Skip to content

Releases: FlaxiGG/ServerWebAdmin

MinePanel v1.6.0 — Accountability & Audit Update

Choose a tag to compare

@FlaxiGG FlaxiGG released this 04 Jul 17:34

🚀 Overview

MinePanel v1.6.0 introduces a brand-new Audit Log System, providing complete visibility into administrative activities performed through the web panel.

Server owners can now review important actions performed by administrators, making MinePanel significantly more suitable for production environments.

This release focuses on accountability, transparency, and operational security.


✨ New Features

📝 Audit Log System

Added a dedicated Audit Logs page for reviewing administrative activities.

Each audit entry records:

  • Timestamp (UTC)
  • Username
  • Role
  • IP Address
  • Severity
  • Action
  • Target
  • Status
  • Additional Details

🔎 Powerful Search & Filtering

Audit logs can now be filtered by:

  • Username
  • Role
  • Action
  • Severity
  • Status
  • Date
  • Search keyword

Sorting:

  • Newest First
  • Oldest First

🚦 Severity Levels

Every event is automatically classified by severity.

Supported levels:

  • 🟢 INFO
  • 🟡 WARNING
  • 🔴 CRITICAL

This makes important actions easy to identify at a glance.


📂 Audit Categories

MinePanel now records activities across multiple modules.

Supported categories include:

Authentication

  • Login Success
  • Login Failed
  • Logout
  • Password Changed
  • Session Expired

User Management

  • User Created
  • User Updated
  • User Deleted
  • Role Changed
  • Password Reset

Player Management

  • Kick
  • Ban
  • Unban
  • Heal
  • Feed
  • Kill
  • Gamemode
  • Teleport

File Manager

  • File Created
  • File Edited
  • File Deleted
  • File Uploaded
  • File Downloaded
  • File Renamed
  • File Moved
  • Directory Created
  • Directory Deleted

Server Operations

  • Save
  • Reload
  • Stop

Console

  • Console Commands

Settings

  • Configuration Changes
  • Host Changes
  • Port Changes
  • Session Timeout Changes

🔐 Permission Protected

Audit Logs are fully integrated with the existing permission system.

Current permissions:

  • Owner → Full access
  • Admin → View access
  • Moderator → No access
  • Viewer → No access

Unauthorized access returns:

403 Permission Denied

⚡ Performance Improvements

Designed for long-term production usage.

Features include:

  • In-memory caching
  • Efficient filtering
  • Fast searching
  • Runtime updates
  • Configurable log retention

The system is designed to support thousands of audit records efficiently.


🏗 Internal Improvements

Added:

  • AuditLogManager
  • Audit Controller
  • Audit Models
  • Severity System
  • Status System
  • Action Enums
  • Storage Abstraction Layer
  • JSON Storage Provider

The architecture has been designed to support future storage providers (SQLite, databases) without changing business logic.


🔒 Security

Sensitive information is never stored inside audit logs.

Excluded data:

  • Passwords
  • BCrypt hashes
  • Session Tokens
  • Cookies
  • Recovery Codes
  • 2FA Secrets

🎯 Foundation for Future Versions

The Audit System prepares MinePanel for future features, including:

  • Backup & Restore
  • Security Enhancements
  • MineCore Integration
  • Multi-module Ecosystem

❤️ Thank You

Thank you to everyone who continues testing MinePanel, reporting bugs, and suggesting new features.

Community feedback continues to shape the future of the project.


Built with ❤️ by FlaxiLabs

MinePanel v1.5.0 — Settings Center Update

Choose a tag to compare

@FlaxiGG FlaxiGG released this 30 Jun 08:44

MinePanel v1.5.0 introduces a new Settings Center, allowing server owners to manage important MinePanel configuration directly from the web panel.

This update reduces the need to manually edit config.yml and makes MinePanel feel more like a complete Minecraft server management panel.


New Feature — Settings Center

Added a dedicated Settings page for managing MinePanel configuration from the browser.

Available settings include:

  • Web Server Settings
  • Security Settings
  • Alert Message Settings
  • Account Settings

Web Server Settings

You can now manage web server configuration directly from the panel.

