cyberia 3.0.3 → 3.2.5

package/src/api/object-layer/object-layer.service.js

@@ -46,7 +46,7 @@ const ObjectLayerService = {
    * - Default — Create an object layer directly from the request body.
    *
    * The `/metadata` and default routes delegate to {@link ObjectLayerEngine.createObjectLayerDocuments}
-   * for centralized document creation, atlas generation, SHA-256 computation, and IPFS pinning.
+   * for document creation, atlas generation, SHA-256 computation, and IPFS pinning.
    *
    * @async
    * @function post
@@ -148,7 +148,7 @@ const ObjectLayerService = {
       fs.writeFileSync(`${folder}/metadata.json`, metadataContent);
       fs.writeFileSync(`${publicFolder}/metadata.json`, metadataContent);
 
-      // Build object layer data from the asset directory using centralized logic
+      // Build object layer data from the asset directory
       const ObjectLayer = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.ObjectLayer;
       const ObjectLayerRenderFrames =
         DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.ObjectLayerRenderFrames;
@@ -161,7 +161,6 @@ const ObjectLayerService = {
           metadataOverride: req.body,
         });
 
-      // Create documents using centralized engine method (with atlas generation)
       const { objectLayer } = await ObjectLayerEngine.createObjectLayerDocuments({
         ObjectLayer,
         ObjectLayerRenderFrames,
@@ -183,29 +182,66 @@ const ObjectLayerService = {
       return objectLayer;
     }
 
-    // create object layer from body
+    // create object layer from body – cut-over consistency: stage all CIDs before writing to DB
     const ObjectLayer = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.ObjectLayer;
     const ObjectLayerRenderFrames =
       DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.ObjectLayerRenderFrames;
-    let newObjectLayer = await new ObjectLayer(req.body).save();
 
-    // Generate atlas sprite sheet – this sets data.render.cid and saves
+    const bodyData = { ...req.body };
+    if (!bodyData.data) bodyData.data = {};
+    if (!bodyData.data.render) bodyData.data.render = {};
+    bodyData.data.render.cid = '';
+    bodyData.data.render.metadataCid = '';
+
+    // If has render frames, generate atlas + CIDs BEFORE creating the ObjectLayer
+    if (bodyData.objectLayerRenderFramesId) {
+      const renderFramesDoc = await ObjectLayerRenderFrames.findById(bodyData.objectLayerRenderFramesId);
+      if (renderFramesDoc) {
+        try {
+          const stagingOL = {
+            data: bodyData.data,
+            objectLayerRenderFramesId: renderFramesDoc,
+          };
+          const result = await AtlasSpriteSheetService.generate(
+            { objectLayer: stagingOL, auth: req.auth },
+            res,
+            options,
+            { skipObjectLayerSave: true },
+          );
+          bodyData.data.render.cid = result.atlasCid;
+          bodyData.data.render.metadataCid = result.atlasMetadataCid;
+          bodyData.atlasSpriteSheetId = result.atlasDoc._id;
+        } catch (atlasError) {
+          logger.error('Failed to auto-generate atlas for new ObjectLayer:', atlasError);
+        }
+      }
+    }
+
+    // Compute final SHA-256 with all CIDs
+    bodyData.sha256 = ObjectLayerEngine.computeSha256(bodyData.data);
+
+    // Pin data JSON to IPFS
     try {
-      await AtlasSpriteSheetService.generate({ params: { id: newObjectLayer._id }, auth: req.auth }, res, options);
-    } catch (atlasError) {
-      logger.error('Failed to auto-generate atlas for new ObjectLayer:', atlasError);
+      const itemId = bodyData.data.item.id;
+      const mfsPath = `/object-layer/${itemId}/${itemId}_data.json`;
+      const ipfsResult = await IpfsClient.addJsonToIpfs(bodyData.data, `${itemId}_data.json`, mfsPath);
+      if (ipfsResult) {
+        bodyData.cid = ipfsResult.cid;
+        await createPinRecord({ cid: ipfsResult.cid, resourceType: 'object-layer-data', mfsPath, options });
+      }
+    } catch (ipfsError) {
+      logger.warn('Failed to pin data JSON to IPFS:', ipfsError.message);
     }
 
