underpost 2.8.86 → 2.8.88

package/src/api/user/user.model.js

@@ -1,7 +1,7 @@
 import { Schema, model } from 'mongoose';
 import validator from 'validator';
 import { userRoleEnum } from '../../client/components/core/CommonJs.js';
-
+import crypto from 'crypto';
 // https://mongoosejs.com/docs/2.7.x/docs/schematypes.html
 
 const UserSchema = new Schema(
@@ -22,6 +22,19 @@ const UserSchema = new Schema(
     password: { type: String, trim: true, required: 'Password is required' },
     username: { type: String, trim: true, unique: true, required: 'Username is required' },
     role: { type: String, enum: userRoleEnum, default: 'guest' },
+    activeSessions: {
+      type: [
+        {
+          tokenHash: { type: String, required: true },
+          ip: { type: String },
+          userAgent: { type: String },
+          expiresAt: { type: Date, required: true },
+          host: { type: String },
+          path: { type: String },
+        },
+      ],
+      default: [],
+    },
     profileImageId: { type: Schema.Types.ObjectId, ref: 'File' },
     phoneNumbers: [
       {
@@ -63,15 +76,24 @@ const UserDto = {
       return { _id: 1, username: 1, email: 1, role: 1, emailConfirmed: 1, profileImageId: 1 };
     },
     getAll: () => {
-      return { _id: 1, name: 1 };
+      return { _id: 1 };
     },
   },
   auth: {
-    // TODO: -> set login device, location, ip, fingerprint
-    //          and validate on authorization middleware
-    //       -> dynamic refresh 100 tokens per session with 12h interval
-    //       -> back secret per user, registrarion user model -> secret: { type: String }
-    payload: (user) => ({ _id: user._id.toString(), role: user.role, email: user.email }),
+    payload: (user, jwtid, ip, userAgent, host, path) => {
+      const tokenPayload = {
+        _id: user._id.toString(),
+        role: user.role,
+        email: user.email,
+        ip,
+        userAgent,
+        host,
+        path,
+        jwtid: jwtid ?? crypto.randomBytes(8).toString('hex'),
+        refreshExpiresAt: Date.now() + parseInt(process.env.REFRESH_EXPIRE_MINUTES) * 60 * 1000,
+      };
+      return tokenPayload;
+    },
   },
 };
 

package/src/api/user/user.router.js

@@ -1,23 +1,28 @@
-import { authMiddleware, hashPassword } from '../../server/auth.js';
+import { hashPassword } from '../../server/auth.js';
 import fs from 'fs-extra';
 import { loggerFactory } from '../../server/logger.js';
 import { UserController } from './user.controller.js';
 import express from 'express';
 import { DataBaseProvider } from '../../db/DataBaseProvider.js';
+import { FileFactory } from '../file/file.service.js';
+import { s4 } from '../../client/components/core/CommonJs.js';
 
 const logger = loggerFactory(import.meta);
 
 const UserRouter = (options) => {
   const router = express.Router();
+  const authMiddleware = options.authMiddleware;
 
   (async () => {
-    const models = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models;
-    if (models.User) {
-      try {
-        const adminUser = await models.User.findOne({ role: 'admin' });
+    // admin user seed
+    try {
+      const models = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models;
+      let adminUser;
+      if (models.User) {
+        adminUser = await models.User.findOne({ role: 'admin' });
         if (!adminUser) {
           const defaultPassword = process.env.DEFAULT_ADMIN_PASSWORD || 'changethis';
-          const hashedPassword = hashPassword(defaultPassword);
+          const hashedPassword = await hashPassword(defaultPassword);
 
