virtfusion-whmcs-module

EZSCALE/virtfusion-whmcs-module

Fork 0

Commit Graph

Author	SHA1	Message	Date
Prophet731	7e7f3c1c14	feat(ipv6): surface /64 subnet allocations with custom-host PTR flow VirtFusion's IPv6 allocation model routes a whole /64 to the VPS rather than exposing discrete host addresses via the API. The previous module silently filtered these entries — the client saw v4 IPs in the rDNS panel but no v6 at all, with no indication why, and no way to set a PTR for a specific address they were using inside the /64. This commit surfaces subnets as first-class entries throughout: - IpUtil::extractIps() now returns {addresses, subnets, skipped}. The subnets bucket carries {subnet, cidr} pairs for any v6 allocation with cidr != 128; /128 entries continue to be treated as discrete addresses, and genuinely malformed entries still go to skipped. - IpUtil::ipv6InSubnet($ip, $prefix, $cidrBits) — new helper that does binary-prefix subnet containment via inet_pton + bit masking. Used for v6 ownership verification (see below). - PtrManager::listPtrs() emits subnet-only rows ahead of per-IP rows, so the client UI can render the /64 as an informational anchor with an entry point for the custom-host flow. - client.php::rdnsUpdate adds a second ownership-check stage: if the submitted IP is v6 AND doesn't match any discrete address, check whether it falls inside one of the server's allocated subnets. This preserves "only your own IPs" while unlocking the feature. - Client-side (module.js / module.css) renders subnet rows with a collapsible "Add host PTR" form (IP + hostname inputs) that posts to the same rdnsUpdate endpoint. Subnet rows get a distinct cyan accent so they visually differ from per-host rows. The usual guards still apply to v6 custom-host writes: forward-DNS (FCrDNS) verification, PTR regex, per-IP rate limit, same-origin / POST-method gates. Nothing about the security envelope changes — only what input is accepted as "you own this IP". Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-17 22:04:23 -04:00
Prophet731	ad85439dfb	feat: add PowerDNS reverse DNS (PTR) integration Introduces an opt-in reverse DNS management subsystem backed by a PowerDNS Authoritative HTTP API. Runs via a companion WHMCS addon module (modules/addons/VirtFusionDns) that holds settings and a Test Connection page; the server module reads those settings from tbladdonmodules and short-circuits when the addon is absent or disabled, so provisioning is unaffected for operators who don't use the feature. Lifecycle hooks: - createAccount creates PTRs for every assigned IP (forward DNS must already resolve to the IP — FCrDNS enforcement) - renameServer updates only PTRs whose content matched the old hostname, preserving client-custom records - terminateAccount deletes all PTRs before the local state is purged - TestConnection merges PowerDNS health check with the existing VirtFusion check - A DailyCronJob hook reconciles missing PTRs additive-only (never overwrites) Client UI: new "Reverse DNS" panel on the service overview with one editable PTR input per assigned IP, per-row status badges, and forward-DNS rejection on save. Admin services tab gets a parallel widget with Reconcile (additive) and Reconcile (force reset) buttons. New subsystem at lib/PowerDns/: - Client.php PowerDNS API wrapper (X-API-Key, listZones/getZone/ patchRRset/notifyZone), auto-NOTIFY on successful PATCH - Config.php Loads + decrypts addon settings from tbladdonmodules - IpUtil.php PTR-name generation (IPv4 + IPv6), zone matching, RFC 2317 classless parsing - Resolver.php FCrDNS verification via dns_get_record with CNAME-chain following and per-(hostname,ip) caching - PtrManager.php Orchestrator: syncServer, deleteForServer, listPtrs, setPtr, reconcile, reconcileAll Security hardening helpers added to Module and applied to the rDNS endpoints: - requirePost() HTTP method gate (405 on non-POST mutations) - requireSameOrigin() Origin/Referer check against WHMCS host (CSRF defence against cross-site form POST) - requireServiceStatus() tblhosting.domainstatus filter (Active for writes, Active+Suspended for reads) RFC 2317 classless delegations (e.g. 64/64.113.0.203.in-addr.arpa.) supported with alignment validation: rejects misaligned start addresses that don't correspond to any real delegation boundary. PowerDNS zone IDs containing '/' are URL-encoded as '=2F' per the PowerDNS API convention. PATCH success triggers PUT /zones/{id}/notify so slaves pick up the SOA-bumped serial immediately. Includes IPv4 + IPv6 support, per-IP write rate limit (10s), fresh IP-ownership re-verification on every client write (defends against stale-ownership after IP reassignment), and audit logging of every successful edit to the WHMCS module log. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-17 21:08:22 -04:00

Author

SHA1

Message

Date

Prophet731

7e7f3c1c14

feat(ipv6): surface /64 subnet allocations with custom-host PTR flow

VirtFusion's IPv6 allocation model routes a whole /64 to the VPS rather
than exposing discrete host addresses via the API. The previous module
silently filtered these entries — the client saw v4 IPs in the rDNS
panel but no v6 at all, with no indication why, and no way to set a
PTR for a specific address they were using inside the /64.

