# Changelog All notable changes to SALFANET RADIUS will be documented in this file. --- ## [2.13.1] - 2026-04-05 (Fix Wablas Send Endpoint) ### ✅ Fix: Wablas Kirim Pesan Gagal - **Root cause**: Kode sebelumnya menggunakan `POST /api/v2/send-message` dengan JSON body. Endpoint v2 tidak tersedia di semua server Wablas (`wa`, `deu`, `jakarta`, `pati`, dll). - **Fix**: Ganti ke `GET /api/send-message?token=...&phone=...&message=...&flag=instant` (v1 simple endpoint) yang didukung semua server Wablas. - Format API key tetap `token.secret_key` — diisi di field API Key saat tambah/edit provider Wablas. - Hint form diperjelas: sekarang menampilkan format yang benar `token.secret_key`. ### Files Changed - `src/server/services/notifications/whatsapp.service.ts` — ganti `sendViaWablas` ke GET v1 - `src/app/api/whatsapp/providers/[id]/test/route.ts` — ganti test Wablas ke GET v1 - `src/app/admin/whatsapp/providers/page.tsx` — perjelas hint format API key --- ## [2.13.0] - 2026-04-05 (Kirimi.id Broadcast, Webhook Pesan Masuk, Error Detail) ### ✅ Fitur: WhatsApp Webhook Endpoint - Tambah endpoint `POST /api/whatsapp/webhook` untuk menerima pesan masuk dari Kirimi.id, Wablas, Fonnte, dan WAHA. - Pesan masuk dicatat ke tabel `whatsapp_history` dengan `status: incoming`. - Mendukung `GET` untuk verifikasi challenge (dibutuhkan beberapa provider saat setup webhook). - Tambah panel "Webhook URL" dengan tombol copy di halaman **Admin → WhatsApp → Providers**. ### ✅ Fitur: Kirimi.id Native Broadcast API - Broadcast ke banyak penerima kini menggunakan endpoint `/v1/broadcast-message` Kirimi.id secara langsung. - Pesan dengan konten identik dikelompokkan dalam satu API call untuk efisiensi. - 1 penerima: otomatis fallback ke `/v1/send-message` (Kirimi.id tidak mendukung broadcast untuk 1 nomor). - Delay antar pesan: **30 detik** (rekomendasi resmi Kirimi.id untuk menghindari blokir WhatsApp). ### ✅ Fitur: Per-Provider Error Detail - Saat semua provider WhatsApp gagal, response API menyertakan detail kegagalan per provider: nama, tipe, dan pesan error. - Toast di UI sekarang menampilkan error spesifik (mis. `Kirimi.id: 401 - Invalid credentials`) agar lebih mudah diagnosa. ### ✅ Fix: Kirimi.id Endpoint dan Field Salah - **Endpoint**: `/send-message` → `/v1/send-message` (sesuai Kirimi.id API v2.0 docs resmi). - **Field penerima**: `number` → `receiver` (sesuai Kirimi.id API v2.0 docs resmi). - **Trailing slash**: `provider.apiUrl` di-strip trailing slash sebelum disambung path (konsisten dengan provider lain). ### ✅ Fix: Broadcast Response Format - Route `POST /api/whatsapp/broadcast` sekarang return `successCount` dan `failCount` di top-level response. - Sebelumnya toast di halaman Send Message menampilkan `✅ undefined | ❌ undefined`. ### ✅ Fix: HTTP Status 502 → 500 - Error provider WhatsApp sebelumnya di-wrap sebagai 502 (Bad Gateway) yang secara semantik berarti upstream proxy error. - Diganti ke 500 (Internal Server Error) yang lebih tepat untuk kegagalan provider pihak ketiga. ### Files Changed - `src/server/services/notifications/whatsapp.service.ts` — endpoint `/v1/send-message`, field `receiver`, `sendBroadcast()`, `sendBroadcastViaKirimi()`, `cleanPhone()`, trailing slash strip - `src/app/api/whatsapp/send/route.ts` — per-provider error detail, status 500, `sendMessage` return instead of throw - `src/app/api/whatsapp/broadcast/route.ts` — pakai `sendBroadcast()`, tambah `successCount`/`failCount` di response - `src/app/api/whatsapp/providers/[id]/test/route.ts` — endpoint `/v1/send-message`, field `receiver`, strip trailing slash - `src/app/api/whatsapp/webhook/route.ts` — **file baru** webhook endpoint - `src/app/admin/whatsapp/providers/page.tsx` — tampilkan webhook URL dengan tombol copy --- ## [2.12.4] - 2026-04-01 (Installer via Git Clone, Timezone Fixes, PPPoE Print, Dashboard Stats) ### ✅ Chore: Hapus GitHub Releases Workflow — Installer via Git Clone - Hapus `.github/workflows/release.yml` dan `vps-install/build-standalone.py`. - Installer tidak lagi didistribusikan sebagai binary release di GitHub Releases. - Cara install sekarang: `git clone https://github.com/s4lfanet/salfanet-radius.git /root/salfanet-radius && bash vps-install/vps-installer.sh` - Hapus bootstrap download block dari `vps-installer.sh` (tidak diperlukan karena repo di-clone full). ### ✅ Fix: Customer Portal — Timezone Inkonsisten pada Tampilan Real-Time - `CustomerClientLayout.tsx` baris 303: `formatWIB(new Date(), 'EEEE, d MMMM yyyy')` diganti dengan `formatInTimeZone(new Date(), 'Asia/Jakarta', ...)`. `formatWIB` membaca field UTC sebagai WIB — benar untuk tanggal DB, namun salah untuk `new Date()` yang field UTC-nya adalah waktu UTC real. - `customer/suspend/page.tsx` baris 115: `new Date().toISOString().split('T')[0]` diganti dengan `formatInTimeZone(new Date(), 'Asia/Jakarta', 'yyyy-MM-dd')`. `.toISOString()` menghasilkan tanggal UTC, sehingga sebelum jam 07:00 WIB tanggal minimum form suspend menampilkan kemarin. ### ✅ Fix: Dashboard "Pendapatan Invoice Hari Ini" Selalu 0 - Query menggunakan `startOfDayWIBtoUTC(now)` yang menghasilkan objek Date dengan nilai UTC (bukan WIB), sehingga mysql2 mengirim string timestamp UTC ke MySQL yang menyimpan `paidAt` dalam WIB. - Fix: gunakan `new Date(now.getUTCFullYear(), now.getUTCMonth(), now.getUTCDate(), 0, 0, 0)` sehingga mysql2 mengirim string `"2026-04-01 00:00:00"` yang sesuai dengan cara `paidAt` disimpan. ### ✅ Fitur: Tombol Print di Halaman PPPoE Users - Tambah tombol print (ungu, ikon `Printer`) di kolom aksi tabel dan card mobile di halaman PPPoE Users. - Flow: fetch invoice terbaru via `GET /api/invoices?userId={id}&limit=1` → tampilkan dialog pilih Standar (A4) atau Thermal (80mm) → buka print preview di tab baru. - Identik dengan flow print di halaman Invoices admin. --- ## [2.11.8] - 2026-03-30 (Mobile Form Fix + Stop Subscription + Notification Dedup) ### ✅ Fix: Mobile Keyboard Dismiss saat Input di Form PPPoE Users - **Root cause**: `formData` state di parent component (`PppoeUsersPage`, 1300+ baris) menyebabkan seluruh parent re-render di setiap keystroke → SimpleModal effects dieksekusi ulang → keyboard focus hilang. - **Fix**: Ekstrak `AddPppoeUserModal` sebagai standalone component di luar parent render body. Semua form state (`formData`, `showPassword`, upload states, `showMapPicker`) dipindah ke dalam modal komponen baru. - Semua `setFormData` diubah ke pola functional `setFormData(prev => ({...prev, field: val}))`. - Modal reset menggunakan `useRef` + `useEffect` (prevIsOpen pattern) saat modal ditutup. ### ✅ Fix: Mobile Keyboard Dismiss saat Input di Form PPPoE Customers - **Root cause berbeda**: `CustomerForm` didefinisikan sebagai **inline function di dalam render body** parent → React membuat tipe komponen baru di setiap render → form unmount/remount setiap keystroke → cursor hilang. - **Fix**: Ekstrak `CustomerFormModal` sebagai standalone component sebelum `export default`. Handles both add dan edit (`editCustomer?: Customer | null` prop). ### ✅ Fitur: Tombol Stop Langganan di Halaman Data Pelanggan - Tambah tombol "Stop Langganan" (ikon `Ban`, warna oranye) di kolom aksi tabel PPPoE Customers. - Tombol hanya muncul jika pelanggan memiliki minimal 1 PPPoE subscription (`_count?.pppoeUsers > 0`) dan user memiliki permission `canCreate`. - Flow: fetch detail pelanggan → filter user dengan status `active`/`isolated` → kirim `PUT /api/pppoe/users/bulk-status` dengan `status: 'stop'`. ### ✅ Fix: Notifikasi Duplikat saat Perubahan Status PPPoE - **Root cause**: Dua code path berbeda keduanya memanggil `NotificationService` untuk setiap perubahan status: 1. `activity-log.service.ts` (BUG) — memanggil `notifyUserStatusChange()` dengan `username` = email admin (salah). 2. `status/route.ts` (BENAR) — memanggil notifikasi yang tepat (`notifyUserIsolated` / `notifyUserReactivated` / `notifyUserStatusChange`) dengan PPPoE username yang benar. - **Fix**: Hapus 15-baris blok `status_change` dari `activity-log.service.ts`. Block suspicious activity notification tetap dipertahankan. - **Hasil**: Setiap perubahan status sekarang hanya menghasilkan 1 notifikasi dengan username PPPoE yang benar. ### Files Changed - `src/app/admin/pppoe/users/page.tsx` — ekstrak `AddPppoeUserModal` standalone component - `src/app/admin/pppoe/customers/page.tsx` — ekstrak `CustomerFormModal` + tambah stop subscription handler - `src/server/services/activity-log.service.ts` — hapus blok duplikat status_change notification --- ## [2.11.7] - 2026-03-29 (Nginx Manifest 404 Final Fix) ### ✅ Fix: PWA manifest-admin.json (dan semua manifest) 404 pada fresh install VPS - **Root cause 1**: nginx `alias` dengan regex location + `try_files` secara fundamental broken — nginx tidak bisa resolve `try_files` path dengan benar saat pakai `alias` di regex location. - **Root cause 2**: `cp -r public .next/standalone/public/` membuat nested `public/public/` jika target dir sudah ada (Next.js membuat `.next/standalone/public/` saat build). - **Ditemukan** dengan membandingkan konfigurasi VPS production (103.151.140.110) vs fresh install (192.168.54.200). - **Solusi**: Semua block nginx manifest/sw.js/pwa kini menggunakan `root /var/www/salfanet-radius/public;` (sesuai VPS production yang sudah berjalan). Tidak ada `alias`, `try_files`, atau `@nextjs` named location. - **Solusi cp**: `cp -r public .next/standalone/public/` → `cp -r public/. .next/standalone/public/` (copy contents, bukan directory). ### Files Changed - `vps-install/install-nginx.sh` — kedua fungsi `_proxy_locations()` menggunakan `root /var/www/salfanet-radius/public` - `vps-install/install-pm2.sh` — fix cp nesting di `build_application()` dan generated `deploy.sh` - `vps-install/fix-pwa-nginx.sh` — rewrite lengkap dengan pendekatan `root /var/www/salfanet-radius/public` - `production/nginx-salfanet-radius.conf` — semua 3 server block (HTTP IP, HTTPS domain, HTTPS IP) diperbaiki ### Tutorial: Perbaikan Manual untuk VPS yang Sudah Terinstall Jika VPS sudah terinstall dengan installer lama dan mengalami manifest 404: ```bash # Opsi 1: Jalankan fix script otomatis cd /var/www/salfanet-radius sudo bash vps-install/fix-pwa-nginx.sh # Opsi 2: Fix manual nginx saja # Edit /etc/nginx/sites-available/salfanet-radius # Ganti semua block manifest yang pakai alias: # location ~* ^/manifest(-admin|-agent|-customer|-technician)?\.json$ { # alias /var/www/salfanet-radius/.next/standalone/public/; # try_files $uri @nextjs; # ... # } # Dengan: # location ~ ^/manifest(-[a-z]+)?\.json$ { # root /var/www/salfanet-radius/public; # expires 1d; # add_header Cache-Control "public, max-age=86400"; # add_header Content-Type "application/manifest+json"; # } # Lakukan hal yang sama untuk sw.js dan tambahkan /pwa/ location. # Hapus semua location @nextjs yang tidak dipakai lagi. sudo nginx -t && sudo systemctl reload nginx # Verifikasi: curl -I http://$(hostname -I | awk '{print $1}')/manifest-admin.json # Harus HTTP 200 OK ``` --- ## [2.11.6] - 2026-03-28 (PPPoE Edit Billing Day Fix + MikroTik Local-Address Verification) ### ✅ Fix: billingDay Selalu Reset ke 1 Saat Edit User PPPoE - **Root cause ditemukan di `UserDetailModal.tsx`** (komponen edit yang sesungguhnya, `isOpen={isDialogOpen && !!editingUser}`): - Default `subscriptionType` menggunakan `|| 'PREPAID'` (salah) — seharusnya `'POSTPAID'`. User POSTPAID dengan `subscriptionType` null ditampilkan sebagai PREPAID, sehingga field billing day tersembunyi dan selalu reset ke 1. - `billingDay` menggunakan `|| 1` (falsy check) — nilai 0 atau null keduanya di-reset ke 1. - Fix: `user.subscriptionType ?? 'POSTPAID'` dan `billingDay: user.billingDay ?? new Date(user.expiredAt).getDate()` (infer dari expiredAt jika billingDay null). - Juga fix di `users/page.tsx` `handleEdit` — pola `??` yang sama. - `pppoe.service.ts` `createPppoeUser`: clamp billingDay ke 1-28 (sesuai DB CHECK constraint; sebelumnya 1-31). ### ✅ Enhancement: MikroTik local-address Sync Verification - `sync-mikrotik/route.ts`: setelah set `local-address` di PPP profile via RouterOS API, sekarang **read back** profile untuk memverifikasi nilainya benar-benar tersimpan. - RouterOS secara diam-diam mengabaikan `local-address` jika IP tersebut belum dikonfigurasi sebagai alamat interface di router. - Jika tidak tersimpan: tampilkan warning yang actionable: "Pastikan IP dikonfigurasi sebagai alamat interface di MikroTik terlebih dahulu (`/ip address add address=X.X.X.X/32 interface=lo`), kemudian sync ulang." ### Files Changed - `src/components/UserDetailModal.tsx` — fix subscriptionType default (`|| 'PREPAID'` → `?? 'POSTPAID'`) + billingDay nullish coalescing - `src/app/admin/pppoe/users/page.tsx` — fix handleEdit billingDay/subscriptionType defaults - `src/server/services/pppoe.service.ts` — clamp billingDay 31→28 in createPppoeUser - `src/app/api/pppoe/profiles/sync-mikrotik/route.ts` — add post-sync local-address read-back + actionable warning --- ## [2.11.6] - 2026-03-27 (PPPoE UI Revamp + PPN Fix + Area & Billing Fixes) ### ✅ Feat: PPPoE Action Buttons Revamped (Phase 15) - `src/app/admin/pppoe/users/page.tsx`: tombol aksi baris tabel diubah menjadi 5 ikon bersih — Eye (detail), Pencil (edit), RefreshCw (sync RADIUS), Shield (isolir/aktifkan), Trash (hapus). - Tooltip on-hover untuk setiap ikon. - Warna per aksi: cyan detail, yellow edit, green sync, orange shield, red delete. - Badge **CustomerId** dan jumlah **Langganan** per pelanggan kini bisa diklik sebagai link filter. - API baru `POST /api/pppoe/users/[userId]/sync-radius` — sync RADIUS per-user tanpa harus reload halaman. ### ✅ Fix: PPN Calculation di Semua Titik Generate Invoice (Phase 16) - Fixed kalkulasi PPN yang tidak konsisten di 9 file: - `src/server/services/billing.service.ts` (3 titik) - `src/server/services/pppoe.service.ts` (2 titik) - `src/app/api/billing/generate/route.ts` - `src/app/api/billing/generate-all/route.ts` - `src/app/api/billing/renewal/route.ts` - `src/app/api/customer/topup-direct/route.ts` - Formula: `ppnAmount = Math.round(baseAmount * (ppnPercent / 100))`, `totalAmount = baseAmount + ppnAmount`. - Koordinat GPS pelanggan di tabel PPPoE sekarang bisa diklik untuk membuka Google Maps. ### ✅ Fix: NAS IP di Kolom Network (Phase 17) - `src/app/admin/pppoe/users/page.tsx`: kolom **Network** sebelumnya menampilkan IP statis user (`user.ipAddress`). Sekarang menampilkan IP NAS router dari database (`user.router?.ipAddress ?? user.router?.nasname`). - Label diubah dari "IP:" menjadi "IP NAS:". - IP statis user tetap ditampilkan di kolom PPPoE (`IP: user.ipAddress`). ### ✅ Fix: billingDay & expiredAt Tidak Tersimpan Saat Edit POSTPAID (Phase 17) - `src/server/services/pppoe.service.ts` — fungsi `updatePppoeUser`: - Sebelumnya: `expiredAt` di-overwrite langsung dari nilai form, tidak memperhitungkan perubahan `billingDay`. - Sekarang: jika `subscriptionType === 'POSTPAID'` dan `billingDay` dikirim, `expiredAt` di-**recalculate** otomatis ke tanggal tagihan berikutnya (bulan depan pada hari `billingDay`). - Untuk `PREPAID`: `expiredAt` tetap menggunakan nilai yang dikirim dari form. ### ✅ Feat: Area di Kolom Data Pelanggan & Form (Phase 17) - **Tabel PPPoE**: badge Area (kuning, ikon `MapPin`) ditampilkan di bawah info pelanggan di kolom "Data Pelanggan" — sebelumnya tidak ditampilkan sama sekali. - **Form Tambah Pelanggan**: tambah select `Area` (opsional) di antara pilihan NAS dan data personal — sebelumnya field `areaId` sudah ada di state tapi tidak ada UI-nya. - Form **Edit** (UserDetailModal) sudah punya area select sejak sebelumnya. ### Files Changed - `src/app/admin/pppoe/users/page.tsx` — action buttons, network IP, area badge, area select in add form, PPN coords - `src/server/services/pppoe.service.ts` — updatePppoeUser billingDay/expiredAt recalc + PPN fix - `src/server/services/billing.service.ts` — PPN calculation fix (3 points) - `src/app/api/billing/generate/route.ts` — PPN fix - `src/app/api/billing/generate-all/route.ts` — PPN fix - `src/app/api/billing/renewal/route.ts` — PPN fix - `src/app/api/customer/topup-direct/route.ts` — PPN fix - `src/app/api/pppoe/users/[userId]/sync-radius/route.ts` — created (per-user sync) --- ## [2.11.5] - 2026-03-20 (Ghost Session Fix + RADIUS Auth Hardening + Tooling Cleanup) ### ✅ Fix: Ghost Sessions Filtered from Session List - `src/app/api/sessions/route.ts`: tambah `.filter()` sebelum `.map()` — session yang tidak terdaftar di `pppoeUser` maupun `hotspotVoucher` tidak akan ditampilkan. - Mencegah "ghost session" dari user yang sudah dihapus atau tidak dikenal tetap muncul di halaman Sesi. ### ✅ Fix: RADIUS Authorize Now Rejects Unregistered Users - `src/app/api/radius/authorize/route.ts`: pengguna yang tidak ditemukan di `pppoeUser` dan bukan voucher kini dikembalikan REJECT eksplisit, bukan `{}` (allow). - Sebelumnya, user tidak dikenal bisa melewati FreeRADIUS karena `{}` diterjemahkan sebagai Access-Accept. - Response baru: `"control:Auth-Type": "Reject"`, `"reply:Reply-Message": "User Tidak Terdaftar"`. ### ✅ Fix: Dashboard Hotspot Session Count Only Counts Registered Vouchers - `src/app/api/dashboard/stats/route.ts`: counter `activeSessionsHotspot` sekarang cross-reference ke tabel `hotspotVoucher`. - Session dari username yang tidak ada di `hotspotVoucher` diabaikan secara diam-diam. - Tambah `Promise.all` untuk lookup `hotspotVoucherSet` secara paralel, menjaga performa. ### ✅ Fix: Next.js 16 Build Crash on `/_global-error` - Buat `src/app/global-error.tsx` sebagai custom `'use client'` error boundary component. - Tanpa file ini, Next.js 16 auto-generate `/_global-error` yang crash saat prerender dengan `TypeError: Cannot read properties of null (reading 'useContext')`. - Component menampilkan pesan error dengan tombol "Coba Lagi" (`reset()`). ### ✅ Fix: Customer WiFi Page Card Padding - `src/app/customer/wifi/page.tsx`: semua `CyberCard` kini memiliki `p-4 sm:p-5` eksplisit. - Container wrapper menggunakan `p-4 sm:p-5 lg:p-6 space-y-4 sm:space-y-5`. ### ✅ Chore: npm Scripts & Deploy Tooling - Restore `scripts/scan-api-endpoints.js` — scan semua `route.ts`, detect HTTP methods, output `API_ENDPOINTS.md`. - Restore `scripts/test-all-apis.js` — smoke test untuk endpoint publik (`/api/health`, `/api/public/*`). - Fix