Update to 1.23.16

* [V1 Only] Change dev server's data path to ./data/v1

* Fix GHSA-2qgm-m29m-cj2h

.dockerignore

@@ -38,6 +38,10 @@ tsconfig.json
 /extra/push-examples
 /extra/uptime-kuma-push
 
+# Comment the following line if you want to rebuild the healthcheck binary
+/extra/healthcheck-armv7
+
+
 ### .gitignore content (commented rules are duplicated)
 
 #node_modules

.eslintrc.js

@@ -78,7 +78,7 @@ module.exports = {
             "checkLoops": false,
         }],
         "space-before-blocks": "warn",
-        //'no-console': 'warn',
+        //"no-console": "warn",
         "no-extra-boolean-cast": "off",
         "no-multiple-empty-lines": [ "warn", {
             "max": 1,
@@ -90,7 +90,8 @@ module.exports = {
         "no-unneeded-ternary": "error",
         "array-bracket-newline": [ "error", "consistent" ],
         "eol-last": [ "error", "always" ],
-        //'prefer-template': 'error',
+        //"prefer-template": "error",
+        "template-curly-spacing": [ "warn", "never" ],
         "comma-dangle": [ "warn", "only-multiline" ],
         "no-empty": [ "error", {
             "allowEmptyCatch": true

.github/workflows/auto-test.yml

@@ -5,11 +5,11 @@ name: Auto Test
 
 on:
   push:
-    branches: [ master ]
+    branches: [ master, 1.23.X ]
     paths-ignore:
       - '*.md'
   pull_request:
-    branches: [ master, 2.0.X ]
+    branches: [ master, 1.23.X ]
     paths-ignore:
       - '*.md'
 
@@ -22,19 +22,18 @@ jobs:
     strategy:
       matrix:
         os: [macos-latest, ubuntu-latest, windows-latest, ARM64]
-        node: [ 14, 20 ]
+        node: [ 16, 20.5 ]
         # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
 
     steps:
     - run: git config --global core.autocrlf false  # Mainly for Windows
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Use Node.js ${{ matrix.node }}
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         node-version: ${{ matrix.node }}
-    - run: npm install npm@latest -g
-    - run: npm install
+    - run: npm ci
     - run: npm run build
     - run: npm test
       env:
@@ -50,18 +49,17 @@ jobs:
     strategy:
       matrix:
         os: [ ARMv7 ]
-        node: [ 14, 20 ]
+        node: [ 16, 20.5 ]
         # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
 
     steps:
       - run: git config --global core.autocrlf false  # Mainly for Windows
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Use Node.js ${{ matrix.node }}
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node }}
-      - run: npm install npm@latest -g
       - run: npm ci --production
 
   check-linters:
@@ -69,27 +67,27 @@ jobs:
 
     steps:
     - run: git config --global core.autocrlf false  # Mainly for Windows
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
-    - name: Use Node.js 14
-      uses: actions/setup-node@v3
+    - name: Use Node.js 20
+      uses: actions/setup-node@v4
       with:
-        node-version: 14
-    - run: npm install
-    - run: npm run lint
+        node-version: 20.5
+    - run: npm ci
+    - run: npm run lint:prod
 
   e2e-tests:
     needs: [ check-linters ]
     runs-on: ubuntu-latest
     steps:
     - run: git config --global core.autocrlf false  # Mainly for Windows
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
-    - name: Use Node.js 14
-      uses: actions/setup-node@v3
+    - name: Use Node.js 16
+      uses: actions/setup-node@v4
       with:
-        node-version: 14
-    - run: npm install
+        node-version: 16
+    - run: npm ci
     - run: npm run build
     - run: npm run cy:test
 
@@ -98,12 +96,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - run: git config --global core.autocrlf false  # Mainly for Windows
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
-    - name: Use Node.js 14
-      uses: actions/setup-node@v3
+    - name: Use Node.js 16
+      uses: actions/setup-node@v4
       with:
-        node-version: 14
-    - run: npm install
+        node-version: 16
+    - run: npm ci
     - run: npm run build
     - run: npm run cy:run:unit

.github/workflows/close-incorrect-issue.yml

@@ -14,10 +14,10 @@ jobs:
         node-version: [16]
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         node-version: ${{ matrix.node-version }}
         cache: 'npm'

.github/workflows/json-yaml-validate.yml

@@ -6,7 +6,7 @@ on:
   pull_request:
     branches:
       - master
-      - 2.0.X
+      - 1.23.X
   workflow_dispatch:
 
 permissions:
@@ -17,11 +17,11 @@ jobs:
   json-yaml-validate:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: json-yaml-validate
         id: json-yaml-validate
-        uses: GrantBirki/json-yaml-validate@v1.3.0
+        uses: GrantBirki/json-yaml-validate@v2.4.0
         with:
           comment: "true" # enable comment mode
           exclude_file: ".github/config/exclude.txt" # gitignore style file for exclusions

.github/workflows/stale-bot.yml

@@ -9,7 +9,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v7
+      - uses: actions/stale@v8
         with:
           stale-issue-message: 'We are clearing up our old issues and your ticket has been open for 3 months with no activity. Remove stale label or comment or this will be closed in 2 days.'
           close-issue-message: 'This issue was closed because it has been stalled for 2 days with no activity.'

config/vite.config.js

@@ -3,7 +3,6 @@ import vue from "@vitejs/plugin-vue";
 import { defineConfig } from "vite";
 import visualizer from "rollup-plugin-visualizer";
 import viteCompression from "vite-plugin-compression";
-import commonjs from "vite-plugin-commonjs";
 
 const postCssScss = require("postcss-scss");
 const postcssRTLCSS = require("postcss-rtlcss");
@@ -22,7 +21,6 @@ export default defineConfig({
         "CODESPACE_NAME": JSON.stringify(process.env.CODESPACE_NAME),
     },
     plugins: [
-        commonjs(),
         vue(),
         legacy({
             targets: [ "since 2015" ],

db/patch-fix-kafka-producer-booleans.sql

@@ -0,0 +1,34 @@
+-- You should not modify if this have pushed to Github, unless it does serious wrong with the db.
+BEGIN TRANSACTION;
+
+-- Rename COLUMNs to another one (suffixed by `_old`)
+ALTER TABLE monitor
+    RENAME COLUMN kafka_producer_ssl TO kafka_producer_ssl_old;
+
+ALTER TABLE monitor
+    RENAME COLUMN kafka_producer_allow_auto_topic_creation TO kafka_producer_allow_auto_topic_creation_old;
+
+-- Add correct COLUMNs
+ALTER TABLE monitor
+    ADD COLUMN kafka_producer_ssl BOOLEAN default 0 NOT NULL;
+
+ALTER TABLE monitor
+    ADD COLUMN kafka_producer_allow_auto_topic_creation BOOLEAN default 0 NOT NULL;
+
+-- These SQL is still not fully safe. See https://github.com/louislam/uptime-kuma/issues/4039.
+
+-- Set bring old values from `_old` COLUMNs to correct ones
+-- UPDATE monitor SET kafka_producer_allow_auto_topic_creation = monitor.kafka_producer_allow_auto_topic_creation_old
+-- WHERE monitor.kafka_producer_allow_auto_topic_creation_old IS NOT NULL;
+
+-- UPDATE monitor SET kafka_producer_ssl = monitor.kafka_producer_ssl_old
+-- WHERE monitor.kafka_producer_ssl_old IS NOT NULL;
+
+-- Remove old COLUMNs
+ALTER TABLE monitor
+    DROP COLUMN kafka_producer_allow_auto_topic_creation_old;
+
+ALTER TABLE monitor
+    DROP COLUMN kafka_producer_ssl_old;
+
+COMMIT;

db/patch-monitor-tls-info-add-fk.sql

@@ -0,0 +1,18 @@
+BEGIN TRANSACTION;
+
+PRAGMA writable_schema = TRUE;
+
+UPDATE
+	SQLITE_MASTER
+SET
+	sql = replace(sql,
+	'monitor_id INTEGER NOT NULL',
+	'monitor_id INTEGER NOT NULL REFERENCES [monitor] ([id]) ON DELETE CASCADE ON UPDATE CASCADE'
+)
+WHERE
+	name = 'monitor_tls_info'
+	AND type = 'table';
+
+PRAGMA writable_schema = RESET;
+
+COMMIT;

db/patch-notification-config.sql

@@ -0,0 +1,10 @@
+-- You should not modify if this have pushed to Github, unless it does serious wrong with the db.
+BEGIN TRANSACTION;
+
+-- SQLite: Change the data type of the column "config" from VARCHAR to TEXT
+ALTER TABLE notification RENAME COLUMN config TO config_old;
+ALTER TABLE notification ADD COLUMN config TEXT;
+UPDATE notification SET config = config_old;
+ALTER TABLE notification DROP COLUMN config_old;
+
+COMMIT;

db/patch-timeout.sql

@@ -0,0 +1,7 @@
+-- You should not modify if this have pushed to Github, unless it does serious wrong with the db.
+BEGIN TRANSACTION;
+
+UPDATE monitor SET timeout = (interval * 0.8)
+WHERE timeout IS NULL OR timeout <= 0;
+
+COMMIT;

docker/debian-base.dockerfile

@@ -1,6 +1,6 @@
-# DON'T UPDATE TO node:14-bullseye-slim, see #372.
-# If the image changed, the second stage image should be changed too
-FROM node:16-buster-slim
+# DON'T UPDATE TO bullseye-slim, see #372.
+# There is no 20-buster-slim for armv7 unfortunately, 18-buster-slim is the last one for Uptime Kuma v1.
+FROM node:18-buster-slim
 ARG TARGETPLATFORM
 
 WORKDIR /app
@@ -27,7 +27,7 @@ RUN apt-get update && \
         ca-certificates \
         sudo \
         nscd && \
-    pip3 --no-cache-dir install apprise==1.4.5 && \
+    pip3 --no-cache-dir install apprise==1.6.0 && \
     rm -rf /var/lib/apt/lists/* && \
     apt --yes autoremove
 

extra/healthcheck.js

@@ -6,7 +6,7 @@
  * ⚠️ Deprecated: Changed to healthcheck.go, it will be deleted in the future.
  * This script should be run after a period of time (180s), because the server may need some time to prepare.
  */
-const { FBSD } = require("../server/util-server");
+const FBSD = /^freebsd/.test(process.platform);
 
 process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
 

extra/reformat-changelog.js

@@ -0,0 +1,44 @@
+// Generate on GitHub
+const input = `
+* Add Korean translation by @Alanimdeo in https://github.com/louislam/dockge/pull/86
+`;
+
+const template = `
+### 🆕 New Features
+
+### 💇‍♀️ Improvements
+
+### 🐞 Bug Fixes
+
+### ⬆️ Security Fixes
+
+### 🦎 Translation Contributions
+
+### Others
+- Other small changes, code refactoring and comment/doc updates in this repo:
+`;
+
+const lines = input.split("\n").filter((line) => line.trim() !== "");
+
+for (const line of lines) {
+    // Split the last " by "
+    const usernamePullRequesURL = line.split(" by ").pop();
+
+    if (!usernamePullRequesURL) {
+        console.log("Unable to parse", line);
+        continue;
+    }
+
+    const [ username, pullRequestURL ] = usernamePullRequesURL.split(" in ");
+    const pullRequestID = "#" + pullRequestURL.split("/").pop();
+    let message = line.split(" by ").shift();
+
+    if (!message) {
+        console.log("Unable to parse", line);
+        continue;
+    }
+
+    message = message.split("* ").pop();
+    console.log("-", pullRequestID, message, `(Thanks ${username})`);
+}
+console.log(template);

extra/reset-password.js

@@ -5,6 +5,8 @@ const { R } = require("redbean-node");
 const readline = require("readline");
 const { initJWTSecret } = require("../server/util-server");
 const User = require("../server/model/user");
+const { io } = require("socket.io-client");
+const { localWebSocketURL } = require("../server/config");
 const args = require("args-parser")(process.argv);
 const rl = readline.createInterface({
     input: process.stdin,
@@ -36,12 +38,16 @@ const main = async () => {
                     // Reset all sessions by reset jwt secret
                     await initJWTSecret();
 
+                    // Disconnect all other socket clients of the user
+                    await disconnectAllSocketClients(user.username, password);
+
                     break;
                 } else {
                     console.log("Passwords do not match, please try again.");
                 }
             }
             console.log("Password reset successfully.");
+
         }
     } catch (e) {
         console.error("Error: " + e.message);
@@ -66,6 +72,44 @@ function question(question) {
     });
 }
 
+function disconnectAllSocketClients(username, password) {
+    return new Promise((resolve) => {
+        console.log("Connecting to " + localWebSocketURL + " to disconnect all other socket clients");
+
+        // Disconnect all socket connections
+        const socket = io(localWebSocketURL, {
+            reconnection: false,
+            timeout: 5000,
+        });
+        socket.on("connect", () => {
+            socket.emit("login", {
+                username,
+                password,
+            }, (res) => {
+                if (res.ok) {
+                    console.log("Logged in.");
+                    socket.emit("disconnectOtherSocketClients");
+                } else {
+                    console.warn("Login failed.");
+                    console.warn("Please restart the server to disconnect all sessions.");
+                }
+                socket.close();
+            });
+        });
+
+        socket.on("connect_error", function () {
+            // The localWebSocketURL is not guaranteed to be working for some complicated Uptime Kuma setup
+            // Ask the user to restart the server manually
+            console.warn("Failed to connect to " + localWebSocketURL);
+            console.warn("Please restart the server to disconnect all sessions manually.");
+            resolve();
+        });
+        socket.on("disconnect", () => {
+            resolve();
+        });
+    });
+}
+
 if (!process.env.TEST_BACKEND) {
     main();
 }