           const result = await models.User.create({
             username: 'admin',
@@ -29,10 +34,13 @@ const UserRouter = (options) => {
           });
           logger.warn('Default admin user created. Please change the default password immediately!', result._doc);
         }
-      } catch (error) {
-        logger.error('Error checking/creating admin user:', error);
       }
+    } catch (error) {
+      logger.error('Error checking/creating admin user');
+      console.log(error);
     }
+
+    // default user avatar seed
     options.png = {
       buffer: {
         'invalid-token': fs.readFileSync(`./src/client/public/default/assets/mailer/api-user-invalid-token.png`),
@@ -40,9 +48,33 @@ const UserRouter = (options) => {
         check: fs.readFileSync(`./src/client/public/default/assets/mailer/api-user-check.png`),
       },
       header: (res) => {
+        res.set('Cross-Origin-Resource-Policy', 'cross-origin');
+        res.set('Access-Control-Allow-Origin', '*');
+        res.set('Access-Control-Allow-Headers', '*');
         res.set('Content-Type', 'image/png');
       },
     };
+
+    try {
+      const models = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models;
+      const name = 'api-user-default-avatar.png';
+      const imageFile = await models.File.findOne({ name });
+      let _id;
+      if (imageFile) {
+        _id = imageFile._id;
+      } else {
+        const file = await new models.File(
+          FileFactory.create(fs.readFileSync(`./src/client/public/default/assets/mailer/${name}`), name),
+        ).save();
+        _id = file._id;
+      }
+      options.getDefaultProfileImageId = async () => {
+        return _id;
+      };
+    } catch (error) {
+      logger.error('Error checking/creating default profile image');
+      console.log(error);
+    }
   })();
 
   router.post(`/mailer/:id`, authMiddleware, async (req, res) => {

package/src/api/user/user.service.js

@@ -1,5 +1,16 @@
 import { loggerFactory } from '../../server/logger.js';
-import { hashPassword, verifyPassword, hashJWT, verifyJWT, validatePasswordMiddleware } from '../../server/auth.js';
+import {
+  hashPassword,
+  verifyPassword,
+  verifyJWT,
+  createSessionAndUserToken,
+  createUserAndSession,
+  refreshSessionAndToken,
+  hashToken,
+  jwtSign,
+  getBearerToken,
+  validatePasswordMiddleware,
+} from '../../server/auth.js';
 import { MailerProvider } from '../../mailer/MailerProvider.js';
 import { CoreWsMailerManagement } from '../../ws/core/management/core.ws.mailer.js';
 import { CoreWsEmit } from '../../ws/core/core.ws.emit.js';
@@ -9,7 +20,6 @@ import { DataBaseProvider } from '../../db/DataBaseProvider.js';
 import { FileFactory } from '../file/file.service.js';
 import { UserDto } from './user.model.js';
 import { selectDtoFactory, ValkeyAPI } from '../../server/valkey.js';
-import { getDefaultProfileImageId } from '../../server/client-icons.js';
 
 const logger = loggerFactory(import.meta);
 
@@ -28,8 +38,8 @@ const UserService = {
 
       if (!user) throw new Error('Email address does not exist');
 
-      const token = hashJWT({ email: req.body.email }, '15m');
-      const payloadToken = hashJWT({ email: req.body.email }, '15m');
+      const token = jwtSign({ email: req.body.email }, options, 15);
+      const payloadToken = jwtSign({ email: req.body.email }, options, 15);
       const id = `${options.host}${options.path}`;
       const translate = MailerProvider.instance[id].translateTemplates.recoverEmail;
       const recoverUrl = `${process.env.NODE_ENV === 'development' ? 'http://' : 'https://'}${req.body.hostname}${
@@ -66,7 +76,7 @@ const UserService = {
     if (req.path.startsWith('/mailer') && req.params.id === 'verify-email') {
       if (!validator.isEmail(req.body.email)) throw { message: 'invalid email' };
 
-      const token = hashJWT({ email: req.body.email });
+      const token = jwtSign({ email: req.body.email }, options, 15);
       const id = `${options.host}${options.path}`;
       const user = await User.findById(req.auth.user._id);
 
