npm - underpost - Versions diffs - 2.7.1 → 2.7.2 - Mend

underpost 2.7.1 → 2.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (213) hide show

package/.dockerignore +13 -13
package/.env.development +7 -7
package/.env.production +7 -7
package/.env.test +7 -7
package/.github/workflows/publish.yml +26 -0
package/.nycrc +9 -9
package/.prettierignore +12 -12
package/.prettierrc +9 -9
package/.vscode/extensions.json +72 -72
package/.vscode/settings.json +100 -99
package/Dockerfile +89 -89
package/LICENSE +21 -21
package/README.md +96 -96
package/bin/db.js +172 -119
package/bin/deploy.js +582 -661
package/bin/dns.js +1 -1
package/bin/file.js +92 -92
package/bin/index.js +53 -53
package/bin/install.js +398 -357
package/bin/shortcut.js +44 -44
package/bin/ssl.js +65 -64
package/bin/util.js +182 -182
package/bin/vs.js +35 -35
package/conf.js +251 -249
package/docker-compose.yml +67 -67
package/jsconfig.json +7 -7
package/jsdoc.json +32 -32
package/nodemon.json +6 -6
package/package.json +137 -132
package/prometheus.yml +36 -36
package/setup.sh +24 -24
package/src/api/core/core.controller.js +69 -69
package/src/api/core/core.model.js +11 -11
package/src/api/core/core.router.js +23 -23
package/src/api/core/core.service.js +29 -29
package/src/api/crypto/crypto.controller.js +51 -51
package/src/api/crypto/crypto.model.js +23 -23
package/src/api/crypto/crypto.router.js +20 -20
package/src/api/crypto/crypto.service.js +64 -64
package/src/api/default/default.controller.js +69 -69
package/src/api/default/default.model.js +20 -20
package/src/api/default/default.router.js +23 -23
package/src/api/default/default.service.js +31 -31
package/src/api/file/file.controller.js +53 -51
package/src/api/file/file.model.js +19 -19
package/src/api/file/file.router.js +21 -20
package/src/api/file/file.service.js +76 -70
package/src/api/instance/instance.controller.js +69 -69
package/src/api/instance/instance.model.js +36 -36
package/src/api/instance/instance.router.js +33 -33
package/src/api/instance/instance.service.js +48 -48
package/src/api/test/test.controller.js +59 -59
package/src/api/test/test.model.js +14 -14
package/src/api/test/test.router.js +21 -21
package/src/api/test/test.service.js +35 -35
package/src/api/user/user.build.js +16 -0
package/src/api/user/user.controller.js +70 -70
package/src/api/user/user.model.js +65 -65
package/src/api/user/user.router.js +345 -345
package/src/api/user/user.service.js +479 -479
package/src/api.js +23 -23
package/src/client/Default.index.js +40 -40
package/src/client/components/core/Account.js +290 -290
package/src/client/components/core/AgGrid.js +160 -160
package/src/client/components/core/Auth.js +19 -19
package/src/client/components/core/Badge.js +32 -32
package/src/client/components/core/BlockChain.js +41 -41
package/src/client/components/core/Blog.js +9 -9
package/src/client/components/core/BtnIcon.js +101 -94
package/src/client/components/core/CalendarCore.js +458 -319
package/src/client/components/core/Chat.js +64 -64
package/src/client/components/core/ColorPalette.js +5267 -5267
package/src/client/components/core/CommonJs.js +735 -732
package/src/client/components/core/Content.js +193 -49
package/src/client/components/core/Css.js +1064 -1027
package/src/client/components/core/CssCore.js +817 -796
package/src/client/components/core/D3Chart.js +44 -44
package/src/client/components/core/Docs.js +229 -229
package/src/client/components/core/DropDown.js +164 -164
package/src/client/components/core/EventsUI.js +46 -54
package/src/client/components/core/FileExplorer.js +699 -624
package/src/client/components/core/FullScreen.js +45 -45
package/src/client/components/core/Input.js +346 -259
package/src/client/components/core/JoyStick.js +77 -77
package/src/client/components/core/Keyboard.js +73 -73
package/src/client/components/core/LoadingAnimation.js +179 -157
package/src/client/components/core/LogIn.js +187 -181
package/src/client/components/core/LogOut.js +58 -52
package/src/client/components/core/Logger.js +26 -26
package/src/client/components/core/Modal.js +1612 -1596
package/src/client/components/core/NotificationManager.js +84 -84
package/src/client/components/core/Panel.js +613 -413
package/src/client/components/core/PanelForm.js +468 -0
package/src/client/components/core/Polyhedron.js +162 -162
package/src/client/components/core/Recover.js +204 -204
package/src/client/components/core/Responsive.js +53 -53
package/src/client/components/core/RichText.js +51 -27
package/src/client/components/core/Router.js +76 -77
package/src/client/components/core/Scroll.js +34 -0
package/src/client/components/core/SignUp.js +125 -125
package/src/client/components/core/SocketIo.js +72 -72
package/src/client/components/core/Stream.js +113 -113
package/src/client/components/core/ToggleSwitch.js +87 -87
package/src/client/components/core/ToolTip.js +26 -26
package/src/client/components/core/Translate.js +437 -408
package/src/client/components/core/Validator.js +100 -100
package/src/client/components/core/VanillaJs.js +460 -457
package/src/client/components/core/Wallet.js +106 -106
package/src/client/components/core/Webhook.js +25 -25
package/src/client/components/core/Worker.js +272 -272
package/src/client/components/default/CommonDefault.js +29 -29
package/src/client/components/default/CssDefault.js +13 -13
package/src/client/components/default/ElementsDefault.js +38 -38
package/src/client/components/default/LogInDefault.js +41 -41
package/src/client/components/default/LogOutDefault.js +28 -28
package/src/client/components/default/MenuDefault.js +389 -389
package/src/client/components/default/RoutesDefault.js +48 -48
package/src/client/components/default/SettingsDefault.js +16 -16
