cyberia 2.99.8 → 3.0.2

package/src/client/services/object-layer/object-layer.management.js

@@ -1,15 +1,20 @@
 import { DefaultManagement } from '../default/default.management.js';
 import { ObjectLayerService } from './object-layer.service.js';
-import { commonUserGuard } from '../../components/core/CommonJs.js';
+import { commonUserGuard, commonModeratorGuard } from '../../components/core/CommonJs.js';
 import { getProxyPath, setPath, setQueryParams } from '../../components/core/Router.js';
 import { ObjectLayerEngineModal } from '../../components/cyberia/ObjectLayerEngineModal.js';
 import { ObjectLayerEngineViewer } from '../../components/cyberia/ObjectLayerEngineViewer.js';
 import { s } from '../../components/core/VanillaJs.js';
 import { Modal } from '../../components/core/Modal.js';
 import { BtnIcon } from '../../components/core/BtnIcon.js';
+import { NotificationManager } from '../../components/core/NotificationManager.js';
+import { AgGrid } from '../../components/core/AgGrid.js';
 
 const ObjectLayerManagement = {
-  RenderTable: async ({ Elements, idModal }) => {
+  RenderTable: async ({ Elements, idModal: rawIdModal }) => {
+    const idModal = rawIdModal || 'modal-object-layer-engine-management';
+    const serviceId = 'object-layer-engine-management';
+    const gridId = `${serviceId}-grid-${idModal}`;
     const user = Elements.Data.user.main.model.user;
     const { role } = user;
 
@@ -41,9 +46,9 @@ const ObjectLayerManagement = {
                 // Navigate to viewer route first
                 setPath(`${getProxyPath()}object-layer-engine-viewer`);
                 // Then add query param without replacing history
-                setQueryParams({ cid: data._id }, { replace: true });
+                setQueryParams({ id: data._id }, { replace: true });
                 if (s(`.modal-object-layer-engine-viewer`)) {
-                  await ObjectLayerEngineViewer.Reload({ Elements });
+                  await ObjectLayerEngineViewer.Reload({ Elements, force: true });
                 }
                 s(`.main-btn-object-layer-engine-viewer`).click();
               });
@@ -87,7 +92,7 @@ const ObjectLayerManagement = {
                 // Navigate to editor route first
                 setPath(`${getProxyPath()}object-layer-engine`);
                 // Then add query param without replacing history
-                setQueryParams({ cid: data._id }, { replace: true });
+                setQueryParams({ id: data._id }, { replace: true });
                 if (s(`.modal-object-layer-engine`)) await ObjectLayerEngineModal.Reload();
                 else s(`.main-btn-object-layer-engine`).click();
               });
@@ -148,6 +153,123 @@ const ObjectLayerManagement = {
       }
     }
 