path deploy: `bash smart-deploy.sh` → `bash production/smart-deploy.sh`. - Buat `scripts/run-deploy.js` — cross-platform wrapper: - Windows: print panduan WSL/Git Bash (graceful, exit 1) - Linux/macOS: delegate ke `production/smart-deploy.sh` - Tambah scripts: `npm run clean:local`, `npm run clean:all`, `npm run deploy:status`, dll. - Tidy `.gitignore`: hapus duplikat, hapus `/.git/`, rapikan per section. ### Files Changed - `src/app/api/sessions/route.ts` — ghost session filter - `src/app/api/radius/authorize/route.ts` — reject unregistered users - `src/app/api/dashboard/stats/route.ts` — hotspot count cross-ref - `src/app/global-error.tsx` — created (Next.js error boundary) - `src/app/customer/wifi/page.tsx` — explicit card padding - `scripts/scan-api-endpoints.js` — created (API scanner) - `scripts/test-all-apis.js` — created (smoke test) - `scripts/run-deploy.js` — created (cross-platform deploy wrapper) - `package.json` — restored test:api/test:scan, clean:local, fixed deploy paths - `.gitignore` — deduplicated and organized --- ## [2.11.4] - 2026-03-19 (Duplicate Notification Fix + Sessions Traffic Auto-Refresh) ### ✅ Fix: Duplicate Toast Notifications - **Agent portal**: `AgentNotificationDropdown` was mounted TWICE (desktop + mobile header), each with its own polling and toast logic. Both instances independently detected "new" notifications and showed toasts, causing double toast for every notification. - Added `enableToasts` prop — mobile instance now renders dropdown UI only, no toasts - Added module-level polling dedup (`_agentPollingInstance`) — only first mounted instance polls - **Technician portal**: `NotificationBell` was mounted TWICE (desktop + mobile header), both polling independently. - Added module-level polling dedup — only primary instance sets up interval - **Admin portal**: `NotificationDropdown` component polled every 30s independently on top of layout's 30s polling (wasteful double API calls). - Reduced dropdown polling interval to 60s (layout already handles 30s toast polling) ### ✅ Fix: Admin Sessions Traffic Not Updating - `fetchSessions()` called `setLoading(true)` on every 10s auto-refresh, causing full-page spinner to replace the sessions table briefly every 10 seconds. This made traffic data appear frozen. - Added `silent` parameter to `fetchSessions()` — auto-refresh now uses `silent=true` to skip the loading spinner - Initial load and manual refresh still show the loading indicator ### ✅ Fix: Agent Sessions Traffic Stops Updating - Added `visibilitychange` event handler to agent sessions page — refreshes data immediately when browser tab becomes visible (browsers throttle `setInterval` in background tabs) - Same `visibilitychange` handler added to admin sessions page ### Files Changed - `src/components/agent/NotificationDropdown.tsx` — enableToasts prop, module-level polling dedup - `src/app/agent/AgentLayoutClient.tsx` — mobile instance gets `enableToasts={false}` - `src/app/technician/TechnicianPortalLayout.tsx` — module-level polling dedup for NotificationBell - `src/components/NotificationDropdown.tsx` — polling interval 30s → 60s - `src/app/admin/sessions/page.tsx` — silent auto-refresh + visibilitychange handler - `src/app/agent/sessions/page.tsx` — visibilitychange handler --- ## [2.11.3] - 2026-03-19 (Full Redis Removal + Hotspot Traffic Real-time) ### ✅ Enhancement: Complete Redis Removal - Removed ALL Redis (`ioredis`) usage from entire codebase: - Deleted `src/server/cache/redis.ts`, `src/server/cache/online-users.cache.ts`, `vps-install/install-redis.sh` - Removed `ioredis` from `package.json` - Removed `REDIS_URL` from `.env.example` - Cleaned Redis references from `cron-service.js` (removed distributed lock + `sync_online_users` schedule) - Cleaned installer scripts (`vps-installer.sh`, `vps-uninstaller.sh`) - Fixed `cron-service.js` syntax error from dangling try block after Redis lock removal - All online user tracking now relies on FreeRADIUS `radacct` (single source of truth) ### ✅ Fix: Hotspot Upload/Download Traffic Not Real-time - **Root cause**: `Acct-Interim-Interval = 300` in FreeRADIUS `post-auth` — MikroTik only sent traffic bytes every 5 minutes - Changed to `Acct-Interim-Interval = 60` (1 minute) in both `freeradius-config/sites-available/default` and `sites-enabled/default` - Reloaded FreeRADIUS on VPS (`systemctl reload freeradius`) - **Agent sessions page**: Had no auto-refresh — added 30s silent auto-refresh interval - `loadSessions(agentId, silent)` — `silent=true` skips loading spinner on background refresh ### Note - Only NEW sessions (after FreeRADIUS reload) get the 60s interval. Existing sessions retain old 300s interval until reconnect. --- ## [2.11.2] - 2026-03-18 (Manual Agent Deposit Proof + Admin Bank Target) ### ✅ Enhancement: Manual Deposit Agent End-to-End - Agent manual top-up sekarang mengambil daftar rekening tujuan admin langsung dari Company Info (`bankAccounts`) saat memilih metode manual. - Modal top-up agent menambahkan field transfer manual: - Rekening tujuan admin (pilih dari daftar) - Nama pemilik rekening pengirim - Nomor rekening pengirim - Catatan - Upload bukti transfer - Bukti transfer diupload melalui endpoint existing `/api/upload/payment-proof` dan dikirim ke request manual sebagai `receiptImage`. - API request manual (`/api/agent/deposit/manual-request`) kini menyimpan metadata transfer manual lengkap. ### ✅ Enhancement: Admin Verifikasi Deposit Manual - Halaman admin verifikasi deposit agent (`/admin/hotspot/agent/deposits`) kini menampilkan: - Rekening admin tujuan transfer - Informasi rekening pengirim agent - Catatan transfer - Link "Lihat Bukti" transfer - API admin (`/api/admin/agent-deposits`) tetap mendukung approve/reject, dengan pesan notifikasi yang sudah menyertakan konteks transfer manual. ### ✅ Database Update - `agent_deposits` ditambah kolom metadata transfer manual: - `targetBankName` - `targetBankAccountNumber` - `targetBankAccountName` - `senderAccountName` - `senderAccountNumber` - `receiptImage` - `note` - Migration: `prisma/migrations/20260318120000_add_agent_manual_deposit_fields/migration.sql` --- ## [2.11.1] - 2026-03-17 (MapPicker Z-Index Fix + Indonesian-Only Language) ### ✅ Fix: Popup Peta Muncul di Belakang Form Modal - Popup peta (MapPicker) muncul di belakang form "Tambah Pelanggan" / "Edit PPPoE User" dan form lainnya yang menggunakan `SimpleModal`. - **Root cause**: `MapPicker` merender `
` langsung di dalam DOM tree halaman. Layout parent (sidebar, animasi) membentuk stacking context sendiri yang menjebak z-index `MapPicker` sehingga tidak bisa melampaui `SimpleModal` yang menggunakan `createPortal` di root. - **Perbaikan**: Tambahkan `createPortal(jsx, document.body)` pada return statement `MapPicker` agar dirender langsung di `document.body` (level root), sama seperti `SimpleModal`. - File: `src/components/MapPicker.tsx` - Halaman yang terpengaruh: `/admin/pppoe/users` (tambah/edit pelanggan), fiber joint closures, ODCs, dan semua halaman dengan `MapPicker` di atas form modal. ### ✅ Refactor: Hapus Bahasa Inggris — Full Bahasa Indonesia - Menghapus dukungan multi-bahasa (Inggris) agar UI konsisten full Bahasa Indonesia. - **File dihapus**: - `src/locales/en.json` — File terjemahan Bahasa Inggris - `src/components/LanguageSwitcher.tsx` — Komponen pemilih bahasa - **File diubah**: - `src/hooks/useTranslation.ts` — Disederhanakan: hardcode locale `'id'`, hapus import `en.json`, hapus English fallback logic - `src/lib/store.ts` — Tipe locale disederhanakan menjadi `'id'` only, `setLocale` jadi no-op - `src/app/admin/AdminClientLayout.tsx` — Hapus tombol language toggle dari header - `src/app/agent/page.tsx` — Hapus tombol language switcher dari login page - `src/app/agent/AgentLayoutClient.tsx` — Hapus tombol language switcher (desktop + mobile header) - `src/app/customer/CustomerClientLayout.tsx` — Hapus tombol language toggle (desktop + mobile header), hapus import `useTranslation` yang tidak terpakai - `src/app/technician/TechnicianPortalLayout.tsx` — Hapus tombol language switcher (desktop + mobile header) --- ## [2.11.0] - 2026-03-17 (System Update Stabilization + Admin UI Spacing Polish) ### ✅ System Update Reliability (Admin `/admin/system`) - Fix error `Failed to start update process: WriteStream { fd: null }` dengan mengganti stream fd ke `openSync` sebelum `spawn`. - Fix standalone runtime path issue (`process.cwd()` mengarah ke `.next/standalone`) dengan resolver app root (`getAppDir()`) untuk endpoint system info/update. - Hardening environment saat trigger update dari API: gunakan minimal sanitized env agar `next build` tidak rusak oleh variabel turunan PM2/Next. - SSE log streaming diperkuat: heartbeat periodik + header anti-buffering + auto-reconnect di frontend agar log live tidak kosong/stuck. - Update script kini menggunakan zero-downtime reload: `pm2 reload salfanet-radius --update-env` (cron tetap restart normal). ### ✅ Nginx / Manifest Fix - Tambah rule static manifest berbasis regex agar semua manifest (`manifest-admin.json`, `manifest-agent.json`, dst.) dilayani langsung oleh Nginx. - Mencegah error 500 manifest saat jendela restart aplikasi. ### ✅ UI Polish (Card Padding Precision) - Perbaikan padding/spacing card agar konten tidak mepet border di beberapa halaman admin: - Push Notifications - Manual Payments - Network Trace - Penyesuaian jarak icon-title dan line-height heading untuk konsistensi visual. ### ✅ Fix: Hotspot Profile Modal — i18n Key - Modal "Tambah Profil" hotspot menampilkan raw key `hotspot.eVoucherAccess` (huruf V kapital) alih-alih terjemahan. - Perbaikan: ganti key di `profile/page.tsx` dari `eVoucherAccess` → `evoucherAccess` agar cocok dengan `id.json`/`en.json`. - Commit: `f8e5702` ### ✅ Fix: Dashboard — SESI HOTSPOT AKTIF selalu 0 - Dashboard menampilkan `0` untuk SESI HOTSPOT AKTIF meskipun ada sesi aktif di halaman Sesi Hotspot. - **Root cause**: classifier lama memakai `service.includes('framed')` sebagai sinyal PPPoE. MikroTik hotspot bisa mengirim `Service-Type = Framed-User` yang mengandung kata "framed" → hotspot salah diklasifikasi sebagai PPPoE. - **Perbaikan**: - Hapus pengecekan RADIUS attrs (`framedprotocol`, `servicetype`) — tidak reliable. - Gunakan logika sederhana: jika username ada di `pppoeUser` → PPPoE, selainnya → Hotspot (konsisten dengan halaman Sesi). - Tambahkan Redis `online:users` sebagai supplement untuk sesi yang sudah tercatat via Accounting hook tapi belum masuk `radacct`. - Commit: `667b158` --- ## [2.10.21] - 2026-03-05 (UI Fixes + CyberToastProvider + Docs Audit) ### ✅ UI Fixes #### **1. Logo Dark Mode Fix** - Tambah `bg-white` di 5 halaman login/portal agar logo hitam terlihat di dark mode - Affected: login page, customer portal, agent portal, customer wifi, and topup pages #### **2. Sidebar Navigation Reorder — Komunikasi Group** - Group "Komunikasi" (Notifikasi + Push Notifikasi) dipindahkan langsung di bawah Dashboard, di atas PPPoE - Mempermudah akses ke notifikasi dari sidebar admin #### **3. CyberToastProvider Fix** - `CyberToastProvider` ditambahkan ke root `AdminLayout` - Fix error: `useToast must be used within a CyberToastProvider` saat halaman admin diload #### **4. Dialog Padding & Modal Title Color** - Dialog padding konsisten: `p-6` di semua modal - Modal title color: hardcoded `text-white` → `text-foreground` (respects dark/light theme) ### ✅ Documentation Audit - **MikroTik docs**: Fix VPS IP (`103.191.165.156` → `103.151.140.110`), VPN subnet (`172.20.30.x` → `10.20.30.x`), secret placeholder (`secret123` → `your-nas-secret`) - **Invoice format doc**: Format diperbarui ke `INV/YYYY/MM/DD/NNNN` (sesuai actual code) - **CRON-SYSTEM.md**: 10 → 13 jobs, file list diperbarui ke actual cron files - **COA_TROUBLESHOOTING_WORKFLOW.md**: IPs dan secret diperbarui - **TROUBLESHOOTING.md**: FreeRADIUS test secret diperbaiki ke `testing123` - Version headers diperbarui di: README.md, ISOLATION_SYSTEM_WORKFLOW.md, BALANCE_AUTO_RENEWAL.md --- ## [2.10.20] - 2026-03-04 (PPPoE Session Sync + Uptime Fix + NAS Auto-Sync) ### ✅ New Features & Fixes #### **1. PPPoE Session Sync Cron (pppoe-session-sync.ts)** - Cron baru setiap 5 menit: sync sesi aktif MikroTik → radacct - Solusi untuk Accounting-Start loss pada koneksi yang tidak dicatat - File: `src/lib/cron/pppoe-session-sync.ts` #### **2. Sessions API Uptime Real-time** - Uptime dihitung dari `acctstarttime` (bukan `acctsessiontime` stale) - Fix Prisma UTC→WIB TZ mismatch via `TZ_OFFSET_MS` #### **3. NAS Auto-Sync di FreeRADIUS Health Cron** - `syncNasClients()` diintegrasikan ke `freeradius-health` cron - `systemctl reload freeradius` (SIGHUP) — tidak perlu restart penuh #### **4. isRadiusServer Filter di VPN Dropdown** - Filter NAS/VPN dropdown agar hanya tampilkan server dengan `isRadiusServer: true` --- ## [2.10.17] - 2026-03-02 (Light Theme Fix + Project Cleanup) ### ✅ Improvements #### **1. Light Theme — 240+ Color Fixes** - `text-white` → `text-foreground`, `text-[#e0d0ff]` → `text-muted-foreground` - Form inputs: `bg-slate-900` → `bg-input` di 60+ admin files #### **2. Unicode/Emoji Repair** - 38 broken unicode/emoji diperbaiki di 6 files #### **3. Project Cleanup** - Hapus 16 unused scripts (fix_*.py, patch-*.ps1, check_mt.js, src-update.zip) - FreeRADIUS mods-enabled/rest synced, all configs verified matching VPS --- ## [2.10.16] - 2026-03-02 (VPN Control Modal UX Fix) ### ✅ Improvements - Hapus double-modal anti-pattern di L2TP/PPTP/SSTP control panels - SSH credentials kini tampil inline di control modal - Apply Routing via Frontend: button ⚡ + output terminal - Fix routing script duplicate bug (13 baris) - New API endpoint: `/api/network/vpn-routing` --- ## [2.10.15] - 2026-03-01 (Swal Migration + Referral System) ### ✅ New Features #### **1. Customer Portal: SweetAlert2 → CyberToast Migration** - 4 file customer portal, 19 calls dimigrasikan dari SweetAlert2 ke CyberToast - Theme instant switch (no transition animation) #### **2. Customer Referral System** - Database + API + UI untuk referral antar customer - Tersedia di customer portal --- ## [2.10.14] - 2026-03-01 (VPS Hotfix) ### ✅ Fixes - FreeRADIUS MySQL Error 4031: Pool tuning (`retry_delay=1`, `lifetime=300`, `idle_timeout=20`) - Nginx gzip level 6 - Swap reclaimed, Redis restart - `cyberpunk-bg` disembunyikan di light mode --- ## [2.10.13] - 2026-02-28 (Dark/Light Mode Toggle) ### ✅ New Features - `useTheme` hook dengan `localStorage` persistent - Sun/Moon toggle button di admin header - Light mode CSS vars (slate-50 bg, dark sidebar) --- ## [2.10.12] - 2026-02-28 (Bugfix MikroTik Script) ### ✅ Fixes - Hapus `use-vj-compression` dari `/ppp profile add salfanetradius` - Parameter tidak valid di RouterOS 7.x (menyebabkan `expected end of command col 121`) --- ## [2.10.11] - 2026-02-28 (Admin Dashboard v2 + Full SALFANET Rebrand) ### ✅ New Features & Refactoring - Admin Dashboard v2: Agent voucher sales + RADIUS auth log - i18n fix (28 keys) - **Full Rebrand**: Semua referensi "AIBILL" diganti ke "SALFANET" di seluruh project - MikroTik profile rename: `salfanetradius` --- ## [2.10.10] - 2026-02-28 (Bulk Import Invoice CSV + Customer Self-Service Suspend) ### ✅ New Features #### **1. Bulk Import Invoice via CSV** - Route: `/admin/invoices/import` - Parser: papaparse #### **2. Customer Self-Service Suspend** - Available: web + mobile - New cron + `suspend_requests` table --- ## [2.10.9] - 2026-02-21 (Customer Portal Bug Fixes + Mobile Layout + Cleanup) ### ✅ Bug Fixes #### **1. Customer Dashboard: Invoice Tidak Muncul** - **Root cause:** API `/api/customer/invoices` mereturn `{ success, data: { invoices } }` tetapi frontend membaca `data.invoices` (skip layer `data`) - **Fix:** `customer/page.tsx` — ubah `data.invoices` → `data.data?.invoices || []` #### **2. Notifikasi Lonceng: Tidak Auto Masuk Saat Upgrade/Downgrade** - **Root cause 1:** `layout.tsx` tidak memanggil `poll()` saat mount — harus tunggu 30 detik pertama - **Root cause 2:** `notifications/route.ts` hanya mendeteksi `type: 'package_change'` namun route `/api/customer/upgrade` menyimpan `type: 'package_upgrade'` - **Fix 1:** Tambah `poll()` langsung setelah mount di `useEffect` - **Fix 2:** Deteksi kondisi OR: `package_change || package_upgrade` #### **3. Halaman Tagihan: Tidak Auto Refresh Saat Transaksi Masuk** - **Fix:** Tambah `setInterval(loadInvoices, 30_000)` di `customer/page.tsx` (sama seperti history page) #### **4. WiFi API 400 Error di Console** - **Root cause:** Saat GenieACS belum dikonfigurasi, API mereturn HTTP 400 → browser log error merah - **Fix:** Ganti ke HTTP 200 dengan `{ success: false, reason: 'not_configured' }`, client skip secara diam-diam #### **5. Missing Translation Key `nav.backToDashboard`** - Tambah key `nav.backToDashboard` ke `id.json` ("Kembali ke Dashboard") dan `en.json` ("Back to Dashboard") ### ✅ UI / Layout Improvements #### **6. Customer Portal Mobile: Tampilan Beberapa Halaman Tidak Muncul** - **Root cause:** `topup-direct/page.tsx` dan `tickets/create/page.tsx` menggunakan `min-h-screen bg-gradient` sendiri + custom `
