@underpostnet/underpost 3.0.3 → 3.1.0

package/src/client/components/core/FileExplorer.js

@@ -544,10 +544,13 @@ const FileExplorer = {
         this.eGui = document.createElement('div');
         const isPublic = params.data.isPublic;
         const toggleId = `toggle-public-${params.data._id}`;
+        const hasGenericFile = !!params.data.hasGenericFile;
+        const hasMdFile = !!params.data.hasMdFile;
+
         this.eGui.innerHTML = html`
           <div class="fl">
             ${await BtnIcon.Render({
-              class: `in fll management-table-btn-mini btn-file-download-${params.data._id}`,
+              class: `in fll management-table-btn-mini btn-file-download-${params.data._id}${!hasGenericFile ? ' btn-disabled' : ''}`,
               label: html` <i class="fas fa-download"></i>`,
               type: 'button',
             })}
@@ -562,10 +565,15 @@ const FileExplorer = {
               type: 'button',
             })}
             ${await BtnIcon.Render({
-              class: `in fll management-table-btn-mini btn-file-copy-content-link-${params.data._id}`,
+              class: `in fll management-table-btn-mini btn-file-copy-content-link-${params.data._id}${!hasGenericFile ? ' btn-disabled' : ''}`,
               label: html`<i class="fas fa-copy"></i>`,
               type: 'button',
             })}
+            ${await BtnIcon.Render({
+              class: `in fll management-table-btn-mini btn-file-copy-md-link-${params.data._id}${!hasMdFile ? ' btn-disabled' : ''}`,
+              label: html`<i class="fas fa-file-code"></i>`,
+              type: 'button',
+            })}
             ${await BtnIcon.Render({
               class: `in fll management-table-btn-mini btn-file-edit-${params.data._id}`,
               label: html`<i class="fas fa-edit"></i>`,
@@ -591,11 +599,46 @@ const FileExplorer = {
               ? getApiBaseUrl({ id: originObj.fileId._id, endpoint: 'file/blob' })
               : undefined;
 
+          const mdBlobUri =
+            originObj && originObj.mdFileId
+              ? getApiBaseUrl({ id: originObj.mdFileId._id, endpoint: 'file/blob' })
+              : undefined;
+
           if (!originObj) {
             s(`.btn-file-view-${params.data._id}`).classList.add('hide');
             s(`.btn-file-copy-content-link-${params.data._id}`).classList.add('hide');
           }
 
+          // Disable download button if no generic file
+          if (!hasGenericFile) {
+            const dlBtn = s(`.btn-file-download-${params.data._id}`);
+            if (dlBtn) {
+              dlBtn.style.opacity = '0.4';
+              dlBtn.style.cursor = 'not-allowed';
+              dlBtn.style.pointerEvents = 'none';
+            }
+          }
+
+          // Disable copy generic file link button if no generic file
+          if (!hasGenericFile) {
+            const copyBtn = s(`.btn-file-copy-content-link-${params.data._id}`);
+            if (copyBtn) {
+              copyBtn.style.opacity = '0.4';
+              copyBtn.style.cursor = 'not-allowed';
+              copyBtn.style.pointerEvents = 'none';
+            }
+          }
+
+          // Disable copy md file link button if no md file
+          if (!hasMdFile) {
+            const mdCopyBtn = s(`.btn-file-copy-md-link-${params.data._id}`);
+            if (mdCopyBtn) {
+              mdCopyBtn.style.opacity = '0.4';
+              mdCopyBtn.style.cursor = 'not-allowed';
+              mdCopyBtn.style.pointerEvents = 'none';
+            }
+          }
+
           EventsUI.onClick(`.btn-file-view-${params.data._id}`, async (e) => {
             e.preventDefault();
             if (location.href !== url) {
@@ -606,6 +649,7 @@ const FileExplorer = {
 
