underpost 2.8.876 → 2.8.878

package/.github/workflows/release.cd.yml

@@ -30,9 +30,8 @@ jobs:
             echo "Starting remote release deploy"
             cd /home/dd/engine
             npm install -g underpost
-            underpost config set GITHUB_TOKEN ${{ secrets.GITHUB_TOKEN }}
+            underpost run secret
             node bin run --dev pull
             underpost run secret
             underpost run underpost-config
-            node bin run --dev pull
             underpost run ssh-deploy engine-test

package/README.md

@@ -51,6 +51,10 @@
 
 
 
+
+
+
+
 
 
 
@@ -59,7 +63,7 @@
 <!-- badges -->
 
 
-[![Node.js CI](https://github.com/underpostnet/engine/actions/workflows/docker-image.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/docker-image.yml) [![Test](https://github.com/underpostnet/engine/actions/workflows/coverall.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/coverall.yml) [![Downloads](https://img.shields.io/npm/dm/underpost.svg)](https://www.npmjs.com/package/underpost) [![Socket Badge](https://socket.dev/api/badge/npm/package/underpost/2.8.876)](https://socket.dev/npm/package/underpost/overview/2.8.876) [![Coverage Status](https://coveralls.io/repos/github/underpostnet/engine/badge.svg?branch=master)](https://coveralls.io/github/underpostnet/engine?branch=master) [![Version](https://img.shields.io/npm/v/underpost.svg)](https://www.npmjs.org/package/underpost) [![License](https://img.shields.io/npm/l/underpost.svg)](https://www.npmjs.com/package/underpost)
+[![Node.js CI](https://github.com/underpostnet/engine/actions/workflows/docker-image.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/docker-image.yml) [![Test](https://github.com/underpostnet/engine/actions/workflows/coverall.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/coverall.yml) [![Downloads](https://img.shields.io/npm/dm/underpost.svg)](https://www.npmjs.com/package/underpost) [![Socket Badge](https://socket.dev/api/badge/npm/package/underpost/2.8.878)](https://socket.dev/npm/package/underpost/overview/2.8.878) [![Coverage Status](https://coveralls.io/repos/github/underpostnet/engine/badge.svg?branch=master)](https://coveralls.io/github/underpostnet/engine?branch=master) [![Version](https://img.shields.io/npm/v/underpost.svg)](https://www.npmjs.org/package/underpost) [![License](https://img.shields.io/npm/l/underpost.svg)](https://www.npmjs.com/package/underpost)
 
 
 <!-- end-badges -->
@@ -99,6 +103,10 @@
 
 
 
+
+
+
+
 
 
 
@@ -148,7 +156,7 @@ Run dev client server
 npm run dev
 ```
 <!-- -->
-## underpost ci/cd cli v2.8.876
+## underpost ci/cd cli v2.8.878
 
 ### Usage: `underpost [options] [command]`
   ```

package/cli.md

@@ -1,4 +1,4 @@
-## underpost ci/cd cli v2.8.876
+## underpost ci/cd cli v2.8.878
 
