SolusVM Provisioning Module for LiBilling
  • PHP 73.7%
  • Blade 26.3%
Find a file
Troy Siedsma e562a42253 Security HIGH (round 12): gate SolusVM VpsControl on Active service status
VpsControl's destructive actions (startVps/reboot/shutdown/rebuildVps), the root
and VNC password changes, and the live VNC-password reveal (loadVncCredentials)
authorized only on team_service_access, with no service-status check. The only
Active check was the cosmetic blade render gate; every action is reachable
directly over /livewire/update, so a customer whose VPS was suspended for
non-payment/abuse could replay the action calls to boot/reboot/rebuild the VM and
read the live VNC password, defeating suspension. The sibling SSO + VNC-console
surfaces already gate on Active; VpsControl was the missed one.

authorizeAccess() now requires status === Active for the customer path (staff
retain access for support).

Test: a customer is 403'd on a Suspended service and passes on an Active one.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 12:09:12 +00:00
config Gate the in-app VNC console + credentials behind SOLUSVM_VNC_ENABLED 2026-05-31 14:45:47 +00:00
database/migrations Security MED (round 9): stop persisting VM root/VNC passwords in plaintext 2026-06-27 21:55:00 +00:00
resources Gate the in-app VNC console + credentials behind SOLUSVM_VNC_ENABLED 2026-05-31 14:45:47 +00:00
routes Security LOW (round 10): throttle the inbound SolusVM webhook 2026-06-27 23:54:33 +00:00
src Security HIGH (round 12): gate SolusVM VpsControl on Active service status 2026-06-28 12:09:12 +00:00
tests/Feature Security HIGH (round 12): gate SolusVM VpsControl on Active service status 2026-06-28 12:09:12 +00:00
.gitattributes Re-platform onto LiBilling/libilling-solusvm Forgejo origin 2026-05-22 13:14:19 +00:00
.gitignore Re-platform onto LiBilling/libilling-solusvm Forgejo origin 2026-05-22 13:14:19 +00:00
composer.json Standardize composer.json + README + LICENSE 2026-05-22 15:04:03 +00:00
LICENSE.md Standardize composer.json + README + LICENSE 2026-05-22 15:04:03 +00:00
README.md Standardize composer.json + README + LICENSE 2026-05-22 15:04:03 +00:00

LiBilling SolusVM Provisioning Module

A LiBilling server module for SolusVM VPS provisioning. Provides automated virtual server lifecycle management including provisioning, suspension, termination, password changes, and usage stats via the SolusVM API.

Features

  • VPS Lifecycle: Create, suspend, unsuspend, terminate virtual servers
  • Password Management: Change VPS root/admin passwords
  • Usage Stats: Disk, bandwidth, and memory usage from SolusVM API
  • Service Info: VPS IP, hostname, virtualization type display
  • Server Admin: Test connection, account count, package listing

Installation

This package is loaded as a local Composer path repository. No separate installation is needed when developing within the LiBilling monorepo.

For standalone installation:

composer require libilling/libilling-solusvm

Configuration

Publish the config file:

php artisan vendor:publish --tag=libilling-solusvm

Config Options

Key Env Default Description
verify_ssl SOLUSVM_VERIFY_SSL true Verify SSL when connecting to SolusVM API

Usage

In SolusVM's architecture:

  • A server record represents the SolusVM master node / hypervisor
  • Services represent individual VPS instances provisioned on that hypervisor

When adding a SolusVM server in the admin panel, provide:

  • Hostname: The SolusVM master node hostname or IP
  • Port: API port (default: 5656)
  • API Key: Your SolusVM API key
  • API Hash: Your SolusVM API hash

Capabilities

Declared via supports() using ModuleCapability constants:

  • suspend: VPS suspension
  • unsuspend: VPS unsuspension
  • terminate: VPS termination/deletion
  • change_password: Root/admin password changes
  • usage_stats: Disk, bandwidth, and memory usage
  • service_info: VPS IP, hostname, virtualization type

Dependencies

  • SolusVM API (HTTP) -- VPS management API

Testing

vendor/bin/sail artisan test --filter=ModuleSystemTest

License

LiBilling is (C) Lithium Holdings, LLC. All components except for third-party modules and select packages with their own license are licensed under a Commercial License. Contact licensing@lithiumholdings.com for licensing enquiries. Any dissemination of material herein is prohibited without expressed written consent of Lithium Holdings.

This package, libilling-solusvm is licensed under The MIT License (MIT). Please see License File for more information.

Is it any good?

Yes.

When people first hear about a new product, they frequently ask if it is any good. A Hacker News user remarked:

Note to self: Starting immediately, all raganwald projects will have a "Is it any good?" section in the readme, and the answer shall be "yes.".