-    // Re-read so data.render.cid is up-to-date, then recompute SHA-256 & IPFS CID
-    newObjectLayer = await ObjectLayer.findById(newObjectLayer._id).populate('objectLayerRenderFramesId');
-    if (newObjectLayer) {
-      newObjectLayer = await ObjectLayerEngine.computeAndSaveFinalSha256({
-        objectLayer: newObjectLayer,
-        ipfsClient: IpfsClient,
-        createPinRecord,
-        userId: req.auth && req.auth.user ? req.auth.user._id : undefined,
-        options,
-      });
+    // Atomic create/replace – ObjectLayer is fully populated with all CIDs
+    let newObjectLayer;
+    const existingByItemId = await ObjectLayer.findOne({ 'data.item.id': bodyData.data.item.id });
+    if (existingByItemId) {
+      newObjectLayer = await ObjectLayer.findByIdAndUpdate(existingByItemId._id, bodyData, {
+        returnDocument: 'after',
+      }).populate('objectLayerRenderFramesId');
+    } else {
+      newObjectLayer = await (await new ObjectLayer(bodyData).save()).populate('objectLayerRenderFramesId');
     }
 
     return newObjectLayer;
@@ -236,6 +272,22 @@ const ObjectLayerService = {
     /** @type {import('./object-layer.model.js').ObjectLayerModel} */
     const ObjectLayer = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.ObjectLayer;
 
+    // GET /search-item-ids?q=<partial> - Fast partial match search on data.item.id
+    if (req.path.startsWith('/search-item-ids')) {
+      const q = (req.query.q || '').trim();
+      if (!q) return { itemIds: [] };
+      // Escape regex special characters for safe partial matching
+      const escaped = q.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+      const results = await ObjectLayer.find(
+        { 'data.item.id': { $regex: escaped, $options: 'i' } },
+        { 'data.item.id': 1, _id: 0 },
+      )
+        .limit(20)
+        .lean();
+      const itemIds = [...new Set(results.map((r) => r.data.item.id))];
+      return { itemIds };
+    }
+
     // GET /frame-counts/:id - Get frame counts for each direction using numeric codes
     if (req.path.startsWith('/frame-counts/')) {
       const objectLayer = await ObjectLayer.findById(req.params.id)
@@ -519,7 +571,7 @@ const ObjectLayerService = {
    * - `/:id` — Standard update from request body.
    *
    * The `/metadata` route delegates to {@link ObjectLayerEngine.updateObjectLayerDocuments}
-   * for centralized document update, atlas regeneration, SHA-256 computation, and IPFS pinning.
+   * for document update, atlas regeneration, SHA-256 computation, and IPFS pinning.
    *
    * @async
    * @function put
@@ -636,7 +688,7 @@ const ObjectLayerService = {
       const ObjectLayerRenderFrames =
         DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.ObjectLayerRenderFrames;
 
-      // Build object layer data from the asset directory using centralized logic
+      // Build object layer data from the asset directory
       const { objectLayerRenderFramesData, objectLayerData } =
         await ObjectLayerEngine.buildObjectLayerDataFromDirectory({
           folder,
@@ -645,7 +697,7 @@ const ObjectLayerService = {
           metadataOverride: req.body,
         });
 
-      // Update documents using centralized engine method (with atlas generation)
+      // Update documents using engine method (with atlas generation)
       const { objectLayer } = await ObjectLayerEngine.updateObjectLayerDocuments({
         objectLayerId,
         ObjectLayer,
@@ -668,30 +720,60 @@ const ObjectLayerService = {
       return objectLayer;
     }
 
-    // PUT /:id - Standard update
-    let updatedObjectLayer = await ObjectLayer.findByIdAndUpdate(req.params.id, req.body, { new: true });
+    // PUT /:id - Standard update with cut-over consistency
+    const existingOL = await ObjectLayer.findById(req.params.id).populate('objectLayerRenderFramesId');
+    if (!existingOL) {
+      throw new Error('ObjectLayer not found');
+    }
+
+    // Apply body updates to staging data in memory
+    const updateData = { ...req.body };
+    const stagingData = updateData.data || existingOL.data.toObject();
+    if (!stagingData.render) stagingData.render = {};
 
