Compare commits

..

2 Commits

Author SHA1 Message Date
9deac1388d docs: add system architecture documentation 2026-03-05 12:56:28 +00:00
e87f86ae86 docs: add ai project context for development agents 2026-03-05 12:51:11 +00:00
45 changed files with 354 additions and 4790 deletions

View File

@@ -1,36 +0,0 @@
# Project AI Rules
This repository contains the Plesk Agency Portal SaaS project.
Before making changes, read the following documentation files:
docs/ai-bootstrap.md
docs/ai-project-context.md
docs/system-architecture.md
docs/GUARDRAILS.md
docs/next-steps.md
docs/handovers/latest.md
docs/current-focus.md
Project guidelines:
- Treat master branch as production-ready.
- Preserve the working Jenkins CI/CD deployment pipeline.
- Avoid breaking Supabase Row Level Security policies.
- Prefer minimal changes over large rewrites.
- Follow existing Next.js App Router structure.
Deployment architecture:
Jenkins builds Docker image.
Image transferred using:
docker save → scp → docker load
Application host path:
/opt/plesk-agency-portal
Public domain:
https://portal.rdbcloud.co.uk
Supabase domain
https://supabase.rdbcloud.co.uk

View File

@@ -1,13 +0,0 @@
node_modules
.next
.git
*.log
logs
.env
.env.*
!.env.example
.env.local
.env.*.local
.vscode
.idea
.DS_Store

View File

@@ -1,22 +1,13 @@
NODE_ENV=production
NEXT_PUBLIC_APP_URL=http://localhost:3000
NEXT_PUBLIC_SUPABASE_URL=
NEXT_PUBLIC_SUPABASE_ANON_KEY=
SUPABASE_URL=
SUPABASE_ANON_KEY=
SUPABASE_SERVICE_ROLE_KEY=
NEXT_PUBLIC_APP_URL=http://localhost:3000
JOB_SECRET=
ENCRYPTION_KEY=
PLESK_CRED_ENC_KEY=
STRIPE_SECRET_KEY=
STRIPE_WEBHOOK_SECRET=
CRON_SHARED_SECRET=
# Existing runtime keys used by current codebase
JOB_SECRET=
CRON_SECRET=
ENCRYPTION_KEY=
STRIPE_PRICE_ID=

View File

@@ -1,6 +1,3 @@
{
"extends": ["next/core-web-vitals", "next/typescript"],
"rules": {
"@typescript-eslint/no-explicit-any": "off"
}
"extends": ["next/core-web-vitals", "next/typescript"]
}

View File

@@ -1,45 +0,0 @@
# AI Start Here
Before making changes, read these files in order:
1. docs/ai-project-context.md
2. docs/system-architecture.md
3. docs/next-steps.md
4. docs/handovers/latest.md (or the newest dated handover file)
## Project
Plesk Agency Portal
## Rules
- Make minimal safe changes
- Do not weaken Supabase RLS
- Preserve working deployment pipeline
- Prefer extending existing patterns over rewrites
- Treat `master` as production-ready
## Current Focus
- Fix Supabase HTTPS/public URL
- Validate auth flow
- Keep CI/CD stable
## Deployment Summary
- Jenkins builds Docker image
- Image transferred via `docker save -> scp -> docker load`
- App runs on `/opt/plesk-agency-portal`
- Public app URL: `https://portal.rdbcloud.co.uk`
- supabase URL: `https://supabase.rdbcloud.co.uk`
## Notes
Use the docs folder as source of truth for current state and handover history.
## When updating the project
- update docs/ai-project-context.md for current state
- add a new file in docs/handovers/
- update docs/next-steps.md
- keep this file short

View File

@@ -1,49 +0,0 @@
FROM node:20-bookworm-slim AS deps
WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci
FROM node:20-bookworm-slim AS builder
WORKDIR /app
ARG NEXT_PUBLIC_SUPABASE_URL
ARG NEXT_PUBLIC_SUPABASE_ANON_KEY
ARG SUPABASE_URL
ARG NEXT_PUBLIC_APP_URL
ARG BUILD_CACHE_BUSTER
ENV NEXT_PUBLIC_SUPABASE_URL=${NEXT_PUBLIC_SUPABASE_URL}
ENV NEXT_PUBLIC_SUPABASE_ANON_KEY=${NEXT_PUBLIC_SUPABASE_ANON_KEY}
ENV SUPABASE_URL=${SUPABASE_URL}
ENV NEXT_PUBLIC_APP_URL=${NEXT_PUBLIC_APP_URL}
ENV BUILD_CACHE_BUSTER=${BUILD_CACHE_BUSTER}
COPY --from=deps /app/node_modules ./node_modules
COPY . .
RUN npm run build
FROM node:20-bookworm-slim AS prod-deps
WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci --omit=dev
FROM node:20-bookworm-slim AS runner
WORKDIR /app
ENV NODE_ENV=production
ARG NEXT_PUBLIC_SUPABASE_URL
ARG SUPABASE_URL
ARG NEXT_PUBLIC_APP_URL
ENV NEXT_PUBLIC_SUPABASE_URL=${NEXT_PUBLIC_SUPABASE_URL}
ENV SUPABASE_URL=${SUPABASE_URL}
ENV NEXT_PUBLIC_APP_URL=${NEXT_PUBLIC_APP_URL}
COPY --from=prod-deps /app/node_modules ./node_modules
COPY --from=builder /app/package.json ./package.json
COPY --from=builder /app/next.config.mjs ./next.config.mjs
COPY --from=builder /app/.next ./.next
EXPOSE 3000
CMD ["node", "node_modules/next/dist/bin/next", "start", "-H", "0.0.0.0", "-p", "3000"]

179
Jenkinsfile vendored
View File

@@ -1,179 +0,0 @@
pipeline {
// Build + deploy stages require Docker CLI/daemon access on the Jenkins node.
// Ensure this label maps to an agent with Docker installed and usable.
//update
agent any
environment {
REGISTRY_IMAGE = "plesk-agency-portal"
IMAGE_LATEST = "${REGISTRY_IMAGE}:latest"
IMAGE_BUILD = "${REGISTRY_IMAGE}:build-${BUILD_NUMBER}"
DEPLOY_SSH_CREDENTIAL_ID = "${env.DEPLOY_SSH_CREDENTIAL_ID ?: 'plesk-agency-deploy-key'}"
APP_HOST = "${env.APP_HOST ?: '192.168.68.89'}"
APP_USER = "${env.APP_USER ?: 'deploy'}"
DEPLOY_PATH = "${env.DEPLOY_PATH ?: '/opt/plesk-agency-portal'}"
APP_BASE_URL = "${env.APP_BASE_URL ?: 'https://portal.rdbcloud.co.uk'}"
NEXT_PUBLIC_APP_URL = "${env.NEXT_PUBLIC_APP_URL ?: 'https://portal.rdbcloud.co.uk'}"
}
stages {
// stage('Preflight') {
// steps {
// sh '''
// set -euo pipefail
// if ! command -v docker >/dev/null 2>&1; then
// echo "Docker CLI is not available on this Jenkins agent."
// echo "Run this pipeline on a Docker-capable node or install Docker on the current agent."
// exit 1
// fi
// if ! docker version >/dev/null 2>&1; then
// echo "Docker is installed but not usable by Jenkins (daemon/socket/permissions issue)."
// exit 1
// fi
// '''
// }
// }
stage('Checkout') {
steps {
checkout scm
}
}
stage('Install dependencies') {
steps {
sh 'npm ci'
}
}
// stage('Lint') {
// steps {
// script {
// def hasLint = sh(script: "node -e \"const fs=require('fs');const p=require('./package.json');process.exit(p?.scripts?.lint?0:1)\"", returnStatus: true)
// if (hasLint == 0) {
// sh 'npm run lint'
// } else {
// echo 'No lint script configured; skipping lint stage.'
// }
// }
// }
// }
stage('Build application') {
steps {
withCredentials([
string(credentialsId: 'supabase-public-url', variable: 'SUPABASE_PUBLIC_URL'),
string(credentialsId: 'supabase-public-anon-key', variable: 'NEXT_PUBLIC_SUPABASE_ANON_KEY')
]) {
sh '''
ANON_PREFIX="$(printf '%s' "$NEXT_PUBLIC_SUPABASE_ANON_KEY" | cut -c1-6)"
echo "ENV DEBUG:"
echo "NEXT_PUBLIC_SUPABASE_URL=$SUPABASE_PUBLIC_URL"
echo "NEXT_PUBLIC_APP_URL=$NEXT_PUBLIC_APP_URL"
echo "NEXT_PUBLIC_SUPABASE_ANON_KEY=${ANON_PREFIX}***"
echo "SUPABASE_URL=$SUPABASE_PUBLIC_URL"
NEXT_PUBLIC_SUPABASE_URL="$SUPABASE_PUBLIC_URL" \
SUPABASE_URL="$SUPABASE_PUBLIC_URL" \
NEXT_PUBLIC_APP_URL="$NEXT_PUBLIC_APP_URL" \
npm run build
'''
}
}
}
stage('Build Docker image') {
steps {
withCredentials([
string(credentialsId: 'supabase-public-url', variable: 'SUPABASE_PUBLIC_URL'),
string(credentialsId: 'supabase-public-anon-key', variable: 'NEXT_PUBLIC_SUPABASE_ANON_KEY')
]) {
sh 'docker build --build-arg NEXT_PUBLIC_SUPABASE_URL="$SUPABASE_PUBLIC_URL" --build-arg SUPABASE_URL="$SUPABASE_PUBLIC_URL" --build-arg NEXT_PUBLIC_APP_URL="$NEXT_PUBLIC_APP_URL" --build-arg NEXT_PUBLIC_SUPABASE_ANON_KEY="$NEXT_PUBLIC_SUPABASE_ANON_KEY" --build-arg BUILD_CACHE_BUSTER="${BUILD_NUMBER}" -t ${IMAGE_LATEST} -t ${IMAGE_BUILD} .'
}
}
}
stage('Deploy') {
steps {
sh '''
bash <<'EOF'
set -euxo pipefail
SSH_KEY="/var/lib/jenkins/.ssh/plesk_agency_deploy"
SSH_USER="deploy"
SSH_COMMON_OPTS="-i ${SSH_KEY} -o BatchMode=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
SSH_OPTS="-n ${SSH_COMMON_OPTS}"
RSYNC_SSH="ssh ${SSH_COMMON_OPTS}"
echo "SSH user from configured deploy key: ${SSH_USER}"
echo "SSH key file path: ${SSH_KEY}"
ls -l "${SSH_KEY}"
ssh-keygen -y -f "${SSH_KEY}"
echo "Testing remote SSH connectivity"
ssh -n ${SSH_OPTS} "${SSH_USER}@${APP_HOST}" "whoami && hostname && pwd"
echo "Deploying image tag: ${IMAGE_BUILD}"
docker image inspect "${IMAGE_BUILD}" --format='{{.Id}} {{.RepoTags}}'
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "mkdir -p $DEPLOY_PATH/scripts"
rsync -az \
-e "${RSYNC_SSH}" \
docker-compose.prod.yml \
"$SSH_USER@$APP_HOST:$DEPLOY_PATH/"
rsync -az \
-e "${RSYNC_SSH}" \
scripts/ \
"$SSH_USER@$APP_HOST:$DEPLOY_PATH/scripts/"
IMAGE_TAR="plesk-agency-portal-build.tar"
echo "Creating image archive: ${IMAGE_TAR}"
docker save -o "${IMAGE_TAR}" "${IMAGE_BUILD}"
ls -lh "${IMAGE_TAR}"
sha256sum "${IMAGE_TAR}"
echo "Copying image archive to remote host via scp"
scp ${SSH_COMMON_OPTS} "${IMAGE_TAR}" "$SSH_USER@$APP_HOST:$DEPLOY_PATH/"
echo "Verifying image archive exists on remote host"
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "ls -lh $DEPLOY_PATH/plesk-agency-portal-build.tar"
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "sha256sum $DEPLOY_PATH/plesk-agency-portal-build.tar"
echo "Loading image archive on remote host"
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "docker load -i $DEPLOY_PATH/plesk-agency-portal-build.tar"
echo "Verifying exact image tag is available on remote host"
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "docker image inspect ${IMAGE_BUILD} --format='{{.Id}} {{.RepoTags}}'"
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" \
"cd $DEPLOY_PATH && chmod +x ./scripts/deploy-prod.sh ./scripts/smoke-check.sh ./scripts/rollback-prod.sh"
echo "Running remote deploy script with exact image tag"
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" \
"cd $DEPLOY_PATH && APP_IMAGE='${IMAGE_BUILD}' ./scripts/deploy-prod.sh"
echo "Printing final running container image metadata"
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "docker inspect plesk-agency-portal --format='{{.Image}} {{.Created}}'"
EOF
'''
}
}
stage('Smoke check') {
steps {
sh '''
bash -eo pipefail << EOF
set -euo pipefail
chmod +x scripts/smoke-check.sh
scripts/smoke-check.sh "${APP_BASE_URL}"
EOF
'''
}
}
}
}

View File

@@ -63,9 +63,7 @@ values ('<agency_uuid>', '<auth_user_uuid>', 'owner');
- `POST /api/plesk/instances` — create + validate Plesk connection
- `POST /api/plesk/instances/:id/sync` — pull/sync subscriptions + domains from one Plesk instance
- `POST /api/plesk/instances/:id/autosync` — update auto-sync enabled/frequency for one Plesk instance
- `POST /api/jobs/plesk-sync-all` — background sync job for all connected instances (requires `X-JOB-SECRET`)
- `POST /api/cron/autosync` — scheduled auto-sync tick (requires `X-CRON-SECRET`)
- `POST /api/plesk/subscriptions/:id/action` — suspend or unsuspend
- `POST /api/stripe/checkout` — create Stripe Checkout session
- `POST /api/stripe/portal` — create Stripe Customer Portal session
@@ -76,7 +74,6 @@ values ('<agency_uuid>', '<auth_user_uuid>', 'owner');
- Set a strong `ENCRYPTION_KEY`; it encrypts stored Plesk auth secrets.
- Set a strong `PLESK_CRED_ENC_KEY` (32-byte base64 or 64-char hex) for Plesk credential encryption.
- Set `JOB_SECRET` for internal cron-triggered job auth.
- Set `CRON_SECRET` for `/api/cron/autosync` auth.
- `/api/stripe/webhook` is excluded from auth middleware for Stripe signature verification.
- Current implementation is intentionally MVP-focused; add stronger validation, retries, idempotency keys, and richer error observability for production.
@@ -100,37 +97,3 @@ Notes:
- Job uses DB lock (`job_locks`) to avoid overlapping runs.
- Job processes at most 10 connected instances per run.
- Instances synced in the last 3 minutes are skipped.
## 6) Auto Sync Worker (CL6)
New scheduler fields live on `plesk_instances`:
- `auto_sync_enabled`
- `auto_sync_frequency_minutes`
- `last_auto_sync_at`
- `next_auto_sync_at`
- `auto_sync_lock_until`
- `auto_sync_lock_token`
Endpoint for periodic worker ticks:
```bash
curl -sS -X POST http://localhost:3000/api/cron/autosync \
-H "X-CRON-SECRET: <CRON_SECRET>"
```
Recommended system cron (every 5 minutes):
```cron
*/5 * * * * curl -sS -X POST https://<your-host>/api/cron/autosync -H "X-CRON-SECRET: ${CRON_SECRET}"
```
Or schedule the same call from Jenkins.
Worker safety behavior:
- processes at most 5 instances per tick
- concurrency limited to 2 at a time
- per-instance lock lease 15 minutes
- per-instance timeout guard 14 minutes
- per-instance failures are isolated and logged to `actions_log`