+    // Custom renderer for delete button (moderator+ only)
+    const canDelete = commonModeratorGuard(role);
+
+    class DeleteButtonRenderer {
+      eGui;
+
+      async init(params) {
+        this.eGui = document.createElement('div');
+        const { data } = params;
+
+        if (!data || !data._id || !canDelete) {
+          this.eGui.innerHTML = '';
+          return;
+        }
+
+        this.eGui.innerHTML = html` ${await BtnIcon.Render({
+          label: html`<div class="abs center">
+            <i class="fas fa-trash" style="color: #dc3545;"></i>
+          </div> `,
+          class: `in fll section-mp management-table-btn-mini btn-delete-object-layer-${data._id}`,
+        })}`;
+
+        setTimeout(() => {
+          const btn = this.eGui.querySelector(`.btn-delete-object-layer-${data._id}`);
+          if (btn)
+            btn.onclick = async () => {
+              const itemId = data?.data?.item?.id || data._id;
+              const confirmResult = await Modal.RenderConfirm({
+                id: `delete-object-layer-${data._id}`,
+                html: async () => html`
+                  <div class="in section-mp" style="text-align: center">
+                    <p>Are you sure you want to permanently delete object layer <strong>"${itemId}"</strong>?</p>
+                    <p style="color: #dc3545; font-size: 13px; margin-top: 8px;">
+                      This will remove all associated data including render frames, atlas sprite sheet, IPFS pins, and
+                      static asset files.
+                    </p>
+                  </div>
+                `,
+              });
+              if (confirmResult.status !== 'confirm') return;
+              try {
+                const result = await ObjectLayerService.delete({ id: data._id });
+                if (result.status === 'success') {
+                  NotificationManager.Push({
+                    html: `Object layer "${itemId}" deleted successfully`,
+                    status: 'success',
+                  });
+                  if (AgGrid.grids[gridId]) {
+                    AgGrid.grids[gridId].applyTransaction({ remove: [data] });
+                  }
+                  const token = DefaultManagement.Tokens[idModal];
+                  if (token) {
+                    const newTotal = token.total - 1;
+                    const newTotalPages = Math.ceil(newTotal / token.limit);
+                    if (token.page > newTotalPages && newTotalPages > 0) {
+                      token.page = newTotalPages;
+                    }
+                    await DefaultManagement.loadTable(idModal, { reload: false });
+                  }
+                } else {
+                  throw new Error(result.message || 'Failed to delete object layer');
+                }
+              } catch (error) {
+                NotificationManager.Push({
+                  html: `Failed to delete: ${error.message}`,
+                  status: 'error',
+                });
+              }
+            };
+        });
+      }
+
+      getGui() {
+        return this.eGui;
+      }
+
+      refresh(params) {
+        return true;
+      }
+    }
+
+    const createCidRenderer = (cidAccessor) => {
+      return class {
+        eGui;
+
+        async init(params) {
+          this.eGui = document.createElement('div');
+          const { data } = params;
+          const cid = cidAccessor(data) || '';
+
+          if (!cid) {
+            this.eGui.innerHTML = html`<span style="color: #666; font-style: italic;">—</span>`;
+            return;
+          }
+
+          this.eGui.innerHTML = html`<span
+            title="${cid}"
+            style="font-family: monospace; font-size: 11px; cursor: default; user-select: all;"
+            >${cid}</span
+          >`;
+        }
+
+        getGui() {
+          return this.eGui;
+        }
+
+        refresh(params) {
+          return true;
+        }
+      };
+    };
+
+    // IPFS CID of object layer data JSON (fast-json-stable-stringify)
+    const CidRenderer = createCidRenderer((d) => d?.cid);
+    // IPFS CID of the consolidated atlas sprite sheet PNG
+    const AtlasCidRenderer = createCidRenderer((d) => d?.data?.atlasSpriteSheetCid || d?.atlasSpriteSheetId?.cid);
+
     let columnDefs = [
       // {
       //   field: '_id',
@@ -163,6 +285,24 @@ const ObjectLayerManagement = {
       },
       { field: 'data.item.type', headerName: 'Item Type', editable: role === 'user' },
       { field: 'data.item.description', headerName: 'Description', flex: 1, editable: role === 'user' },
+      {
+        field: 'cid',
+        headerName: 'IPFS CID',
+        width: 160,
+        cellRenderer: CidRenderer,
+        editable: false,
+        sortable: false,
+        filter: false,
+      },
+      {
+        field: 'data.atlasSpriteSheetCid',
+        headerName: 'Atlas CID',
+        width: 160,
+        cellRenderer: AtlasCidRenderer,
+        editable: false,
+        sortable: false,
+        filter: false,
+      },
       {
         field: 'frame08',
         headerName: 'Frame 08 Preview',
@@ -190,15 +330,28 @@ const ObjectLayerManagement = {
         sortable: false,
         filter: false,
       },
+      ...(canDelete
+        ? [
+            {
+              field: 'delete',
+              headerName: '',
+              width: 100,
+              cellRenderer: DeleteButtonRenderer,
+              editable: false,
+              sortable: false,
+              filter: false,
+            },
+          ]
+        : []),
     ];
 
