@underpostnet/underpost 2.97.0 → 2.97.5

package/src/cli/deploy.js

@@ -761,7 +761,7 @@ EOF`);
         // shellExec(`docker cp ${volume.volumeMountPath} kind-worker:${rootVolumeHostPath}`);
         shellExec(`tar -C ${volume.volumeMountPath} -c . | docker cp - kind-worker:${rootVolumeHostPath}`);
         shellExec(
-          `docker exec -i kind-worker bash -c "chown -R 1000:1000 ${rootVolumeHostPath} || true; chmod -R 755 ${rootVolumeHostPath}"`,
+          `docker exec -i kind-worker bash -c "chown -R 1000:1000 ${rootVolumeHostPath}; chmod -R 755 ${rootVolumeHostPath}"`,
         );
       }
       shellExec(`kubectl delete pvc ${pvcId} -n ${namespace} --ignore-not-found`);

package/src/cli/index.js

@@ -22,7 +22,7 @@ program.name('underpost').description(`underpost ci/cd cli ${Underpost.version}`
 program
   .command('new')
   .argument('[app-name]', 'The name of the new project.')
-  .option('--deploy-id <deploy-id>', 'Crete deploy ID conf env files')
+  .option('--deploy-id <deploy-id>', 'Create deploy ID conf env files')
   .option('--sub-conf <sub-conf>', 'Create sub conf env files')
   .option('--cluster', 'Create deploy ID cluster files and sync to current cluster')
   .option('--build-repos', 'Create deploy ID repositories')
@@ -362,6 +362,14 @@ program
     '--macro-rollback-export <n-commits-reset>',
     'Exports a macro rollback script that reverts the last n commits (Git integration required).',
   )
+  .option(
+    '--clean-fs-collection',
+    'Cleans orphaned File documents from collections that are not referenced by any models.',
+  )
+  .option(
+    '--clean-fs-dry-run',
+    'Dry run mode - shows what would be deleted without actually deleting (use with --clean-fs-collection).',
+  )
   .option('--dev', 'Sets the development cli context')
   .option('--kubeadm', 'Enables the kubeadm context for database operations.')
   .option('--kind', 'Enables the kind context for database operations.')
@@ -628,11 +636,14 @@ program
   .option('--nfs-build', 'Builds an NFS root filesystem for a workflow id config architecture using QEMU emulation.')
   .option('--nfs-mount', 'Mounts the NFS root filesystem for a workflow id config architecture.')
   .option('--nfs-unmount', 'Unmounts the NFS root filesystem for a workflow id config architecture.')
+  .option('--nfs-build-server', 'Builds the NFS server for a workflow id config architecture.')
   .option('--nfs-sh', 'Copies QEMU emulation root entrypoint shell command to the clipboard.')
   .option('--cloud-init', 'Sets the kernel parameters and sets the necessary seed users on the HTTP server.')
   .option('--cloud-init-update', 'Updates cloud init for a workflow id config architecture.')
   .option('--ubuntu-tools-build', 'Builds ubuntu tools for chroot environment.')
   .option('--ubuntu-tools-test', 'Tests ubuntu tools in chroot environment.')
+  .option('--rocky-tools-build', 'Builds rocky linux tools for chroot environment.')
+  .option('--rocky-tools-test', 'Tests rocky linux tools in chroot environment.')
   .option('--bootcmd <bootcmd-list>', 'Comma-separated list of boot commands to execute.')
   .option('--runcmd <runcmd-list>', 'Comma-separated list of run commands to execute.')
   .option('--logs <log-id>', 'Displays logs for log id: dhcp, cloud, machine, cloud-config.')