package/src/client/components/default/SignUpDefault.js +9 -9
package/src/client/components/default/SocketIoDefault.js +54 -54
package/src/client/components/default/TranslateDefault.js +7 -7
package/src/client/public/default/assets/mailer/api-user-check.png +0 -0
package/src/client/public/default/assets/mailer/api-user-invalid-token.png +0 -0
package/src/client/public/default/assets/mailer/api-user-recover.png +0 -0
package/src/client/public/default/browserconfig.xml +11 -11
package/src/client/public/default/manifest.webmanifest +68 -68
package/src/client/public/default/plantuml/client-conf.svg +1 -0
package/src/client/public/default/plantuml/client-schema.svg +1 -0
package/src/client/public/default/plantuml/cron-conf.svg +1 -0
package/src/client/public/default/plantuml/cron-schema.svg +1 -0
package/src/client/public/default/plantuml/server-conf.svg +1 -0
package/src/client/public/default/plantuml/server-schema.svg +1 -0
package/src/client/public/default/plantuml/ssr-conf.svg +1 -0
package/src/client/public/default/plantuml/ssr-schema.svg +1 -0
package/src/client/public/default/sitemap +147 -147
package/src/client/public/default/yandex-browser-manifest.json +8 -8
package/src/client/public/doc/sitemap +147 -147
package/src/client/public/test/sitemap +147 -147
package/src/client/services/core/core.service.js +170 -152
package/src/client/services/crypto/crypto.service.js +70 -70
package/src/client/services/default/default.management.js +345 -345
package/src/client/services/default/default.service.js +89 -89
package/src/client/services/file/file.service.js +70 -70
package/src/client/services/instance/instance.management.js +74 -74
package/src/client/services/instance/instance.service.js +89 -89
package/src/client/services/test/test.service.js +70 -70
package/src/client/services/user/user.management.js +50 -50
package/src/client/services/user/user.service.js +89 -89
package/src/client/ssr/Render.js +16 -16
package/src/client/ssr/body-components/CacheControl.js +114 -113
package/src/client/ssr/body-components/DefaultSplashScreen.js +79 -79
package/src/client/ssr/email-components/DefaultRecoverEmail.js +21 -21
package/src/client/ssr/email-components/DefaultVerifyEmail.js +17 -17
package/src/client/ssr/head-components/Css.js +241 -241
package/src/client/ssr/head-components/DefaultScripts.js +3 -3
package/src/client/ssr/head-components/Microdata.js +11 -11
package/src/client/ssr/head-components/Production.js +1 -1
package/src/client/ssr/head-components/PwaDefault.js +59 -59
package/src/client/ssr/head-components/Seo.js +14 -14
package/src/client/sw/default.sw.js +201 -201
package/src/client/sw/template.sw.js +84 -84
package/src/client.build.js +22 -22
package/src/client.dev.js +21 -21
package/src/cron.js +25 -25
package/src/db/DataBaseProvider.js +34 -34
package/src/db/mariadb/MariaDB.js +33 -33
package/src/db/mongo/MongooseDB.js +46 -46
package/src/dns.js +22 -22
package/src/index.js +42 -29
package/src/mailer/EmailRender.js +69 -69
package/src/mailer/MailerProvider.js +96 -96
package/src/proxy.js +22 -22
package/src/runtime/lampp/Lampp.js +69 -44
package/src/runtime/nginx/Nginx.js +3 -3
package/src/runtime/xampp/Xampp.js +49 -49
package/src/server/auth.js +235 -204
package/src/server/backup.js +101 -94
package/src/server/client-build-live.js +72 -72
package/src/server/client-build.js +705 -699
package/src/server/client-dev-server.js +60 -58
package/src/server/client-formatted.js +48 -48
package/src/server/client-icons.js +149 -150
package/src/server/conf.js +860 -611
package/src/server/dns.js +98 -98
package/src/server/downloader.js +42 -42
package/src/server/logger.js +180 -180
package/src/server/network.js +122 -122
package/src/server/peer.js +33 -33
package/src/server/process.js +66 -66
package/src/server/prompt-optimizer.js +28 -28
package/src/server/proxy.js +118 -118
package/src/server/runtime.js +444 -393
package/src/server/ssl.js +109 -107
package/src/server.js +25 -25
package/src/ws/IoInterface.js +45 -45
package/src/ws/IoServer.js +39 -39
package/src/ws/core/channels/core.ws.chat.js +23 -23
package/src/ws/core/channels/core.ws.mailer.js +35 -35
package/src/ws/core/channels/core.ws.stream.js +31 -31
package/src/ws/core/core.ws.connection.js +28 -28
package/src/ws/core/core.ws.emit.js +14 -14
package/src/ws/core/core.ws.server.js +24 -24
package/src/ws/core/management/core.ws.chat.js +8 -8
package/src/ws/core/management/core.ws.mailer.js +16 -16
package/src/ws/core/management/core.ws.stream.js +8 -8
package/src/ws/default/channels/default.ws.main.js +16 -16
package/src/ws/default/default.ws.connection.js +22 -22
package/src/ws/default/default.ws.emit.js +14 -14
package/src/ws/default/default.ws.server.js +20 -20
package/src/ws/default/management/default.ws.main.js +8 -8
package/startup.js +11 -11
package/supervisord-openssh-server.conf +4 -4
package/test/api.test.js +60 -60

package/src/api/user/user.service.js CHANGED Viewed

@@ -1,479 +1,479 @@
-import { loggerFactory } from '../../server/logger.js';
-import { hashPassword, verifyPassword, hashJWT, verifyJWT, validatePasswordMiddleware } from '../../server/auth.js';
-import { MailerProvider } from '../../mailer/MailerProvider.js';
-import { CoreWsMailerManagement } from '../../ws/core/management/core.ws.mailer.js';
-import { CoreWsEmit } from '../../ws/core/core.ws.emit.js';
-import { CoreWsMailerChannel } from '../../ws/core/channels/core.ws.mailer.js';
-import validator from 'validator';
-import { DataBaseProvider } from '../../db/DataBaseProvider.js';
-import { s4 } from '../../client/components/core/CommonJs.js';
-import { FileFactory } from '../file/file.service.js';
-import fs from 'fs-extra';