@@ -129,7 +139,7 @@ const UserService = {
             if (!user.profileImageId)
               await User.findByIdAndUpdate(
                 user._id,
-                { profileImageId: await getDefaultProfileImageId(File) },
+                { profileImageId: await options.getDefaultProfileImageId(File) },
                 {
                   runValidators: true,
                 },
@@ -146,8 +156,13 @@ const UserService = {
                     runValidators: true,
                   },
                 );
+
+                const { jwtid } = await createSessionAndUserToken(user, User, req, res, options);
                 return {
-                  token: hashJWT({ user: UserDto.auth.payload(user) }),
+                  token: jwtSign(
+                    UserDto.auth.payload(user, jwtid, req.ip, req.headers['user-agent'], options.host, options.path),
+                    options,
+                  ),
                   user,
                 };
               } else throw new Error(accountLocketMessage());
@@ -194,33 +209,24 @@ const UserService = {
             } catch (error) {
               logger.error(error, { params: req.params, body: req.body });
             }
-            throw new Error(`invalid email or password, remaining attempts: ${5 - user.failedLoginAttempts}`);
+            throw new Error(`Invalid credentials. Remaining attempts: ${5 - user.failedLoginAttempts}`);
           }
-        } else throw new Error('invalid email or password');
+        } else throw new Error('Invalid credentials');
 
       case 'guest': {
         const user = await ValkeyAPI.valkeyObjectFactory(options, 'user');
         await ValkeyAPI.setValkeyObject(options, user.email, user);
         return {
-          token: hashJWT({ user: UserDto.auth.payload(user) }),
+          token: jwtSign(
+            UserDto.auth.payload(user, null, req.ip, req.headers['user-agent'], options.host, options.path),
+            options,
+          ),
           user: selectDtoFactory(user, UserDto.select.get()),
         };
       }
 
       default: {
-        const validatePassword = validatePasswordMiddleware(req.body.password);
-        if (validatePassword.status === 'error') throw new Error(validatePassword.message);
-        req.body.password = await hashPassword(req.body.password);
-        req.body.role = req.body.role === 'guest' ? 'guest' : 'user';
-        req.body.profileImageId = await getDefaultProfileImageId(File);
-        const { _id } = await new User(req.body).save();
-        if (_id) {
-          const user = await User.findOne({ _id }).select(UserDto.select.get());
-          return {
-            token: hashJWT({ user: UserDto.auth.payload(user) }),
-            user,
-          };
-        } else throw new Error('failed to create user');
+        return await createUserAndSession(req, res, User, File, options);
       }
     }
   },
@@ -240,7 +246,7 @@ const UserService = {
     if (req.path.startsWith('/recover')) {
       let payload;
       try {
-        payload = verifyJWT(req.params.id);
+        payload = verifyJWT(req.params.id, options);
       } catch (error) {
         logger.error(error, { 'req.params.id': req.params.id });
         options.png.header(res);
@@ -255,7 +261,7 @@ const UserService = {
           _id,
           { recoverTimeOut: new Date(+new Date() + 1000 * 60 * 15) },
           { runValidators: true },
-        ); // 15m
+        );
         options.png.header(res);
         return options.png.buffer['recover'];
       } else {
@@ -267,7 +273,7 @@ const UserService = {
     if (req.path.startsWith('/mailer')) {
       let payload;
       try {
-        payload = verifyJWT(req.params.id);
+        payload = verifyJWT(req.params.id, options);
       } catch (error) {
         logger.error(error, { 'req.params.id': req.params.id });
         options.png.header(res);
@@ -295,8 +301,24 @@ const UserService = {
     }
 
     switch (req.params.id) {
-      case 'all':
-        return await User.find().select(UserDto.select.getAll());
+      case 'all': {
+        if (req.auth.user.role === 'admin') {
+          const page = parseInt(req.query.page) || 1;
+          const limit = parseInt(req.query.limit) || 10;
+          const skip = (page - 1) * limit;
+
+          const data = await User.find().select(UserDto.select.get()).skip(skip).limit(limit);
+          const total = await User.countDocuments();
+
+          return {
+            data,
+            page,
+            limit,
+            total,
+            totalPages: Math.ceil(total / limit),
+          };
+        } else throw new Error(`Invalid token user id`);
+      }
 
       case 'auth': {
         let user;
@@ -308,22 +330,33 @@ const UserService = {
             _id: req.auth.user._id,
           });
 