package/src/cli/lxd.js

@@ -74,8 +74,8 @@ class UnderpostLxd {
       const npmRoot = getNpmRootPath();
       const underpostRoot = options?.dev === true ? '.' : `${npmRoot}/underpost`;
       if (options.reset === true) {
-        shellExec(`sudo systemctl stop snap.lxd.daemon || true`);
-        shellExec(`sudo snap remove lxd --purge || true`);
+        shellExec(`sudo systemctl stop snap.lxd.daemon`);
+        shellExec(`sudo snap remove lxd --purge`);
       }
       if (options.install === true) shellExec(`sudo snap install lxd`);
       if (options.init === true) {
@@ -213,7 +213,7 @@ ipv6.address=none`);
         for (const port of ports.split(',')) {
           for (const protocol of protocols) {
             const deviceName = `${vmName}-${protocol}-port-${port}`;
-            shellExec(`lxc config device remove ${vmName} ${deviceName} || true`); // Use || true to prevent error if device doesn't exist
+            shellExec(`lxc config device remove ${vmName} ${deviceName}`); // Use to prevent error if device doesn't exist
             shellExec(
               `lxc config device add ${vmName} ${deviceName} proxy listen=${protocol}:${hostIp}:${port} connect=${protocol}:${vmIp}:${port} nat=true`,
             );

package/src/cli/repository.js

@@ -679,7 +679,7 @@ Prevent build private config repo.`,
 
     /**
      * Internal method to recursively fetch and copy files from GitHub API.
-     * @private
+     * @method
      * @param {object} options - Fetch options.
      * @param {string} options.apiUrl - The GitHub API URL.
      * @param {string} options.targetPath - The local target path.

package/src/cli/run.js

@@ -313,6 +313,7 @@ class UnderpostRun {
       console.log('Loading fordward services...');
       await timer(5000);
       shellExec(`node bin metadata --generate ${path}`);
+      shellExec(`node bin db --dev --clean-fs-collection dd`);
       shellExec(`node bin run kill '${ports}'`);
     },
 
@@ -925,7 +926,7 @@ EOF
         shellExec(`docker exec -i kind-worker bash -c "mkdir -p ${volumeHostPath}"`);
         shellExec(`docker cp ${volumeHostPath}/engine kind-worker:${volumeHostPath}/engine`);
         shellExec(
-          `docker exec -i kind-worker bash -c "chown -R 1000:1000 ${volumeHostPath} || true; chmod -R 755 ${volumeHostPath}"`,
+          `docker exec -i kind-worker bash -c "chown -R 1000:1000 ${volumeHostPath}; chmod -R 755 ${volumeHostPath}"`,
         );
       } else {
         shellExec(`kubectl apply -f ${options.underpostRoot}/manifests/pv-pvc-dd.yaml -n ${options.namespace}`);

package/src/cli/ssh.js

@@ -22,7 +22,7 @@ class UnderpostSSH {
   static API = {
     /**
      * Loads configuration node from disk or returns default empty config.
-     * @private
+     * @method
      * @function loadConfigNode
      * @memberof UnderpostSSH
      * @param {string} deployId - Deployment ID for the config path
@@ -37,7 +37,7 @@ class UnderpostSSH {
 
     /**
      * Saves configuration node to disk.
-     * @private
+     * @method
      * @function saveConfigNode
      * @memberof UnderpostSSH
      * @param {string} confNodePath - Path to the configuration file
@@ -50,7 +50,7 @@ class UnderpostSSH {
 
     /**
      * Checks if a system user exists.
-     * @private
+     * @method
      * @function checkUserExists
      * @memberof UnderpostSSH
      * @param {string} username - Username to check
@@ -66,7 +66,7 @@ class UnderpostSSH {
 
     /**
      * Gets the home directory for a given user.
-     * @private
+     * @method
      * @function getUserHome
      * @memberof UnderpostSSH
      * @param {string} username - Username to get home directory for
@@ -81,7 +81,7 @@ class UnderpostSSH {
 
     /**
      * Creates a system user with password and groups.
-     * @private
+     * @method
      * @function createSystemUser
      * @memberof UnderpostSSH
      * @param {string} username - Username to create
@@ -101,7 +101,7 @@ class UnderpostSSH {
 
     /**
      * Ensures SSH directory exists with proper permissions.
-     * @private
+     * @method
      * @function ensureSSHDirectory
      * @memberof UnderpostSSH
      * @param {string} sshDir - Path to SSH directory
@@ -116,7 +116,7 @@ class UnderpostSSH {
 