-import { svg, png, png3x } from 'font-awesome-assets';
-import { UserDto } from './user.model.js';
-import Jimp from 'jimp';
-const logger = loggerFactory(import.meta);
-const getDefaultProfileImageId = async (File) => {
-  const faId = 'user';
-  const tmpFilePath = `./tmp/${faId}-${s4() + s4()}.svg`;
-  fs.writeFileSync(tmpFilePath, svg(faId, '#f5f5f5d1'), 'utf8');
-  const file = await new File(FileFactory.svg(fs.readFileSync(tmpFilePath), `${faId}.svg`)).save();
-  fs.removeSync(tmpFilePath);
-  return file._id;
-};
-const UserService = {
-  post: async (req, res, options) => {
-    /** @type {import('./user.model.js').UserModel} */
-    const User = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.User;
-    /** @type {import('../file/file.model.js').FileModel} */
-    const File = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.File;
-    if (req.params.id === 'recover-verify-email') {
-      const user = await User.findOne({
-        email: req.body.email,
-      });
-      if (!user) throw new Error('Email address does not exist');
-      const token = hashJWT({ email: req.body.email }, '15m');
-      const payloadToken = hashJWT({ email: req.body.email }, '15m');
-      const id = `${options.host}${options.path}`;
-      const translate = {
-        H1: {
-          en: 'Recover your account',
-          es: 'Recupera tu cuenta',
-        },
-        P1: {
-          en: 'To recover your account, please click the button below:',
-          es: 'Para recuperar tu cuenta, haz click en el botón de abajo:',
-        },
-        BTN_LABEL: {
-          en: 'Recover Password',
-          es: 'Recuperar Contraseña',
-        },
-      };
-      const sendResult = await MailerProvider.send({
-        id,
-        sendOptions: {
-          to: req.body.email, // list of receivers
-          subject: translate.H1[req.lang], // Subject line
-          text: translate.H1[req.lang], // plain text body
-          html: MailerProvider.instance[id].templates.userRecoverEmail
-            .replace('{{H1}}', translate.H1[req.lang])
-            .replace('{{P1}}', translate.P1[req.lang])
-            .replace('{{TOKEN}}', token)
-            .replace(`{{COMPANY}}`, options.host) // html body
-            .replace(
-              '{{RECOVER_WEB_URL}}',
-              `${process.env === 'development' ? 'http://' : 'https://'}${options.host}${options.path}${
-                options.path === '/' ? 'recover' : `/recover`
-              }?payload=${payloadToken}`,
-            )
-            .replace('{{RECOVER_BTN_LABEL}}', translate.BTN_LABEL[req.lang]),
-          attachments: [
-            // {
-            //   filename: 'logo.png',
-            //   path: `./logo.png`,
-            //   cid: 'logo', // <img src='cid:logo'>
-            // },
-          ],
-        },
-      });
-      if (!sendResult) throw new Error('email send error');
-      return { message: 'email send successfully' };
-    }
-    if (req.path.startsWith('/mailer') && req.params.id === 'verify-email') {
-      if (!validator.isEmail(req.body.email)) throw { message: 'invalid email' };
-      const token = hashJWT({ email: req.body.email });
-      const id = `${options.host}${options.path}`;
-      const user = await User.findById(req.auth.user._id);
-      if (user.emailConfirmed) throw new Error('email already confirmed');
-      if (user.email !== req.body.email) {
-        req.body.emailConfirmed = false;
-        const result = await User.findByIdAndUpdate(
-          req.auth.user._id,
-          { emailConfirmed: false, email: req.body.email },
-          {
-            runValidators: true,
-          },
-        );
-      }
-      const translate = {
-        H1: {
-          en: 'Confirm Your Email',
-          zh: '请确认您的电子邮箱',
-          es: 'Confirma tu correo electrónico',
-        },
-        P1: {
-          en: 'Email confirmed! Thanks.',
-          zh: '电子邮箱已确认！感谢。',
-          es: 'Correo electrónico confirmado! Gracias.',
-        },
-      };
-      const sendResult = await MailerProvider.send({
-        id,
-        sendOptions: {
-          to: req.body.email, // list of receivers
-          subject: translate.H1[req.lang], // Subject line
-          text: translate.H1[req.lang], // plain text body
-          html: MailerProvider.instance[id].templates.userVerifyEmail
-            .replace('{{H1}}', translate.H1[req.lang])
-            .replace('{{P1}}', translate.P1[req.lang])
-            .replace('{{TOKEN}}', token)
-            .replace(`{{COMPANY}}`, options.host), // html body
-          attachments: [
-            // {
-            //   filename: 'logo.png',
-            //   path: `./logo.png`,
-            //   cid: 'logo', // <img src='cid:logo'>
-            // },
-          ],
-        },
-      });
-      if (!sendResult) throw new Error('email send error');
-      return { message: 'email send successfully' };
-    }
-    switch (req.params.id) {
-      case 'auth':
-        const user = await User.findOne({
-          email: req.body.email,
-        });
-        const getMinutesRemaining = () => (-1 * user.failedLoginAttempts - new Date().getTime()) / (1000 * 60);
-        const accountLocketMessage = () =>
-          `Account locked. Please try again in: ${
-            getMinutesRemaining() < 1
-              ? `${(getMinutesRemaining() * 60).toFixed(0)} s`
-              : `${getMinutesRemaining().toFixed(0)} min`
-          }.`;
-        if (user) {
-          const { _id } = user;
-          const validPassword = await verifyPassword(req.body.password, user.password);
-          if (validPassword === true) {
-            if (!user.profileImageId)