+        if (!user) throw new Error('user not found');
+
         const file = await File.findOne({ _id: user.profileImageId });
 
         if (!file && !(await ValkeyAPI.getValkeyObject(options, req.auth.user.email))) {
           await User.findByIdAndUpdate(
             user._id,
-            { profileImageId: await getDefaultProfileImageId(File) },
+            { profileImageId: await options.getDefaultProfileImageId(File) },
             {
               runValidators: true,
             },
           );
         }
-        return (await ValkeyAPI.getValkeyObject(options, req.auth.user.email))
-          ? selectDtoFactory(await ValkeyAPI.getValkeyObject(options, req.auth.user.email), UserDto.select.get())
-          : await User.findOne({
-              _id: req.auth.user._id,
-            }).select(UserDto.select.get());
+
+        const guestUser = await ValkeyAPI.getValkeyObject(options, req.auth.user.email);
+        if (guestUser)
+          return {
+            user: selectDtoFactory(guestUser, UserDto.select.get()),
+            token: getBearerToken(req),
+          };
+
+        return {
+          token: await refreshSessionAndToken(req, res, User, options),
+          user: await User.findOne({
+            _id: req.auth.user._id,
+          }).select(UserDto.select.get()),
+        };
       }
 
       default: {
@@ -347,6 +380,20 @@ const UserService = {
   delete: async (req, res, options) => {
     /** @type {import('./user.model.js').UserModel} */
     const User = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.User;
+
+    if (req.params.id === 'logout') {
+      const refreshToken = req.cookies?.refreshToken;
+      if (refreshToken) {
+        const hashedToken = hashToken(refreshToken);
+        await User.updateOne(
+          { 'activeSessions.tokenHash': hashedToken },
+          { $pull: { activeSessions: { tokenHash: hashedToken } } },
+        );
+      }
+      res.clearCookie('refreshToken');
+      return { message: 'Logged out successfully' };
+    }
+
     switch (req.params.id) {
       default: {
         const user = await User.findOne({
@@ -402,10 +449,14 @@ const UserService = {
     }
 
     if (req.path.startsWith('/recover')) {
-      const payload = verifyJWT(req.params.id);
+      const payload = verifyJWT(req.params.id, options);
       const user = await User.findOne({
         email: payload.email,
       });
+      if (process.env.NODE_ENV === 'development') {
+        logger.warn('Only production check image token request on mailer GET /user/recover, set fallback timeout');
+        user.recoverTimeOut = new Date(+new Date() + 1000 * 60 * 15);
+      }
       if (user && new Date().getTime() < new Date(user.recoverTimeOut).getTime()) {
         const validatePassword = validatePasswordMiddleware(req.body.password);
         if (validatePassword.status === 'error') throw new Error(validatePassword.message);