 ### Usage: `underpost [options] [command]`
   ```
@@ -51,6 +51,7 @@ Arguments:
 
 Options:
   --deploy-id  Crete deploy ID conf env files
+  --cluster    Create deploy ID cluster files and sync to current cluster
   --dev        Sets the development cli context
   -h, --help   display help for command
  
@@ -609,6 +610,8 @@ Options:
   --command <command-array>                Array of commands to run.
   --args <args-array>                      Array of arguments to pass to the command.
   --dev                                    Sets the development context environment for the script.
+  --build                                  Set builder context runner
+  --replicas <replicas>                    Sets a custom number of replicas for deployment.
   --pod-name <pod-name>                    Optional: Specifies the pod name for test execution.
   --volume-host-path <volume-host-path>    Optional: Specifies the volume host path for test execution.
   --volume-mount-path <volume-mount-path>  Optional: Specifies the volume mount path for test execution.

package/manifests/deployment/dd-default-development/deployment.yaml

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: dd-default-development-blue
-          image: localhost/rockylinux9-underpost:v2.8.876
+          image: localhost/rockylinux9-underpost:v2.8.878
           #          resources:
           #            requests:
           #              memory: "124Ki"
@@ -100,7 +100,7 @@ spec:
     spec:
       containers:
         - name: dd-default-development-green
-          image: localhost/rockylinux9-underpost:v2.8.876
+          image: localhost/rockylinux9-underpost:v2.8.878
           #          resources:
           #            requests:
           #              memory: "124Ki"

package/manifests/deployment/dd-test-development/deployment.yaml

@@ -17,13 +17,13 @@ spec:
     spec:
       containers:
         - name: dd-test-development-blue
-          image: localhost/rockylinux9-underpost:v2.8.876
+          image: localhost/rockylinux9-underpost:v2.8.878
 #          resources:
 #            requests:
-#              memory: "96294Ki"
+#              memory: "94Ki"
 #              cpu: "75m"
 #            limits:
-#              memory: "1540709Ki"
+#              memory: "1504Ki"
 #              cpu: "1200m"
           command:
             - /bin/sh
@@ -104,13 +104,13 @@ spec:
     spec:
       containers:
         - name: dd-test-development-green
-          image: localhost/rockylinux9-underpost:v2.8.876
+          image: localhost/rockylinux9-underpost:v2.8.878
 #          resources:
 #            requests:
-#              memory: "96294Ki"
+#              memory: "94Ki"
 #              cpu: "75m"
 #            limits:
-#              memory: "1540709Ki"
+#              memory: "1504Ki"
 #              cpu: "1200m"
           command:
             - /bin/sh

package/package.json

@@ -2,7 +2,7 @@
     "type": "module",
     "main": "src/index.js",
     "name": "underpost",
-    "version": "2.8.876",
+    "version": "2.8.878",
     "description": "pwa api rest template",
     "scripts": {
         "start": "env-cmd -f .env.production node --max-old-space-size=8192 src/server",

package/src/api/file/file.controller.js

@@ -20,7 +20,21 @@ const FileController = {
   get: async (req, res, options) => {
     try {
       const result = await FileService.get(req, res, options);
-      if (result instanceof Buffer) return res.status(200).end(result);
+      if (result instanceof Buffer) {
+        if (
+          process.env.NODE_ENV === 'development' ||
+          req.hostname === options.host ||
+          (options.origins && options.origins.find((o) => o.match(req.hostname)))
+        ) {
+          res.set('Cross-Origin-Resource-Policy', 'cross-origin');
+          return res.status(200).end(result);
+        }
+        return res.status(403).json({
+          status: 'error',
+          message: 'Forbidden',
+        });
+      }
+
       return res.status(200).json({
         status: 'success',
         data: result,

package/src/api/user/user.router.js

@@ -48,9 +48,10 @@ const UserRouter = (options) => {
         check: fs.readFileSync(`./src/client/public/default/assets/mailer/api-user-check.png`),
       },
       header: (res) => {
-        res.header('Access-Control-Allow-Origin', '*');
-        res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, Authorization');
-        res.header('Content-Type', 'image/png');
+        res.set('Cross-Origin-Resource-Policy', 'cross-origin');
+        res.set('Access-Control-Allow-Origin', '*');
+        res.set('Access-Control-Allow-Headers', '*');
+        res.set('Content-Type', 'image/png');
       },
     };
 

