underpost 2.8.877 → 2.8.878

package/.github/workflows/release.cd.yml

@@ -30,9 +30,8 @@ jobs:
             echo "Starting remote release deploy"
             cd /home/dd/engine
             npm install -g underpost
-            underpost config set GITHUB_TOKEN ${{ secrets.GITHUB_TOKEN }}
+            underpost run secret
             node bin run --dev pull
             underpost run secret
             underpost run underpost-config
-            node bin run --dev pull
             underpost run ssh-deploy engine-test

package/README.md

@@ -55,13 +55,15 @@
 
 
 
+
+
 
 
 
 <!-- badges -->
 
 
-[![Node.js CI](https://github.com/underpostnet/engine/actions/workflows/docker-image.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/docker-image.yml) [![Test](https://github.com/underpostnet/engine/actions/workflows/coverall.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/coverall.yml) [![Downloads](https://img.shields.io/npm/dm/underpost.svg)](https://www.npmjs.com/package/underpost) [![Socket Badge](https://socket.dev/api/badge/npm/package/underpost/2.8.877)](https://socket.dev/npm/package/underpost/overview/2.8.877) [![Coverage Status](https://coveralls.io/repos/github/underpostnet/engine/badge.svg?branch=master)](https://coveralls.io/github/underpostnet/engine?branch=master) [![Version](https://img.shields.io/npm/v/underpost.svg)](https://www.npmjs.org/package/underpost) [![License](https://img.shields.io/npm/l/underpost.svg)](https://www.npmjs.com/package/underpost)
+[![Node.js CI](https://github.com/underpostnet/engine/actions/workflows/docker-image.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/docker-image.yml) [![Test](https://github.com/underpostnet/engine/actions/workflows/coverall.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/coverall.yml) [![Downloads](https://img.shields.io/npm/dm/underpost.svg)](https://www.npmjs.com/package/underpost) [![Socket Badge](https://socket.dev/api/badge/npm/package/underpost/2.8.878)](https://socket.dev/npm/package/underpost/overview/2.8.878) [![Coverage Status](https://coveralls.io/repos/github/underpostnet/engine/badge.svg?branch=master)](https://coveralls.io/github/underpostnet/engine?branch=master) [![Version](https://img.shields.io/npm/v/underpost.svg)](https://www.npmjs.org/package/underpost) [![License](https://img.shields.io/npm/l/underpost.svg)](https://www.npmjs.com/package/underpost)
 
 
 <!-- end-badges -->
@@ -105,6 +107,8 @@
 
 
 
+
+
 
 
 
@@ -152,7 +156,7 @@ Run dev client server
 npm run dev
 ```
 <!-- -->
-## underpost ci/cd cli v2.8.877
+## underpost ci/cd cli v2.8.878
 
 ### Usage: `underpost [options] [command]`
   ```

package/cli.md

@@ -1,4 +1,4 @@
-## underpost ci/cd cli v2.8.877
+## underpost ci/cd cli v2.8.878
 