           EventsUI.onClick(`.btn-file-copy-content-link-${params.data._id}`, async (e) => {
             e.preventDefault();
+            if (!hasGenericFile || !blobUri) return;
             await copyData(blobUri);
             NotificationManager.Push({
               html: Translate.Render('success-copy-data'),
@@ -613,10 +657,21 @@ const FileExplorer = {
             });
           });
 
+          EventsUI.onClick(`.btn-file-copy-md-link-${params.data._id}`, async (e) => {
+            e.preventDefault();
+            if (!hasMdFile || !mdBlobUri) return;
+            await copyData(mdBlobUri);
+            NotificationManager.Push({
+              html: Translate.Render('success-copy-data'),
+              status: 'success',
+            });
+          });
+
           EventsUI.onClick(`.btn-file-download-${params.data._id}`, async (e) => {
             e.preventDefault();
+            if (!hasGenericFile) return;
             try {
-              // Use FileService with blob/ prefix for centralized blob fetching
+              // Use FileService with blob/ prefix for blob fetching
               const { data: blobArray, status } = await FileService.get({ id: `blob/${params.data.fileId}` });
               if (status === 'success' && blobArray && blobArray[0]) {
                 downloadFile(blobArray[0], params.data.name);
@@ -721,6 +776,12 @@ const FileExplorer = {
                     documentInstance[docIndex].isPublic = data.isPublic;
                   }
 
+                  // Refresh the isPublic column cell in the grid
+                  const rowNode = AgGrid.grids[gridFileId].getRowNode(params.node.id);
+                  if (rowNode) {
+                    rowNode.setDataValue('isPublic', data.isPublic);
+                  }
+
                   // Update button icon
                   const btnElement = s(`.${toggleId}`);
                   if (btnElement) {
@@ -1347,7 +1408,13 @@ const FileExplorer = {
                     { field: 'name', flex: 2, headerName: 'Title', cellRenderer: LoadFileNameRenderer },
                     { field: 'mdFileName', flex: 1, headerName: 'MD File Name' },
                     { field: 'fileName', flex: 1, headerName: 'Generic File Name' },
-                    { headerName: '', width: 150, cellRenderer: LoadFileActionsRenderer },
+                    {
+                      field: 'isPublic',
+                      headerName: 'Public',
+                      width: 90,
+                      cellDataType: 'boolean',
+                    },
+                    { headerName: '', width: 180, cellRenderer: LoadFileActionsRenderer },
                   ],
                 },
               })}

package/src/client/components/core/Input.js

@@ -101,7 +101,7 @@ const getFileFromFileData = (fileData) => {
 /**
  * Fetch file content from blob endpoint and create File object.
  * Used for metadata-only format files during edit mode.
- * Uses FileService with blob/ prefix for centralized blob fetching.
+ * Uses FileService with blob/ prefix for blob fetching.
  *
  * @async
  * @function getFileFromBlobEndpoint

package/src/client/components/core/Modal.js

@@ -2424,20 +2424,34 @@ const Modal = {
   },
 };
 
-const renderMenuLabel = ({ img, text, icon }) => {
-  if (!img) return html`<span class="inl menu-btn-icon">${icon}</span> ${text}`;
-  return html`<img class="abs center img-btn-square-menu" src="${getProxyPath()}assets/ui-icons/${img}" />
+const renderMenuLabel = ({ img, src, text, icon }) => {
+  if (!img && !src) return html`<span class="inl menu-btn-icon">${icon}</span> ${text}`;
+  const imgSrc = src ? src : `${getProxyPath()}assets/ui-icons/${img}`;
+  return html`<img class="abs center img-btn-square-menu" src="${imgSrc}" />
     <div class="abs center main-btn-menu-text">${text}</div>`;
 };
 