package/src/cli/baremetal.js

@@ -1,3 +1,10 @@
+/**
+ * Baremetal module for managing the generation and deployment of cloud-init configuration files
+ * and associated scripts for baremetal provisioning.
+ * @module src/cli/baremetal.js
+ * @namespace UnderpostBaremetal
+ */
+
 import { getNpmRootPath, getUnderpostRootPath } from '../server/conf.js';
 import { openTerminal, pbcopy, shellExec } from '../server/process.js';
 import dotenv from 'dotenv';
@@ -40,6 +47,7 @@ class UnderpostBaremetal {
      * @param {boolean} [options.nfsUnmount=false] - Flag to unmount the NFS root filesystem.
      * @param {boolean} [options.nfsSh=false] - Flag to chroot into the NFS environment for shell access.
      * @param {string} [options.logs=''] - Specifies which logs to display ('dhcp', 'cloud', 'machine', 'cloud-config').
+     * @memberof UnderpostBaremetal
      * @returns {void}
      */
     async callback(
@@ -576,6 +584,7 @@ menuentry '${menuentryStr}' {
      * @param {object} params.maas - MAAS configuration details.
      * @param {string} params.networkInterfaceName - The name of the network interface.
      * @returns {Promise<void>} A promise that resolves when commissioning is initiated or after a delay.
+     * @memberof UnderpostBaremetal
      */
     async commissionMonitor({ macAddress, nfsHostPath, underpostRoot, hostname, maas, networkInterfaceName }) {
       {
@@ -725,6 +734,7 @@ menuentry '${menuentryStr}' {
      * This is necessary for cross-architecture execution within a chroot environment.
      * @param {object} params - The parameters for the function.
      * @param {string} params.nfsHostPath - The path to the NFS root filesystem on the host.
+     * @memberof UnderpostBaremetal
      * @returns {void}
      */
     mountBinfmtMisc({ nfsHostPath }) {
@@ -747,6 +757,7 @@ menuentry '${menuentryStr}' {
      * @description Deletes all specified machines from MAAS.
      * @param {object} params - The parameters for the function.
      * @param {Array<object>} params.machines - An array of machine objects, each with a `system_id`.
+     * @memberof UnderpostBaremetal
      * @returns {Array<object>} An empty array after machines are removed.
      */
     removeMachines({ machines }) {
@@ -761,6 +772,7 @@ menuentry '${menuentryStr}' {
      * @description Clears all observed discoveries in MAAS and optionally forces a new scan.
      * @param {object} params - The parameters for the function.
      * @param {boolean} params.force - If true, forces a new discovery scan after clearing.
+     * @memberof UnderpostBaremetal
      * @returns {void}
      */
     clearDiscoveries({ force }) {
@@ -776,6 +788,7 @@ menuentry '${menuentryStr}' {
      * This is used to wait for the target machine to report its MAC address.
      * @param {object} params - The parameters for the function.
      * @param {string} params.nfsHostPath - The NFS host path where the MAC file is expected.
+     * @memberof UnderpostBaremetal
      * @returns {Promise<void>} A promise that resolves when the MAC file is found or after a delay.
      */
     async macMonitor({ nfsHostPath }) {
@@ -794,6 +807,7 @@ menuentry '${menuentryStr}' {
      * for cross-architecture execution within a chroot environment.
      * @param {object} params - The parameters for the function.
      * @param {string} params.nfsHostPath - The path to the NFS root filesystem on the host.
+     * @memberof UnderpostBaremetal
      * @param {'arm64'|'amd64'} params.debootstrapArch - The target architecture of the debootstrap environment.
      * @returns {void}
      */
@@ -825,6 +839,7 @@ menuentry '${menuentryStr}' {
      * @param {string} params.nfsHostPath - The path to the NFS root filesystem on the host.
      * @param {'arm64'|'amd64'} params.debootstrapArch - The target architecture of the debootstrap environment.
      * @param {object} params.callbackMetaData - Metadata about the callback, including runner host architecture.
+     * @memberof UnderpostBaremetal
      * @param {string[]} params.steps - An array of shell commands to execute.
      * @returns {void}
      */
@@ -860,6 +875,7 @@ EOF`);
      * This helps in visualizing and debugging the execution flow of provisioning steps.
      * @param {string[]} [steps=[]] - An array of shell commands.
      * @param {boolean} [yaml=true] - If true, formats the output as YAML list items.
+     * @memberof UnderpostBaremetal
      * @returns {string} The formatted string of commands.
      */
     stepsRender(steps = [], yaml = true) {
@@ -892,6 +908,7 @@ EOF`);
      * @param {string} params.workflowId - The identifier for the workflow configuration.
      * @param {boolean} [params.mount] - If true, attempts to mount the NFS paths.
      * @param {boolean} [params.unmount] - If true, attempts to unmount the NFS paths.
+     * @memberof UnderpostBaremetal
      * @returns {{isMounted: boolean}} An object indicating whether any NFS path is currently mounted.
