mivodev/mivo
1
0
Fork 0
mirror of https://github.com/mivodev/mivo.git synced 2026-01-25 21:18:49 +07:00
Code Issues Packages Projects Releases 7 Wiki Activity

feat: v1.2.3 release - status bars, cors fix, update checker

Browse Source
This commit is contained in:
dyzulk
2026-01-19 13:59:46 +07:00
parent ca1fef86bd
commit f3a01aa973
2 changed files with 17 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
app/Controllers/PublicStatusController.php
View File

@@ -87,24 +87,31 @@ class PublicStatusController extends Controller {
if (!empty($user)) {
$u = $user[0];
// --- SECURITY CHECK: Hide Unused Vouchers ---
// --- SECURITY CHECK: Hide Unused Vouchers (UNLESS ACTIVE) ---
$uptimeRaw = $u['uptime'] ?? '0s';
$bytesIn = intval($u['bytes-in'] ?? 0);
$bytesOut = intval($u['bytes-out'] ?? 0);
if (($uptimeRaw === '0s' || empty($uptimeRaw)) && ($bytesIn + $bytesOut) === 0) {
// Check if active first
$active = $api->comm("/ip/hotspot/active/print", [
"?user" => $code
]);
$isActive = !empty($active);
// If Empty Stats AND Not Active => Hide (It's an unused new voucher)
// If Empty Stats BUT Active => Show! (It's a fresh session)
if (!$isActive && ($uptimeRaw === '0s' || empty($uptimeRaw)) && ($bytesIn + $bytesOut) === 0) {
$api->disconnect();
echo json_encode(['success' => false, 'message' => 'Voucher Not Found']);
return;
}
// --- SECURITY CHECK: Hide Unlimited Members ---
// --- SECURITY CHECK: Hide Unlimited Members (UNLESS ACTIVE) ---
$limitBytes = isset($u['limit-bytes-total']) ? intval($u['limit-bytes-total']) : 0;
$limitUptime = $u['limit-uptime'] ?? '0s';
if ($limitBytes === 0 && ($limitUptime === '0s' || empty($limitUptime))) {
// Option: Allow checking them but show minimalistic info, or hide.
// Sticking to original logic: Hide them.
if (!$isActive && $limitBytes === 0 && ($limitUptime === '0s' || empty($limitUptime))) {
// Hide unlimited members if they are offline to prevent enumeration
$api->disconnect();
echo json_encode(['success' => false, 'message' => 'Voucher Not Found']);
return;
@@ -173,11 +180,9 @@ class PublicStatusController extends Controller {
// 2. CHECK ACTIVE OVERRIDE
// If user is conceptually valid (or even if limited?), check if they are currently active
// Because they might be active BUT expiring soon, or active BUT over quota (if server hasn't kicked them yet)
$active = $api->comm("/ip/hotspot/active/print", [
"?user" => $code
]);
if (!empty($active)) {
// $active already fetched above in Security Check
if ($isActive) {
$status = 'active';
$statusLabel = 'Active (Online)';
}

1
routes/api.php
View File

@@ -11,6 +11,7 @@ $router->group(['middleware' => 'cors'], function($router) {
// Public Status API (No Auth Check in Controller)
$router->post('/api/status/check', [App\Controllers\PublicStatusController::class, 'check']);
$router->options('/api/status/check', function() { return; });
// Voucher Check (Code/Username in URL) - Support GET (Status Page) and POST (Login Page Check)
$router->post('/api/voucher/check/{code}', [App\Controllers\PublicStatusController::class, 'check']);