package.json

@@ -1,6 +1,6 @@
 {
     "name": "uptime-kuma",
-    "version": "1.23.2",
+    "version": "1.23.16",
     "license": "MIT",
     "repository": {
         "type": "git",
@@ -13,16 +13,18 @@
         "install-legacy": "npm install",
         "update-legacy": "npm update",
         "lint:js": "eslint --ext \".js,.vue\" --ignore-path .gitignore .",
+        "lint:js-prod": "npm run lint:js -- --max-warnings 0",
         "lint-fix:js": "eslint --ext \".js,.vue\" --fix --ignore-path .gitignore .",
         "lint:style": "stylelint \"**/*.{vue,css,scss}\" --ignore-path .gitignore",
         "lint-fix:style": "stylelint \"**/*.{vue,css,scss}\" --fix --ignore-path .gitignore",
         "lint": "npm run lint:js && npm run lint:style",
+        "lint:prod": "npm run lint:js-prod && npm run lint:style",
         "dev": "concurrently -k -r \"wait-on tcp:3000 && npm run start-server-dev \" \"npm run start-frontend-dev\"",
         "start-frontend-dev": "cross-env NODE_ENV=development vite --host --config ./config/vite.config.js",
         "start-frontend-devcontainer": "cross-env NODE_ENV=development DEVCONTAINER=1 vite --host --config ./config/vite.config.js",
         "start": "npm run start-server",
         "start-server": "node server/server.js",
-        "start-server-dev": "cross-env NODE_ENV=development node server/server.js",
+        "start-server-dev": "cross-env NODE_ENV=development node server/server.js --data-dir=./data/v1/",
         "build": "vite build --config ./config/vite.config.js",
         "test": "node test/prepare-test-server.js && npm run jest-backend",
         "test-with-build": "npm run build && npm test",
@@ -40,7 +42,7 @@
         "build-docker-nightly-amd64": "docker buildx build -f docker/dockerfile --platform linux/amd64 -t louislam/uptime-kuma:nightly-amd64 --target nightly . --push --progress plain",
         "build-docker-pr-test": "docker buildx build -f docker/dockerfile --platform linux/amd64,linux/arm64 -t louislam/uptime-kuma:pr-test --target pr-test . --push",
         "upload-artifacts": "docker buildx build -f docker/dockerfile --platform linux/amd64 -t louislam/uptime-kuma:upload-artifact --build-arg VERSION --build-arg GITHUB_TOKEN --target upload-artifact . --progress plain",
-        "setup": "git checkout 1.23.2 && npm ci --production && npm run download-dist",
+        "setup": "git checkout 1.23.16 && npm ci --production && npm run download-dist",
         "download-dist": "node extra/download-dist.js",
         "mark-as-nightly": "node extra/mark-as-nightly.js",
         "reset-password": "node extra/reset-password.js",
@@ -57,6 +59,8 @@
         "simple-dns-server": "node extra/simple-dns-server.js",
         "simple-mqtt-server": "node extra/simple-mqtt-server.js",
         "simple-mongo": "docker run --rm -p 27017:27017 mongo",
+        "simple-postgres": "docker run --rm -p 5432:5432 -e POSTGRES_PASSWORD=postgres postgres",
+        "simple-mariadb": "docker run --rm -p 3306:3306 -e MYSQL_ROOT_PASSWORD=mariadb# mariadb",
         "update-language-files": "cd extra/update-language-files && node index.js && cross-env-shell eslint ../../src/languages/$npm_config_language.js --fix",
         "ncu-patch": "npm-check-updates -u -t patch",
         "release-final": "node ./extra/test-docker.js && node extra/update-version.js && npm run build-docker && node ./extra/press-any-key.js && npm run upload-artifacts && node ./extra/update-wiki-version.js",
@@ -70,21 +74,22 @@
         "cypress-open": "concurrently -k -r \"node test/prepare-test-server.js && node server/server.js --port=3002 --data-dir=./data/test/\" \"cypress open --config-file ./config/cypress.config.js\"",
         "build-healthcheck-armv7": "cross-env GOOS=linux GOARCH=arm GOARM=7 go build -x -o ./extra/healthcheck-armv7 ./extra/healthcheck.go",
         "deploy-demo-server": "node extra/deploy-demo-server.js",
-        "sort-contributors": "node extra/sort-contributors.js"
+        "sort-contributors": "node extra/sort-contributors.js",
+        "start-server-node14-win": "private\\node14\\node.exe server/server.js"
     },
     "dependencies": {
-        "@grpc/grpc-js": "~1.7.3",
+        "@grpc/grpc-js": "~1.8.22",
         "@louislam/ping": "~0.4.4-mod.1",
         "@louislam/sqlite3": "15.1.6",
         "args-parser": "~1.3.0",
-        "axios": "~0.27.0",
+        "axios": "~0.28.1",
         "axios-ntlm": "1.3.0",
         "badge-maker": "~3.3.1",
         "bcryptjs": "~2.4.3",
         "cacheable-lookup": "~6.0.4",
         "chardet": "~1.4.0",
         "check-password-strength": "^2.0.5",
-        "cheerio": "~1.0.0-rc.12",
+        "cheerio": "1.0.0-rc.12",
         "chroma-js": "~2.4.2",
         "command-exists": "~1.2.9",
         "compare-versions": "~3.6.0",
@@ -92,11 +97,12 @@
         "croner": "~6.0.5",
         "dayjs": "~1.11.5",
         "dotenv": "~16.0.3",
-        "express": "~4.17.3",
+        "express": "~4.21.0",
         "express-basic-auth": "~1.2.1",
         "express-static-gzip": "~2.1.7",
         "form-data": "~4.0.0",
-        "gamedig": "~4.0.5",
+        "gamedig": "^4.2.0",
+        "html-escaper": "^3.0.3",
         "http-graceful-shutdown": "~3.1.7",
         "http-proxy-agent": "~5.0.0",
         "https-proxy-agent": "~5.0.1",
@@ -112,35 +118,36 @@
         "mongodb": "~4.17.1",
         "mqtt": "~4.3.7",
         "mssql": "~8.1.4",
-        "mysql2": "~2.3.3",
+        "mysql2": "~3.9.6",
         "nanoid": "~3.3.4",
         "node-cloudflared-tunnel": "~1.0.9",
         "node-radius-client": "~1.0.0",
-        "nodemailer": "~6.6.5",
+        "nodemailer": "~6.9.13",
         "nostr-tools": "^1.13.1",
         "notp": "~2.0.3",
         "openid-client": "^5.4.2",
         "password-hash": "~1.2.2",
-        "pg": "~8.8.0",
-        "pg-connection-string": "~2.5.0",
+        "pg": "~8.11.3",
+        "pg-connection-string": "~2.6.2",
         "playwright-core": "~1.35.1",
         "prom-client": "~13.2.0",
         "prometheus-api-metrics": "~3.2.1",
+        "promisify-child-process": "~4.1.2",
         "protobufjs": "~7.2.4",
         "qs": "~6.10.4",
         "redbean-node": "~0.3.0",
         "redis": "~4.5.1",
         "semver": "~7.5.4",
-        "socket.io": "~4.6.1",
-        "socket.io-client": "~4.6.1",
+        "socket.io": "~4.8.0",
+        "socket.io-client": "~4.8.0",
         "socks-proxy-agent": "6.1.1",
-        "tar": "~6.1.11",
+        "tar": "~6.2.1",
         "tcp-ping": "~0.1.1",
         "thirty-two": "~1.0.2",
         "ws": "^8.13.0"
     },
     "devDependencies": {
-        "@actions/github": "~5.0.1",
+        "@actions/github": "~5.1.1",
         "@babel/eslint-parser": "^7.22.7",
         "@babel/preset-env": "^7.15.8",
         "@fortawesome/fontawesome-svg-core": "~1.2.36",
@@ -164,7 +171,7 @@
         "cypress": "^13.2.0",
         "delay": "^5.0.0",
         "dns2": "~2.0.1",
-        "dompurify": "~2.4.3",
+        "dompurify": "~3.1.7",
         "eslint": "~8.14.0",
         "eslint-plugin-vue": "~8.7.1",
         "favico.js": "~0.3.10",
@@ -184,8 +191,7 @@
         "timezones-list": "~3.0.1",
         "typescript": "~4.4.4",
         "v-pagination-3": "~0.1.7",
-        "vite": "~4.4.1",
-        "vite-plugin-commonjs": "^0.8.0",
+        "vite": "~5.2.8",
         "vite-plugin-compression": "^0.5.1",
         "vue": "~3.3.4",
         "vue-chartjs": "~5.2.0",
@@ -199,7 +205,7 @@
         "vue-router": "~4.0.14",
         "vue-toastification": "~2.0.0-rc.5",
         "vuedraggable": "~4.1.0",
-        "wait-on": "^6.0.1",
+        "wait-on": "^7.2.0",
         "whatwg-url": "~12.0.1"
     }
 }

public/icon.svg

@@ -1,10 +1,9 @@
-<svg width="640" height="640" viewBox="0 0 640 640" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M490.4 235.64C544.09 358.38 544.09 435.34 490.4 466.5C409.85 513.24 199.96 527.49 139.54 455.64C99.2601 407.74 99.2601 334.4 139.54 235.64C180.5 168.18 238.71 134.45 314.17 134.45C389.64 134.45 448.38 168.18 490.4 235.64Z" fill="url(#paint0_linear_381_799)"/>
-<path d="M490.4 235.64C544.09 358.38 544.09 435.34 490.4 466.5C409.85 513.24 199.96 527.49 139.54 455.64C99.2601 407.74 99.2601 334.4 139.54 235.64C180.5 168.18 238.71 134.45 314.17 134.45C389.64 134.45 448.38 168.18 490.4 235.64Z" stroke="#F2F2F2" stroke-opacity="0.51" stroke-width="200"/>
-<defs>
-<linearGradient id="paint0_linear_381_799" x1="259.78" y1="261.15" x2="463.85" y2="456.49" gradientUnits="userSpaceOnUse">
+<svg width="640" height="640" viewBox="0 0 640 640" xml:space="preserve" xmlns="http://www.w3.org/2000/svg">
+<g transform="matrix(1 0 0 1 320 320)">
+<linearGradient id="S3" gradientUnits="userSpaceOnUse" gradientTransform="matrix(1 0 0 1 -319.99875 -320.0001577393)"  x1="259.78" y1="261.15" x2="463.85" y2="456.49">
 <stop stop-color="#5CDD8B"/>
 <stop offset="1" stop-color="#86E6A9"/>
 </linearGradient>
-</defs>
+<path style="stroke: rgb(242,242,242); stroke-opacity: 0.51; stroke-width: 200; stroke-dasharray: none; stroke-linecap: butt; stroke-dashoffset: 0; stroke-linejoin: miter; stroke-miterlimit: 4; fill: url(#S3); fill-rule: nonzero; opacity: 1;"  transform=" translate(0, 0)" d="M 170.40125 -84.36016 C 224.09125 38.37984 224.09125 115.33984 170.40125 146.49984 C 89.85125000000001 193.23984000000002 -120.03875 207.48984000000002 -180.45875 135.63984 C -220.73875 87.73983999999999 -220.73875 14.399839999999998 -180.45875 -84.36016000000001 C -139.49875 -151.82016 -81.28875000000001 -185.55016 -5.828750000000014 -185.55016 C 69.64124999999999 -185.55016 128.38125 -151.82016000000002 170.40124999999998 -84.36016000000001 z" stroke-linecap="round" />
+</g>
 </svg>

server/config.js

@@ -1,29 +1,42 @@
+const isFreeBSD = /^freebsd/.test(process.platform);
+
 // Interop with browser
 const args = (typeof process !== "undefined") ? require("args-parser")(process.argv) : {};
-const demoMode = args["demo"] || false;
 
-const badgeConstants = {
-    naColor: "#999",
-    defaultUpColor: "#66c20a",
-    defaultWarnColor: "#eed202",
-    defaultDownColor: "#c2290a",
-    defaultPendingColor: "#f8a306",
-    defaultMaintenanceColor: "#1747f5",
-    defaultPingColor: "blue",  // as defined by badge-maker / shields.io
-    defaultStyle: "flat",
-    defaultPingValueSuffix: "ms",
-    defaultPingLabelSuffix: "h",
-    defaultUptimeValueSuffix: "%",
-    defaultUptimeLabelSuffix: "h",
-    defaultCertExpValueSuffix: " days",
-    defaultCertExpLabelSuffix: "h",
-    // Values Come From Default Notification Times
-    defaultCertExpireWarnDays: "14",
-    defaultCertExpireDownDays: "7"
-};
+// If host is omitted, the server will accept connections on the unspecified IPv6 address (::) when IPv6 is available and the unspecified IPv4 address (0.0.0.0) otherwise.
+// Dual-stack support for (::)
+// Also read HOST if not FreeBSD, as HOST is a system environment variable in FreeBSD
+let hostEnv = isFreeBSD ? null : process.env.HOST;
+const hostname = args.host || process.env.UPTIME_KUMA_HOST || hostEnv;
+
+const port = [ args.port, process.env.UPTIME_KUMA_PORT, process.env.PORT, 3001 ]
+    .map(portValue => parseInt(portValue))
+    .find(portValue => !isNaN(portValue));
+
+const sslKey = args["ssl-key"] || process.env.UPTIME_KUMA_SSL_KEY || process.env.SSL_KEY || undefined;
+const sslCert = args["ssl-cert"] || process.env.UPTIME_KUMA_SSL_CERT || process.env.SSL_CERT || undefined;
+const sslKeyPassphrase = args["ssl-key-passphrase"] || process.env.UPTIME_KUMA_SSL_KEY_PASSPHRASE || process.env.SSL_KEY_PASSPHRASE || undefined;
+
+const isSSL = sslKey && sslCert;
+
+function getLocalWebSocketURL() {
+    const protocol = isSSL ? "wss" : "ws";
+    const host = hostname || "localhost";
+    return `${protocol}://${host}:${port}`;
+}
+
+const localWebSocketURL = getLocalWebSocketURL();
+
+const demoMode = args["demo"] || false;
 
 module.exports = {
     args,
+    hostname,
+    port,
+    sslKey,
+    sslCert,
+    sslKeyPassphrase,
+    isSSL,
+    localWebSocketURL,
     demoMode,
-    badgeConstants,
 };

server/database.js

@@ -81,6 +81,10 @@ class Database {
         "patch-monitor-oauth-cc.sql": true,
         "patch-add-timeout-monitor.sql": true,
         "patch-add-gamedig-given-port.sql": true,
+        "patch-notification-config.sql": true,
+        "patch-fix-kafka-producer-booleans.sql": true,
+        "patch-timeout.sql": true,
+        "patch-monitor-tls-info-add-fk.sql": true,
     };
 
     /**

server/google-analytics.js

@@ -1,4 +1,5 @@
 const jsesc = require("jsesc");
+const { escape } = require("html-escaper");
 
 /**
  * Returns a string that represents the javascript that is required to insert the Google Analytics scripts
@@ -7,15 +8,18 @@ const jsesc = require("jsesc");
  * @returns {string}
  */
 function getGoogleAnalyticsScript(tagId) {
-    let escapedTagId = jsesc(tagId, { isScriptContext: true });
+    let escapedTagIdJS = jsesc(tagId, { isScriptContext: true });
 
-    if (escapedTagId) {
-        escapedTagId = escapedTagId.trim();
+    if (escapedTagIdJS) {
+        escapedTagIdJS = escapedTagIdJS.trim();
     }
 
+    // Escape the tag ID for use in an HTML attribute.
+    let escapedTagIdHTMLAttribute = escape(tagId);
+
     return `
-        <script async src="https://www.googletagmanager.com/gtag/js?id=${escapedTagId}"></script>
-        <script>window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date());gtag('config', '${escapedTagId}'); </script>
+        <script async src="https://www.googletagmanager.com/gtag/js?id=${escapedTagIdHTMLAttribute}"></script>
+        <script>window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date());gtag('config', '${escapedTagIdJS}'); </script>
     `;
 }
 

server/model/monitor.js

@@ -6,7 +6,7 @@ const { log, UP, DOWN, PENDING, MAINTENANCE, flipStatus, TimeLogger, MAX_INTERVA
     SQL_DATETIME_FORMAT
 } = require("../../src/util");
 const { tcping, ping, dnsResolve, checkCertificate, checkStatusCode, getTotalClientInRoom, setting, mssqlQuery, postgresQuery, mysqlQuery, mqttAsync, setSetting, httpNtlm, radius, grpcQuery,
-    redisPingAsync, mongodbPing, kafkaProducerAsync, getOidcTokenClientCredentials,
+    redisPingAsync, mongodbPing, kafkaProducerAsync, getOidcTokenClientCredentials, rootCertificatesFingerprints, axiosAbortSignal
 } = require("../util-server");
 const { R } = require("redbean-node");
 const { BeanModel } = require("redbean-node/dist/bean-model");
@@ -22,6 +22,9 @@ const { UptimeCacheList } = require("../uptime-cache-list");
 const Gamedig = require("gamedig");
 const jsonata = require("jsonata");
 const jwt = require("jsonwebtoken");
+const crypto = require("crypto");
+
+const rootCertificates = rootCertificatesFingerprints();
 