` yang bertabrakan dengan shared layout - **Fix:** Hapus standalone background/header, gunakan container `p-3 lg:p-6` standar sesuai halaman lain - Loading state di `topup-direct` juga diperbaiki dari full-screen overlay ke centered spinner #### **7. Customer Topup-Request: Layout Desktop Proporsional** - **Before:** Form sempit `max-w-2xl` dengan background standalone - **After:** Grid 2-kolom (`lg:grid-cols-3`) — form `lg:col-span-2`, info panel `lg:col-span-1`; terintegrasi ke shared layout ### ✅ Project Maintenance #### **8. File Cleanup** - Hapus 10 one-off translation scripts dari `scripts/` (`translate-pass2..5`, `translate-final`, `add-keys`, `check-remaining`, dll) - Hapus `dist/` folder (build artifact lama) - Hapus `check-customer-phone.js` dan `TYPESCRIPT_ERRORS_FIXED.md` dari root - Hapus 24 docs lama/redundan dari `docs/` (chat history, old roadmaps, duplicate implementation notes) #### **9. Cache Reset** - Hapus `.next/` build cache dan `tsconfig.tsbuildinfo` - `npm cache clean --force` - Rebuild ulang dari clean state #### **10. TypeScript Build Fixes** - `api/invoices/route.ts` line 459: `sendPaymentSuccess()` call missing required `invoiceNumber` and `amount` fields — added both from `existingInvoice` - `customer/tickets/[id]/page.tsx`: `useToast` was imported but never called; `toast('success', ...)` called an undefined function — fixed by destructuring `addToast` and wrapping into local `toast` helper **Files Modified:** - `src/app/api/invoices/route.ts` — sendPaymentSuccess missing fields fix - `src/app/customer/tickets/[id]/page.tsx` — useToast properly initialized - `src/app/customer/page.tsx` — invoice fix + 30s poll - `src/app/customer/layout.tsx` — immediate poll on mount - `src/app/customer/topup-request/page.tsx` — desktop grid layout - `src/app/customer/topup-direct/page.tsx` — remove standalone background/header - `src/app/customer/tickets/create/page.tsx` — remove standalone background - `src/app/api/customer/notifications/route.ts` — detect package_upgrade type - `src/app/api/customer/wifi/route.ts` — return 200 instead of 400 for unconfigured - `src/locales/id.json` + `en.json` — add nav.backToDashboard key --- ## [2.10.8] - 2026-02-20 (Customer Mobile App UX + i18n Admin Panel) ### \u2705 Customer Mobile App Fixes (React Native/Expo \u2014 C:\m) #### **1. Added: Customer ID & Phone Number Display** - Dashboard screen: ID Pelanggan (neonViolet) + nomor HP (neonBlue) under username - Profile screen: ID Pelanggan displayed in header + kontak section, HP in header - Backend API fixed: `customerId` field now returned in `/api/customer/dashboard` and `/api/customer/profile` responses **Files Modified:** - `src/app/api/customer/dashboard/route.ts` — Added `customerId` to response - `src/app/api/customer/profile/route.ts` — Added `customerId` to response - `C:\m\services\dashboard.ts` — Updated interface with `id`, `customerId`, `email`, `phone` - `C:\m\app\(tabs)\index.tsx` — Customer ID + phone display - `C:\m\app\(tabs)\profile.tsx` — ID Pelanggan + phone in header + contact section --- #### **2. Fixed: Dark Text on Dark Background (Global + Per-Component)** **Root Cause:** `PaperProvider` had no theme \u2014 all React Native Paper components defaulted to light theme. **Global Fix:** - Added `MD3DarkTheme` with custom cyberpunk colors to `PaperProvider` in `app/_layout.tsx` **Per-Component Fixes (11 files):** - `app/wifi.tsx` (CRITICAL) \u2014 Full rewrite: replaced Paper Card/Button with dark Views, fixed `backgroundColor: 'white'`, fixed `color: COLORS.text` (white-on-white) - `app/upgrade.tsx` \u2014 Package names text color + RadioButton dark theme colors - `app/(tabs)/invoices.tsx` \u2014 Dialog invoice text + 4 TextInput dark theme props - `app/(tabs)/wifi.tsx` \u2014 SSID text color + placeholderTextColor - `app/topup.tsx` \u2014 Label text color + placeholderTextColor - `app/tickets/create.tsx` \u2014 Category/priority text colors + RadioButton colors + placeholderTextColor - `app/tickets/[id].tsx` \u2014 Reply input placeholderTextColor --- #### **3. Fixed: Android System Navigation Bar Overlap** **Problem:** Android system nav bar was visible and covering bottom tab bar. **Solution:** - Installed `expo-navigation-bar` package - `app.json`: Added `navigationBarColor`, `navigationBarStyle`, and plugin config (`position: absolute, visibility: hidden, behavior: overlay-swipe`) - `app/_layout.tsx`: Added `useEffect` to hide nav bar programmatically on Android via `NavigationBar.setVisibilityAsync('hidden')` + `setBehaviorAsync('overlay-swipe')` - `app/(tabs)/_layout.tsx`: `useSafeAreaInsets()` for dynamic tab bar bottom padding --- #### **4. APK Rebuild** - Output: `salfanet-radius-customer-release.apk` (94.57 MB) - Fix applied: `$env:NODE_ENV = $null` before `npm install` to prevent devDependencies from being skipped in PowerShell sessions where `NODE_ENV=production` was leftover --- ### \u2705 Admin Panel \u2014 i18n / International Translations (February 2026) #### **301 New Translation Keys Added (en.json + id.json)** All hardcoded strings in 20+ admin pages replaced with `t()` translation calls: - `push-notifications` \u2014 All UI strings - `hotspot/voucher`, `hotspot/profile`, `hotspot/agent`, `hotspot/evoucher` - `keuangan`, `invoices`, `payment-gateway`, `manual-payments` - `pppoe/balance`, `pppoe/users`, `pppoe/registrations`, `pppoe/areas`, `pppoe/profiles` - `network/routers`, `network/olts`, `network/odcs` - `settings/database`, `settings/email`, `settings/company` - `whatsapp` (3 sub-pages), `inventory` (3 sub-pages), `dashboard`, `management` --- ## [2.10.7] - 2026-01-10 (Critical Fixes: FreeRADIUS, PM2, Installer) ### 🔥 Critical Fixes #### **1. Fixed: vps-installer.sh Ambiguous Redirect Error** **Problem:** ```bash vps-installer.sh: line 141: ${INSTALL_INFO_FILE}: ambiguous redirect ``` **Solution:** - ✅ Added quotes to variable: `cat > "${INSTALL_INFO_FILE}"` - ✅ Prevents shell expansion issues - ✅ Safe for paths with spaces/special chars **Files Modified:** - `vps-install/vps-installer.sh` - Line 141 --- #### **2. Fixed: FreeRADIUS Failed to Start** **Problem:** ``` Jan 10 00:59:57 systemd[1]: freeradius.service: Control process exited Jan 10 00:59:57 systemd[1]: freeradius.service: Failed with result 'exit-code' ExecStartPre= process exit status 1 ``` **Root Cause:** - FreeRADIUS config tidak di-test sebelum start - systemd gagal start service tanpa error details - Tidak ada cleanup process sebelum restart **Solution:** - ✅ **Test config dulu**: `freeradius -CX` before systemctl start - ✅ **Stop existing service**: Kill freeradius processes before start - ✅ **Error logging**: Save test output to `/tmp/freeradius-test.log` - ✅ **Helpful error messages**: Show last 30 lines of config test - ✅ **Troubleshooting guide**: Common fixes untuk config errors **Enhanced start_freeradius() function:** ```bash start_freeradius() { # Stop existing first systemctl stop freeradius 2>/dev/null || true killall -9 freeradius 2>/dev/null || true sleep 2 # Test config first if freeradius -CX 2>&1 | tee /tmp/freeradius-test.log | grep -q "Configuration appears to be OK"; then print_success "Config valid" else print_error "Config errors!" tail -30 /tmp/freeradius-test.log return 1 fi # Start service systemctl enable freeradius systemctl start freeradius } ``` **Verification:** ```bash # Check FreeRADIUS status systemctl status freeradius # Test config manually freeradius -CX # View logs journalctl -u freeradius -n 50 --no-pager # Debug mode freeradius -X ``` **Files Modified:** - `vps-install/install-freeradius.sh` - Enhanced start_freeradius() --- #### **3. PM2 Cron Service Integration** **Problem:** - Cron service tidak otomatis start dengan PM2 - User harus manual start `pm2 start cron-service.js` - Tidak konsisten dengan main app **Solution:** - ✅ **Integrated in ecosystem.config.js**: Cron service sekarang auto-start - ✅ **Unified management**: Both apps (radius + cron) managed together - ✅ **Auto-restart**: Cron service auto-restart on crash - ✅ **Memory limit**: 150M max untuk cron service - ✅ **Separate logs**: cron-error.log, cron-out.log **New ecosystem.config.js Structure:** ```javascript module.exports = { apps: [ { name: 'salfanet-radius', script: 'npm', args: 'start', instances: 1, exec_mode: 'cluster', max_memory_restart: '400M', // ... main app config }, { name: 'salfanet-cron', script: './cron-service.js', instances: 1, exec_mode: 'fork', max_memory_restart: '150M', restart_delay: 5000, // ... cron service config } ] }; ``` **PM2 Commands (Updated):** ```bash # View both apps sudo -u salfanet pm2 list # Logs (main app) sudo -u salfanet pm2 logs salfanet-radius # Logs (cron service) sudo -u salfanet pm2 logs salfanet-cron # Restart main app sudo -u salfanet pm2 restart salfanet-radius # Restart cron service sudo -u salfanet pm2 restart salfanet-cron # Restart both sudo -u salfanet pm2 restart all ``` **Files Modified:** - `vps-install/install-pm2.sh`: - Updated `create_pm2_config()` - Include cron service - Updated `start_pm2_app()` - Start both apps - Simplified `start_cron_service()` - Auto via ecosystem.config.js --- ### 📋 Summary **3 Critical Issues Fixed:** 1. ✅ Installer redirect error - Variable quoting 2. ✅ FreeRADIUS failed to start - Config test + cleanup 3. ✅ Cron service manual start - Integrated in PM2 ecosystem **Benefits:** - 🚀 Smoother installation process - 🔍 Better error diagnostics (FreeRADIUS config test) - 🤖 Automated cron service management - 📊 Unified PM2 monitoring for both apps - 🛡️ More robust service startup **Testing:** ```bash # Fresh install test cd /root/SALFANET-RADIUS-main/vps-install sudo ./vps-installer.sh # Verify both apps running sudo -u salfanet pm2 list # Should show: salfanet-radius (online), salfanet-cron (online) # Check FreeRADIUS systemctl status freeradius # Should show: active (running) ``` --- ## [2.10.6] - 2026-01-10 (Complete Uninstaller & Prisma Fixes) ### 🗑️ VPS Uninstaller - Complete Removal Tool #### **NEW Feature: vps-uninstaller.sh** Comprehensive uninstaller untuk remove semua komponen SALFANET RADIUS dan enable fresh install. **Fitur:** - ✅ **Safety First**: Requires typing "REMOVE EVERYTHING" untuk konfirmasi - ✅ **Automatic Backup**: Optional backup database & configs sebelum removal - ✅ **Backup Location**: `/root/salfanet-backup-TIMESTAMP/` - database.sql (full dump) - env.backup (.env file) - freeradius-backup/ (RADIUS configs) - nginx-backup (Nginx config) - ✅ **Selective Removal**: Interactive prompts untuk Node.js, MySQL removal - ✅ **Complete Cleanup**: Removes all traces untuk fresh start **Components Removed:** 1. ✅ PM2 processes (salfanet-radius, salfanet-cron) 2. ✅ Application files (/var/www/salfanet-radius) 3. ✅ MySQL database (salfanet_radius) & user (salfanet_user) 4. ✅ FreeRADIUS configuration & logs 5. ✅ Nginx site configuration 6. ✅ User account (salfanet) 7. ✅ Firewall rules (RADIUS ports) 8. ✅ All logs (/var/log/salfanet-vps-install.log, etc.) 9. ⚠️ Optional: PM2 global (if no other apps) 10. ⚠️ Optional: Node.js (if no other apps) 11. ⚠️ Optional: MySQL (DANGER - removes all databases) **Usage:** ```bash cd /root/SALFANET-RADIUS-main/vps-install chmod +x vps-uninstaller.sh sudo ./vps-uninstaller.sh ``` **Fresh Install Workflow:** ```bash # 1. Uninstall (with backup) sudo ./vps-uninstaller.sh # 2. Fresh install sudo ./vps-installer.sh ``` ### 🔧 Prisma Engine Fixes #### **Problem:** Error `spawn schema-engine EACCES` saat prisma generate/db push karena engine binaries tidak executable setelah ownership change. **Fitur Baru:** **1. Auto-Fix in install-app.sh** - ✅ Added `fix_prisma_engines()` function - ✅ Runs before prisma generate & db push - ✅ Sets execute permissions: chmod +x node_modules/@prisma/engines/* - ✅ Handles all engine types: schema, query, migration, introspection, prisma-fmt **2. fix-prisma-engines.sh - Standalone Fix** Location: `vps-install/fix-prisma-engines.sh` ```bash sudo ./fix-prisma-engines.sh ``` - ✅ Detect all Prisma engine binaries - ✅ Fix permissions automatically - ✅ Test engine executability - ✅ Verify prisma commands work - ✅ Show summary (total vs executable engines) **3. Enhanced fix-permissions.sh** - ✅ Include Prisma engines in permission fix - ✅ Fix Next.js binaries too - ✅ Comprehensive binary permission handling **Files Modified:** - `vps-install/install-app.sh` - Auto-fix Prisma engines - `vps-install/fix-permissions.sh` - Include engines - `vps-install/fix-prisma-engines.sh` - NEW standalone fix - `vps-install/README.md` - Prisma troubleshooting guide - `vps-install/QUICK_REFERENCE.md` - Quick fix commands **Common Errors Fixed:** 1. ✅ `spawn schema-engine EACCES` - Fixed by chmod +x 2. ✅ `Error: Command failed with EACCES` - Auto-detected & fixed 3. ✅ Prisma commands fail after ownership change - Prevented 4. ✅ Tables not created during seed - Fixed via proper db push --- ## [2.10.5] - 2026-01-10 (Permission Fix - Run PM2 Without Sudo) ### 🔧 VPS Installer - User Permissions & PM2 Non-Root Execution #### **Problem:** - ❌ PM2 requires sudo for every command (permission denied) - ❌ Application files owned by root - ❌ Cannot run PM2 as salfanet user - ❌ Security risk running application as root #### **Fitur Baru:** **1. Dedicated Application User** - ✅ Create `salfanet` user for running application - ✅ Set proper ownership: `salfanet:salfanet` - ✅ Setup PM2 directories: `/home/salfanet/.pm2/` - ✅ Application files owned by salfanet, not root **2. Auto Permission Fix in Installer** Location: `vps-install/install-app.sh` - ✅ `create_app_user()` - Create salfanet user during install - ✅ `fix_permissions()` - Set ownership to salfanet:salfanet - ✅ Auto-fix node_modules/.bin permissions - ✅ Setup logs directory with proper ownership **3. PM2 Run as App User** Location: `vps-install/install-pm2.sh` - ✅ `install_pm2()` - Setup PM2 for salfanet user - ✅ `start_pm2_app()` - Start PM2 as salfanet (not root) - ✅ `cleanup_pm2_processes()` - Cleanup both root and salfanet PM2 - ✅ PM2 startup configured for salfanet user **4. fix-permissions.sh - Standalone Fix Script** Location: `vps-install/fix-permissions.sh` ```bash sudo ./fix-permissions.sh ``` - ✅ Create salfanet user if not exists - ✅ Fix all file ownership to salfanet:salfanet - ✅ Fix file/directory permissions (644/755) - ✅ Setup PM2 directories - ✅ Show commands to run PM2 without sudo **5. Updated Common Configuration** Location: `vps-install/common.sh` - ✅ Added `APP_USER="salfanet"` - ✅ Added `APP_GROUP="salfanet"` - ✅ All modules use these variables #### **Files Modified:** - `vps-install/common.sh` - Added APP_USER and APP_GROUP variables - `vps-install/install-app.sh` - Added create_app_user(), updated fix_permissions() - `vps-install/install-pm2.sh` - Run PM2 as salfanet user - `vps-install/fix-permissions.sh` - NEW standalone permission fix script - `vps-install/README.md` - Added permission troubleshooting section - `CHANGELOG.md` - Documented changes #### **Cara Pakai:** **Otomatis (New Installation):** Installer sekarang otomatis create salfanet user dan set proper permissions. **Manual Fix (Existing Installation):** ```bash cd vps-install chmod +x fix-permissions.sh sudo ./fix-permissions.sh ``` **Run PM2 Without Sudo:** ```bash # Method 1: Switch to salfanet user sudo su - salfanet pm2 list pm2 logs salfanet-radius pm2 restart salfanet-radius # Method 2: Run directly sudo -u salfanet pm2 list sudo -u salfanet pm2 logs salfanet-radius sudo -u salfanet pm2 restart salfanet-radius ``` **Common Issues Fixed:** 1. ✅ "EACCES: permission denied" - Fixed by proper ownership 2. ✅ "Cannot write to log file" - Logs owned by salfanet 3. ✅ "PM2 requires sudo" - Run as salfanet user 4. ✅ "Security risk running as root" - Application runs as salfanet #### **Security Benefits:** - ✅ Application tidak jalan sebagai root (lebih aman) - ✅ Isolasi user - salfanet user khusus untuk aplikasi - ✅ File permissions yang tepat (644 untuk files, 755 untuk dirs) - ✅ PM2 daemon jalan sebagai salfanet (bukan root) --- ## [2.10.4] - 2026-01-09 (Port Conflict Detection & Auto-Fix) ### 🔧 VPS Installer - Port Conflict Handler #### **Fitur Baru:** **1. Automatic Port Conflict Detection** - ✅ Pre-check port 3000 sebelum start PM2 - ✅ Detect processes menggunakan lsof, netstat, dan ss - ✅ Show detailed process information (PID, user, command) - ✅ Interactive prompt untuk kill conflicting processes **2. Automatic Cleanup Functions** - ✅ `check_port_conflict()` - Check dan handle port conflicts - ✅ `kill_conflicting_processes()` - Graceful kill dengan fallback ke force kill - ✅ `cleanup_pm2_processes()` - Cleanup orphaned PM2 processes - ✅ Verify port is free setelah cleanup **3. check-port.sh - Standalone Port Checker** Location: `vps-install/check-port.sh` ```bash # Usage sudo ./check-port.sh 3000 ``` - ✅ Multi-method detection (lsof, netstat, ss) - ✅ Show process details dan user - ✅ Detect Node.js/PM2 processes - ✅ Interactive kill dengan confirmation - ✅ Verify port freed after kill **4. Prisma Update Notification Suppression** - ✅ Added `PRISMA_HIDE_UPDATE_MESSAGE=true` untuk prisma generate - ✅ Added `PRISMA_HIDE_UPDATE_MESSAGE=true` untuk npm run build - ✅ Menghilangkan notifikasi update yang tidak perlu **5. Enhanced Error Messages** - ✅ Better PM2 error logging (30 lines logs) - ✅ Troubleshooting commands di error message - ✅ Longer stabilization wait (5s) setelah PM2 start **6. README Troubleshooting Section** - ✅ Port conflict troubleshooting guide - ✅ Common causes dan solutions - ✅ Manual commands untuk debugging - ✅ Change port instructions #### **Files Modified:** - `vps-install/install-pm2.sh` - Added port conflict detection - `vps-install/check-port.sh` - NEW standalone port checker - `vps-install/README.md` - Added troubleshooting section - `CHANGELOG.md` - Documented changes #### **Cara Pakai:** **Otomatis (Built-in):** Installer sekarang otomatis check port conflicts sebelum start PM2. **Manual Check:** ```bash cd vps-install chmod +x check-port.sh sudo ./check-port.sh 3000 ``` **Common Issues Fixed:** 1. ✅ Process running as different user (sudo vs non-sudo) 2. ✅ Old PM2 daemon conflicts 3. ✅ Orphaned Node.js processes 4. ✅ Another app using port 3000 5. ✅ PM2 errored immediately after "online" status --- ## [2.10.3] - 2026-01-09 (Modular Installer Architecture) ### 🔧 VPS Installer - Modular Refactoring #### **Background:** Memecah installer VPS monolitik (1839 baris) menjadi arsitektur modular untuk mempermudah debugging, maintenance, dan selective installation. #### **Masalah dengan Script Monolitik:** - ❌ Error tidak jelas di bagian mana (1839 baris dalam 1 file) - ❌ Sulit debug bila ada kegagalan di tengah proses - ❌ Tidak bisa test per komponen - ❌ Bila 1 step gagal, harus ulang dari awal - ❌ Maintenance susah - perubahan di 1 bagian bisa affect yang lain - ❌ Code duplication (colors, functions, checks berulang) #### **New Modular Structure:** **Directory:** `vps-install/` (NEW) **1. common.sh** (Shared Utilities - ~300 lines) - ✅ Color definitions (RED, GREEN, YELLOW, CYAN, etc.) - ✅ Logging functions: `print_success()`, `print_error()`, `print_info()`, `print_warning()`, `print_step()` - ✅ IP detection: `detect_ip_address()` - Multi-source public/private IP detection - ✅ System checks: `check_root()`, `detect_os()`, `check_directory()` - ✅ Utility functions: `generate_secret()`, `save_install_info()`, `wait_for_service()`, `verify_installation()` - ✅ Global configuration variables (NODE_VERSION, APP_DIR, DB credentials, etc.) - ✅ Banner & info display functions - ✅ Logging to `/var/log/salfanet-vps-install.log` - ✅ All functions exported untuk module reuse **2. install-system.sh** (System Setup Module - ~400 lines) - ✅ **Step 1:** System update & upgrade (`apt update`, `apt upgrade`) - ✅ **Dependencies:** curl, wget, git, build-essential, nginx, certbot, chrony, ntpdate, xl2tpd, strongswan - ✅ **PPP/TUN Setup untuk Proxmox VPS:** * Create `/dev/ppp` device (untuk PPPoE) * Create `/dev/net/tun` device (untuk VPN) * Load kernel modules: ppp_generic, ppp_async, l2tp_core, tun * Configure persistent module loading (`/etc/modules-load.d/ppp.conf`) - ✅ **IP Forwarding:** Enable `net.ipv4.ip_forward` untuk routing - ✅ **Sysctl Configuration:** Security settings (SYN cookies, ICMP redirects) - ✅ **Timezone:** Set ke Asia/Jakarta (WIB) - ✅ **NTP Sync:** Configure Chrony dengan Indonesian NTP servers * id.pool.ntp.org (preferred) * Asia pool servers * Google & Cloudflare backup * Force sync dengan `chronyc makestep` * Sync hardware clock - ✅ **Verification:** Check PPP, TUN, IP forwarding, SSH access safety **3. install-nodejs.sh** (Node.js Module - ~100 lines) - ✅ Add NodeSource repository untuk Node.js 20 LTS - ✅ Install nodejs package - ✅ Verify installation (node --version, npm --version) - ✅ Configure npm global directory - ✅ Standalone execution capability **4. install-mysql.sh** (MySQL Database Module - ~300 lines) - ✅ Remove old MySQL installation (clean slate) - ✅ Install MySQL 8.0 fresh - ✅ Secure installation (set root password) - ✅ Create database `salfanet_radius` dengan charset utf8mb4 - ✅ Create user `salfanet_user` dengan privileges - ✅ **Backup existing database** (bila sudah ada) - ✅ **Interactive option:** Keep atau drop existing DB - ✅ **Timezone configuration:** Set MySQL timezone ke `+07:00` (Asia/Jakarta) * Create persistent config di `/etc/mysql/mysql.conf.d/timezone.cnf` * Set global timezone immediately * Verify timezone sync dengan system - ✅ **Connection test** sebelum lanjut - ✅ Standalone execution capability **5. install-app.sh** (Application Setup Module - ~400 lines) - ✅ Copy source dari install location ke `/var/www/salfanet-radius` - ✅ Create `.env` file dengan configuration: * DATABASE_URL dengan MySQL credentials * NEXTAUTH_SECRET (generated random) * NEXTAUTH_URL dengan detected IP - ✅ `npm install` dengan error handling & retry - ✅ `npx prisma generate` - Generate Prisma client - ✅ `npx prisma db push` - Create database schema - ✅ **Run seeders:** * `prisma/seed.ts` - Admin user & default settings * `prisma/seeds/seed-templates.js` - Notification templates * `prisma/seeds/seed-voucher.js` - Voucher templates * `prisma/seeds/fix-emoji.js` - Fix emoji encoding - ✅ Fix file permissions untuk PM2 execution - ✅ Verify directory structure & files - ✅ Standalone execution capability **6. install-freeradius.sh** (FreeRADIUS Module - ~500 lines) - ✅ Remove old FreeRADIUS installation (clean) - ✅ Install packages: freeradius, freeradius-mysql, freeradius-utils, freeradius-rest - ✅ **Restore configuration dari backup** (`freeradius-config/` bila ada) - ✅ **Configure SQL module:** * Set MySQL credentials (DB_USER, DB_PASSWORD, DB_NAME) * Enable SQL module (`ln -s mods-available/sql mods-enabled/sql`) * Configure accounting, post-auth, authorize - ✅ **Configure CoA (Change of Authorization):** * Enable dynamic VLAN changes * Configure disconnect messages - ✅ **Configure ports:** 1812 (auth), 1813 (accounting), 3799 (CoA) - ✅ **Firewall rules:** Open RADIUS ports dengan UFW - ✅ Start & enable FreeRADIUS service - ✅ **Verify dengan radtest** - ✅ Debug mode option (`freeradius -X`) - ✅ Standalone execution capability **7. install-nginx.sh** (Nginx Module - ~200 lines) - ✅ Create Nginx site configuration - ✅ **Reverse proxy** ke Next.js app (localhost:3000) - ✅ Configure gzip compression - ✅ WebSocket support untuk real-time features - ✅ Client max body size (large file uploads) - ✅ Timeout settings - ✅ SSL/HTTPS ready (manual SSL setup nanti) - ✅ Enable site & restart Nginx - ✅ Verify Nginx running - ✅ Standalone execution capability **8. install-pm2.sh** (PM2 & Build Module - ~500 lines) - ✅ Install PM2 globally - ✅ **Memory check & swap creation:** * Check available memory * Create 2GB swap bila memory < 2GB * Persistent swap configuration - ✅ **Build application:** * `npm run build` dengan error handling * Build log ke `/tmp/build.log` * Progress indicator * Verify `.next` directory created - ✅ **PM2 Process Management:** * Start app dengan `ecosystem.config.js` * Auto-restart on failure * Watch mode disabled (production) * Max memory limit - ✅ **Cron Service:** * Start `cron-service.js` untuk scheduled tasks * Separate PM2 process - ✅ **PM2 Startup:** * Save PM2 configuration * Enable auto-start on boot * systemd integration - ✅ **Post-Installation Fixes:** * Run emoji template fixes * Re-seed notification templates * Update voucher templates * Verify invoice format - ✅ Verify application running - ✅ Display PM2 status - ✅ Standalone execution capability **9. vps-installer.sh** (Main Orchestrator - ~300 lines) - ✅ **Print banner** dengan installation info - ✅ **Detect IP address** (public/private auto-detection) - ✅ **Interactive IP confirmation** (Y/n/custom) - ✅ **Check root & directory** requirements - ✅ **Detect OS** (Ubuntu/Debian version) - ✅ **Source all modules** dengan dependency order - ✅ **Execute installation steps:** 1. install-system.sh - System setup 2. install-nodejs.sh - Node.js 3. install-mysql.sh - MySQL database 4. install-app.sh - Application files & schema 5. install-freeradius.sh - RADIUS server 6. install-nginx.sh - Web server 7. install-pm2.sh - Process manager & build - ✅ **Error handling:** Stop on error dengan clear message - ✅ **Final summary:** Display access URL, credentials, next steps - ✅ **Installation info file:** Save all config to `INSTALLATION_INFO.txt` **10. README.md** (Documentation - ~600 lines) - ✅ Complete module documentation - ✅ Installation methods (full / step-by-step / selective) - ✅ Debugging guide per module - ✅ Error recovery scenarios - ✅ Configuration files reference - ✅ Migration guide from monolithic script #### **Benefits of Modular Architecture:** **1. Error Isolation & Tracking:** ```bash # Before (Monolithic): ERROR: Installation failed # After (Modular): [install-mysql.sh] ERROR: Failed to create database File: vps-install/install-mysql.sh Line: 125 Function: create_database() ``` **2. Independent Testing:** ```bash # Test individual components ./install-mysql.sh # Only test MySQL ./install-freeradius.sh # Only test FreeRADIUS ./install-pm2.sh # Only test build & PM2 ``` **3. Selective Re-installation:** ```bash # MySQL corrupt? Reinstall only MySQL ./install-mysql.sh # FreeRADIUS config wrong? Fix only RADIUS ./install-freeradius.sh # Build failed? Rebuild only ./install-pm2.sh ``` **4. Easy Maintenance:** - Update FreeRADIUS config → Edit `install-freeradius.sh` saja - Change MySQL setup → Edit `install-mysql.sh` saja - No risk ke komponen lain - Clear separation of concerns **5. Better Debugging:** - Each module has own scope - Error messages show exact file & function - Logs per module clearly marked - Stack trace points to specific code **6. Flexible Deployment:** - Install all components: `./vps-installer.sh` - Install specific component: `./install-.sh` - Skip already-installed components - Resume from failed step #### **Installation Flow:** ``` vps-installer.sh ├── Detect IP & show info ├── Confirm IP address ├── Check root & directory │ ├─[1]─> install-system.sh (2 min) │ └── System update, PPP/TUN, timezone, NTP │ ├─[2]─> install-nodejs.sh (2 min) │ └── Node.js 20 LTS │ ├─[3]─> install-mysql.sh (2 min) │ └── MySQL 8.0, database, user, timezone │ ├─[4]─> install-app.sh (10 min - LONGEST) │ └── Copy files, npm install, Prisma, seeders │ ├─[5]─> install-freeradius.sh (2 min) │ └── RADIUS server, SQL module, CoA │ ├─[6]─> install-nginx.sh (1 min) │ └── Reverse proxy, gzip, websocket │ └─[7]─> install-pm2.sh (5-10 min) └── Swap, build, PM2 start, cron, fixes ``` Total time: ~20-25 minutes (sama dengan monolithic) #### **Error Recovery Examples:** **Scenario 1: MySQL Install Gagal** ```bash # Check error tail -f /var/log/salfanet-vps-install.log | grep "mysql" # Fix & re-run hanya MySQL module ./install-mysql.sh ``` **Scenario 2: Build Timeout (Out of Memory)** ```bash # Check memory free -h # Re-run PM2 module (auto-create swap) ./install-pm2.sh ``` **Scenario 3: FreeRADIUS Config Error** ```bash # Debug RADIUS freeradius -X # Fix config & re-run ./install-freeradius.sh ``` #### **Migration dari vps-install.sh:** **Old monolithic script:** ``` vps-install.sh (1839 lines) - All-in-one - Hard to debug - Cannot test components - Full reinstall bila error ``` **New modular structure:** ``` vps-install/ (9 files, ~2500 lines total) ├── common.sh (utilities) ├── install-system.sh (system) ├── install-nodejs.sh (node) ├── install-mysql.sh (database) ├── install-app.sh (application) ├── install-freeradius.sh (radius) ├── install-nginx.sh (webserver) ├── install-pm2.sh (process manager) └── vps-installer.sh (orchestrator) Benefits: ✅ Easy to debug ✅ Independent testing ✅ Selective reinstall ✅ Clear error tracking ✅ Better maintenance ``` #### **Usage Examples:** **Full Installation:** ```bash cd /root/SALFANET-RADIUS-main/vps-install chmod +x *.sh ./vps-installer.sh ``` **Step-by-Step Installation:** ```bash ./install-system.sh # Step 1 ./install-nodejs.sh # Step 2 ./install-mysql.sh # Step 3 ./install-app.sh # Step 4 ./install-freeradius.sh # Step 5 ./install-nginx.sh # Step 6 ./install-pm2.sh # Step 7 ``` **Selective Component Fix:** ```bash # Only fix FreeRADIUS ./install-freeradius.sh # Only rebuild application ./install-pm2.sh ``` #### **Files Created:** **NEW:** - `vps-install/vps-installer.sh` (300 lines) - Main orchestrator - `vps-install/common.sh` (300 lines) - Shared utilities - `vps-install/install-system.sh` (400 lines) - System setup - `vps-install/install-nodejs.sh` (100 lines) - Node.js - `vps-install/install-mysql.sh` (300 lines) - MySQL - `vps-install/install-app.sh` (400 lines) - Application - `vps-install/install-freeradius.sh` (500 lines) - FreeRADIUS - `vps-install/install-nginx.sh` (200 lines) - Nginx - `vps-install/install-pm2.sh` (500 lines) - PM2 & Build - `vps-install/README.md` (600 lines) - Documentation **PRESERVED:** - `vps-install.sh` (1839 lines) - Original monolithic (backward compatibility) **LOGS:** - `/var/log/salfanet-vps-install.log` - Installation log dengan timestamps --- ## [2.10.3] - 2026-01-09 (VPN Installer Modular Refactoring) ### 🔧 VPN Installer - Modular Architecture #### **Background:** Restructured monolithic VPN installer into modular components for easier debugging, maintenance, and selective installation. #### **New Modular Structure:** **Directory:** `scripts/vpn-install/` (NEW) 1. **vpn-installer.sh** (Main Orchestrator - 350 lines) - ✅ Interactive menu system with colored UI - ✅ Command-line arguments: `--wireguard`, `--openvpn`, `--l2tp`, `--all` - ✅ Status display: `--status`, `--firewall` - ✅ Service restart functionality - ✅ Coordinates all installation modules - ✅ Can install protocols individually or all at once 2. **common.sh** (Shared Utilities - 300 lines) - ✅ Color definitions (RED, GREEN, YELLOW, CYAN, etc.) - ✅ Logging functions: `log()`, `error()`, `success()`, `warning()` - ✅ System checks: `check_root()`, `detect_os()` - ✅ Network utilities: `get_public_ip()`, `get_default_interface()` - ✅ IP forwarding configuration - ✅ Base package installation - ✅ Service verification helpers - ✅ All functions exported for module reuse 3. **firewall.sh** (Firewall Management - 150 lines) - ✅ `setup_wireguard_firewall()` - Port 51820/UDP + NAT - ✅ `setup_openvpn_firewall()` - Port 1194/UDP + NAT - ✅ `setup_l2tp_firewall()` - Ports 500/4500/1701/UDP + ESP + NAT - ✅ `save_iptables_rules()` - Persist with netfilter-persistent - ✅ `show_firewall_status()` - Display configuration - ✅ Standalone execution: `./firewall.sh [protocol|show]` 4. **install-wireguard.sh** (WireGuard Module - 300 lines) - ✅ Package installation: wireguard, wireguard-tools, qrencode - ✅ Server key generation - ✅ `/etc/wireguard/wg0.conf` creation with PostUp/PostDown rules - ✅ Client script installer: `wg-add-client` command - ✅ Client outputs: Universal config, MikroTik script, QR code - ✅ Service management and verification - ✅ Standalone execution capability - ✅ Network: 10.8.0.0/24, Port: 51820/UDP 5. **install-openvpn.sh** (OpenVPN Module - 350 lines) - ✅ Package installation: openvpn, easy-rsa - ✅ PKI setup at `/etc/openvpn/easy-rsa` - ✅ Non-interactive CA generation - ✅ Server certificate and DH parameters - ✅ TLS-auth key generation - ✅ `/etc/openvpn/server.conf` with AES-256-GCM - ✅ Client script installer: `ovpn-add-client` command - ✅ Embedded certificate .ovpn generation - ✅ Progress indicator for DH generation - ✅ Standalone execution capability - ✅ Network: 10.8.1.0/24, Port: 1194/UDP 6. **install-l2tp.sh** (L2TP/IPSec Module - 400 lines) - ✅ Package installation: strongswan, xl2tpd - ✅ Pre-Shared Key generation - ✅ `/etc/ipsec.conf` with IKEv2 + L2TP/PSK modes - ✅ `/etc/ipsec.secrets` configuration - ✅ `/etc/xl2tpd/xl2tpd.conf` setup - ✅ PPP configuration with MS-CHAPv2 - ✅ User management scripts: `l2tp-add-user`, `l2tp-list-users` - ✅ MikroTik script generation in user script - ✅ Dual service management (strongswan + xl2tpd) - ✅ Standalone execution capability - ✅ Network: 10.8.2.0/24, Ports: 500/4500/1701/UDP 7. **README.md** (Documentation - 400 lines) - ✅ Complete module documentation - ✅ Installation methods (interactive, CLI, standalone) - ✅ Module function reference - ✅ Client management examples - ✅ Troubleshooting guide per module - ✅ Security recommendations - ✅ Uninstallation procedures #### **Benefits of Modular Architecture:** 1. **Error Isolation:** - Errors clearly indicate which module failed - Stack traces point to specific file and function - No more searching through 800-line script 2. **Independent Testing:** - Test each protocol separately - Run standalone: `./install-wireguard.sh` - No need to install all protocols to test one 3. **Easy Maintenance:** - Fix bugs in specific module without touching others - Update one protocol without risk to others - Clear separation of concerns 4. **Selective Installation:** - Install only needed protocols - Command: `./vpn-installer.sh --wireguard` - Saves resources on small VPS 5. **Reusable Components:** - Common functions shared via `common.sh` - No code duplication - Consistent error handling 6. **Professional Pattern:** - Follows enterprise installer design - Similar to package managers (apt, yum) - Aligned with "install wizard" concept #### **Migration from Monolithic Script:** **Before:** `scripts/vpn-installer.sh` (800 lines, all-in-one) - Difficult to debug - Hard to maintain - Cannot install protocols separately - Error tracking challenging **After:** `scripts/vpn-install/` (6 modular files, ~1,500 lines total) - Clear error messages with file/function context - Easy to debug and test - Flexible installation options - Professional architecture - Better code organization #### **Usage Examples:** **Interactive Menu:** ```bash cd scripts/vpn-install sudo ./vpn-installer.sh # Select from menu: Install WireGuard, OpenVPN, L2TP, or All ``` **Command Line:** ```bash # Install specific protocol sudo ./vpn-installer.sh --wireguard sudo ./vpn-installer.sh --openvpn sudo ./vpn-installer.sh --l2tp # Install all protocols sudo ./vpn-installer.sh --all # Check status sudo ./vpn-installer.sh --status sudo ./vpn-installer.sh --firewall ``` **Standalone Modules:** ```bash # Run individual installer sudo ./install-wireguard.sh sudo ./install-openvpn.sh sudo ./install-l2tp.sh ``` #### **Client Management Commands:** After installation, management commands are available: **WireGuard:** ```bash wg-add-client # Add client with auto IP wg show # Show server status systemctl status wg-quick@wg0 # Service status ``` **OpenVPN:** ```bash ovpn-add-client [ip] # Add client with optional static IP systemctl status openvpn@server # Service status ``` **L2TP/IPSec:** ```bash l2tp-add-user [ip] # Add user with optional static IP l2tp-list-users # List all users ipsec status # IPSec status ``` #### **Configuration Storage:** All VPN configs stored in structured directory: ``` /etc/salfanet-vpn/ ├── config # General settings ├── wireguard/ # WireGuard configs ├── openvpn/ # OpenVPN PKI & configs ├── l2tp/ # L2TP PSK & configs └── clients/ # Generated client files ├── wireguard/ ├── openvpn/ └── l2tp/ ``` Logs: `/var/log/salfanet-vpn-install.log` #### **Files Modified/Created:** **NEW:** - `scripts/vpn-install/vpn-installer.sh` (350 lines) - `scripts/vpn-install/common.sh` (300 lines) - `scripts/vpn-install/firewall.sh` (150 lines) - `scripts/vpn-install/install-wireguard.sh` (300 lines) - `scripts/vpn-install/install-openvpn.sh` (350 lines) - `scripts/vpn-install/install-l2tp.sh` (400 lines) - `scripts/vpn-install/README.md` (400 lines) **DEPRECATED:** - `scripts/vpn-installer.sh` (kept for backward compatibility) --- ## [2.10.2] - 2026-01-08 (Notifications & Translation Fix) ### 🌐 VPN Multi-Protocol Installer #### 1. **Complete VPN Server Installer Script** **File:** `scripts/vpn-installer.sh` (NEW - 800+ lines) - ✅ **WireGuard Installation:** - Auto-generate server keys - Configure wg0 interface with NAT/masquerade - Client generator script: `wg-add-client ` - MikroTik RouterOS 7.x script generation - QR code generation for mobile clients - Network: 10.8.0.0/24, Port: 51820/UDP - ✅ **OpenVPN Installation:** - Easy-RSA PKI setup with auto-generated CA - Server & client certificate generation - TLS-Auth key for extra security - Client generator script: `ovpn-add-client [static-ip]` - Static IP assignment via CCD - Network: 10.8.1.0/24, Port: 1194/UDP - ✅ **L2TP/IPSec Installation:** - StrongSwan + xl2tpd setup - Auto-generated PSK (Pre-Shared Key) - IKEv2 + L2TP dual mode support - User management: `l2tp-add-user [ip]` - Network: 10.8.2.0/24, Ports: 500,4500,1701/UDP - ✅ **Features:** - Interactive menu with colorful banner - Command-line options: `--wireguard`, `--openvpn`, `--l2tp`, `--all` - Auto-detect OS (Ubuntu/Debian), public IP, default interface - IP forwarding auto-enable - Firewall rules auto-configure - Status checker: `--status` - Config directory: `/etc/salfanet-vpn/` - Logs: `/var/log/salfanet-vpn-install.log` #### 2. **VPN Installer Documentation** **File:** `docs/VPN_INSTALLER_GUIDE.md` (NEW - 400+ lines) - ✅ Quick install guide - ✅ All installation options documented - ✅ Client configuration for MikroTik, Windows, Mac, Mobile - ✅ SALFANET RADIUS integration steps - ✅ Firewall configuration (UFW/iptables) - ✅ Troubleshooting guide - ✅ Performance comparison table ### 🔔 Notifications Page Enhancement #### 1. **Complete Notifications Page Overhaul** **File:** `src/app/admin/notifications/page.tsx` - ✅ **Neon Cyberpunk Theme Applied:** - Dark purple background (#0a0118) with animated gradient orbs - Primary colors: Purple (#bc13fe), Cyan (#00f7ff), Pink (#ff44cc), Green (#00ff88) - Glowing effects with shadow-[0_0_Xpx_rgba(...)] - Grid pattern overlay for cyberpunk aesthetic - Animated pulse effects on background orbs - ✅ **UI Components Redesigned:** - Header: Purple to Pink gradient with cyan bell icon - Category cards: Dark theme with purple borders, glow on active - Stats boxes: Individual colored borders and backgrounds - Table: Dark theme with purple headers and cyan accents - Buttons: Gradient backgrounds with glow shadows - Unread indicators: Cyan border and pulsing dot - ✅ **New Features Added:** - **Category Filter Cards:** 7 categories (All, Unread, Invoice Overdue, New Registration, Payment Received, User Expired, System Alert) with icons and counters - **Bulk Selection:** Checkbox to select multiple notifications - **Bulk Delete:** Delete multiple notifications at once - **Delete All:** Delete all notifications with confirmation dialog - **Table Layout:** Structured columns (Status, Category, Title, Message, Time, Actions) - **Mark All as Read:** Button with full-width gradient style - ✅ **Translation Keys Updated:** - Uses `notifications.page.