MokoConsulting/MokoSuiteClient
0
0
Fork 0
Code Issues 112 Pull Requests Releases 5 Wiki Activity
Files
fad0170cefcb404a9cd7b4e08f3cd4d1623ca0ab
MokoSuiteClient/CHANGELOG.md
T
Jonathan Miller cc709a0231
Joomla: Repo Health / Access control (push) Has been cancelled
Details
Joomla: Update Server / Update updates.xml (push) Has been cancelled
Details
Joomla: Repo Health / Release configuration (push) Has been cancelled
Details
Joomla: Repo Health / Scripts governance (push) Has been cancelled
Details
Joomla: Repo Health / Repository health (push) Has been cancelled
Details
security: master user bypasses all tenant restrictions 
Moved isMasterUser() check to top of enforceAdminRestrictions() so
master user is never blocked by any restriction including install
from URL, global config, sysinfo, installer, and template editing.

Authored-by: Moko Consulting
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-25 20:54:58 -05:00

16 KiB
Raw Blame History

Changelog

All notable changes to the MokoWaaS plugin will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

Planned

  • License/subscription check
  • System email template branding (DB approach)

[02.06.00] - 2026-05-25

Added

  • Alias offline bypass: aliases with offline=No override Joomla's global offline setting, allowing access via alias domain while main site is down
  • Block non-master users from viewing or editing MokoWaaS plugin settings
  • Master user bypasses ALL tenant restrictions (install from URL, global config, sysinfo, installer, templates)

Fixed

  • Install API endpoint: extract ZIP to temp directory before passing to Joomla Installer (was passing ZIP path directly)
  • Clean up extracted temp directory on success or failure

Changed

  • CI: auto-release uses stream tag stable instead of version tag vXX

[02.05.00] - 2026-05-24

Added

  • Joomla protected=1 flag on all MokoWaaS extensions (framework-level disable/uninstall prevention)
  • Self-healing protected flag — restored each admin session if cleared
  • Block non-master disable via plugin list toggle (plugins.publish)
  • Package script sets protected=1, locked=0 on every install/update
  • Legacy plugin entry in updates.xml for sites upgrading from standalone plugin

Fixed

  • CI: auto-release workflow pkg_pkg_ duplication in release names, ZIP filenames, and SHA256 paths
  • CI: auto-release now strips existing type prefix and uses <packagename> for packages
  • CI: updates_xml_build was cascading entries for all lower channels on stable release — now writes only current channel
  • CI: targetplatform regex ((5.[0-9])|(6.[0-9])) caused Gitea 500 on XML render — simplified to (5|6)\..*
  • updates.xml stable entry now has correct <tag>stable</tag> and download URL
  • README slimmed to overview, detailed content moved to wiki

[02.03.10] - 2026-05-24

Added

  • Canonical URL injection for alias domains (prevents SEO duplication)
  • Primary Domain config field in Site Aliases tab
  • Heartbeat registration for alias domains (each alias gets Grafana datasource)
  • Plugin protection: hidden from non-master users, disable/uninstall blocked
  • Dynamic plugin version read from manifest XML (no more hardcoded strings)
  • Package structure: pkg_mokowaas with system plugin, webservices plugin, and component

Changed

  • Alias offline mode uses Joomla's native template offline.php (not custom HTML)
  • Alias detection simplified: direct lookup in aliases list (no primary host comparison)
  • handleSiteAlias() moved to onAfterRoute (client type resolved at that point)
  • Package script.php enables plugins on every install/update and sends heartbeat

Fixed

  • Alias domain matching: strip trailing slashes, handle Joomla subform stdClass format
  • Backend redirect: use primary_domain setting instead of Uri::root() (returned alias domain on mirrors)
  • CI: version_bump reads manifest XML with priority over README.md VERSION header
  • CI: version bump occurs after release build, not before
  • CI: pipefail disabled during element detection (SIGPIPE on find|head)
  • CI: pkg_pkg_ prefix duplication in zip names and updates.xml URLs
  • CI: updates_xml_build preserves existing channel entries (stable not wiped by dev releases)