 const renderViewTitle = (
-  options = { icon: '', img: '', text: '', assetFolder: '', 'ui-icons': '', dim, top, topText: '' },
+  options = {
+    icon: '',
+    img: '',
+    text: '',
+    assetFolder: '',
+    'ui-icon': '',
+    imgClass: '',
+    textClass: '',
+    dim,
+    top,
+    topText: '',
+  },
 ) => {
   if (options.dim === undefined) options.dim = 30;
   const { img, text, icon, dim, top } = options;
   if (!img && !options['ui-icon']) return html`<span class="view-title-icon">${icon}</span> ${text}`;
+  const imgClass = options.imgClass || 'abs img-btn-square-view-title';
+  const textClass = options.textClass || 'in text-btn-square-view-title';
   return html`<img
-      class="abs img-btn-square-view-title"
+      class="${imgClass}"
       style="${renderCssAttr({
         style: {
           width: `${dim}px`,
@@ -2450,7 +2464,7 @@ const renderViewTitle = (
         : img}"
     />
     <div
-      class="in text-btn-square-view-title"
+      class="${textClass}"
       style="${renderCssAttr({
         style: {
           // 'padding-left': `${20 + dim}px`,

package/src/client/public/default/sitemap

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<xsl:stylesheet version="2.0"
+<xsl:stylesheet version="1.0"
     xmlns:html="http://www.w3.org/TR/REC-html40"
     xmlns:image="http://www.google.com/schemas/sitemap-image/1.1"
     xmlns:sitemap="http://www.sitemaps.org/schemas/sitemap/0.9"
@@ -67,7 +67,7 @@
                 <div id="content">
                     <h1>XML Sitemap</h1>
                     <p class="desc"> This is a sitemap generated by <a
-                            href="https://www.nexodev.org">nexodev.org</a>
+                            href="{{web-url}}">{{web-url}}</a>
                     </p>
                     <xsl:if test="count(sitemap:sitemapindex/sitemap:sitemap) &gt; 0">
                         <table id="sitemap" cellpadding="3">
@@ -145,4 +145,4 @@
         </html>
 
     </xsl:template>
-</xsl:stylesheet>
+</xsl:stylesheet>

package/src/client/public/test/sitemap

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<xsl:stylesheet version="2.0"
+<xsl:stylesheet version="1.0"
     xmlns:html="http://www.w3.org/TR/REC-html40"
     xmlns:image="http://www.google.com/schemas/sitemap-image/1.1"
     xmlns:sitemap="http://www.sitemaps.org/schemas/sitemap/0.9"
@@ -67,7 +67,7 @@
                 <div id="content">
                     <h1>XML Sitemap</h1>
                     <p class="desc"> This is a sitemap generated by <a
-                            href="https://www.nexodev.org">nexodev.org</a>
+                            href="{{web-url}}">{{web-url}}</a>
                     </p>
                     <xsl:if test="count(sitemap:sitemapindex/sitemap:sitemap) &gt; 0">
                         <table id="sitemap" cellpadding="3">
@@ -145,4 +145,4 @@
         </html>
 
     </xsl:template>
-</xsl:stylesheet>
+</xsl:stylesheet>

package/src/client.build.js

@@ -3,14 +3,11 @@
 // https://nodejs.org/api
 // https://expressjs.com/en/4x/api.html
 
-import dotenv from 'dotenv';
 import { loggerFactory } from './server/logger.js';
 import { Config } from './server/conf.js';
 import { ProcessController } from './server/process.js';
 import { clientLiveBuild } from './server/client-build-live.js';
 
-dotenv.config();
-
 await Config.build();
 
 const logger = loggerFactory(import.meta);

package/src/client.dev.js

@@ -3,14 +3,11 @@
 // https://nodejs.org/api
 // https://expressjs.com/en/4x/api.html
 
-import dotenv from 'dotenv';
 import { loggerFactory } from './server/logger.js';
 import { ProcessController } from './server/process.js';
 import { Config, buildClientStaticConf } from './server/conf.js';
 import { createClientDevServer } from './server/client-dev-server.js';
 