 ### Usage: `underpost [options] [command]`
   ```
@@ -51,6 +51,7 @@ Arguments:
 
 Options:
   --deploy-id  Crete deploy ID conf env files
+  --cluster    Create deploy ID cluster files and sync to current cluster
   --dev        Sets the development cli context
   -h, --help   display help for command
  

package/manifests/deployment/dd-default-development/deployment.yaml

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: dd-default-development-blue
-          image: localhost/rockylinux9-underpost:v2.8.877
+          image: localhost/rockylinux9-underpost:v2.8.878
           #          resources:
           #            requests:
           #              memory: "124Ki"
@@ -100,7 +100,7 @@ spec:
     spec:
       containers:
         - name: dd-default-development-green
-          image: localhost/rockylinux9-underpost:v2.8.877
+          image: localhost/rockylinux9-underpost:v2.8.878
           #          resources:
           #            requests:
           #              memory: "124Ki"

package/manifests/deployment/dd-test-development/deployment.yaml

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: dd-test-development-blue
-          image: localhost/rockylinux9-underpost:v2.8.877
+          image: localhost/rockylinux9-underpost:v2.8.878
 #          resources:
 #            requests:
 #              memory: "94Ki"
@@ -104,7 +104,7 @@ spec:
     spec:
       containers:
         - name: dd-test-development-green
-          image: localhost/rockylinux9-underpost:v2.8.877
+          image: localhost/rockylinux9-underpost:v2.8.878
 #          resources:
 #            requests:
 #              memory: "94Ki"

package/package.json

@@ -2,7 +2,7 @@
     "type": "module",
     "main": "src/index.js",
     "name": "underpost",
-    "version": "2.8.877",
+    "version": "2.8.878",
     "description": "pwa api rest template",
     "scripts": {
         "start": "env-cmd -f .env.production node --max-old-space-size=8192 src/server",

package/src/api/file/file.controller.js

@@ -20,7 +20,21 @@ const FileController = {
   get: async (req, res, options) => {
     try {
       const result = await FileService.get(req, res, options);
-      if (result instanceof Buffer) return res.status(200).end(result);
+      if (result instanceof Buffer) {
+        if (
+          process.env.NODE_ENV === 'development' ||
+          req.hostname === options.host ||
+          (options.origins && options.origins.find((o) => o.match(req.hostname)))
+        ) {
+          res.set('Cross-Origin-Resource-Policy', 'cross-origin');
+          return res.status(200).end(result);
+        }
+        return res.status(403).json({
+          status: 'error',
+          message: 'Forbidden',
+        });
+      }
+
       return res.status(200).json({
         status: 'success',
         data: result,

package/src/api/user/user.router.js

@@ -48,9 +48,10 @@ const UserRouter = (options) => {
         check: fs.readFileSync(`./src/client/public/default/assets/mailer/api-user-check.png`),
       },
       header: (res) => {
-        res.header('Access-Control-Allow-Origin', '*');
-        res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, Authorization');
-        res.header('Content-Type', 'image/png');
+        res.set('Cross-Origin-Resource-Policy', 'cross-origin');
+        res.set('Access-Control-Allow-Origin', '*');
+        res.set('Access-Control-Allow-Headers', '*');
+        res.set('Content-Type', 'image/png');
       },
     };
 

package/src/cli/index.js

@@ -24,6 +24,7 @@ program
   .command('new')
   .argument('<app-name>', 'The name or deploy-id of the application to create.')
   .option('--deploy-id', 'Crete deploy ID conf env files')
+  .option('--cluster', 'Create deploy ID cluster files and sync to current cluster')
   .option('--dev', 'Sets the development cli context')
   .description('Initializes a new Underpost project with a predefined structure.')
   .action(Underpost.repo.new);

package/src/cli/repository.js

@@ -90,7 +90,7 @@ class UnderpostRepository {
       );
     },
 
-    new(repositoryName, options = { dev: false, deployId: false }) {
+    new(repositoryName, options = { dev: false, deployId: false, cluster: false }) {
       return new Promise(async (resolve, reject) => {
         try {
           await logger.setUpInfo();
@@ -99,7 +99,7 @@ class UnderpostRepository {
             return resolve(
               await UnderpostStartUp.API.listenPortController(UnderpostStartUp.API.listenServerFactory(), ':'),
             );
-          if (options.deployId === true) return Config.deployIdFactory(repositoryName);
+          if (options.deployId === true) return Config.deployIdFactory(repositoryName, options);
           const npmRoot = getNpmRootPath();
           const underpostRoot = options?.dev === true ? '.' : `${npmRoot}/underpost`;
           const destFolder = `./${repositoryName}`;

package/src/cli/run.js

@@ -107,6 +107,8 @@ class UnderpostRun {
     },
     'template-deploy': (path, options = UnderpostRun.DEFAULT_OPTION) => {
       const baseCommand = options.dev || true ? 'node bin' : 'underpost';
+      shellExec(`${baseCommand} run clean`);
+      shellExec(`${baseCommand} push ./engine-private ${process.env.GITHUB_USERNAME}/engine-private`);
       shellCd('/home/dd/engine');
       shellExec(`git reset`);
       shellExec(`${baseCommand} cmt . --empty ci package-pwa-microservices-template`);

package/src/client/Default.index.js

@@ -17,10 +17,6 @@ import { SocketIoDefault } from './components/default/SocketIoDefault.js';
 import { ElementsDefault } from './components/default/ElementsDefault.js';
 import { CssDefaultDark, CssDefaultLight } from './components/default/CssDefault.js';
 
-const htmlMainBody = async () => {
-  return html`<span>Hello World!!</span>`;
-};
-
 window.onload = () =>