-              await User.findByIdAndUpdate(
-                user._id,
-                { profileImageId: await getDefaultProfileImageId(File) },
-                {
-                  runValidators: true,
-                },
-              );
-            {
-              if (getMinutesRemaining() <= 0 || user.failedLoginAttempts >= 0) {
-                const user = await User.findOne({
-                  _id,
-                }).select(UserDto.select.get());
-                await User.findByIdAndUpdate(
-                  _id,
-                  { lastLoginDate: new Date(), failedLoginAttempts: 0 },
-                  {
-                    runValidators: true,
-                  },
-                );
-                return {
-                  token: hashJWT({ user: UserDto.auth.payload(user) }),
-                  user,
-                };
-              } else throw new Error(accountLocketMessage());
-            }
-          } else {
-            if (user.failedLoginAttempts >= 5) {
-              await User.findByIdAndUpdate(
-                _id,
-                { failedLoginAttempts: -1 * (+new Date() + 60 * 1000 * 15) },
-                {
-                  runValidators: true,
-                },
-              );
-              setTimeout(async () => {
-                await User.findByIdAndUpdate(
-                  _id,
-                  { failedLoginAttempts: 0 },
-                  {
-                    runValidators: true,
-                  },
-                );
-              }, 60 * 1000 * 15);
-              throw new Error(`Account locked. Please try again in: 15 min.`);
-            } else if (user.failedLoginAttempts < 0 && getMinutesRemaining() > 0) {
-              throw new Error(accountLocketMessage());
-            } else if (user.failedLoginAttempts < 0 && getMinutesRemaining() < 0) {
-              await User.findByIdAndUpdate(
-                _id,
-                { failedLoginAttempts: 0 },
-                {
-                  runValidators: true,
-                },
-              );
-              user.failedLoginAttempts = 0;
-            }
-            try {
-              await User.findByIdAndUpdate(
-                _id,
-                { failedLoginAttempts: user.failedLoginAttempts + 1 },
-                {
-                  runValidators: true,
-                },
-              );
-            } catch (error) {
-              logger.error(error, { params: req.params, body: req.body });
-            }
-            throw new Error(`invalid email or password, remaining attempts: ${5 - user.failedLoginAttempts}`);
-          }
-        } else throw new Error('invalid email or password');
-      default: {
-        const validatePassword = validatePasswordMiddleware(req.body.password);
-        if (validatePassword.status === 'error') throw new Error(validatePassword.message);
-        req.body.password = await hashPassword(req.body.password);
-        req.body.role = 'user';
-        req.body.profileImageId = await getDefaultProfileImageId(File);
-        const { _id } = await new User(req.body).save();
-        if (_id) {
-          const user = await User.findOne({ _id }).select(UserDto.select.get());
-          return {
-            token: hashJWT({ user: UserDto.auth.payload(user) }),
-            user,
-          };
-        } else throw new Error('failed to create user');
-      }
-    }
-  },
-  get: async (req, res, options) => {
-    /** @type {import('./user.model.js').UserModel} */
-    const User = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.User;
-    /** @type {import('../file/file.model.js').FileModel} */
-    const File = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.File;
-    if (req.path.startsWith('/email')) {
-      return await User.findOne({
-        email: req.params.email,
-      }).select(UserDto.select.get());
-    }
-    if (req.path.startsWith('/recover')) {
-      let payload;
-      try {
-        payload = verifyJWT(req.params.id);
-      } catch (error) {
-        logger.error(error, { 'req.params.id': req.params.id });
-        options.png.header(res);
-        return options.png.buffer['invalid-token'];
-      }
-      const user = await User.findOne({
-        email: payload.email,
-      });
-      if (user) {
-        const { _id } = user;
-        await User.findByIdAndUpdate(
-          _id,
-          { recoverTimeOut: new Date(+new Date() + 1000 * 60 * 15) },
-          { runValidators: true },
-        ); // 15m
-        options.png.header(res);
-        return options.png.buffer['recover'];
-      } else {
-        options.png.header(res);
-        return options.png.buffer['invalid-token'];
-      }
-    }
-    if (req.path.startsWith('/mailer')) {
-      let payload;
-      try {
-        payload = verifyJWT(req.params.id);
-      } catch (error) {
-        logger.error(error, { 'req.params.id': req.params.id });
-        options.png.header(res);
-        return options.png.buffer['invalid-token'];
-      }
-      const user = await User.findOne({
-        email: payload.email,
-      });
-      if (user) {
-        const { _id } = user;
-        {
-          const user = await User.findByIdAndUpdate(_id, { emailConfirmed: true }, { runValidators: true });
-        }
-        const userWsId = CoreWsMailerManagement.getUserWsId(`${options.host}${options.path}`, user._id.toString());
-        CoreWsEmit(CoreWsMailerChannel.channel, CoreWsMailerChannel.client[userWsId], {
-          status: 'email-confirmed',
-          id: userWsId,
-        });
-        options.png.header(res);
-        return options.png.buffer['check'];
-      } else {
-        options.png.header(res);