Supported options:

  • Web host
  • Web port
  • Allow external access
  • Safe fallback binding

When web server settings are saved, MinePanel safely restarts the embedded NanoHTTPD web server.

The restart process now waits until the HTTP response is sent before restarting, preventing socket closed errors.


Security Settings

Added web-based security configuration.

Supported options:

  • Session timeout
  • Auto logout behavior
  • Login/session related security options

This makes it easier to adjust security behavior without manually editing configuration files.


Alert Message Settings

Alert messages can now be edited from the Settings page.

Supported messages include:

  • Kick message
  • Ban reason
  • Ban kick message
  • Reload confirmation message
  • Server stop warning message

Account Settings

Users can now manage their own account information.

Supported actions:

  • View username
  • View current role
  • Change own password

This allows users to update their password without requiring access to the User Management page.


Permission-Based Settings Access

Settings access is integrated with the existing role permission system.

Protected settings are only visible to users with the required permissions.

Unauthorized API requests return:

{
  "success": false,
  "message": "Permission denied"
}

File Manager Update

Choose a tag to compare

@FlaxiGG FlaxiGG released this 24 Jun 01:42

MinePanel v1.4.0 — File Manager Update

This update introduces one of the most requested features from the community.

MinePanel now includes a built-in File Manager, allowing server owners to manage server files directly from the web panel without accessing FTP or SSH.

This feature focuses on safe file management while keeping server security as the highest priority.


✨ New Feature — File Manager System

MinePanel now supports direct file management inside the web panel.

Available functions:

  • Browse files and folders
  • Read text-based files
  • Edit and save configuration files
  • Upload files
  • Download files
  • Create folders
  • Rename files and folders
  • Delete files and folders

This allows server owners to manage important server files directly from the browser.


📂 File Browser

Added a new File Manager page.

Supported:

  • Folder navigation
  • Parent directory navigation
  • File size display
  • File type detection
  • Folder/file separation

Users can now browse server files without leaving MinePanel.


📝 Built-in Text Editor

Added a lightweight built-in text editor.

Features:

  • Monospace editor layout
  • Line number support
  • UTF-8 safe file handling
  • Direct file save

Supported editable file types:

  • .txt
  • .yml
  • .yaml
  • .json
  • .properties
  • .log
  • .conf
  • .toml
  • .xml

This makes editing configuration files much easier.


⬆ File Upload System

Added file upload support.

Implementation:

  • multipart/form-data upload handling
  • NanoHTTPD native body parsing
  • Maximum upload size limit (5MB)

Supported upload types:

  • png
  • jpg
  • txt
  • json
  • yml
  • yaml
  • properties
  • log

Unsafe file types are blocked automatically.


⬇ Direct File Download

Added direct file download support.

Implementation:

  • Native NanoHTTPD file streaming
  • Content-Disposition attachment support
  • Binary-safe downloads

No Base64 encoding is used.

This reduces memory usage and improves performance.


📁 Folder Management

Added folder management features.

Supported:

  • Create folder
  • Rename file/folder
  • Delete file/folder

Delete operations now require confirmation before execution.


🔐 New File Permissions System

Added new permissions for role-based access.

New permissions:

  • files.view
  • files.read
  • files.edit
  • files.upload
  • files.download
  • files.delete
  • files.rename
  • files.mkdir

Permission mapping:

Owner

Full file access

  • files.*

Admin

Limited file access

  • files.view
  • files.read
  • files.edit
  • files.download

Moderator

No file access

Viewer

No file access


🛡 Security Improvements

File Manager was designed with security as a priority.

Added protections:

Path Traversal Protection

Blocked dangerous path access attempts such as:

../
../../
C:\
/etc/
Windows/System32

All paths now use canonical path validation.


Dangerous File Blocking

Blocked dangerous file types:

.jar
.class
.exe
.bat
.sh
.dll

These files cannot be uploaded or edited.


Server Core Protection

Blocked access to server core files.

Protected examples:

paper.jar
spigot.jar
server.jar

This prevents accidental server corruption.


Large File Protection

Files larger than the safe editor limit cannot be opened in the editor.

This prevents memory spikes caused by extremely large files.


🛡 3-Layer Permission Protection

File Manager uses the same security architecture as RBAC.