View File

@@ -1,38 +0,0 @@
import { NextResponse } from "next/server";
import { env } from "@/lib/env";
import { runAutoSyncTick } from "@/lib/plesk/auto-sync";
import { createSupabaseAdminClient } from "@/lib/supabase/admin";
export async function POST(req: Request) {
const startedAt = Date.now();
try {
const secret = req.headers.get("x-cron-secret");
if (!env.cronSharedSecret || !secret || secret !== env.cronSharedSecret) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
const supabase = createSupabaseAdminClient() as any;
const summary = await runAutoSyncTick(supabase);
return NextResponse.json({
...summary,
duration_ms: Date.now() - startedAt,
});
} catch (error) {
console.error("[autosync cron] failed", error);
return NextResponse.json(
{
error: "Auto-sync job failed",
instances_considered: 0,
locks_acquired: 0,
succeeded: 0,
failed: 0,
duration_ms: Date.now() - startedAt,
},
{ status: 500 },
);
}
}

View File

@@ -1,38 +0,0 @@
import { NextResponse } from "next/server";
import { env } from "@/lib/env";
import { runHealthCheckTick } from "@/lib/plesk/health";
import { createSupabaseAdminClient } from "@/lib/supabase/admin";
export async function POST(req: Request) {
const startedAt = Date.now();
try {
const secret = req.headers.get("x-cron-secret");
if (!env.cronSharedSecret || !secret || secret !== env.cronSharedSecret) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
const supabase = createSupabaseAdminClient() as any;
const summary = await runHealthCheckTick(supabase);
return NextResponse.json({
...summary,
duration_ms: Date.now() - startedAt,
});
} catch (error) {
console.error("[health cron] failed", error);
return NextResponse.json(
{
error: "Health check job failed",
checked: 0,
ok: 0,
degraded: 0,
failed: 0,
duration_ms: Date.now() - startedAt,
},
{ status: 500 },
);
}
}

View File

@@ -1,13 +0,0 @@
import { NextResponse } from "next/server";
export async function GET() {
return NextResponse.json(
{
ok: true,
service: "plesk-agency-portal",
timestamp: new Date().toISOString(),
environment: process.env.NODE_ENV ?? "development",
},
{ status: 200 },
);
}

View File

@@ -5,54 +5,15 @@ import { assertAgencyAdmin, getRouteAgencyContextOrThrow } from "@/lib/agency";
import { assertRateLimit } from "@/lib/api/rate-limit";
import { assertSameOrigin } from "@/lib/api/security";
import {
parseSubscriptionStatusDetailsFromInfo,
pleskCliCall,
suspendPleskSubscription,
unsuspendPleskSubscription,
} from "@/lib/plesk/client";
import { createSupabaseRouteClient } from "@/lib/supabase/route";
const actionSchema = z.object({
action: z.enum(["suspend", "unsuspend"]),
subscription_id: z.string().uuid().optional(),
});
const LOG_EXCERPT_LIMIT = 500;
const DOMAIN_ACTION_EVENTS = {
suspend: {
requested: "domain_suspend_requested",
succeeded: "domain_suspend_succeeded",
failed: "domain_suspend_failed",
},
unsuspend: {
requested: "domain_unsuspend_requested",
succeeded: "domain_unsuspend_succeeded",
failed: "domain_unsuspend_failed",
},
} as const;
function excerpt(value: string | null | undefined) {
if (!value) return null;
const trimmed = value.trim();
if (!trimmed) return null;
return trimmed.length > LOG_EXCERPT_LIMIT
? `${trimmed.slice(0, LOG_EXCERPT_LIMIT)}`
: trimmed;
}
async function insertActionLogBestEffort(
supabase: any,
payload: Record<string, unknown>,
) {
try {
const { error } = await supabase.from("actions_log").insert(payload);
if (error) {
console.error("[actions_log] insert failed", error.message);
}
} catch (error) {
console.error("[actions_log] insert threw", error);
}
}
export async function POST(
req: Request,
{ params }: { params: { id: string } },
@@ -61,13 +22,8 @@ export async function POST(
let context: Awaited<ReturnType<typeof getRouteAgencyContextOrThrow>> | null =
null;
let domain: { id: string; subscription_id: string | null } | null = null;
let subscription: {
id: string;
plesk_subscription_id: string;
plesk_instance_id: string;
} | null = null;
let subscription: { id: string; plesk_subscription_id: string } | null = null;
let requestedAction: "suspend" | "unsuspend" | null = null;
const startedAt = Date.now();
try {
assertSameOrigin(req);
@@ -76,8 +32,7 @@ export async function POST(
assertAgencyAdmin(context);
assertRateLimit(`plesk-domain-action:${context.userId}`, 10, 60_000);
const payload = actionSchema.parse(await req.json());
const { action } = payload;
const { action } = actionSchema.parse(await req.json());
requestedAction = action;
const { data: domainRow, error: domainError } = await supabase
@@ -91,23 +46,21 @@ export async function POST(
throw new Error("Domain not found");
}
const resolvedSubscriptionId =
payload.subscription_id ??
(domainRow.subscription_id ? String(domainRow.subscription_id) : null);
domain = {
id: String(domainRow.id),
subscription_id: resolvedSubscriptionId,
subscription_id: domainRow.subscription_id
? String(domainRow.subscription_id)
: null,
};
if (!resolvedSubscriptionId) {
if (!domain.subscription_id) {
throw new Error("Domain is not linked to a subscription");
}
const { data: subscriptionRow, error: subscriptionError } = await supabase
.from("plesk_subscriptions")
.select("id, plesk_subscription_id, plesk_instance_id")
.eq("id", resolvedSubscriptionId)
.eq("id", domain.subscription_id)
.eq("agency_id", context.agencyId)
.single();
@@ -118,7 +71,6 @@ export async function POST(
subscription = {
id: String(subscriptionRow.id),
plesk_subscription_id: String(subscriptionRow.plesk_subscription_id),
plesk_instance_id: String(subscriptionRow.plesk_instance_id),
};
const { data: instance, error: instanceError } = await supabase
@@ -138,117 +90,29 @@ export async function POST(
encryptedSecret: instance.encrypted_secret,
} as const;
const domainIdentifier = subscription.plesk_subscription_id;
const siteArgs =
action === "suspend"
? ["--suspend", domainIdentifier]
: ["--on", domainIdentifier];
await insertActionLogBestEffort(supabase, {
agency_id: context.agencyId,
actor_user_id: context.userId,
target_type: "plesk_domain",
target_id: domain.id,
action: DOMAIN_ACTION_EVENTS[action].requested,
status: "pending",
metadata: {
domain_id: domain.id,
subscription_id: subscription.id,
plesk_instance_id: subscription.plesk_instance_id,
plesk_subscription_id: subscription.plesk_subscription_id,
cli_command: "site",
cli_args: siteArgs,
},
});
const siteResult = await pleskCliCall(connection, "site", siteArgs);
const fallbackStatus = action === "suspend" ? "suspended" : "active";
let refreshedStatus = fallbackStatus;
let refreshedStatusRaw: string | null = null;
let refreshErrorMessage: string | null = null;
try {
const infoResult = await pleskCliCall(connection, "subscription", [
"--info",
domainIdentifier,
]);
const parsed = parseSubscriptionStatusDetailsFromInfo(
infoResult.stdout ?? "",
if (action === "suspend") {
await suspendPleskSubscription(
connection,
subscription.plesk_subscription_id,
);
} else {
await unsuspendPleskSubscription(
connection,
subscription.plesk_subscription_id,
);
refreshedStatus = parsed.status;
refreshedStatusRaw = parsed.statusRaw;
if (
action === "unsuspend" &&
refreshedStatus === "suspended" &&
(refreshedStatusRaw ?? "").toLowerCase().includes("subscriber")
) {
throw new Error(
"Domain remains suspended because its subscriber/customer account is suspended.",
);
}
} catch (refreshError) {
refreshErrorMessage =
refreshError instanceof Error
? refreshError.message.slice(0, 1000)
: "subscription_status_refresh_failed";
await insertActionLogBestEffort(supabase, {
agency_id: context.agencyId,
actor_user_id: context.userId,
target_type: "plesk_subscription",
target_id: subscription.id,
action: "subscription_status_refresh_failed",
status: "failed",
error_message: refreshErrorMessage,
metadata: {
subscription_id: subscription.id,
plesk_subscription_id: subscription.plesk_subscription_id,
plesk_instance_id: subscription.plesk_instance_id,
source: "domain_action",
domain_id: domain.id,
},
});
}
await supabase
.from("plesk_subscriptions")
.update({
status: refreshedStatus,
status_raw: refreshedStatusRaw,
last_status_sync_at: new Date().toISOString(),
})
.eq("id", subscription.id)
.eq("agency_id", context.agencyId);
await supabase
.from("plesk_domains")
.update({ status: refreshedStatus })
.eq("agency_id", context.agencyId)
.eq("subscription_id", subscription.id);
await insertActionLogBestEffort(supabase, {
await supabase.from("actions_log").insert({
agency_id: context.agencyId,
actor_user_id: context.userId,
target_type: "plesk_domain",
target_id: domain.id,
action: DOMAIN_ACTION_EVENTS[action].succeeded,
action: `domain_${action}`,
status: "success",
metadata: {
duration_ms: Date.now() - startedAt,
domain_id: domain.id,
subscription_id: subscription.id,
plesk_instance_id: subscription.plesk_instance_id,
plesk_subscription_id: subscription.plesk_subscription_id,
cli_command: "site",
cli_args: siteArgs,
cli_exit_code: siteResult.code,
cli_stdout_excerpt: excerpt(siteResult.stdout),
cli_stderr_excerpt: excerpt(siteResult.stderr),
refreshed_status: refreshedStatus,
refresh_error: refreshErrorMessage,
},
});
@@ -257,41 +121,20 @@ export async function POST(
if (context && domain) {
const message =
error instanceof Error ? error.message : "Domain action failed";
if (requestedAction) {
await insertActionLogBestEffort(supabase, {
agency_id: context.agencyId,
actor_user_id: context.userId,
target_type: "plesk_domain",
target_id: domain.id,
action: DOMAIN_ACTION_EVENTS[requestedAction].failed,
status: "failed",
error_message: message,
metadata: {
duration_ms: Date.now() - startedAt,
domain_id: domain.id,
subscription_id: subscription?.id ?? domain.subscription_id,
plesk_instance_id: subscription?.plesk_instance_id ?? null,
plesk_subscription_id: subscription?.plesk_subscription_id ?? null,
},
});
} else {
await insertActionLogBestEffort(supabase, {
agency_id: context.agencyId,
actor_user_id: context.userId,
target_type: "plesk_domain",
target_id: domain.id,
action: "domain_action_failed",
status: "failed",
error_message: message,
metadata: {
duration_ms: Date.now() - startedAt,
domain_id: domain.id,
subscription_id: subscription?.id ?? domain.subscription_id,
plesk_instance_id: subscription?.plesk_instance_id ?? null,
plesk_subscription_id: subscription?.plesk_subscription_id ?? null,
},
});
}
await supabase.from("actions_log").insert({
agency_id: context.agencyId,
actor_user_id: context.userId,
target_type: "plesk_domain",
target_id: domain.id,
action: requestedAction ? `domain_${requestedAction}` : "domain_action",
status: "failed",
error_message: message,
metadata: {
domain_id: domain.id,
subscription_id: subscription?.id ?? domain.subscription_id,
plesk_subscription_id: subscription?.plesk_subscription_id ?? null,
},
});
}
return NextResponse.json(

View File

@@ -1,87 +0,0 @@
import { NextResponse } from "next/server";
import { z } from "zod";
import { assertAgencyAdmin, getRouteAgencyContextOrThrow } from "@/lib/agency";
import { assertRateLimit } from "@/lib/api/rate-limit";
import { assertSameOrigin } from "@/lib/api/security";
import { createSupabaseRouteClient } from "@/lib/supabase/route";
const autosyncSchema = z.object({
auto_sync_enabled: z.boolean(),
auto_sync_frequency_minutes: z.number().int().min(5).max(10080).optional(),
});
export async function POST(
req: Request,
{ params }: { params: { id: string } },
) {
try {
assertSameOrigin(req);
const context = await getRouteAgencyContextOrThrow();
assertAgencyAdmin(context);
assertRateLimit(`plesk-autosync-settings:${context.userId}`, 20, 60_000);
const input = autosyncSchema.parse(await req.json());
const frequency = input.auto_sync_frequency_minutes ?? 60;
const nowIso = new Date().toISOString();
const nextAtIso = new Date(
Date.now() + frequency * 60 * 1000,
).toISOString();
const supabase = createSupabaseRouteClient() as any;
const updates = {
auto_sync_enabled: input.auto_sync_enabled,
auto_sync_frequency_minutes: frequency,
next_auto_sync_at: input.auto_sync_enabled ? nextAtIso : null,
auto_sync_lock_until: null,
auto_sync_lock_token: null,
last_auto_sync_at: input.auto_sync_enabled ? undefined : null,
} as Record<string, unknown>;
const { data: instance, error } = await supabase
.from("plesk_instances")
.update(updates)
.eq("id", params.id)
.eq("agency_id", context.agencyId)
.select(
"id, auto_sync_enabled, auto_sync_frequency_minutes, last_auto_sync_at, next_auto_sync_at, auto_sync_lock_until",
)
.single();
if (error || !instance) {
throw new Error(error?.message ?? "Plesk instance not found");
}
try {
await supabase.from("actions_log").insert({
agency_id: context.agencyId,
actor_user_id: context.userId,
target_type: "plesk_instance",
target_id: params.id,
action: "autosync_settings_updated",
status: "success",
metadata: {
auto_sync_enabled: input.auto_sync_enabled,
auto_sync_frequency_minutes: frequency,
updated_at: nowIso,
},
});
} catch {
// best effort logging
}
return NextResponse.json({ instance });
} catch (error) {
return NextResponse.json(
{
error:
error instanceof Error
? error.message
: "Failed to update auto-sync settings",
},
{ status: 400 },
);
}
}

View File

@@ -1,51 +0,0 @@
import { NextResponse } from "next/server";
import { assertAgencyAdmin, getRouteAgencyContextOrThrow } from "@/lib/agency";
import { assertRateLimit } from "@/lib/api/rate-limit";
import { assertSameOrigin } from "@/lib/api/security";
import { backfillDomainSubscriptionLinks } from "@/lib/plesk/sync";
import { createSupabaseRouteClient } from "@/lib/supabase/route";
export async function POST(
req: Request,
{ params }: { params: { id: string } },
) {
try {
assertSameOrigin(req);
const context = await getRouteAgencyContextOrThrow();
assertAgencyAdmin(context);
assertRateLimit(`plesk-backfill-links:${context.userId}`, 5, 60_000);
const supabase = createSupabaseRouteClient() as any;
const { data: instance, error: instanceError } = await supabase
.from("plesk_instances")
.select("id")
.eq("id", params.id)
.eq("agency_id", context.agencyId)
.single();
if (instanceError || !instance) {
throw new Error("Plesk instance not found");
}
const result = await backfillDomainSubscriptionLinks(supabase, {
agencyId: context.agencyId,
instanceId: params.id,
actorUserId: context.userId,
});
return NextResponse.json({ ok: true, ...result });
} catch (error) {
return NextResponse.json(
{
error:
error instanceof Error
? error.message
: "Backfill domain links failed",
},
{ status: 400 },
);
}
}