     return await DefaultManagement.RenderTable({
-      idModal: idModal ? idModal : 'modal-object-layer-engine-management',
-      serviceId: 'object-layer-engine-management',
+      idModal,
+      serviceId,
       entity: 'object-layer',
       permissions: {
         add: commonUserGuard(role),
-        remove: commonUserGuard(role),
+        remove: false,
         reload: commonUserGuard(role),
       },
       customEvent: {

package/src/client/services/user/user.management.js

@@ -45,11 +45,6 @@ const UserManagement = {
       ],
       defaultColKeyFocus: 'username',
       ServiceProvider: UserService,
-      serviceOptions: {
-        get: {
-          id: 'all',
-        },
-      },
     });
   },
 };

package/src/client/services/user/user.service.js

@@ -38,7 +38,7 @@ const UserService = {
         }),
     ),
   get: (options = {}) => {
-    const { id, page, limit, filterModel, sortModel, sort, asc, order } = options;
+    const { id = 'all', page, limit, filterModel, sortModel, sort, asc, order } = options;
     const url = buildQueryUrl(getApiBaseUrl({ id, endpoint }), {
       page,
       limit,

package/src/index.js

@@ -12,6 +12,7 @@ import UnderpostDB from './cli/db.js';
 import UnderpostDeploy from './cli/deploy.js';
 import UnderpostRootEnv from './cli/env.js';
 import UnderpostFileStorage from './cli/fs.js';
+import UnderpostIPFS from './cli/ipfs.js';
 import UnderpostImage from './cli/image.js';
 import UnderpostLxd from './cli/lxd.js';
 import UnderpostMonitor from './cli/monitor.js';
@@ -41,7 +42,7 @@ class Underpost {
    * @type {String}
    * @memberof Underpost
    */
-  static version = 'v2.99.8';
+  static version = 'v3.0.2';
 
   /**
    * Required Node.js major version
@@ -143,6 +144,15 @@ class Underpost {
   static get fs() {
     return UnderpostFileStorage.API;
   }
+  /**
+   * IPFS cli API
+   * @static
+   * @type {UnderpostIPFS.API}
+   * @memberof Underpost
+   */
+  static get ipfs() {
+    return UnderpostIPFS.API;
+  }
   /**
    * Monitor cli API
    * @static
@@ -296,6 +306,7 @@ export {
   UnderpostStatic,
   UnderpostLxd,
   UnderpostKickStart,
+  UnderpostIPFS,
   UnderpostMonitor,
   UnderpostRepository,
   UnderpostRun,

package/src/runtime/express/Express.js

@@ -20,6 +20,7 @@ import { createPeerServer } from '../../server/peer.js';
 import { createValkeyConnection } from '../../server/valkey.js';
 import { applySecurity, authMiddlewareFactory } from '../../server/auth.js';
 import { ssrMiddlewareFactory } from '../../server/ssr.js';
+import { buildSwaggerUiOptions } from '../../server/client-build-docs.js';
 
 import { shellExec } from '../../server/process.js';
 import { devProxyHostFactory, isDevProxyContext, isTlsDevProxy } from '../../server/conf.js';
@@ -98,7 +99,7 @@ class ExpressService {
 
     if (origins && isDevProxyContext())
       origins.push(devProxyHostFactory({ host, includeHttp: true, tls: isTlsDevProxy() }));
-    app.set('trust proxy', true);
+    app.set('trust proxy', 1);
 
     app.use((req, res, next) => {
       res.on('finish', () => {
@@ -167,8 +168,8 @@ class ExpressService {
       // Swagger UI setup
       if (fs.existsSync(swaggerJsonPath)) {
         const swaggerDoc = JSON.parse(fs.readFileSync(swaggerJsonPath, 'utf8'));
-        // Reusing swaggerPath defined outside, removing unnecessary redeclaration
-        app.use(swaggerPath, swaggerUi.serve, swaggerUi.setup(swaggerDoc));
+        const swaggerUiOptions = await buildSwaggerUiOptions();
+        app.use(swaggerPath, swaggerUi.serve, swaggerUi.setup(swaggerDoc, swaggerUiOptions));
       }
 