Removed

  • deploy-manual.yml workflow — using Joomla update server for distribution
  • Accidentally committed profile.ps1 and TODO.md

[02.01.43] - 2026-05-23

Added

  • Site Aliases tab with Joomla subform repeatable-table UI
  • Per-alias offline toggle with custom maintenance message (503 response)
  • Per-alias robots meta directive (index/noindex/follow/nofollow/none)
  • Per-alias backend redirect (admin panel redirects to primary domain)
  • 6 MokoWaaS API endpoints: health, install, update, cache, backup, info
  • Remote plugin install via /?mokowaas=install endpoint
  • Remote update trigger via /?mokowaas=update endpoint
  • Remote cache clear via /?mokowaas=cache endpoint (site + admin + opcache)
  • Remote Akeeba Backup trigger via /?mokowaas=backup endpoint
  • Compact site info via /?mokowaas=info endpoint

Changed

  • Site aliases moved from comma-separated text field to structured subform
  • Each alias now stores domain, offline, offline_message, robots, redirect_backend
  • Heartbeat provisioning updated for subform alias format
  • Grafana datasource names use domain-only (removed "MokoWaaS - " prefix)

Fixed

  • Heartbeat receiver accepts any 200 status (registered/updated/ok)
  • script.php uses heartbeat receiver instead of Grafana API (fixes 403 RBAC)

[02.01.37] - 2026-05-23

Added

  • Health check endpoint at /?mokowaas=health with 16 diagnostic checks (#54)
  • Core checks: database latency, filesystem writability/size, cache, extensions
  • Backup checks: Akeeba Backup last backup date/status/size, days since, frequency
  • Security checks: Admin Tools WAF status, blocked requests 24h/7d
  • SSL certificate: expiry date, days left, issuer (degraded <30d, error <7d)
  • Scheduled tasks: Joomla task scheduler status, failed tasks 24h
  • Error log: PHP error log size, recent errors, last error message
  • Database size: total MB, table count, top 5 largest tables
  • Content stats: articles, categories, menu items, modules
  • User activity: total users, active sessions, failed logins 24h, last login
  • Mail system: mailer type, from address, SMTP host, queue count
  • SEO health: robots.txt, sitemap, htaccess, SEF status
  • Template info: site/admin template names, override count
  • Configuration drift: debug mode, error reporting, force SSL, caching
  • Human-readable reason field explaining degraded/error status
  • Site size reporting (images, media, tmp, cache, logs directories)
  • Heartbeat provisioning via receiver at bench.mokoconsulting.tech
  • Grafana datasource auto-provisioning via YAML (no API token needed)
  • ntfy notifications on heartbeat registration (mokowaas-heartbeat topic)
  • Grafana dashboard with 9 rows covering all 16 health checks
  • Auto-generated health API token (separate from Joomla user tokens)

Changed

  • Health endpoint always enabled — no config toggle needed
  • Grafana provisioning uses heartbeat receiver pattern (replaces direct API)
  • Removed config fields: enable_health_endpoint, grafana_url, grafana_api_key
  • Migrated .gitea/ to .mokogitea/ directory standard
  • Updated all references from MokoStandards to moko-platform
  • Renamed Gitea references to MokoGitea in docs

Fixed

  • SSL verification disabled for Grafana cURL calls (shared hosting)
  • cURL follow redirects enabled
  • updates.xml download URL uses correct development tag

Security

  • Plugin hidden from plugin list for non-master users
  • Plugin settings restricted to master user only
  • Self-healing lock (enforceLocked) runs every page load
  • Uninstall blocked in preflight
  • Health endpoint requires HTTPS + bearer token
  • Heartbeat shared secret for receiver authentication