 /**
  * status:
@@ -53,7 +56,7 @@ class Monitor extends BeanModel {
             obj.tags = await this.getTags();
         }
 
-        if (certExpiry && this.type === "http" && this.getURLProtocol() === "https:") {
+        if (certExpiry && (this.type === "http" || this.type === "keyword" || this.type === "json-query") && this.getURLProtocol() === "https:") {
             const { certExpiryDaysRemaining, validCert } = await this.getCertExpiry(this.id);
             obj.certExpiryDaysRemaining = certExpiryDaysRemaining;
             obj.validCert = validCert;
@@ -141,8 +144,8 @@ class Monitor extends BeanModel {
             expectedValue: this.expectedValue,
             kafkaProducerTopic: this.kafkaProducerTopic,
             kafkaProducerBrokers: JSON.parse(this.kafkaProducerBrokers),
-            kafkaProducerSsl: this.kafkaProducerSsl === "1" && true || false,
-            kafkaProducerAllowAutoTopicCreation: this.kafkaProducerAllowAutoTopicCreation === "1" && true || false,
+            kafkaProducerSsl: this.getKafkaProducerSsl(),
+            kafkaProducerAllowAutoTopicCreation: this.getKafkaProducerAllowAutoTopicCreation(),
             kafkaProducerMessage: this.kafkaProducerMessage,
             screenshot,
         };
@@ -227,10 +230,12 @@ class Monitor extends BeanModel {
     /**
      * Encode user and password to Base64 encoding
      * for HTTP "basic" auth, as per RFC-7617
+     * @param {string|null} user - The username (nullable if not changed by a user)
+     * @param {string|null} pass - The password (nullable if not changed by a user)
      * @returns {string}
      */
     encodeBase64(user, pass) {
-        return Buffer.from(user + ":" + pass).toString("base64");
+        return Buffer.from(`${user || ""}:${pass || ""}`).toString("base64");
     }
 
     /**
@@ -285,6 +290,22 @@ class Monitor extends BeanModel {
         return Boolean(this.gamedigGivenPortOnly);
     }
 
+    /**
+     * Parse to boolean
+     * @returns {boolean} Kafka Producer Ssl enabled?
+     */
+    getKafkaProducerSsl() {
+        return Boolean(this.kafkaProducerSsl);
+    }
+
+    /**
+     * Parse to boolean
+     * @returns {boolean} Kafka Producer Allow Auto Topic Creation Enabled?
+     */
+    getKafkaProducerAllowAutoTopicCreation() {
+        return Boolean(this.kafkaProducerAllowAutoTopicCreation);
+    }
+
     /**
      * Start monitor
      * @param {Server} io Socket server instance
@@ -339,6 +360,12 @@ class Monitor extends BeanModel {
                 bean.duration = 0;
             }
 
+            // Runtime patch timeout if it is 0
+            // See https://github.com/louislam/uptime-kuma/pull/3961#issuecomment-1804149144
+            if (!this.timeout || this.timeout <= 0) {
+                this.timeout = this.interval * 1000 * 0.8;
+            }
+
             try {
                 if (await Monitor.isUnderMaintenance(this.id)) {
                     bean.msg = "Monitor under maintenance";
@@ -409,6 +436,7 @@ class Monitor extends BeanModel {
                     const httpsAgentOptions = {
                         maxCachedSessions: 0, // Use Custom agent to disable session reuse (https://github.com/nodejs/node/issues/3940)
                         rejectUnauthorized: !this.getIgnoreTls(),
+                        secureOptions: crypto.constants.SSL_OP_LEGACY_SERVER_CONNECT,
                     };
 
                     log.debug("monitor", `[${this.name}] Prepare Options for axios`);
@@ -447,6 +475,7 @@ class Monitor extends BeanModel {
                         validateStatus: (status) => {
                             return checkStatusCode(status, this.getAcceptedStatuscodes());
                         },
+                        signal: axiosAbortSignal((this.timeout + 10) * 1000),
                     };
 
                     if (bodyValue) {
@@ -483,6 +512,18 @@ class Monitor extends BeanModel {
                         }
                     }
 
+                    let tlsInfo = {};
+                    // Store tlsInfo when secureConnect event is emitted
+                    // The keylog event listener is a workaround to access the tlsSocket
+                    options.httpsAgent.once("keylog", async (line, tlsSocket) => {
+                        tlsSocket.once("secureConnect", async () => {
+                            tlsInfo = checkCertificate(tlsSocket);
+                            tlsInfo.valid = tlsSocket.authorized || false;
+
+                            await this.handleTlsInfo(tlsInfo);
+                        });
+                    });
+
                     log.debug("monitor", `[${this.name}] Axios Options: ${JSON.stringify(options)}`);
                     log.debug("monitor", `[${this.name}] Axios Request`);
 
@@ -492,31 +533,19 @@ class Monitor extends BeanModel {
                     bean.msg = `${res.status} - ${res.statusText}`;
                     bean.ping = dayjs().valueOf() - startTime;
 
-                    // Check certificate if https is used
-                    let certInfoStartTime = dayjs().valueOf();
-                    if (this.getUrl()?.protocol === "https:") {
-                        log.debug("monitor", `[${this.name}] Check cert`);
-                        try {
-                            let tlsInfoObject = checkCertificate(res);
-                            tlsInfo = await this.updateTlsInfo(tlsInfoObject);
+                    // fallback for if kelog event is not emitted, but we may still have tlsInfo,
+                    // e.g. if the connection is made through a proxy
+                    if (this.getUrl()?.protocol === "https:" && tlsInfo.valid === undefined) {
+                        const tlsSocket = res.request.res.socket;
 
-                            if (!this.getIgnoreTls() && this.isEnabledExpiryNotification()) {
-                                log.debug("monitor", `[${this.name}] call checkCertExpiryNotifications`);
-                                await this.checkCertExpiryNotifications(tlsInfoObject);
-                            }
+                        if (tlsSocket) {
+                            tlsInfo = checkCertificate(tlsSocket);
+                            tlsInfo.valid = tlsSocket.authorized || false;
 
-                        } catch (e) {
-                            if (e.message !== "No TLS certificate in response") {
-                                log.error("monitor", "Caught error");
-                                log.error("monitor", e.message);
-                            }
+                            await this.handleTlsInfo(tlsInfo);
                         }
                     }
 
-                    if (process.env.TIMELOGGER === "1") {
-                        log.debug("monitor", "Cert Info Query Time: " + (dayjs().valueOf() - certInfoStartTime) + "ms");
-                    }
-
                     if (process.env.UPTIME_KUMA_LOG_RESPONSE_BODY_MONITOR_ID === this.id) {
                         log.info("monitor", res.data);
                     }
@@ -549,8 +578,12 @@ class Monitor extends BeanModel {
                         let data = res.data;
 
                         // convert data to object
-                        if (typeof data === "string") {
-                            data = JSON.parse(data);
+                        if (typeof data === "string" && res.headers["content-type"] !== "application/json") {
+                            try {
+                                data = JSON.parse(data);
+                            } catch (_) {
+                                // Failed to parse as JSON, just process it as a string
+                            }
                         }
 
                         let expression = jsonata(this.jsonPath);
@@ -662,6 +695,7 @@ class Monitor extends BeanModel {
                         httpsAgent: CacheableDnsHttpAgent.getHttpsAgent({
                             maxCachedSessions: 0,      // Use Custom agent to disable session reuse (https://github.com/nodejs/node/issues/3940)
                             rejectUnauthorized: !this.getIgnoreTls(),
+                            secureOptions: crypto.constants.SSL_OP_LEGACY_SERVER_CONNECT,
                         }),
                         httpAgent: CacheableDnsHttpAgent.getHttpAgent({
                             maxCachedSessions: 0,
@@ -704,8 +738,6 @@ class Monitor extends BeanModel {
                 } else if (this.type === "docker") {
                     log.debug("monitor", `[${this.name}] Prepare Options for Axios`);
 
-                    const dockerHost = await R.load("docker_host", this.docker_host);
-
                     const options = {
                         url: `/containers/${this.docker_container}/json`,
                         timeout: this.interval * 1000 * 0.8,
@@ -716,12 +748,19 @@ class Monitor extends BeanModel {
                         httpsAgent: CacheableDnsHttpAgent.getHttpsAgent({
                             maxCachedSessions: 0,      // Use Custom agent to disable session reuse (https://github.com/nodejs/node/issues/3940)
                             rejectUnauthorized: !this.getIgnoreTls(),
+                            secureOptions: crypto.constants.SSL_OP_LEGACY_SERVER_CONNECT,
                         }),
                         httpAgent: CacheableDnsHttpAgent.getHttpAgent({
                             maxCachedSessions: 0,
                         }),
                     };
 
+                    const dockerHost = await R.load("docker_host", this.docker_host);
+
+                    if (!dockerHost) {
+                        throw new Error("Failed to load docker host config");
+                    }
+
                     if (dockerHost._dockerType === "socket") {
                         options.socketPath = dockerHost._dockerDaemon;
                     } else if (dockerHost._dockerType === "tcp") {
@@ -756,7 +795,7 @@ class Monitor extends BeanModel {
                 } else if (this.type === "sqlserver") {
                     let startTime = dayjs().valueOf();
 
-                    await mssqlQuery(this.databaseConnectionString, this.databaseQuery);
+                    await mssqlQuery(this.databaseConnectionString, this.databaseQuery || "SELECT 1");
 
                     bean.msg = "";
                     bean.status = UP;
@@ -795,7 +834,7 @@ class Monitor extends BeanModel {
                 } else if (this.type === "postgres") {
                     let startTime = dayjs().valueOf();
 
-                    await postgresQuery(this.databaseConnectionString, this.databaseQuery);
+                    await postgresQuery(this.databaseConnectionString, this.databaseQuery || "SELECT 1");
 
                     bean.msg = "";
                     bean.status = UP;
@@ -803,7 +842,11 @@ class Monitor extends BeanModel {
                 } else if (this.type === "mysql") {
                     let startTime = dayjs().valueOf();
 
-                    bean.msg = await mysqlQuery(this.databaseConnectionString, this.databaseQuery);
+                    // Use `radius_password` as `password` field, since there are too many unnecessary fields
+                    // TODO: rename `radius_password` to `password` later for general use
+                    let mysqlPassword = this.radiusPassword;
+
+                    bean.msg = await mysqlQuery(this.databaseConnectionString, this.databaseQuery || "SELECT 1", mysqlPassword);
                     bean.status = UP;
                     bean.ping = dayjs().valueOf() - startTime;
                 } else if (this.type === "mongodb") {
@@ -891,7 +934,11 @@ class Monitor extends BeanModel {
 
             } catch (error) {
 
-                bean.msg = error.message;
+                if (error?.name === "CanceledError") {
+                    bean.msg = `timeout by AbortSignal (${this.timeout}s)`;
+                } else {
+                    bean.msg = error.message;
+                }
 
                 // If UP come in here, it must be upside down mode
                 // Just reset the retries
@@ -1424,7 +1471,10 @@ class Monitor extends BeanModel {
                     let certInfo = tlsInfoObject.certInfo;
                     while (certInfo) {
                         let subjectCN = certInfo.subject["CN"];
-                        if (certInfo.daysRemaining > targetDays) {
+                        if (rootCertificates.has(certInfo.fingerprint256)) {
+                            log.debug("monitor", `Known root cert: ${certInfo.certType} certificate "${subjectCN}" (${certInfo.daysRemaining} days valid) on ${targetDays} deadline.`);
+                            break;
+                        } else if (certInfo.daysRemaining > targetDays) {
                             log.debug("monitor", `No need to send cert notification for ${certInfo.certType} certificate "${subjectCN}" (${certInfo.daysRemaining} days valid) on ${targetDays} deadline.`);
                         } else {
                             log.debug("monitor", `call sendCertNotificationByTargetDays for ${targetDays} deadline on certificate ${subjectCN}.`);
@@ -1632,6 +1682,21 @@ class Monitor extends BeanModel {
         const parentActive = await Monitor.isParentActive(parent.id);
         return parent.active && parentActive;
     }
+
+    /**
+     * Store TLS certificate information and check for expiry
+     * @param {Object} tlsInfo Information about the TLS connection
+     * @returns {Promise<void>}
+     */
+    async handleTlsInfo(tlsInfo) {
+        await this.updateTlsInfo(tlsInfo);
+        this.prometheus?.update(null, tlsInfo);
+
+        if (!this.getIgnoreTls() && this.isEnabledExpiryNotification()) {
+            log.debug("monitor", `[${this.name}] call checkCertExpiryNotifications`);
+            await this.checkCertExpiryNotifications(tlsInfo);
+        }
+    }
 }
 
 module.exports = Monitor;

server/model/user.js

@@ -1,6 +1,8 @@
 const { BeanModel } = require("redbean-node/dist/bean-model");
 const passwordHash = require("../password-hash");
 const { R } = require("redbean-node");
+const jwt = require("jsonwebtoken");
+const { shake256, SHAKE256_LENGTH } = require("../util-server");
 
 class User extends BeanModel {
     /**
@@ -27,6 +29,19 @@ class User extends BeanModel {
         this.password = newPassword;
     }
 
+    /**
+     * Create a new JWT for a user
+     * @param {User} user
+     * @param {string} jwtSecret
+     * @return {string}
+     */
+    static createJWT(user, jwtSecret) {
+        return jwt.sign({
+            username: user.username,
+            h: shake256(user.password, SHAKE256_LENGTH),
+        }, jwtSecret);
+    }
+
 }
 
 module.exports = User;

server/monitor-types/real-browser-monitor-type.js

@@ -9,6 +9,10 @@ const Database = require("../database");
 const jwt = require("jsonwebtoken");
 const config = require("../config");
 
+/**
+ * Cached instance of a browser
+ * @type {import ("playwright-core").Browser}
+ */
 let browser = null;
 
 let allowedList = [];
@@ -40,6 +44,7 @@ if (process.platform === "win32") {
         "/usr/bin/chromium",
         "/usr/bin/chromium-browser",
         "/usr/bin/google-chrome",
+        "/snap/bin/chromium",           // Ubuntu
     ];
 } else if (process.platform === "darwin") {
     // TODO: Generated by GitHub Copilot, but not sure if it's correct
@@ -61,8 +66,15 @@ async function isAllowedChromeExecutable(executablePath) {
     return allowedList.includes(executablePath);
 }
 
+/**
+ * Get the current instance of the browser. If there isn't one, create
+ * it.
+ * @returns {Promise<import ("playwright-core").Browser>} The browser
+ */
 async function getBrowser() {
-    if (!browser) {
+    if (browser && browser.isConnected()) {
+        return browser;
+    } else {
         let executablePath = await Settings.get("chromeExecutable");
 
         executablePath = await prepareChromeExecutable(executablePath);
@@ -71,8 +83,9 @@ async function getBrowser() {
             //headless: false,
             executablePath,
         });
+
+        return browser;
     }
-    return browser;
 }
 
 async function prepareChromeExecutable(executablePath) {
@@ -180,6 +193,14 @@ class RealBrowserMonitorType extends MonitorType {
         const context = await browser.newContext();
         const page = await context.newPage();
 