       // Security and CORS

package/src/server/auth.js

@@ -647,24 +647,24 @@ function applySecurity(app, opts = {}) {
     }),
   );
   logger.info('Cors origin', origin);
-
-  // Rate limiting + slow down
-  const limiter = rateLimit({
-    windowMs: rate.windowMs,
-    max: rate.max,
-    standardHeaders: true,
-    legacyHeaders: false,
-    message: { error: 'Too many requests, please try again later.' },
-  });
-  app.use(limiter);
-
-  const speedLimiter = slowDown({
-    windowMs: slowdown.windowMs,
-    delayAfter: slowdown.delayAfter,
-    delayMs: () => slowdown.delayMs,
-  });
-  app.use(speedLimiter);
-
+  if (!process.env.DISABLE_API_RATE_LIMIT) {
+    // Rate limiting + slow down
+    const limiter = rateLimit({
+      windowMs: rate.windowMs,
+      max: rate.max,
+      standardHeaders: true,
+      legacyHeaders: false,
+      message: { error: 'Too many requests, please try again later.' },
+    });
+    app.use(limiter);
+
+    const speedLimiter = slowDown({
+      windowMs: slowdown.windowMs,
+      delayAfter: slowdown.delayAfter,
+      delayMs: () => slowdown.delayMs,
+    });
+    app.use(speedLimiter);
+  }
   // Cookie parsing
   app.use(cookieParser(process.env.JWT_SECRET));
 }

package/src/server/client-build-docs.js

@@ -7,10 +7,10 @@
  */
 
 import fs from 'fs-extra';
-import swaggerAutoGen from 'swagger-autogen';
 import { shellExec } from './process.js';
 import { loggerFactory } from './logger.js';
 import { JSONweb } from './client-formatted.js';
+import { ssrFactory } from './ssr.js';
 
 /**
  * Builds API documentation using Swagger
@@ -63,53 +63,91 @@ const buildApiDocs = async ({
     components: {
       schemas: {
         userRequest: {
-          username: 'user123',
-          password: 'Password123',
-          email: 'user@example.com',
+          type: 'object',
+          required: ['username', 'password', 'email'],
+          properties: {
+            username: { type: 'string', example: 'user123' },
+            password: { type: 'string', example: 'Password123!' },
+            email: { type: 'string', format: 'email', example: 'user@example.com' },
+          },
         },
         userResponse: {
-          status: 'success',
-          data: {
-            token: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7Il9pZCI6IjY2YzM3N2Y1N2Y5OWU1OTY5YjgxZG...',
-            user: {
-              _id: '66c377f57f99e5969b81de89',
-              email: 'user@example.com',
-              emailConfirmed: false,
-              username: 'user123',
-              role: 'user',
-              profileImageId: '66c377f57f99e5969b81de87',
+          type: 'object',
+          properties: {
+            status: { type: 'string', example: 'success' },
+            data: {
+              type: 'object',
+              properties: {
+                token: {
+                  type: 'string',
+                  example: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7Il9pZCI6IjY2YzM3N2Y1N2Y5OWU1OTY5YjgxZG...',
+                },
+                user: {
+                  type: 'object',
+                  properties: {
+                    _id: { type: 'string', example: '66c377f57f99e5969b81de89' },
+                    email: { type: 'string', format: 'email', example: 'user@example.com' },
+                    emailConfirmed: { type: 'boolean', example: false },