[02.01.08] - 2026-04-07

Added

  • Template-based language overrides with {{BRAND_NAME}}, {{COMPANY_NAME}}, {{SUPPORT_URL}} placeholders
  • Configurable brand name, company name, and support URL via plugin params
  • Sentinel-block merge pattern that preserves existing site overrides
  • Install respects user-defined overrides (non-overwrite)
  • ~50 override keys across admin and frontend
  • Powered by links with anchor tag to support URL
  • Login support URL enforcement (mokoconsulting.tech/support, /kb, /news)
  • Atum template branding via params (logoBrandLarge, logoBrandSmall, loginLogo)
  • Shipped media assets: logo.png, favicon.ico, favicon.svg, favicon_256.png
  • Favicon injection (SVG + ICO + Apple touch icon)
  • Admin color scheme via Atum template style params (hue, link-color, special-color)
  • Custom CSS textarea injection
  • Master user enforcement (persistent super admin — "Webmaster")
  • Emergency access (DB password + file verification two-factor)
  • IP whitelist via configuration.php (empty blocks access)
  • IP whitelist display in plugin config (shows current IPs + your IP)
  • All emergency access attempts logged to Joomla Action Logs
  • Email notification on successful emergency login
  • Tenant restrictions: Extension Installer, System Info, Global Configuration, Template code editor
  • Dynamic admin menu hiding via onPreprocessMenuItems
  • Disable install-from-URL for all users
  • Force HTTPS redirect (supports reverse proxy)
  • Admin session idle timeout (default 60 min, master user exempt)
  • Password policy (min length, uppercase, number, special character)
  • Upload type and size restrictions (default 100MB)
  • Maintenance actions: reset all hits, delete all versions
  • Auto-enable plugin on first install
  • Action log extension registration in #__action_logs_extensions and #__action_log_config
  • Custom AllowedIpsField form field for IP whitelist display
  • Joomla 5.x and 6.x compatibility

Fixed

  • Column heading overrides removed (broke module/plugin list views)
  • RegularLabs Position column workaround
  • Nested <a> tags in login support overrides
  • Emergency access moved from onUserAuthenticate to onAfterInitialise (Joomla uses isolated auth dispatcher)
  • Session created directly for emergency login (bypasses auth dispatcher)
  • Auto-complete emergency login after verify file deletion (no re-entering credentials)

Changed

  • Version bumped to 02.01.08 across all files
  • Configuration guide fully rewritten with all fieldsets documented
  • Testing guide with 17 test suites
  • README updated with Usage section, new features, Joomla 5/6 badges

[01.04.00] - 2026-02-22

Added

  • Complete Joomla 5.x system plugin implementation with modern architecture
  • Main plugin class (src/mokowaas.php) with event handlers:
    • onAfterInitialise event hook for framework initialization
    • onAfterRoute event hook for routing integration
  • Plugin manifest (src/mokowaas.xml) with Joomla 5.x namespace support
    • Namespace: Moko\Plugin\System\MokoWaaS
    • Configuration parameter for enabling/disabling branding
  • Dependency injection service provider (src/services/provider.php)
    • DI container registration for Joomla 5.x compatibility
  • Plugin language files in src/language/en-GB/:
    • plg_system_mokowaas.ini - Plugin UI strings
    • plg_system_mokowaas.sys.ini - System/installation strings
  • Enhanced language overrides (57+ strings):
    • Installation sample data branding
    • Site name labels
    • Admin-specific UI elements
    • Version and About sections
  • Security index.html files throughout directory structure
  • Comprehensive README.md with:
    • Badges for version, license, Joomla, and PHP compatibility
    • Table of contents with 12+ major sections
    • Detailed installation instructions (2 methods)
    • Technical implementation documentation
    • Repository structure overview
    • Development and build instructions

Changed

  • Updated all documentation to version 01.04.00
  • Enhanced language overrides with more comprehensive coverage
  • Improved plugin configuration options

