remco/Atomcms-edit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0f0de43da5d09061deb88aee85330f80b938b07f
Atomcms-edit/README.md
T

337 lines
12 KiB
Markdown
Executable File
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# AtomCMS — Remco Epicnabbo Edition
[![Discord](https://img.shields.io/badge/Discord-Join%20Server-5865F2?style=for-the-badge&logo=discord&logoColor=white)](https://discord.gg/pP6HyZedAj)
[![Laravel](https://img.shields.io/badge/Laravel-13.x-FF2D20?style=for-the-badge&logo=laravel&logoColor=white)](https://laravel.com)
[![PHP](https://img.shields.io/badge/PHP-8.5+-777BB4?style=for-the-badge&logo=php&logoColor=white)](https://php.net)
[![License](https://img.shields.io/badge/License-MIT-green.svg?style=for-the-badge)](#)
A modern Habbo retro CMS powered by Laravel 13, Filament 5, React 19, and Nitro. Forked and maintained by Remco (Epicnabbo).
---
## What's New in V3
| Feature | Description |
|---------|-------------|
| **Commandocentrum** | Central admin dashboard with one-click Nitro V3 updater |
| **Nitro V3 Update System** | Auto-update emulator, Nitro client & renderer from the HK |
| **Configurable Paths** | 9 paths fully adjustable via HK UI (no SSH needed) |
| **Emulator Control** | Start, stop, restart & check status from the admin panel |
| **Live Monitoring** | Online users, emulator status, DB status, server load, diagnostics |
| **Hotel Alerts** | Send messages to all online users in real-time |
| **Emulator Log Viewer** | Live logs directly in the browser |
| **Clothing Sync** | Sync catalog clothing from FigureMap with one click |
| **Social Login** | OAuth login via Google, Discord & GitHub |
| **Notification Settings** | Email & Discord webhook alerts with rank filtering |
| **Staff Activity Log** | Full audit trail of all housekeeping actions |
| **Bulletproof Installation** | 12-step guide for Ubuntu 26.04 with Redis, SSL, firewall & PHP tuning |
| **PHP 8.5 + Ubuntu 26.04** | Fully compatible with the latest PHP and Ubuntu LTS |
| **Dual .env System** | Separate configs for Linux (Redis) and Windows (file-based) |
| **XAMPP Blocked** | Explicitly unsupported — we prioritise security |
---
## Quick Start
```bash
git clone https://your-gitea-server/remco/Atomcms-edit.git /var/www/atomcms
cd /var/www/atomcms
cp .env.example.linux .env
php artisan key:generate
# Edit .env with your DB credentials, then:
composer install --no-dev --optimize-autoloader
php artisan migrate --seed
yarn install && yarn build:all
```
> **Full installation guide** → `.env.install` or scroll down to [Installation](#installation-ubuntu-2604)
---
## Features
| Module | What it does |
|--------|-------------|
| **Commandocentrum** | Nitro V3 one-click updater, emulator start/stop/restart, hotel alerts, live monitoring, log viewer, clothing sync, social login (Google/Discord/GitHub) |
| **Radio** | DJ apps, live sessions, song requests, shoutbox, leaderboard, contests |
| **Shop** | Product catalog, virtual currency, vouchers, PayPal |
| **Community** | Articles, photo gallery, leaderboard, teams, rare values, badge lottery |
| **Users** | Public profiles, 2FA, referrals, session logs |
| **Help** | Ticket system, FAQ, rules |
| **Filament Admin** | Users, bans, radio, shop, articles, emulator settings/texts/catalog, chatlogs, word filters, permissions, navigation |
| **Themes** | Atom (light) & Dusk (dark) |
---
## Nitro V3 Update
One-click update from **Commandocentrum** → "Configureer Paths" → "Run Update".
**What it does:** `git pull` emulator → DB backup → SQL imports → Maven build → `git pull` Nitro_Render_V3 + Nitro-V3 → `yarn build` → sync Gamedata → cleanup → restart emulator.
**Configurable paths** (9 settings, stored in DB):
| Setting | Default |
|---------|---------|
| Emulator map | `/var/www/emulator` |
| Service naam | `emulator` |
| Database | `habbo` |
| SQL updates | `{emulator}/Database Updates` |
| Backups | `{emulator}/Database Updates/backups` |
| Gamedata | `/var/www/Gamedata/config` |
| Nitro client | `{nitro}/public/configuration` |
| Nitro-V3 bron | `/var/www/Nitro-V3` |
| Nitro Render V3 | `/var/www/Nitro_Render_V3` |
**Sudoers** passwordless `systemctl` + `chown` for the web UI:
> ✅ **Completely safe.** Each command is pinned to a specific binary and (where possible) a specific path. The web user (`www-data`) cannot run arbitrary shell commands — only these exact operations. No shell, no arbitrary binary, no risk.