+        // Prevent Local File Inclusion
+        // Accept only http:// and https://
+        // https://github.com/louislam/uptime-kuma/security/advisories/GHSA-2qgm-m29m-cj2h
+        let url = new URL(monitor.url);
+        if (url.protocol !== "http:" && url.protocol !== "https:") {
+            throw new Error("Invalid url protocol, only http and https are allowed.");
+        }
+
         const res = await page.goto(monitor.url, {
             waitUntil: "networkidle",
             timeout: monitor.interval * 1000 * 0.8,

server/monitor-types/tailscale-ping.js

@@ -1,6 +1,6 @@
 const { MonitorType } = require("./monitor-type");
-const { UP, log } = require("../../src/util");
-const exec = require("child_process").exec;
+const { UP } = require("../../src/util");
+const childProcessAsync = require("promisify-child-process");
 
 /**
  * A TailscalePing class extends the MonitorType.
@@ -23,7 +23,6 @@ class TailscalePing extends MonitorType {
             let tailscaleOutput = await this.runTailscalePing(monitor.hostname, monitor.interval);
             this.parseTailscaleOutput(tailscaleOutput, heartbeat);
         } catch (err) {
-            log.debug("Tailscale", err);
             // trigger log function somewhere to display a notification or alert to the user (but how?)
             throw new Error(`Error checking Tailscale ping: ${err}`);
         }
@@ -33,30 +32,24 @@ class TailscalePing extends MonitorType {
      * Runs the Tailscale ping command to the given URL.
      *
      * @param {string} hostname - The hostname to ping.
+     * @param {number} interval
      * @returns {Promise<string>} - A Promise that resolves to the output of the Tailscale ping command
      * @throws Will throw an error if the command execution encounters any error.
      */
     async runTailscalePing(hostname, interval) {
-        let cmd = `tailscale ping ${hostname}`;
-
-        log.debug("Tailscale", cmd);
-
-        return new Promise((resolve, reject) => {
-            let timeout = interval * 1000 * 0.8;
-            exec(cmd, { timeout: timeout }, (error, stdout, stderr) => {
-                // we may need to handle more cases if tailscale reports an error that isn't necessarily an error (such as not-logged in or DERP health-related issues)
-                if (error) {
-                    reject(`Execution error: ${error.message}`);
-                    return;
-                }
-                if (stderr) {
-                    reject(`Error in output: ${stderr}`);
-                    return;
-                }
-
-                resolve(stdout);
-            });
+        let timeout = interval * 1000 * 0.8;
+        let res = await childProcessAsync.spawn("tailscale", [ "ping", "--c", "1", hostname ], {
+            timeout: timeout,
+            encoding: "utf8",
         });
+        if (res.stderr && res.stderr.toString()) {
+            throw new Error(`Error in output: ${res.stderr.toString()}`);
+        }
+        if (res.stdout && res.stdout.toString()) {
+            return res.stdout.toString();
+        } else {
+            throw new Error("No output from Tailscale ping");
+        }
     }
 
     /**
@@ -74,7 +67,7 @@ class TailscalePing extends MonitorType {
                 heartbeat.status = UP;
                 let time = line.split(" in ")[1].split(" ")[0];
                 heartbeat.ping = parseInt(time);
-                heartbeat.msg = line;
+                heartbeat.msg = "OK";
                 break;
             } else if (line.includes("timed out")) {
                 throw new Error(`Ping timed out: "${line}"`);

server/notification-providers/apprise.js

@@ -1,5 +1,5 @@
 const NotificationProvider = require("./notification-provider");
-const childProcess = require("child_process");
+const childProcessAsync = require("promisify-child-process");
 
 class Apprise extends NotificationProvider {
 
@@ -11,7 +11,9 @@ class Apprise extends NotificationProvider {
             args.push("-t");
             args.push(notification.title);
         }
-        const s = childProcess.spawnSync("apprise", args);
+        const s = await childProcessAsync.spawn("apprise", args, {
+            encoding: "utf8",
+        });
 
         const output = (s.stdout) ? s.stdout.toString() : "ERROR: maybe apprise not found";
 

server/notification-providers/dingding.js

@@ -18,7 +18,7 @@ class DingDing extends NotificationProvider {
                         text: `## [${this.statusToString(heartbeatJSON["status"])}] ${monitorJSON["name"]} \n> ${heartbeatJSON["msg"]}\n> Time (${heartbeatJSON["timezone"]}): ${heartbeatJSON["localDateTime"]}`,
                     }
                 };
-                if (this.sendToDingDing(notification, params)) {
+                if (await this.sendToDingDing(notification, params)) {
                     return okMsg;
                 }
             } else {
@@ -28,7 +28,7 @@ class DingDing extends NotificationProvider {
                         content: msg
                     }
                 };
-                if (this.sendToDingDing(notification, params)) {
+                if (await this.sendToDingDing(notification, params)) {
                     return okMsg;
                 }
             }
@@ -59,7 +59,7 @@ class DingDing extends NotificationProvider {
         if (result.data.errmsg === "ok") {
             return true;
         }
-        return false;
+        throw new Error(result.data.errmsg);
     }
 
     /**

server/prometheus.js

@@ -79,23 +79,25 @@ class Prometheus {
             }
         }
 
-        try {
-            monitorStatus.set(this.monitorLabelValues, heartbeat.status);
-        } catch (e) {
-            log.error("prometheus", "Caught error");
-            log.error("prometheus", e);
-        }
-
-        try {
-            if (typeof heartbeat.ping === "number") {
-                monitorResponseTime.set(this.monitorLabelValues, heartbeat.ping);
-            } else {
-                // Is it good?
-                monitorResponseTime.set(this.monitorLabelValues, -1);
+        if (heartbeat) {
+            try {
+                monitorStatus.set(this.monitorLabelValues, heartbeat.status);
+            } catch (e) {
+                log.error("prometheus", "Caught error");
+                log.error("prometheus", e);
+            }
+
+            try {
+                if (typeof heartbeat.ping === "number") {
+                    monitorResponseTime.set(this.monitorLabelValues, heartbeat.ping);
+                } else {
+                    // Is it good?
+                    monitorResponseTime.set(this.monitorLabelValues, -1);
+                }
+            } catch (e) {
+                log.error("prometheus", "Caught error");
+                log.error("prometheus", e);
             }
-        } catch (e) {
-            log.error("prometheus", "Caught error");
-            log.error("prometheus", e);
         }
     }
 

server/routers/api-router.js

@@ -1,15 +1,21 @@
 let express = require("express");
-const { allowDevAllOrigin, allowAllOrigin, percentageToColor, filterAndJoin, sendHttpError } = require("../util-server");
+const {
+    setting,
+    allowDevAllOrigin,
+    allowAllOrigin,
+    percentageToColor,
+    filterAndJoin,
+    sendHttpError,
+} = require("../util-server");
 const { R } = require("redbean-node");
 const apicache = require("../modules/apicache");
 const Monitor = require("../model/monitor");
 const dayjs = require("dayjs");
-const { UP, MAINTENANCE, DOWN, PENDING, flipStatus, log } = require("../../src/util");
+const { UP, MAINTENANCE, DOWN, PENDING, flipStatus, log, badgeConstants } = require("../../src/util");
 const StatusPage = require("../model/status_page");
 const { UptimeKumaServer } = require("../uptime-kuma-server");
 const { UptimeCacheList } = require("../uptime-cache-list");
 const { makeBadge } = require("badge-maker");
-const { badgeConstants } = require("../config");
 const { Prometheus } = require("../prometheus");
 
 let router = express.Router();
@@ -22,10 +28,14 @@ router.get("/api/entry-page", async (request, response) => {
     allowDevAllOrigin(response);
 
     let result = { };
+    let hostname = request.hostname;
+    if ((await setting("trustProxy")) && request.headers["x-forwarded-host"]) {
+        hostname = request.headers["x-forwarded-host"];
+    }
 
-    if (request.hostname in StatusPage.domainMappingList) {
+    if (hostname in StatusPage.domainMappingList) {
         result.type = "statusPageMatchedDomain";
-        result.statusPageSlug = StatusPage.domainMappingList[request.hostname];
+        result.statusPageSlug = StatusPage.domainMappingList[hostname];
     } else {
         result.type = "entryPage";
         result.entryPage = server.entryPage;
@@ -38,7 +48,7 @@ router.get("/api/push/:pushToken", async (request, response) => {
 
         let pushToken = request.params.pushToken;
         let msg = request.query.msg || "OK";
-        let ping = parseInt(request.query.ping) || null;
+        let ping = parseFloat(request.query.ping) || null;
         let statusString = request.query.status || "up";
         let status = (statusString === "up") ? UP : DOWN;
 

server/routers/status-page-router.js

@@ -5,7 +5,7 @@ const StatusPage = require("../model/status_page");
 const { allowDevAllOrigin, sendHttpError } = require("../util-server");
 const { R } = require("redbean-node");
 const Monitor = require("../model/monitor");
-const { badgeConstants } = require("../config");
+const { badgeConstants } = require("../../src/util");
 const { makeBadge } = require("badge-maker");
 
 let router = express.Router();

server/server.js

@@ -48,9 +48,17 @@ if (! process.env.NODE_ENV) {
     process.env.NODE_ENV = "production";
 }
 
+if (!process.env.UPTIME_KUMA_WS_ORIGIN_CHECK) {
+    process.env.UPTIME_KUMA_WS_ORIGIN_CHECK = "cors-like";
+}
+
 log.info("server", "Node Env: " + process.env.NODE_ENV);
 log.info("server", "Inside Container: " + (process.env.UPTIME_KUMA_IS_CONTAINER === "1"));
 
+if (process.env.UPTIME_KUMA_WS_ORIGIN_CHECK === "bypass") {
+    log.warn("server", "WebSocket Origin Check: " + process.env.UPTIME_KUMA_WS_ORIGIN_CHECK);
+}
+
 log.info("server", "Importing Node libraries");
 const fs = require("fs");
 
@@ -76,15 +84,18 @@ const notp = require("notp");
 const base32 = require("thirty-two");
 
 const { UptimeKumaServer } = require("./uptime-kuma-server");
-const server = UptimeKumaServer.getInstance(args);
+const server = UptimeKumaServer.getInstance();
 const io = module.exports.io = server.io;
 const app = server.app;
 
 log.info("server", "Importing this project modules");
 log.debug("server", "Importing Monitor");
 const Monitor = require("./model/monitor");
+const User = require("./model/user");
+
 log.debug("server", "Importing Settings");
-const { getSettings, setSettings, setting, initJWTSecret, checkLogin, startUnitTest, FBSD, doubleCheckPassword, startE2eTests } = require("./util-server");
+const { getSettings, setSettings, setting, initJWTSecret, checkLogin, startUnitTest, doubleCheckPassword, startE2eTests, shake256, SHAKE256_LENGTH
+} = require("./util-server");
 
 log.debug("server", "Importing Notification");
 const { Notification } = require("./notification");
@@ -107,19 +118,13 @@ const passwordHash = require("./password-hash");
 const checkVersion = require("./check-version");
 log.info("server", "Version: " + checkVersion.version);
 
-// If host is omitted, the server will accept connections on the unspecified IPv6 address (::) when IPv6 is available and the unspecified IPv4 address (0.0.0.0) otherwise.
-// Dual-stack support for (::)
-// Also read HOST if not FreeBSD, as HOST is a system environment variable in FreeBSD
-let hostEnv = FBSD ? null : process.env.HOST;
-let hostname = args.host || process.env.UPTIME_KUMA_HOST || hostEnv;
+const hostname = config.hostname;
 
 if (hostname) {
     log.info("server", "Custom hostname: " + hostname);
 }
 
-const port = [ args.port, process.env.UPTIME_KUMA_PORT, process.env.PORT, 3001 ]
-    .map(portValue => parseInt(portValue))
-    .find(portValue => !isNaN(portValue));
+const port = config.port;
 
 const disableFrameSameOrigin = !!process.env.UPTIME_KUMA_DISABLE_FRAME_SAMEORIGIN || args["disable-frame-sameorigin"] || false;
 const cloudflaredToken = args["cloudflared-token"] || process.env.UPTIME_KUMA_CLOUDFLARED_TOKEN || undefined;
@@ -297,6 +302,11 @@ let needSetup = false;
                 ]);
 
                 if (user) {
+                    // Check if the password changed
+                    if (decoded.h !== shake256(user.password, SHAKE256_LENGTH)) {
+                        throw new Error("The token is invalid due to password change or old token");
+                    }
+
                     log.debug("auth", "afterLogin");
                     afterLogin(socket, user);
                     log.debug("auth", "afterLogin ok");
@@ -316,9 +326,10 @@ let needSetup = false;
                     });
                 }
             } catch (error) {
-
                 log.error("auth", `Invalid token. IP=${clientIP}`);
-
+                if (error.message) {
+                    log.error("auth", error.message, `IP=${clientIP}`);
+                }
                 callback({
                     ok: false,
                     msg: "Invalid token.",
@@ -357,9 +368,7 @@ let needSetup = false;
 
                     callback({
                         ok: true,
-                        token: jwt.sign({
-                            username: data.username,
-                        }, server.jwtSecret),
+                        token: User.createJWT(user, server.jwtSecret),
                     });
                 }
 
@@ -387,9 +396,7 @@ let needSetup = false;
 
                         callback({
                             ok: true,
-                            token: jwt.sign({
-                                username: data.username,
-                            }, server.jwtSecret),
+                            token: User.createJWT(user, server.jwtSecret),
                         });
                     } else {
 
@@ -784,6 +791,9 @@ let needSetup = false;
                 bean.kafkaProducerAllowAutoTopicCreation = monitor.kafkaProducerAllowAutoTopicCreation;
                 bean.kafkaProducerSaslOptions = JSON.stringify(monitor.kafkaProducerSaslOptions);
                 bean.kafkaProducerMessage = monitor.kafkaProducerMessage;
+                bean.kafkaProducerSsl = monitor.kafkaProducerSsl;
+                bean.kafkaProducerAllowAutoTopicCreation =
+                    monitor.kafkaProducerAllowAutoTopicCreation;
                 bean.gamedigGivenPortOnly = monitor.gamedigGivenPortOnly;
 
                 bean.validate();
@@ -1144,6 +1154,8 @@ let needSetup = false;
                 let user = await doubleCheckPassword(socket, password.currentPassword);
                 await user.resetPassword(password.newPassword);
 
+                server.disconnectAllSocketClients(user.id, socket.id);
+
                 callback({
                     ok: true,
                     msg: "Password has been updated successfully.",
@@ -1193,6 +1205,12 @@ let needSetup = false;
                     await doubleCheckPassword(socket, currentPassword);
                 }
 
+                // Log out all clients if enabling auth
+                // GHSA-23q2-5gf8-gjpp
+                if (currentDisabledAuth && !data.disableAuth) {
+                    server.disconnectAllSocketClients(socket.userID, socket.id);
+                }
+
                 const previousChromeExecutable = await Settings.get("chromeExecutable");
                 const previousNSCDStatus = await Settings.get("nscd");
 
@@ -1215,9 +1233,9 @@ let needSetup = false;
                 // Update nscd status
                 if (previousNSCDStatus !== data.nscd) {
                     if (data.nscd) {
-                        server.startNSCDServices();
+                        await server.startNSCDServices();
                     } else {
-                        server.stopNSCDServices();
+                        await server.stopNSCDServices();
                     }
                 }
 