      */
     nfsMountCallback({ hostname, workflowId, mount, unmount }) {
@@ -929,7 +946,8 @@ EOF`);
      * @method getHostArch
      * @description Determines the architecture of the host machine.
      * This is crucial for cross-compilation and selecting the correct QEMU binaries.
-     * @returns {'amd64'|'arm64'} The host architecture.
+     * @memberof UnderpostBaremetal
+     * @returns {{alias: 'amd64'|'arm64', name: 'x86_64'|'aarch64'}} The host architecture.
      * @throws {Error} If the host architecture is unsupported.
      */
     getHostArch() {
@@ -944,12 +962,16 @@ EOF`);
      * @property {object} systemProvisioningFactory
      * @description A factory object containing functions for system provisioning based on OS type.
      * Each OS type (e.g., 'ubuntu') provides methods for base system setup, user creation,
-     * timezone configuration, and keyboard layout settings.
+     * timezone configuration, and keyboard layout settings.     *
+     * @memberof UnderpostBaremetal
+     * @namespace UnderpostBaremetal.systemProvisioningFactory
      */
     systemProvisioningFactory: {
       /**
        * @property {object} ubuntu
        * @description Provisioning steps for Ubuntu-based systems.
+       * @memberof UnderpostBaremetal.systemProvisioningFactory
+       * @namespace UnderpostBaremetal.systemProvisioningFactory.ubuntu
        */
       ubuntu: {
         /**
@@ -959,6 +981,7 @@ EOF`);
          * kernel modules, cloud-init, SSH server, and other core utilities.
          * @param {object} params - The parameters for the function.
          * @param {string} params.kernelLibVersion - The specific kernel library version to install.
+         * @memberof UnderpostBaremetal.systemProvisioningFactory.ubuntu
          * @returns {string[]} An array of shell commands.
          */
         base: ({ kernelLibVersion }) => [
@@ -991,6 +1014,7 @@ SOURCES`,
          * @method user
          * @description Generates shell commands for creating a root user and configuring SSH access.
          * This is a critical security step for initial access to the provisioned system.
+         * @memberof UnderpostBaremetal.systemProvisioningFactory.ubuntu
          * @returns {string[]} An array of shell commands.
          */
         user: () => [
@@ -1014,6 +1038,7 @@ SOURCES`,
          * @param {string} params.timezone - The timezone string (e.g., 'America/New_York').
          * @param {string} params.chronyConfPath - The path to the Chrony configuration file.
          * @param {string} [alias='chrony'] - The alias for the chrony service.
+         * @memberof UnderpostBaremetal.systemProvisioningFactory.ubuntu
          * @returns {string[]} An array of shell commands.
          */
         timezone: ({ timezone, chronyConfPath }, alias = 'chrony') => [
@@ -1081,6 +1106,7 @@ logdir /var/log/chrony
          * @method keyboard
          * @description Generates shell commands for configuring the keyboard layout.
          * This ensures correct input behavior on the provisioned system.
+         * @memberof UnderpostBaremetal.systemProvisioningFactory.ubuntu
          * @returns {string[]} An array of shell commands.
          */
         keyboard: () => [
@@ -1099,6 +1125,7 @@ logdir /var/log/chrony
      * This is crucial for allowing baremetal machines to boot via NFS.
      * @param {object} params - The parameters for the function.
      * @param {string} params.nfsHostPath - The path to be exported by the NFS server.
+     * @memberof UnderpostBaremetal
      * @param {string} [params.subnet='192.168.1.0/24'] - The subnet allowed to access the NFS export.
      * @returns {void}
      */
@@ -1169,6 +1196,7 @@ udp-port = 32766
      * @param {string} params.clientIp - The static IP address for the client device.
      * @param {string} params.subnet - The subnet mask for the client device.
      * @param {string} params.gateway - The gateway IP address for the client device.
+     * @memberof UnderpostBaremetal
      * @returns {string} The generated boot configuration content.
      * @throws {Error} If an invalid workflow ID is provided.
      */
@@ -1229,12 +1257,14 @@ GATEWAY=${gateway}`;
      * @property {object} workflowsConfig
      * @description Configuration for different baremetal provisioning workflows.
      * Each workflow defines specific parameters like system provisioning type,
-     * kernel version, Chrony settings, debootstrap image details, and NFS mounts.
+     * kernel version, Chrony settings, debootstrap image details, and NFS mounts.     *
+     * @memberof UnderpostBaremetal
      */
     workflowsConfig: {
       /**
        * @property {object} rpi4mb
        * @description Configuration for the Raspberry Pi 4 Model B workflow.
+       * @memberof UnderpostBaremetal.workflowsConfig
        */
       rpi4mb: {
         menuentryStr: 'UNDERPOST.NET UEFI/GRUB/MAAS RPi4 commissioning (ARM64)',