package/src/cli/deploy.js

@@ -384,7 +384,8 @@ EOF`);
         if (!options.remove === true) {
           if (!options.disableUpdateDeployment) shellExec(`sudo kubectl apply -f ./${manifestsPath}/deployment.yaml`);
           shellExec(`sudo kubectl apply -f ./${manifestsPath}/proxy.yaml`);
-          if (UnderpostDeploy.API.isValidTLSContext({ host, env, options }))
+
+          if (UnderpostDeploy.API.isValidTLSContext({ host: Object.keys(confServer)[0], env, options }))
             shellExec(`sudo kubectl apply -f ./${manifestsPath}/secret.yaml`);
         }
       }

package/src/cli/index.js

@@ -24,6 +24,7 @@ program
   .command('new')
   .argument('<app-name>', 'The name or deploy-id of the application to create.')
   .option('--deploy-id', 'Crete deploy ID conf env files')
+  .option('--cluster', 'Create deploy ID cluster files and sync to current cluster')
   .option('--dev', 'Sets the development cli context')
   .description('Initializes a new Underpost project with a predefined structure.')
   .action(Underpost.repo.new);
@@ -350,6 +351,8 @@ program
   .option('--command <command-array>', 'Array of commands to run.')
   .option('--args <args-array>', 'Array of arguments to pass to the command.')
   .option('--dev', 'Sets the development context environment for the script.')
+  .option('--build', 'Set builder context runner')
+  .option('--replicas <replicas>', 'Sets a custom number of replicas for deployment.')
   .option('--pod-name <pod-name>', 'Optional: Specifies the pod name for test execution.')
   .option('--volume-host-path <volume-host-path>', 'Optional: Specifies the volume host path for test execution.')
   .option('--volume-mount-path <volume-mount-path>', 'Optional: Specifies the volume mount path for test execution.')

package/src/cli/repository.js

@@ -90,7 +90,7 @@ class UnderpostRepository {
       );
     },
 
-    new(repositoryName, options = { dev: false, deployId: false }) {
+    new(repositoryName, options = { dev: false, deployId: false, cluster: false }) {
       return new Promise(async (resolve, reject) => {
         try {
           await logger.setUpInfo();
@@ -99,7 +99,7 @@ class UnderpostRepository {
             return resolve(
               await UnderpostStartUp.API.listenPortController(UnderpostStartUp.API.listenServerFactory(), ':'),
             );
-          if (options.deployId === true) return Config.deployIdFactory(repositoryName);
+          if (options.deployId === true) return Config.deployIdFactory(repositoryName, options);
           const npmRoot = getNpmRootPath();
           const underpostRoot = options?.dev === true ? '.' : `${npmRoot}/underpost`;
           const destFolder = `./${repositoryName}`;
@@ -160,10 +160,18 @@ class UnderpostRepository {
           `Version mismatch: deploy-version:${packageJsonDeploy.version} !== engine-version:${packageJsonEngine.version},
 Prevent build private config repo.`,
         );
-        return { validVersion: false };
+        return {
+          validVersion: false,
+          engineVersion: packageJsonEngine.version,
+          deployVersion: packageJsonDeploy.version,
+        };
       }
       shellExec(`node bin/build ${deployId} conf`);
-      return { validVersion: true };
+      return {
+        validVersion: true,
+        engineVersion: packageJsonEngine.version,
+        deployVersion: packageJsonDeploy.version,
+      };
     },
   };
 }

package/src/cli/run.js

@@ -8,6 +8,7 @@ import { range, setPad, timer } from '../client/components/core/CommonJs.js';
 import UnderpostDeploy from './deploy.js';
 import UnderpostRootEnv from './env.js';
 import UnderpostRepository from './repository.js';
+import os from 'os';
 
 const logger = loggerFactory(import.meta);
 
@@ -20,6 +21,8 @@ class UnderpostRun {
     imageName: '',
     containerName: '',
     namespace: '',
+    build: false,
+    replicas: 1,
   };
   static RUNNERS = {
     'spark-template': (path, options = UnderpostRun.DEFAULT_OPTION) => {
@@ -104,6 +107,8 @@ class UnderpostRun {
     },
     'template-deploy': (path, options = UnderpostRun.DEFAULT_OPTION) => {
       const baseCommand = options.dev || true ? 'node bin' : 'underpost';
+      shellExec(`${baseCommand} run clean`);
+      shellExec(`${baseCommand} push ./engine-private ${process.env.GITHUB_USERNAME}/engine-private`);
       shellCd('/home/dd/engine');
       shellExec(`git reset`);
       shellExec(`${baseCommand} cmt . --empty ci package-pwa-microservices-template`);
@@ -154,17 +159,21 @@ class UnderpostRun {
       const env = options.dev ? 'development' : 'production';
       const baseCommand = options.dev || true ? 'node bin' : 'underpost';
       shellExec(`${baseCommand} run clean`);
