LogicBoxes Provisioning Module for LiBilling
Find a file
Troy Siedsma 619d7a7296 Security HIGH (round 12): scrub reseller credentials from LogicBoxes module logs
Round 11 hardened the laravel-logicboxes-api transport, but the libilling-logicboxes
MODULE has 35 raw Log::error sinks of its own (Log::error(..., ['error' =>
$e->getMessage()])) that wrote the Guzzle exception message verbatim. The reseller
auth-userid + api-key ride in the request query string, so those messages leaked
the live reseller API key (full control of every customer domain) to laravel.log.
Every sink now scrubs through SecretRedactor (api-key/auth-userid are in its key
list); the RegistrarResult::fail paths were already scrubbed.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 12:03:06 +00:00
config Re-platform onto LiBilling/libilling-logicboxes Forgejo origin 2026-05-22 13:14:19 +00:00
resources/lang Re-platform onto LiBilling/libilling-logicboxes Forgejo origin 2026-05-22 13:14:19 +00:00
src Security HIGH (round 12): scrub reseller credentials from LogicBoxes module logs 2026-06-28 12:03:06 +00:00
tests/Feature Security MED (round 10): block registrar-extras parameter injection 2026-06-27 23:49:07 +00:00
.gitattributes Re-platform onto LiBilling/libilling-logicboxes Forgejo origin 2026-05-22 13:14:19 +00:00
.gitignore Re-platform onto LiBilling/libilling-logicboxes Forgejo origin 2026-05-22 13:14:19 +00:00
CHANGELOG.md Re-platform onto LiBilling/libilling-logicboxes Forgejo origin 2026-05-22 13:14:19 +00:00
composer.json Standardize composer.json + README + LICENSE 2026-05-22 15:03:57 +00:00
CONTRIBUTING.md Re-platform onto LiBilling/libilling-logicboxes Forgejo origin 2026-05-22 13:14:19 +00:00
LICENSE.md LICENSE: Copyright (c) Lithium Holdings, LLC 2026-05-22 15:13:48 +00:00
README.md Standardize composer.json + README + LICENSE 2026-05-22 15:03:57 +00:00

LiBilling LogicBoxes Domain Registrar Module

A LiBilling domain registrar module for LogicBoxes/ResellerClub. Enables domain availability checks, registration, renewal, transfer, nameserver management, registrar lock, EPP code retrieval, and ID protection through LogicBoxes-compatible registrars (ResellerClub, NetEarthOne, etc.).

Features

  • Domain Registration: Register domains with automatic customer/contact creation
  • Domain Renewal: Renew domains via order ID
  • Domain Transfer: Initiate transfers with auth code and contact setup
  • Nameserver Management: Get/set nameservers via modify-ns API
  • Registrar Lock: Transfer lock via enable-theft-protection/disable-theft-protection APIs
  • EPP Code: Auth code from domain details (domsecret)
  • Availability Check: Domain search with status mapping (available/regthroughus/regthroughothers)
  • ID Protection: WHOIS privacy via purchase-privacy/modify-privacy-protection APIs
  • Error Handling: Rate-limited staff notifications for API issues
  • Test Connection: Admin endpoint for verifying API connectivity

Installation

This package is loaded as a local Composer path repository. No separate installation is needed when developing within the LiBilling monorepo.

For standalone installation:

composer require libilling/libilling-logicboxes

Configuration

Add the following to your .env file:

LOGICBOXES_RESELLER_ID=your-reseller-id
LOGICBOXES_API_KEY=your-api-key
LOGICBOXES_DEMO=false

Publish the config file:

php artisan vendor:publish --tag=libilling-logicboxes

Config Options

Key Env Default Description
default_nameservers DEFAULT_NS1, DEFAULT_NS2 ns1.lithiumhosting.com, ns2.lithiumhosting.com Default nameservers for new registrations and transfers

Finding Your Credentials

  1. Log in to your ResellerClub control panel at manage.resellerclub.com
  2. Go to Settings > Personal Information > Primary Profile to find your Reseller ID
  3. Go to Settings > API to generate an API key
  4. Ensure your server's IP address is allowlisted under Settings > API > Allowed IPs

Capabilities

Declared via supports() using RegistrarCapability constants:

  • register: Domain registration
  • renew: Domain renewal
  • transfer: Domain transfer
  • nameservers: Nameserver management
  • registrar_lock: Transfer lock
  • epp_code: EPP/auth code retrieval
  • availability: Domain availability check
  • id_protection: WHOIS privacy

Dependencies

  • lithiumhosting/laravel-logicboxes-api: LogicBoxes HTTP API client

Testing

vendor/bin/sail artisan test --filter=ModuleSystemTest

License

LiBilling is (C) Lithium Holdings, LLC. All components except for third-party modules and select packages with their own license are licensed under a Commercial License. Contact licensing@lithiumholdings.com for licensing enquiries. Any dissemination of material herein is prohibited without expressed written consent of Lithium Holdings.

This package, libilling-logicboxes is licensed under The MIT License (MIT). Please see License File for more information.

Is it any good?

Yes.

When people first hear about a new product, they frequently ask if it is any good. A Hacker News user remarked:

Note to self: Starting immediately, all raganwald projects will have a "Is it any good?" section in the readme, and the answer shall be "yes.".