-        return options.png.buffer['invalid-token'];
-      }
-    }
-    switch (req.params.id) {
-      case 'all':
-        return await User.find().select(UserDto.select.getAll());
-      case 'auth': {
-        const user = await User.findOne({
-          _id: req.auth.user._id,
-        });
-        const file = await File.findOne({ _id: user.profileImageId });
-        if (!file) {
-          await User.findByIdAndUpdate(
-            user._id,
-            { profileImageId: await getDefaultProfileImageId(File) },
-            {
-              runValidators: true,
-            },
-          );
-        }
-        return await User.findOne({
-          _id: req.auth.user._id,
-        }).select(UserDto.select.get());
-      }
-      default: {
-        const user = await User.findOne({
-          _id: req.auth.user._id,
-        });
-        switch (user.role) {
-          case 'admin': {
-            if (req.params.id) return await User.findById(req.params.id);
-            return await User.find();
-          }
-          default:
-            if (req.auth.user._id !== req.params.id) throw new Error(`Invalid token user id`);
-            return await User.findOne({
-              _id: req.params.id,
-            }).select(UserDto.select.get());
-        }
-      }
-    }
-  },
-  delete: async (req, res, options) => {
-    /** @type {import('./user.model.js').UserModel} */
-    const User = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.User;
-    switch (req.params.id) {
-      default: {
-        const user = await User.findOne({
-          _id: req.auth.user._id,
-        });
-        switch (user.role) {
-          case 'admin': {
-            if (req.params.id) return await User.findByIdAndDelete(req.params.id);
-            else return await await User.deleteMany();
-          }
-          default:
-            if (req.auth.user._id !== req.params.id) throw new Error(`Invalid token user id`);
-            const user = await User.findOne({
-              _id: req.params.id,
-            }).select(UserDto.select.get());
-            if (user) {
-              await User.findByIdAndDelete(req.params.id);
-              return user;
-            } else throw new Error('user not found');
-        }
-      }
-    }
-  },
-  put: async (req, res, options) => {
-    /** @type {import('./user.model.js').UserModel} */
-    const User = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.User;
-    /** @type {import('../file/file.model.js').FileModel} */
-    const File = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.File;
-    // req.path | req.baseUrl
-    if (req.path.startsWith('/profile-image')) {
-      const _id = req.auth.user._id;
-      if (_id !== req.params.id) throw new Error(`Invalid token user id`);
-      const user = await User.findOne({
-        _id,
-      });
-      if (!user) throw new Error(`User not found`);
-      if (user.profileImageId) await File.findByIdAndDelete(user.profileImageId);
-      const [imageFile] = await FileFactory.upload(req, File);
-      if (!imageFile) throw new Error('invalid file');
-      await User.findByIdAndUpdate(
-        _id,
-        {
-          profileImageId: imageFile._id.toString(),
-        },
-        { runValidators: true },
-      );
-      return await User.findOne({
-        _id,
-      }).select(UserDto.select.get());
-    }
-    if (req.path.startsWith('/recover')) {
-      const payload = verifyJWT(req.params.id);
-      const user = await User.findOne({
-        email: payload.email,
-      });
-      if (user && new Date().getTime() < new Date(user.recoverTimeOut).getTime()) {
-        const validatePassword = validatePasswordMiddleware(req.body.password);
-        if (validatePassword.status === 'error') throw new Error(validatePassword.message);
-        await User.findByIdAndUpdate(
-          user._id,
-          { password: await hashPassword(req.body.password), recoverTimeOut: new Date(), failedLoginAttempts: 0 },
-          { runValidators: true },
-        );
-        return await User.findOne({
-          _id: user._id,
-        }).select(UserDto.select.get());
-      } else throw new Error('invalid token');
-    }
-    switch (req.params.id) {
-      default: {
-        const user = await User.findOne({
-          _id: req.auth.user._id,
-        });
-        switch (user.role) {
-          case 'admin': {
-            if (req.body.password) req.body.password = await hashPassword(req.body.password);
-            return await User.findByIdAndUpdate(req.params.id, req.body, {
-              runValidators: true,
-            });
-          }
-          default: {
-            const _id = req.auth.user._id;
-            if (_id !== req.params.id) throw new Error(`Invalid token user id`);
-            const user = await User.findOne({ _id });
-            await User.findByIdAndUpdate(
-              _id,
-              {
-                email: req.body.email && !user.emailConfirmed ? req.body.email : user.email,
-                username: req.body.username,
-              },
-              { runValidators: true },
-            );
-            return await User.findOne({
-              _id,
-            }).select(UserDto.select.get());
-          }
-        }
-      }
-    }
-  },
-};
-export { UserService };
+import { loggerFactory } from '../../server/logger.js';
+import { hashPassword, verifyPassword, hashJWT, verifyJWT, validatePasswordMiddleware } from '../../server/auth.js';
+import { MailerProvider } from '../../mailer/MailerProvider.js';
+import { CoreWsMailerManagement } from '../../ws/core/management/core.ws.mailer.js';