-      const defaultPaht = ['dd', 1, ``, 'kind-control-plane'];
-      let [deployId, replicas, image, node] = path ? path.split(',') : defaultPaht;
-      deployId = deployId ?? defaultPaht[0];
-      replicas = replicas ?? defaultPaht[1];
-      image = image ?? defaultPaht[2];
-      node = node ?? defaultPaht[3];
+      const defaultPath = ['dd-default', 1, ``, ``, 'kind-control-plane'];
+      let [deployId, replicas, versions, image, node] = path ? path.split(',') : defaultPath;
+      deployId = deployId ?? defaultPath[0];
+      replicas = replicas ?? defaultPath[1];
+      versions = versions ?? defaultPath[2];
+      image = image ?? defaultPath[3];
+      node = node ?? defaultPath[4];
       shellExec(
         `${baseCommand} deploy --kubeadm --build-manifest --sync --info-router --replicas ${
           replicas ?? 1
-        } --node ${node}${image ? ` --image ${image}` : ''} ${deployId} ${env}`,
+        } --node ${node}${image ? ` --image ${image}` : ''}${
+          versions ? ` --versions ${versions.replaceAll('+', ',')}` : ''
+        } dd ${env}`,
       );
+      if (!options.build) shellExec(`${baseCommand} deploy --kubeadm ${deployId} ${env}`);
     },
     'ls-deployments': async (path, options = UnderpostRun.DEFAULT_OPTION) => {
       console.table(await UnderpostDeploy.API.get(path, 'deployments'));
@@ -303,13 +312,21 @@ class UnderpostRun {
     },
     deploy: async (path, options = UnderpostRun.DEFAULT_OPTION) => {
       const deployId = path;
-      const { validVersion } = UnderpostRepository.API.privateConfUpdate(deployId);
+      const { validVersion, deployVersion } = UnderpostRepository.API.privateConfUpdate(deployId);
       if (!validVersion) throw new Error('Version mismatch');
       const currentTraffic = UnderpostDeploy.API.getCurrentTraffic(deployId);
       const targetTraffic = currentTraffic === 'blue' ? 'green' : 'blue';
       const env = 'production';
       const ignorePods = UnderpostDeploy.API.get(`${deployId}-${env}-${targetTraffic}`).map((p) => p.NAME);
-      shellExec(`sudo kubectl rollout restart deployment/${deployId}-${env}-${targetTraffic}`);
+
+      if (options.build === true) {
+        // deployId, replicas, versions, image, node
+        shellExec(
+          `node bin run sync ${deployId},${options.replicas ?? 1},${targetTraffic},${
+            options.imageName ?? `localhost/rockylinux9-underpost:${deployVersion}`
+          },${os.hostname()}`,
+        );
+      } else shellExec(`sudo kubectl rollout restart deployment/${deployId}-${env}-${targetTraffic}`);
 
       let checkStatusIteration = 0;
       const checkStatusIterationMsDelay = 1000;

package/src/client/Default.index.js

@@ -17,10 +17,6 @@ import { SocketIoDefault } from './components/default/SocketIoDefault.js';
 import { ElementsDefault } from './components/default/ElementsDefault.js';
 import { CssDefaultDark, CssDefaultLight } from './components/default/CssDefault.js';
 
-const htmlMainBody = async () => {
-  return html`<span>Hello World!!</span>`;
-};
-
 window.onload = () =>
   Worker.instance({
     router: RouterDefault,
@@ -29,7 +25,7 @@ window.onload = () =>
       await TranslateCore.Init();
       await TranslateDefault.Init();
       await Responsive.Init();
-      await MenuDefault.Render({ htmlMainBody });
+      await MenuDefault.Render();
       await SocketIo.Init({
         channels: ElementsDefault.Data,
         path: `/`,

package/src/client/components/core/Auth.js

@@ -4,7 +4,6 @@ import { loggerFactory } from './Logger.js';
 import { LogIn } from './LogIn.js';
 import { LogOut } from './LogOut.js';
 import { NotificationManager } from './NotificationManager.js';
-import { SignUp } from './SignUp.js';
 import { Translate } from './Translate.js';
 import { s } from './VanillaJs.js';
 

package/src/client/components/core/Content.js

@@ -137,11 +137,7 @@ const Content = {
       case 'svg':
       case 'gif':
       case 'png': {
-        const url = options.url
-          ? options.url
-          : file._id
-          ? getApiBaseUrl({ id: file._id, endpoint: 'file/blob' })
-          : URL.createObjectURL(getBlobFromUint8ArrayFile(file.data.data, file.mimetype));
+        const url = Content.urlFactory(options);
         const imgRender = html`<img
           class="in ${options.class}"
           ${styleFactory(options.style, `${renderChessPattern(50)}`)}
@@ -151,11 +147,7 @@ const Content = {
         break;
       }
       case 'pdf': {
-        const url = options.url
-          ? options.url
-          : file._id
-          ? getApiBaseUrl({ id: file._id, endpoint: 'file/blob' })
-          : URL.createObjectURL(getBlobFromUint8ArrayFile(file.data.data, file.mimetype));
+        const url = Content.urlFactory(options);
