joomla XML, Dolibarr JSON, WordPress JSON, and Changelog XML. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 07:21:02 -05:00
Jonathan Miller	0e7d3c4a34	fix(security): ownership guards, RepoScope parsing, CSRF tokens, XSS escaping ... SECURITY: Add verifyPackageOwnership/verifyKeyOwnership checks to all API handlers that accept ID parameters. Prevents cross-org access where an admin of org A could modify org B's license data. FIX: RepoScope validation now properly parses JSON arrays using json.Unmarshal instead of strings.Contains. The old approach matched substrings (repo ID "2" matched inside "12"). Now uses typed int64 comparison. FIX: Add {{$.CsrfTokenHtml}} to both delete confirmation modal forms (package and key) in repo and org templates. Without CSRF tokens, the form-fetch-action POST requests would be rejected. FIX: HTML-escape release notes in WordPress changelog to prevent XSS via malicious release note content reaching WP admin dashboards. FIX: Parse AllowedChannels JSON format before comma-split fallback to avoid garbage values from splitting JSON arrays by comma. FIX: Add missing third return value (false) on error path in validateUpdateKey to prevent compile error. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 06:59:29 -05:00
Jonathan Miller	a20153a0e0	fix(licenses): no-download mode shows release notes but hides files ... In "no-download" feed visibility mode, anonymous users can browse the release listing page and read release notes, but the download section (attachments, source archives) is replaced with a "Sign in to download" message. Only "hidden" mode redirects anonymous users to login entirely. "no-download" keeps the page public — release notes, changelogs, and version info are all visible. Just the actual files are gated. This matches the commercial pattern: let users see what's available to motivate purchase, while protecting the actual deliverables. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 06:42:44 -05:00
Jonathan Miller	a149edccd3	feat(licenses): feed visibility modes and login-required releases ... Add FeedVisibility field to UpdateStreamConfig with three modes: - public: full feed with download URLs (default) - no-download: version info visible but download URLs stripped - hidden: empty feed returned without a valid license key The "no-download" mode is the key commercial pattern — customers see updates exist (motivating purchase/renewal) but cannot download without a valid key. Joomla shows "update available" in admin. Applied consistently across all update feed endpoints (Joomla XML, Dolibarr JSON, WordPress JSON) via the shared validateUpdateKey() which now returns a stripDownloads flag. Also: when licensing is enabled, the release listing page requires login. Anonymous users are redirected to the login page. This prevents browsing release notes and download links without auth. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 06:38:09 -05:00
Jonathan Miller	e3a8ae2595	feat(settings): add extension metadata to repo settings (#335) ... Repo settings now include extension metadata fields (element name, display name, type, target version, maintainer, PHP minimum) under the Licensing section. These override org-level defaults per-repo. Empty fields inherit from the organization's update stream config. Extension type dropdown includes: package, component, module, plugin, template, library — plus an "(inherit from org)" option. Also adds form fields to the RepoSettingsForm struct for all metadata fields. Closes #335 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 06:19:48 -05:00
Jonathan Miller	1fabdb94ec	feat(updates): WordPress PUC-compatible update feed (#351) ... New endpoint: GET /{owner}/{repo}/updates/wordpress.json Generates JSON compatible with the YahnisElsts plugin-update-checker library — the standard for commercial WordPress plugin self-hosted updates. Returns name, slug, version, download_url, homepage, requires_php, author, sections (changelog HTML), icons, and banners. License key validation: reads from ?license_key=, ?dlid=, or ?key= query params (PUC sends these via addQueryArgFilter). When RequireKey is enabled, returns minimal empty response without download_url. Changelog section built from release notes (last 10 stable releases), converting markdown list items to HTML <ul>/<li> elements. Icon/banner URLs point to conventional paths in the repo: assets/icon-128x128.png, assets/icon-256x256.png assets/banner-772x250.png, assets/banner-1544x500.png Route registered at /updates/wordpress.json alongside existing /updates.xml (Joomla) and /updates/dolibarr.json. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-02 00:01:16 -05:00