+import { CoreWsEmit } from '../../ws/core/core.ws.emit.js';
+import { CoreWsMailerChannel } from '../../ws/core/channels/core.ws.mailer.js';
+import validator from 'validator';
+import { DataBaseProvider } from '../../db/DataBaseProvider.js';
+import { s4 } from '../../client/components/core/CommonJs.js';
+import { FileFactory } from '../file/file.service.js';
+import fs from 'fs-extra';
+import { svg, png, png3x } from 'font-awesome-assets';
+import { UserDto } from './user.model.js';
+import Jimp from 'jimp';
+const logger = loggerFactory(import.meta);
+const getDefaultProfileImageId = async (File) => {
+  const faId = 'user';
+  const tmpFilePath = `./tmp/${faId}-${s4() + s4()}.svg`;
+  fs.writeFileSync(tmpFilePath, svg(faId, '#f5f5f5d1'), 'utf8');
+  const file = await new File(FileFactory.svg(fs.readFileSync(tmpFilePath), `${faId}.svg`)).save();
+  fs.removeSync(tmpFilePath);
+  return file._id;
+};
+const UserService = {
+  post: async (req, res, options) => {
+    /** @type {import('./user.model.js').UserModel} */
+    const User = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.User;
+    /** @type {import('../file/file.model.js').FileModel} */
+    const File = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.File;
+    if (req.params.id === 'recover-verify-email') {
+      const user = await User.findOne({
+        email: req.body.email,
+      });
+      if (!user) throw new Error('Email address does not exist');
+      const token = hashJWT({ email: req.body.email }, '15m');
+      const payloadToken = hashJWT({ email: req.body.email }, '15m');
+      const id = `${options.host}${options.path}`;
+      const translate = {
+        H1: {
+          en: 'Recover your account',
+          es: 'Recupera tu cuenta',
+        },
+        P1: {
+          en: 'To recover your account, please click the button below:',
+          es: 'Para recuperar tu cuenta, haz click en el botón de abajo:',
+        },
+        BTN_LABEL: {
+          en: 'Recover Password',
+          es: 'Recuperar Contraseña',
+        },
+      };
+      const sendResult = await MailerProvider.send({
+        id,
+        sendOptions: {
+          to: req.body.email, // list of receivers
+          subject: translate.H1[req.lang], // Subject line
+          text: translate.H1[req.lang], // plain text body
+          html: MailerProvider.instance[id].templates.userRecoverEmail
+            .replace('{{H1}}', translate.H1[req.lang])
+            .replace('{{P1}}', translate.P1[req.lang])
+            .replace('{{TOKEN}}', token)
+            .replace(`{{COMPANY}}`, options.host) // html body
+            .replace(
+              '{{RECOVER_WEB_URL}}',
+              `${process.env === 'development' ? 'http://' : 'https://'}${options.host}${options.path}${
+                options.path === '/' ? 'recover' : `/recover`
+              }?payload=${payloadToken}`,
+            )
+            .replace('{{RECOVER_BTN_LABEL}}', translate.BTN_LABEL[req.lang]),
+          attachments: [
+            // {
+            //   filename: 'logo.png',
+            //   path: `./logo.png`,
+            //   cid: 'logo', // <img src='cid:logo'>
+            // },
+          ],
+        },
+      });
+      if (!sendResult) throw new Error('email send error');
+      return { message: 'email send successfully' };
+    }
+    if (req.path.startsWith('/mailer') && req.params.id === 'verify-email') {
+      if (!validator.isEmail(req.body.email)) throw { message: 'invalid email' };
+      const token = hashJWT({ email: req.body.email });
+      const id = `${options.host}${options.path}`;
+      const user = await User.findById(req.auth.user._id);
+      if (user.emailConfirmed) throw new Error('email already confirmed');
+      if (user.email !== req.body.email) {
+        req.body.emailConfirmed = false;
+        const result = await User.findByIdAndUpdate(
+          req.auth.user._id,
+          { emailConfirmed: false, email: req.body.email },
+          {
+            runValidators: true,
+          },
+        );
+      }
+      const translate = {
+        H1: {
+          en: 'Confirm Your Email',
+          zh: '请确认您的电子邮箱',
+          es: 'Confirma tu correo electrónico',
+        },
+        P1: {
+          en: 'Email confirmed! Thanks.',
+          zh: '电子邮箱已确认！感谢。',
+          es: 'Correo electrónico confirmado! Gracias.',
+        },
+      };
+      const sendResult = await MailerProvider.send({
+        id,
+        sendOptions: {
+          to: req.body.email, // list of receivers
+          subject: translate.H1[req.lang], // Subject line
+          text: translate.H1[req.lang], // plain text body
+          html: MailerProvider.instance[id].templates.userVerifyEmail
+            .replace('{{H1}}', translate.H1[req.lang])
+            .replace('{{P1}}', translate.P1[req.lang])
+            .replace('{{TOKEN}}', token)
+            .replace(`{{COMPANY}}`, options.host), // html body
+          attachments: [
+            // {
+            //   filename: 'logo.png',
+            //   path: `./logo.png`,
+            //   cid: 'logo', // <img src='cid:logo'>
+            // },
+          ],
+        },
+      });
+      if (!sendResult) throw new Error('email send error');
+      return { message: 'email send successfully' };
+    }
+    switch (req.params.id) {
+      case 'auth':
+        const user = await User.findOne({
+          email: req.body.email,
+        });
+        const getMinutesRemaining = () => (-1 * user.failedLoginAttempts - new Date().getTime()) / (1000 * 60);
+        const accountLocketMessage = () =>
+          `Account locked. Please try again in: ${
+            getMinutesRemaining() < 1