```bash
sudo tee /etc/sudoers.d/www-data << 'EOF'
www-data ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart emulator
www-data ALL=(ALL) NOPASSWD: /usr/bin/systemctl status emulator
www-data ALL=(ALL) NOPASSWD: /usr/bin/chown -R www-data\:www-data /var/www/*
EOF
sudo chmod 440 /etc/sudoers.d/www-data
```
| Entry | Why it's needed |
|-------|----------------|
| `systemctl restart emulator` | One-click emulator restart from the admin panel |
| `systemctl status emulator` | Live emulator status in the dashboard |
| `chown -R www-data:www-data /var/www/*` | Fix permissions after the updater clones/builds files as root |
---
## Requirements
| Component | Version |
|-----------|---------|
| **PHP** | 8.5+ |
| **Database** | MariaDB 10.6+ or MySQL 8.0+ |
| **Web Server** | Nginx or Apache |
| **Node.js** | 20+ |
| **Yarn** | 1.22+ |
| **Composer** | 2.x |
| **Redis** | Recommended (Linux) |
---
## Environment Files
| File | Use | Cache | DB |
|------|-----|-------|----|
| `.env.install` | Step-by-step setup guide | — | — |
| `.env.example.linux` | Linux production | Redis | MariaDB |
| `.env.example.windows` | Windows development | File | MySQL |
```bash
cp .env.example.linux .env
php artisan key:generate
```
> ⚠️ **XAMPP is not supported.** Extremely unsafe for production.
---
## Installation (Ubuntu 26.04)
```bash
# 1. System dependencies
sudo apt update
sudo apt install -y git curl wget unzip nginx mariadb-server redis-server \
php8.5 php8.5-{cli,fpm,mysql,xml,mbstring,curl,zip,bcmath,gd,sockets,intl} \
build-essential
# 2. Composer
curl -sS https://getcomposer.org/installer | php
sudo mv composer.phar /usr/local/bin/composer
# 3. Node.js + Yarn
curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
sudo apt install -y nodejs
sudo corepack enable
corepack install -g yarn@latest
# 4. Secure MariaDB
sudo mysql -e "ALTER USER 'root'@'localhost' IDENTIFIED BY 'your_root_password'; FLUSH PRIVILEGES;"
# 5. Clone
git clone https://your-gitea-server/remco/Atomcms-edit.git /var/www/atomcms
cd /var/www/atomcms
# 6. Configure
cp .env.example.linux .env
# EDIT .env first: set DB_PASSWORD, APP_URL, SESSION_DOMAIN
nano .env
php artisan key:generate
# 7. Create database + user
sudo mysql -e "CREATE DATABASE IF NOT EXISTS habbo CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
sudo mysql -e "CREATE USER IF NOT EXISTS 'cms'@'localhost' IDENTIFIED BY 'your_db_password';"
sudo mysql -e "GRANT ALL ON habbo.* TO 'cms'@'localhost'; FLUSH PRIVILEGES;"
# 8. Install PHP & JS deps
composer install --no-dev --optimize-autoloader
yarn install
# 9. Migrate, seed & cache
php artisan migrate --seed
php artisan optimize
php artisan filament:optimize
# 10. Build frontend
yarn build:all
# 11. Permissions
sudo chown -R www-data:www-data storage bootstrap/cache public/build
sudo chmod -R 775 storage bootstrap/cache
# 12. Sudoers (for the Nitro updater — see section above)
sudo tee /etc/sudoers.d/www-data << 'EOF'
www-data ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart emulator
www-data ALL=(ALL) NOPASSWD: /usr/bin/systemctl status emulator
www-data ALL=(ALL) NOPASSWD: /usr/bin/chown -R www-data\:www-data /var/www/*
EOF
sudo chmod 440 /etc/sudoers.d/www-data
# 13. Start services
sudo systemctl enable --now redis-server
# 14. PHP tuning
sudo sed -i 's/upload_max_filesize = .*/upload_max_filesize = 64M/' /etc/php/8.5/fpm/php.ini
sudo sed -i 's/post_max_size = .*/post_max_size = 64M/' /etc/php/8.5/fpm/php.ini
sudo sed -i 's/memory_limit = .*/memory_limit = 256M/' /etc/php/8.5/fpm/php.ini
sudo sed -i 's/max_execution_time = .*/max_execution_time = 300/' /etc/php/8.5/fpm/php.ini
# 16. Restart & verify
sudo systemctl restart php8.5-fpm redis-server nginx
php artisan about # should show green "Application" line
```
### Nginx
```nginx
server {
listen 80;
server_name your-domain.com;
root /var/www/atomcms/public;
index index.php;
charset utf-8;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml image/svg+xml;