-    if (updatedObjectLayer) {
-      // Generate atlas sprite sheet – this sets data.render.cid and saves
+    // Use existing render frames if available
+    const renderFramesData = existingOL.objectLayerRenderFramesId;
+    if (renderFramesData) {
       try {
-        await AtlasSpriteSheetService.generate({ params: { id: req.params.id }, auth: req.auth }, res, options);
+        const stagingOL = {
+          data: stagingData,
+          objectLayerRenderFramesId: renderFramesData,
+        };
+        const result = await AtlasSpriteSheetService.generate(
+          { objectLayer: stagingOL, auth: req.auth },
+          res,
+          options,
+          { skipObjectLayerSave: true },
+        );
+        stagingData.render.cid = result.atlasCid;
+        stagingData.render.metadataCid = result.atlasMetadataCid;
+        updateData.atlasSpriteSheetId = result.atlasDoc._id;
       } catch (atlasError) {
         logger.error('Failed to auto-update atlas for ObjectLayer:', atlasError);
       }
+    }
 
-      // Re-read so data.render.cid is up-to-date, then recompute SHA-256 & IPFS CID
-      updatedObjectLayer = await ObjectLayer.findById(req.params.id).populate('objectLayerRenderFramesId');
-      if (updatedObjectLayer) {
-        updatedObjectLayer = await ObjectLayerEngine.computeAndSaveFinalSha256({
-          objectLayer: updatedObjectLayer,
-          ipfsClient: IpfsClient,
-          createPinRecord,
-          userId: req.auth && req.auth.user ? req.auth.user._id : undefined,
-          options,
-        });
+    updateData.data = stagingData;
+    updateData.sha256 = ObjectLayerEngine.computeSha256(stagingData);
+
+    // Pin data JSON to IPFS
+    try {
+      const itemId = stagingData.item.id;
+      const mfsPath = `/object-layer/${itemId}/${itemId}_data.json`;
+      const ipfsResult = await IpfsClient.addJsonToIpfs(stagingData, `${itemId}_data.json`, mfsPath);
+      if (ipfsResult) {
+        updateData.cid = ipfsResult.cid;
+        await createPinRecord({ cid: ipfsResult.cid, resourceType: 'object-layer-data', mfsPath, options });
       }
+    } catch (ipfsError) {
+      logger.warn('Failed to pin data JSON to IPFS:', ipfsError.message);
     }
 
+    // Atomic update with all CIDs populated
+    let updatedObjectLayer = await ObjectLayer.findByIdAndUpdate(req.params.id, updateData, {
+      returnDocument: 'after',
+    }).populate('objectLayerRenderFramesId');
+
     return updatedObjectLayer;
   },
 

package/src/api/object-layer-render-frames/object-layer-render-frames.model.js

@@ -77,12 +77,11 @@ const ObjectLayerRenderFramesSchema = new Schema(
 );
 
 // Pre-save hook to ensure data consistency
-ObjectLayerRenderFramesSchema.pre('save', function (next) {
+ObjectLayerRenderFramesSchema.pre('save', function () {
   // Ensure all required fields are present
   if (!this.frames || !this.colors || this.frame_duration === undefined) {
     throw new Error('Missing required fields: frames, colors, or frame_duration');
   }
-  next();
 });
 
 // Create and export the model

package/src/api/user/user.router.js

@@ -30,12 +30,15 @@ const UserRouter = (options) => {
             emailConfirmed: true,
             publicKey: [],
           });
-          logger.warn('Default admin user created. Please change the default password immediately!', result._doc);
+          logger.warn('Default admin user created. Please change the default password immediately!', {
+            username: result._doc.username,
+            email: result._doc.email,
+            role: result._doc.role,
+          });
         }
       }
     } catch (error) {
-      logger.error('Error checking/creating admin user');
-      console.log(error);
+      logger.error('Error checking/creating admin user', { error: error.message });
     }
 