-dotenv.config();
-
 const logger = loggerFactory(import.meta);
 
 await logger.setUpInfo();

package/src/db/DataBaseProvider.js

@@ -13,7 +13,7 @@ const logger = loggerFactory(import.meta);
  * @class
  * @alias DataBaseProviderService
  * @memberof DataBaseProviderService
- * @classdesc Centralized service for loading, managing, and accessing multiple database connections
+ * @classdesc Service for loading, managing, and accessing multiple database connections
  * based on application configuration (host, path, provider type).
  */
 class DataBaseProviderService {
@@ -81,7 +81,22 @@ class DataBaseProviderService {
       }
       return this.#instance[key][db.provider];
     } catch (error) {
-      logger.error(error, { error: error.stack, options });
+      // Sanitize options to prevent credential exposure in logs
+      const safeOptions = {
+        apis: options.apis,
+        host: options.host,
+        path: options.path,
+        db: options.db
+          ? {
+              provider: options.db.provider,
+              name: options.db.name ? '***' : undefined,
+              host: options.db.host ? '***' : undefined,
+              user: options.db.user ? '***' : undefined,
+              password: options.db.password ? '***' : undefined,
+            }
+          : {},
+      };
+      logger.error(error.message, { safeOptions });
       return undefined;
     }
   }

package/src/db/mariadb/MariaDB.js

@@ -16,6 +16,11 @@ const logger = loggerFactory(import.meta);
  * @memberof MariaDBService
  * @classdesc Provides a simplified interface for executing queries against a MariaDB/MySQL database
  * using a connection pool, ensuring connection management (acquisition and release).
+ *
+ * Connection credentials are resolved in the following order:
+ * 1. Explicit values passed in the `options` parameter.
+ * 2. Environment variables (`MARIADB_HOST`, `MARIADB_PORT`, `MARIADB_USER`, `MARIADB_PASSWORD`).
+ * 3. Safe built-in defaults (`127.0.0.1`, `3306`, `root`, empty password).
  */
 class MariaDBService {
   /**
@@ -23,20 +28,20 @@ class MariaDBService {
    *
    * @async
    * @param {object} options - The database connection and query options.
-   * @param {string} [options.host='127.0.0.1'] - The database host.
-   * @param {number} [options.port=3306] - The database port.
-   * @param {string} [options.user='root'] - The database user.
-   * @param {string} [options.password=''] - The database password.
+   * @param {string} [options.host] - The database host. Falls back to `process.env.MARIADB_HOST` then `'127.0.0.1'`.
+   * @param {number} [options.port] - The database port. Falls back to `process.env.MARIADB_PORT` then `3306`.
+   * @param {string} [options.user] - The database user. Falls back to `process.env.MARIADB_USER` then `'root'`.
+   * @param {string} [options.password] - The database password. Falls back to `process.env.MARIADB_PASSWORD` then `''`.
    * @param {string} options.query - The SQL query string to execute.
    * @returns {Promise<any>} The result of the database query.
    */
   async query(options) {
     const { host, port, user, password, query } = options;
     const pool = createPool({
-      host: 'host' in options ? host : '127.0.0.1',
-      port: 'port' in options ? port : 3306,
-      user: 'user' in options ? user : 'root',
-      password: 'password' in options ? password : '',
+      host: 'host' in options ? host : process.env.MARIADB_HOST || '127.0.0.1',
+      port: 'port' in options ? port : parseInt(process.env.MARIADB_PORT, 10) || 3306,
+      user: 'user' in options ? user : process.env.MARIADB_USER || 'root',
+      password: 'password' in options ? password : process.env.MARIADB_PASSWORD || '',
     });
     let conn, result;
     try {
@@ -45,7 +50,7 @@ class MariaDBService {
       logger.info('query');
       console.log(result);
     } catch (error) {
-      logger.error(error, error.stack);
+      logger.error('MariaDB query failed', { error: error.message });
     } finally {
       if (conn) conn.release(); // release to pool
       await pool.end();