View File

@@ -1,73 +0,0 @@
import { NextResponse } from "next/server";
import { assertAgencyAdmin, getRouteAgencyContextOrThrow } from "@/lib/agency";
import { assertRateLimit } from "@/lib/api/rate-limit";
import { assertSameOrigin } from "@/lib/api/security";
import { runInstanceHealthCheck } from "@/lib/plesk/health";
import { createSupabaseRouteClient } from "@/lib/supabase/route";
export async function POST(
req: Request,
{ params }: { params: { id: string } },
) {
try {
assertSameOrigin(req);
const context = await getRouteAgencyContextOrThrow();
assertAgencyAdmin(context);
assertRateLimit(`plesk-health-check:${context.userId}`, 20, 60_000);
const supabase = createSupabaseRouteClient() as any;
const { data: instance, error: instanceError } = await supabase
.from("plesk_instances")
.select(
"id, agency_id, base_url, auth_type, encrypted_secret, health_enabled, health_check_frequency_minutes, health_next_check_at, health_lock_until",
)
.eq("id", params.id)
.eq("agency_id", context.agencyId)
.single();
if (instanceError || !instance) {
throw new Error("Plesk instance not found");
}
const result = await runInstanceHealthCheck(supabase, instance, {
actorUserId: context.userId,
force: true,
source: "manual",
});
if (!result.checked) {
return NextResponse.json(
{ error: "Health check is already running for this instance" },
{ status: 409 },
);
}
const { data: updated } = await supabase
.from("plesk_instances")
.select(
"id, health_enabled, health_status, health_last_checked_at, health_last_ok_at, health_last_error, health_last_latency_ms, health_check_frequency_minutes, health_next_check_at",
)
.eq("id", params.id)
.eq("agency_id", context.agencyId)
.single();
return NextResponse.json({
ok: true,
result,
instance: updated,
});
} catch (error) {
return NextResponse.json(
{
error:
error instanceof Error
? error.message
: "Health check execution failed",
},
{ status: 400 },
);
}
}

View File

@@ -5,8 +5,6 @@ import { assertAgencyAdmin, getRouteAgencyContextOrThrow } from "@/lib/agency";
import { assertRateLimit } from "@/lib/api/rate-limit";
import { assertSameOrigin } from "@/lib/api/security";
import {
parseSubscriptionStatusDetailsFromInfo,
pleskCliCall,
suspendPleskSubscription,
unsuspendPleskSubscription,
} from "@/lib/plesk/client";
@@ -16,44 +14,6 @@ const actionSchema = z.object({
action: z.enum(["suspend", "unsuspend"]),
});
const LOG_EXCERPT_LIMIT = 500;
const SUBSCRIPTION_ACTION_EVENTS = {
suspend: {
requested: "subscription_suspend_requested",
succeeded: "subscription_suspend_succeeded",
failed: "subscription_suspend_failed",
},
unsuspend: {
requested: "subscription_unsuspend_requested",
succeeded: "subscription_unsuspend_succeeded",
failed: "subscription_unsuspend_failed",
},
} as const;
function excerpt(value: string | null | undefined) {
if (!value) return null;
const trimmed = value.trim();
if (!trimmed) return null;
return trimmed.length > LOG_EXCERPT_LIMIT
? `${trimmed.slice(0, LOG_EXCERPT_LIMIT)}`
: trimmed;
}
async function insertActionLogBestEffort(
supabase: any,
payload: Record<string, unknown>,
) {
try {
const { error } = await supabase.from("actions_log").insert(payload);
if (error) {
console.error("[actions_log] insert failed", error.message);
}
} catch (error) {
console.error("[actions_log] insert threw", error);
}
}
export async function POST(
req: Request,
{ params }: { params: { id: string } },
@@ -67,7 +27,6 @@ export async function POST(
plesk_subscription_id: string;
plesk_instance_id: string;
} | null = null;
const startedAt = Date.now();
try {
assertSameOrigin(req);
@@ -109,153 +68,58 @@ export async function POST(
encryptedSecret: instance.encrypted_secret,
} as const;
const cliArgs =
payload.action === "suspend"
? ["--webspace-off", subscription.plesk_subscription_id]
: ["--unsuspend", subscription.plesk_subscription_id];
await insertActionLogBestEffort(supabase, {
agency_id: context.agencyId,
actor_user_id: context.userId,
target_type: "plesk_subscription",
target_id: subscription.id,
action: SUBSCRIPTION_ACTION_EVENTS[payload.action].requested,
status: "pending",
metadata: {
subscription_id: subscription.id,
plesk_instance_id: subscription.plesk_instance_id,
plesk_subscription_id: subscription.plesk_subscription_id,
cli_command: "subscription",
cli_args: cliArgs,
},
});
const actionCliResult =
payload.action === "suspend"
? await suspendPleskSubscription(
connection,
subscription.plesk_subscription_id,
)
: await unsuspendPleskSubscription(
connection,
subscription.plesk_subscription_id,
);
const fallbackStatus =
payload.action === "suspend" ? "suspended" : "active";
let refreshedStatus = fallbackStatus;
let refreshedStatusRaw: string | null = null;
let refreshErrorMessage: string | null = null;
try {
const infoResult = await pleskCliCall(connection, "subscription", [
"--info",
if (payload.action === "suspend") {
await suspendPleskSubscription(
connection,
subscription.plesk_subscription_id,
);
} else {
await unsuspendPleskSubscription(
connection,
subscription.plesk_subscription_id,
]);
const parsed = parseSubscriptionStatusDetailsFromInfo(
infoResult.stdout ?? "",
);
refreshedStatus = parsed.status;
refreshedStatusRaw = parsed.statusRaw;
} catch (refreshError) {
refreshErrorMessage =
refreshError instanceof Error
? refreshError.message.slice(0, 1000)
: "subscription_status_refresh_failed";
await insertActionLogBestEffort(supabase, {
agency_id: context.agencyId,
actor_user_id: context.userId,
target_type: "plesk_subscription",
target_id: subscription.id,
action: "subscription_status_refresh_failed",
status: "failed",
error_message: refreshErrorMessage,
metadata: {
subscription_id: subscription.id,
plesk_subscription_id: subscription.plesk_subscription_id,
plesk_instance_id: subscription.plesk_instance_id,
},
});
}
const newStatus = payload.action === "suspend" ? "suspended" : "active";
const { error: updateError } = await supabase
.from("plesk_subscriptions")
.update({
status: refreshedStatus,
status_raw: refreshedStatusRaw,
last_status_sync_at: new Date().toISOString(),
})
.update({ status: newStatus })
.eq("id", subscription.id);
await supabase
.from("plesk_domains")
.update({ status: refreshedStatus })
.eq("agency_id", context.agencyId)
.eq("subscription_id", subscription.id);
await insertActionLogBestEffort(supabase, {
await supabase.from("actions_log").insert({
agency_id: context.agencyId,
actor_user_id: context.userId,
target_type: "plesk_subscription",
target_id: subscription.id,
action: SUBSCRIPTION_ACTION_EVENTS[payload.action].succeeded,
action: payload.action,
status: "success",
metadata: {
duration_ms: Date.now() - startedAt,
cli_command: "subscription",
cli_args: cliArgs,
plesk_subscription_id: subscription.plesk_subscription_id,
refreshed_status: refreshedStatus,
refresh_error: refreshErrorMessage,
cli_exit_code: actionCliResult.code,
cli_stdout_excerpt: excerpt(actionCliResult.stdout),
cli_stderr_excerpt: excerpt(actionCliResult.stderr),
db_status_update_error: updateError?.message ?? null,
},
});
return NextResponse.json({
ok: true,
status: refreshedStatus,
status: newStatus,
dbStatusUpdated: !updateError,
refreshError: refreshErrorMessage,
});
} catch (error) {
if (supabase && context && subscription) {
const message =
error instanceof Error ? error.message : "Subscription action failed";
if (requestedAction) {
await insertActionLogBestEffort(supabase, {
agency_id: context.agencyId,
actor_user_id: context.userId,
target_type: "plesk_subscription",
target_id: subscription.id,
action: SUBSCRIPTION_ACTION_EVENTS[requestedAction].failed,
status: "failed",
error_message: message,
metadata: {
duration_ms: Date.now() - startedAt,
plesk_subscription_id: subscription.plesk_subscription_id,
plesk_instance_id: subscription.plesk_instance_id,
},
});
} else {
await insertActionLogBestEffort(supabase, {
agency_id: context.agencyId,
actor_user_id: context.userId,
target_type: "plesk_subscription",
target_id: subscription.id,
action: "subscription_action_failed",
status: "failed",
error_message: message,
metadata: {
duration_ms: Date.now() - startedAt,
plesk_subscription_id: subscription.plesk_subscription_id,
plesk_instance_id: subscription.plesk_instance_id,
},
});
}
await supabase.from("actions_log").insert({
agency_id: context.agencyId,
actor_user_id: context.userId,
target_type: "plesk_subscription",
target_id: subscription.id,
action: requestedAction ?? "subscription_action",
status: "failed",
error_message: message,
metadata: {
plesk_subscription_id: subscription.plesk_subscription_id,
},
});
}
return NextResponse.json(

View File

@@ -15,7 +15,7 @@ export async function POST() {
}
const stripe = getStripeClient();
const supabase = createSupabaseRouteClient() as any;
const supabase = createSupabaseRouteClient();
const { data: billing, error: billingError } = await supabase
.from("billing_accounts")
@@ -42,10 +42,7 @@ export async function POST() {
};
if (billing?.id) {
await supabase
.from("billing_accounts")
.update(upsertPayload)
.eq("id", billing.id);
await supabase.from("billing_accounts").update(upsertPayload).eq("id", billing.id);
} else {
await supabase.from("billing_accounts").insert(upsertPayload);
}
@@ -65,12 +62,7 @@ export async function POST() {
return NextResponse.json({ url: session.url });
} catch (error) {
return NextResponse.json(
{
error:
error instanceof Error
? error.message
: "Failed to create checkout session",
},
{ error: error instanceof Error ? error.message : "Failed to create checkout session" },
{ status: 400 },
);
}

View File

@@ -10,7 +10,7 @@ export async function POST() {
const context = await getRouteAgencyContextOrThrow();
assertAgencyAdmin(context);
const supabase = createSupabaseRouteClient() as any;
const supabase = createSupabaseRouteClient();
const stripe = getStripeClient();
const { data: billing, error } = await supabase
@@ -32,12 +32,7 @@ export async function POST() {
return NextResponse.json({ url: session.url });
} catch (error) {
return NextResponse.json(
{
error:
error instanceof Error
? error.message
: "Failed to open billing portal",
},
{ error: error instanceof Error ? error.message : "Failed to open billing portal" },
{ status: 400 },
);
}

View File

@@ -19,7 +19,7 @@ async function upsertBillingByCustomer(
current_period_end?: string | null;
},
) {
const supabase = createSupabaseAdminClient() as any;
const supabase = createSupabaseAdminClient();
const { data: existing } = await supabase
.from("billing_accounts")
@@ -28,33 +28,22 @@ async function upsertBillingByCustomer(
.maybeSingle();
if (existing?.id) {
await supabase
.from("billing_accounts")
.update(updates)
.eq("id", existing.id);
await supabase.from("billing_accounts").update(updates).eq("id", existing.id);
}
}
async function handleCheckoutSessionCompleted(
session: Stripe.Checkout.Session,
) {
const agencyId =
typeof session.metadata?.agency_id === "string"
? session.metadata.agency_id
: null;
const customerId =
typeof session.customer === "string" ? session.customer : null;
async function handleCheckoutSessionCompleted(session: Stripe.Checkout.Session) {
const agencyId = typeof session.metadata?.agency_id === "string" ? session.metadata.agency_id : null;
const customerId = typeof session.customer === "string" ? session.customer : null;
if (!agencyId || !customerId) return;
const supabase = createSupabaseAdminClient() as any;
const supabase = createSupabaseAdminClient();
const payload = {
agency_id: agencyId,
stripe_customer_id: customerId,
stripe_subscription_id:
typeof session.subscription === "string"
? (session.subscription as string)
: null,
typeof session.subscription === "string" ? (session.subscription as string) : null,
subscription_status: "active",
};
@@ -65,10 +54,7 @@ async function handleCheckoutSessionCompleted(
.maybeSingle();
if (existing?.id) {
await supabase
.from("billing_accounts")
.update(payload)
.eq("id", existing.id);
await supabase.from("billing_accounts").update(payload).eq("id", existing.id);
} else {
await supabase.from("billing_accounts").insert(payload);
}
@@ -76,14 +62,7 @@ async function handleCheckoutSessionCompleted(
async function handleSubscriptionUpdated(subscription: Stripe.Subscription) {
const customerId =
typeof subscription.customer === "string"
? subscription.customer
: subscription.customer?.id;
const currentPeriodEnd =
"current_period_end" in subscription
? (subscription as { current_period_end?: number | null })
.current_period_end
: null;
typeof subscription.customer === "string" ? subscription.customer : subscription.customer?.id;
if (!customerId) return;
@@ -91,27 +70,20 @@ async function handleSubscriptionUpdated(subscription: Stripe.Subscription) {
stripe_subscription_id: subscription.id,
plan_id: subscription.items.data[0]?.price.id ?? null,
subscription_status: subscription.status,
current_period_end: toIsoOrNull(currentPeriodEnd),
current_period_end: toIsoOrNull(subscription.current_period_end),
});
}
async function handleSubscriptionDeleted(subscription: Stripe.Subscription) {
const customerId =
typeof subscription.customer === "string"
? subscription.customer
: subscription.customer?.id;
const currentPeriodEnd =
"current_period_end" in subscription
? (subscription as { current_period_end?: number | null })
.current_period_end
: null;
typeof subscription.customer === "string" ? subscription.customer : subscription.customer?.id;
if (!customerId) return;
await upsertBillingByCustomer(customerId, {
stripe_subscription_id: subscription.id,
subscription_status: "canceled",
current_period_end: toIsoOrNull(currentPeriodEnd),
current_period_end: toIsoOrNull(subscription.current_period_end),
});
}
@@ -123,35 +95,22 @@ export async function POST(req: Request) {
const signature = req.headers.get("stripe-signature");
if (!signature) {
return NextResponse.json(
{ error: "Missing stripe-signature header" },
{ status: 400 },
);
return NextResponse.json({ error: "Missing stripe-signature header" }, { status: 400 });
}
const stripe = getStripeClient();
const body = await req.text();
const event = stripe.webhooks.constructEvent(
body,
signature,
env.stripeWebhookSecret,
);
const event = stripe.webhooks.constructEvent(body, signature, env.stripeWebhookSecret);
switch (event.type) {
case "checkout.session.completed":
await handleCheckoutSessionCompleted(
event.data.object as Stripe.Checkout.Session,
);
await handleCheckoutSessionCompleted(event.data.object as Stripe.Checkout.Session);
break;
case "customer.subscription.updated":
await handleSubscriptionUpdated(
event.data.object as Stripe.Subscription,
);
await handleSubscriptionUpdated(event.data.object as Stripe.Subscription);
break;
case "customer.subscription.deleted":
await handleSubscriptionDeleted(
event.data.object as Stripe.Subscription,
);
await handleSubscriptionDeleted(event.data.object as Stripe.Subscription);
break;
default:
break;
@@ -160,10 +119,7 @@ export async function POST(req: Request) {
return NextResponse.json({ received: true });
} catch (error) {
return NextResponse.json(
{
error:
error instanceof Error ? error.message : "Webhook handling failed",
},
{ error: error instanceof Error ? error.message : "Webhook handling failed" },
{ status: 400 },
);
}

View File

@@ -2,18 +2,12 @@ import { createRouteHandlerClient } from "@supabase/auth-helpers-nextjs";
import { NextResponse } from "next/server";
import { cookies } from "next/headers";
import { env } from "@/lib/env";
import type { Database } from "@/lib/types";
export async function GET(request: Request) {
const requestUrl = new URL(request.url);
const code = requestUrl.searchParams.get("code");
const nextParam = requestUrl.searchParams.get("next");
const next =
nextParam && nextParam.startsWith("/") && !nextParam.startsWith("//")
? nextParam
: "/dashboard";
const redirectOrigin = env.appOrigin || requestUrl.origin;
const next = requestUrl.searchParams.get("next") ?? "/dashboard";
if (code) {
const supabase = createRouteHandlerClient<Database>({ cookies });
@@ -21,16 +15,18 @@ export async function GET(request: Request) {
if (error) {
console.error(error);
return NextResponse.redirect(
new URL(`/login?authError=1`, redirectOrigin),
new URL(`/login?authError=1`, requestUrl.origin),
);
}
const {
data: { user },
} = await supabase.auth.getUser();
if (!user) {
return NextResponse.redirect(new URL(`/login?noUser=1`, redirectOrigin));
return NextResponse.redirect(
new URL(`/login?noUser=1`, requestUrl.origin),
);
}
}
return NextResponse.redirect(new URL(next, redirectOrigin));
return NextResponse.redirect(new URL(next, requestUrl.origin));
}