package/src/cli/cloud-init.js

@@ -1,3 +1,10 @@
+/**
+ * Cloud-init module for managing the generation and deployment of cloud-init configuration files
+ * and associated scripts for baremetal provisioning.
+ * @module src/cli/cloud-init.js
+ * @namespace UnderpostCloudInit
+ */
+
 import dotenv from 'dotenv';
 import { shellExec } from '../server/process.js';
 import fs from 'fs-extra';
@@ -15,6 +22,7 @@ const logger = loggerFactory(import.meta);
  * and associated scripts for baremetal provisioning. This class provides methods
  * to build various shell scripts and a cloud-init configuration file tailored
  * for MAAS (Metal as a Service) integration.
+ * @memberof UnderpostCloudInit
  */
 class UnderpostCloudInit {
   static API = {
@@ -30,6 +38,7 @@ class UnderpostCloudInit {
      * @param {object} params.callbackMetaData - Metadata about the callback, used for dynamic configuration.
      * @param {boolean} params.dev - Development mode flag.
      * @returns {void}
+     * @memberof UnderpostCloudInit
      */
     buildTools({ workflowId, nfsHostPath, hostname, callbackMetaData, dev }) {
       // Destructure workflow configuration for easier access.
@@ -281,6 +290,7 @@ curl -X POST \\
      * @param {object} [authCredentials={}] - Optional MAAS authentication credentials.
      * @param {string} [path='/etc/cloud/cloud.cfg.d/90_maas.cfg'] - The target path for the cloud-init configuration file.
      * @returns {string} The generated cloud-init configuration content.
+     * @memberof UnderpostCloudInit
      */
     configFactory(
       {
@@ -494,6 +504,7 @@ EOF_MAAS_CFG`;
      * This method parses the output of `maas apikey` to extract the consumer key,
      * consumer secret, token key, and token secret.
      * @returns {object} An object containing the MAAS authentication credentials.
+     * @memberof UnderpostCloudInit
      * @throws {Error} If the MAAS API key format is invalid.
      */
     authCredentialsFactory() {

package/src/cli/cluster.js

@@ -410,21 +410,10 @@ EOF
         const successInstance = await UnderpostTest.API.statusMonitor('mongodb-0', 'Running', 'pods', 1000, 60 * 10);
 
         if (successInstance) {
-          if (!options.mongoDbHost) options.mongoDbHost = 'mongodb-service';
+          if (!options.mongoDbHost) options.mongoDbHost = 'mongodb-0.mongodb-service';
           const mongoConfig = {
             _id: 'rs0',
-            members: [
-              {
-                _id: 0,
-                host: `${options.mongoDbHost === 'mongodb-service' ? 'mongodb-0.' : ''}${options.mongoDbHost}:27017`,
-                priority: 1,
-              },
-              // {
-              //   _id: 1,
-              //   host: `${options.mongoDbHost === 'mongodb-service' ? 'mongodb-1.' : ''}${options.mongoDbHost}:27017`,
-              //   priority: 1,
-              // },
-            ],
+            members: options.mongoDbHost.split(',').map((host, index) => ({ _id: index, host: `${host}:27017` })),
           };
 
           shellExec(
@@ -683,17 +672,9 @@ net.ipv4.ip_forward = 1' | sudo tee ${iptableConfPath}`,
       }
     },
 
-    /**
-     * @method getResourcesCapacity
-     * @description Retrieves and returns the allocatable CPU and memory resources
-     * of the Kubernetes node.
-     * @param {boolean} [isKubeadmOrK3s=false] - If true, assumes a kubeadm or k3s-managed node;
-     * otherwise, assumes a Kind worker node.
-     * @returns {object} An object containing CPU and memory resources with values and units.
-     */
-    getResourcesCapacity(isKubeadmOrK3s = false) {
+    getResourcesCapacity(node) {
       const resources = {};
-      const nodeName = isKubeadmOrK3s ? os.hostname() : 'kind-worker';
+      const nodeName = node ?? os.hostname();
       const info = shellExec(`kubectl describe node ${nodeName} | grep -E '(Allocatable:|Capacity:)' -A 6`, {
         stdout: true,
         silent: true,

package/src/cli/cron.js

@@ -64,7 +64,6 @@ class UnderpostCron {
             shellExec(Cmd.cron(deployId, job, name, confCronConfig.jobs[job].expression, options));
           }
         }
-        if (fs.existsSync(`./tmp/await-deploy`)) fs.remove(`./tmp/await-deploy`);
         return;
       }
       for (const _jobId of jobList.split(',')) {