package/src/db/mongo/MongooseDB.js

@@ -16,17 +16,33 @@ const logger = loggerFactory(import.meta);
  * @memberof MongooseDBService
  * @classdesc Manages the Mongoose connection lifecycle and dynamic loading of database models
  * based on API configuration.
+ *
+ * Connection parameters are resolved in the following order:
+ * 1. Explicit values passed as arguments to {@link MongooseDBService#connect}.
+ * 2. Environment variables (`DB_HOST` for host, `DB_NAME` for database name).
+ * 3. No built-in defaults — both `host` and `name` are required from the caller or environment.
  */
 class MongooseDBService {
   /**
    * Establishes a Mongoose connection to the specified MongoDB instance.
    *
    * @async
-   * @param {string} host - The MongoDB host (e.g., 'mongodb://localhost:27017').
+   * @param {string} host - The MongoDB host URI (e.g., `'mongodb://localhost:27017'`).
+   *   Falls back to `process.env.DB_HOST` when not provided.
    * @param {string} name - The database name.
+   *   Falls back to `process.env.DB_NAME` when not provided.
    * @returns {Promise<mongoose.Connection>} A promise that resolves to the established Mongoose connection object.
+   * @throws {Error} If neither the argument nor the corresponding environment variable supplies a value.
    */
   async connect(host, name) {
+    host = host || process.env.DB_HOST;
+    name = name || process.env.DB_NAME;
+
+    if (!host || !name) {
+      const missing = [!host && 'host (DB_HOST)', !name && 'name (DB_NAME)'].filter(Boolean).join(', ');
+      throw new Error(`MongooseDBService.connect: missing required parameter(s): ${missing}`);
+    }
+
     const uri = `${host}/${name}`;
     // logger.info('MongooseDB connect', { host, name, uri });
     return await mongoose

package/src/index.js

@@ -42,7 +42,7 @@ class Underpost {
    * @type {String}
    * @memberof Underpost
    */
-  static version = 'v3.0.3';
+  static version = 'v3.1.0';
 
   /**
    * Required Node.js major version

package/src/proxy.js

@@ -3,14 +3,11 @@
 // https://nodejs.org/api
 // https://expressjs.com/en/4x/api.html
 
-import dotenv from 'dotenv';
 import { loggerFactory } from './server/logger.js';
 import { buildProxy } from './server/proxy.js';
 import { ProcessController } from './server/process.js';
 import { Config } from './server/conf.js';
 
-dotenv.config();
-
 await Config.build(process.argv[2], process.argv[3], process.argv[4]);
 
 const logger = loggerFactory(import.meta);

package/src/runtime/express/Express.js

@@ -249,7 +249,13 @@ class ExpressService {
     for (const [_, ssrMiddleware] of Object.entries(ssr)) app.use(ssrMiddleware);
 
     // Start listening on the main port
-    if (useLocalSsl && process.env.NODE_ENV === 'development') {
+    // When behind a dev proxy (isDevProxyContext), the proxy handles TLS termination,
+    // so backend servers should listen on plain HTTP to be reachable via http://localhost:PORT
+    if (
+      (useLocalSsl || process.argv.find((arg) => arg === 'tls')) &&
+      process.env.NODE_ENV === 'development' &&
+      !isDevProxyContext()
+    ) {
       if (!Underpost.tls.validateSecureContext()) shellExec(`node bin/deploy tls`);
       const { ServerSSL } = await Underpost.tls.createSslServer(app);
       await Underpost.start.listenPortController(ServerSSL, port, runningData);

package/src/runtime/lampp/Lampp.js

@@ -21,11 +21,11 @@ const logger = loggerFactory(import.meta);
 class LamppService {
   /**
    * @method
-   * @type {string | undefined}
+   * @type {string}
    * @description Stores the accumulated Apache virtual host configuration (router definition).
    * @memberof LamppService
    */
-  router;
+  router = '';
 
