schmidt1024/xmrpay.link
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79 Commits 1 Branch 9 Tags
604d6aa1f4f925900e2ddd35a08e4ace49ee8c71
Commit Graph

79 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
schmidt1024
604d6aa1f4 Update version to 1.2.1 in source files
Some checks failed
Build & Push Docker Image / build (push) Has been cancelled
Details
v1.2.1 		2026-03-30 16:50:37 +02:00
schmidt1024
acac49969d Fix critical CVEs by using official Caddy image instead of Alpine package 
Copy Caddy binary from caddy:2-alpine multi-stage build to avoid
stale smallstep/certificates (CVE CVSS 10) and grpc vulnerabilities
shipped with the Alpine caddy package.
 2026-03-30 16:39:15 +02:00
Alexander Schmidt
651e0d7ab0 Rebrand document.title from xmrpay.link to xmrpay
Some checks failed
Build & Push Docker Image / build (push) Has been cancelled
Details
v1.2.0 		2026-03-27 13:02:39 +01:00
Alexander Schmidt
e2b6684dcb Fix Turkish translation: add self_host_banner, fix tx_hash label, rates_offline, countdown unit 2026-03-27 13:00:48 +01:00
Schmidt
6149b52b42 Merge pull request #1 from barisbuyukakyol/master 
Turkish translation added
 2026-03-27 12:59:13 +01:00
Barış Büyükakyol
e7674475cf Update README.md 2026-03-27 14:06:24 +03:00
Barış Büyükakyol
3d917d386f Update i18n.min.js 2026-03-27 14:04:40 +03:00
Barış Büyükakyol
e1d9fcbf28 turkish translation added 2026-03-27 14:03:29 +03:00
Barış Büyükakyol
365871c077 Update privacy.html 
turkish translation added
 2026-03-27 13:59:45 +03:00
Alexander Schmidt
a5515a65f6 Remove inaccurate client-side claim from meta description 2026-03-27 11:00:42 +01:00
Alexander Schmidt
554286edfa Rebrand to xmrpay, improve meta description 2026-03-27 10:59:33 +01:00
Alexander Schmidt
487b5e9ec8 Fix privacy.html: add script-src to CSP so legal text renders 2026-03-27 10:49:39 +01:00
Alexander Schmidt
67a27f8f59 Fix banner z-index on mobile, update version to 1.1.1 2026-03-27 10:47:26 +01:00
Alexander Schmidt
de1b7b1074 Add Tor hidden service to Docker self-hosting setup
Some checks failed
Build & Push Docker Image / build (push) Has been cancelled
Details
v1.1.1 		2026-03-27 10:38:52 +01:00
Alexander Schmidt
41c332365b Add self-host banner and rewrite README for self-hosting focus
Some checks failed
Build & Push Docker Image / build (push) Has been cancelled
Details
v1.1.0 		2026-03-27 10:31:48 +01:00
Alexander Schmidt
d0b70acf39 Fix short URL redirect when PATH_INFO is empty string
Some checks failed
Build & Push Docker Image / build (push) Has been cancelled
Details
v1.0.3 		2026-03-27 10:09:08 +01:00
Alexander Schmidt
ffd9327e3e Allow self-hosted origins in API verification
Some checks failed
Build & Push Docker Image / build (push) Has been cancelled
Details
v1.0.2 		2026-03-27 09:44:11 +01:00
Alexander Schmidt
40b81a5dc8 Fix install.sh: correct GitHub repo name in compose URL 2026-03-27 09:32:34 +01:00
Alexander Schmidt
dc5582aa04 Point source links to GitHub repo
Some checks failed
Build & Push Docker Image / build (push) Has been cancelled
Details
v1.0.1 		2026-03-27 09:11:29 +01:00
Alexander Schmidt
643ced23e9 Fix GitHub Actions: add DOCKER environment, use Node.js 24 2026-03-27 09:09:38 +01:00
Alexander Schmidt
64eee4ebc5 Add Docker self-hosting and CI/CD pipeline 
- Dockerfile: Caddy + PHP-FPM + app in single Alpine container
- Caddyfile: auto-HTTPS, security headers, short URL rewrite
- docker-compose.yml: app + Watchtower for auto-updates
- install.sh: one-liner for fresh VPS setup
- GitHub Actions: build & push to Docker Hub + GHCR on tag

Self-host with:
  curl -sL https://xmrpay.link/install.sh | sh -s your-domain.com
 2026-03-27 08:26:30 +01:00
Alexander Schmidt
5212f586c7 Auto-inject version from git tags in deploy 
Reads version from git describe, injects into i18n.js and index.html
before minification. No manual version bumping needed.