This commit surfaces subnets as first-class entries throughout:

- IpUtil::extractIps() now returns {addresses, subnets, skipped}. The
  subnets bucket carries {subnet, cidr} pairs for any v6 allocation
  with cidr != 128; /128 entries continue to be treated as discrete
  addresses, and genuinely malformed entries still go to skipped.

- IpUtil::ipv6InSubnet($ip, $prefix, $cidrBits) — new helper that does
  binary-prefix subnet containment via inet_pton + bit masking. Used
  for v6 ownership verification (see below).

- PtrManager::listPtrs() emits subnet-only rows ahead of per-IP rows,
  so the client UI can render the /64 as an informational anchor with
  an entry point for the custom-host flow.

- client.php::rdnsUpdate adds a second ownership-check stage: if the
  submitted IP is v6 AND doesn't match any discrete address, check
  whether it falls inside one of the server's allocated subnets. This
  preserves "only your own IPs" while unlocking the feature.

- Client-side (module.js / module.css) renders subnet rows with a
  collapsible "Add host PTR" form (IP + hostname inputs) that posts
  to the same rdnsUpdate endpoint. Subnet rows get a distinct cyan
  accent so they visually differ from per-host rows.

The usual guards still apply to v6 custom-host writes: forward-DNS
(FCrDNS) verification, PTR regex, per-IP rate limit, same-origin /
POST-method gates. Nothing about the security envelope changes — only
what input is accepted as "you own this IP".

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-17 22:04:23 -04:00

Prophet731

ad85439dfb

feat: add PowerDNS reverse DNS (PTR) integration

Introduces an opt-in reverse DNS management subsystem backed by a PowerDNS
Authoritative HTTP API. Runs via a companion WHMCS addon module
(modules/addons/VirtFusionDns) that holds settings and a Test Connection
page; the server module reads those settings from tbladdonmodules and
short-circuits when the addon is absent or disabled, so provisioning is
unaffected for operators who don't use the feature.

Lifecycle hooks:
- createAccount creates PTRs for every assigned IP (forward DNS must
  already resolve to the IP — FCrDNS enforcement)
- renameServer updates only PTRs whose content matched the old hostname,
  preserving client-custom records
- terminateAccount deletes all PTRs before the local state is purged
- TestConnection merges PowerDNS health check with the existing VirtFusion
  check
- A DailyCronJob hook reconciles missing PTRs additive-only (never
  overwrites)

Client UI: new "Reverse DNS" panel on the service overview with one
editable PTR input per assigned IP, per-row status badges, and
forward-DNS rejection on save. Admin services tab gets a parallel
widget with Reconcile (additive) and Reconcile (force reset) buttons.

New subsystem at lib/PowerDns/:
- Client.php    PowerDNS API wrapper (X-API-Key, listZones/getZone/
                patchRRset/notifyZone), auto-NOTIFY on successful PATCH
- Config.php    Loads + decrypts addon settings from tbladdonmodules
- IpUtil.php    PTR-name generation (IPv4 + IPv6), zone matching,
                RFC 2317 classless parsing
- Resolver.php  FCrDNS verification via dns_get_record with CNAME-chain
                following and per-(hostname,ip) caching
- PtrManager.php Orchestrator: syncServer, deleteForServer, listPtrs,
                setPtr, reconcile, reconcileAll

Security hardening helpers added to Module and applied to the rDNS
endpoints:
- requirePost()           HTTP method gate (405 on non-POST mutations)
- requireSameOrigin()     Origin/Referer check against WHMCS host (CSRF
                          defence against cross-site form POST)
- requireServiceStatus()  tblhosting.domainstatus filter (Active for
                          writes, Active+Suspended for reads)

RFC 2317 classless delegations (e.g. 64/64.113.0.203.in-addr.arpa.)
supported with alignment validation: rejects misaligned start addresses
that don't correspond to any real delegation boundary.

PowerDNS zone IDs containing '/' are URL-encoded as '=2F' per the
PowerDNS API convention. PATCH success triggers PUT /zones/{id}/notify
so slaves pick up the SOA-bumped serial immediately.

Includes IPv4 + IPv6 support, per-IP write rate limit (10s), fresh
IP-ownership re-verification on every client write (defends against
stale-ownership after IP reassignment), and audit logging of every
successful edit to the WHMCS module log.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-17 21:08:22 -04:00

2 Commits