@@ -1824,6 +1842,7 @@ async function pauseMonitor(userID, monitorID) {
 
     if (monitorID in server.monitorList) {
         server.monitorList[monitorID].stop();
+        server.monitorList[monitorID].active = 0;
     }
 }
 
@@ -1882,8 +1901,10 @@ gracefulShutdown(server.httpServer, {
 });
 
 // Catch unexpected errors here
-process.addListener("unhandledRejection", (error, promise) => {
+let unexpectedErrorHandler = (error, promise) => {
     console.trace(error);
     UptimeKumaServer.errorLog(error, false);
     console.error("If you keep encountering errors, please report to https://github.com/louislam/uptime-kuma/issues");
-});
+};
+process.addListener("unhandledRejection", unexpectedErrorHandler);
+process.addListener("uncaughtException", unexpectedErrorHandler);

server/socket-handlers/general-socket-handler.js

@@ -42,24 +42,50 @@ module.exports.generalSocketHandler = (socket, server) => {
     });
 
     socket.on("getGameList", async (callback) => {
-        callback({
-            ok: true,
-            gameList: getGameList(),
-        });
-    });
-
-    socket.on("testChrome", (executable, callback) => {
-        // Just noticed that await call could block the whole socket.io server!!! Use pure promise instead.
-        testChrome(executable).then((version) => {
+        try {
+            checkLogin(socket);
             callback({
                 ok: true,
-                msg: "Found Chromium/Chrome. Version: " + version,
+                gameList: getGameList(),
             });
-        }).catch((e) => {
+        } catch (e) {
             callback({
                 ok: false,
                 msg: e.message,
             });
-        });
+        }
+    });
+
+    socket.on("testChrome", (executable, callback) => {
+        try {
+            checkLogin(socket);
+            // Just noticed that await call could block the whole socket.io server!!! Use pure promise instead.
+            testChrome(executable).then((version) => {
+                callback({
+                    ok: true,
+                    msg: "Found Chromium/Chrome. Version: " + version,
+                });
+            }).catch((e) => {
+                callback({
+                    ok: false,
+                    msg: e.message,
+                });
+            });
+        } catch (e) {
+            callback({
+                ok: false,
+                msg: e.message,
+            });
+        }
+    });
+
+    // Disconnect all other socket clients of the user
+    socket.on("disconnectOtherSocketClients", async () => {
+        try {
+            checkLogin(socket);
+            server.disconnectAllSocketClients(socket.userID, socket.id);
+        } catch (e) {
+            log.warn("disconnectAllSocketClients", e.message);
+        }
     });
 };

server/socket-handlers/status-page-socket-handler.js

@@ -147,7 +147,7 @@ module.exports.statusPageSocketHandler = (socket) => {
                 config.logo = `/upload/${filename}?t=` + Date.now();
 
             } else {
-                config.icon = imgDataUrl;
+                config.logo = imgDataUrl;
             }
 
             statusPage.slug = config.slug;

server/uptime-kuma-server.js

@@ -4,14 +4,15 @@ const fs = require("fs");
 const http = require("http");
 const { Server } = require("socket.io");
 const { R } = require("redbean-node");
-const { log } = require("../src/util");
+const { log, isDev } = require("../src/util");
 const Database = require("./database");
 const util = require("util");
 const { CacheableDnsHttpAgent } = require("./cacheable-dns-http-agent");
 const { Settings } = require("./settings");
 const dayjs = require("dayjs");
-const childProcess = require("child_process");
+const childProcessAsync = require("promisify-child-process");
 const path = require("path");
+const { isSSL, sslKey, sslCert, sslKeyPassphrase } = require("./config");
 // DO NOT IMPORT HERE IF THE MODULES USED `UptimeKumaServer.getInstance()`, put at the bottom of this file instead.
 
 /**
@@ -62,22 +63,17 @@ class UptimeKumaServer {
      */
     jwtSecret = null;
 
-    static getInstance(args) {
+    static getInstance() {
         if (UptimeKumaServer.instance == null) {
-            UptimeKumaServer.instance = new UptimeKumaServer(args);
+            UptimeKumaServer.instance = new UptimeKumaServer();
         }
         return UptimeKumaServer.instance;
     }
 
-    constructor(args) {
-        // SSL
-        const sslKey = args["ssl-key"] || process.env.UPTIME_KUMA_SSL_KEY || process.env.SSL_KEY || undefined;
-        const sslCert = args["ssl-cert"] || process.env.UPTIME_KUMA_SSL_CERT || process.env.SSL_CERT || undefined;
-        const sslKeyPassphrase = args["ssl-key-passphrase"] || process.env.UPTIME_KUMA_SSL_KEY_PASSPHRASE || process.env.SSL_KEY_PASSPHRASE || undefined;
-
+    constructor() {
         log.info("server", "Creating express and socket.io instance");
         this.app = express();
-        if (sslKey && sslCert) {
+        if (isSSL) {
             log.info("server", "Server Type: HTTPS");
             this.httpServer = https.createServer({
                 key: fs.readFileSync(sslKey),
@@ -103,7 +99,66 @@ class UptimeKumaServer {
         UptimeKumaServer.monitorTypeList["real-browser"] = new RealBrowserMonitorType();
         UptimeKumaServer.monitorTypeList["tailscale-ping"] = new TailscalePing();
 
-        this.io = new Server(this.httpServer);
+        // Allow all CORS origins (polling) in development
+        let cors = undefined;
+        if (isDev) {
+            cors = {
+                origin: "*",
+            };
+        }
+
+        this.io = new Server(this.httpServer, {
+            cors,
+            allowRequest: async (req, callback) => {
+                let transport;
+                // It should be always true, but just in case, because this property is not documented
+                if (req._query) {
+                    transport = req._query.transport;
+                } else {
+                    log.error("socket", "Ops!!! Cannot get transport type, assume that it is polling");
+                    transport = "polling";
+                }
+
+                const clientIP = await this.getClientIPwithProxy(req.connection.remoteAddress, req.headers);
+                log.info("socket", `New ${transport} connection, IP = ${clientIP}`);
+
+                // The following check is only for websocket connections, polling connections are already protected by CORS
+                if (transport === "polling") {
+                    callback(null, true);
+                } else if (transport === "websocket") {
+                    const bypass = process.env.UPTIME_KUMA_WS_ORIGIN_CHECK === "bypass";
+                    if (bypass) {
+                        log.info("auth", "WebSocket origin check is bypassed");
+                        callback(null, true);
+                    } else if (!req.headers.origin) {
+                        log.info("auth", "WebSocket with no origin is allowed");
+                        callback(null, true);
+                    } else {
+                        let host = req.headers.host;
+                        let origin = req.headers.origin;
+
+                        try {
+                            let originURL = new URL(origin);
+                            let xForwardedFor;
+                            if (await Settings.get("trustProxy")) {
+                                xForwardedFor = req.headers["x-forwarded-for"];
+                            }
+
+                            if (host !== originURL.host && xForwardedFor !== originURL.host) {
+                                callback(null, false);
+                                log.error("auth", `Origin (${origin}) does not match host (${host}), IP: ${clientIP}`);
+                            } else {
+                                callback(null, true);
+                            }
+                        } catch (e) {
+                            // Invalid origin url, probably not from browser
+                            callback(null, false);
+                            log.error("auth", `Invalid origin url (${origin}), IP: ${clientIP}`);
+                        }
+                    }
+                }
+            }
+        });
     }
 
     /** Initialise app after the database has been set up */
@@ -238,20 +293,28 @@ class UptimeKumaServer {
     /**
      * Get the IP of the client connected to the socket
      * @param {Socket} socket
-     * @returns {string}
+     * @returns {Promise<string>}
      */
-    async getClientIP(socket) {
-        let clientIP = socket.client.conn.remoteAddress;
+    getClientIP(socket) {
+        return this.getClientIPwithProxy(socket.client.conn.remoteAddress, socket.client.conn.request.headers);
+    }
 
+    /**
+     *
+     * @param {string} clientIP
+     * @param {IncomingHttpHeaders} headers
+     * @returns {Promise<string>}
+     */
+    async getClientIPwithProxy(clientIP, headers) {
         if (clientIP === undefined) {
             clientIP = "";
         }
 
         if (await Settings.get("trustProxy")) {
-            const forwardedFor = socket.client.conn.request.headers["x-forwarded-for"];
+            const forwardedFor = headers["x-forwarded-for"];
 
             return (typeof forwardedFor === "string" ? forwardedFor.split(",")[0].trim() : null)
-                || socket.client.conn.request.headers["x-real-ip"]
+                || headers["x-real-ip"]
                 || clientIP.replace(/^::ffff:/, "");
         } else {
             return clientIP.replace(/^::ffff:/, "");
@@ -344,7 +407,7 @@ class UptimeKumaServer {
         let enable = await Settings.get("nscd");
 
         if (enable || enable === null) {
-            this.startNSCDServices();
+            await this.startNSCDServices();
         }
     }
 
@@ -356,7 +419,7 @@ class UptimeKumaServer {
         let enable = await Settings.get("nscd");
 
         if (enable || enable === null) {
-            this.stopNSCDServices();
+            await this.stopNSCDServices();
         }
     }
 
@@ -364,11 +427,11 @@ class UptimeKumaServer {
      * Start all system services (e.g. nscd)
      * For now, only used in Docker
      */
-    startNSCDServices() {
+    async startNSCDServices() {
         if (process.env.UPTIME_KUMA_IS_CONTAINER) {
             try {
                 log.info("services", "Starting nscd");
-                childProcess.execSync("sudo service nscd start", { stdio: "pipe" });
+                await childProcessAsync.exec("sudo service nscd start");
             } catch (e) {
                 log.info("services", "Failed to start nscd");
             }
@@ -378,16 +441,35 @@ class UptimeKumaServer {
     /**
      * Stop all system services
      */
-    stopNSCDServices() {
+    async stopNSCDServices() {
         if (process.env.UPTIME_KUMA_IS_CONTAINER) {
             try {
                 log.info("services", "Stopping nscd");
-                childProcess.execSync("sudo service nscd stop");
+                await childProcessAsync.exec("sudo service nscd stop");
             } catch (e) {
                 log.info("services", "Failed to stop nscd");
             }
         }
     }
+
+    /**
+     * Force connected sockets of a user to refresh and disconnect.
+     * Used for resetting password.
+     * @param {string} userID
+     * @param {string?} currentSocketID
+     */
+    disconnectAllSocketClients(userID, currentSocketID = undefined) {
+        for (const socket of this.io.sockets.sockets.values()) {
+            if (socket.userID === userID && socket.id !== currentSocketID) {
+                try {
+                    socket.emit("refresh");
+                    socket.disconnect();
+                } catch (e) {
+
+                }
+            }
+        }
+    }
 }
 
 module.exports = {

server/util-server.js

@@ -1,7 +1,7 @@
 const tcpp = require("tcp-ping");
 const ping = require("@louislam/ping");
 const { R } = require("redbean-node");
-const { log, genSecret } = require("../src/util");
+const { log, genSecret, badgeConstants } = require("../src/util");
 const passwordHash = require("./password-hash");
 const { Resolver } = require("dns");
 const childProcess = require("child_process");
@@ -9,7 +9,6 @@ const iconv = require("iconv-lite");
 const chardet = require("chardet");
 const mqtt = require("mqtt");
 const chroma = require("chroma-js");
-const { badgeConstants } = require("./config");
 const mssql = require("mssql");
 const { Client } = require("pg");
 const postgresConParse = require("pg-connection-string").parse;
@@ -22,6 +21,7 @@ const protojs = require("protobufjs");
 const radiusClient = require("node-radius-client");
 const redis = require("redis");
 const oidc = require("openid-client");
+const tls = require("tls");
 
 const {
     dictionaries: {
@@ -33,6 +33,7 @@ const dayjs = require("dayjs");
 // SASLOptions used in JSDoc
 // eslint-disable-next-line no-unused-vars
 const { Kafka, SASLOptions } = require("kafkajs");
+const crypto = require("crypto");
 
 const isWindows = process.platform === /^win/.test(process.platform);
 /**
@@ -286,22 +287,22 @@ exports.kafkaProducerAsync = function (brokers, topic, message, options = {}, sa
 
         producer.connect().then(
             () => {
-                try {
-                    producer.send({
-                        topic: topic,
-                        messages: [{
-                            value: message,
-                        }],
-                    });
-                    connectedToKafka = true;
-                    clearTimeout(timeoutID);
+                producer.send({
+                    topic: topic,
+                    messages: [{
+                        value: message,
+                    }],
+                }).then((_) => {
                     resolve("Message sent successfully");
-                } catch (e) {
+                }).catch((e) => {
                     connectedToKafka = true;
                     producer.disconnect();
                     clearTimeout(timeoutID);
                     reject(new Error("Error sending message: " + e.message));
-                }
+                }).finally(() => {
+                    connectedToKafka = true;
+                    clearTimeout(timeoutID);
+                });
             }
         ).catch(
             (e) => {
@@ -313,8 +314,10 @@ exports.kafkaProducerAsync = function (brokers, topic, message, options = {}, sa
         );
 
         producer.on("producer.network.request_timeout", (_) => {
-            clearTimeout(timeoutID);
-            reject(new Error("producer.network.request_timeout"));
+            if (!connectedToKafka) {
+                clearTimeout(timeoutID);
+                reject(new Error("producer.network.request_timeout"));
+            }
         });
 
         producer.on("producer.disconnect", (_) => {
@@ -392,6 +395,9 @@ exports.mssqlQuery = async function (connectionString, query) {
     try {
         pool = new mssql.ConnectionPool(connectionString);
         await pool.connect();
+        if (!query) {
+            query = "SELECT 1";
+        }
         await pool.request().query(query);
         pool.close();
     } catch (e) {
@@ -412,12 +418,22 @@ exports.postgresQuery = function (connectionString, query) {
     return new Promise((resolve, reject) => {
         const config = postgresConParse(connectionString);
 
-        if (config.password === "") {
-            // See https://github.com/brianc/node-postgres/issues/1927
-            return reject(new Error("Password is undefined."));
+        // Fix #3868, which true/false is not parsed to boolean
+        if (typeof config.ssl === "string") {
+            config.ssl = config.ssl === "true";
         }
 
-        const client = new Client({ connectionString });
+        if (config.password === "") {
+            // See https://github.com/brianc/node-postgres/issues/1927
+            reject(new Error("Password is undefined."));
+            return;
+        }
+        const client = new Client(config);
+
+        client.on("error", (error) => {
+            log.debug("postgres", "Error caught in the error event handler.");
+            reject(error);
+        });
 
         client.connect((err) => {
             if (err) {
@@ -441,6 +457,7 @@ exports.postgresQuery = function (connectionString, query) {
                     });
                 } catch (e) {
                     reject(e);
+                    client.end();
                 }
             }
         });
@@ -452,11 +469,15 @@ exports.postgresQuery = function (connectionString, query) {
  * Run a query on MySQL/MariaDB
  * @param {string} connectionString The database connection string
  * @param {string} query The query to validate the database with
+ * @param {?string} password The password to use
  * @returns {Promise<(string)>}
  */
-exports.mysqlQuery = function (connectionString, query) {
+exports.mysqlQuery = function (connectionString, query, password = undefined) {
     return new Promise((resolve, reject) => {
-        const connection = mysql.createConnection(connectionString);
+        const connection = mysql.createConnection({
+            uri: connectionString,
+            password
+        });
 
         connection.on("error", (err) => {
             reject(err);
@@ -695,20 +716,27 @@ const parseCertificateInfo = function (info) {
 