Tag with: git tag v1.1.0
 2026-03-27 08:06:57 +01:00
Alexander Schmidt
6fcc063ad9 Add version number to footer and fix line-height v1.0.0 2026-03-27 08:02:54 +01:00
Alexander Schmidt
2e71959fd1 Add line break in footer i18n string 2026-03-27 07:58:33 +01:00
Alexander Schmidt
25cb0e1a5d Fix deploy permissions and exclude credentials 
- Add --chmod=D755,F644 to rsync (HestiaCP PHP-FPM needs world-readable)
- Exclude scripts/.deploy.env from deploy (contains server credentials)
 2026-03-27 07:55:54 +01:00
Alexander Schmidt
83e7d43a74 Add CSP, SRI, and auto-hash deploy pipeline 
- Content Security Policy via <meta> tag (blocks exfiltration to foreign domains)
- Subresource Integrity on all static and dynamically loaded scripts
- Nginx security headers snippet (HSTS, CSP, frame-ancestors on all responses)
- Auto-minify and SRI hash update in deploy.sh (prevents stale hashes)
 2026-03-27 07:51:01 +01:00
Alexander Schmidt
2a3cc5682c Clarify trust model and wallet-native default in README 2026-03-26 15:28:29 +01:00
Alexander Schmidt
3aa8277530 Add wallet URI copy and shortlink trust toggle 2026-03-26 15:11:11 +01:00
Alexander Schmidt
6f43f34d68 Fix deploy dry-run flag and generalize env example 2026-03-26 14:52:31 +01:00
Alexander Schmidt
77bf794b73 Harden deployment with data backups and restore script 2026-03-26 14:25:35 +01:00
Alexander Schmidt
94c8ecb2aa Add deploy env ignore and example template 2026-03-26 14:15:04 +01:00
Alexander Schmidt
32d509fe9d Harden deploy script config handling 2026-03-26 14:07:07 +01:00
Alexander Schmidt
8ae736bbad Add safe deploy script preserving data directory 2026-03-26 13:55:59 +01:00
Alexander Schmidt
d01b7d0d27 Align privacy rate-limit wording with implementation 2026-03-26 13:53:07 +01:00
Alexander Schmidt
dddda450a7 Update privacy terms: no persistent IP records 2026-03-26 13:48:40 +01:00
Alexander Schmidt
758b2f3589 Preserve absolute invoice deadline across reloads 2026-03-26 13:43:30 +01:00
Alexander Schmidt
69f173bc2f Keep short URL in share field when loaded via short link 2026-03-26 13:40:16 +01:00
Alexander Schmidt
3dd1e55432 Refresh pending proof confirmations on status lookup 2026-03-26 13:28:40 +01:00
Alexander Schmidt
4b0cd3aaab Fix short link integrity check for code parameter 2026-03-26 13:26:05 +01:00
Alexander Schmidt
1e2ea6c24d Bump asset versions and rotate service worker cache 2026-03-26 13:24:18 +01:00
Alexander Schmidt
f6edc4cb58 Fix false short URL integrity warning 2026-03-26 13:22:34 +01:00
Alexander Schmidt
09a5ef703c Add yellow favicon badge for pending invoices 2026-03-26 13:20:11 +01:00
Alexander Schmidt
85039402a7 Regenerate minified translations for pending proof status 2026-03-26 13:15:33 +01:00
Alexander Schmidt
a2c3d8dd00 Add document-and-coin favicon concept and sync paid favicon state 2026-03-26 13:10:30 +01:00
Alexander Schmidt
9cc50188c0 Update README: mark auto-cleanup as complete, add Invoice Lifecycle section 2026-03-26 11:03:59 +01:00
Alexander Schmidt
0049077605 Add type annotations to fix Intelephense type checking errors 2026-03-26 11:03:15 +01:00
Alexander Schmidt
31623fd03e Update cache-busting version to 20260326-2 for cleanup feature 2026-03-26 11:02:20 +01:00
Alexander Schmidt
ee0d0d4124 Implement lazy-cleanup for expired invoices with deadline-based deletion 2026-03-26 11:01:32 +01:00
Alexander Schmidt
c4e3f3cd15 Add deadline cleanup feature to roadmap 2026-03-26 10:54:21 +01:00
Alexander Schmidt
6fd2d05163 Add cache-busting version params for frontend assets 2026-03-26 10:11:13 +01:00