         render += html`<iframe
           class="in ${options.class} iframe-${options.idModal}"
           ${styleFactory(options.style)}
@@ -189,6 +181,15 @@ const Content = {
     if (options.raw) return render;
     append(container, render);
   },
+  urlFactory: function (options) {
+    return options.url
+      ? options.url
+      : options.file?.data?.data
+      ? URL.createObjectURL(getBlobFromUint8ArrayFile(options.file.data.data, options.file.mimetype))
+      : options.file._id
+      ? getApiBaseUrl({ id: options.file._id, endpoint: 'file/blob' })
+      : null;
+  },
 };
 
 export { Content };

package/src/client/services/core/core.service.js

@@ -35,8 +35,6 @@ const getWsBaseUrl = (options = { id: '', endpoint: '', wsBasePath: '' }) =>
 const headersFactory = (headerId = '') => {
   const headers = {
     Authorization: Auth.getJWT(),
-    withCredentials: true,
-    credentials: 'include', // no cors: 'same-origin'
   };
   switch (headerId) {
     case 'file':
@@ -71,29 +69,12 @@ const CoreService = {
           return reject(error);
         }),
     ),
-  getRandomImage: (options = { category: ['city'], mimetype: 'image/jpg' }) => {
-    const src = `https://api.api-ninjas.com/v1/randomimage?category=${options.category[0]}`;
-    return new Promise((resolve) => {
-      fetch(src, {
-        headers: { 'X-Api-Key': 'FyITmcxRXkCaUehbX6K0/g==uxZcFKL0dZUUg48G', Accept: options.mimetype },
-      })
-        .then((res) => res.blob())
-        .then(async (blob) => {
-          return resolve({
-            file: {
-              mimetype: 'image/jpg',
-              name: 'image.jpg',
-            },
-            url: URL.createObjectURL(blob),
-          });
-        });
-    });
-  },
   post: (options = { id: '', body: {} }) =>
     new Promise((resolve, reject) =>
       fetch(getApiBaseUrl({ id: options.id, endpoint }), {
         method: 'POST',
         headers: headersFactory(),
+        credentials: 'include',
         body: payloadFactory(options.body),
       })
         .then(async (res) => {
@@ -113,6 +94,7 @@ const CoreService = {
       fetch(getApiBaseUrl({ id: options.id, endpoint }), {
         method: 'PUT',
         headers: headersFactory(),
+        credentials: 'include',
         body: payloadFactory(options.body),
       })
         .then(async (res) => {
@@ -132,6 +114,7 @@ const CoreService = {
       fetch(getApiBaseUrl({ id: options.id, endpoint }), {
         method: 'GET',
         headers: headersFactory(),
+        credentials: 'include',
       })
         .then(async (res) => {
           return await res.json();
@@ -150,6 +133,7 @@ const CoreService = {
       fetch(getApiBaseUrl({ id: options.id, endpoint }), {
         method: 'DELETE',
         headers: headersFactory(),
+        credentials: 'include',
         body: payloadFactory(options.body),
       })
         .then(async (res) => {

package/src/client/services/default/default.service.js

@@ -14,6 +14,7 @@ const DefaultService = {
       fetch(getApiBaseUrl({ id: options.id, endpoint }), {
         method: 'POST',
         headers: headersFactory(),
+        credentials: 'include',
         body: payloadFactory(options.body),
       })
         .then(async (res) => {
@@ -33,6 +34,7 @@ const DefaultService = {
       fetch(getApiBaseUrl({ id: options.id, endpoint }), {
         method: 'PUT',
         headers: headersFactory(),
+        credentials: 'include',
         body: payloadFactory(options.body),
       })
         .then(async (res) => {
@@ -56,6 +58,7 @@ const DefaultService = {
       fetch(url.toString(), {
         method: 'GET',
         headers: headersFactory(),
+        credentials: 'include',
       })
         .then(async (res) => {
           return await res.json();
@@ -75,6 +78,7 @@ const DefaultService = {
       fetch(getApiBaseUrl({ id: options.id, endpoint }), {
         method: 'DELETE',
         headers: headersFactory(),
+        credentials: 'include',
         body: payloadFactory(options.body),
       })
         .then(async (res) => {

package/src/client/services/test/test.service.js

@@ -14,6 +14,7 @@ const TestService = {
       fetch(getApiBaseUrl({ id: options.id, endpoint }), {
         method: 'POST',
         headers: headersFactory(),
+        credentials: 'include',
         body: payloadFactory(options.body),
       })
         .then(async (res) => {
@@ -33,6 +34,7 @@ const TestService = {
       fetch(getApiBaseUrl({ id: options.id, endpoint }), {
         method: 'GET',
         headers: headersFactory(),
+        credentials: 'include',
       })
         .then(async (res) => {
           return await res.json();
@@ -51,6 +53,7 @@ const TestService = {
       fetch(getApiBaseUrl({ id: options.id, endpoint }), {