Jonathan Miller	7da0e025da	feat(updates): include SHA256 from sidecar files in Joomla updates.xml ... Read the .sha256 sidecar attachment (generated by GenerateReleaseChecksums) and populate the <sha256> element in the update XML. This matches the pattern used by Akeeba (sha512) and JCE (sha256 + sha384 + sha512) for integrity verification. Also fix zip attachment filter to skip .sha256 sidecar files when selecting the download URL. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-01 05:04:24 -05:00
Jonathan Miller	0e09723d2a	fix(updates): map stream names to Joomla-standard tag values ... Joomla only recognizes: dev, alpha, beta, rc, stable. Our internal stream names use longer forms (development, release-candidate). Add joomlaTagName() to map between conventions in the <tags><tag> XML element. Without this, Joomla's update channel filter ignores entries with non-standard tag values like "release-candidate" or "development". Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-01 05:01:59 -05:00
Jonathan Miller	53a5d0b97b	feat(licenses): domain lock timer, infourl fix, Akeeba-compatible XML format ... Domain lock timer: add DomainLockHours to LicensePackage and FirstUsedUnix to LicenseKey. During the grace period after first use, any domain is accepted and auto-added to the restriction list. After the grace period, only listed domains are allowed. Set 0 for immediate lock-on-first-use (default). Fix infourl: default to /releases listing page instead of specific tag page. Falls back to SupportURL or InfoURL if configured. Match Akeeba Backup Pro XML format: downloadkey prefix is "dlid=" (not "&dlid="), matching how Joomla stores extra_query. Verified against production Akeeba/JCE/AdminTools manifests via SSH. Update migration v340 with FirstUsedUnix and DomainLockHours columns. Add DomainLockHours field to create/edit package forms for both repo and org levels with help text. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-01 05:00:50 -05:00
Jonathan Miller	448b7d3ab0	feat(licenses): archive, search, download gating, changelog XML, and expanded permissions ... Migration v340: sync all missing columns (key_raw, payment_ref, last_heartbeat_unix, is_archived, licensing_enabled, download_gating, support_url, and all extension metadata fields). Package archiving (#384): add IsArchived field with archive/unarchive handlers and collapsible "Archived Packages" section in templates. Existing keys from archived packages continue to work. Expanded delete permissions (#385): org owners and site admins can permanently delete packages and keys (previously site admin only). Search (#392): server-side search across key_prefix, key_raw, licensee_name, licensee_email, domain_restriction, and payment_ref via ?q= query parameter on both repo and org licenses pages. Sortable tables (#390): Fomantic UI sortable class on keys table with new Domain column showing DomainRestriction per key. Download gating (#347): three modes — none, prerelease-only, and all downloads. CheckDownloadGating() intercepts both release attachment and git archive download handlers. Support URL (#393): configurable SupportURL field on UpdateStreamConfig for wiki or external site links. Changelog XML (#343): ServeChangelogXML endpoint at /changelog.xml generates Joomla-compatible changelog from release notes. Parses Keep-a-Changelog markdown sections into <security>, <fix>, <addition>, <change>, <remove>, <note> XML elements. API renew (#387): POST /license-keys/{id}/renew endpoint extends key expiration by package duration. Closes #384, #385, #386, #387, #389, #390, #392, #393 Refs #343, #346, #347 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-06-01 04:45:20 -05:00
Jonathan Miller	889f64009b	fix: resolve tech-debt batch 4 — parseIssueHref, job limit, stale TODOs ... - fix(ts): parseIssueHref now uses URL pathname and trims appSubUrl for correct issue link parsing with sub-path deployments - fix(actions): enforce MaxJobNumPerRun (256) limit when creating jobs, rejecting workflows that exceed the GitHub-compatible limit - chore: remove stale TODO comment on OAuth redirect route Refs #325, #334 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-31 11:12:44 -05:00
Jonathan Miller	b9b3026122	fix: resolve tech-debt batch 3 — remove deprecated functions, use stdlib ... - refactor(go): replace ValuesRepository with maps.Values (Go 1.21+) - refactor(go): remove CanEnableEditor wrapper, use CanContentChange directly - chore: remove stale TODO comments about project column route naming Refs #311, #317 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-31 11:03:42 -05:00