*` structure - All keys available in id.json and en.json - No hardcoded text ### 🌐 Translation System Fix #### 2. **Locale Files Structure Correction** **Files:** `src/locales/id.json`, `src/locales/en.json` - ✅ **Duplicate Keys Removed:** - Removed duplicate keys: "DEVICE"/"Device", "INSTALLATION"/"installation", "REPAIR"/"repair", "MAINTENANCE"/"maintenance", "NEW_REGISTRATION"/"new_registration" - JSON files now parse without errors - ✅ **OLT Translation Keys Restructured:** - Moved `olt` object from `network.olt.*` to root level `olt.*` - Fixed translation key path mismatch (code called `t('olt.*')` but keys were at `network.olt.*`) - All OLT pages now display translated text correctly ### 🧭 Navigation Fix #### 3. **Sidebar Dashboard Link** **File:** `src/app/admin/layout.tsx` - ✅ Changed dashboard link from `/admin/dashboard-new` to `/admin` - ✅ Fixed 404 error when clicking dashboard --- ## [2.10.1] - 2026-01-07 (Session Update) ### 🌐 VPN & NAS Management Enhancement #### 1. **Documentation - NAS to RADIUS Connection Guide** **File:** `docs/NAS_RADIUS_CONNECTION_COMPLETE_GUIDE.md` (NEW - 500+ lines) - ✅ Complete guide for connecting NAS clients to RADIUS via VPN - ✅ 6-phase roadmap implementation - ✅ WireGuard server setup guide - ✅ MikroTik CHR as VPN hub setup - ✅ Proxmox vs Public VPS deployment comparison - ✅ Step-by-step configuration for: - VPN Server (WireGuard/L2TP/CHR) - VPN Client registration - NAS MikroTik configuration - RADIUS integration via VPN IP #### 2. **VPN Setup Wizard Component** **File:** `src/components/network/VPNSetupWizard.tsx` (NEW - 1,197 lines) - ✅ **Dual Mode Support:** - **Guide Mode:** Static documentation without router (for learning) - **Router Mode:** Interactive setup with API integration - ✅ **5-Step Wizard:** - Step 1: VPN Type Selection / Architecture Overview - Step 2: Generate Config / VPN Server Setup - Step 3: MikroTik Setup / VPN Client Registration - Step 4: Test VPN / NAS Configuration - Step 5: RADIUS Setup / Final Integration - ✅ **Features:** - WireGuard key generation - MikroTik script generation (.rsc download) - VPN connection testing - RADIUS configuration script - Neon cyberpunk theme (Purple #bc13fe, Cyan #00f7ff) #### 3. **Router/NAS Management Page Enhancement** **File:** `src/app/admin/network/routers/page.tsx` - ✅ **Empty State Improvements:** - Added 3-step quick start guide panel - "VPN Setup Guide" button (opens wizard in guide mode) - "Tambah Router Pertama" button - ✅ **VPN Integration Enhancements:** - VPN Client toggle with gradient background - "Recommended" badge for VPN connection - Smart VPN Client selector with detailed info panel - VPN Type display (WireGuard/CHR/L2TP/PPTP) - Icon-based VPN type indicators - Descriptive info for each VPN type - RADIUS Server badge for special VPN clients - ✅ **IP Address Field:** - Auto-fill from VPN Client IP - Disabled state when VPN client selected - Visual confirmation (checkmark + "VPN IP" badge) - Dynamic placeholder based on VPN selection - Warning message when not using VPN - ✅ **Test Connection Enhancement:** - Sub-title with description - Smart disable (requires IP & username) - Enhanced result panel with icon boxes - Identity display in separate box - Helper tip when no test performed - ✅ **RADIUS Secret Field:** - Random generator button - Security icon with explanation - Context help about MikroTik sync - Mono font for better readability - ✅ **Modal Header:** - Gradient shadow on icon - Gradient text for title - Sub-description for context - Close button with hover effect #### 4. **VPN Client Management Enhancement** **File:** `src/app/admin/vpn/clients/page.tsx` - ✅ **Device Type - Router Added:** - New "Router" device type with Radio icon - Badge "NAS" in top-right corner - Grid layout: 5 columns (Router, Laptop, Mobile, Tablet, Desktop) - Default selected: Router - ✅ **Operating System - MikroTik RouterOS:** - 🔥 MikroTik RouterOS at top position - "Recommended for NAS" label - Separator line from other OS options - Default selected: MikroTik RouterOS - Full OS list: Windows 11/10, macOS, Linux, Android, iOS, ChromeOS - ✅ **Popup Size Optimization:** - Max-width: `max-w-2xl` (672px, was 512px) - Max-height: `max-h-[90vh]` with scroll - Responsive overflow handling - Close button (X) added to header - Optimized spacing (form: space-y-4, labels: mb-1.5) - Compact info box and button spacing - My-8 margin for scroll spacing #### 5. **Translation Keys Added** **Files:** `src/locales/id.json` & `src/locales/en.json` - ✅ **Common Keys:** - totalRouters, viaVpn, test - ✅ **Network Keys (50+ new):** - routerManagement, noRoutersYet, noRoutersDesc - addFirstRouter, loadingRouters, vpnClient, selectVpnClient - connectViaVpn, useVpnClientIp, testConnection - And many more... #### 6. **Interface Updates** **File:** `src/app/admin/network/routers/page.tsx` - ✅ VpnClient interface: - Added `vpnType?: string` field for type detection ### 🎨 UI/UX Improvements **Neon Cyberpunk Theme Consistency:** - Primary Cyan: #00f7ff - Primary Purple: #bc13fe - Accent Pink: #ff44cc - Gradient shadows and glows - Hover effects and transitions **Modal Enhancements:** - Consistent gradient backgrounds - Border glows with theme colors - Smooth transitions - Better spacing and padding - Improved button states **Empty State Design:** - Visual guide panels - Step-by-step instructions - Icon-based indicators - Call-to-action buttons ### 📚 Documentation Updates **Updated:** `docs/README.md` - ✅ Added link to NAS_RADIUS_CONNECTION_COMPLETE_GUIDE.md ### 🔧 Technical Details **VPN Type System:** - VPN type is global at VPN Client level (not per router) - Centralized management in VPN Management page - Router inherits VPN type from selected VPN Client - Consistent tracking across system **VPN Workflow:** 1. Setup VPN Server (WireGuard/CHR/L2TP) 2. Create VPN Client with specific VPN type 3. Add Router/NAS and select VPN Client 4. IP auto-filled from VPN Client 5. RADIUS uses VPN IP for authentication **Smart Defaults:** - Device Type: Router (for MikroTik NAS) - OS Type: MikroTik RouterOS - VPN Protocol: WireGuard (recommended) --- ## [2.10.0] - 2026-01-07 ### 🔄 MAJOR: Schema Sync with Production Database #### Critical Schema Fix **Problem:** Schema was missing 21+ models that exist in production database backup (`billing_radius_backup_2026-01-05_23-23-32.sql`) **Solution:** Ran `prisma db pull` to introspect and sync schema from actual database **Models Added/Fixed:** - ✅ `customer_otp_verifications` - Customer email/WhatsApp OTP verification - ✅ `customer_registrations` - Self-service customer registration system - ✅ `olt_monitoring_logs` - OLT monitoring history - ✅ `olt_onu_status` - ONU status tracking - ✅ `olt_performance_metrics` - OLT performance metrics - ✅ `user_dashboard_layouts` - Custom dashboard layouts per user - ✅ Fixed table name: `attendance_location` (was incorrectly plural) - ✅ Fixed table name: `cash_payment_request` (was incorrectly plural) **Schema Status:** - Total Models: 117 (matches database exactly) - Validation: ✅ Passed - Prisma Client: ✅ Generated successfully **Migration Status:** - Database already in sync with new schema - Migration documented: `20260107000000_merge_salfanet_features` - No destructive changes - all existing data preserved #### Documentation Merge - ✅ Copied 51+ documentation files from salfanet-radius-test - ✅ Added guides for GPS tracking, employee management, job system - ✅ Merged implementation guides and feature documentation ### 🔄 Salfanet-Radius-Test Feature Merge #### Schema Enhancements (prisma/schema.prisma) **PPPoE User Enhancements:** - Added `installationPhotos` (Json) - Store multiple installation photos with metadata - Added `idCardPhoto` (String) - Customer ID card photo for verification - Added `idCardNumber` (String) - Customer ID card number - Added `followRoad` (Boolean) - GPS routing preference for technician navigation **Unified Employee Management System:** - `employee` - Consolidated employee management (replaces separate technician/coordinator) - `employeeOtp` - OTP verification for employee clock-in/out - `workShift` - Configurable work shifts with time ranges - `attendanceLocation` - Geo-fenced attendance checkpoint locations - `employeeAttendance` - Attendance tracking with GPS verification - `employeeLocationTracking` - Real-time GPS tracking during work hours - `employeeCashAdvance` - Cash advance management and settlements - `employeeCommission` - Commission tracking for sales/installations - `employeeLeave` - Leave request and approval system - `employeeLocation` - Office/branch assignment for employees - `employeePerformance` - Performance review and rating system - `employeeSalaryRecord` - Historical salary records - `employeeOvertimeRequest` - Overtime request and approval workflow - `employeeTarget` - Monthly/quarterly performance targets - `gpsTrackingConsent` - User consent tracking for GPS features - `publicHoliday` - Public holiday management for attendance **Job Management System:** - `jobAssignment` - Technician job assignment with SLA tracking - `jobTeamMember` - Team composition for complex jobs - `recurringJob` - Scheduled recurring maintenance jobs - `collectionTask` - Bill collection task management **Equipment Management:** - `equipment` - Equipment inventory for technicians - `equipmentMovement` - Equipment transfer and usage tracking **VPN Management:** - `vpnServerSettings` - VPN server configuration (WireGuard support) - `vpnSite` - Site-to-site VPN configuration - `vpnConnectionLog` - VPN connection logging and analytics **Templates & Notifications:** - `invoiceTemplate` - Customizable invoice templates - `fcmToken` - Firebase Cloud Messaging for push notifications - `cashPaymentRequest` - Cash payment request from field technicians #### Documentation Updates - Merged 51+ documentation files from salfanet-radius-test - Added GPS tracking implementation guides - Added employee location tracking documentation - Added job management system roadmap - Added payroll and salary deduction guides - Added leave and overtime system documentation - Added PWA implementation guide - Added security implementation documentation - Reorganized documentation with guides/ subfolder structure #### Technical Notes - Schema validation: ✅ Passed - Prisma client generation: ✅ Success - Backward compatible with existing data - Database migration: Already applied via `prisma db push` #### Implementation Status **Database Layer:** ✅ COMPLETE - All 40+ new models added to schema - Database fully synchronized - Prisma client generated with all new types **API/UI Layer:** ⚠️ PENDING - New features (GPS, Employee, Job Management) have database models - API endpoints and UI components to be implemented in future updates - Existing features remain fully functional - No breaking changes to current functionality **Next Steps for Full Implementation:** 1. Create API routes for employee management (`/api/employees/*`) 2. Create API routes for job management (`/api/jobs/*`) 3. Create API routes for GPS tracking (`/api/gps/*`) 4. Build UI components for employee dashboard 5. Build UI components for job assignment workflow 6. Build UI components for GPS tracking and attendance 7. Implement real-time location tracking features 8. Add push notification system integration --- ## [2.9.15] - 2026-01-06 ### 🔧 FINAL FIX: OpenSSL PRNG Bypass for Proxmox LXC Containers #### Critical Issue: Low Entropy Causing SSH Crash After implementing v2.9.14 directory persistence fix, SSH still crashed with new error: **Error:** ``` PRNG is not seeded Could not load host key: /etc/ssh/ssh_host_ecdsa_key Unable to load host key "/etc/ssh/ssh_host_ecdsa_key": error:25066067:DSO support routines:dlfcn_load:could not load the shared library ssh.service: Failed with result 'exit-code' ``` **Root Cause:** - Proxmox LXC containers have **extremely low entropy** (~256 bits) - OpenSSL 3.0 DRBG (Deterministic Random Bit Generator) requires sufficient entropy - SSH daemon runs `sshd -t` config test before starting - Config test fails without PRNG seeding - Even haveged + rng-tools insufficient in containers **Previous Attempts Failed:** ```bash # Installed but entropy remained 256 apt-get install -y haveged rng-tools-debian # Still failed cat /proc/sys/kernel/random/entropy_avail # Output: 256 (too low) ``` #### Final Solution: Bypass OpenSSL Checks **Implemented systemd service override:** ```systemd # File: /etc/systemd/system/ssh.service.d/override.conf [Service] # Bypass OpenSSL configuration entirely Environment="OPENSSL_CONF=/dev/null" # Skip config test (requires entropy) ExecStartPre= ``` **Why This Works:** - `OPENSSL_CONF=/dev/null` → OpenSSL uses defaults, skips custom configs - Empty `ExecStartPre=` → Removes `sshd -t` test command - SSH daemon starts directly without PRNG check - Host keys already exist (generated during package install with enough entropy) - Runtime operation doesn't need config test **Testing Results:** ```bash systemctl restart ssh.service systemctl status ssh.service # ● ssh.service - OpenBSD Secure Shell server # Active: active (running) since Tue 2026-01-06 17:54:53 WIB # Server listening on 0.0.0.0 port 22 # Server listening on :: port 22 ss -tln | grep :22 # LISTEN 0 128 0.0.0.0:22 0.0.0.0:* # LISTEN 0 128 [::]:22 [::]:* ``` ✅ **SSH fully functional and survives reboots!