Fixed

  • Typo in language override: "ERROR OCCURED" → "ERROR OCCURRED"
  • Repository references updated from placeholders to actual GitHub URLs

Technical

  • Integrates with Joomla's native language override system
  • No programmatic string loading (performance optimization)
  • Event-driven architecture for minimal overhead
  • PSR-4 autoloading through service provider

[01.03.00] - 2025-12-11

Changed

  • General cleanup and code organization
  • Documentation structure improvements

[01.02.01] - 2025-12-11

Changed

  • Version bump for release alignment

[01.02.00] - 2025-12-11

Added

  • Documentation directory (/docs/) with comprehensive guides:
    • Installation guide
    • Configuration guide
    • Build guide
    • Operations guide
    • Troubleshooting guide
    • Upgrade and versioning guide
    • Rollback and recovery guide
  • GitHub workflow for automated builds (.github/workflows/build.yml)
  • Image and favicon replacement feature for complete branding

Changed

  • Improved documentation structure and organization

[01.01.05] - 2025-12-11

Changed

  • Version bump for release coordination

[01.01.04] - 2025-12-11

Fixed

  • Plugin manifest corrections and validation fixes

[01.01.03] - 2025-12-11

Fixed

  • Administrator language file location corrected
  • Language override path alignment with Joomla standards

[01.01.02] - 2025-12-11

Changed

  • Moved plugin code to /src/ directory for better organization
  • Aligned repository structure with release deployment pipeline
  • Improved packaging workflow

Added

  • Release deployment pipeline integration
  • Automated build and validation scripts

[1.0.0] - 2025-12-11

Added

  • Initial release of MokoWaaS plugin
  • Basic language override system for Joomla rebranding
  • Frontend language overrides (en-GB, en-US)
  • Administrator language overrides (en-GB, en-US)
  • Core branding replacements:
    • Footer "Powered by" text
    • Control panel welcome messages
    • Help and documentation links
    • Generic Joomla→MokoWaaS replacements
  • Basic plugin structure and manifest
  • License (GPL-3.0-or-later)
  • Contributing guidelines
  • Code of conduct

Technical Details

  • Joomla 5.x compatible
  • PHP 8.1+ requirement
  • Language override mechanism using Joomla's native system

Version History Summary

Version Date Type Summary
01.04.00 2026-02-22 Major Complete plugin implementation & enhanced docs
01.03.00 2025-12-11 Minor Cleanup and organization
01.02.01 2025-12-11 Patch Version alignment
01.02.00 2025-12-11 Minor Documentation and build system
01.01.05 2025-12-11 Patch Version coordination
01.01.04 2025-12-11 Patch Manifest fixes
01.01.03 2025-12-11 Patch Language location fix
01.01.02 2025-12-11 Patch Repository restructuring
1.0.0 2025-12-11 Major Initial release

Upgrade Notes

Upgrading to 01.04.00

Breaking Changes: None

New Features:

  • Complete Joomla 5.x plugin implementation
  • Dependency injection support
  • Enhanced language overrides (14+ new strings)

Installation:

  1. Backup your current installation
  2. Download the latest release package
  3. Install via Joomla Extension Manager
  4. Clear Joomla cache
  5. Verify branding appears correctly

Upgrading to 01.02.00

New Features:

  • Comprehensive documentation in /docs/
  • Automated build workflows

Notes:

  • Review new documentation for operational guidance
  • Check GitHub workflows for automated builds

Contributing

Please read CONTRIBUTING.md for details on our code of conduct and the process for submitting pull requests.

When adding entries to this changelog:

  1. Add new changes under [Unreleased] section
  2. Use categories: Added, Changed, Deprecated, Removed, Fixed, Security
  3. Include clear, concise descriptions
  4. Reference issue numbers where applicable
  5. Move items from Unreleased to versioned section upon release

Links

Note: For detailed technical documentation, see the /docs/ directory and README.md.

Reference in New Issue View Git Blame Copy Permalink