View File

@@ -1,301 +0,0 @@
import Link from "next/link";
import { getServerAgencyContextOrRedirect } from "@/lib/agency";
import { createSupabaseServerClient } from "@/lib/supabase/server";
import { formatDateTime } from "@/lib/dates";
export const dynamic = "force-dynamic";
const PAGE_SIZE = 50;
type SearchParams = {
page?: string;
instance?: string;
action?: string;
status?: string;
};
function getSingleParam(value: string | string[] | undefined) {
if (!value) return "";
return Array.isArray(value) ? (value[0] ?? "") : value;
}
function buildQueryString(next: Record<string, string | number | undefined>) {
const params = new URLSearchParams();
for (const [key, value] of Object.entries(next)) {
if (value == null) continue;
const normalized = String(value);
if (!normalized) continue;
params.set(key, normalized);
}
return params.toString();
}
export default async function ActivityPage({
searchParams,
}: {
searchParams?: SearchParams;
}) {
const context = await getServerAgencyContextOrRedirect();
const supabase = createSupabaseServerClient() as any;
const selectedInstance = getSingleParam(searchParams?.instance);
const selectedAction = getSingleParam(searchParams?.action);
const selectedStatus = getSingleParam(searchParams?.status);
const page = Math.max(
Number(getSingleParam(searchParams?.page) || "1") || 1,
1,
);
const { data: instances } = await supabase
.from("plesk_instances")
.select("id, name, base_url")
.eq("agency_id", context.agencyId)
.order("name", { ascending: true });
let baseQuery = supabase
.from("actions_log")
.select(
"id, created_at, target_type, target_id, action, status, error_message, metadata",
{ count: "exact" },
)
.eq("agency_id", context.agencyId)
.order("created_at", { ascending: false });
if (selectedAction) {
baseQuery = baseQuery.eq("action", selectedAction);
}
if (selectedStatus) {
baseQuery = baseQuery.eq("status", selectedStatus);
}
if (selectedInstance) {
baseQuery = baseQuery.or(
`target_id.eq.${selectedInstance},metadata->>plesk_instance_id.eq.${selectedInstance}`,
);
}
const from = (page - 1) * PAGE_SIZE;
const to = from + PAGE_SIZE - 1;
const { data: logs, count } = await baseQuery.range(from, to);
const { data: recentForActions } = await supabase
.from("actions_log")
.select("action")
.eq("agency_id", context.agencyId)
.order("created_at", { ascending: false })
.limit(200);
const actionOptions: string[] = Array.from(
new Set<string>(
(recentForActions ?? []).map((entry: any) => String(entry.action)),
),
).sort((a, b) => a.localeCompare(b));
const instanceNameById = new Map<string, string>(
(instances ?? []).map((instance: any) => [
String(instance.id),
String(instance.name ?? instance.base_url ?? instance.id),
]),
);
const total = count ?? 0;
const hasPrev = page > 1;
const hasNext = to + 1 < total;
return (
<main className="mx-auto w-full max-w-6xl space-y-4 px-6 py-8">
<div className="flex items-center justify-between">
<div>
<h1 className="text-2xl font-bold text-slate-900">Activity Log</h1>
<p className="text-sm text-slate-600">
Recent actions for your agency
</p>
</div>
<Link href="/dashboard" className="text-sm text-brand-700 underline">
Back to dashboard
</Link>
</div>
<form className="grid gap-2 rounded-xl border border-slate-200 bg-white p-4 md:grid-cols-4">
<div>
<label className="text-xs font-medium text-slate-600">Instance</label>
<select
name="instance"
defaultValue={selectedInstance}
className="mt-1 w-full rounded border border-slate-300 px-2 py-1.5 text-sm"
>
<option value="">All instances</option>
{(instances ?? []).map((instance: any) => (
<option key={String(instance.id)} value={String(instance.id)}>
{String(instance.name ?? instance.base_url ?? instance.id)}
</option>
))}
</select>
</div>
<div>
<label className="text-xs font-medium text-slate-600">Action</label>
<select
name="action"
defaultValue={selectedAction}
className="mt-1 w-full rounded border border-slate-300 px-2 py-1.5 text-sm"
>
<option value="">All actions</option>
{actionOptions.map((action) => (
<option key={action} value={action}>
{action}
</option>
))}
</select>
</div>
<div>
<label className="text-xs font-medium text-slate-600">Status</label>
<select
name="status"
defaultValue={selectedStatus}
className="mt-1 w-full rounded border border-slate-300 px-2 py-1.5 text-sm"
>
<option value="">All statuses</option>
<option value="pending">Pending</option>
<option value="success">Success</option>
<option value="failed">Failed</option>
</select>
</div>
<div className="flex items-end gap-2">
<button className="rounded border px-3 py-1.5 text-sm">Apply</button>
<Link
href="/dashboard/activity"
className="rounded border px-3 py-1.5 text-sm"
>
Reset
</Link>
</div>
</form>
<div className="overflow-x-auto rounded-xl border border-slate-200 bg-white">
<table className="min-w-full text-left text-sm">
<thead>
<tr className="border-b border-slate-200 text-xs uppercase text-slate-500">
<th className="px-3 py-2">Time</th>
<th className="px-3 py-2">Instance</th>
<th className="px-3 py-2">Action</th>
<th className="px-3 py-2">Target</th>
<th className="px-3 py-2">Status</th>
<th className="px-3 py-2">Message</th>
<th className="px-3 py-2">Details</th>
</tr>
</thead>
<tbody>
{(logs ?? []).length === 0 ? (
<tr>
<td className="px-3 py-4 text-slate-500" colSpan={7}>
No activity found.
</td>
</tr>
) : (
(logs ?? []).map((row: any) => {
const metadata =
row?.metadata && typeof row.metadata === "object"
? (row.metadata as Record<string, unknown>)
: null;
const instanceId =
(metadata?.plesk_instance_id as string | undefined) ??
(row.target_type === "plesk_instance"
? (row.target_id as string | null)
: null);
return (
<tr
key={row.id}
className="border-b border-slate-100 align-top"
>
<td className="px-3 py-2">
{formatDateTime(row.created_at)}
</td>
<td className="px-3 py-2">
{instanceId
? (instanceNameById.get(instanceId) ?? instanceId)
: "-"}
</td>
<td className="px-3 py-2">{row.action ?? "-"}</td>
<td className="px-3 py-2">
{row.target_type ?? "-"}
{row.target_id ? ` (${row.target_id})` : ""}
</td>
<td className="px-3 py-2">{row.status ?? "-"}</td>
<td className="px-3 py-2">{row.error_message ?? "-"}</td>
<td className="px-3 py-2">
{metadata ? (
<details>
<summary className="cursor-pointer text-xs text-brand-700">
View
</summary>
<pre className="mt-1 max-w-[460px] overflow-auto rounded bg-slate-50 p-2 text-[11px] text-slate-700">
{JSON.stringify(metadata, null, 2)}
</pre>
</details>
) : (
"-"
)}
</td>
</tr>
);
})
)}
</tbody>
</table>
</div>
<div className="flex items-center justify-between text-sm">
<p className="text-slate-500">
Showing {Math.min(total, from + 1)} - {Math.min(total, to + 1)} of{" "}
{total}
</p>
<div className="flex gap-2">
{hasPrev ? (
<Link
href={`/dashboard/activity?${buildQueryString({
page: page - 1,
instance: selectedInstance,
action: selectedAction,
status: selectedStatus,
})}`}
className="rounded border px-3 py-1.5"
>
Previous
</Link>
) : (
<span className="rounded border px-3 py-1.5 text-slate-400">
Previous
</span>
)}
{hasNext ? (
<Link
href={`/dashboard/activity?${buildQueryString({
page: page + 1,
instance: selectedInstance,
action: selectedAction,
status: selectedStatus,
})}`}
className="rounded border px-3 py-1.5"
>
Next
</Link>
) : (
<span className="rounded border px-3 py-1.5 text-slate-400">
Next
</span>
)}
</div>
</div>
</main>
);
}