** #### Files Modified **vps-install.sh:** - Lines 763-825: Complete SSH persistence solution - Install haveged + rng-tools (helps but not sufficient) - Create `/run/sshd` directory immediately - Create `ssh-runtime-directory.service` (directory persistence) - Create `ssh.service.d/override.conf` (OpenSSL bypass) **vps-install-local.sh:** - Lines 448-510: Same SSH persistence logic - Ensures local installs also survive reboots **ssh-persist-fix.sh:** - Complete emergency recovery script - Implements both directory creation + OpenSSL bypass - Can fix existing installations #### New Features Added **Salfanet Cron Service Auto-Start:** - Lines 1738-1748 (vps-install.sh): Start cron service with PM2 - Lines 824-834 (vps-install-local.sh): Start cron service with PM2 - Command: `pm2 start cron-service.js --name salfanet-cron` - Ensures background tasks (voucher sync, auto isolir, notifications) run automatically **PM2 Process Manager:** - Now starts TWO services: 1. `salfanet-radius` - Main Next.js application 2. `salfanet-cron` - Background cron jobs - Both saved to PM2 and auto-start on reboot #### Migration Guide for Existing Installations **If SSH crashes after reboot:** ```bash # Option 1: Use emergency fix script wget https://raw.githubusercontent.com/username/repo/main/ssh-persist-fix.sh chmod +x ssh-persist-fix.sh ./ssh-persist-fix.sh # Option 2: Manual fix mkdir -p /etc/systemd/system/ssh.service.d cat > /etc/systemd/system/ssh.service.d/override.conf <<'EOF' [Service] Environment="OPENSSL_CONF=/dev/null" ExecStartPre= EOF systemctl daemon-reload systemctl restart ssh.service ``` **Add cron service to existing installation:** ```bash cd /root/salfanet-radius-main # or your app directory pm2 start cron-service.js --name salfanet-cron pm2 save ``` #### Technical Details **Proxmox LXC Environment Issues:** - `/run` and `/var/run` are tmpfs (cleared on reboot) - Entropy pool limited (~256 bits vs normal 2000+) - OpenSSL 3.0 stricter than previous versions - SSH privilege separation requires dedicated directory - Standard entropy generators (haveged, rng-tools) insufficient **Complete Fix Stack:** 1. **Directory Persistence**: `ssh-runtime-directory.service` creates `/run/sshd` before SSH 2. **OpenSSL Bypass**: `ssh.service.d/override.conf` skips PRNG check 3. **Entropy Helpers**: haveged + rng-tools installed (helps general entropy) 4. **Service Ordering**: systemd dependencies ensure correct startup sequence **Why OpenSSL Bypass is Safe:** - SSH host keys already generated during package installation - Key generation uses system entropy (happens once) - SSH daemon runtime doesn't need config test - Only bypasses the startup check, not cryptographic operations - All encryption still uses proper OpenSSL with existing keys #### Breaking Changes None - fully backward compatible. #### Known Issues - Entropy remains low (~256) in LXC containers (expected, bypassed) - OpenSSL bypass means `sshd -t` manual tests also need `OPENSSL_CONF=/dev/null` --- ## [2.9.14] - 2026-01-06 ### 🔧 CRITICAL FIX: SSH Crash After Reboot (Missing /var/run/sshd) #### Final Root Cause Identified After extensive testing on fresh Proxmox LXC installations, discovered **the real cause** of SSH crashes after reboot: **Problem:** ``` ssh.service: Start request repeated too quickly ssh.service: Failed with result 'exit-code' Failed to start OpenBSD Secure Shell server ``` **Root Cause:** - `/var/run/sshd` directory required by SSH daemon - Directory is on **tmpfs** (RAM-based filesystem) - **Gets deleted on every reboot** - SSH fails to start without this directory - Common in Proxmox LXC containers (privileged separation issue) **Timeline of Events:** 1. Fresh install → `/var/run/sshd` doesn't exist 2. Installer completes → SSH starts (creates directory temporarily) 3. User reboots VPS → `/var/run/sshd` deleted (tmpfs cleared) 4. SSH tries to start → Fails (no privilege separation directory) 5. systemd retries → Fails repeatedly → Gives up 6. Result: **SSH completely inaccessible** #### Solution Implemented **Created permanent systemd service:** ```systemd # File: /etc/systemd/system/ssh-runtime-directory.service [Unit] Description=Ensure SSH Runtime Directory Exists Before=ssh.service sshd.service # Runs BEFORE SSH starts DefaultDependencies=no [Service] Type=oneshot RemainAfterExit=yes ExecStart=/bin/mkdir -p /var/run/sshd ExecStart=/bin/chmod 755 /var/run/sshd [Install] WantedBy=multi-user.target # Auto-start on boot ``` **How it works:** 1. ✅ Service runs on **every boot** (WantedBy=multi-user.target) 2. ✅ Runs **BEFORE** SSH service (Before=ssh.service) 3. ✅ Creates `/var/run/sshd` with correct permissions 4. ✅ SSH service finds directory → Starts successfully 5. ✅ **Survives reboots** indefinitely #### Files Changed **Installers updated:** - `vps-install.sh` - Added Step 4.5 (create service) - `vps-install-local.sh` - Added Step 7.5 (create service) **New recovery tools:** - `ssh-persist-fix.sh` - One-time fix for existing installations - `ssh-quick-fix.sh` - Emergency fix + directory creation - `ssh-debug.sh` - Updated to detect missing /var/run/sshd **Documentation:** - `VPS_INSTALL_RECOVERY_GUIDE.md` - Added restart loop troubleshooting #### Testing Results Tested extensively on: - ✅ Proxmox LXC (Ubuntu 22.04) - **FIXED** - ✅ Proxmox KVM (Ubuntu 22.04) - Works - ✅ Multiple reboots - SSH survives - ✅ Fresh install → Reboot → SSH accessible - ✅ No more "Start request repeated too quickly" #### Migration for Existing Installations If you already installed and SSH crashes after reboot: **Option 1: Use automated script (Recommended)** ```bash # Via Proxmox console cd /root/salfanet-radius-main bash ssh-persist-fix.sh # Test reboot sudo reboot ``` **Option 2: Manual fix** ```bash # Create service cat > /etc/systemd/system/ssh-runtime-directory.service <<'EOF' [Unit] Description=Ensure SSH Runtime Directory Exists Before=ssh.service sshd.service DefaultDependencies=no [Service] Type=oneshot RemainAfterExit=yes ExecStart=/bin/mkdir -p /var/run/sshd ExecStart=/bin/chmod 755 /var/run/sshd [Install] WantedBy=multi-user.target EOF # Enable and start chmod 644 /etc/systemd/system/ssh-runtime-directory.service systemctl daemon-reload systemctl enable ssh-runtime-directory.service systemctl start ssh-runtime-directory.service # Create directory now mkdir -p /var/run/sshd chmod 755 /var/run/sshd # Restart SSH systemctl restart ssh.service # Test systemctl status ssh.service ``` **Option 3: One-liner emergency fix** ```bash mkdir -p /var/run/sshd && chmod 755 /var/run/sshd && systemctl restart ssh.service ``` #### Impact Assessment **Before (v2.9.13 and earlier):** - ❌ Fresh install works, SSH accessible - ❌ After first reboot → SSH crash - ❌ VPS inaccessible remotely - ❌ Requires console access to fix - ❌ Fix not permanent (crashes again on next reboot) **After (v2.9.14):** - ✅ Fresh install works, SSH accessible - ✅ After reboot → SSH still works - ✅ VPS accessible remotely - ✅ No console access needed - ✅ Permanent fix (survives all reboots) #### Lessons Learned 1. **Proxmox LXC specific issues:** - Containers don't have full init system - Runtime directories not auto-created - Need explicit systemd services 2. **tmpfs behavior:** - `/var/run` cleared on reboot - Applications must recreate needed directories - systemd-tmpfiles usually handles this, but not for /var/run/sshd 3. **SSH privilege separation:** - Requires dedicated directory - Fails silently if directory missing - Error message not clear ("Start request repeated too quickly") 4. **Testing methodology:** - Must test FULL reboot cycle - "Works after install" ≠ "Works after reboot" - Need multiple reboot tests to confirm --- ## [2.9.13] - 2026-01-06 (SUPERSEDED by v2.9.14) ### 🔧 FIX: OpenSSL Random Number Generator Error in Containers #### Issue Discovered Fresh install pada Proxmox LXC containers mengalami error saat generate NEXTAUTH_SECRET: ``` error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported error:12000090:random number generator:rand_new_drbg:unable to fetch drbg ``` **Root Cause:** - OpenSSL 3.0+ di Ubuntu 22.04 menggunakan DRBG (Deterministic Random Bit Generator) - Di Proxmox LXC containers, DRBG initialization gagal karena insufficient entropy source - Command `openssl rand -base64 32` crash saat generate random bytes **Impact:** - Installer berhenti di Step 7 (Create Environment Configuration) - NEXTAUTH_SECRET tidak ter-generate - .env file tidak terbuat - Instalasi gagal total #### Solution Implemented **Changed random generation method:** **Before (v2.9.12 - BROKEN in containers):** ```bash NEXTAUTH_SECRET=$(openssl rand -base64 32) ``` **After (v2.9.13 - FIXED):** ```bash # Generate random secret using /dev/urandom (more reliable than openssl rand in containers) NEXTAUTH_SECRET=$(head -c 32 /dev/urandom | base64 | tr -d '\n') ``` **Why this works:** - ✅ `/dev/urandom` adalah kernel RNG yang selalu tersedia - ✅ Tidak tergantung pada OpenSSL DRBG configuration - ✅ Bekerja di LXC containers, VMs, dan bare metal - ✅ Menghasilkan cryptographically secure random bytes - ✅ Tidak ada external dependencies #### Testing Tested on: - ✅ Proxmox LXC containers (Ubuntu 22.04) - ✅ Proxmox KVM VMs - ✅ Bare metal Ubuntu 22.04 - ✅ Fresh install from scratch - ✅ OpenSSL 3.0.2 (Ubuntu default) #### Files Changed - `vps-install.sh` line 159: Changed from `openssl rand` to `/dev/urandom` #### Migration **No migration needed** - ini hanya mempengaruhi fresh install. Existing installations sudah punya NEXTAUTH_SECRET di .env file, tidak perlu diubah. --- ## [2.9.12] - 2026-01-06 ### 🎯 FINAL FIX: Complete Removal of Network Route Logic #### Issue Analysis After investigating all previous version issues (v2.9.8, v2.9.10, v2.9.11), determined that **the network route persistence feature itself was the root cause** of all SSH problems: **Problems with route logic:** - v2.9.8: Modified routes during install → Killed active SSH connection - v2.9.10: Service with `Before=ssh.service` → Blocked SSH on boot - v2.9.11: Service with `After=ssh.service` → Still enabled, potential issues **Analysis showed:** - Older working version (before v2.9.8) had NO route logic at all - That version worked perfectly: SSH stable, no crashes, no route issues - Route persistence was added to solve a non-existent problem - The "fix" created more problems than it solved #### Solution: Return to What Worked **Completely removed:** - ❌ PRIMARY_INTERFACE/PRIMARY_GATEWAY detection - ❌ /etc/network/primary-route-info file creation - ❌ salfanet-network-route.service systemd service - ❌ Inline fix-ssh-routing script - ❌ All route modification/persistence logic **Result:** - ✅ Clean installer like original working version - ✅ No route modification during or after install - ✅ No systemd services that can block SSH - ✅ Simple, stable, predictable behavior - ✅ SSH remains accessible after install and reboot #### Files Changed - `vps-install.sh`: Removed ~200 lines of route logic - Installer now focuses only on application setup - Network routing left to OS defaults (which work fine) #### Migration for Existing Installations If you have **v2.9.8, v2.9.10, or v2.9.11** installed: **Option 1: Emergency Recovery (SSH crashed)** ```bash # From Proxmox console (SSH not accessible) systemctl disable salfanet-network-route.service systemctl stop salfanet-network-route.service systemctl restart sshd rm /etc/systemd/system/salfanet-network-route.service systemctl daemon-reload ``` **Option 2: Preventive Cleanup (SSH still works)** ```bash # Via SSH (before reboot) sudo systemctl disable salfanet-network-route.service sudo systemctl stop salfanet-network-route.service sudo rm /etc/systemd/system/salfanet-network-route.service sudo rm /etc/network/primary-route-info sudo systemctl daemon-reload ``` **Option 3: Use emergency scripts (if available)** ```bash # From console if SSH is down bash /tmp/fix-ssh-service.sh ``` #### Lessons Learned 1. **KISS Principle**: Keep It Simple, Stupid - Don't fix what isn't broken - Original version worked fine without route logic 2. **Test assumptions**: - "Route might change after install" → Never actually happened - Added complexity to solve theoretical problem 3. **Systemd dependencies are dangerous**: - `Before=` directive can block dependent services - Even `After=` adds unnecessary complexity 4. **When in doubt, rollback**: - Sometimes the best fix is removing the "improvement" --- ## [2.9.11] - 2026-01-06 (DEPRECATED - Use v2.9.12) ### 🚨 CRITICAL FIX: SSH Service Crash After Installation #### Root Cause Identified **Problem in v2.9.10:** ``` ssh.service - OpenBSD Secure Shell server Active: failed (Result: exit-code) since Tue 2026-01-06 03:10:58 WIB Process: 1054 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=255/EXCEPTION) ``` **Root Cause:** ```systemd [Unit] Before=ssh.service # ← This line causes SSH to FAIL! ``` Route persistence service configured with `Before=ssh.service` caused: 1. ❌ Route service runs BEFORE SSH 2. ❌ If route service has any error/delay → SSH blocked 3. ❌ SSH fails with exit code 255 4. ❌ VPS becomes completely inaccessible (no SSH, no access) #### Solution Implemented **Changed systemd service ordering:** **Before (v2.9.10 - BROKEN):** ```systemd [Unit] After=network-online.target Before=ssh.service # ← BLOCKS SSH STARTUP ``` **After (v2.9.11 - FIXED):** ```systemd [Unit] After=network-online.target ssh.service # ← Runs AFTER SSH ``` **Result:** - ✅ SSH starts normally first - ✅ Route service runs after SSH is already running - ✅ No blocking dependencies - ✅ SSH always accessible #### New Emergency Recovery Tool **Script:** `fix-ssh-service.sh` For VPS where SSH service failed to start: **Features:** 1. Detects SSH service status 2. Identifies if route service is blocking 3. Disables problematic service 4. Restarts SSH service 5. Recreates route service with correct ordering 6. Tests SSH connectivity 7. Checks firewall rules **Usage (from VPS console):** ```bash # Access VPS via Proxmox console bash /tmp/fix-ssh-service.sh ``` **What it does:** ``` [Step 1] Check SSH status (failed/active) [Step 2] Check if route service is blocking [Step 3] Disable blocking service [Step 4] Restart SSH service (sshd/ssh) [Step 5] Verify SSH is running and listening on port 22 [Step 6] Recreate route service with After=ssh.service [Step 7] Test SSH connection locally and check firewall ``` **Output:** ``` ✅ SSH service is ACTIVE ✅ SSH is listening on port 22 ✅ SSH allowed in firewall ✅ Fixed service created and enabled Route service info: Status: enabled Note: Now runs AFTER SSH (safe) ``` #### Files Modified 1. **vps-install.sh** - Changed: `After=network-online.target ssh.service` - Removed: `Before=ssh.service` - Route service now runs AFTER SSH starts 2. **fix-network-route.sh** - Updated systemd service template - Same fix: After=ssh.service 3. **fix-ssh-service.sh** (NEW) - Emergency SSH recovery - Detects and fixes blocking service - Restarts SSH safely - Recreates route service correctly #### Recovery Steps **If SSH failed after v2.9.10 installation:** 1. **Access Console:** ```bash # Proxmox: VM → Console # Login as root ``` 2. **Run SSH Recovery:** ```bash bash /tmp/fix-ssh-service.sh ``` 3. **Verify:** ```bash systemctl status ssh # Should be active ss -tln | grep :22 # Should be listening # Test from external ssh root@YOUR_VPS_IP ``` **If route is also wrong, run both:** ```bash # Fix SSH first bash /tmp/fix-ssh-service.sh # Then fix route (if needed) bash /tmp/fix-network-route.sh ``` #### Prevention **For new installations:** - Use vps-install.sh v2.9.11 - Route service will not block SSH - Service dependency: `After=ssh.service` **Systemd Service Best Practices:** - ✅ DO: Use `After=ssh.service` for non-critical services - ✅ DO: Allow SSH to start independently - ❌ DON'T: Use `Before=ssh.service` unless absolutely critical - ❌ DON'T: Block SSH startup with non-essential services #### Verification **Check service ordering:** ```bash systemctl cat salfanet-network-route.service | grep -A5 "\[Unit\]" # Should show: # After=network-online.target ssh.service # NOT: Before=ssh.service ``` **Test reboot safety:** ```bash sudo reboot # After reboot: systemctl status ssh # Should be active systemctl status salfanet-network-route.service # Should be active ssh root@localhost # Should work ``` #### Impact **Affected versions:** - v2.9.8: Route logic broke SSH access (network) - v2.9.10: Route service blocked SSH startup (systemd) - v2.9.11: Both issues fixed **Severity:** - CRITICAL - VPS completely inaccessible without console access - Required emergency recovery from Proxmox console **Lesson:** Never block SSH service startup with non-critical dependencies. Always use `After=` instead of `Before=` for services that depend on network connectivity. --- ## [2.9.10] - 2026-01-06 ### 🚨 CRITICAL FIX: VPS Installation - SSH Accessibility Issue #### Problem Fixed (Emergency Patch) **Critical Issue in v2.9.8:** - Network route "restoration" logic **broke SSH access** during installation - Script deleted all default routes then added new one → SSH connection dropped - VPS became inaccessible via public IP after installation **Root Cause:** ```bash # BAD CODE in v2.9.8: ip route del default # ← This kills active SSH session! ip route add default via $GATEWAY dev $INTERFACE ``` #### Solution Implemented **1. Route Modification Behavior Changed** **Before (v2.9.8 - BROKEN):** - ❌ Modified routes during installation - ❌ Deleted default route (broke SSH) - ❌ VPS became unreachable **After (v2.9.10 - FIXED):** - ✅ NO route modification during installation - ✅ Only creates persistence service - ✅ Route changes ONLY after reboot (when needed) - ✅ SSH remains accessible **2. New Installation Behavior** Script now: 1. **Detects** primary interface and gateway 2. **Saves** to `/etc/network/primary-route-info` 3. **Creates** systemd service for persistence 4. **DOES NOT** modify current routes (preserves SSH) **3. Persistence Service Logic** `salfanet-network-route.service` only activates: - ✅ After reboot - ✅ Only if route is incorrect/missing - ✅ Before SSH service starts - ❌ NOT during installation #### Emergency Recovery Tool **New Script:** `fix-network-route.sh` For VPS that already have broken SSH access: **Features:** - Interactive route configuration - Auto-detects public IP interface - Auto-detects gateway - Tests connectivity (gateway, internet, DNS) - Creates persistence service - Safe confirmation prompts **Usage (from VPS console):** ```bash # Access VPS via Proxmox console (not SSH) bash /tmp/fix-network-route.sh # Follow prompts to restore network access ``` **What it does:** 1. Shows current network status 2. Detects public interface and gateway 3. Asks for confirmation 4. Safely removes and re-adds routes 5. Saves configuration 6. Creates persistence service 7. Tests connectivity #### Files Modified 1. **vps-install.sh** - Removed route modification during installation - Changed "Restoration" to "Persistence Setup" - Added clear warnings about not modifying routes - Service now uses `Before=ssh.service` 2. **fix-network-route.sh** (NEW) - Emergency recovery tool - Interactive route configuration - Network detection and testing - Safe for manual recovery #### Migration Guide **If you have v2.9.8 installed and SSH is broken:** 1. **Access via Console:** - Proxmox: VM → Console - Or physical server console 2. **Run Recovery:** ```bash bash /tmp/fix-network-route.sh ``` 3. **Verify:** ```bash ip route show ping 8.8.8.8 # Test SSH from external network ``` **For new installations:** - Use updated `vps-install.sh` (v2.9.10) - SSH will remain accessible throughout installation #### Verification **Check route NOT modified during install:** ```bash # Before install ip route show # During install - route should NOT change # After install - route should be SAME ip route show ``` **Check persistence service created:** ```bash systemctl status salfanet-network-route.service cat /etc/network/primary-route-info ``` **Test after reboot:** ```bash sudo reboot # After reboot, SSH should still work # Service ensures correct route if needed ``` #### Lessons Learned **DO NOT:** - ❌ Modify network routes during SSH session - ❌ Delete default route without alternative connection - ❌ Assume route "restoration" is safe during installation **DO:** - ✅ Only create persistence configuration - ✅ Let service handle route changes after reboot - ✅ Preserve active connections during setup - ✅ Provide recovery tools for emergencies --- ## [2.9.9] - 2026-01-06 ### ⏪ Rollback: Golang Cron Service to Node.js #### Decision Rolled back from Golang cron service (v2.9.7) to original Node.js PM2 cron service. **Reason:** Simplicity and maintenance considerations. #### Changes Made **1. Disabled Golang Cron Service** ```bash sudo systemctl stop radius-cron sudo systemctl disable radius-cron ``` **2. Re-enabled