Layer 1 — Sidebar Protection

Users without file permissions cannot see File Manager navigation.


Layer 2 — Frontend Protection

Restricted users cannot open File Manager pages.

Displayed message:

You are not able to see this

Layer 3 — Backend API Protection

All file APIs validate permissions server-side.

Direct unauthorized API requests using:

  • curl
  • Postman
  • Browser requests

Return:

{
  "success": false,
  "message": "Permission denied"
}

⚙ Internal Changes

Added systems:

  • FileManagerService.java
  • Native multipart upload handler
  • Native binary file streaming
  • Text file editor system
  • Path validation system
  • Dangerous file filtering
  • File permission middleware
  • Frontend file browser UI

Notes

This version focuses on Safe File Management.

Advanced features are intentionally not included in this release.

Not included in this version:

  • ZIP / Unzip
  • Plugin JAR upload
  • Backup system
  • Cloud backup
  • Syntax highlighting editor
  • Plugin Manager
  • File version history

These may be considered in future versions.


Compatibility

Minecraft Versions

  • 1.13.2+
  • Tested up to 26.2

Java Versions

  • Java 8+
  • Tested on Java 8 / Java 21 / Java 25

Supported Server Software

  • Spigot
  • Paper
  • Purpur (Experimental)

Thank you to everyone providing feedback and helping improve MinePanel.

MinePanel continues evolving based on real community feedback.

More updates coming soon 🚀

Role-Based Access Control Update

Choose a tag to compare

@FlaxiGG FlaxiGG released this 20 Jun 07:56
8c5e896

MinePanel v1.3.0 — Role-Based Access Control Update

This update introduces one of the biggest improvements to MinePanel so far.

MinePanel now supports multi-user access with a complete fixed role-based permission system, allowing server owners to safely manage staff access across the web panel.

This update was built directly from community feedback.


✨ New Feature — Role Based Access Control (RBAC)

MinePanel now supports 4 fixed permission roles.

Available roles:

  • Owner
  • Admin
  • Moderator
  • Viewer

Each role has different access permissions inside the panel.


👑 New Default Account System

The default account has been changed.

Before:

admin / admin123

Now:

owner / admin123

Default account properties:

role = owner
mustChangePassword = true

The first login still requires a mandatory password change for security.


🔐 Permission Roles

Owner

Full access to everything.

Permissions:

  • Dashboard
  • Players Management
  • Console View
  • Console Commands
  • Ban Management
  • Whitelist Management
  • Weather / Time Controls
  • Player Actions (Kick, Ban, Heal, Feed, Kill, Gamemode, Teleport)
  • Save Server
  • Reload Server
  • Stop Server
  • User Management

Admin

Administrative access.

Permissions:

  • Dashboard
  • Players Management
  • Console View
  • Console Commands
  • Ban Management
  • Whitelist Management
  • Weather / Time Controls
  • Player Actions

Restrictions:

  • Cannot manage users
  • Cannot reload server
  • Cannot stop server

Moderator

Basic moderation access.

Permissions:

  • Dashboard
  • Players List
  • Console View
  • Kick Players

Restrictions:

  • Cannot execute console commands
  • Cannot ban players
  • Cannot manage whitelist
  • Cannot manage users
  • Cannot reload or stop server

Viewer

Read-only access.

Permissions:

  • Dashboard
  • Players List

Restrictions:

  • No server actions allowed

🛡 3-Layer Permission Protection

MinePanel now protects restricted actions using 3 security layers.

Layer 1 — Sidebar Protection

Navigation items are automatically hidden if the user does not have permission.

Example:

  • No user permission → User Management tab hidden
  • No console permission → Console tab hidden

Layer 2 — Frontend Page Protection

If a user tries to manually access a restricted page:

You are not able to see this

The page will be blocked before loading.


Layer 3 — Backend API Protection

All protected API endpoints now validate permissions server-side.

Even if users try direct requests using:

  • curl
  • Postman
  • Browser requests

MinePanel will return:

{
  "success": false,
  "message": "Permission denied"
}

Frontend will automatically show an error toast.


🎨 Frontend Permission-Based UI

Buttons and actions are automatically hidden if the user does not have permission.