View File

@@ -1,12 +1,8 @@
import { SignOutButton } from "@/components/auth/sign-out-button";
import { DashboardControls } from "@/components/dashboard/dashboard-controls";
import { getServerAgencyContextOrRedirect } from "@/lib/agency";
import { formatDateTime } from "@/lib/dates";
import type { Database } from "@/lib/types";
import { createSupabaseServerClient } from "@/lib/supabase/server";
import Link from "next/link";
export const dynamic = "force-dynamic";
type AgencySummary = Pick<
Database["public"]["Tables"]["agencies"]["Row"],
@@ -20,98 +16,6 @@ type ActionLogSummary = Pick<
Database["public"]["Tables"]["actions_log"]["Row"],
"target_id" | "status" | "action" | "created_at" | "error_message"
>;
type AutosyncLatestLogSummary = Pick<
Database["public"]["Tables"]["actions_log"]["Row"],
"created_at"
>;
type HealthLogSummary = Pick<
Database["public"]["Tables"]["actions_log"]["Row"],
| "id"
| "target_id"
| "status"
| "action"
| "created_at"
| "error_message"
| "metadata"
>;
const RELATIVE_TIME_FORMATTER = new Intl.RelativeTimeFormat("en", {
numeric: "auto",
});
function getLatestTimestamp(values: Array<string | null | undefined>) {
let latestIso: string | null = null;
let latestMs = Number.NEGATIVE_INFINITY;
for (const value of values) {
if (!value) continue;
const parsed = new Date(value).getTime();
if (Number.isNaN(parsed)) continue;
if (parsed > latestMs) {
latestMs = parsed;
latestIso = value;
}
}
return latestIso;
}
function formatRelativeTime(value?: string | null) {
if (!value) return null;
const targetMs = new Date(value).getTime();
if (Number.isNaN(targetMs)) return null;
const deltaSeconds = Math.round((targetMs - Date.now()) / 1000);
const absSeconds = Math.abs(deltaSeconds);
if (absSeconds < 60) {
return RELATIVE_TIME_FORMATTER.format(deltaSeconds, "second");
}
const deltaMinutes = Math.round(deltaSeconds / 60);
if (Math.abs(deltaMinutes) < 60) {
return RELATIVE_TIME_FORMATTER.format(deltaMinutes, "minute");
}
const deltaHours = Math.round(deltaMinutes / 60);
if (Math.abs(deltaHours) < 24) {
return RELATIVE_TIME_FORMATTER.format(deltaHours, "hour");
}
const deltaDays = Math.round(deltaHours / 24);
if (Math.abs(deltaDays) < 30) {
return RELATIVE_TIME_FORMATTER.format(deltaDays, "day");
}
const deltaMonths = Math.round(deltaDays / 30);
if (Math.abs(deltaMonths) < 12) {
return RELATIVE_TIME_FORMATTER.format(deltaMonths, "month");
}
const deltaYears = Math.round(deltaMonths / 12);
return RELATIVE_TIME_FORMATTER.format(deltaYears, "year");
}
function normalizeDomainLike(value: string) {
return value.trim().toLowerCase().replace(/\.$/, "");
}
function findBestSuffixStatusMatch(
normalizedDomain: string,
candidates: Array<{ normalizedName: string; status: string | null }>,
) {
let best: { normalizedName: string; status: string | null } | null = null;
for (const candidate of candidates) {
if (!normalizedDomain.endsWith(`.${candidate.normalizedName}`)) continue;
if (!best || candidate.normalizedName.length > best.normalizedName.length) {
best = candidate;
}
}
return best?.status ?? null;
}
export default async function DashboardPage() {
const context = await getServerAgencyContextOrRedirect();
@@ -124,8 +28,6 @@ export default async function DashboardPage() {
{ data: domains },
{ data: billing },
{ data: autoSyncLogs },
{ data: latestAutoSyncLog },
{ data: healthLogs },
] = (await Promise.all([
supabase
.from("agencies")
@@ -135,7 +37,7 @@ export default async function DashboardPage() {
supabase
.from("plesk_instances")
.select(
"id, name, base_url, auth_type, status, error_message, last_connected_at, last_sync_at, last_sync_status, last_sync_error, last_sync_subscriptions, last_sync_domains, auto_sync_enabled, auto_sync_frequency_minutes, last_auto_sync_at, next_auto_sync_at, auto_sync_lock_until, health_enabled, health_status, health_last_checked_at, health_last_ok_at, health_last_error, health_last_latency_ms, health_check_frequency_minutes, health_next_check_at, health_lock_until",
"id, name, base_url, auth_type, status, error_message, last_connected_at, last_sync_at, last_sync_status, last_sync_error, last_sync_subscriptions, last_sync_domains",
)
.eq("agency_id", context.agencyId)
.order("created_at", { ascending: false }),
@@ -148,7 +50,7 @@ export default async function DashboardPage() {
supabase
.from("plesk_domains")
.select(
"id, plesk_instance_id, subscription_id, external_subscription_id, status, domain_name, hosting_type, source_created_at, aliases_count, updated_at",
"id, plesk_instance_id, subscription_id, domain_name, status, hosting_type, source_created_at, aliases_count, updated_at",
)
.eq("agency_id", context.agencyId)
.order("updated_at", { ascending: false })
@@ -166,31 +68,6 @@ export default async function DashboardPage() {
.eq("action", "plesk_sync_auto")
.order("created_at", { ascending: false })
.limit(200),
supabase
.from("actions_log")
.select("created_at")
.eq("agency_id", context.agencyId)
.eq("target_type", "plesk_instance")
.eq("action", "autosync_completed")
.eq("status", "success")
.order("created_at", { ascending: false })
.limit(1)
.maybeSingle(),
supabase
.from("actions_log")
.select(
"id, target_id, status, action, created_at, error_message, metadata",
)
.eq("agency_id", context.agencyId)
.eq("target_type", "plesk_instance")
.in("action", [
"health_check_started",
"health_check_ok",
"health_check_degraded",
"health_check_failed",
])
.order("created_at", { ascending: false })
.limit(400),
])) as [
{ data: AgencySummary | null },
{
@@ -207,20 +84,6 @@ export default async function DashboardPage() {
last_sync_error: string | null;
last_sync_subscriptions: number;
last_sync_domains: number;
auto_sync_enabled: boolean;
auto_sync_frequency_minutes: number;
last_auto_sync_at: string | null;
next_auto_sync_at: string | null;
auto_sync_lock_until: string | null;
health_enabled: boolean;
health_status: "ok" | "degraded" | "down" | "unknown";
health_last_checked_at: string | null;
health_last_ok_at: string | null;
health_last_error: string | null;
health_last_latency_ms: number | null;
health_check_frequency_minutes: number;
health_next_check_at: string | null;
health_lock_until: string | null;
}> | null;
error: { message: string } | null;
},
@@ -238,7 +101,6 @@ export default async function DashboardPage() {
id: string;
plesk_instance_id: string;
subscription_id: string | null;
external_subscription_id: string | null;
domain_name: string;
status: string | null;
hosting_type: string | null;
@@ -249,86 +111,8 @@ export default async function DashboardPage() {
},
{ data: BillingSummary | null },
{ data: ActionLogSummary[] | null },
{ data: AutosyncLatestLogSummary | null },
{ data: HealthLogSummary[] | null },
];
const domainInstanceIds = Array.from(
new Set((domains ?? []).map((domain) => domain.plesk_instance_id)),
);
const { data: domainSubscriptions } =
domainInstanceIds.length > 0
? await supabase
.from("plesk_subscriptions")
.select("id, plesk_instance_id, plesk_subscription_id, name, status")
.eq("agency_id", context.agencyId)
.in("plesk_instance_id", domainInstanceIds)
: { data: [] };
const subscriptionStatusById = new Map<string, string | null>(
(domainSubscriptions ?? []).map((subscription: any) => [
String(subscription.id),
subscription?.status ? String(subscription.status) : null,
]),
);
const subscriptionDisplayNameById = new Map<string, string>(
(domainSubscriptions ?? [])
.filter((subscription: any) => subscription?.id)
.map((subscription: any) => [
String(subscription.id),
String(
subscription?.name ||
subscription?.plesk_subscription_id ||
subscription?.id,
),
]),
);
const subscriptionStatusByExternalId = new Map<string, string | null>(
(domainSubscriptions ?? [])
.filter((subscription: any) =>
Boolean(
subscription?.plesk_instance_id &&
subscription?.plesk_subscription_id,
),
)
.map((subscription: any) => [
`${String(subscription.plesk_instance_id)}:${String(subscription.plesk_subscription_id)}`,
subscription?.status ? String(subscription.status) : null,
]),
);
const subscriptionStatusByInstanceAndName = new Map<string, string | null>(
(domainSubscriptions ?? [])
.filter((subscription: any) =>
Boolean(subscription?.plesk_instance_id && subscription?.name),
)
.map((subscription: any) => [
`${String(subscription.plesk_instance_id)}:${normalizeDomainLike(String(subscription.name))}`,
subscription?.status ? String(subscription.status) : null,
]),
);
const subscriptionStatusNameCandidatesByInstance = new Map<
string,
Array<{ normalizedName: string; status: string | null }>
>();
for (const subscription of domainSubscriptions ?? []) {
if (!subscription?.plesk_instance_id || !subscription?.name) continue;
const instanceId = String(subscription.plesk_instance_id);
const existing =
subscriptionStatusNameCandidatesByInstance.get(instanceId) ?? [];
existing.push({
normalizedName: normalizeDomainLike(String(subscription.name)),
status: subscription?.status ? String(subscription.status) : null,
});
subscriptionStatusNameCandidatesByInstance.set(instanceId, existing);
}
const autoSyncByInstance = new Map<
string,
{ status: string; created_at: string; error_message: string | null }
@@ -343,67 +127,6 @@ export default async function DashboardPage() {
});
}
const healthEventsByInstance = new Map<
string,
Array<{
id: string;
action: string;
status: string;
created_at: string;
error_message: string | null;
metadata: unknown;
}>
>();
for (const log of healthLogs ?? []) {
if (!log.target_id) continue;
const existing = healthEventsByInstance.get(log.target_id) ?? [];
if (existing.length >= 10) continue;
existing.push({
id: log.id,
action: log.action,
status: log.status,
created_at: log.created_at,
error_message: log.error_message,
metadata: log.metadata,
});
healthEventsByInstance.set(log.target_id, existing);
}
const healthCounts = { ok: 0, degraded: 0, down: 0, unknown: 0 };
for (const instance of instances ?? []) {
const status = (instance.health_status ?? "unknown") as
| "ok"
| "degraded"
| "down"
| "unknown";
if (status === "ok") healthCounts.ok += 1;
else if (status === "degraded") healthCounts.degraded += 1;
else if (status === "down") healthCounts.down += 1;
else healthCounts.unknown += 1;
}
const latestHealthCheckAt = getLatestTimestamp(
(instances ?? []).map((instance) => instance.health_last_checked_at),
);
const autoSyncEnabledCount = (instances ?? []).filter(
(instance) => instance.auto_sync_enabled,
).length;
const latestAutoSyncFromInstances = getLatestTimestamp(
(instances ?? []).map((instance) => instance.last_auto_sync_at),
);
const latestAutoSyncAt =
latestAutoSyncFromInstances ?? latestAutoSyncLog?.created_at ?? null;
const downInstanceNames = (instances ?? [])
.filter((instance) => instance.health_status === "down")
.slice(0, 3)
.map((instance) => instance.name || instance.base_url);
return (
<main className="mx-auto flex w-full max-w-6xl flex-col gap-6 px-6 py-8">
<header className="flex items-center justify-between">
@@ -413,100 +136,9 @@ export default async function DashboardPage() {
</h1>
<p className="text-sm text-slate-600">Role: {context.role}</p>
</div>
<div className="flex items-center gap-3">
<Link
href="/dashboard/activity"
className="text-sm text-brand-700 underline"
>
Activity
</Link>
<SignOutButton />
</div>
<SignOutButton />
</header>
<section className="rounded-xl border border-slate-200 bg-white p-4">
<div className="space-y-3 text-sm text-slate-700">
<div>
<p className="text-xs font-semibold uppercase tracking-wide text-slate-500">
Instance Health
</p>
<div className="mt-1 flex flex-wrap gap-2">
<span className="rounded bg-emerald-100 px-2 py-0.5 text-xs font-medium text-emerald-700">
Ok: {healthCounts.ok}
</span>
<span className="rounded bg-amber-100 px-2 py-0.5 text-xs font-medium text-amber-700">
Degraded: {healthCounts.degraded}
</span>
<span className="rounded bg-rose-100 px-2 py-0.5 text-xs font-medium text-rose-700">
Down: {healthCounts.down}
</span>
<span className="rounded bg-slate-100 px-2 py-0.5 text-xs font-medium text-slate-700">
Unknown: {healthCounts.unknown}
</span>
</div>
</div>
{healthCounts.down > 0 ? (
<div className="rounded border border-rose-200 bg-rose-50 px-3 py-2 text-xs text-rose-700">
{healthCounts.down} instance{healthCounts.down === 1 ? "" : "s"}{" "}
down
{downInstanceNames.length > 0
? `: ${downInstanceNames.join(", ")}${healthCounts.down > downInstanceNames.length ? ", …" : ""}`
: ""}
</div>
) : null}
<div className="flex flex-wrap gap-3">
<p>
<span className="font-medium text-slate-900">
Last Health Check:
</span>{" "}
<span
title={
latestHealthCheckAt
? formatDateTime(latestHealthCheckAt)
: undefined
}
>
{formatRelativeTime(latestHealthCheckAt) ?? "Never"}
</span>
</p>
<p>
<span className="font-medium text-slate-900">Auto Sync:</span>{" "}
Enabled on {autoSyncEnabledCount} instance
{autoSyncEnabledCount === 1 ? "" : "s"}
</p>
<p>
<span className="font-medium text-slate-900">Last run:</span>{" "}
<span
title={
latestAutoSyncAt
? formatDateTime(latestAutoSyncAt)
: undefined
}
>
{formatRelativeTime(latestAutoSyncAt) ?? "Not yet run"}
</span>
</p>
</div>
<div className="flex flex-wrap gap-2 pt-1">
<Link
href="/dashboard#instances-panel"
className="rounded border border-slate-300 px-3 py-1.5 text-xs font-medium text-slate-700"
>
Instances
</Link>
<Link
href="/dashboard/activity"
className="rounded border border-slate-300 px-3 py-1.5 text-xs font-medium text-slate-700"
>
Activity
</Link>
</div>
</div>
</section>
<section className="grid gap-4 md:grid-cols-3">
<div className="rounded-xl border border-slate-200 bg-white p-4">
<p className="text-sm text-slate-500">Plesk Instances</p>
@@ -532,49 +164,12 @@ export default async function DashboardPage() {
Instances query failed: {instancesError.message}
</div>
) : null}
<section id="instances-panel">
<DashboardControls
instances={instances ?? []}
subscriptions={subscriptions ?? []}
domains={(domains ?? []).map((domain) => {
const joinedStatusByLocalId = domain.subscription_id
? subscriptionStatusById.get(domain.subscription_id)
: null;
const joinedStatusByExternalId = domain.external_subscription_id
? subscriptionStatusByExternalId.get(
`${domain.plesk_instance_id}:${domain.external_subscription_id}`,
)
: null;
const joinedStatusByName = subscriptionStatusByInstanceAndName.get(
`${domain.plesk_instance_id}:${normalizeDomainLike(domain.domain_name)}`,
);
const joinedStatusBySuffix = findBestSuffixStatusMatch(
normalizeDomainLike(domain.domain_name),
subscriptionStatusNameCandidatesByInstance.get(
domain.plesk_instance_id,
) ?? [],
);
const joinedStatus =
joinedStatusByLocalId ??
joinedStatusByExternalId ??
joinedStatusByName ??
joinedStatusBySuffix;
return {
...domain,
status: joinedStatus ?? "unknown",
subscription_name: domain.subscription_id
? (subscriptionDisplayNameById.get(domain.subscription_id) ??
null)
: null,
};
})}
autoSyncByInstance={Object.fromEntries(autoSyncByInstance.entries())}
healthEventsByInstance={Object.fromEntries(
healthEventsByInstance.entries(),
)}
/>
</section>
<DashboardControls
instances={instances ?? []}
subscriptions={subscriptions ?? []}
domains={domains ?? []}
autoSyncByInstance={Object.fromEntries(autoSyncByInstance.entries())}
/>
</main>
);
}

File diff suppressed because it is too large Load Diff

View File

@@ -1,21 +0,0 @@
services:
web:
container_name: plesk-agency-portal
image: ${APP_IMAGE:-plesk-agency-portal:latest}
restart: unless-stopped
env_file:
- .env
ports:
- "3000:3000"
healthcheck:
test:
[
"CMD",
"node",
"-e",
"fetch('http://127.0.0.1:3000/api/health').then((r)=>{if(!r.ok)process.exit(1)}).catch(()=>process.exit(1))",
]
interval: 30s
timeout: 5s
retries: 3
start_period: 20s

View File

@@ -1,245 +0,0 @@
# GUARDRAILS
These systems are **currently working** and must **not be broken by AI refactors**.
AI tools must **prefer minimal changes** and avoid architecture changes unless explicitly instructed.
---
# Core Principle
If a task can be solved with a **small change**, the AI must **not perform a large rewrite**.
---
# Git Workflow Rules
The AI must **NEVER commit directly to `master` or `main`.**
All changes must be made via a branch.
## Branch naming conventions
Feature work:
feature/<short-description>
Bug fixes:
fix/<short-description>
Examples:
feature/supabase-public-endpoint
fix/smoke-check-url
fix/magic-link-auth
## Required workflow
1. Create a branch from `master`
2. Make the required changes
3. Commit changes to that branch
4. Show the diff
5. Do **not merge automatically**
6. Push the branch and create a pull request unless explicitly told not to.
7. User performs merge after review
---
# Infrastructure Protection
The AI must **not modify infrastructure** unless explicitly instructed.
This includes:
- DNS records
- reverse proxy configuration
- SSL certificates
- server networking
- firewall rules
- Proxmox configuration
- VM/LXC creation
- Nginx Proxy Manager configuration
- Supabase server configuration
These systems are **managed manually**.
---
# CI/CD
The Jenkins pipeline currently **builds and deploys the application**.
Deployment process:
docker save → scp → docker load
The AI must **not change the deployment architecture** without instruction.
Allowed CI changes:
- fixing pipeline bugs
- improving reliability
- adding environment variables
- improving logs
Not allowed:
- replacing Jenkins
- replacing Docker deployment
- changing deployment host
- introducing Kubernetes
- major CI architecture changes
---
# Container
Container name:
plesk-agency-portal
Deployment path:
/opt/plesk-agency-portal
The AI must **not rename containers or paths** without explicit approval.
---
# Reverse Proxy
Reverse proxy is managed by:
Nginx Proxy Manager
Public application URL:
https://portal.rdbcloud.co.uk
Supabase public endpoint:
https://supabase.rdbcloud.co.uk
The AI must **not change reverse proxy configuration**.
---
# Authentication
Authentication system:
Supabase Magic Link
Required environment variables:
NEXT_PUBLIC_SUPABASE_URL
SUPABASE_URL
NEXT_PUBLIC_SUPABASE_ANON_KEY
The AI must **not replace the authentication system**.
---
# Environment Variables
Secrets must **never be committed to the repository**.
Secrets must come from:
- Jenkins credentials
- environment variables
- deployment configuration
Never commit:
API keys
private tokens
database passwords
service keys
---
# Docker
Docker is used for **build and deployment**.
The AI may:
- update Dockerfile
- fix build issues
- improve caching
The AI must **not introduce complex container orchestration**.
Not allowed:
kubernetes
docker swarm
nomad
terraform
Unless explicitly requested.
---
# Database
Database system:
Supabase Postgres
The AI must **not perform destructive database changes**.
Not allowed automatically:
DROP TABLE
DROP COLUMN
DELETE large datasets
schema rewrites
Schema changes must be **reviewed first**.
---
# Safe Refactoring Rules
Allowed:
- small code improvements
- bug fixes
- performance improvements
- logging improvements
- type fixes
- lint fixes
Avoid:
- large rewrites
- framework changes
- directory restructuring
- renaming large parts of the codebase
Unless specifically requested.
---
# When AI Is Unsure
If the AI is unsure:
1. Explain the risk
2. Ask for clarification
3. Do **not proceed with risky changes**
---
# Priority Order
When making decisions, the AI must prioritise:
1. **Do not break production**
2. **Respect guardrails**
3. **Make minimal safe changes**
4. **Preserve deployment pipeline**
5. **Follow branch workflow**

View File

@@ -1,43 +0,0 @@
# PROJECT-STATE
## Stable Systems
The following are stable and working:
CI/CD pipeline
Docker deployment
Reverse proxy routing
Application container startup
Smoke test endpoint
## Deployment
Jenkins → Build → Docker image → docker save → SCP → docker load → container recreate
App path:
/opt/plesk-agency-portal
Container:
plesk-agency-portal
## Public Endpoint
https://portal.rdbcloud.co.uk
## Current Work
Fix Supabase HTTPS endpoint and authentication flow.
## Known Risk
Supabase currently exposed via HTTP internally causing browser mixed content blocking.
## Update Rules
When system changes:
1. Update PROJECT-STATE.md
2. Update ai-project-context.md
3. Add a new handover file

View File

@@ -1,58 +0,0 @@
# RUNBOOK
## Production App
Host:
192.168.68.89
Deploy path:
/opt/plesk-agency-portal
Container:
plesk-agency-portal
Public URL:
https://portal.rdbcloud.co.uk
---
## Health Check
Public:
curl https://portal.rdbcloud.co.uk/api/health
Local:
curl http://127.0.0.1:3000/api/health
---
## Check Running Container
docker ps
docker inspect plesk-agency-portal --format '{{.Image}} {{.Created}}'
docker images | grep plesk-agency-portal
---
## View Logs
cd /opt/plesk-agency-portal
docker compose -f docker-compose.prod.yml logs --tail=200
Follow logs:
docker logs -f plesk-agency-portal
---
## Rollback
cd /opt/plesk-agency-portal
APP_IMAGE=plesk-agency-portal:build-37 ./scripts/rollback-prod.sh
Verify:
docker inspect plesk-agency-portal --format '{{.Image}} {{.Created}}'
curl http://127.0.0.1:3000/api/health