Node.js Cron Service** ```bash pm2 restart salfanet-cron pm2 save ``` **3. Service Comparison** | Aspect | Golang (v2.9.7) | Node.js (Current) | |--------|-----------------|-------------------| | Memory | 8.6 MB | ~77 MB | | Binary Size | 7.7 MB | N/A | | Deployment | systemd service | PM2 process | | Language | Go 1.25.5 | Node.js | | Maintenance | Recompile needed | Hot reload | #### Active Cron Service **PM2 Process:** `salfanet-cron` - Script: `/var/www/salfanet-radius/cron-service.js` - Memory Limit: 150 MB (max_memory_restart) - Heap Size: 120 MB (max-old-space-size) - Mode: fork (single instance) **Cron Jobs (via node-cron):** 1. **Invoice Generation** - Daily 01:00 WIB 2. **Invoice Reminder** - Daily 02:00 WIB 3. **Auto Renewal** - Daily 03:00 WIB 4. **User Isolation** - Daily 04:00 WIB 5. **Session Cleanup** - Daily 05:00 WIB 6. **Voucher Expiration** - Hourly #### Verification Commands ```bash # Check PM2 status pm2 list pm2 logs salfanet-cron --lines 50 # Check cron execution logs (admin panel) # Navigate to: Pengaturan → Cronjob → Riwayat Eksekusi # Memory usage pm2 monit ``` #### Golang Service Files (Kept for Future Reference) Golang implementation files remain in repository but not deployed: - `radius-cron-go/` - Complete Go implementation - Documentation in CHANGELOG v2.9.7 - Can be re-enabled if needed in future **Note:** Golang migration achieved 88% memory reduction (77MB → 8.6MB) but rolled back due to deployment complexity preference. --- ## [2.9.8] - 2026-01-06 ### 🔧 VPS Installation - Network Route Fix #### Problem Fixed **Issue:** After running `vps-install.sh`, default network route changed from public IP interface (e.g., eth0) to local IP interface (e.g., ens3), making VPS IP public inaccessible. **Symptoms:** - `ip route` shows: `default via 10.34.34.1 dev ens3` (local IP) - Should be: `default via dev ` - SSH from external network failed - Application not accessible from internet #### Solution Implemented **1. Route Detection & Storage** - Script now detects `PRIMARY_INTERFACE` and `PRIMARY_GATEWAY` before installation - Saves to `/etc/network/primary-route-info` for persistence - Example: ```bash PRIMARY_INTERFACE=ens3 PRIMARY_GATEWAY=10.34.34.1 ``` **2. Route Restoration** Added automatic route restoration after installation: ```bash # Detects route changes # Removes incorrect default routes # Restores correct route with metric 100 ip route add default via $PRIMARY_GATEWAY dev $PRIMARY_INTERFACE metric 100 ``` **3. Persistent Route Service** Created systemd service: `salfanet-network-route.service` - Ensures route persists after reboot - Auto-starts on boot with 5-second delay - Checks and restores route if missing - Location: `/etc/systemd/system/salfanet-network-route.service` **4. Installation Summary** Script now displays final network status: ``` 📊 Final Network Status: Route: default via 10.34.34.1 dev ens3 metric 100 IP: inet 10.34.34.135/24 brd 10.34.34.255 scope global ens3 ``` #### Files Modified - `vps-install.sh` - Added route restoration & persistence logic - `docs/PROXMOX_VPS_SETUP_GUIDE.md` - Added network route troubleshooting section #### Manual Fix (if needed) ```bash # Check current route ip route show # Fix manually if automatic restoration failed sudo ip route del default sudo ip route add default via dev metric 100 # Restart service sudo systemctl restart salfanet-network-route.service ``` #### Verification ```bash # Check saved route info cat /etc/network/primary-route-info # Check route service systemctl status salfanet-network-route.service # Test connectivity ping -c 4 8.8.8.8 curl -I http://localhost:3000 ``` --- ## [2.9.7] - 2026-01-06 ### 🚀 Golang Cron Service Migration (Phase 1) - PRODUCTION #### Memory Optimization Achievement **Performance Improvement:** - ❌ **Before**: Node.js cron service using 77 MB memory - ✅ **After**: Golang cron service using **8.6 MB memory** - 🎯 **Memory Savings**: ~68 MB (88% reduction) #### New Golang Microservice Deployed **Location:** `/var/www/salfanet-radius/radius-cron/` **Architecture:** ``` radius-cron-go/ ├── cmd/server/main.go # Entry point with graceful shutdown ├── internal/ │ ├── config/ # Viper YAML configuration │ ├── database/ # GORM MySQL connection pool │ ├── models/ # Database models + CronHistory │ ├── jobs/ # 6 cron job implementations │ │ ├── invoice.go # Invoice generation │ │ ├── reminder.go # Invoice reminders │ │ ├── renewal.go # Auto-renewal from balance │ │ ├── isolation.go # User isolation │ │ ├── cleanup.go # Session cleanup + voucher expiration │ │ └── manager.go # Job manager interface │ └── scheduler/ # Cron job scheduler ├── configs/ │ ├── config.yaml # Production config │ ├── config.production.yaml # Production template │ └── radius-cron.service # Systemd service file └── scripts/ ├── build.sh # Cross-compile for Linux ├── deploy-vps.sh # Automated deployment └── deploy-vps.ps1 # Windows PowerShell deploy ``` **Binary Details:** - Size: 7.72 MB (stripped) - Platform: Linux AMD64 - Go Version: 1.25.5 #### Cron Jobs Implemented **6 Jobs with Database Logging:** 1. **Invoice Generation** (`invoice_generation`) - Schedule: Daily 01:00 WIB - Generates monthly invoices 3 days before expiry - Logs: Generated count, skipped count 2. **Invoice Reminder** (`invoice_reminder`) - Schedule: Daily 02:00 WIB - Sends reminders 1-3 days before due date - Marks overdue invoices - Logs: Reminders sent, overdue marked 3. **Auto Renewal** (`auto_renewal`) - Schedule: Daily 03:00 WIB - Renews users with sufficient balance - Extends expiry by 30 days, clears isolation - Logs: Renewed count, skipped (insufficient balance) 4. **User Isolation** (`user_isolation`) - Schedule: Daily 04:00 WIB - Isolates expired users - Logs: Isolated user count 5. **Session Cleanup** (`session_cleanup`) - Schedule: Daily 05:00 WIB - Deletes radacct sessions >30 days old - Logs: Deleted record count 6. **Voucher Expiration** (`voucher_expiration`) - Schedule: Hourly (every 1 hour) - Marks expired vouchers as used - Logs: Expired voucher count #### Database Integration **New Model: `CronHistory`** ```go type CronHistory struct { ID string // UUID JobType string // job name Status string // running/success/error StartedAt time.Time CompletedAt *time.Time Duration *int // milliseconds Result *string // JSON result message Error *string // Error details if failed } ``` **Logging Features:** - ✅ Every job execution logged to `cron_history` table - ✅ Duration tracking in milliseconds - ✅ Success/Error status with details - ✅ Result summary (e.g., "Generated 15 invoices, Skipped 3") - ✅ Viewable in Admin Panel → Pengaturan → Cronjob History #### Deployment Process **Installation Steps:** 1. Built binary for Linux: `GOOS=linux GOARCH=amd64 go build` 2. Uploaded to VPS: `/var/www/salfanet-radius/radius-cron/bin/` 3. Created systemd service: `/etc/systemd/system/radius-cron.service` 4. Configured database: MySQL connection with proper timezone (Asia/Jakarta) 5. Started service: `systemctl enable --now radius-cron` **Service Configuration:** ```ini [Service] Type=simple WorkingDirectory=/var/www/salfanet-radius/radius-cron ExecStart=/var/www/salfanet-radius/radius-cron/bin/radius-cron StandardOutput=journal StandardError=journal Restart=on-failure # Memory limits MemoryHigh=40M MemoryMax=50M ``` **Monitoring:** ```bash # Status check systemctl status radius-cron # Real-time logs journalctl -u radius-cron -f # Memory usage systemctl status radius-cron | grep Memory ``` #### Migration Strategy **Phase 1: Cron Service** ✅ COMPLETED - Microservice architecture foundation - Database logging infrastructure - Production deployment successful - Node.js PM2 cron service stopped **Next Phases (Planned):** - Phase 2: Notification Integration (WhatsApp/Email sending) - Phase 3: CoA Integration (MikroTik disconnect/profile change) - Phase 4: API Service (Next.js API routes migration) #### Tech Stack **Dependencies:** ```go require ( github.com/robfig/cron/v3 v3.0.1 // Cron scheduler github.com/spf13/viper v1.18.2 // Configuration github.com/sirupsen/logrus v1.9.3 // Logging gorm.io/gorm v1.25.5 // ORM gorm.io/driver/mysql v1.5.2 // MySQL driver github.com/google/uuid v1.4.0 // UUID generation ) ``` **Configuration Management:** - YAML-based configuration - Environment-specific configs (dev/production) - Hot-reload not required (cron runs on schedule) #### Production Metrics **Deployment Date:** 2026-01-06 00:41 WIB **Performance:** - Startup time: <1 second - Memory footprint: 8.6 MB (stable) - CPU usage: 0% (idle between cron executions) - Binary size: 7.72 MB **Reliability:** - Auto-restart on failure (systemd) - Graceful shutdown (SIGTERM/SIGINT handling) - Database connection pooling (MaxOpen=5, MaxIdle=2) **Observability:** - Systemd journalctl integration - Database execution history - Admin panel visibility --- ### 🐛 Bug Fixes #### vps-install.sh Syntax Error Fixed **File:** `vps-install.sh` (line 359-361) **Problem:** ```bash fi echo " ⚠️ IP forwarding NOT enabled - routing will not work" VERIFICATION_PASSED=false fi # <- Extra fi without matching if ``` **Error Message:** ``` ./vps-install.sh: line 362: syntax error near unexpected token `fi' ``` **Root Cause:** - Duplicate code block incorrectly placed after SSH safety check - `fi` statement without corresponding `if` condition - Likely copy-paste error during previous edit **Fix Applied:** - Removed duplicate lines 359-361 - SSH safety check now properly closes with single `fi` - IP forwarding check remains in correct location (lines 339-344) **Verification:** - ✅ vps-install.sh: Syntax validated, script executable - ✅ vps-install-local.sh: No similar errors found - ✅ install-wizard.html: N/A (HTML file, not bash) **Impact:** - VPS installation script now runs without syntax errors - PPP/TUN verification completes successfully - SSH routing safety checks work properly --- ## [2.9.6] - 2026-01-05 ### 🎨 Frontend Templates Fix #### Template Configuration Completeness **Files Modified:** - `src/app/admin/whatsapp/templates/page.tsx` - `src/app/admin/settings/email/page.tsx` **Problem Resolved:** - ❌ **Before**: Only 13 of 30 templates accessible in admin panel UI - ✅ **After**: All 30 templates fully accessible and editable **Added 17 Missing Template Configurations:** 1. `account-info` - Informasi Akun Pelanggan 2. `auto-renewal-success` - Auto-Renewal Berhasil 3. `general-broadcast` - Broadcast Umum ke Pelanggan 4. `invoice-created` - Notifikasi Invoice Baru 5. `invoice-overdue` - Invoice Overdue Reminder 6. `maintenance-info` - Pemberitahuan Maintenance 7. `manual_payment_admin` - Notifikasi Admin Manual Payment 8. `outage_notification` - Notifikasi Gangguan 9. `payment_receipt` - Bukti Pembayaran 10. `payment-confirmed` - Konfirmasi Pembayaran Diterima 11. `payment-reminder-general` - Pengingat Pembayaran Umum 12. `payment-warning` - Peringatan Pembayaran Tertunda 13. `promo-offer` - Promo & Penawaran Khusus 14. `thank-you` - Ucapan Terima Kasih 15. `upgrade-notification` - Pemberitahuan Upgrade Paket 16. `voucher-purchase-success` - Pembelian Voucher Berhasil 17. `welcome-message` - Selamat Datang Pelanggan Baru **Each template config includes:** - Title with emoji for better UX - Clear description of purpose and trigger - Complete array of available template variables **Impact:** - ✅ 100% template coverage (30/30 for both WhatsApp and Email) - ✅ Admins can now customize all notification templates - ✅ Full control over auto-renewal, broadcast, invoice, and payment notifications - ✅ Frontend UI matches backend database structure ### 🧹 Database Seed Files Cleanup #### Consolidated Template Seeds **Files Modified:** - `prisma/seeds/seed-all.ts` (715 lines → 373 lines, -342 lines) - `prisma/seeds/email-templates.ts` (added 14 new templates, total 30) - `prisma/seeds/whatsapp-templates.ts` (NEW file - consolidated all 30 templates) **Files Deleted:** - ❌ `prisma/seeds/whatsapp-manual-payment-templates.ts` (merged into whatsapp-templates.ts) - ❌ All temporary .js test/debug files **Changes:** 1. **seed-all.ts Cleanup** - Removed 333 lines of duplicate `whatsappTemplates` array - Fixed import path: `whatsapp-manual-payment-templates` → `whatsapp-templates` - Removed duplicate `seedWhatsAppTemplates()` call - Clean structure using imported seeding functions 2. **Email Templates Enhancement** - Added 14 new email templates with professional HTML designs - All templates include gradient headers and responsive layouts - Total: 30 email templates matching 30 WhatsApp templates 3. **WhatsApp Templates Consolidation** - Created comprehensive `whatsapp-templates.ts` with all 30 templates - Organized by categories: Registration, Invoice/Payment, Voucher, Auto Renewal, Broadcast, Customer Service, Admin, Others, System - Replaced fragmented template files **Database Sync:** - ✅ Local: 30 Email + 30 WhatsApp = 60 templates - ✅ VPS: 30 Email + 30 WhatsApp = 60 templates - ✅ Frontend: 30 + 30 = 60 template configs ## [2.9.5] - 2025-12-31 ### 🎨 UI/UX Improvements - MapPicker Modal Redesign #### Component: `MapPicker.tsx` **File:** `src/components/MapPicker.tsx` **Complete Cyberpunk/Neon Theme Overhaul:** - ✅ **Modal Container:** - Changed from `bg-white dark:bg-gray-900` → `bg-gradient-to-br from-slate-900 to-[#1a0f35]` - Added neon border: `border-2 border-[#bc13fe]/30` with purple glow shadow - Enhanced backdrop: `bg-black/80 backdrop-blur-sm` - ✅ **Header Section:** - Icon container with cyan background and border - Title with neon glow effect: `drop-shadow-[0_0_10px_rgba(0,247,255,0.5)]` - Added descriptive subtitle - Close button with hover color transition (purple → pink) - ✅ **Map Controls (Street/Satelit Toggle):** - Background: `bg-slate-900/90 backdrop-blur-xl` - Active state: `bg-gradient-to-r from-[#00f7ff] to-[#00d4e6]` with cyan glow - Inactive state: Purple text with hover effect - Larger icons (h-4 w-4) for better visibility - ✅ **GPS Location Button:** - Consistent styling with control buttons - Hover color transition: cyan → pink - Enhanced shadow effects on hover - ✅ **Coordinates Display:** - Gradient background: `from-[#bc13fe]/20 to-[#00f7ff]/20` - Cyan border with MapPin icon - Coordinates text with cyan glow effect - Font mono for better readability - ✅ **Loading State:** - Gradient background matching theme - Cyberpunk spinner: `border-[#bc13fe]/30 border-t-[#00f7ff]` - Larger spinner (h-12 w-12) with neon glow - ✅ **Footer Buttons:** - "Batal": Bordered secondary style with purple accents - "Pilih Lokasi Ini": Gradient cyan primary with hover glow effect - Proper disabled state styling **Result:** MapPicker modal now 100% consistent with application's cyberpunk theme --- ### 🔧 Bug Fixes - PPPoE Balance Manager #### API Route: `/api/admin/pppoe/users/[id]/deposit` **File:** `src/app/api/admin/pppoe/users/[id]/deposit/route.ts` **Fixed "undefined" User Name in Dialogs:** - ✅ **Root Cause:** API GET method only returned `id`, `username`, `balance` - ✅ **Solution:** Updated select query to include: ```typescript { id: true, username: true, name: true, // ADDED phone: true, // ADDED balance: true, autoRenewal: true, // ADDED profile: { // ADDED select: { id: true, name: true, price: true, } } } ``` #### Component: Balance Page **File:** `src/app/admin/pppoe/users/[id]/balance/page.tsx` **Added Safe Fallbacks:** - ✅ **Top-Up Confirmation:** ```tsx `... untuk ${user?.name || user?.username || 'user ini'}?` ``` - ✅ **Auto-Renewal Confirmation:** ```tsx `... untuk ${user.name || user.username || 'user ini'}?` ``` - ✅ **Header Display:** ```tsx

{user.name || user.username}

{user.phone || '-'}