     /**
      * Sets proper permissions on SSH files.
-     * @private
+     * @method
      * @function setSSHFilePermissions
      * @memberof UnderpostSSH
      * @param {string} sshDir - SSH directory path
@@ -135,7 +135,7 @@ class UnderpostSSH {
 
     /**
      * Configures authorized_keys for a user.
-     * @private
+     * @method
      * @function configureAuthorizedKeys
      * @memberof UnderpostSSH
      * @param {string} sshDir - SSH directory path
@@ -155,7 +155,7 @@ EOF`);
 
     /**
      * Configures known_hosts with SSH server keys.
-     * @private
+     * @method
      * @function configureKnownHosts
      * @memberof UnderpostSSH
      * @param {string} sshDir - SSH directory path
@@ -171,7 +171,7 @@ EOF`);
 
     /**
      * Configures sudoers for passwordless sudo or sets user password.
-     * @private
+     * @method
      * @function configureSudoAccess
      * @memberof UnderpostSSH
      * @param {string} username - Username to configure

package/src/client/components/core/Account.js

@@ -1,4 +1,5 @@
 import { UserService } from '../../services/user/user.service.js';
+import { FileService } from '../../services/file/file.service.js';
 import { Auth } from './Auth.js';
 import { BtnIcon } from './BtnIcon.js';
 import { newInstance, s4 } from './CommonJs.js';
@@ -8,10 +9,15 @@ import { fileFormDataFactory, Input } from './Input.js';
 import { LogIn } from './LogIn.js';
 import { Modal } from './Modal.js';
 import { NotificationManager } from './NotificationManager.js';
+import { ToggleSwitch } from './ToggleSwitch.js';
 import { Translate } from './Translate.js';
 import { Validator } from './Validator.js';
 import { append, htmls, s } from './VanillaJs.js';
 import { getProxyPath } from './Router.js';
+import { getApiBaseUrl } from '../../services/core/core.service.js';
+import { loggerFactory } from './Logger.js';
+
+const logger = loggerFactory(import.meta);
 
 const Account = {
   UpdateEvent: {},
@@ -30,7 +36,10 @@ const Account = {
               style="opacity: 1"
               ${LogIn.Scope.user.main.model.user.profileImage
                 ? `src="${LogIn.Scope.user.main.model.user.profileImage.imageSrc}"`
-                : ''}
+                : `src="${getApiBaseUrl({
+                    id: 'assets/avatar',
+                    endpoint: 'user',
+                  })}"`}
             />
           </div>
           <div class="abs center account-profile-image-loading" style="color: white"></div>`,
@@ -40,7 +49,7 @@ const Account = {
         {
           model: 'username',
           id: `account-username`,
-          rules: [{ type: 'isEmpty' }, { type: 'isLength', options: { min: 2, max: 20 } }],
+          rules: [{ type: 'isEmpty' }, { type: 'isLength', options: { min: 2, max: 20 } }, { type: 'isValidUsername' }],
         },
         { model: 'email', id: `account-email`, rules: [{ type: 'isEmpty' }, { type: 'isEmail' }] },
         {
@@ -49,11 +58,18 @@ const Account = {
           id: `account-password`,
           rules: [{ type: 'isStrongPassword' }],
         },
+        {
+          model: 'briefDescription',
+          id: `account-brief-description`,
+          defaultValue: 'Uploader',
+          rules: [{ type: 'isLength', options: { min: 0, max: 200 } }],
+        },
       ];
 
       this.formData = formData;
 
       this.instanceModalUiEvents = async ({ user }) => {
+        const accountInstance = this;
         const validators = await Validator.instance(formData);
 