View File

@@ -1,191 +0,0 @@
# AI Bootstrap Context -- Plesk Agency Portal
This document is intended to be uploaded into a new AI conversation so
the assistant can quickly understand the project state.
------------------------------------------------------------------------
# Project Overview
The **Plesk Agency Portal** is a multi-tenant SaaS platform that allows
agencies to manage multiple Plesk servers, hosting subscriptions, and
domains from a single interface.
Goals:
- Connect multiple Plesk servers
- Sync subscriptions and domains
- Manage hosting environments
- Provide SaaS billing integration
- Enforce tenant isolation using Supabase Row Level Security (RLS)
------------------------------------------------------------------------
# Technology Stack
Frontend Next.js (App Router)
Backend Next.js API routes
Authentication Supabase Auth (Magic Link)
Database Supabase PostgreSQL
CI/CD Jenkins
Containerisation Docker
Reverse Proxy Nginx Proxy Manager
Infrastructure Self-hosted Linux servers
------------------------------------------------------------------------
# Current Deployment Architecture
CI/CD Pipeline:
1. Code pushed to repository
2. Jenkins pipeline runs
3. Next.js application builds
4. Docker image builds
5. Image exported via `docker save`
6. Image transferred via SSH/SCP
7. Image loaded on application host
8. Container recreated
9. Smoke test verifies service
Images are transferred using:
docker save → scp → docker load
This avoids requiring a Docker registry during early development.
------------------------------------------------------------------------
# Infrastructure
Jenkins Host Responsible for:
- building Docker images
- running CI/CD pipeline
- deploying containers
Application Host
Deployment path:
/opt/plesk-agency-portal
Docker container:
plesk-agency-portal
Application port:
3000
Reverse Proxy:
Nginx Proxy Manager
Public domain:
https://portal.rdbcloud.co.uk
------------------------------------------------------------------------
# Database & Auth
Supabase is self-hosted on an internal server.
Current API endpoint:
http://192.168.68.52:54321
Because the portal runs via HTTPS, this causes a browser mixed-content
error.
------------------------------------------------------------------------
# Current Blocking Issue
Supabase authentication fails because the frontend attempts to call:
http://192.168.68.52:54321
while the portal itself is served via HTTPS.
Browsers block the request.
------------------------------------------------------------------------
# Planned Fix
Expose Supabase through HTTPS using Nginx Proxy Manager.
Target domain:
https://supabase.rdbcloud.co.uk
Proxy configuration:
Forward host: 192.168.68.52\
Forward port: 54321
After that update environment variables:
NEXT_PUBLIC_SUPABASE_URL SUPABASE_URL
Then redeploy the portal.
------------------------------------------------------------------------
# Deployment Verification
Example deployed image:
plesk-agency-portal:build-62
Verification command:
docker inspect plesk-agency-portal --format '{{.Image}} {{.Created}}'
Health endpoint:
/api/health
------------------------------------------------------------------------
# Repository Documentation
Important docs:
docs/ai-project-context.md\
docs/system-architecture.md\
docs/next-steps.md\
docs/handovers/\*
------------------------------------------------------------------------
# Typical AI Assistance Areas
- CI/CD debugging
- Docker deployment
- Next.js development
- Supabase integration
- SaaS multi-tenant architecture
- Stripe billing integration
- Plesk API integration
------------------------------------------------------------------------
# Current Development Stage
Infrastructure and deployment pipeline are working.
Next priorities:
1. Fix Supabase HTTPS endpoint
2. Verify authentication flow
3. Continue SaaS portal feature development

View File

@@ -1,202 +0,0 @@
# Cline Development Super Prompt
You are acting as a senior software engineer working on this repository.
Before making any modifications you must understand the project structure and current implementation.
Always read:
`docs/ai-project-context.md`
before implementing tasks.
---
## Working Method
When given a task follow this process.
Step 1
Search the repository for relevant code.
Step 2
Identify the correct extension point for the feature.
Step 3
Design the minimal safe implementation.
Step 4
Modify only the required files.
Step 5
Verify existing functionality remains intact.
Never rewrite large parts of the system unless explicitly instructed.
---
## Repository Exploration Rules
Before editing files:
Search for related implementations.
Look for:
- plesk integration
- sync logic
- API routes
- database queries
- dashboard components
Use existing patterns instead of creating new ones.
---
## Database Rules
The project uses Supabase Postgres.
Never introduce breaking schema changes.
All schema updates must be done using safe migrations.
Never remove columns that may contain production data.
Always assume the database already contains data.
---
## Multi-Tenant Security
This system is multi-tenant.
Users belong to agencies.
All queries must respect agency boundaries.
Never bypass Supabase Row Level Security.
Never expose data across agencies.
---
## Plesk Integration Safety
The platform interacts with Plesk servers using both REST API and CLI commands.
CLI output can vary between Plesk versions.
Always parse CLI output defensively.
Never assume fixed output formatting.
External integration failures must not crash the application.
---
## Sync Pipeline Rules
The sync system is critical to the platform.
Never break existing sync behaviour.
If one subscription fails during sync:
Continue processing the rest.
Log the failure.
Do not abort the entire sync job.
---
## Logging Requirements
Operational events should be written to:
`actions_log`
Examples include:
- instance_connected
- sync_started
- sync_completed
- subscription_suspended
- subscription_unsuspended
Logging errors must never break primary workflows.
---
## UI Safety
Frontend components must:
Handle missing or null data safely.
Avoid crashing when API responses change.
Display statuses using badges instead of raw text.
---
## Git Workflow
The repository uses:
`master` as the default branch.
All development must occur in feature branches.
Example workflow:
```bash
git checkout master
git pull
git checkout -b feature/<feature-name>
```
Commit frequently with clear commit messages.
Never commit directly to master.
---
## Implementation Guidelines
Prefer small modular changes.
Avoid large refactors unless requested.
Keep API routes lightweight.
Place integration logic inside lib folders.
Reuse existing utilities where possible.
---
## Error Handling
External services can fail.
Always implement safe error handling.
Prefer returning partial results over failing the entire operation.
Log unexpected behaviour.
---
## Expected Output
When implementing tasks you should:
Modify only the required files.
Maintain existing architecture.
Add clear commit messages.
Ensure the application remains stable.

View File

@@ -1,7 +0,0 @@
# Current Focus
Immediate tasks:
1. Fix Supabase HTTPS endpoint
2. Verify authentication flow
3. Continue SaaS portal feature development

View File

@@ -1,157 +0,0 @@
# Production Deployment Runtime Foundation
This project can be deployed in a dedicated Proxmox container using Docker Compose. The files added here establish a minimal production runtime baseline without changing application business logic or Supabase security boundaries.
## Dockerfile purpose
The `Dockerfile` uses a multi-stage build on Node 20:
- installs dependencies
- runs `next build`
- prepares a lean runtime image with production dependencies
- runs the app with `next start` on port `3000`
This keeps the runtime image small and focused on serving the built Next.js app.
## docker-compose.prod.yml purpose
`docker-compose.prod.yml` defines one service:
- service name: `web`
- container name: `plesk-agency-portal`
- restart policy: `unless-stopped`
- environment from `.env`
- port mapping `3000:3000`
- health check against `/api/health`
## External Supabase requirement
Supabase remains external to this application container. The app container must only connect to Supabase via environment variables. No local Supabase container is included in this production compose file.
## Health endpoint usage
`GET /api/health` provides a fast, dependency-light runtime check for container orchestration and uptime checks.
Example:
```bash
curl -s http://localhost:3000/api/health
```
Expected response shape:
- `ok: true`
- `service: "plesk-agency-portal"`
- `timestamp`
- `environment`
## Production environment expectations
Before deploying, set production-safe values in `.env` (using `.env.example` as the template), including:
- app URL and `NODE_ENV`
- Supabase public and server credentials
- Plesk credential encryption key
- Stripe secrets
- cron/job shared secrets
Keep secrets out of source control.
## Reverse proxy assumptions (Nginx Proxy Manager)
This app is expected to run behind a reverse proxy in production.
- TLS is terminated at the proxy.
- Proxy forwards standard host/protocol headers (`Host`, `X-Forwarded-Proto`, `X-Forwarded-Host`).
- Public origin is configured explicitly with `NEXT_PUBLIC_APP_URL`.
To keep callback behavior stable behind proxy layers, auth redirect responses use the configured application origin from environment configuration rather than relying only on request host detection.
## Callback URL expectations
- `NEXT_PUBLIC_APP_URL` must be set to the public HTTPS URL used by users.
- Supabase auth redirect/callback configuration must allow:
- `<NEXT_PUBLIC_APP_URL>/auth/callback`
The callback route also validates the `next` parameter as an internal path to prevent unsafe external redirects.
## Cron protection expectations
Operational cron endpoints are protected with a shared secret.
- Required header: `x-cron-secret`
- Server secret source: `CRON_SHARED_SECRET`
- Backward compatibility fallback: `CRON_SECRET`
For new production setups, set `CRON_SHARED_SECRET` and use that value for all cron callers.
## Jenkins pipeline flow
The repository includes a declarative `Jenkinsfile` with the following stages:
1. **Checkout**
2. **Install dependencies** (`npm ci`)
3. **Lint** (runs only when `package.json` contains a `lint` script)
4. **Build application** (`npm run build`)
5. **Build Docker image** (tags `latest` and `build-${BUILD_NUMBER}`)
6. **Deploy** over SSH to the app host
7. **Smoke check** against `/api/health`
## Required Jenkins configuration
Configure these values in Jenkins job/folder/global environment or credentials-backed environment variables:
- `DEPLOY_SSH_HOST` - remote app host
- `DEPLOY_SSH_USER` - SSH user on remote host
- `DEPLOY_SSH_CREDENTIAL_ID` - Jenkins SSH Agent credential ID
- `DEPLOY_PATH` - remote deployment path (for example `/opt/plesk-agency-portal`)
- `APP_BASE_URL` - externally reachable app URL used by smoke check
The pipeline assumes Jenkins credentials are managed outside this repository.
Jenkins runtime requirements:
- The pipeline must run on a Jenkins agent with the `docker` label.
- That agent must have Docker CLI installed and permission to access Docker daemon/socket.
- `rsync` and `ssh` must also be available on the Jenkins agent.
If Docker is missing or inaccessible, the pipeline now fails early in a dedicated preflight stage with an explicit message.
## Deploy flow
Deployment is intentionally simple and bash-based:
1. Jenkins builds Docker image tags locally.
2. Jenkins syncs deployment files (`docker-compose.prod.yml`, deploy/smoke/rollback scripts) to the remote deploy path.
3. Jenkins streams Docker images to the remote host (`docker save | ssh docker load`).
4. Jenkins runs `scripts/deploy-prod.sh` remotely.
5. Script applies the selected image tag via:
```bash
APP_IMAGE=<tag> docker compose -f docker-compose.prod.yml up -d --no-build
```
6. Script prints `docker compose ps` status.
## Rollback flow
Rollback uses `scripts/rollback-prod.sh` with a previously built image tag:
```bash
DEPLOY_PATH=/opt/plesk-agency-portal \
APP_BASE_URL=https://your-app.example.com \
scripts/rollback-prod.sh plesk-agency-portal:build-123
```
Rollback redeploys that image with compose, then immediately reruns smoke checks.
## Smoke check behavior
`scripts/smoke-check.sh`:
- accepts a base URL argument
- requests `${BASE_URL}/api/health`
- fails on non-200 responses
- fails on invalid JSON or missing expected fields (`ok: true`, `service` string)
This gives a quick post-deploy validation gate for both deploy and rollback operations.

View File

@@ -1,100 +0,0 @@
# Handover 2026-03-07 CI/CD Deploy Working
## Status
The Plesk Agency Portal deployment pipeline is now working endtoend.
### Jenkins Pipeline
Pipeline successfully performs:
1. Build Next.js application
2. Build Docker image
3. Save image archive
4. Transfer archive to app host
5. Load image on remote server
6. Recreate container
7. Run smoke test
Example deployed image:
plesk-agency-portal:build-62
Verification command:
docker inspect plesk-agency-portal --format '{{.Image}} {{.Created}}'
---
## Infrastructure
### Jenkins Host
Responsibilities:
- Build Docker images
- Execute CI/CD pipeline
- Transfer deployment artifacts
### Application Host
Deployment path:
/opt/plesk-agency-portal
Container:
plesk-agency-portal
Application port:
3000
---
## Reverse Proxy
Managed using:
Nginx Proxy Manager
Public domain:
https://portal.rdbcloud.co.uk
---
## Known Issue
Supabase authentication blocked due to mixed content.
Frontend attempts:
http://192.168.68.52:54321
while the site runs via HTTPS.
---
## Next Task
Expose Supabase API through HTTPS:
https://supabase.rdbcloud.co.uk
Then update environment variables:
NEXT_PUBLIC_SUPABASE_URL
SUPABASE_URL
and redeploy the application.
---
## Deployment Strategy
Docker registry intentionally avoided.
Images transferred using:
docker save → scp → docker load

View File

@@ -3,18 +3,6 @@ const requiredEnvs = [
"NEXT_PUBLIC_SUPABASE_ANON_KEY",
] as const;
const configuredAppUrl = process.env.NEXT_PUBLIC_APP_URL?.trim();
function getAppOrigin() {
if (!configuredAppUrl) return "http://localhost:3000";
try {
return new URL(configuredAppUrl).origin;
} catch {
return "http://localhost:3000";
}
}
for (const key of requiredEnvs) {
if (!process.env[key]) {
// Keep as runtime warning for smoother local setup.
@@ -24,19 +12,14 @@ for (const key of requiredEnvs) {
}
export const env = {
appUrl: configuredAppUrl ?? "http://localhost:3000",
appOrigin: getAppOrigin(),
appUrl: process.env.NEXT_PUBLIC_APP_URL ?? "http://localhost:3000",
jobSecret: process.env.JOB_SECRET ?? "",
cronSecret: process.env.CRON_SECRET ?? "",
cronSharedSecret:
process.env.CRON_SHARED_SECRET ?? process.env.CRON_SECRET ?? "",
encryptionKey: process.env.ENCRYPTION_KEY ?? "",
pleskCredEncKey: process.env.PLESK_CRED_ENC_KEY ?? "",
stripeSecretKey: process.env.STRIPE_SECRET_KEY ?? "",
stripeWebhookSecret: process.env.STRIPE_WEBHOOK_SECRET ?? "",
stripePriceId: process.env.STRIPE_PRICE_ID ?? "",
supabaseUrl:
process.env.SUPABASE_URL ?? process.env.NEXT_PUBLIC_SUPABASE_URL ?? "",
supabaseUrl: process.env.NEXT_PUBLIC_SUPABASE_URL ?? "",
supabaseAnonKey: process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY ?? "",
supabaseServiceRoleKey: process.env.SUPABASE_SERVICE_ROLE_KEY ?? "",
};