+              ? `${(getMinutesRemaining() * 60).toFixed(0)} s`
+              : `${getMinutesRemaining().toFixed(0)} min`
+          }.`;
+        if (user) {
+          const { _id } = user;
+          const validPassword = await verifyPassword(req.body.password, user.password);
+          if (validPassword === true) {
+            if (!user.profileImageId)
+              await User.findByIdAndUpdate(
+                user._id,
+                { profileImageId: await getDefaultProfileImageId(File) },
+                {
+                  runValidators: true,
+                },
+              );
+            {
+              if (getMinutesRemaining() <= 0 || user.failedLoginAttempts >= 0) {
+                const user = await User.findOne({
+                  _id,
+                }).select(UserDto.select.get());
+                await User.findByIdAndUpdate(
+                  _id,
+                  { lastLoginDate: new Date(), failedLoginAttempts: 0 },
+                  {
+                    runValidators: true,
+                  },
+                );
+                return {
+                  token: hashJWT({ user: UserDto.auth.payload(user) }),
+                  user,
+                };
+              } else throw new Error(accountLocketMessage());
+            }
+          } else {
+            if (user.failedLoginAttempts >= 5) {
+              await User.findByIdAndUpdate(
+                _id,
+                { failedLoginAttempts: -1 * (+new Date() + 60 * 1000 * 15) },
+                {
+                  runValidators: true,
+                },
+              );
+              setTimeout(async () => {
+                await User.findByIdAndUpdate(
+                  _id,
+                  { failedLoginAttempts: 0 },
+                  {
+                    runValidators: true,
+                  },
+                );
+              }, 60 * 1000 * 15);
+              throw new Error(`Account locked. Please try again in: 15 min.`);
+            } else if (user.failedLoginAttempts < 0 && getMinutesRemaining() > 0) {
+              throw new Error(accountLocketMessage());
+            } else if (user.failedLoginAttempts < 0 && getMinutesRemaining() < 0) {
+              await User.findByIdAndUpdate(
+                _id,
+                { failedLoginAttempts: 0 },
+                {
+                  runValidators: true,
+                },
+              );
+              user.failedLoginAttempts = 0;
+            }
+            try {
+              await User.findByIdAndUpdate(
+                _id,
+                { failedLoginAttempts: user.failedLoginAttempts + 1 },
+                {
+                  runValidators: true,
+                },
+              );
+            } catch (error) {
+              logger.error(error, { params: req.params, body: req.body });
+            }
+            throw new Error(`invalid email or password, remaining attempts: ${5 - user.failedLoginAttempts}`);
+          }
+        } else throw new Error('invalid email or password');
+      default: {
+        const validatePassword = validatePasswordMiddleware(req.body.password);
+        if (validatePassword.status === 'error') throw new Error(validatePassword.message);
+        req.body.password = await hashPassword(req.body.password);
+        req.body.role = 'user';
+        req.body.profileImageId = await getDefaultProfileImageId(File);
+        const { _id } = await new User(req.body).save();
+        if (_id) {
+          const user = await User.findOne({ _id }).select(UserDto.select.get());
+          return {
+            token: hashJWT({ user: UserDto.auth.payload(user) }),
+            user,
+          };
+        } else throw new Error('failed to create user');
+      }
+    }
+  },
+  get: async (req, res, options) => {
+    /** @type {import('./user.model.js').UserModel} */
+    const User = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.User;
+    /** @type {import('../file/file.model.js').FileModel} */
+    const File = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.File;
+    if (req.path.startsWith('/email')) {
+      return await User.findOne({
+        email: req.params.email,
+      }).select(UserDto.select.get());
+    }
+    if (req.path.startsWith('/recover')) {
+      let payload;
+      try {
+        payload = verifyJWT(req.params.id);
+      } catch (error) {
+        logger.error(error, { 'req.params.id': req.params.id });
+        options.png.header(res);
+        return options.png.buffer['invalid-token'];
+      }
+      const user = await User.findOne({
+        email: payload.email,
+      });
+      if (user) {
+        const { _id } = user;
+        await User.findByIdAndUpdate(
+          _id,
+          { recoverTimeOut: new Date(+new Date() + 1000 * 60 * 15) },
+          { runValidators: true },
+        ); // 15m
+        options.png.header(res);
+        return options.png.buffer['recover'];
+      } else {
+        options.png.header(res);
+        return options.png.buffer['invalid-token'];
+      }
+    }
+    if (req.path.startsWith('/mailer')) {
+      let payload;
+      try {
+        payload = verifyJWT(req.params.id);
+      } catch (error) {
+        logger.error(error, { 'req.params.id': req.params.id });
+        options.png.header(res);
+        return options.png.buffer['invalid-token'];
+      }
+      const user = await User.findOne({
+        email: payload.email,
+      });
+      if (user) {
+        const { _id } = user;
+        {
+          const user = await User.findByIdAndUpdate(_id, { emailConfirmed: true }, { runValidators: true });
+        }
