* fix: expand TLS includes for maintenance mode
Preserve maintenance-mode TLS handshake behavior by expanding allowed include files into ssl directives instead of copying include directives verbatim.
* fix: harden maintenance include path validation
Validate maintenance include paths before file-system access and add regression coverage for relative path escapes.
* refactor(site): simplify maintenance include expansion and tests
The site healthcheck built its request URL from the indexed site URL
(e.g. http://example.com) and never rewrote the scheme to match the
user-configured HealthCheckConfig.Protocol. As a result, sites
configured for HTTPS were probed over HTTP and always shown as
unreachable. TestHealthCheck compounded the issue by using
siteConfig.Scheme (default "http") instead of req.Config.Protocol.
Introduce rewriteCheckURLScheme which aligns only the URL scheme with
the configured protocol while preserving path, query, and port, and
call it from CheckSiteWithConfig. TestHealthCheck now passes the stored
site URL and relies on the same rewrite, so the "Test" button exercises
the same code path as the scheduled checker.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Introduced SafeWebSocketWriter to ensure thread-safe writes to WebSocket connections.
- Updated WebSocket handling in certificate issuance, revocation, Nginx log tailing, and system upgrades to use the new writer.
- Enhanced WebSocket client management in the site navigation module for improved message handling and connection stability.
- Introduced `WebSocketTrustedOrigins` setting in `app.example.ini` and corresponding documentation.
- Refactored WebSocket origin checks across multiple API endpoints to utilize the new middleware for improved security.
- Added tests for the new origin validation logic to ensure proper handling of trusted origins and node secret requests.
* feat: Integrate DNS record management into site configuration
- Removed the 'External Notification Test' notification.
- Enhanced SiteAdd.vue to include DNS record integration, allowing users to select or create DNS records linked to the site.
- Added DNSRecordIntegration component for managing DNS records, including selection and creation of new records.
- Implemented DNS linking functionality in the RightPanel component, enabling users to link existing DNS records to their site configuration.
- Updated SiteEditor to provide DNS link status to child components.
- Extended the site model to include fields for linked DNS domain and record information.
- Added logic to handle DNS record recreation if a linked record is missing.
* fix: remove unnecessary type assertion for selectedDomainId and selectedRecordId
* feat: add computed properties for selectedDomainId and selectedRecordId to handle null values
* refactor: simplify setter syntax for computed properties of selectedDomainId and selectedRecordId
* fix: update computed properties to return undefined for null values in selectedDomainId and selectedRecordId
---------
Co-authored-by: Nemer Tamimi <nemer.tamimi@uopeople.edu>
1. User can now view the latest renew logs of the certain certificate.
2. Add manually renew button in certificate modify page for managed certificate (auto cert)