View File

@@ -1,232 +0,0 @@
import { randomUUID } from "crypto";
import { syncPleskInstance } from "@/lib/plesk/sync";
type SupabaseLike = any;
type AutoSyncInstance = {
id: string;
agency_id: string;
base_url: string;
auth_type: "api_key" | "basic";
encrypted_secret: string;
last_connected_at: string | null;
auto_sync_enabled: boolean;
auto_sync_frequency_minutes: number | null;
next_auto_sync_at: string | null;
auto_sync_lock_until: string | null;
};
type AutoSyncSummary = {
instances_considered: number;
locks_acquired: number;
succeeded: number;
failed: number;
duration_ms: number;
};
const MAX_INSTANCES_PER_TICK = 5;
const MAX_CONCURRENCY = 2;
const LOCK_LEASE_SECONDS = 15 * 60;
const INSTANCE_TIMEOUT_MS = 14 * 60 * 1000;
function isDue(instance: AutoSyncInstance, now: number) {
if (!instance.next_auto_sync_at) return true;
const dueAt = new Date(instance.next_auto_sync_at).getTime();
return Number.isFinite(dueAt) && dueAt <= now;
}
function isUnlocked(instance: AutoSyncInstance, now: number) {
if (!instance.auto_sync_lock_until) return true;
const lockUntil = new Date(instance.auto_sync_lock_until).getTime();
return !Number.isFinite(lockUntil) || lockUntil <= now;
}
async function insertActionLogBestEffort(
supabase: SupabaseLike,
payload: Record<string, unknown>,
) {
try {
const { error } = await supabase.from("actions_log").insert(payload);
if (error) {
console.error("[autosync] actions_log insert failed", error.message);
}
} catch (error) {
console.error("[autosync] actions_log insert threw", error);
}
}
async function withTimeout<T>(
promise: Promise<T>,
timeoutMs: number,
): Promise<T> {
let timeout: ReturnType<typeof setTimeout> | null = null;
const timeoutPromise = new Promise<never>((_, reject) => {
timeout = setTimeout(() => {
reject(new Error("Auto-sync timed out"));
}, timeoutMs);
});
try {
return await Promise.race([promise, timeoutPromise]);
} finally {
if (timeout) clearTimeout(timeout);
}
}
export async function runAutoSyncTick(
supabase: SupabaseLike,
): Promise<AutoSyncSummary> {
const startedAt = Date.now();
const now = Date.now();
const { data: rows, error } = await supabase
.from("plesk_instances")
.select(
"id, agency_id, base_url, auth_type, encrypted_secret, last_connected_at, auto_sync_enabled, auto_sync_frequency_minutes, next_auto_sync_at, auto_sync_lock_until",
)
.eq("status", "connected")
.eq("auto_sync_enabled", true)
.order("next_auto_sync_at", { ascending: true, nullsFirst: true })
.limit(50);
if (error) {
throw new Error(error.message);
}
const eligible = ((rows ?? []) as AutoSyncInstance[])
.filter((instance) => isDue(instance, now) && isUnlocked(instance, now))
.slice(0, MAX_INSTANCES_PER_TICK);
let locksAcquired = 0;
let succeeded = 0;
let failed = 0;
const queue = [...eligible];
async function processInstance(instance: AutoSyncInstance) {
const lockToken = randomUUID();
const { data: lockAcquired, error: lockError } = await supabase.rpc(
"acquire_instance_auto_sync_lock",
{
p_instance_id: instance.id,
p_lock_token: lockToken,
p_ttl_seconds: LOCK_LEASE_SECONDS,
},
);
if (lockError || !lockAcquired) return;
locksAcquired += 1;
const perInstanceStartedAt = Date.now();
const frequencyMinutes = Math.max(
instance.auto_sync_frequency_minutes ?? 60,
5,
);
await insertActionLogBestEffort(supabase, {
agency_id: instance.agency_id,
actor_user_id: null,
target_type: "plesk_instance",
target_id: instance.id,
action: "autosync_started",
status: "pending",
metadata: {
instance_id: instance.id,
lock_token: lockToken,
frequency_minutes: frequencyMinutes,
},
});
try {
await withTimeout(
syncPleskInstance(supabase, instance, null, "autosync"),
INSTANCE_TIMEOUT_MS,
);
succeeded += 1;
await insertActionLogBestEffort(supabase, {
agency_id: instance.agency_id,
actor_user_id: null,
target_type: "plesk_instance",
target_id: instance.id,
action: "autosync_completed",
status: "success",
metadata: {
instance_id: instance.id,
lock_token: lockToken,
duration_ms: Date.now() - perInstanceStartedAt,
},
});
} catch (syncError) {
failed += 1;
const errorMessage =
syncError instanceof Error
? syncError.message.slice(0, 500)
: "autosync_failed";
await insertActionLogBestEffort(supabase, {
agency_id: instance.agency_id,
actor_user_id: null,
target_type: "plesk_instance",
target_id: instance.id,
action: "autosync_failed",
status: "failed",
error_message: errorMessage,
metadata: {
instance_id: instance.id,
lock_token: lockToken,
duration_ms: Date.now() - perInstanceStartedAt,
error_summary: errorMessage,
},
});
} finally {
const nowIso = new Date().toISOString();
const nextAutoSyncAtIso = new Date(
Date.now() + frequencyMinutes * 60 * 1000,
).toISOString();
const { error: scheduleError } = await supabase
.from("plesk_instances")
.update({
last_auto_sync_at: nowIso,
next_auto_sync_at: nextAutoSyncAtIso,
auto_sync_lock_until: null,
auto_sync_lock_token: null,
})
.eq("id", instance.id)
.eq("auto_sync_lock_token", lockToken);
if (scheduleError) {
console.error(
"[autosync] schedule update failed",
scheduleError.message,
);
}
}
}
const workers = Array.from(
{ length: Math.min(MAX_CONCURRENCY, queue.length) },
async () => {
while (queue.length > 0) {
const instance = queue.shift();
if (!instance) break;
await processInstance(instance);
}
},
);
await Promise.all(workers);
return {
instances_considered: eligible.length,
locks_acquired: locksAcquired,
succeeded,
failed,
duration_ms: Date.now() - startedAt,
};
}

View File

@@ -289,7 +289,7 @@ export async function unsuspendPleskSubscription(
subscriptionName: string,
) {
return pleskCliCall(connection, "subscription", [
"--unsuspend",
"--webspace-on",
subscriptionName,
]);
}

View File

@@ -1,345 +0,0 @@
import { randomUUID } from "crypto";
import { testPleskConnection } from "@/lib/plesk/client";
type SupabaseLike = any;
type HealthStatus = "ok" | "degraded" | "down" | "unknown";
type HealthInstance = {
id: string;
agency_id: string;
base_url: string;
auth_type: "api_key" | "basic";
encrypted_secret: string;
health_enabled: boolean;
health_check_frequency_minutes: number | null;
health_next_check_at: string | null;
health_lock_until: string | null;
};
type HealthCheckResult = {
status: Exclude<HealthStatus, "unknown">;
latency_ms: number;
error_message: string | null;
};
type RunSingleHealthCheckResult = {
checked: boolean;
status?: Exclude<HealthStatus, "unknown">;
latency_ms?: number;
error_message?: string | null;
};
export type HealthTickSummary = {
checked: number;
ok: number;
degraded: number;
failed: number;
duration_ms: number;
};
const MAX_INSTANCES_PER_TICK = 10;
const MAX_CONCURRENCY = 3;
const LOCK_LEASE_SECONDS = 5 * 60;
const HEALTH_TIMEOUT_MS = 15_000;
const DEGRADED_LATENCY_THRESHOLD_MS = 2_500;
function isDue(instance: HealthInstance, now: number) {
if (!instance.health_next_check_at) return true;
const dueAt = new Date(instance.health_next_check_at).getTime();
return Number.isFinite(dueAt) && dueAt <= now;
}
function isUnlocked(instance: HealthInstance, now: number) {
if (!instance.health_lock_until) return true;
const lockUntil = new Date(instance.health_lock_until).getTime();
return !Number.isFinite(lockUntil) || lockUntil <= now;
}
async function insertActionLogBestEffort(
supabase: SupabaseLike,
payload: Record<string, unknown>,
) {
try {
const { error } = await supabase.from("actions_log").insert(payload);
if (error) {
console.error("[health] actions_log insert failed", error.message);
}
} catch (error) {
console.error("[health] actions_log insert threw", error);
}
}
async function withTimeout<T>(
promise: Promise<T>,
timeoutMs: number,
): Promise<T> {
let timeout: ReturnType<typeof setTimeout> | null = null;
const timeoutPromise = new Promise<never>((_, reject) => {
timeout = setTimeout(() => {
reject(new Error("Health check timed out"));
}, timeoutMs);
});
try {
return await Promise.race([promise, timeoutPromise]);
} finally {
if (timeout) clearTimeout(timeout);
}
}
async function checkPleskInstanceHealth(
instance: Pick<HealthInstance, "base_url" | "auth_type" | "encrypted_secret">,
): Promise<HealthCheckResult> {
const startedAt = Date.now();
try {
await withTimeout(
testPleskConnection({
baseUrl: instance.base_url,
authType: instance.auth_type,
encryptedSecret: instance.encrypted_secret,
}),
HEALTH_TIMEOUT_MS,
);
const latencyMs = Date.now() - startedAt;
const status: "ok" | "degraded" =
latencyMs > DEGRADED_LATENCY_THRESHOLD_MS ? "degraded" : "ok";
return {
status,
latency_ms: latencyMs,
error_message: null,
};
} catch (error) {
return {
status: "down",
latency_ms: Date.now() - startedAt,
error_message:
error instanceof Error
? error.message.slice(0, 1000)
: "health_check_failed",
};
}
}
export async function runInstanceHealthCheck(
supabase: SupabaseLike,
instance: HealthInstance,
input?: {
actorUserId?: string | null;
force?: boolean;
source?: "cron" | "manual";
},
): Promise<RunSingleHealthCheckResult> {
const lockToken = randomUUID();
const actorUserId = input?.actorUserId ?? null;
const source = input?.source ?? "cron";
const { data: lockAcquired, error: lockError } = await supabase.rpc(
"acquire_instance_health_lock",
{
p_instance_id: instance.id,
p_lock_token: lockToken,
p_ttl_seconds: LOCK_LEASE_SECONDS,
p_force: Boolean(input?.force),
},
);
if (lockError || !lockAcquired) {
return { checked: false };
}
const startedAt = Date.now();
const nowIso = new Date().toISOString();
const frequencyMinutes = Math.max(
instance.health_check_frequency_minutes ?? 30,
5,
);
const nextCheckAtIso = new Date(
Date.now() + frequencyMinutes * 60 * 1000,
).toISOString();
await insertActionLogBestEffort(supabase, {
agency_id: instance.agency_id,
actor_user_id: actorUserId,
target_type: "plesk_instance",
target_id: instance.id,
action: "health_check_started",
status: "pending",
metadata: {
instance_id: instance.id,
lock_token: lockToken,
source,
},
});
try {
const result = await checkPleskInstanceHealth(instance);
const updates: Record<string, unknown> = {
health_status: result.status,
health_last_checked_at: nowIso,
health_last_latency_ms: result.latency_ms,
health_last_error: result.error_message,
health_next_check_at: nextCheckAtIso,
health_lock_until: null,
health_lock_token: null,
};
if (result.status === "ok") {
updates.health_last_ok_at = nowIso;
}
const { error: updateError } = await supabase
.from("plesk_instances")
.update(updates)
.eq("id", instance.id)
.eq("health_lock_token", lockToken);
if (updateError) {
throw new Error(updateError.message);
}
const action =
result.status === "ok"
? "health_check_ok"
: result.status === "degraded"
? "health_check_degraded"
: "health_check_failed";
await insertActionLogBestEffort(supabase, {
agency_id: instance.agency_id,
actor_user_id: actorUserId,
target_type: "plesk_instance",
target_id: instance.id,
action,
status: result.status === "down" ? "failed" : "success",
error_message: result.error_message,
metadata: {
instance_id: instance.id,
lock_token: lockToken,
source,
latency_ms: result.latency_ms,
duration_ms: Date.now() - startedAt,
},
});
return {
checked: true,
status: result.status,
latency_ms: result.latency_ms,
error_message: result.error_message,
};
} catch (error) {
const errorMessage =
error instanceof Error
? error.message.slice(0, 1000)
: "health_check_failed";
await supabase
.from("plesk_instances")
.update({
health_status: "down",
health_last_checked_at: nowIso,
health_last_error: errorMessage,
health_next_check_at: nextCheckAtIso,
})
.eq("id", instance.id);
await insertActionLogBestEffort(supabase, {
agency_id: instance.agency_id,
actor_user_id: actorUserId,
target_type: "plesk_instance",
target_id: instance.id,
action: "health_check_failed",
status: "failed",
error_message: errorMessage,
metadata: {
instance_id: instance.id,
lock_token: lockToken,
source,
duration_ms: Date.now() - startedAt,
},
});
return {
checked: true,
status: "down",
latency_ms: Date.now() - startedAt,
error_message: errorMessage,
};
} finally {
await supabase.rpc("release_instance_health_lock", {
p_instance_id: instance.id,
p_lock_token: lockToken,
});
}
}
export async function runHealthCheckTick(
supabase: SupabaseLike,
): Promise<HealthTickSummary> {
const startedAt = Date.now();
const now = Date.now();
const { data: rows, error } = await supabase
.from("plesk_instances")
.select(
"id, agency_id, base_url, auth_type, encrypted_secret, health_enabled, health_check_frequency_minutes, health_next_check_at, health_lock_until",
)
.eq("health_enabled", true)
.order("health_next_check_at", { ascending: true, nullsFirst: true })
.limit(50);
if (error) {
throw new Error(error.message);
}
const eligible = ((rows ?? []) as HealthInstance[])
.filter((instance) => isDue(instance, now) && isUnlocked(instance, now))
.slice(0, MAX_INSTANCES_PER_TICK);
let checked = 0;
let ok = 0;
let degraded = 0;
let failed = 0;
const queue = [...eligible];
const workers = Array.from(
{ length: Math.min(MAX_CONCURRENCY, queue.length) },
async () => {
while (queue.length > 0) {
const instance = queue.shift();
if (!instance) break;
const result = await runInstanceHealthCheck(supabase, instance, {
actorUserId: null,
force: false,
source: "cron",
});
if (!result.checked || !result.status) continue;
checked += 1;
if (result.status === "ok") ok += 1;
else if (result.status === "degraded") degraded += 1;
else failed += 1;
}
},
);
await Promise.all(workers);
return {
checked,
ok,
degraded,
failed,
duration_ms: Date.now() - startedAt,
};
}