+        const userWsId = CoreWsMailerManagement.getUserWsId(`${options.host}${options.path}`, user._id.toString());
+        CoreWsEmit(CoreWsMailerChannel.channel, CoreWsMailerChannel.client[userWsId], {
+          status: 'email-confirmed',
+          id: userWsId,
+        });
+        options.png.header(res);
+        return options.png.buffer['check'];
+      } else {
+        options.png.header(res);
+        return options.png.buffer['invalid-token'];
+      }
+    }
+    switch (req.params.id) {
+      case 'all':
+        return await User.find().select(UserDto.select.getAll());
+      case 'auth': {
+        const user = await User.findOne({
+          _id: req.auth.user._id,
+        });
+        const file = await File.findOne({ _id: user.profileImageId });
+        if (!file) {
+          await User.findByIdAndUpdate(
+            user._id,
+            { profileImageId: await getDefaultProfileImageId(File) },
+            {
+              runValidators: true,
+            },
+          );
+        }
+        return await User.findOne({
+          _id: req.auth.user._id,
+        }).select(UserDto.select.get());
+      }
+      default: {
+        const user = await User.findOne({
+          _id: req.auth.user._id,
+        });
+        switch (user.role) {
+          case 'admin': {
+            if (req.params.id) return await User.findById(req.params.id);
+            return await User.find();
+          }
+          default:
+            if (req.auth.user._id !== req.params.id) throw new Error(`Invalid token user id`);
+            return await User.findOne({
+              _id: req.params.id,
+            }).select(UserDto.select.get());
+        }
+      }
+    }
+  },
+  delete: async (req, res, options) => {
+    /** @type {import('./user.model.js').UserModel} */
+    const User = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.User;
+    switch (req.params.id) {
+      default: {
+        const user = await User.findOne({
+          _id: req.auth.user._id,
+        });
+        switch (user.role) {
+          case 'admin': {
+            if (req.params.id) return await User.findByIdAndDelete(req.params.id);
+            else return await await User.deleteMany();
+          }
+          default:
+            if (req.auth.user._id !== req.params.id) throw new Error(`Invalid token user id`);
+            const user = await User.findOne({
+              _id: req.params.id,
+            }).select(UserDto.select.get());
+            if (user) {
+              await User.findByIdAndDelete(req.params.id);
+              return user;
+            } else throw new Error('user not found');
+        }
+      }
+    }
+  },
+  put: async (req, res, options) => {
+    /** @type {import('./user.model.js').UserModel} */
+    const User = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.User;
+    /** @type {import('../file/file.model.js').FileModel} */
+    const File = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.File;
+    // req.path | req.baseUrl
+    if (req.path.startsWith('/profile-image')) {
+      const _id = req.auth.user._id;
+      if (_id !== req.params.id) throw new Error(`Invalid token user id`);
+      const user = await User.findOne({
+        _id,
+      });
+      if (!user) throw new Error(`User not found`);
+      if (user.profileImageId) await File.findByIdAndDelete(user.profileImageId);
+      const [imageFile] = await FileFactory.upload(req, File);
+      if (!imageFile) throw new Error('invalid file');
+      await User.findByIdAndUpdate(
+        _id,
+        {
+          profileImageId: imageFile._id.toString(),
+        },
+        { runValidators: true },
+      );
+      return await User.findOne({
+        _id,
+      }).select(UserDto.select.get());
+    }
+    if (req.path.startsWith('/recover')) {
+      const payload = verifyJWT(req.params.id);
+      const user = await User.findOne({
+        email: payload.email,
+      });
+      if (user && new Date().getTime() < new Date(user.recoverTimeOut).getTime()) {
+        const validatePassword = validatePasswordMiddleware(req.body.password);
+        if (validatePassword.status === 'error') throw new Error(validatePassword.message);
+        await User.findByIdAndUpdate(
+          user._id,
+          { password: await hashPassword(req.body.password), recoverTimeOut: new Date(), failedLoginAttempts: 0 },
+          { runValidators: true },
+        );
+        return await User.findOne({
+          _id: user._id,
+        }).select(UserDto.select.get());
+      } else throw new Error('invalid token');
+    }
+    switch (req.params.id) {
+      default: {
+        const user = await User.findOne({
+          _id: req.auth.user._id,
+        });
+        switch (user.role) {
+          case 'admin': {
+            if (req.body.password) req.body.password = await hashPassword(req.body.password);
+            return await User.findByIdAndUpdate(req.params.id, req.body, {
+              runValidators: true,
+            });
+          }
+          default: {
+            const _id = req.auth.user._id;
+            if (_id !== req.params.id) throw new Error(`Invalid token user id`);
+            const user = await User.findOne({ _id });
+            await User.findByIdAndUpdate(
+              _id,
+              {
+                email: req.body.email && !user.emailConfirmed ? req.body.email : user.email,
+                username: req.body.username,
+              },
+              { runValidators: true },
+            );
+            return await User.findOne({
+              _id,
+            }).select(UserDto.select.get());
+          }
+        }
+      }
+    }
+  },
+};
+export { UserService };