     // Cache mailer images
@@ -46,10 +49,12 @@ const UserRouter = (options) => {
         check: fs.readFileSync(`./src/client/public/default/assets/mailer/api-user-check.png`),
         avatar: fs.readFileSync(`./src/client/public/default/assets/mailer/api-user-default-avatar.png`),
       },
-      header: (res) => {
+      header: (res, req) => {
         res.set('Cross-Origin-Resource-Policy', 'cross-origin');
-        res.set('Access-Control-Allow-Origin', '*');
         res.set('Access-Control-Allow-Headers', '*');
+        if (req && req.headers && req.headers.origin) {
+          res.set('Access-Control-Allow-Origin', req.headers.origin);
+        } else res.setHeader('Access-Control-Allow-Origin', '*');
         res.set('Content-Type', 'image/png');
       },
     };

package/src/api/user/user.service.js

@@ -13,8 +13,7 @@ import {
   validatePasswordMiddleware,
 } from '../../server/auth.js';
 import { MailerProvider } from '../../mailer/MailerProvider.js';
-import { CoreWsMailerManagement } from '../../ws/core/management/core.ws.mailer.js';
-import { CoreWsEmit } from '../../ws/core/core.ws.emit.js';
+import { CoreWsEmitter } from '../../ws/core/core.ws.emit.js';
 import { CoreWsMailerChannel } from '../../ws/core/channels/core.ws.mailer.js';
 import validator from 'validator';
 import { DataBaseProvider } from '../../db/DataBaseProvider.js';
@@ -265,7 +264,7 @@ const UserService = {
     }
 
     if (req.path.startsWith('/assets')) {
-      options.png.header(res);
+      options.png.header(res, req);
       return options.png.buffer[req.params.id];
     }
 
@@ -281,7 +280,7 @@ const UserService = {
         payload = verifyJWT(req.params.id, options);
       } catch (error) {
         logger.error(error, { 'req.params.id': req.params.id });
-        options.png.header(res);
+        options.png.header(res, req);
         return options.png.buffer['invalid-token'];
       }
       const user = await User.findOne({
@@ -294,10 +293,10 @@ const UserService = {
           { recoverTimeOut: new Date(+new Date() + 1000 * 60 * 15) },
           { runValidators: true },
         );
-        options.png.header(res);
+        options.png.header(res, req);
         return options.png.buffer['recover'];
       } else {
-        options.png.header(res);
+        options.png.header(res, req);
         return options.png.buffer['invalid-token'];
       }
     }
@@ -308,7 +307,7 @@ const UserService = {
         payload = verifyJWT(req.params.id, options);
       } catch (error) {
         logger.error(error, { 'req.params.id': req.params.id });
-        options.png.header(res);
+        options.png.header(res, req);
         return options.png.buffer['invalid-token'];
       }
       const user = await User.findOne({
@@ -319,15 +318,17 @@ const UserService = {
         {
           const user = await User.findByIdAndUpdate(_id, { emailConfirmed: true }, { runValidators: true });
         }
-        const userWsId = CoreWsMailerManagement.getUserWsId(`${options.host}${options.path}`, user._id.toString());
-        CoreWsEmit(CoreWsMailerChannel.channel, CoreWsMailerChannel.client[userWsId], {
-          status: 'email-confirmed',
-          id: userWsId,
-        });
-        options.png.header(res);
+        const userWsId = CoreWsMailerChannel.getUserWsId(`${options.host}${options.path}`, user._id.toString());
+        if (userWsId && CoreWsMailerChannel.client[userWsId]) {
+          CoreWsEmitter.emit(CoreWsMailerChannel.channel, CoreWsMailerChannel.client[userWsId], {
+            status: 'email-confirmed',
+            id: userWsId,
+          });
+        }
+        options.png.header(res, req);
         return options.png.buffer['check'];
       } else {
-        options.png.header(res);
+        options.png.header(res, req);
         return options.png.buffer['invalid-token'];
       }
     }

package/src/cli/baremetal.js

@@ -135,9 +135,6 @@ class UnderpostBaremetal {
     ) {
       let { ipAddress, hostname, ipFileServer, ipConfig, netmask, dnsServer } = options;
 
-      // Load environment variables from .env file, overriding existing ones if present.
-      dotenv.config({ path: `${getUnderpostRootPath()}/.env`, override: true });
-
       // Determine the root path for npm and underpost.
       const npmRoot = getNpmRootPath();
       const underpostRoot = options?.dev === true ? '.' : `${npmRoot}/underpost`;
@@ -1147,9 +1144,8 @@ rm -rf ${artifacts.join(' ')}`);
           machine: machine ? machine.system_id : null,
         });
 