Examples:

Hidden automatically:

  • Kick button
  • Ban button
  • Reload Server button
  • Stop Server button
  • User Management page
  • Player action buttons
  • Console command input

This keeps the interface clean and prevents accidental misuse.


🔒 Security Rules (User Management)

Additional security protections were added.

Rules:

  • Owner account cannot be deleted
  • Owner cannot change its own role
  • Owner account cannot be created manually through UI
  • Only Owner can manage users
  • Admin cannot manage users
  • Moderator cannot manage users
  • Viewer cannot manage users

This prevents privilege mistakes and account lockout scenarios.


📋 Permission Matrix

Feature Owner Admin Moderator Viewer
Dashboard
Players List
Console View
Console Commands
Bans List
Whitelist View
Whitelist Add/Remove
Weather / Time Controls
Kick Player
Ban / Heal / Feed / Kill / Gamemode / TP
Save Server
Reload Server
Stop Server
User Management

⚙ Internal Changes

Updated systems:

  • New centralized permissions map
  • Backend permission middleware (hasPermission())
  • Frontend permission-based UI rendering
  • 403 unauthorized API protection
  • Updated user account structure with roles
  • Updated default account creation flow
  • Updated authentication flow to support roles

📌 Notes

This version uses Fixed Roles Only.

Custom Role Editor is not included in this update.

The goal of this release is:

  • Simplicity
  • Stability
  • Better security
  • Better multi-user support

Custom roles may be considered in future versions depending on community feedback.


Compatibility

Minecraft Versions

  • 1.13.2+
  • Tested up to 1.26.2

Java Versions

  • Java 8+
  • Tested on Java 8 / Java 21 / Java 25

Supported Server Software

  • Spigot
  • Paper
  • Purpur (Experimental)

Thank you to everyone providing feedback and helping improve MinePanel.

MinePanel continues evolving based on real community feedback.

More updates coming soon 🚀

MinePanel v1.2.1 — Compatibility Update

Choose a tag to compare

@FlaxiGG FlaxiGG released this 19 Jun 05:02

MinePanel v1.2.1 — Compatibility Update

Compatibility

  • Added tested support for Minecraft 26.1 - 26.2
  • Tested on Java 25
  • Confirmed MinePanel core features work on the latest server versions

Notes

  • No major code changes were required
  • MinePanel is compiled with Java 8 target bytecode for broad compatibility
  • Newer Java runtimes such as Java 21 and Java 25 can run the existing build normally

Tested Features

  • Web dashboard
  • Login system
  • Session cookie authentication
  • Live console
  • Player management
  • Network host/port configuration

Network Compatibility Update

Choose a tag to compare

@FlaxiGG FlaxiGG released this 17 Jun 07:21

MinePanel v1.2.0 — Network Compatibility Update

This release focuses on improving MinePanel compatibility with VPS, local machines, Docker-based hosting, shared Minecraft hosting, Pterodactyl-style environments, NAT port mapping, and reverse proxy setups.

Highlights

  • Added safer host binding behavior

  • Added public IP detection and automatic fallback

  • Added host: auto support

  • Added fallback-to-any option

  • Improved compatibility with shared hosting providers

  • Improved reverse proxy support

  • Improved network error logging

  • Prevented plugin startup failure caused by invalid public IP binding


Network Binding Improvements

MinePanel now handles more hosting environments safely.

Supported host values:

web:
  host: 0.0.0.0
  port: 8080
  fallback-to-any: true

Supported examples:

  • 0.0.0.0 — listen on all interfaces

  • 127.0.0.1 — local only

  • localhost — normalized to 127.0.0.1

  • 192.168.x.x — local LAN IP

  • auto — auto-detects the best available LAN host

  • Public IPs — now detected and safely redirected to 0.0.0.0


Public IP Binding Fix

Fixed an issue where users could not start MinePanel when using a public IP address in config.yml.

Before

Using:

web:
  host: 131.196.x.x

could cause MinePanel to fail because public IP addresses are usually not available as local network interfaces inside Docker, shared hosting, or NAT-based hosting environments.

Now

MinePanel detects public IP addresses and automatically falls back to:

web:
  host: 0.0.0.0

This prevents startup failure and improves compatibility with hosting providers that generate or map public ports.