gzip_vary on;
location / { try_files $uri $uri/ /index.php?$query_string; }
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* { deny all; }
location ~ /(\.env|\.git|composer\.(json|lock)) { deny all; }
}
```
```bash
sudo ln -sf /etc/nginx/sites-available/atomcms /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginx
sudo systemctl restart php8.5-fpm redis-server
sudo ufw allow 80/tcp && sudo ufw allow 443/tcp && sudo ufw --force enable
```
### SSL (recommended)
```bash
sudo apt install -y certbot python3-certbot-nginx
sudo certbot --nginx -d your-domain.com
```
---
## Yarn Scripts
```bash
yarn build:all # Build all themes
yarn build:atom # Atom theme only
yarn build:dusk # Dusk theme only
yarn dev # Vite dev server
yarn lint # Lint JS/Vue
yarn format # Format code
```
---
## Tech Stack
**Laravel 13 · React 19 + Alpine.js · Vite 8 · TailwindCSS 4 · Filament 5 · MariaDB/MySQL · Redis**
---
## Security
AtomCMS is built with security as a priority. Below is what's in place and what you need to configure.
### ✅ Already locked down
| Measure | Details |
|---------|---------|
| **Mass assignment protection** | User model restricted to 21 fillable fields (sensitive fields like `rank`, `credits`, `online` require explicit `forceFill`) |
| **API authentication** | Sanctum tokens, Bearer-only (no query-string API keys accepted) |
| **PayPal credentials** | Loaded from `env()`, never hardcoded |
| **CORS** | Must be explicitly set via `CORS_ALLOWED_ORIGINS` env (no wildcard default) |
| **Debug mode** | `APP_DEBUG=false` by default |
| **PHP debugging** | No `dd()`, `dump()`, or `var_dump()` in production code |
| **Password flashing** | Exception handler excludes passwords from session flash |
| **File uploads** | MIME validation (Laravel `image` rule + `finfo` on logos) |
| **2FA** | Two-factor authentication available |
| **SQL injection** | All queries use parameterized binding or Eloquent ORM |
| **Command injection** | All `exec()`/`shell_exec()` calls use `escapeshellarg()` or hardcoded values |
| **CSRF** | Sanctum CSRF protection on all stateful routes |
| **Insecure deserialization** | No `unserialize()` calls exist |
### ⚠️ You must configure
| Item | What to do |
|------|------------|
| **`.env` file** | Restrict file permissions (`chmod 600 .env`), ensure Nginx blocks access (already in the provided config) |
| **`CORS_ALLOWED_ORIGINS`** | Set to your exact frontend domain(s) in `.env` (included in the example files) |
| **Database password** | Use a strong, unique password (not `your_db_password`) |
| **APP_KEY** | Run `php artisan key:generate` after cloning |
| **Session domain** | Set `SESSION_DOMAIN` to your hotel domain in `.env` |
| **SSL** | Required for production — use the Certbot instructions above |
| **Admin accounts** | Only grant high-rank access to trusted users |
| **Log retention** | Check `LOG_MAX_FILES` in `.env` (default 14 days) |
### 🔒 Sudoers safety
The `sudoers.d/www-data` configuration grants passwordless `systemctl` and `chown` to `www-data`. This is **safe by design**:
- Each command is pinned to a specific binary path (`/usr/bin/systemctl`, `/usr/bin/chown`)
- `chown` is restricted to `/var/www/*`
- No shell (`/bin/sh`, `/bin/bash`) is granted
- No arbitrary binaries can be executed
- In a worst-case web compromise, the attacker still cannot read `/etc/shadow`, install packages, or run arbitrary commands
---
## Support
- **Discord:** [Join our server](https://discord.gg/pP6HyZedAj)
- **Issues:** Report bugs via the project issue tracker
- **Contributions:** Fork & submit merge requests — all help is welcome!
---
## Credits
**Remco (Epicnabbo)** — Core Maintainer · **Kasja** — Design & Themes · **Kani** — RCON & API · **Atom Community** — Testing & Feedback
<div align="center"><i>Made with love for the Retro Community</i></div>
Reference in New Issue View Git Blame Copy Permalink