         method: 'DELETE',
         headers: headersFactory(),
+        credentials: 'include',
         body: payloadFactory(options.body),
       })
         .then(async (res) => {

package/src/client/services/user/user.service.js

@@ -22,6 +22,7 @@ const UserService = {
       fetch(getApiBaseUrl({ id: options.id, endpoint }), {
         method: 'POST',
         headers: headersFactory(),
+        credentials: 'include',
         body: payloadFactory(options.body),
       })
         .then(async (res) => {
@@ -47,6 +48,7 @@ const UserService = {
       fetch(url, {
         method: 'GET',
         headers: headersFactory(),
+        credentials: 'include',
       })
         .then(async (res) => {
           return await res.json();
@@ -66,6 +68,7 @@ const UserService = {
       fetch(getApiBaseUrl({ id: options.id, endpoint }), {
         method: 'DELETE',
         headers: headersFactory(),
+        credentials: 'include',
         body: payloadFactory(options.body),
       })
         .then(async (res) => {
@@ -85,6 +88,7 @@ const UserService = {
       fetch(getApiBaseUrl({ id: options.id, endpoint }), {
         method: 'PUT',
         headers: headersFactory(options.headerId),
+        credentials: 'include',
         body: payloadFactory(options.body),
       })
         .then(async (res) => {

package/src/index.js

@@ -35,7 +35,7 @@ class Underpost {
    * @type {String}
    * @memberof Underpost
    */
-  static version = 'v2.8.876';
+  static version = 'v2.8.878';
   /**
    * Repository cli API
    * @static

package/src/server/auth.js

@@ -523,6 +523,7 @@ function applySecurity(app, opts = {}) {
 
   // Content-Security-Policy: include nonce from res.locals
   // Note: We avoid 'unsafe-inline' on script/style. Use nonces or hashes.
+  const httpDirective = process.env.NODE_ENV === 'production' ? 'https:' : 'http:';
   app.use(
     helmet.contentSecurityPolicy({
       useDefaults: true,
@@ -530,16 +531,16 @@ function applySecurity(app, opts = {}) {
         defaultSrc: ["'self'"],
         baseUri: ["'self'"],
         blockAllMixedContent: [],
-        fontSrc: ["'self'", 'https:', 'data:'],
+        fontSrc: ["'self'", httpDirective, 'data:'],
         frameAncestors: frameAncestors,
-        imgSrc: ["'self'", 'data:', 'https:'],
+        imgSrc: ["'self'", 'data:', httpDirective],
         objectSrc: ["'none'"],
         // script-src and script-src-elem include dynamic nonce
         scriptSrc: ["'self'", (req, res) => `'nonce-${res.locals.nonce}'`],
         scriptSrcElem: ["'self'", (req, res) => `'nonce-${res.locals.nonce}'`],
         // style-src: avoid 'unsafe-inline' when possible; if you must inline styles,
         // use a nonce for them too (or hash).
-        styleSrc: ["'self'", 'https:', (req, res) => `'nonce-${res.locals.nonce}'`],
+        styleSrc: ["'self'", httpDirective, (req, res) => `'nonce-${res.locals.nonce}'`],
         // deny plugins
         objectSrc: ["'none'"],
       },
@@ -552,7 +553,7 @@ function applySecurity(app, opts = {}) {
       origin: origin || false,
       methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],
       credentials: true,
-      allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With', 'Accept', 'withcredentials'],
+      allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With', 'Accept', 'withcredentials', 'credentials'],
       maxAge: 600,
     }),
   );

package/src/server/conf.js

@@ -33,12 +33,13 @@ const Config = {
     else if (deployContext.startsWith('dd-')) return loadConf(deployContext, process.env.NODE_ENV, subConf);
     if (deployContext === 'proxy') Config.buildProxy(deployContext, deployList, subConf);
   },
-  deployIdFactory: function (deployId = 'dd-default') {
+  deployIdFactory: function (deployId = 'dd-default', options = { cluster: false }) {
     if (!deployId.startsWith('dd-')) deployId = `dd-${deployId}`;
 
     logger.info('Build deployId', deployId);
 
     const folder = `./engine-private/conf/${deployId}`;
+    const repoName = `engine-${deployId.split('dd-')[1]}`;
 
     if (!fs.existsSync(folder)) fs.mkdirSync(folder, { recursive: true });
     fs.writeFileSync(
@@ -56,10 +57,44 @@ const Config = {
       fs.readFileSync('./.env.test', 'utf8').replaceAll('dd-default', deployId),
       'utf8',
     );
-    fs.writeFileSync(`${folder}/package.json`, fs.readFileSync('./package.json', 'utf8'), 'utf8');
+    fs.writeFileSync(
+      `${folder}/package.json`,
+      fs.readFileSync('./package.json', 'utf8').replaceAll('dd-default', deployId),
+      'utf8',
+    );
 
     this.buildTmpConf(folder);
 
+    if (options.cluster === true) {
+      fs.writeFileSync(
+        `./.github/workflows/${repoName}.cd.yml`,