+                    username: { type: 'string', example: 'user123' },
+                    role: { type: 'string', example: 'user' },
+                    profileImageId: { type: 'string', example: '66c377f57f99e5969b81de87' },
+                  },
+                },
+              },
             },
           },
         },
         userUpdateResponse: {
-          status: 'success',
-          data: {
-            _id: '66c377f57f99e5969b81de89',
-            email: 'user@example.com',
-            emailConfirmed: false,
-            username: 'user123222',
-            role: 'user',
-            profileImageId: '66c377f57f99e5969b81de87',
+          type: 'object',
+          properties: {
+            status: { type: 'string', example: 'success' },
+            data: {
+              type: 'object',
+              properties: {
+                _id: { type: 'string', example: '66c377f57f99e5969b81de89' },
+                email: { type: 'string', format: 'email', example: 'user@example.com' },
+                emailConfirmed: { type: 'boolean', example: false },
+                username: { type: 'string', example: 'user123222' },
+                role: { type: 'string', example: 'user' },
+                profileImageId: { type: 'string', example: '66c377f57f99e5969b81de87' },
+              },
+            },
           },
         },
         userGetResponse: {
-          status: 'success',
-          data: {
-            _id: '66c377f57f99e5969b81de89',
-            email: 'user@example.com',
-            emailConfirmed: false,
-            username: 'user123222',
-            role: 'user',
-            profileImageId: '66c377f57f99e5969b81de87',
+          type: 'object',
+          properties: {
+            status: { type: 'string', example: 'success' },
+            data: {
+              type: 'object',
+              properties: {
+                _id: { type: 'string', example: '66c377f57f99e5969b81de89' },
+                email: { type: 'string', format: 'email', example: 'user@example.com' },
+                emailConfirmed: { type: 'boolean', example: false },
+                username: { type: 'string', example: 'user123222' },
+                role: { type: 'string', example: 'user' },
+                profileImageId: { type: 'string', example: '66c377f57f99e5969b81de87' },
+              },
+            },
           },
         },
         userLogInRequest: {
-          email: 'user@example.com',
-          password: 'Password123',
+          type: 'object',
+          required: ['email', 'password'],
+          properties: {
+            email: { type: 'string', format: 'email', example: 'user@example.com' },
+            password: { type: 'string', example: 'Password123!' },
+          },
         },
         userBadRequestResponse: {
-          status: 'error',
-          message: 'Bad request. Please check your inputs, and try again',
+          type: 'object',
+          properties: {
+            status: { type: 'string', example: 'error' },
+            message: {
+              type: 'string',
+              example: 'Bad request. Please check your inputs, and try again',
+            },
+          },
         },
       },
       securitySchemes: {
@@ -121,15 +159,100 @@ const buildApiDocs = async ({
     },
   };
 