         for (const inputData of formData) {
@@ -62,18 +78,41 @@ const Account = {
         }
         let lastUser;
         const submit = async () => {
-          lastUser = newInstance(user);
-          const { successKeys } = await validators();
-          if (successKeys.length === 0) return;
+          // Always get the current user from LogIn.Scope to avoid stale closure references
+          const currentUser = LogIn.Scope.user.main.model.user;
+          if (!currentUser || !currentUser._id) {
+            NotificationManager.Push({
+              html: Translate.Render('error-user-not-authenticated'),
+              status: 'error',
+            });
+            return;
+          }
+          // Guest users cannot submit form
+          if (currentUser.role === 'guest') {
+            NotificationManager.Push({
+              html: Translate.Render('error-user-not-authenticated'),
+              status: 'error',
+            });
+            return;
+          }
+          lastUser = newInstance(currentUser);
+          const { successKeys, errorKeys, errorMessage } = await validators();
+          if (errorMessage) {
+            NotificationManager.Push({
+              html: `${errorKeys.map((e) => Translate.Render(e.replace('account-', '')))} ${errorMessage}`,
+            });
+            return;
+          }
           const body = {};
           for (const inputData of formData) {
-            if (!s(`.${inputData.id}`).value || s(`.${inputData.id}`).value === 'undefined') continue;
+            const value = s(`.${inputData.id}`).value;
+            if (!value || value === 'undefined') continue;
             if ('model' in inputData && successKeys.includes(inputData.id)) {
-              body[inputData.model] = s(`.${inputData.id}`).value;
-              user[inputData.model] = s(`.${inputData.id}`).value;
+              body[inputData.model] = value;
+              currentUser[inputData.model] = value;
             }
           }
-          const result = await UserService.put({ id: user._id, body });
+          const result = await UserService.put({ id: currentUser._id, body });
           NotificationManager.Push({
             html:
               result.status === 'error' && result.message
@@ -82,12 +121,18 @@ const Account = {
             status: result.status,
           });
           if (result.status === 'success') {
-            user = result.data;
-            this.triggerUpdateEvent({ user });
-            if (lastUser.emailConfirmed !== user.emailConfirmed) {
-              this.renderVerifyEmailStatus(user);
+            const updatedUser = result.data;
+            // Preserve profileImage from scope if it exists
+            const existingProfileImage = LogIn.Scope.user.main.model.user.profileImage;
+            LogIn.Scope.user.main.model.user = { ...updatedUser };
+            if (existingProfileImage && !updatedUser.profileImage) {
+              LogIn.Scope.user.main.model.user.profileImage = existingProfileImage;
             }
-            lastUser = newInstance(user);
+            accountInstance.triggerUpdateEvent({ user: updatedUser });
+            if (lastUser.emailConfirmed !== updatedUser.emailConfirmed) {
+              accountInstance.renderVerifyEmailStatus(updatedUser);
+            }
+            lastUser = newInstance(updatedUser);
           }
         };
         EventsUI.onClick(`.btn-account`, async (e) => {
@@ -102,6 +147,23 @@ const Account = {
         if (s(`.btn-confirm-email`))
           EventsUI.onClick(`.btn-confirm-email`, async (e) => {
             e.preventDefault();
+            // Check if user is authenticated
+            const currentUser = LogIn.Scope.user.main.model.user;
+            if (!currentUser || !currentUser._id) {
+              NotificationManager.Push({
+                html: Translate.Render('error-user-not-authenticated'),
+                status: 'error',
+              });
+              return;
+            }
+            // Guest users cannot verify email
+            if (currentUser.role === 'guest') {
+              NotificationManager.Push({
+                html: Translate.Render('error-user-not-authenticated'),
+                status: 'error',
+              });
+              return;
+            }
             const result = await UserService.post({
               id: 'mailer/verify-email',
               body: {
@@ -115,7 +177,8 @@ const Account = {
               status: result.status,
             });
           });
-        this.renderVerifyEmailStatus(user);
+        const currentUser = LogIn.Scope.user.main.model.user;
+        accountInstance.renderVerifyEmailStatus(currentUser || user);
 
         s(`.${waveAnimationId}`).style.cursor = 'pointer';
         s(`.${waveAnimationId}`).onclick = async (e) => {
@@ -129,20 +192,79 @@ const Account = {
             s(`.account-profile-image`).style.opacity = 0;
             const formFile = fileFormDataFactory(e, profileFileAccept);
 