``` **Result:** No more "undefined" text in confirmation dialogs and user display --- ### 🚀 Feature Enhancement - PPPoE Profile Rate Limit #### Database Schema Update **File:** `prisma/schema.prisma` **Added `rateLimit` Field to pppoeProfile:** ```prisma model pppoeProfile { // ... existing fields downloadSpeed Int uploadSpeed Int rateLimit String? // NEW: Store complex MikroTik formats // ... } ``` **Migration:** `npx prisma db push` #### API Routes Update **Files:** - `src/app/api/pppoe/profiles/route.ts` (POST & PUT methods) **Changes:** - ✅ **POST Method:** - Now saves `rateLimit` field to database - `rateLimit: rateLimit || \`${downloadSpeed}M/${uploadSpeed}M\`` - ✅ **PUT Method:** - Fixed Prisma lint error (findUnique → findFirst for groupName) - Added `rateLimit` to update data - Preserves manual burst limit configurations - ✅ **Speed Extraction Logic:** - Only extracts from rateLimit if explicit speeds NOT provided - Prevents override of user-submitted values #### Frontend Form Redesign **File:** `src/app/admin/pppoe/profiles/page.tsx` **Complete UI Overhaul:** - ✅ **Removed Redundant Fields:** - Deleted "Detected Download (M)" input - Deleted "Detected Upload (M)" input - Removed manual/auto toggle complexity - ✅ **Single Rate Limit Input:** - Primary input field for MikroTik rate limit format - Auto-extracts download/upload speeds in background - Supports both simple (`10M/5M`) and complex formats with burst limits - Real-time validation and parsing - ✅ **Helper Features:** - "Gunakan Format Burst" button: Auto-fills burst limit template - Format hint: `download/upload [burst-rates] [thresholds] [burst-time]...` - Placeholder example: `10M/5M atau 10M/5M 0/0 0/0 8 0/0` - ✅ **Smart Sync Logic:** - When rateLimit changes, auto-updates download/upload - When download/upload change (if simple format), syncs back to rateLimit - Preserves complex formats during edits **Result:** Simplified, user-friendly form that supports full MikroTik rate limit syntax #### Modal Component Enhancement **File:** `src/components/cyberpunk/SimpleModal.tsx` **Added Disabled State Styling to ModalInput:** ```tsx 'disabled:opacity-50 disabled:cursor-not-allowed disabled:bg-[#0a0520]/50' ``` --- ### 📦 Deployment & Documentation #### Fresh Installer Package **Created:** `installation_info/fresh_installer_files.md` **Documentation Contents:** - Required folders: `src/`, `public/`, `prisma/`, `freeradius-config/`, `docs/` - Configuration files list (package.json, tsconfig.json, etc.) - Installation scripts (vps-install.sh, deploy.sh, etc.) - Files to exclude (node_modules, .next, .env, build cache) **Generated Clean Package:** - Location: `C:\Users\yanz\Downloads\SALFANET-RADIUS-FRESH-INSTALL` - Includes all necessary files for fresh deployment - Excludes development artifacts and sensitive data --- ### ✅ Testing Results **Tested Components:** - [x] MapPicker modal - Visual consistency ✓ - [x] PPPoE Profile form - Rate limit input/output ✓ - [x] Balance Manager - User data display ✓ - [x] API endpoints - Data integrity ✓ **Browser Compatibility:** - [x] Chrome/Edge - All features working - [x] Firefox - All features working --- ## [2.9.4] - 2025-12-29 ### 🔧 L2TP VPN Client Control - Critical Fixes #### API Route: `/api/network/vpn-server/l2tp-control` **File:** `src/app/api/network/vpn-server/l2tp-control/route.ts` **Fixed Authentication Failure (pppd exit code 2):** - ✅ **Added automatic CHAP secrets creation** ```bash # Now creates /etc/ppp/chap-secrets with proper credentials ${l2tpUsername} * ${l2tpPassword} * ``` - Previously: File was not created, causing authentication to fail immediately **Fixed Duplicate Configuration Conflicts:** - ✅ **Removed duplicate settings from PPP options** ```bash # REMOVED from /etc/ppp/options.l2tpd.client: # - name ${l2tpUsername} (already in xl2tpd.conf) # - password ${l2tpPassword} (already in xl2tpd.conf) # - plugin pppol2tp.so (loaded by xl2tpd) # - pppol2tp 7 (loaded by xl2tpd) ``` - These duplicates caused plugin double-loading and connection failures **Fixed PPP Interface Detection:** - ✅ **Changed from checking only ppp0 to checking all PPP interfaces** ```bash # OLD: ip addr show ppp0 2>/dev/null # NEW: ip addr show | grep -A3 "ppp.*UP" ``` - PPP interface number varies (ppp0, ppp1, ppp2) based on existing connections **Improved Connection Establishment:** - ✅ Increased connection wait time from 5s to 8s - ✅ Added detailed status output showing all PPP interfaces - ✅ Included recent logs (last 10 lines from journalctl) - ✅ Better error messages for troubleshooting **Status and Connections Actions:** - ✅ Updated `status` action to detect any UP PPP interface - ✅ Updated `connections` action to show all active PPP interfaces - ✅ More accurate connection state reporting ### 📚 Documentation Updates #### New: AI Project Memory **File:** `docs/AI_PROJECT_MEMORY.md` - Comprehensive project context for AI assistance - Tech stack, database schema, architecture - Known issues and fixes with solutions - Configuration file locations - Development guidelines - Common commands reference - Recent changes log - **Purpose:** Prevent repetitive troubleshooting, provide instant project understanding #### Updated: VPN Client Setup Guide **File:** `docs/VPN_CLIENT_SETUP_GUIDE.md` - Added new troubleshooting section: "L2TP VPN Tidak Connect via Web Interface" - Documented pppd exit code 2 error and fix - Explained CHAP secrets and duplicate settings issues - Step-by-step troubleshooting via web interface - Code examples for correct configuration files #### Updated: Proxmox L2TP Setup **File:** `docs/PROXMOX_L2TP_SETUP.md` - Added section: "PPP Interface Tidak Muncul (pppd exit code 2)" - Complete solution for authentication failure - Template configuration files (chap-secrets, options.l2tpd.client) - Proper file permissions (chmod 600) - Restart procedures and verification steps ### 🐛 Bug Fixes **VPN Connection Issues:** - Fixed: VPN shows "Not connected" despite successful tunnel establishment - Fixed: Authentication failures due to missing CHAP credentials - Fixed: Duplicate plugin loading causing connection instability - Fixed: Interface detection only checking ppp0 **Build System:** - Previously fixed: ReferenceError: t is not defined (customer portal) - Solution: Hardcoded Indonesian translations + `export const dynamic = 'force-dynamic'` **Translation System:** - Previously fixed: Duplicate "nav" key in locale files - Solution: Renamed to "customerNav" for customer portal navigation ### 🧪 Testing **Verified on Production VPS (103.191.165.156):** - ✅ L2TP connection establishes successfully - ✅ PPP interface (ppp2) UP with IP 172.20.30.10 - ✅ Ping to VPN gateway (172.20.30.1) successful - ✅ Ping to internal networks (10.10.10.1) successful - ✅ Internet access via VPN tunnel working **Test Commands:** ```bash systemctl status xl2tpd # Service running ip addr show | grep ppp # ppp2 interface UP ping -c 3 172.20.30.1 # VPN gateway reachable ping -c 3 -I ppp2 8.8.8.8 # Internet via tunnel ``` ### 📖 Documentation Index For complete project information, see: - **[AI_PROJECT_MEMORY.md](docs/AI_PROJECT_MEMORY.md)** - Comprehensive project context - **[VPN_CLIENT_SETUP_GUIDE.md](docs/VPN_CLIENT_SETUP_GUIDE.md)** - L2TP setup and troubleshooting - **[PROXMOX_L2TP_SETUP.md](docs/PROXMOX_L2TP_SETUP.md)** - Proxmox-specific L2TP fixes --- ## [2.9.3] - 2025-12-29 ### 🔔 Webhook Handler Improvements #### Email Notifications for Customer Top-Up - **File:** `src/app/api/payment/webhook/route.ts` - Added email notification when customer top-up saldo berhasil - HTML email template dengan detail: - No. Invoice, Jumlah Top-Up, Saldo Baru, Metode Pembayaran - Stored in EmailHistory for tracking #### Agent Deposit Notifications (NEW!) - **WhatsApp Notification:** Menggunakan `WhatsAppService.sendMessage` - **Email Notification:** HTML template professional - Sent when agent top-up via payment gateway berhasil - Includes: Amount deposited, New balance, Gateway used #### Code Imports ```typescript // Added new import import { WhatsAppService } from '@/lib/whatsapp'; ``` ### 🔐 Login Pages Redesign (Theme Consistency) #### Technician Login (`/technician/login`) **Complete redesign with:** - Cyberpunk theme replacing old teal/blue theme - Animated gradient background with blobs - Wrench icon with gradient and glow effect - Glassmorphism form card - Purple border inputs with cyan focus - Mono font OTP input with wide tracking - Send/Verify button dengan gradient styling #### Admin Login (`/admin/login`) **Updated to match cyberpunk theme:** - Animated gradient background - Shield icon with gradient glow - Purple/Cyan color scheme - Idle logout notice with amber styling - Gradient sign-in button ### 🎨 Frontend Redesign - Network Pages #### VPN Server Page (`/admin/network/vpn-server`) **Complete redesign with:** - Stats cards: Total Servers, Configured, L2TP Enabled, SSTP Enabled - Animated gradient background with blur effects - Premium card design dengan header/body separation - Protocol badges (L2TP/IPSec, SSTP, PPTP) - Modern loading state with animation - Attractive empty state with CTA - Redesigned modal forms #### VPN Client Page (`/admin/network/vpn-client`) **Complete redesign with:** - Stats cards: Total Clients, RADIUS Servers, Active Clients - Animated gradient background - Card design with info grid - RADIUS Server toggle per client - Credentials modal with VPN type selector - MikroTik script generator preserved #### Routers Page (`/admin/network/routers`) **Complete redesign with:** - Stats cards: Total Routers, Online, MikroTik, Via VPN - Animated gradient background - Status indicator (Online/Offline) per router - Quick action buttons (Isolir, RADIUS, Edit, Delete) - Router details grid layout - VPN client connection option - Connection test with result display ### 🎯 Design Consistency #### Color Palette Standard ```css Primary Cyan: #00f7ff Primary Purple: #bc13fe Accent Pink: #ff44cc Background: slate-900 → #1a0f35 gradient ``` #### Component Patterns - Buttons: Gradient dengan neon shadow - Cards: Backdrop blur, gradient border, hover effects - Inputs: Dark background, purple border, cyan focus - Badges: Color-coded with shadow - Icons: Lucide React icons throughout ### 📁 Files Changed | File | Type | Changes | |------|------|---------| | `src/app/api/payment/webhook/route.ts` | Backend | Email & WA notifications | | `src/app/admin/network/vpn-server/page.tsx` | Frontend | Complete redesign | | `src/app/admin/network/vpn-client/page.tsx` | Frontend | Complete redesign | | `src/app/admin/network/routers/page.tsx` | Frontend | Complete redesign | ### 📚 New Documentation - `CHAT_HISTORY_2025-12-29.md` - Session notes - `.agent/workflows/project-memory.md` - AI Project Memory --- ## [2.9.2] - 2025-12-28 ### 🐛 Critical Bug Fixes #### Voucher Expiration Status Fix - Timezone Consistency **Issue:** Vouchers yang sudah expired masih menampilkan status "AKTIF" di sistem **Root Cause:** - Database timezone: MySQL menggunakan `SYSTEM` timezone (WIB/UTC+7) - `firstLoginAt` dan `expiresAt` disimpan dalam WIB (server local time dari FreeRADIUS) - Cron query menggunakan `UTC_TIMESTAMP()` untuk comparison - Selisih 7 jam menyebabkan voucher expired tidak terdeteksi **Example:** ``` Voucher ELRQNC: - Expires At: 2025-12-28 07:23:16 (WIB) - Current Time: 09:41 (WIB) / 02:41 (UTC) - OLD: expiresAt < UTC_TIMESTAMP() → 07:23 < 02:41 = FALSE ❌ - NEW: expiresAt < NOW() → 07:23 < 09:41 = TRUE ✅ ``` **Fix Applied:** - File: `src/lib/cron/voucher-sync.ts` (Line 262-267) - Changed: `UTC_TIMESTAMP()` → `NOW()` - Added documentation comment explaining timezone behavior - Tested: Voucher ELRQNC successfully updated from ACTIVE → EXPIRED **Impact:** - ✅ Vouchers expired sekarang otomatis diupdate statusnya (setiap menit via cron) - ✅ Status di UI sekarang akurat dengan expiration date - ✅ User tidak bisa login dengan voucher expired - ✅ Session aktif di-disconnect otomatis via CoA (jika Mikrotik CoA enabled) **Files Changed:** - `src/lib/cron/voucher-sync.ts` - Fixed timezone comparison in expiration query - `docs/VOUCHER_EXPIRATION_TIMEZONE_FIX.md` - Complete documentation --- #### Invoice Generation Field Errors Fix **Issue:** Invoice generator gagal dengan error: - `Unknown argument 'expiresAt'. Did you mean 'expiredAt'?` - `Unknown argument 'billingCycle'` **Root Cause:** - Field names tidak konsisten antara schema Prisma dan code - PREPAID users menggunakan `expiredAt` bukan `expiresAt` - POSTPAID users menggunakan `billingDay` bukan `billingCycle` **Fix Applied:** - File: `src/lib/cron/voucher-sync.ts` - Line 1158: `expiresAt` → `expiredAt` (PREPAID user query) - Line 1173: `billingCycle` → `billingDay` (POSTPAID user query) - Line 1198-1213: `user.expiresAt` → `user.expiredAt` (4 occurrences) **Impact:** - ✅ Invoice generation sekarang bekerja untuk PREPAID users - ✅ Invoice generation sekarang bekerja untuk POSTPAID users - ✅ Auto-invoice di akhir bulan tidak akan error lagi **Files Changed:** - `src/lib/cron/voucher-sync.ts` - Fixed field names in invoice generation --- ### 🕐 Timezone Consistency Architecture (NEW!) #### Complete Timezone Synchronization Across All Components Implemented comprehensive timezone consistency to prevent future timezone-related bugs. **Installer Updates (vps-install.sh & vps-install-local.sh):** 1. **System Timezone Configuration:** ```bash timedatectl set-timezone Asia/Jakarta ``` 2. **MySQL Timezone Configuration (NEW!):** - Creates persistent config: `/etc/mysql/mysql.conf.d/timezone.cnf` - Sets `default-time-zone = '+07:00'` - Runs `SET GLOBAL time_zone = '+07:00'` immediately - Verifies timezone after MySQL restart 3. **Node.js Environment:** ```env TZ="Asia/Jakarta" NEXT_PUBLIC_TIMEZONE="Asia/Jakarta" ``` 4. **PM2 Ecosystem Config:** ```javascript env: { TZ: 'Asia/Jakarta' } ``` **Timezone Verification Commands:** ```bash # 1. System timezone timedatectl show --property=Timezone --value # Asia/Jakarta # 2. MySQL timezone (MUST match system!) mysql -e "SELECT @@global.time_zone, NOW()" # +07:00, same as 'date' # 3. Node.js timezone node -e "console.log(process.env.TZ)" # Asia/Jakarta # 4. Compare all times (should be identical!) date && mysql -e "SELECT NOW()" && node -e "console.log(new Date())" ``` **Files Updated:** - `vps-install.sh` - Added MySQL timezone config + verification - `vps-install-local.sh` - Added MySQL timezone config + verification - `install-wizard.html` - Added MySQL timezone setup instructions in Step 4 - `src/lib/timezone.ts` - Updated documentation with architecture overview **Timezone Mapping for Non-WIB Deployments:** | Zona | System Timezone | MySQL Offset | .env TZ | |------|-----------------|--------------|---------| | WIB | Asia/Jakarta | +07:00 | Asia/Jakarta | | WITA | Asia/Makassar | +08:00 | Asia/Makassar | | WIT | Asia/Jayapura | +09:00 | Asia/Jayapura | | SGT | Asia/Singapore | +08:00 | Asia/Singapore | **Documentation:** - `docs/VOUCHER_EXPIRATION_TIMEZONE_FIX.md` - Detailed explanation - `src/lib/timezone.ts` - Architecture documentation in code --- ### 🖥️ Frontend Timezone Settings - Complete Integration #### Timezone Changes from UI Now Apply to ALL Components When changing timezone from Admin > Settings > Company, the following are now updated: 1. **System Timezone (Linux):** - Runs `timedatectl set-timezone ` - Immediate effect on all system time functions 2. **MySQL Timezone (Linux):** - Creates `/etc/mysql/mysql.conf.d/timezone.cnf` - Runs `SET GLOBAL time_zone = ''` - Ensures `NOW()`, `CURDATE()` return correct local time 3. **Application Files:** - `.env` - Updates TZ and NEXT_PUBLIC_TIMEZONE - `ecosystem.config.js` - Updates PM2 TZ environment - `src/lib/timezone.ts` - Updates WIB_TIMEZONE constant 4. **Services:** - PM2 restart with `--update-env` - FreeRADIUS restart to use new system timezone **30+ Timezone Support:** Timezone mapping includes all major Indonesian and international timezones: - Indonesian: Asia/Jakarta (WIB), Asia/Makassar (WITA), Asia/Jayapura (WIT) - Southeast Asia: Asia/Singapore, Asia/Bangkok, Asia/Kuala_Lumpur, Asia/Manila - East Asia: Asia/Tokyo, Asia/Seoul, Asia/Hong_Kong, Asia/Shanghai - South Asia: Asia/Kolkata, Asia/Dubai - Europe: Europe/London, Europe/Paris, Europe/Berlin, Europe/Amsterdam - Americas: America/New_York, America/Chicago, America/Los_Angeles, America/Sao_Paulo - And more... **Files Changed:** - `src/app/api/settings/timezone/route.ts` - Added MySQL + System timezone update - `src/app/admin/settings/company/page.tsx` - Updated UI messages --- ### 🔧 Proxmox VPS Configuration Support (NEW!) #### Complete Proxmox LXC Container Setup Guide Added comprehensive documentation and auto-configuration for Proxmox VPS deployments. **New Documentation:** - **`docs/PROXMOX_VPS_SETUP_GUIDE.md`** - Complete Proxmox LXC setup guide - Container configuration templates - `/dev/ppp` device setup for PPPoE - `/dev/net/tun` device setup for VPN - IP forwarding & NAT configuration - Kernel module auto-load - Troubleshooting common issues - Security considerations (LXC vs KVM) **Installer Updates:** - **`vps-install.sh`** - Added Proxmox VPS detection & setup: ```bash # Auto-creates /dev/ppp and /dev/net/tun # Loads PPP/L2TP/TUN kernel modules # Configures IP forwarding (net.ipv4.ip_forward = 1) # Auto-loads modules on boot (/etc/modules-load.d/ppp.conf) # Verifies setup with detailed status output ``` - **`install-wizard.html`** - Added Proxmox VPS section: - Visual warning for Proxmox LXC users in Step 1 - Complete Step-by-step Proxmox host configuration guide - Container config examples with lxc.cgroup2 permissions - Verification commands - Troubleshooting table - Link to detailed documentation **Features Enabled for Proxmox LXC:** 1. **PPPoE Server Support:** - `/dev/ppp` device (char 108:*) - PPP kernel modules (ppp_generic, ppp_async, ppp_mppe, ppp_deflate) 2. **VPN Support (L2TP/IPSec):** - `/dev/net/tun` device (char 10:200) - TUN kernel module - L2TP modules (l2tp_core, l2tp_ppp, l2tp_netlink) 3. **Network Routing:** - IP forwarding enabled persistently - SYN flood protection - ICMP redirect blocking **Verification Checklist:** ```bash ✅ /dev/ppp exists (crw------- 1 root root 108, 0) ✅ /dev/net/tun exists (crw-rw-rw- 1 root root 10, 200) ✅ IP forwarding enabled (net.ipv4.ip_forward = 1) ✅ PPP kernel modules loaded (4 modules) ✅ TUN kernel module loaded ``` **Proxmox Container Config Template:** ```bash # PPPoE Support lxc.cgroup2.devices.allow: c 108:* rwm lxc.mount.entry: /dev/ppp dev/ppp none bind,create=file,optional 0 0 # TUN/TAP Support lxc.cgroup2.devices.allow: c 10:200 rwm lxc.mount.entry: /dev/net dev/net none bind,create=dir 0 0 # Enable nesting lxc.apparmor.profile: unconfined ``` **Files Changed:** - `docs/PROXMOX_VPS_SETUP_GUIDE.md` - NEW comprehensive guide - `vps-install.sh` - Added Proxmox VPS auto-setup - `install-wizard.html` - Added Proxmox LXC configuration section **Notes:** - LXC containers require host-level kernel module support - KVM VMs work out-of-box without special configuration - Security trade-off: `lxc.apparmor.profile: unconfined` reduces isolation - Recommended: Use KVM for production, LXC for development/testing --- ## [2.9.1] - 2025-12-27 ### 🔧 Critical Fixes - Payment URL Generation & Invoice Management #### Payment URL Generation Fixes - **Reordered Payment Flow** - Create payment FIRST before invoice creation - Previous: Invoice created → Payment created → Update invoice with URL - New: Payment created → Invoice created with URL directly - Prevents invoices being created without payment links - Invoice only created if payment URL successfully generated - **Comprehensive Error Handling** - Better logging with `[Top-Up Direct]` prefix throughout flow - Detailed Tripay config logging (merchantCode, hasApiKey, hasPrivateKey, environment) - Full Tripay response logging for debugging - Error messages include gateway name and specific failure reason - Frontend shows detailed error alerts with SweetAlert2 - **Payment Gateway Support Completed** - ✅ Midtrans: `createMidtransPayment` → `redirect_url` - ✅ Xendit: `createXenditInvoice` → `invoiceUrl` - ✅ Duitku: QRIS via ShopeePay → `paymentUrl` - ✅ Tripay: QRIS with `createTransaction` → `checkout_url` or `pay_url` - All gateways tested and validated - **API Response Improvements** - `POST /api/customer/topup-direct` always returns `paymentUrl` field - Success response: `{ success, invoiceNumber, amount, paymentUrl, invoice }` - Error response: `{ success: false, error, details, gateway }` - Console logging for request/response tracking #### Customer Dashboard Invoice Improvements - **Smart Payment Button** - Invoice WITH payment link → Cyan "Bayar" button → Opens payment in new tab - Invoice WITHOUT payment link → Yellow "Buat Link" button → Regenerates payment - Button changes from `` tag to `