+  /**
+   * swagger-autogen has no requestBody annotation support — it only handles
+   * #swagger.parameters, responses, security, etc.  We define the requestBody
+   * objects here and inject them into the generated JSON as a post-processing step.
+   *
+   * Each key is an "<method> <path>" pair matching the generated paths object.
+   * The value is a valid OAS 3.0 requestBody object.
+   */
+  const requestBodies = {
+    'post /user': {
+      description: 'User registration data',
+      required: true,
+      content: {
+        'application/json': {
+          schema: { $ref: '#/components/schemas/userRequest' },
+        },
+      },
+    },
+    'post /user/auth': {
+      description: 'User login credentials',
+      required: true,
+      content: {
+        'application/json': {
+          schema: { $ref: '#/components/schemas/userLogInRequest' },
+        },
+      },
+    },
+    'put /user/{id}': {
+      description: 'User fields to update',
+      required: true,
+      content: {
+        'application/json': {
+          schema: { $ref: '#/components/schemas/userRequest' },
+        },
+      },
+    },
+  };
+
   logger.warn('build swagger api docs', doc.info);
 
-  const outputFile = `./public/${host}${path === '/' ? path : `${path}/`}swagger-output.json`;
-  const routes = [];
-  for (const api of apis) {
-    if (['user'].includes(api)) routes.push(`./src/api/${api}/${api}.router.js`);
-  }
+  // swagger-autogen@2.9.2 bug: getProducesTag, getConsumesTag, getResponsesTag missing __¬¬¬__ decode before eval
+  fs.writeFileSync(
+    `node_modules/swagger-autogen/src/swagger-tags.js`,
+    fs
+      .readFileSync(`node_modules/swagger-autogen/src/swagger-tags.js`, 'utf8')
+      // getProducesTag and getConsumesTag: already decode &quot; but not __¬¬¬__
+      .replaceAll(
+        `data.replaceAll('\\n', ' ').replaceAll('\u201c', '\u201d')`,
+        `data.replaceAll('\\n', ' ').replaceAll('\u201c', '\u201d').replaceAll('__\u00ac\u00ac\u00ac__', '"')`,
+      )
+      // getResponsesTag: decodes neither &quot; nor __¬¬¬__
+      .replaceAll(
+        `data.replaceAll('\\n', ' ');`,
+        `data.replaceAll('\\n', ' ').replaceAll('__\u00ac\u00ac\u00ac__', '"');`,
+      ),
+    'utf8',
+  );
+  setTimeout(async () => {
+    const { default: swaggerAutoGen } = await import('swagger-autogen');
+    const outputFile = `./public/${host}${path === '/' ? path : `${path}/`}swagger-output.json`;
+    const routes = [];
+    for (const api of apis) {
+      if (['user'].includes(api)) routes.push(`./src/api/${api}/${api}.router.js`);
+    }
+
+    await swaggerAutoGen({ openapi: '3.0.0' })(outputFile, routes, doc);
+
+    // Post-process: inject requestBody into operations — swagger-autogen silently
+    // ignores #swagger.requestBody annotations and has no internal OAS-3 body support.
+    if (fs.existsSync(outputFile)) {
+      const swaggerJson = JSON.parse(fs.readFileSync(outputFile, 'utf8'));
+      let patched = false;
+
+      for (const [key, requestBody] of Object.entries(requestBodies)) {
+        const [method, ...pathParts] = key.split(' ');
+        const opPath = pathParts.join(' ');
+        if (swaggerJson.paths?.[opPath]?.[method]) {
+          swaggerJson.paths[opPath][method].requestBody = requestBody;
+          // Remove any stale in:body entry from parameters (OAS 3.0 doesn't allow it)
+          if (Array.isArray(swaggerJson.paths[opPath][method].parameters)) {
+            swaggerJson.paths[opPath][method].parameters = swaggerJson.paths[opPath][method].parameters.filter(
+              (p) => p.in !== 'body',
+            );
+          }
+          patched = true;
+        }
+      }
 
-  await swaggerAutoGen({ openapi: '3.0.0' })(outputFile, routes, doc);
+      if (patched) {
+        fs.writeFileSync(outputFile, JSON.stringify(swaggerJson, null, 2), 'utf8');
+        // logger.warn('swagger post-process: requestBody injected', Object.keys(requestBodies));
+      }
+    }
+  });
 };
 
 /**
@@ -228,4 +351,18 @@ const buildDocs = async ({
   });
 };
 
-export { buildDocs };
+/**
+ * Builds Swagger UI customization options by rendering the SwaggerDarkMode SSR body component.
+ * Returns the customCss and customJsStr strings required by swagger-ui-express to enable
+ * a dark/light mode toggle button with a black/gray gradient dark theme.
+ * @function buildSwaggerUiOptions
+ * @memberof clientBuildDocs
+ * @returns {Promise<{customCss: string, customJsStr: string}>} Swagger UI setup options
+ */
+const buildSwaggerUiOptions = async () => {
+  const swaggerDarkMode = await ssrFactory('./src/client/ssr/body/SwaggerDarkMode.js');
+  const { css, js } = swaggerDarkMode();
+  return { customCss: css, customJsStr: js };
+};
+
+export { buildDocs, buildSwaggerUiOptions };

package/src/server/conf.js

@@ -1335,7 +1335,7 @@ const buildCliDoc = (program, oldVersion, newVersion) => {
   });
   md = md.replaceAll(oldVersion, newVersion);
   fs.writeFileSync(`./src/client/public/nexodev/docs/references/Command Line Interface.md`, md, 'utf8');
-  fs.writeFileSync(`./cli.md`, md, 'utf8');
+  fs.writeFileSync(`./CLI-HELP.md`, md, 'utf8');
   const readme = fs.readFileSync(`./README.md`, 'utf8');
   fs.writeFileSync('./README.md', readme.replaceAll(oldVersion, newVersion), 'utf8');
 };