+            // Always get the current user from LogIn.Scope
+            const currentUser = LogIn.Scope.user.main.model.user;
+            if (!currentUser || !currentUser._id) {
+              NotificationManager.Push({
+                html: Translate.Render('error-user-not-authenticated'),
+                status: 'error',
+              });
+              s(`.account-profile-image`).style.opacity = 1;
+              return;
+            }
+            // Guest users cannot upload profile images
+            if (currentUser.role === 'guest') {
+              NotificationManager.Push({
+                html: Translate.Render('error-user-not-authenticated'),
+                status: 'error',
+              });
+              s(`.account-profile-image`).style.opacity = 1;
+              return;
+            }
+
             const { status, data } = await UserService.put({
-              id: `profile-image/${user._id}`,
+              id: `profile-image/${currentUser._id}`,
               body: formFile,
               headerId: 'file',
             });
 
             if (status === 'success') {
-              user.profileImageId = data.profileImageId;
+              currentUser.profileImageId = data.profileImageId;
+              LogIn.Scope.user.main.model.user = { ...currentUser };
               delete LogIn.Scope.user.main.model.user.profileImage;
-              await LogIn.Trigger({ user });
-              s(`.account-profile-image`).src = LogIn.Scope.user.main.model.user.profileImage.imageSrc;
+
+              const defaultAvatarUrl = getApiBaseUrl({
+                id: 'assets/avatar',
+                endpoint: 'user',
+              });
+
+              // Fetch the new image immediately
+              let newImageSrc = defaultAvatarUrl;
+              try {
+                const resultFile = await FileService.get({ id: data.profileImageId });
+                if (resultFile && resultFile.status === 'success' && resultFile.data[0]) {
+                  const imageData = resultFile.data[0];
+
+                  if (!imageData.data?.data && imageData._id) {
+                    newImageSrc = getApiBaseUrl({ id: imageData._id, endpoint: 'file/blob' });
+                  } else if (imageData.data?.data) {
+                    const imageBlob = new Blob([new Uint8Array(imageData.data.data)], { type: imageData.mimetype });
+                    const imageFile = new File([imageBlob], imageData.name, { type: imageData.mimetype });
+                    newImageSrc = URL.createObjectURL(imageFile);
+                  }
+
+                  LogIn.Scope.user.main.model.user.profileImage = {
+                    resultFile,
+                    imageData,
+                    imageSrc: newImageSrc,
+                  };
+                }
+              } catch (error) {
+                logger.warn('Error fetching new profile image:', error);
+              }
+
+              // Update both images immediately
+              s(`.account-profile-image`).src = newImageSrc;
+              const topbarImg = s(`.top-box-profile-img`);
+              if (topbarImg) topbarImg.src = newImageSrc;
+
+              NotificationManager.Push({
+                html: Translate.Render('success-update-user'),
+                status: 'success',
+              });
             } else {
               NotificationManager.Push({
-                html: Translate.Render('file-upload-failed'),
+                html: data?.message || Translate.Render('file-upload-failed'),
                 status: 'error',
               });
             }
@@ -177,9 +299,116 @@ const Account = {
           },
           { context: 'modal' },
         );
+        EventsUI.onClick(`.btn-brief-description-update`, async (e) => {
+          e.preventDefault();
+          const descriptionValue = s(`.account-brief-description`).value;
+          if (!descriptionValue || descriptionValue === 'undefined' || descriptionValue.trim() === '') {
+            NotificationManager.Push({
+              html: Translate.Render('brief-description-cannot-be-empty'),
+              status: 'error',
+            });
+            return;
+          }
+          // Always get the current user from LogIn.Scope
+          const currentUser = LogIn.Scope.user.main.model.user;
+          if (!currentUser || !currentUser._id) {
+            NotificationManager.Push({
+              html: Translate.Render('error-user-not-authenticated'),
+              status: 'error',
+            });
+            return;
+          }
+          // Guest users cannot update brief description
+          if (currentUser.role === 'guest') {
+            NotificationManager.Push({
+              html: Translate.Render('error-user-not-authenticated'),