 /**
  * Check if certificate is valid
- * @param {Object} res Response object from axios
+ * @param {tls.TLSSocket} socket TLSSocket, which may or may not be connected
  * @returns {Object} Object containing certificate information
  */
-exports.checkCertificate = function (res) {
-    if (!res.request.res.socket) {
-        throw new Error("No socket found");
+exports.checkCertificate = function (socket) {
+    let certInfoStartTime = dayjs().valueOf();
+
+    // Return null if there is no socket
+    if (socket === undefined || socket == null) {
+        return null;
     }
 
-    const info = res.request.res.socket.getPeerCertificate(true);
-    const valid = res.request.res.socket.authorized || false;
+    const info = socket.getPeerCertificate(true);
+    const valid = socket.authorized || false;
 
     log.debug("cert", "Parsing Certificate Info");
     const parsedInfo = parseCertificateInfo(info);
 
+    if (process.env.TIMELOGGER === "1") {
+        log.debug("monitor", "Cert Info Query Time: " + (dayjs().valueOf() - certInfoStartTime) + "ms");
+    }
+
     return {
         valid: valid,
         certInfo: parsedInfo
@@ -1053,6 +1081,47 @@ module.exports.grpcQuery = async (options) => {
     });
 };
 
+/**
+ * Returns an array of SHA256 fingerprints for all known root certificates.
+ * @returns {Set} A set of SHA256 fingerprints.
+ */
+module.exports.rootCertificatesFingerprints = () => {
+    let fingerprints = tls.rootCertificates.map(cert => {
+        let certLines = cert.split("\n");
+        certLines.shift();
+        certLines.pop();
+        let certBody = certLines.join("");
+        let buf = Buffer.from(certBody, "base64");
+
+        const shasum = crypto.createHash("sha256");
+        shasum.update(buf);
+
+        return shasum.digest("hex").toUpperCase().replace(/(.{2})(?!$)/g, "$1:");
+    });
+
+    fingerprints.push("6D:99:FB:26:5E:B1:C5:B3:74:47:65:FC:BC:64:8F:3C:D8:E1:BF:FA:FD:C4:C2:F9:9B:9D:47:CF:7F:F1:C2:4F"); // ISRG X1 cross-signed with DST X3
+    fingerprints.push("8B:05:B6:8C:C6:59:E5:ED:0F:CB:38:F2:C9:42:FB:FD:20:0E:6F:2F:F9:F8:5D:63:C6:99:4E:F5:E0:B0:27:01"); // ISRG X2 cross-signed with ISRG X1
+
+    return new Set(fingerprints);
+};
+
+module.exports.SHAKE256_LENGTH = 16;
+
+/**
+ *
+ * @param {string} data
+ * @param {number} len
+ * @return {string}
+ */
+module.exports.shake256 = (data, len) => {
+    if (!data) {
+        return "";
+    }
+    return crypto.createHash("shake256", { outputLength: len })
+        .update(data)
+        .digest("hex");
+};
+
 // For unit test, export functions
 if (process.env.TEST_BACKEND) {
     module.exports.__test = {
@@ -1062,3 +1131,29 @@ if (process.env.TEST_BACKEND) {
         return module.exports.__test[functionName];
     };
 }
+
+/**
+ * Generates an abort signal with the specified timeout.
+ * @param {number} timeoutMs - The timeout in milliseconds.
+ * @returns {AbortSignal | null} - The generated abort signal, or null if not supported.
+ */
+module.exports.axiosAbortSignal = (timeoutMs) => {
+    try {
+        // Just in case, as 0 timeout here will cause the request to be aborted immediately
+        if (!timeoutMs || timeoutMs <= 0) {
+            timeoutMs = 5000;
+        }
+        return AbortSignal.timeout(timeoutMs);
+    } catch (_) {
+        // v16-: AbortSignal.timeout is not supported
+        try {
+            const abortController = new AbortController();
+            setTimeout(() => abortController.abort(), timeoutMs);
+
+            return abortController.signal;
+        } catch (_) {
+            // v15-: AbortController is not supported
+            return null;
+        }
+    }
+};

src/components/ActionInput.vue

@@ -8,9 +8,9 @@
             :placeholder="placeholder"
             :disabled="!enabled"
         >
-        <a class="btn btn-outline-primary" @click="action()">
+        <button type="button" class="btn btn-outline-primary" :aria-label="actionAriaLabel" @click="action()">
             <font-awesome-icon :icon="icon" />
-        </a>
+        </button>
     </div>
 </template>
 
@@ -66,6 +66,13 @@ export default {
         action: {
             type: Function,
             default: () => {},
+        },
+        /**
+         * The aria-label of the action button
+         */
+        actionAriaLabel: {
+            type: String,
+            required: true,
         }
     },
     emits: [ "update:modelValue" ],

src/components/ActionSelect.vue

@@ -1,11 +1,11 @@
 <template>
     <div class="input-group mb-3">
-        <select ref="select" v-model="model" class="form-select" :disabled="disabled">
-            <option v-for="option in options" :key="option" :value="option.value">{{ option.label }}</option>
+        <select :id="id" ref="select" v-model="model" class="form-select" :disabled="disabled" :required="required">
+            <option v-for="option in options" :key="option" :value="option.value" :disabled="option.disabled">{{ option.label }}</option>
         </select>
-        <a class="btn btn-outline-primary" @click="action()">
-            <font-awesome-icon :icon="icon" />
-        </a>
+        <button type="button" class="btn btn-outline-primary" :class="{ disabled: actionDisabled }" :aria-label="actionAriaLabel" @click="action()">
+            <font-awesome-icon :icon="icon" aria-hidden="true" />
+        </button>
     </div>
 </template>
 
@@ -20,6 +20,13 @@ export default {
             type: Array,
             default: () => [],
         },
+        /**
+         * The id of the form which will be targeted by a <label for=..
+         */
+        id: {
+            type: String,
+            required: true,
+        },
         /**
          * The value of the select field.
          */
@@ -50,6 +57,29 @@ export default {
         action: {
             type: Function,
             default: () => {},
+        },
+        /**
+         * The aria-label of the action button
+         */
+        actionAriaLabel: {
+            type: String,
+            required: true,
+        },
+        /**
+         * Whether the action button is disabled.
+         * @example true
+         */
+        actionDisabled: {
+            type: Boolean,
+            default: false
+        },
+        /**
+         * Whether the select field is required.
+         * @example true
+         */
+        required: {
+            type: Boolean,
+            default: false,
         }
     },
     emits: [ "update:modelValue" ],

src/components/BadgeGeneratorDialog.vue

@@ -135,7 +135,7 @@
 <script lang="ts">
 import { Modal } from "bootstrap";
 import CopyableInput from "./CopyableInput.vue";
-import { default as serverConfig } from "../../server/config.js";
+import { badgeConstants } from "../util.ts";
 
 export default {
     components: {
@@ -230,7 +230,7 @@ export default {
                     "labelColor",
                 ],
             },
-            badgeConstants: serverConfig.badgeConstants,
+            badgeConstants,
         };
     },
 

src/components/DockerHostDialog.vue

@@ -70,7 +70,7 @@ export default {
         Confirm,
     },
     props: {},
-    emits: [ "added" ],
+    emits: [ "added", "deleted" ],
     data() {
         return {
             modal: null,
@@ -167,6 +167,7 @@ export default {
                 this.processing = false;
 
                 if (res.ok) {
+                    this.$emit("deleted", this.id);
                     this.modal.hide();
                 }
             });

src/components/MaintenanceTime.vue

@@ -29,10 +29,10 @@ export default {
     },
     computed: {
         startDateTime() {
-            return dayjs(this.maintenance.timeslotList[0].startDate).tz(this.maintenance.timezone).format(SQL_DATETIME_FORMAT_WITHOUT_SECOND);
+            return dayjs(this.maintenance.timeslotList[0].startDate).tz(this.maintenance.timezone, true).format(SQL_DATETIME_FORMAT_WITHOUT_SECOND);
         },
         endDateTime() {
-            return dayjs(this.maintenance.timeslotList[0].endDate).tz(this.maintenance.timezone).format(SQL_DATETIME_FORMAT_WITHOUT_SECOND);
+            return dayjs(this.maintenance.timeslotList[0].endDate).tz(this.maintenance.timezone, true).format(SQL_DATETIME_FORMAT_WITHOUT_SECOND);
         }
     },
 };

src/components/MonitorList.vue

@@ -16,7 +16,10 @@
                     </a>
                     <form>
                         <input
-                            v-model="searchText" class="form-control search-input" :placeholder="$t('Search...')"
+                            v-model="searchText"
+                            class="form-control search-input"
+                            :placeholder="$t('Search...')"
+                            :aria-label="$t('Search monitored sites')"
                             autocomplete="off"
                         />
                     </form>

src/components/notifications/Ntfy.vue

@@ -13,6 +13,15 @@
     <div class="mb-3">
         <label for="ntfy-priority" class="form-label">{{ $t("Priority") }}</label>
         <input id="ntfy-priority" v-model="$parent.notification.ntfyPriority" type="number" class="form-control" required min="1" max="5" step="1">
+        <div class="form-text">
+            <p v-if="$parent.notification.ntfyPriority >= 5">
+                {{ $t("ntfyPriorityHelptextAllEvents") }}
+            </p>
+            <i18n-t v-else tag="p" keypath="ntfyPriorityHelptextAllExceptDown">
+                <code>DOWN</code>
+                <code>{{ $parent.notification.ntfyPriority + 1 }}</code>
+            </i18n-t>
+        </div>
     </div>
     <div class="mb-3">
         <label for="authentication-method" class="form-label">{{ $t("ntfyAuthenticationMethod") }}</label>

src/components/notifications/SMTP.vue

@@ -5,6 +5,14 @@
             <input id="hostname" v-model="$parent.notification.smtpHost" type="text" class="form-control" required>
         </div>
 
+        <i18n-t tag="div" keypath="Either enter the hostname of the server you want to connect to or localhost if you intend to use a locally configured mail transfer agent" class="form-text">
+            <template #localhost>
+                <code>localhost</code>
+            </template>
+            <template #local_mta>
+                <a href="https://wikipedia.org/wiki/Mail_Transfer_Agent" target="_blank">{{ $t("locally configured mail transfer agent") }}</a>
+            </template>
+        </i18n-t>
         <div class="mb-3">
             <label for="port" class="form-label">{{ $t("Port") }}</label>
             <input id="port" v-model="$parent.notification.smtpPort" type="number" class="form-control" required min="0" max="65535" step="1">

src/components/settings/APIKeys.vue

@@ -1,53 +1,63 @@
 <template>
     <div>
-        <div class="add-btn">
-            <button class="btn btn-primary me-2" type="button" @click="$refs.apiKeyDialog.show()">
-                <font-awesome-icon icon="plus" /> {{ $t("Add API Key") }}
-            </button>
+        <div
+            v-if="settings.disableAuth"
+            class="mt-5 d-flex align-items-center justify-content-center my-3"
+        >
+            {{ $t("apiKeysDisabledMsg") }}
         </div>
+        <div v-else>
+            <div class="add-btn">
+                <button class="btn btn-primary me-2" type="button" @click="$refs.apiKeyDialog.show()">
+                    <font-awesome-icon icon="plus" /> {{ $t("Add API Key") }}
+                </button>
+            </div>
 
-        <div>
-            <span v-if="Object.keys(keyList).length === 0" class="d-flex align-items-center justify-content-center my-3">
-                {{ $t("No API Keys") }}
-            </span>
+            <div>
+                <span
+                    v-if="Object.keys(keyList).length === 0"
+                    class="d-flex align-items-center justify-content-center my-3"
+                >
+                    {{ $t("No API Keys") }}
+                </span>
 
-            <div
-                v-for="(item, index) in keyList"
-                :key="index"
-                class="item"
-                :class="item.status"
-            >
-                <div class="left-part">
-                    <div
-                        class="circle"
-                    ></div>
-                    <div class="info">
-                        <div class="title">{{ item.name }}</div>
-                        <div class="status">
-                            {{ $t("apiKey-" + item.status) }}
-                        </div>
-                        <div class="date">
-                            {{ $t("Created") }}: {{ item.createdDate }}
-                        </div>
-                        <div class="date">
-                            {{ $t("Expires") }}: {{ item.expires || $t("Never") }}
+                <div
+                    v-for="(item, index) in keyList"
+                    :key="index"
+                    class="item"
+                    :class="item.status"
+                >
+                    <div class="left-part">
+                        <div class="circle"></div>
+                        <div class="info">
+                            <div class="title">{{ item.name }}</div>
+                            <div class="status">
+                                {{ $t("apiKey-" + item.status) }}
+                            </div>
+                            <div class="date">
+                                {{ $t("Created") }}: {{ item.createdDate }}
+                            </div>
+                            <div class="date">
+                                {{ $t("Expires") }}:
+                                {{ item.expires || $t("Never") }}
+                            </div>
                         </div>
                     </div>
-                </div>
 
-                <div class="buttons">
-                    <div class="btn-group" role="group">
-                        <button v-if="item.active" class="btn btn-normal" @click="disableDialog(item.id)">
-                            <font-awesome-icon icon="pause" /> {{ $t("Disable") }}
-                        </button>
+                    <div class="buttons">
+                        <div class="btn-group" role="group">
+                            <button v-if="item.active" class="btn btn-normal" @click="disableDialog(item.id)">
+                                <font-awesome-icon icon="pause" /> {{ $t("Disable") }}
+                            </button>
 
-                        <button v-if="!item.active" class="btn btn-primary" @click="enableKey(item.id)">
-                            <font-awesome-icon icon="play" /> {{ $t("Enable") }}
-                        </button>
+                            <button v-if="!item.active" class="btn btn-primary" @click="enableKey(item.id)">
+                                <font-awesome-icon icon="play" /> {{ $t("Enable") }}
+                            </button>
 
-                        <button class="btn btn-danger" @click="deleteDialog(item.id)">
-                            <font-awesome-icon icon="trash" /> {{ $t("Delete") }}
-                        </button>
+                            <button class="btn btn-danger" @click="deleteDialog(item.id)">
+                                <font-awesome-icon icon="trash" /> {{ $t("Delete") }}
+                            </button>
+                        </div>
                     </div>
                 </div>
             </div>
@@ -90,6 +100,9 @@ export default {
             let result = Object.values(this.$root.apiKeyList);
             return result;
         },
+        settings() {
+            return this.$parent.$parent.$parent.settings;
+        },
     },
 
     methods: {
@@ -127,9 +140,11 @@ export default {
          * Pause maintenance
          */
         disableKey() {
-            this.$root.getSocket().emit("disableAPIKey", this.selectedKeyID, (res) => {
-                this.$root.toastRes(res);
-            });
+            this.$root
+                .getSocket()
+                .emit("disableAPIKey", this.selectedKeyID, (res) => {
+                    this.$root.toastRes(res);
+                });
         },
 