Safe Bind Fallback

Added a new option:

web:
  fallback-to-any: true

If MinePanel cannot bind to the configured host, it will automatically try:

0.0.0.0

If fallback is disabled, MinePanel will stop the web server startup safely and print a clear error message instead of crashing the plugin.


Improved Error Logging

Network errors are now easier to understand.

MinePanel now explains possible causes such as:

  • Docker container environment

  • Shared Minecraft hosting

  • Pterodactyl-style hosting

  • Public IP not assigned to the local machine

  • Port already in use

  • Reverse proxy or NAT port mapping setup

The log also recommends fixes such as:

  • Use host: 0.0.0.0

  • Use the port generated by your hosting provider

  • Configure port forwarding correctly

  • Use Nginx or Cloudflare Tunnel as a reverse proxy


Reverse Proxy Support

MinePanel continues to support reverse proxy environments through X-Forwarded-For detection.

This helps preserve the real client IP when running behind:

  • Nginx

  • Cloudflare Tunnel

  • Reverse proxy systems


Config Update

The config structure remains backward compatible.

Existing users do not need to recreate their config file.

New comments were added to explain:

  • When to use 0.0.0.0

  • When to use 127.0.0.1

  • Why public IPs should not be used directly

  • How fallback-to-any works


Compatibility Matrix

Config | Before | v1.2.0 -- | -- | -- host: 0.0.0.0 | Works | Works host: 127.0.0.1 | Works | Works host: localhost | Works | Works host: 192.168.x.x | Works | Works host: auto | Not supported | Supported host: public IP | Failed to bind | Warning + fallback Bind failure | Web server may fail | Safe fallback available fallback-to-any: false | Not available | Clear error, no fallback

Changed Files

  • config.yml

    • Added detailed host binding comments

    • Added fallback-to-any

    • Improved network configuration documentation

  • ServerWebAdmin.java

    • Removed old local-interface-only host validation

    • Added public IP detection

    • Added host: auto

    • Added safe bind fallback

    • Improved BindException and IOException logging


Recommended Hosting Config

For most users, especially shared hosting or Pterodactyl-style environments:

web:
  host: 0.0.0.0
  port: 8080
  fallback-to-any: true

Do not set host to your public IP address.

Use the port provided by your hosting panel or configure port forwarding through your hosting provider.


Thank you to the community members who helped test and report hosting compatibility issues.

Major Infrastructure & Dashboard Update

Choose a tag to compare

@FlaxiGG FlaxiGG released this 16 Jun 05:49

MinePanel v1.1.0 — Major Infrastructure & Dashboard Update

This release introduces major improvements focused on network security, dashboard redesign, console stability, user experience, and automation improvements.


Network Configuration & Reverse Proxy Support

A major infrastructure update focused on improving deployment flexibility and security.

Added

  • Configurable web server host and port in config.yml
  • New allow-external option for controlling external access
  • Support for localhost-only mode (127.0.0.1) for secure reverse proxy setups
  • Reverse proxy IP detection via X-Forwarded-For

Improved

  • Better compatibility with reverse proxies such as Nginx and Cloudflare Tunnel
  • Graceful handling for BindException when port is already in use
  • Graceful handling for invalid hostname (UnknownHostException)
  • Automatic web server shutdown on plugin reload

Complete Dashboard Redesign

The dashboard has been fully redesigned for a cleaner and more professional server management experience.

New Dashboard Layout

  • New banner card with server MOTD and Minecraft version

  • Added quick action SVG buttons

  • 4 new system monitoring cards:

    • Online Players
    • TPS Monitor
    • RAM Usage (with progress bar)
    • CPU Usage (real system CPU percentage)

Layout Improvements

  • New 40/60 split dashboard layout

  • System Information section:

    • Operating System
    • Server Uptime
  • Live Console Preview integrated directly into dashboard

Page Restructure

  • Removed player list from dashboard
  • Added dedicated Players Management page

Sidebar Navigation Improvements

Sidebar is now organized into logical sections for better navigation.