+              status: 'error',
+            });
+            return;
+          }
+          const result = await UserService.put({ id: currentUser._id, body: { briefDescription: descriptionValue } });
+          NotificationManager.Push({
+            html:
+              result.status === 'error' && result.message
+                ? result.message
+                : Translate.Render(`${result.status}-update-user`),
+            status: result.status,
+          });
+          if (result.status === 'success') {
+            currentUser.briefDescription = descriptionValue;
+            // Preserve profileImage from scope
+            const existingProfileImage = LogIn.Scope.user.main.model.user.profileImage;
+            LogIn.Scope.user.main.model.user.briefDescription = descriptionValue;
+            if (existingProfileImage) {
+              LogIn.Scope.user.main.model.user.profileImage = existingProfileImage;
+            }
+            accountInstance.triggerUpdateEvent({ user: currentUser });
+          }
+        });
+
+        // Setup public profile toggle handler
+        setTimeout(() => {
+          if (ToggleSwitch.Tokens['account-public-profile']) {
+            const originalClick = ToggleSwitch.Tokens['account-public-profile'].click;
+            ToggleSwitch.Tokens['account-public-profile'].click = async function () {
+              originalClick.call(this);
+              const isChecked = s(`.account-public-profile-checkbox`).checked;
+              // Always get the current user from LogIn.Scope
+              const currentUser = LogIn.Scope.user.main.model.user;
+              if (!currentUser || !currentUser._id) {
+                NotificationManager.Push({
+                  html: Translate.Render('error-user-not-authenticated'),
+                  status: 'error',
+                });
+                return;
+              }
+              // Guest users cannot toggle public profile
+              if (currentUser.role === 'guest') {
+                NotificationManager.Push({
+                  html: Translate.Render('error-user-not-authenticated'),
+                  status: 'error',
+                });
+                return;
+              }
+              const result = await UserService.put({ id: currentUser._id, body: { publicProfile: isChecked } });
+              NotificationManager.Push({
+                html:
+                  result.status === 'error' && result.message
+                    ? result.message
+                    : Translate.Render(`${result.status}-update-user`),
+                status: result.status,
+              });
+              if (result.status === 'success') {
+                currentUser.publicProfile = isChecked;
+                // Preserve profileImage from scope
+                const existingProfileImage = LogIn.Scope.user.main.model.user.profileImage;
+                LogIn.Scope.user.main.model.user.publicProfile = isChecked;
+                if (existingProfileImage) {
+                  LogIn.Scope.user.main.model.user.profileImage = existingProfileImage;
+                }
+                accountInstance.triggerUpdateEvent({ user: currentUser });
+              }
+            };
+
+            // Override wrapper click handler to use our custom handler
+            const wrapperElement = s(`.toggle-form-container-account-public-profile`);
+            if (wrapperElement) {
+              wrapperElement.onclick = () => ToggleSwitch.Tokens['account-public-profile'].click();
+            }
+          }
+        });
         EventsUI.onClick(`.btn-account-delete`, async (e) => {
           e.preventDefault();
-          const result = await UserService.delete({ id: user._id });
+          // Always get the current user from LogIn.Scope
+          const currentUser = LogIn.Scope.user.main.model.user;
+          if (!currentUser || !currentUser._id) {
+            NotificationManager.Push({
+              html: Translate.Render('error-user-not-authenticated'),
+              status: 'error',
+            });
+            return;
+          }
+          const result = await UserService.delete({ id: currentUser._id });
           NotificationManager.Push({
             html: result.status === 'error' ? result.message : Translate.Render(`success-delete-account`),
             status: result.status,
@@ -233,16 +462,17 @@ const Account = {
             autocomplete: 'email',
             disabled: user.emailConfirmed,
             extension: !(options && options.disabled && options.disabled.includes('emailConfirm'))
-              ? async () => html`<div class="in verify-email-status"></div>
-                  ${await BtnIcon.Render({