         /**
@@ -145,113 +160,113 @@ export default {
 </script>
 
 <style lang="scss" scoped>
-    @import "../../assets/vars.scss";
-
-    .mobile {
-        .item {
-            flex-direction: column;
-            align-items: flex-start;
-            margin-bottom: 20px;
-        }
-    }
-
-    .add-btn {
-        padding-top: 20px;
-        padding-bottom: 20px;
-    }
+@import "../../assets/vars.scss";
 
+.mobile {
     .item {
-        display: flex;
-        align-items: center;
-        gap: 10px;
-        text-decoration: none;
-        border-radius: 10px;
-        transition: all ease-in-out 0.15s;
-        justify-content: space-between;
-        padding: 10px;
-        min-height: 90px;
-        margin-bottom: 5px;
+        flex-direction: column;
+        align-items: flex-start;
+        margin-bottom: 20px;
+    }
+}
 
-        &:hover {
-            background-color: $highlight-white;
+.add-btn {
+    padding-top: 20px;
+    padding-bottom: 20px;
+}
+
+.item {
+    display: flex;
+    align-items: center;
+    gap: 10px;
+    text-decoration: none;
+    border-radius: 10px;
+    transition: all ease-in-out 0.15s;
+    justify-content: space-between;
+    padding: 10px;
+    min-height: 90px;
+    margin-bottom: 5px;
+
+    &:hover {
+        background-color: $highlight-white;
+    }
+
+    &.active {
+        .circle {
+            background-color: $primary;
         }
+    }
 
-        &.active {
-            .circle {
-                background-color: $primary;
-            }
-        }
-
-        &.inactive {
-            .circle {
-                background-color: $danger;
-            }
-        }
-
-        &.expired {
-            .left-part {
-                opacity: 0.3;
-            }
-
-            .circle {
-                background-color: $dark-font-color;
-            }
+    &.inactive {
+        .circle {
+            background-color: $danger;
         }
+    }
 
+    &.expired {
         .left-part {
-            display: flex;
-            gap: 12px;
-            align-items: center;
-
-            .circle {
-                width: 25px;
-                height: 25px;
-                border-radius: 50rem;
-            }
-
-            .info {
-                .title {
-                    font-weight: bold;
-                    font-size: 20px;
-                }
-
-                .status {
-                    font-size: 14px;
-                }
-            }
+            opacity: 0.3;
         }
 
-        .buttons {
-            display: flex;
-            gap: 8px;
-            flex-direction: row-reverse;
+        .circle {
+            background-color: $dark-font-color;
+        }
+    }
 
-            .btn-group {
-                width: 310px;
+    .left-part {
+        display: flex;
+        gap: 12px;
+        align-items: center;
+
+        .circle {
+            width: 25px;
+            height: 25px;
+            border-radius: 50rem;
+        }
+
+        .info {
+            .title {
+                font-weight: bold;
+                font-size: 20px;
+            }
+
+            .status {
+                font-size: 14px;
             }
         }
     }
 
-    .date {
-        margin-top: 5px;
-        display: block;
-        font-size: 14px;
-        background-color: rgba(255, 255, 255, 0.5);
-        border-radius: 20px;
-        padding: 0 10px;
-        width: fit-content;
+    .buttons {
+        display: flex;
+        gap: 8px;
+        flex-direction: row-reverse;
 
-        .dark & {
-            color: white;
-            background-color: rgba(255, 255, 255, 0.1);
+        .btn-group {
+            width: 310px;
         }
     }
+}
 
-    .dark {
-        .item {
-            &:hover {
-                background-color: $dark-bg2;
-            }
+.date {
+    margin-top: 5px;
+    display: block;
+    font-size: 14px;
+    background-color: rgba(255, 255, 255, 0.5);
+    border-radius: 20px;
+    padding: 0 10px;
+    width: fit-content;
+
+    .dark & {
+        color: white;
+        background-color: rgba(255, 255, 255, 0.1);
+    }
+}
+
+.dark {
+    .item {
+        &:hover {
+            background-color: $dark-bg2;
         }
     }
+}
 </style>

src/components/settings/Notifications.vue

@@ -27,13 +27,13 @@
             <div class="mt-1 mb-3 ps-2 cert-exp-days col-12 col-xl-6">
                 <div v-for="day in settings.tlsExpiryNotifyDays" :key="day" class="d-flex align-items-center justify-content-between cert-exp-day-row py-2">
                     <span>{{ day }} {{ $tc("day", day) }}</span>
-                    <button type="button" class="btn-rm-expiry btn btn-outline-danger ms-2 py-1" @click="removeExpiryNotifDay(day)">
-                        <font-awesome-icon class="" icon="times" />
+                    <button type="button" class="btn-rm-expiry btn btn-outline-danger ms-2 py-1" :aria-label="$t('Remove the expiry notification')" @click="removeExpiryNotifDay(day)">
+                        <font-awesome-icon icon="times" />
                     </button>
                 </div>
             </div>
             <div class="col-12 col-xl-6">
-                <ActionInput v-model="expiryNotifInput" :type="'number'" :placeholder="$t('day')" :icon="'plus'" :action="() => addExpiryNotifDay(expiryNotifInput)" />
+                <ActionInput v-model="expiryNotifInput" :type="'number'" :placeholder="$t('day')" :icon="'plus'" :action="() => addExpiryNotifDay(expiryNotifInput)" :action-aria-label="$t('Add a new expiry notification day')" />
             </div>
             <div>
                 <button class="btn btn-primary" type="button" @click="saveSettings()">

src/i18n.js

@@ -57,10 +57,29 @@ for (let lang in languageList) {
 
 const rtlLangs = [ "fa", "ar-SY", "ur" ];
 
-export const currentLocale = () => localStorage.locale
-    || languageList[navigator.language] && navigator.language
-    || languageList[navigator.language.substring(0, 2)] && navigator.language.substring(0, 2)
-    || "en";
+/**
+ * Find the best matching locale to display
+ * If no locale can be matched, the default is "en"
+ * @returns {string} the locale that should be displayed
+ */
+export function currentLocale() {
+    for (const locale of [ localStorage.locale, navigator.language, ...navigator.languages ]) {
+        // localstorage might not have a value or there might not be a language in `navigator.language`
+        if (!locale) {
+            continue;
+        }
+        if (locale in messages) {
+            return locale;
+        }
+        // some locales are further specified such as "en-US".
+        // If we only have a generic locale for this, we can use it too
+        const genericLocale = locale.split("-")[0];
+        if (genericLocale in messages) {
+            return genericLocale;
+        }
+    }
+    return "en";
+}
 
 export const localeDirection = () => {
     return rtlLangs.includes(currentLocale()) ? "rtl" : "ltr";

src/lang/en.json

@@ -57,6 +57,8 @@
     "Friendly Name": "Friendly Name",
     "URL": "URL",
     "Hostname": "Hostname",
+    "locally configured mail transfer agent": "locally configured mail transfer agent",
+    "Either enter the hostname of the server you want to connect to or localhost if you intend to use a locally configured mail transfer agent": "Either enter the hostname of the server you want to connect to or {localhost} if you intend to use a {local_mta}",
     "Port": "Port",
     "Heartbeat Interval": "Heartbeat Interval",
     "Request Timeout": "Request Timeout",
@@ -183,6 +185,7 @@
     "Pink": "Pink",
     "Custom": "Custom",
     "Search...": "Search…",
+    "Search monitored sites": "Search monitored sites",
     "Avg. Ping": "Avg. Ping",
     "Avg. Response": "Avg. Response",
     "Entry Page": "Entry Page",
@@ -334,6 +337,8 @@
     "Fingerprint:": "Fingerprint:",
     "No status pages": "No status pages",
     "Domain Name Expiry Notification": "Domain Name Expiry Notification",
+    "Add a new expiry notification day": "Add a new expiry notification day",
+    "Remove the expiry notification": "Remove the expiry notification day",
     "Proxy": "Proxy",
     "Date Created": "Date Created",
     "Footer Text": "Footer Text",
@@ -369,6 +374,8 @@
     "Setup Docker Host": "Setup Docker Host",
     "Connection Type": "Connection Type",
     "Docker Daemon": "Docker Daemon",
+    "noDockerHostMsg": "Not Available. Setup a Docker Host First.",
+    "DockerHostRequired": "Please set the Docker Host for this monitor.",
     "deleteDockerHostMsg": "Are you sure want to delete this docker host for all monitors?",
     "socket": "Socket",
     "tcp": "TCP / HTTP",
@@ -654,6 +661,10 @@
     "Notify Channel": "Notify Channel",
     "aboutNotifyChannel": "Notify channel will trigger a desktop or mobile notification for all members of the channel, whether their availability is set to active or away.",
     "Uptime Kuma URL": "Uptime Kuma URL",
+    "setup a new monitor group": "setup a new monitor group",
+    "openModalTo": "open modal to {0}",
+    "Add a domain": "Add a domain",
+    "Remove domain": "Remove domain '{0}'",
     "Icon Emoji": "Icon Emoji",
     "signalImportant": "IMPORTANT: You cannot mix groups and numbers in recipients!",
     "aboutWebhooks": "More info about Webhooks on: {0}",
@@ -747,6 +758,8 @@
     "lunaseaDeviceID": "Device ID",
     "lunaseaUserID": "User ID",
     "ntfyAuthenticationMethod": "Authentication Method",
+    "ntfyPriorityHelptextAllEvents": "All events are send with the maximum priority",
+    "ntfyPriorityHelptextAllExceptDown": "All events are send with this priority, except {0}-events, which have a priority of {1}",
     "ntfyUsernameAndPassword": "Username and Password",
     "twilioAccountSID": "Account SID",
     "twilioApiKey": "Api Key (optional)",
@@ -807,5 +820,6 @@
     "showCertificateExpiry": "Show Certificate Expiry",
     "noOrBadCertificate": "No/Bad Certificate",
     "gamedigGuessPort": "Gamedig: Guess Port",
-    "gamedigGuessPortDescription": "The port used by Valve Server Query Protocol may be different from the client port. Try this if the monitor cannot connect to your server."
+    "gamedigGuessPortDescription": "The port used by Valve Server Query Protocol may be different from the client port. Try this if the monitor cannot connect to your server.",
+    "apiKeysDisabledMsg": "API keys are disabled because authentication is disabled."
 }

src/mixins/socket.js

@@ -91,21 +91,20 @@ export default {
 
             this.socket.initedSocketIO = true;
 
-            let protocol = (location.protocol === "https:") ? "wss://" : "ws://";
+            let protocol = location.protocol + "//";
 
-            let wsHost;
+            let url;
             const env = process.env.NODE_ENV || "production";
             if (env === "development" && isDevContainer()) {
-                wsHost = protocol + getDevContainerServerHostname();
+                url = protocol + getDevContainerServerHostname();
             } else if (env === "development" || localStorage.dev === "dev") {
-                wsHost = protocol + location.hostname + ":3001";
+                url = protocol + location.hostname + ":3001";
             } else {
-                wsHost = protocol + location.host;
+                // Connect to the current url
+                url = undefined;
             }
 
-            socket = io(wsHost, {
-                transports: [ "websocket" ],
-            });
+            socket = io(url);
 
             socket.on("info", (info) => {
                 this.info = info;
@@ -288,6 +287,10 @@ export default {
             socket.on("initServerTimezone", () => {
                 socket.emit("initServerTimezone", dayjs.tz.guess());
             });
+
+            socket.on("refresh", () => {
+                location.reload();
+            });
         },
 
         /**

src/pages/EditMonitor.vue

@@ -285,22 +285,19 @@
                             <!-- Docker Host -->
                             <!-- For Docker Type -->
                             <div v-if="monitor.type === 'docker'" class="my-3">
-                                <h2 class="mb-2">{{ $t("Docker Host") }}</h2>
-                                <p v-if="$root.dockerHostList.length === 0">
-                                    {{ $t("Not available, please setup.") }}
-                                </p>
-
-                                <div v-else class="mb-3">
+                                <div class="mb-3">
                                     <label for="docker-host" class="form-label">{{ $t("Docker Host") }}</label>
-                                    <select id="docket-host" v-model="monitor.docker_host" class="form-select">
-                                        <option v-for="host in $root.dockerHostList" :key="host.id" :value="host.id">{{ host.name }}</option>
-                                    </select>
-                                    <a href="#" @click="$refs.dockerHostDialog.show(monitor.docker_host)">{{ $t("Edit") }}</a>
+                                    <ActionSelect
+                                        id="docker-host"
+                                        v-model="monitor.docker_host"
+                                        :action-aria-label="$t('openModalTo', $t('Setup Docker Host'))"
+                                        :options="dockerHostOptionsList"
+                                        :disabled="$root.dockerHostList == null || $root.dockerHostList.length === 0"
+                                        :icon="'plus'"
+                                        :action="() => $refs.dockerHostDialog.show()"
+                                        :required="true"
+                                    />
                                 </div>
-
-                                <button class="btn btn-primary me-2" type="button" @click="$refs.dockerHostDialog.show()">
-                                    {{ $t("Setup Docker Host") }}
-                                </button>
                             </div>
 
                             <!-- MQTT -->
@@ -370,11 +367,20 @@
                                     <input id="connectionString" v-model="monitor.databaseConnectionString" type="text" class="form-control" required>
                                 </div>
                             </template>
+
+                            <template v-if="monitor.type === 'mysql'">
+                                <div class="my-3">
+                                    <label for="mysql-password" class="form-label">{{ $t("Password") }}</label>
+                                    <!-- TODO: Rename monitor.radiusPassword to monitor.password for general use -->
+                                    <HiddenInput id="mysql-password" v-model="monitor.radiusPassword" autocomplete="false"></HiddenInput>
+                                </div>
+                            </template>
+
                             <!-- SQL Server / PostgreSQL / MySQL -->
                             <template v-if="monitor.type === 'sqlserver' || monitor.type === 'postgres' || monitor.type === 'mysql'">
                                 <div class="my-3">
                                     <label for="sqlQuery" class="form-label">{{ $t("Query") }}</label>
-                                    <textarea id="sqlQuery" v-model="monitor.databaseQuery" class="form-control" :placeholder="$t('Example:', [ 'select getdate()' ])" required></textarea>
+                                    <textarea id="sqlQuery" v-model="monitor.databaseQuery" class="form-control" :placeholder="$t('Example:', [ 'SELECT 1' ])"></textarea>
                                 </div>
                             </template>
 
@@ -494,9 +500,11 @@
 
                             <!-- Parent Monitor -->
                             <div class="my-3">
-                                <label for="parent" class="form-label">{{ $t("Monitor Group") }}</label>
+                                <label for="monitorGroupSelector" class="form-label">{{ $t("Monitor Group") }}</label>
                                 <ActionSelect
+                                    id="monitorGroupSelector"
                                     v-model="monitor.parent"
+                                    :action-aria-label="$t('openModalTo', 'setup a new monitor group')"
                                     :options="parentMonitorOptionsList"
                                     :disabled="sortedGroupMonitorList.length === 0 && draftGroupName == null"
                                     :icon="'plus'"
@@ -840,9 +848,9 @@ import NotificationDialog from "../components/NotificationDialog.vue";
 import DockerHostDialog from "../components/DockerHostDialog.vue";
 import ProxyDialog from "../components/ProxyDialog.vue";
 import TagsManager from "../components/TagsManager.vue";
-import { genSecret, isDev, MAX_INTERVAL_SECOND, MIN_INTERVAL_SECOND } from "../util.ts";
+import { genSecret, isDev, MAX_INTERVAL_SECOND, MIN_INTERVAL_SECOND, sleep } from "../util.ts";
 import { hostNameRegexPattern } from "../util-frontend";
-import { sleep } from "../util";
+import HiddenInput from "../components/HiddenInput.vue";
 
 const toast = useToast();
 