+        fs.readFileSync(`./.github/workflows/engine-test.cd.yml`, 'utf8').replaceAll('test', deployId.split('dd-')[1]),
+        'utf8',
+      );
+      fs.writeFileSync(
+        `./.github/workflows/${repoName}.ci.yml`,
+        fs.readFileSync(`./.github/workflows/engine-test.ci.yml`, 'utf8').replaceAll('test', deployId.split('dd-')[1]),
+        'utf8',
+      );
+      shellExec(`node bin/deploy update-default-conf ${deployId}`);
+      fs.writeFileSync(
+        `./engine-private/deploy/dd.router`,
+        fs.readFileSync(`./engine-private/deploy/dd.router`, 'utf8').trim() + `,${deployId}`,
+        'utf8',
+      );
+      const updateRepo = (stage = 1) => {
+        shellExec(`git add . && git commit -m "Add base deployId ${deployId} cluster files stage:${stage}"`);
+        shellExec(
+          `cd engine-private && git add . && git commit -m "Add base deployId ${deployId} cluster files stage:${stage}"`,
+        );
+      };
+      updateRepo(1);
+      shellExec(`node bin run --build --dev sync`);
+      updateRepo(2);
+      shellExec(`node bin run --build sync`);
+      updateRepo(3);
+    }
+
     return { deployIdFolder: folder, deployId };
   },
   buildTmpConf: function (folder = './conf') {

package/src/server/runtime.js

@@ -63,6 +63,7 @@ const buildRuntime = async () => {
         singleReplica,
         replicas,
         valkey,
+        apiBaseHost,
       } = confServer[host][path];
 
       const { redirectTarget, singleReplicaHost } = await getInstanceContext({
@@ -116,9 +117,6 @@ const buildRuntime = async () => {
           // set logger
           app.use(loggerMiddleware(import.meta));
 
-          // instance public static
-          app.use('/', express.static(directory ? directory : `.${rootHostPath}`));
-
           // js src compression
           app.use(compression({ filter: shouldCompress }));
           function shouldCompress(req, res) {
@@ -163,6 +161,9 @@ const buildRuntime = async () => {
             return next();
           });
 
+          // instance public static
+          app.use('/', express.static(directory ? directory : `.${rootHostPath}`));
+
           // security
           applySecurity(app, {
             origin: origins.concat(
@@ -188,99 +189,104 @@ const buildRuntime = async () => {
             await UnderpostStartUp.API.listenPortController(app, port, runningData);
             break;
           }
+          // instance server
+          const server = createServer({}, app);
+          if (peer) currentPort++;
 
-          const swaggerJsonPath = `./public/${host}${path === '/' ? path : `${path}/`}swagger-output.json`;
-          if (fs.existsSync(swaggerJsonPath)) {
-            // logger.info('Build swagger serve', swaggerJsonPath);
+          if (!apiBaseHost) {
+            const swaggerJsonPath = `./public/${host}${path === '/' ? path : `${path}/`}swagger-output.json`;
+            if (fs.existsSync(swaggerJsonPath)) {
+              // logger.info('Build swagger serve', swaggerJsonPath);
 
-            const swaggerInstance =
-              (swaggerDoc) =>
-              (...args) =>
-                swaggerUi.setup(swaggerDoc)(...args);
+              const swaggerInstance =
+                (swaggerDoc) =>
+                (...args) =>
+                  swaggerUi.setup(swaggerDoc)(...args);
 
-            const swaggerDoc = JSON.parse(fs.readFileSync(swaggerJsonPath, 'utf8'));
+              const swaggerDoc = JSON.parse(fs.readFileSync(swaggerJsonPath, 'utf8'));
 
-            app.use(`${path === '/' ? `/api-docs` : `${path}/api-docs`}`, swaggerUi.serve, swaggerInstance(swaggerDoc));
-          }
+              app.use(
+                `${path === '/' ? `/api-docs` : `${path}/api-docs`}`,
+                swaggerUi.serve,
+                swaggerInstance(swaggerDoc),
+              );
+            }
 
-          if (db && apis) await DataBaseProvider.load({ apis, host, path, db });
+            if (db && apis) await DataBaseProvider.load({ apis, host, path, db });
 
-          // valkey server
-          if (valkey) await createValkeyConnection({ host, path }, valkey);
+            // valkey server
+            if (valkey) await createValkeyConnection({ host, path }, valkey);
 
-          if (mailer) {
-            const mailerSsrConf = confSSR[getCapVariableName(client)];
-            await MailerProvider.load({
-              id: `${host}${path}`,
-              meta: `mailer-${host}${path}`,
-              host,
-              path,
-              ...mailer,
-              templates: mailerSsrConf ? mailerSsrConf.mailer : {},
-            });
-          }
-          if (apis) {
-            const authMiddleware = authMiddlewareFactory({ host, path });