-                    class: `in wfa btn-input-extension btn-confirm-email`,
-                    type: 'button',
-                    style: 'text-align: left',
-                    label: html`<div class="in">
-                      <i class="fa-solid fa-paper-plane"></i> ${Translate.Render('send')}
-                      ${Translate.Render('verify-email')}
-                    </div> `,
-                  })}`
+              ? async () =>
+                  html`<div class="in verify-email-status"></div>
+                    ${await BtnIcon.Render({
+                      class: `in wfa btn-input-extension btn-confirm-email`,
+                      type: 'button',
+                      style: 'text-align: left',
+                      label: html`<div class="in">
+                        <i class="fa-solid fa-paper-plane"></i> ${Translate.Render('send')}
+                        ${Translate.Render('verify-email')}
+                      </div> `,
+                    })}`
               : undefined,
           })}
         </div>
@@ -265,6 +495,31 @@ const Account = {
               })}`,
           })}
         </div>
+        <div class="in">
+          ${await Input.Render({
+            id: `account-brief-description`,
+            label: html`<i class="fa-solid fa-pen-fancy"></i> ${Translate.Render('brief-description')}`,
+            containerClass: 'inl section-mp width-mini-box input-container',
+            placeholder: true,
+            rows: 4,
+            extension: async () =>
+              html`${await BtnIcon.Render({
+                class: `in wfa btn-input-extension btn-brief-description-update`,
+                type: 'button',
+                style: 'text-align: left',
+                label: html`${Translate.Render(`update`)}`,
+              })}`,
+          })}
+        </div>
+        <div class="in section-mp">
+          ${await ToggleSwitch.Render({
+            wrapper: true,
+            wrapperLabel: html`<i class="fa-solid fa-globe"></i> ${Translate.Render('public-profile')}`,
+            id: 'account-public-profile',
+            disabledOnClick: true,
+            checked: user.publicProfile ? true : false,
+          })}
+        </div>
         ${options?.bottomRender ? await options.bottomRender() : ``}
         <div class="in hide">
           ${await BtnIcon.Render({
@@ -312,13 +567,49 @@ const Account = {
   instanceModalUiEvents: async (user) => null,
   updateForm: async function (user) {
     if (!s(`.modal-account`)) return;
-    await this.instanceModalUiEvents({ user });
+
+    // Always sync the current user data into LogIn.Scope, preserving profileImage if it exists
+    if (user && user._id) {
+      const existingProfileImage = LogIn.Scope.user.main.model.user.profileImage;
+      LogIn.Scope.user.main.model.user = { ...user };
+      // Preserve existing profileImage if new user doesn't have one
+      if (existingProfileImage && !user.profileImage) {
+        LogIn.Scope.user.main.model.user.profileImage = existingProfileImage;
+      }
+    }
+
+    // Use the current user from scope to ensure we have the latest data
+    const currentUser = LogIn.Scope.user.main.model.user;
+    if (!currentUser || !currentUser._id) {
+      return;
+    }
+
+    await this.instanceModalUiEvents({ user: currentUser });
     s(`.account-profile-image`).style.opacity = 0;
     for (const inputData of this.formData)
-      if (s(`.${inputData.id}`)) s(`.${inputData.id}`).value = user[inputData.model];
-    if (LogIn.Scope.user.main.model.user.profileImage) {
-      s(`.account-profile-image`).src = LogIn.Scope.user.main.model.user.profileImage.imageSrc;
-      s(`.account-profile-image`).style.opacity = 1;
+      if (s(`.${inputData.id}`)) s(`.${inputData.id}`).value = currentUser[inputData.model];
+
+    // Update profile image - always show default avatar as fallback (skip for guest users)
+    const profileImageElement = s(`.account-profile-image`);
+    const defaultAvatarUrl = getApiBaseUrl({
+      id: 'assets/avatar',
+      endpoint: 'user',
+    });
+
+    if (currentUser.role !== 'guest' && profileImageElement) {
+      // Show custom image if available, otherwise default avatar
+      const customImageSrc = LogIn.Scope.user.main.model.user.profileImage?.imageSrc;
+      profileImageElement.src = customImageSrc || defaultAvatarUrl;
+      profileImageElement.style.opacity = 1;
+    } else if (profileImageElement) {
+      profileImageElement.style.opacity = 0;
+    }
+
+    // update public profile toggle
+    if (ToggleSwitch.Tokens['account-public-profile']) {
+      if (currentUser.publicProfile && !s(`.account-public-profile-checkbox`).checked) {
+        ToggleSwitch.Tokens['account-public-profile'].click();
+      }
     }
   },
 };