-        const { discovery, machine: discoveredMachine } = await Underpost.baremetal.commissionMonitor(
-          commissionMonitorPayload,
-        );
+        const { discovery, machine: discoveredMachine } =
+          await Underpost.baremetal.commissionMonitor(commissionMonitorPayload);
         if (discoveredMachine) machine = discoveredMachine;
       }
     },
@@ -2494,10 +2490,10 @@ fi
           const discoverHostname = discovery.hostname
             ? discovery.hostname
             : discovery.mac_organization
-            ? discovery.mac_organization
-            : discovery.domain
-            ? discovery.domain
-            : `generic-host-${s4()}${s4()}`;
+              ? discovery.mac_organization
+              : discovery.domain
+                ? discovery.domain
+                : `generic-host-${s4()}${s4()}`;
 
           console.log(discoverHostname.bgBlue.bold.white);
           console.log('ip target:'.green + ipAddress, 'ip discovered:'.green + discovery.ip);

package/src/cli/cloud-init.js

@@ -5,15 +5,12 @@
  * @namespace UnderpostCloudInit
  */
 
-import dotenv from 'dotenv';
 import { shellExec } from '../server/process.js';
 import fs from 'fs-extra';
 import { loggerFactory } from '../server/logger.js';
 import { getNpmRootPath } from '../server/conf.js';
 import Underpost from '../index.js';
 
-dotenv.config();
-
 const logger = loggerFactory(import.meta);
 
 /**

package/src/cli/cluster.js

@@ -111,7 +111,7 @@ class UnderpostCluster {
       const npmRoot = getNpmRootPath();
       const underpostRoot = options.dev ? '.' : `${npmRoot}/underpost`;
 
-      if (options.listPods) return console.table(Underpost.deploy.get(podName ?? undefined));
+      if (options.listPods) return console.table(Underpost.kubectl.get(podName ?? undefined));
       // Set default namespace if not specified
       if (!options.namespace) options.namespace = 'default';
 
@@ -146,10 +146,10 @@ class UnderpostCluster {
       }
 
       // Check if a cluster (Kind, Kubeadm, or K3s) is already initialized
-      const alreadyKubeadmCluster = Underpost.deploy.get('calico-kube-controllers')[0];
-      const alreadyKindCluster = Underpost.deploy.get('kube-apiserver-kind-control-plane')[0];
+      const alreadyKubeadmCluster = Underpost.kubectl.get('calico-kube-controllers')[0];
+      const alreadyKindCluster = Underpost.kubectl.get('kube-apiserver-kind-control-plane')[0];
       // K3s pods often contain 'svclb-traefik' in the kube-system namespace
-      const alreadyK3sCluster = Underpost.deploy.get('svclb-traefik')[0];
+      const alreadyK3sCluster = Underpost.kubectl.get('svclb-traefik')[0];
 
       // --- Kubeadm/Kind/K3s Cluster Initialization ---
       if (!alreadyKubeadmCluster && !alreadyKindCluster && !alreadyK3sCluster) {
@@ -299,7 +299,7 @@ EOF
             members: [{ _id: 0, host: `${options.mongoDbHost}:27017` }],
           };
 
-          const [pod] = Underpost.deploy.get(deploymentName);
+          const [pod] = Underpost.kubectl.get(deploymentName);
 
           shellExec(
             `sudo kubectl exec -i ${pod.NAME} -- mongo --quiet \
@@ -351,7 +351,7 @@ EOF
       }
 
       if (options.certManager) {
-        if (!Underpost.deploy.get('cert-manager').find((p) => p.STATUS === 'Running')) {
+        if (!Underpost.kubectl.get('cert-manager').find((p) => p.STATUS === 'Running')) {
           shellExec(`helm repo add jetstack https://charts.jetstack.io --force-update`);
           shellExec(
             `helm install cert-manager jetstack/cert-manager \
@@ -641,7 +641,7 @@ net.ipv4.ip_forward = 1' | sudo tee ${iptableConfPath}`,
       const resources = {};
       const nodeName = node
         ? node
-        : Underpost.deploy.get('kind-control-plane', 'node').length > 0
+        : Underpost.kubectl.get('kind-control-plane', 'node').length > 0
           ? 'kind-control-plane'
           : os.hostname();
       const info = shellExec(`kubectl describe node ${nodeName} | grep -E '(Allocatable:|Capacity:)' -A 6`, {