View File

@@ -22,34 +22,8 @@ type InstanceRow = Pick<
| "last_connected_at"
>;
type LocalSubscriptionLookupRow = {
id: string;
plesk_subscription_id: string;
name: string | null;
status: string | null;
};
const MIN_INTERVAL_MS = 3 * 60 * 1000;
function normalizeDomainLike(value: string) {
return value.trim().toLowerCase().replace(/\.$/, "");
}
function findBestSuffixSubscriptionMatch<
T extends { normalizedName: string; id: string; status: string | null },
>(normalizedDomain: string, candidates: T[]) {
let best: T | undefined;
for (const candidate of candidates) {
if (!normalizedDomain.endsWith(`.${candidate.normalizedName}`)) continue;
if (!best || candidate.normalizedName.length > best.normalizedName.length) {
best = candidate;
}
}
return best;
}
export async function syncPleskInstance(
supabase: SupabaseLike,
instance: InstanceRow,
@@ -182,7 +156,7 @@ export async function syncPleskInstance(
const { data: localSubscriptions, error: localSubscriptionsError } =
await supabase
.from("plesk_subscriptions")
.select("id, plesk_subscription_id, name, status")
.select("id, plesk_subscription_id, status")
.eq("agency_id", instance.agency_id)
.eq("plesk_instance_id", instance.id);
@@ -190,116 +164,33 @@ export async function syncPleskInstance(
throw new Error(localSubscriptionsError.message);
}
const subscriptionsIndexed = ((localSubscriptions ?? []) as Array<any>)
.filter((row): row is LocalSubscriptionLookupRow =>
Boolean(row?.plesk_subscription_id && row?.id),
)
.map((row) => ({
id: String(row.id),
pleskSubscriptionId: String(row.plesk_subscription_id),
status: row?.status ? String(row.status) : null,
name: row?.name ? String(row.name) : null,
}));
const subscriptionByExternalId = new Map<
string,
{
id: string;
pleskSubscriptionId: string;
status: string | null;
name: string | null;
}
>(subscriptionsIndexed.map((row) => [row.pleskSubscriptionId, row]));
const subscriptionByLocalId = new Map<
string,
{
id: string;
pleskSubscriptionId: string;
status: string | null;
name: string | null;
}
>(subscriptionsIndexed.map((row) => [row.id, row]));
const subscriptionByName = new Map<
string,
{
id: string;
pleskSubscriptionId: string;
status: string | null;
name: string | null;
}
{ id: string; status: string | null }
>(
subscriptionsIndexed
.filter((row) => row.name)
.map((row) => [normalizeDomainLike(String(row.name)), row]),
(localSubscriptions ?? [])
.filter((row: any) => row?.plesk_subscription_id && row?.id)
.map((row: any) => [
String(row.plesk_subscription_id),
{
id: String(row.id),
status: row?.status ? String(row.status) : null,
},
]),
);
const subscriptionNameCandidates: Array<{
id: string;
pleskSubscriptionId: string;
status: string | null;
normalizedName: string;
}> = subscriptionsIndexed
.filter((row) => row.name)
.map((row) => ({
id: row.id,
pleskSubscriptionId: row.pleskSubscriptionId,
status: row.status,
normalizedName: normalizeDomainLike(String(row.name)),
}));
const domainsForUpsert = domainsRaw
.map((item: any) => {
const domainId = item?.id ?? item?.guid ?? item?.name;
const domainName = item?.name ?? item?.domain_name ?? item?.domain;
const normalizedDomainName = domainName
? normalizeDomainLike(String(domainName))
: null;
const subExternalId =
item?.subscription?.id ?? item?.subscription_id ?? item?.webspace_id;
const rawExternalSubscriptionId = subExternalId
const externalSubscriptionId = subExternalId
? String(subExternalId)
: null;
const subscriptionNameHint =
item?.subscription?.name ??
item?.subscription_name ??
item?.webspace_name ??
item?.webspace ??
null;
const localSubscriptionByExternal = rawExternalSubscriptionId
? subscriptionByExternalId.get(rawExternalSubscriptionId)
const localSubscription = externalSubscriptionId
? subscriptionByExternalId.get(externalSubscriptionId)
: undefined;
const localSubscriptionByLocalId = rawExternalSubscriptionId
? subscriptionByLocalId.get(rawExternalSubscriptionId)
: undefined;
const localSubscriptionByName = subscriptionNameHint
? subscriptionByName.get(
normalizeDomainLike(String(subscriptionNameHint)),
)
: undefined;
const localSubscriptionByDomainName = normalizedDomainName
? subscriptionByName.get(normalizedDomainName)
: undefined;
const localSubscriptionBySuffix = normalizedDomainName
? findBestSuffixSubscriptionMatch(
normalizedDomainName,
subscriptionNameCandidates,
)
: undefined;
const localSubscription =
localSubscriptionByExternal ??
localSubscriptionByLocalId ??
localSubscriptionByName ??
localSubscriptionByDomainName ??
localSubscriptionBySuffix;
const externalSubscriptionId = localSubscription
? localSubscription.pleskSubscriptionId
: subscriptionNameHint
? String(subscriptionNameHint)
: rawExternalSubscriptionId;
const rawCreated = item?.created_at ?? item?.created;
const sourceCreatedAt = rawCreated
? new Date(String(rawCreated)).toISOString()
@@ -328,10 +219,6 @@ export async function syncPleskInstance(
})
.filter(Boolean) as Array<Record<string, unknown>>;
const unlinkedDomains = domainsForUpsert.filter(
(domain) => !domain.subscription_id,
);
if (domainsForUpsert.length > 0) {
const { error } = await supabase
.from("plesk_domains")
@@ -366,10 +253,6 @@ export async function syncPleskInstance(
metadata: {
subscriptions_seen: subscriptionsRaw.length,
domains_seen: domainsRaw.length,
unlinked_domains: unlinkedDomains.length,
unlinked_domain_samples: unlinkedDomains
.slice(0, 25)
.map((domain) => String(domain.domain_name ?? "unknown")),
},
});
@@ -442,146 +325,3 @@ export async function syncPleskInstance(
throw error;
}
}
export async function backfillDomainSubscriptionLinks(
supabase: SupabaseLike,
input: {
agencyId: string;
instanceId: string;
actorUserId?: string | null;
},
) {
const { agencyId, instanceId, actorUserId } = input;
const { data: subscriptions, error: subscriptionsError } = await supabase
.from("plesk_subscriptions")
.select("id, plesk_subscription_id, name, status")
.eq("agency_id", agencyId)
.eq("plesk_instance_id", instanceId);
if (subscriptionsError) {
throw new Error(subscriptionsError.message);
}
const { data: domains, error: domainsError } = await supabase
.from("plesk_domains")
.select("id, domain_name, external_subscription_id, subscription_id")
.eq("agency_id", agencyId)
.eq("plesk_instance_id", instanceId)
.is("subscription_id", null);
if (domainsError) {
throw new Error(domainsError.message);
}
const subscriptionByExternalId = new Map<
string,
{ id: string; status: string }
>(
(subscriptions ?? [])
.filter((subscription: any) => subscription?.plesk_subscription_id)
.map((subscription: any) => [
String(subscription.plesk_subscription_id),
{
id: String(subscription.id),
status: subscription?.status
? String(subscription.status)
: "unknown",
},
]),
);
const subscriptionByName = new Map<string, { id: string; status: string }>(
(subscriptions ?? [])
.filter((subscription: any) => subscription?.name)
.map((subscription: any) => [
normalizeDomainLike(String(subscription.name)),
{
id: String(subscription.id),
status: subscription?.status
? String(subscription.status)
: "unknown",
},
]),
);
const subscriptionNameCandidates: Array<{
id: string;
status: string;
normalizedName: string;
}> = (subscriptions ?? [])
.filter((subscription: any) => subscription?.name)
.map((subscription: any) => ({
id: String(subscription.id),
status: subscription?.status ? String(subscription.status) : "unknown",
normalizedName: normalizeDomainLike(String(subscription.name)),
}));
let linkedCount = 0;
const failures: Array<{ domain_id: string; error: string }> = [];
for (const domain of domains ?? []) {
const matchByExternal = domain?.external_subscription_id
? subscriptionByExternalId.get(String(domain.external_subscription_id))
: undefined;
const matchByDomainName = domain?.domain_name
? subscriptionByName.get(normalizeDomainLike(String(domain.domain_name)))
: undefined;
const normalizedDomainName = domain?.domain_name
? normalizeDomainLike(String(domain.domain_name))
: null;
const matchBySuffix = normalizedDomainName
? findBestSuffixSubscriptionMatch(
normalizedDomainName,
subscriptionNameCandidates,
)
: undefined;
const linkedSubscription =
matchByExternal ?? matchByDomainName ?? matchBySuffix;
if (!linkedSubscription) continue;
const { error: updateError } = await supabase
.from("plesk_domains")
.update({
subscription_id: linkedSubscription.id,
status: linkedSubscription.status,
})
.eq("id", domain.id)
.eq("agency_id", agencyId);
if (updateError) {
failures.push({
domain_id: String(domain.id),
error: updateError.message,
});
continue;
}
linkedCount += 1;
}
await supabase.from("actions_log").insert({
agency_id: agencyId,
actor_user_id: actorUserId ?? null,
target_type: "plesk_instance",
target_id: instanceId,
action: "domain_subscription_backfill",
status: failures.length > 0 ? "failed" : "success",
error_message:
failures.length > 0
? `${failures.length} domain links failed during backfill`
: null,
metadata: {
attempted: (domains ?? []).length,
linked: linkedCount,
failures: failures.slice(0, 25),
},
});
return {
attempted: (domains ?? []).length,
linked: linkedCount,
failed: failures.length,
};
}

View File

@@ -11,7 +11,7 @@ export function getStripeClient() {
if (!stripeClient) {
stripeClient = new Stripe(env.stripeSecretKey, {
apiVersion: "2025-08-27.basil",
apiVersion: "2025-02-24.acacia",
});
}

View File

@@ -83,22 +83,6 @@ export type Database = {
last_sync_error: string | null;
last_sync_subscriptions: number;
last_sync_domains: number;
auto_sync_enabled: boolean;
auto_sync_frequency_minutes: number;
last_auto_sync_at: string | null;
next_auto_sync_at: string | null;
auto_sync_lock_until: string | null;
auto_sync_lock_token: string | null;
health_enabled: boolean;
health_status: "ok" | "degraded" | "down" | "unknown";
health_last_checked_at: string | null;
health_last_ok_at: string | null;
health_last_error: string | null;
health_last_latency_ms: number | null;
health_check_frequency_minutes: number;
health_next_check_at: string | null;
health_lock_until: string | null;
health_lock_token: string | null;
created_at: string;
};
Insert: {
@@ -117,22 +101,6 @@ export type Database = {
last_sync_error?: string | null;
last_sync_subscriptions?: number;
last_sync_domains?: number;
auto_sync_enabled?: boolean;
auto_sync_frequency_minutes?: number;
last_auto_sync_at?: string | null;
next_auto_sync_at?: string | null;
auto_sync_lock_until?: string | null;
auto_sync_lock_token?: string | null;
health_enabled?: boolean;
health_status?: "ok" | "degraded" | "down" | "unknown";
health_last_checked_at?: string | null;
health_last_ok_at?: string | null;
health_last_error?: string | null;
health_last_latency_ms?: number | null;
health_check_frequency_minutes?: number;
health_next_check_at?: string | null;
health_lock_until?: string | null;
health_lock_token?: string | null;
created_at?: string;
};
Update: {
@@ -151,22 +119,6 @@ export type Database = {
last_sync_error?: string | null;
last_sync_subscriptions?: number;
last_sync_domains?: number;
auto_sync_enabled?: boolean;
auto_sync_frequency_minutes?: number;
last_auto_sync_at?: string | null;
next_auto_sync_at?: string | null;
auto_sync_lock_until?: string | null;
auto_sync_lock_token?: string | null;
health_enabled?: boolean;
health_status?: "ok" | "degraded" | "down" | "unknown";
health_last_checked_at?: string | null;
health_last_ok_at?: string | null;
health_last_error?: string | null;
health_last_latency_ms?: number | null;
health_check_frequency_minutes?: number;
health_next_check_at?: string | null;
health_lock_until?: string | null;
health_lock_token?: string | null;
created_at?: string;
};
};

View File

@@ -1,24 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
DEPLOY_PATH="${DEPLOY_PATH:-/opt/plesk-agency-portal}"
APP_IMAGE="${APP_IMAGE:-plesk-agency-portal:latest}"
mkdir -p "${DEPLOY_PATH}"
if [ ! -f "${DEPLOY_PATH}/docker-compose.prod.yml" ]; then
echo "Missing docker-compose.prod.yml in ${DEPLOY_PATH}" >&2
exit 1
fi
if [ ! -f "${DEPLOY_PATH}/.env" ]; then
echo "Missing .env in ${DEPLOY_PATH}" >&2
exit 1
fi
cd "${DEPLOY_PATH}"
APP_IMAGE="${APP_IMAGE}" docker compose -f docker-compose.prod.yml up -d --no-build --force-recreate
APP_IMAGE="${APP_IMAGE}" docker compose -f docker-compose.prod.yml ps

View File

@@ -1,40 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
PREVIOUS_IMAGE_TAG="${1:-}"
DEPLOY_PATH="${DEPLOY_PATH:-/opt/plesk-agency-portal}"
APP_BASE_URL="${APP_BASE_URL:-}"
if [ -z "${PREVIOUS_IMAGE_TAG}" ]; then
echo "Usage: $0 <previous-image-tag>" >&2
exit 1
fi
if [ -z "${APP_BASE_URL}" ]; then
echo "APP_BASE_URL is required" >&2
exit 1
fi
if [ ! -f "${DEPLOY_PATH}/docker-compose.prod.yml" ]; then
echo "Missing docker-compose.prod.yml in ${DEPLOY_PATH}" >&2
exit 1
fi
if [ ! -f "${DEPLOY_PATH}/.env" ]; then
echo "Missing .env in ${DEPLOY_PATH}" >&2
exit 1
fi
if [ ! -f "${DEPLOY_PATH}/scripts/smoke-check.sh" ]; then
echo "Missing scripts/smoke-check.sh in ${DEPLOY_PATH}" >&2
exit 1
fi
cd "${DEPLOY_PATH}"
APP_IMAGE="${PREVIOUS_IMAGE_TAG}" docker compose -f docker-compose.prod.yml up -d --no-build --force-recreate
"${DEPLOY_PATH}/scripts/smoke-check.sh" "${APP_BASE_URL}"
docker compose -f docker-compose.prod.yml ps

View File

@@ -1,36 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
BASE_URL="${1:-}"
if [ -z "${BASE_URL}" ]; then
echo "Usage: $0 <base-url>" >&2
exit 1
fi
URL="${BASE_URL%/}/api/health"
TMP_FILE="$(mktemp)"
MAX_ATTEMPTS=20
SLEEP_SECONDS=3
trap 'rm -f "${TMP_FILE}"' EXIT
for attempt in $(seq 1 "${MAX_ATTEMPTS}"); do
HTTP_CODE=$(curl -sS -o "${TMP_FILE}" -w "%{http_code}" "${URL}" || echo "000")
if [ "${HTTP_CODE}" = "200" ]; then
if node -e "const fs=require('fs');const d=JSON.parse(fs.readFileSync(process.argv[1],'utf8'));if(d?.ok!==true||typeof d?.service!=='string'){process.exit(1)}" "${TMP_FILE}"; then
echo "Smoke check passed: ${URL} (attempt ${attempt}/${MAX_ATTEMPTS})"
exit 0
fi
fi
if [ "${attempt}" -lt "${MAX_ATTEMPTS}" ]; then
sleep "${SLEEP_SECONDS}"
fi
done
echo "Smoke check failed after ${MAX_ATTEMPTS} attempts: ${URL}" >&2
cat "${TMP_FILE}" >&2 || true
exit 1

View File

@@ -1,78 +0,0 @@
-- CL8: instance health monitoring fields + lock helpers
alter table public.plesk_instances
add column if not exists health_enabled boolean not null default true,
add column if not exists health_status text not null default 'unknown',
add column if not exists health_last_checked_at timestamptz,
add column if not exists health_last_ok_at timestamptz,
add column if not exists health_last_error text,
add column if not exists health_last_latency_ms integer,
add column if not exists health_check_frequency_minutes integer not null default 30,
add column if not exists health_next_check_at timestamptz,
add column if not exists health_lock_until timestamptz,
add column if not exists health_lock_token text;
alter table public.plesk_instances
drop constraint if exists plesk_instances_health_status_check;
alter table public.plesk_instances
add constraint plesk_instances_health_status_check
check (health_status in ('ok', 'degraded', 'down', 'unknown'));
alter table public.plesk_instances
drop constraint if exists plesk_instances_health_check_frequency_minutes_check;
alter table public.plesk_instances
add constraint plesk_instances_health_check_frequency_minutes_check
check (health_check_frequency_minutes between 5 and 10080);
create index if not exists idx_plesk_instances_health_due
on public.plesk_instances (health_enabled, health_next_check_at);
create or replace function public.acquire_instance_health_lock(
p_instance_id uuid,
p_lock_token text,
p_ttl_seconds integer default 300,
p_force boolean default false
)
returns boolean
language plpgsql
security definer
set search_path = public
as $$
declare
v_acquired boolean := false;
begin
update public.plesk_instances
set
health_lock_until = now() + make_interval(secs => p_ttl_seconds),
health_lock_token = p_lock_token
where id = p_instance_id
and health_enabled = true
and (
p_force = true
or health_next_check_at is null
or health_next_check_at <= now()
)
and (health_lock_until is null or health_lock_until < now());
get diagnostics v_acquired = row_count;
return v_acquired;
end;
$$;
create or replace function public.release_instance_health_lock(
p_instance_id uuid,
p_lock_token text
)
returns void
language sql
security definer
set search_path = public
as $$
update public.plesk_instances
set health_lock_until = null,
health_lock_token = null
where id = p_instance_id
and health_lock_token = p_lock_token;
$$;

View File

@@ -1,62 +0,0 @@
-- CL6: auto-sync worker scheduling fields + per-instance lock helpers
alter table public.plesk_instances
add column if not exists auto_sync_enabled boolean not null default false,
add column if not exists auto_sync_frequency_minutes integer not null default 60,
add column if not exists last_auto_sync_at timestamptz,
add column if not exists next_auto_sync_at timestamptz,
add column if not exists auto_sync_lock_until timestamptz,
add column if not exists auto_sync_lock_token text;
alter table public.plesk_instances
drop constraint if exists plesk_instances_auto_sync_frequency_minutes_check;
alter table public.plesk_instances
add constraint plesk_instances_auto_sync_frequency_minutes_check
check (auto_sync_frequency_minutes between 5 and 10080);
create index if not exists idx_plesk_instances_auto_sync_due
on public.plesk_instances (auto_sync_enabled, next_auto_sync_at);
create or replace function public.acquire_instance_auto_sync_lock(
p_instance_id uuid,
p_lock_token text,
p_ttl_seconds integer default 900
)
returns boolean
language plpgsql
security definer
set search_path = public
as $$
declare
v_acquired boolean := false;
begin
update public.plesk_instances
set
auto_sync_lock_until = now() + make_interval(secs => p_ttl_seconds),
auto_sync_lock_token = p_lock_token
where id = p_instance_id
and auto_sync_enabled = true
and (next_auto_sync_at is null or next_auto_sync_at <= now())
and (auto_sync_lock_until is null or auto_sync_lock_until < now());
get diagnostics v_acquired = row_count;
return v_acquired;
end;
$$;
create or replace function public.release_instance_auto_sync_lock(
p_instance_id uuid,
p_lock_token text
)
returns void
language sql
security definer
set search_path = public
as $$
update public.plesk_instances
set auto_sync_lock_until = null,
auto_sync_lock_token = null
where id = p_instance_id
and auto_sync_lock_token = p_lock_token;
$$;