+            if (mailer) {
+              const mailerSsrConf = confSSR[getCapVariableName(client)];
+              await MailerProvider.load({
+                id: `${host}${path}`,
+                meta: `mailer-${host}${path}`,
+                host,
+                path,
+                ...mailer,
+                templates: mailerSsrConf ? mailerSsrConf.mailer : {},
+              });
+            }
+            if (apis) {
+              const authMiddleware = authMiddlewareFactory({ host, path });
+
+              const apiPath = `${path === '/' ? '' : path}/${process.env.BASE_API}`;
+              for (const api of apis)
+                await (async () => {
+                  const { ApiRouter } = await import(`../api/${api}/${api}.router.js`);
+                  const router = ApiRouter({ host, path, apiPath, mailer, db, authMiddleware, origins });
+                  // router.use(cors({ origin: origins }));
+                  // logger.info('Load api router', { host, path: apiPath, api });
+                  app.use(`${apiPath}/${api}`, router);
+                })();
+            }
 
-            const apiPath = `${path === '/' ? '' : path}/${process.env.BASE_API}`;
-            for (const api of apis)
+            if (ws)
               await (async () => {
-                const { ApiRouter } = await import(`../api/${api}/${api}.router.js`);
-                const router = ApiRouter({ host, path, apiPath, mailer, db, authMiddleware });
-                // router.use(cors({ origin: origins }));
-                // logger.info('Load api router', { host, path: apiPath, api });
-                app.use(`${apiPath}/${api}`, router);
+                const { createIoServer } = await import(`../ws/${ws}/${ws}.ws.server.js`);
+                // logger.info('Load socket.io ws router', { host, ws });
+                // start socket.io
+                const { options, meta } = await createIoServer(server, {
+                  host,
+                  path,
+                  db,
+                  port,
+                  origins,
+                });
+                await UnderpostStartUp.API.listenPortController(UnderpostStartUp.API.listenServerFactory(), port, {
+                  runtime: 'nodejs',
+                  client: null,
+                  host,
+                  path: options.path,
+                  meta,
+                });
               })();
-          }
 
-          // load ssr
-          const ssr = await ssrMiddlewareFactory({ app, directory, rootHostPath, path });
-          for (const [_, ssrMiddleware] of Object.entries(ssr)) app.use(ssrMiddleware);
-
-          // instance server
-          const server = createServer({}, app);
-
-          if (ws)
-            await (async () => {
-              const { createIoServer } = await import(`../ws/${ws}/${ws}.ws.server.js`);
-              // logger.info('Load socket.io ws router', { host, ws });
-              // start socket.io
-              const { options, meta } = await createIoServer(server, {
+            if (peer) {
+              const peerPort = newInstance(currentPort);
+              const { options, meta, peerServer } = await createPeerServer({
+                port: peerPort,
+                devPort: port,
+                origins,
                 host,
                 path,
-                db,
-                port,
-                origins,
               });
-              await UnderpostStartUp.API.listenPortController(UnderpostStartUp.API.listenServerFactory(), port, {
+
+              await UnderpostStartUp.API.listenPortController(peerServer, peerPort, {
                 runtime: 'nodejs',
                 client: null,
                 host,
                 path: options.path,
                 meta,
               });
-            })();
-
-          if (peer) {
-            currentPort++;
-            const peerPort = newInstance(currentPort);
-            const { options, meta, peerServer } = await createPeerServer({
-              port: peerPort,
-              devPort: port,
-              origins,
-              host,
-              path,
-            });
-
-            await UnderpostStartUp.API.listenPortController(peerServer, peerPort, {
-              runtime: 'nodejs',
-              client: null,
-              host,
-              path: options.path,
-              meta,
-            });
+            }
           }
 
+          // load ssr
+          const ssr = await ssrMiddlewareFactory({ app, directory, rootHostPath, path });
+          for (const [_, ssrMiddleware] of Object.entries(ssr)) app.use(ssrMiddleware);
+
           await UnderpostStartUp.API.listenPortController(server, port, runningData);
 
           break;