New Structure

Main

  • Dashboard
  • Console

Administration

  • Players
  • Whitelist
  • Bans

Management

  • Users

UI Improvements

  • Added section titles

  • New semantic action button colors:

    • Save
    • Reload
    • Stop

Performance Monitoring Improvements

Added

  • Real CPU monitoring using Java reflection (com.sun.management)

  • CPU status indicator with dynamic color coding:

    • Green → Healthy
    • Amber → Medium load
    • Red → High load

Console Stability Improvements

Fixed console log reading issues on different server environments.

Fixed

  • Console now properly reads server logs using correct server root path
  • Better fallback handling when console output is empty

New /webadmin reload Command

Added plugin hot reload support.

Added

  • /webadmin reload

This command now:

  • Stops current web server safely
  • Reloads configuration
  • Reinitializes plugin automatically

Custom Confirm Modal System

Browser native alerts and confirm dialogs have been completely replaced.

New Modal Features

  • Custom confirmation modal system
  • Better UI consistency across all actions
  • Dedicated danger confirmation button styling

Protected Actions

Added confirmation modal for:

  • Kick Player
  • Ban Player
  • Stop Server
  • Reload Server
  • Unban Player
  • Remove Whitelist Entry
  • Remove User

New Reason Input

Kick and Ban actions now require reason input before confirmation.


Auto Refresh System

Several pages now refresh automatically for better real-time monitoring.

Added

  • Players page refresh every 5 seconds
  • Bans page refresh every 10 seconds
  • Users page refresh every 30 seconds

Internal Improvements

  • Improved page loading system
  • Added failsafe protection for missing DOM elements
  • Improved route hash navigation
  • Better frontend state handling

Thank you to everyone testing MinePanel and providing valuable feedback.

More improvements coming soon 🚀

Security & Style 1.0.1

Choose a tag to compare

@FlaxiGG FlaxiGG released this 15 Jun 07:42
da10309

Architecture Change

  • Extracted UI from Java — All HTML/CSS/JS moved from embedded Java string (WebServer.java ~900 lines removed) to standalone files

Authentication System

  • BCrypt — Passwords hashed with BCrypt instead of plaintext
  • Session Tokens — UUID v4 generated per login, stored in server-side sessions map
  • HttpOnly Cookie — Token transmitted via Set-Cookie: token=xxx; HttpOnly; Path=/; SameSite=Lax; Max-Age=300
  • Session Expiry — 5 minutes inactivity timeout, auto-refreshes on each API call
  • Backward compat — getToken(session) checks both Cookie header AND query param ?token=
  • Logout — clears server session + deletes cookie

Login Flow

  • Username + Password login (not single token)
  • Default user: admin / admin123 auto-created on first run
  • mustChange flag — If password is still admin123, forces password change modal
  • Heartbeat API — Global 2-minute interval keeps session alive; 401 → auto-logout
  • Button loading state — "Signing in…" with disabled button during login request

Theme System

  • Light/Dark toggle — Button in sidebar (bottom, before Logout)
  • CSS Variables — 30+ CSS custom properties, overridden in body.dark
  • Dark theme: #12121f background, #1c1c33 cards, #c0c0d0 text
  • color-scheme: dark on dark mode (native scrollbar/input)
  • localStorage persists theme preference
  • Auto-applies on page load from saved preference

Fixed Sidebar

  • position: fixed — Sidebar no longer scrolls with page content
  • left: 0; top: 0; bottom: 0; z-index: 50
  • Content area uses padding-left: 240px
  • Mobile: padding-top: 60px + sidebar becomes top bar

### MinePanel v1.0.1

Major Architecture Update

  • Extracted all UI files from embedded Java strings
  • Moved HTML, CSS, and JavaScript into standalone resource files
  • Removed around 900 lines from WebServer.java
  • Improved maintainability and frontend development workflow

Security & Authentication

  • Added username/password login
  • Added BCrypt password hashing
  • Added UUID v4 session tokens
  • Added HttpOnly cookie-based sessions
  • Added 5-minute inactivity timeout
  • Added forced password change for the default admin account
  • Added logout session cleanup

UI Improvements

  • Added Light/Dark theme toggle
  • Added persistent theme preference
  • Added fixed sidebar layout
  • Improved mobile layout
  • Added login loading state

Compatibility

  • Token lookup now supports both cookie-based sessions and ?token= query parameter for backward compatibility