@@ -855,7 +863,7 @@ const monitorDefaults = {
     interval: 60,
     retryInterval: 60,
     resendInterval: 0,
-    maxretries: 1,
+    maxretries: 0,
     timeout: 48,
     notificationIDList: {},
     ignoreTls: false,
@@ -880,11 +888,14 @@ const monitorDefaults = {
     kafkaProducerSaslOptions: {
         mechanism: "None",
     },
+    kafkaProducerSsl: false,
+    kafkaProducerAllowAutoTopicCreation: false,
     gamedigGivenPortOnly: true,
 };
 
 export default {
     components: {
+        HiddenInput,
         ActionSelect,
         ProxyDialog,
         CopyableInput,
@@ -1106,6 +1117,21 @@ message HealthCheckResponse {
             return list;
         },
 
+        dockerHostOptionsList() {
+            if (this.$root.dockerHostList && this.$root.dockerHostList.length > 0) {
+                return this.$root.dockerHostList.map((host) => {
+                    return {
+                        label: host.name,
+                        value: host.id
+                    };
+                });
+            } else {
+                return [{
+                    label: this.$t("noDockerHostMsg"),
+                    value: null,
+                }];
+            }
+        }
     },
     watch: {
         "$root.proxyList"() {
@@ -1338,6 +1364,12 @@ message HealthCheckResponse {
                     return false;
                 }
             }
+            if (this.monitor.type === "docker") {
+                if (this.monitor.docker_host == null) {
+                    toast.error(this.$t("DockerHostRequired"));
+                    return false;
+                }
+            }
             return true;
         },
 

src/pages/StatusPage.vue

@@ -69,13 +69,17 @@
                 <div class="my-3">
                     <label class="form-label">
                         {{ $t("Domain Names") }}
-                        <font-awesome-icon icon="plus-circle" class="btn-add-domain action text-primary" @click="addDomainField" />
+                        <button class="p-0 bg-transparent border-0" :aria-label="$t('Add a domain')" @click="addDomainField">
+                            <font-awesome-icon icon="plus-circle" class="action text-primary" />
+                        </button>
                     </label>
 
                     <ul class="list-group domain-name-list">
                         <li v-for="(domain, index) in config.domainNameList" :key="index" class="list-group-item">
                             <input v-model="config.domainNameList[index]" type="text" class="no-bg domain-input" placeholder="example.com" />
-                            <font-awesome-icon icon="times" class="action remove ms-2 me-3 text-danger" @click="removeDomain(index)" />
+                            <button class="p-0 bg-transparent border-0" :aria-label="$t('Remove domain', [ domain ])" @click="removeDomain(index)">
+                                <font-awesome-icon icon="times" class="action remove ms-2 me-3 text-danger" />
+                            </button>
                         </li>
                     </ul>
                 </div>
@@ -438,7 +442,7 @@ export default {
             lastUpdateTime: dayjs(),
             updateCountdown: null,
             updateCountdownText: null,
-            loading: false,
+            loading: true,
         };
     },
     computed: {
@@ -698,6 +702,8 @@ export default {
             this.incident = res.data.incident;
             this.maintenanceList = res.data.maintenanceList;
             this.$root.publicGroupList = res.data.publicGroupList;
+
+            this.loading = false;
         }).catch( function (error) {
             if (error.response.status === 404) {
                 location.href = "/page-not-found";

src/util.js

@@ -6,9 +6,12 @@
 //
 // Backend uses the compiled file util.js
 // Frontend uses util.ts
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.localToUTC = exports.utcToLocal = exports.utcToISODateTime = exports.isoToUTCDateTime = exports.parseTimeFromTimeObject = exports.parseTimeObject = exports.getMaintenanceRelativeURL = exports.getMonitorRelativeURL = exports.genSecret = exports.getCryptoRandomInt = exports.getRandomInt = exports.getRandomArbitrary = exports.TimeLogger = exports.polyfill = exports.log = exports.debug = exports.ucfirst = exports.sleep = exports.flipStatus = exports.MIN_INTERVAL_SECOND = exports.MAX_INTERVAL_SECOND = exports.SQL_DATETIME_FORMAT_WITHOUT_SECOND = exports.SQL_DATETIME_FORMAT = exports.SQL_DATE_FORMAT = exports.STATUS_PAGE_MAINTENANCE = exports.STATUS_PAGE_PARTIAL_DOWN = exports.STATUS_PAGE_ALL_UP = exports.STATUS_PAGE_ALL_DOWN = exports.MAINTENANCE = exports.PENDING = exports.UP = exports.DOWN = exports.appName = exports.isDev = void 0;
-const dayjs = require("dayjs");
+exports.localToUTC = exports.utcToLocal = exports.utcToISODateTime = exports.isoToUTCDateTime = exports.parseTimeFromTimeObject = exports.parseTimeObject = exports.getMaintenanceRelativeURL = exports.getMonitorRelativeURL = exports.genSecret = exports.getCryptoRandomInt = exports.getRandomInt = exports.getRandomArbitrary = exports.TimeLogger = exports.polyfill = exports.log = exports.debug = exports.ucfirst = exports.sleep = exports.flipStatus = exports.badgeConstants = exports.MIN_INTERVAL_SECOND = exports.MAX_INTERVAL_SECOND = exports.SQL_DATETIME_FORMAT_WITHOUT_SECOND = exports.SQL_DATETIME_FORMAT = exports.SQL_DATE_FORMAT = exports.STATUS_PAGE_MAINTENANCE = exports.STATUS_PAGE_PARTIAL_DOWN = exports.STATUS_PAGE_ALL_UP = exports.STATUS_PAGE_ALL_DOWN = exports.MAINTENANCE = exports.PENDING = exports.UP = exports.DOWN = exports.appName = exports.isDev = void 0;
+const dayjs_1 = __importDefault(require("dayjs"));
 exports.isDev = process.env.NODE_ENV === "development";
 exports.appName = "Uptime Kuma";
 exports.DOWN = 0;
@@ -24,6 +27,25 @@ exports.SQL_DATETIME_FORMAT = "YYYY-MM-DD HH:mm:ss";
 exports.SQL_DATETIME_FORMAT_WITHOUT_SECOND = "YYYY-MM-DD HH:mm";
 exports.MAX_INTERVAL_SECOND = 2073600; // 24 days
 exports.MIN_INTERVAL_SECOND = 20; // 20 seconds
+exports.badgeConstants = {
+    naColor: "#999",
+    defaultUpColor: "#66c20a",
+    defaultWarnColor: "#eed202",
+    defaultDownColor: "#c2290a",
+    defaultPendingColor: "#f8a306",
+    defaultMaintenanceColor: "#1747f5",
+    defaultPingColor: "blue",
+    defaultStyle: "flat",
+    defaultPingValueSuffix: "ms",
+    defaultPingLabelSuffix: "h",
+    defaultUptimeValueSuffix: "%",
+    defaultUptimeLabelSuffix: "h",
+    defaultCertExpValueSuffix: " days",
+    defaultCertExpLabelSuffix: "h",
+    // Values Come From Default Notification Times
+    defaultCertExpireWarnDays: "14",
+    defaultCertExpireDownDays: "7"
+};
 /** Flip the status of s */
 function flipStatus(s) {
     if (s === exports.UP) {
@@ -101,17 +123,20 @@ class Logger {
      * @param level Log level. One of INFO, WARN, ERROR, DEBUG or can be customized.
      */
     log(module, msg, level) {
+        if (level === "DEBUG" && !exports.isDev) {
+            return;
+        }
         if (this.hideLog[level] && this.hideLog[level].includes(module.toLowerCase())) {
             return;
         }
         module = module.toUpperCase();
         level = level.toUpperCase();
         let now;
-        if (dayjs.tz) {
-            now = dayjs.tz(new Date()).format();
+        if (dayjs_1.default.tz) {
+            now = dayjs_1.default.tz(new Date()).format();
         }
         else {
-            now = dayjs().format();
+            now = (0, dayjs_1.default)().format();
         }
         const formattedMessage = (typeof msg === "string") ? `${now} [${module}] ${level}: ${msg}` : msg;
         if (level === "INFO") {
@@ -200,7 +225,7 @@ function polyfill() {
 exports.polyfill = polyfill;
 class TimeLogger {
     constructor() {
-        this.startTime = dayjs().valueOf();
+        this.startTime = (0, dayjs_1.default)().valueOf();
     }
     /**
      * Output time since start of monitor
@@ -208,7 +233,7 @@ class TimeLogger {
      */
     print(name) {
         if (exports.isDev && process.env.TIMELOGGER === "1") {
-            console.log(name + ": " + (dayjs().valueOf() - this.startTime) + "ms");
+            console.log(name + ": " + ((0, dayjs_1.default)().valueOf() - this.startTime) + "ms");
         }
     }
 }
@@ -372,21 +397,21 @@ exports.parseTimeFromTimeObject = parseTimeFromTimeObject;
  * @returns ISO Date time
  */
 function isoToUTCDateTime(input) {
-    return dayjs(input).utc().format(exports.SQL_DATETIME_FORMAT);
+    return (0, dayjs_1.default)(input).utc().format(exports.SQL_DATETIME_FORMAT);
 }
 exports.isoToUTCDateTime = isoToUTCDateTime;
 /**
  * @param input
  */
 function utcToISODateTime(input) {
-    return dayjs.utc(input).toISOString();
+    return dayjs_1.default.utc(input).toISOString();
 }
 exports.utcToISODateTime = utcToISODateTime;
 /**
  * For SQL_DATETIME_FORMAT
  */
 function utcToLocal(input, format = exports.SQL_DATETIME_FORMAT) {
-    return dayjs.utc(input).local().format(format);
+    return dayjs_1.default.utc(input).local().format(format);
 }
 exports.utcToLocal = utcToLocal;
 /**
@@ -396,6 +421,6 @@ exports.utcToLocal = utcToLocal;
  * @returns Date in requested format
  */
 function localToUTC(input, format = exports.SQL_DATETIME_FORMAT) {
-    return dayjs(input).utc().format(format);
+    return (0, dayjs_1.default)(input).utc().format(format);
 }
 exports.localToUTC = localToUTC;

src/util.ts

@@ -6,7 +6,7 @@
 // Backend uses the compiled file util.js
 // Frontend uses util.ts
 
-import * as dayjs  from "dayjs";
+import dayjs from "dayjs";
 import * as timezone from "dayjs/plugin/timezone";
 import * as utc from "dayjs/plugin/utc";
 
@@ -29,6 +29,26 @@ export const SQL_DATETIME_FORMAT_WITHOUT_SECOND = "YYYY-MM-DD HH:mm";
 export const MAX_INTERVAL_SECOND = 2073600; // 24 days
 export const MIN_INTERVAL_SECOND = 20; // 20 seconds
 
+export const badgeConstants = {
+    naColor: "#999",
+    defaultUpColor: "#66c20a",
+    defaultWarnColor: "#eed202",
+    defaultDownColor: "#c2290a",
+    defaultPendingColor: "#f8a306",
+    defaultMaintenanceColor: "#1747f5",
+    defaultPingColor: "blue",  // as defined by badge-maker / shields.io
+    defaultStyle: "flat",
+    defaultPingValueSuffix: "ms",
+    defaultPingLabelSuffix: "h",
+    defaultUptimeValueSuffix: "%",
+    defaultUptimeLabelSuffix: "h",
+    defaultCertExpValueSuffix: " days",
+    defaultCertExpLabelSuffix: "h",
+    // Values Come From Default Notification Times
+    defaultCertExpireWarnDays: "14",
+    defaultCertExpireDownDays: "7"
+};
+
 /** Flip the status of s */
 export function flipStatus(s: number) {
     if (s === UP) {
@@ -115,6 +135,10 @@ class Logger {
      * @param level Log level. One of INFO, WARN, ERROR, DEBUG or can be customized.
      */
     log(module: string, msg: any, level: string) {
+        if (level === "DEBUG" && !isDev) {
+            return;
+        }
+
         if (this.hideLog[level] && this.hideLog[level].includes(module.toLowerCase())) {
             return;
         }

test/cypress/unit/i18n.spec.js

@@ -3,42 +3,62 @@ import { currentLocale } from "../../../src/i18n";
 describe("Test i18n.js", () => {
 
     it("currentLocale()", () => {
-        const setLanguage = (language) => {
-            Object.defineProperty(window.navigator, 'language', { 
-                value: language, 
-                writable: true 
+        const setLanguages = (languages) => {
+            Object.defineProperty(navigator, 'language', {
+                value: languages[0],
+                writable: true
+            });
+            Object.defineProperty(navigator, 'languages', {
+                value: languages,
+                writable: true
             });
         }
-        setLanguage('en-EN');
 
+        setLanguages(['en-EN']);
         expect(currentLocale()).equal("en");
 
-        setLanguage('zh-HK');
+        setLanguages(['zh-HK']);
         expect(currentLocale()).equal("zh-HK");
 
         // Note that in Safari on iOS prior to 10.2, the country code returned is lowercase: "en-us", "fr-fr" etc.
         // https://developer.mozilla.org/en-US/docs/Web/API/Navigator/language
-        setLanguage('zh-hk');
+        setLanguages(['zh-hk']);
         expect(currentLocale()).equal("en");
 
-        setLanguage('en-US');
+        setLanguages(['en-US']);
         expect(currentLocale()).equal("en");
 
-        setLanguage('ja-ZZ');
+        setLanguages(['ja-ZZ']);
         expect(currentLocale()).equal("ja");
 
-        setLanguage('zz-ZZ');
+        setLanguages(['zz-ZZ']);
         expect(currentLocale()).equal("en");
 
-        setLanguage('zz-ZZ');
+        setLanguages(['zz-ZZ']);
         expect(currentLocale()).equal("en");
 
-        setLanguage('en');
-        localStorage.locale = "en";
+        setLanguages(['en-US', 'en', 'pl', 'ja']);
         expect(currentLocale()).equal("en");
 
-        localStorage.locale = "zh-HK";
-        expect(currentLocale()).equal("zh-HK");
+        setLanguages(['en-US', 'pl', 'ja']);
+        expect(currentLocale()).equal("en");
+
+        setLanguages(['abc', 'en-US', 'pl', 'ja']);
+        expect(currentLocale()).equal("en");
+
+        setLanguages(['fil-PH', 'pl']);
+        expect(currentLocale()).equal("pl");
+
+        setLanguages(['shi-Latn-MA', 'pl']);
+        expect(currentLocale()).equal("pl");
+
+        setLanguages(['pl']);
+        localStorage.locale = "ja-ZZ";
+        expect(currentLocale()).equal("ja");
+
+        setLanguages(['pl']);
+        localStorage.locale = "invalid-lang";
+        expect(currentLocale()).equal("pl");
     });
 
-});
+});

tsconfig.json

@@ -11,7 +11,8 @@
         "removeComments": false,
         "preserveConstEnums": true,
         "sourceMap": false,
-        "strict": true
+        "strict": true,
+        "esModuleInterop": true
     },
     "files": [
         "./src/util.ts"