   /**
    * @public
@@ -42,7 +42,7 @@ class LamppService {
    * @memberof LamppService
    */
   constructor() {
-    this.router = undefined;
+    this.router = '';
     this.ports = [];
   }
 
@@ -125,7 +125,6 @@ class LamppService {
 
     // 6. Start the service
     cmd = `sudo /opt/lampp/lampp start`;
-    if (this.router) fs.writeFileSync(`./tmp/lampp-router.conf`, this.router, 'utf-8');
     shellExec(cmd);
   }
 
@@ -139,13 +138,7 @@ class LamppService {
    * @memberof LamppService
    */
   appendRouter(render) {
-    if (!this.router) {
-      if (fs.existsSync(`./tmp/lampp-router.conf`)) {
-        this.router = fs.readFileSync(`./tmp/lampp-router.conf`, 'utf-8');
-        return this.router + render;
-      }
-      return (this.router = render);
-    }
+    if (!this.router) return (this.router = render);
     return (this.router += render);
   }
 
@@ -154,10 +147,10 @@ class LamppService {
    *
    * @memberof LamppService
    * @returns {void}
+   * @method removeRouter
    */
   removeRouter() {
-    this.router = undefined;
-    if (fs.existsSync(`./tmp/lampp-router.conf`)) fs.rmSync(`./tmp/lampp-router.conf`);
+    this.router = '';
   }
 
   /**

package/src/server/auth.js

@@ -4,7 +4,6 @@
  * @namespace Auth
  */
 
-import dotenv from 'dotenv';
 import jwt from 'jsonwebtoken';
 import { loggerFactory } from './logger.js';
 import crypto from 'crypto';
@@ -19,7 +18,6 @@ import cookieParser from 'cookie-parser';
 import { DataBaseProvider } from '../db/DataBaseProvider.js';
 import { isDevProxyContext } from './conf.js';
 
-dotenv.config();
 const logger = loggerFactory(import.meta);
 
 // Promisified crypto functions
@@ -349,12 +347,7 @@ const cookieOptionsFactory = (req, host) => {
     secure,
     sameSite,
     path: '/',
-    domain:
-      process.env.NODE_ENV === 'production' ||
-      isDevProxyContext() ||
-      (req.headers.host && req.headers.host.toLocaleLowerCase().match(host))
-        ? host
-        : 'localhost',
+    domain: process.env.NODE_ENV === 'production' || isDevProxyContext() ? host : 'localhost',
     maxAge,
   };
 
@@ -389,7 +382,11 @@ async function createSessionAndUserToken(user, User, req, res, options = { host:
   };
 
   // push session
-  const updatedUser = await User.findByIdAndUpdate(user._id, { $push: { activeSessions: newSession } }, { new: true });
+  const updatedUser = await User.findByIdAndUpdate(
+    user._id,
+    { $push: { activeSessions: newSession } },
+    { returnDocument: 'after' },
+  );
   const session = updatedUser.activeSessions[updatedUser.activeSessions.length - 1];
   const jwtid = session._id.toString();
 

package/src/server/backup.js

@@ -7,10 +7,8 @@
 import fs from 'fs-extra';
 import { loggerFactory } from './logger.js';
 import { shellExec } from './process.js';
-import dotenv from 'dotenv';
 import Underpost from '../index.js';
-
-dotenv.config();
+import { loadCronDeployEnv } from './conf.js';
 
 const logger = loggerFactory(import.meta);
 
@@ -33,6 +31,7 @@ class BackUp {
    * @memberof UnderpostBakcUp
    */
   static callback = async function (deployList, options = { git: false }) {
+    loadCronDeployEnv();
     if ((!deployList || deployList === 'dd') && fs.existsSync(`./engine-private/deploy/dd.router`))
       deployList = fs.readFileSync(`./engine-private/deploy/dd.router`, 'utf8').trim();