   Worker.instance({
     router: RouterDefault,
@@ -29,7 +25,7 @@ window.onload = () =>
       await TranslateCore.Init();
       await TranslateDefault.Init();
       await Responsive.Init();
-      await MenuDefault.Render({ htmlMainBody });
+      await MenuDefault.Render();
       await SocketIo.Init({
         channels: ElementsDefault.Data,
         path: `/`,

package/src/client/components/core/Content.js

@@ -137,11 +137,7 @@ const Content = {
       case 'svg':
       case 'gif':
       case 'png': {
-        const url = options.url
-          ? options.url
-          : file._id
-          ? getApiBaseUrl({ id: file._id, endpoint: 'file/blob' })
-          : URL.createObjectURL(getBlobFromUint8ArrayFile(file.data.data, file.mimetype));
+        const url = Content.urlFactory(options);
         const imgRender = html`<img
           class="in ${options.class}"
           ${styleFactory(options.style, `${renderChessPattern(50)}`)}
@@ -151,11 +147,7 @@ const Content = {
         break;
       }
       case 'pdf': {
-        const url = options.url
-          ? options.url
-          : file._id
-          ? getApiBaseUrl({ id: file._id, endpoint: 'file/blob' })
-          : URL.createObjectURL(getBlobFromUint8ArrayFile(file.data.data, file.mimetype));
+        const url = Content.urlFactory(options);
         render += html`<iframe
           class="in ${options.class} iframe-${options.idModal}"
           ${styleFactory(options.style)}
@@ -189,6 +181,15 @@ const Content = {
     if (options.raw) return render;
     append(container, render);
   },
+  urlFactory: function (options) {
+    return options.url
+      ? options.url
+      : options.file?.data?.data
+      ? URL.createObjectURL(getBlobFromUint8ArrayFile(options.file.data.data, options.file.mimetype))
+      : options.file._id
+      ? getApiBaseUrl({ id: options.file._id, endpoint: 'file/blob' })
+      : null;
+  },
 };
 
 export { Content };

package/src/client/services/user/user.service.js

@@ -88,6 +88,7 @@ const UserService = {
       fetch(getApiBaseUrl({ id: options.id, endpoint }), {
         method: 'PUT',
         headers: headersFactory(options.headerId),
+        credentials: 'include',
         body: payloadFactory(options.body),
       })
         .then(async (res) => {

package/src/index.js

@@ -35,7 +35,7 @@ class Underpost {
    * @type {String}
    * @memberof Underpost
    */
-  static version = 'v2.8.877';
+  static version = 'v2.8.878';
   /**
    * Repository cli API
    * @static

package/src/server/auth.js

@@ -523,6 +523,7 @@ function applySecurity(app, opts = {}) {
 
   // Content-Security-Policy: include nonce from res.locals
   // Note: We avoid 'unsafe-inline' on script/style. Use nonces or hashes.
+  const httpDirective = process.env.NODE_ENV === 'production' ? 'https:' : 'http:';
   app.use(
     helmet.contentSecurityPolicy({
       useDefaults: true,
@@ -530,16 +531,16 @@ function applySecurity(app, opts = {}) {
         defaultSrc: ["'self'"],
         baseUri: ["'self'"],
         blockAllMixedContent: [],
-        fontSrc: ["'self'", 'https:', 'data:'],
+        fontSrc: ["'self'", httpDirective, 'data:'],
         frameAncestors: frameAncestors,
-        imgSrc: ["'self'", 'data:', 'https:'],
+        imgSrc: ["'self'", 'data:', httpDirective],
         objectSrc: ["'none'"],
         // script-src and script-src-elem include dynamic nonce
         scriptSrc: ["'self'", (req, res) => `'nonce-${res.locals.nonce}'`],
         scriptSrcElem: ["'self'", (req, res) => `'nonce-${res.locals.nonce}'`],
         // style-src: avoid 'unsafe-inline' when possible; if you must inline styles,
         // use a nonce for them too (or hash).
-        styleSrc: ["'self'", 'https:', (req, res) => `'nonce-${res.locals.nonce}'`],
+        styleSrc: ["'self'", httpDirective, (req, res) => `'nonce-${res.locals.nonce}'`],
         // deny plugins
         objectSrc: ["'none'"],
       },

package/src/server/conf.js

@@ -33,12 +33,13 @@ const Config = {
     else if (deployContext.startsWith('dd-')) return loadConf(deployContext, process.env.NODE_ENV, subConf);
     if (deployContext === 'proxy') Config.buildProxy(deployContext, deployList, subConf);
   },
-  deployIdFactory: function (deployId = 'dd-default') {
+  deployIdFactory: function (deployId = 'dd-default', options = { cluster: false }) {
     if (!deployId.startsWith('dd-')) deployId = `dd-${deployId}`;
 
     logger.info('Build deployId', deployId);
 
     const folder = `./engine-private/conf/${deployId}`;
+    const repoName = `engine-${deployId.split('dd-')[1]}`;
 
     if (!fs.existsSync(folder)) fs.mkdirSync(folder, { recursive: true });
     fs.writeFileSync(
@@ -56,10 +57,44 @@ const Config = {
       fs.readFileSync('./.env.test', 'utf8').replaceAll('dd-default', deployId),
       'utf8',
     );
-    fs.writeFileSync(`${folder}/package.json`, fs.readFileSync('./package.json', 'utf8'), 'utf8');
+    fs.writeFileSync(
+      `${folder}/package.json`,
+      fs.readFileSync('./package.json', 'utf8').replaceAll('dd-default', deployId),
+      'utf8',
+    );
 
     this.buildTmpConf(folder);
 
+    if (options.cluster === true) {
+      fs.writeFileSync(
+        `./.github/workflows/${repoName}.cd.yml`,
+        fs.readFileSync(`./.github/workflows/engine-test.cd.yml`, 'utf8').replaceAll('test', deployId.split('dd-')[1]),
+        'utf8',
+      );
+      fs.writeFileSync(
+        `./.github/workflows/${repoName}.ci.yml`,
+        fs.readFileSync(`./.github/workflows/engine-test.ci.yml`, 'utf8').replaceAll('test', deployId.split('dd-')[1]),
+        'utf8',
+      );
+      shellExec(`node bin/deploy update-default-conf ${deployId}`);
+      fs.writeFileSync(
+        `./engine-private/deploy/dd.router`,
+        fs.readFileSync(`./engine-private/deploy/dd.router`, 'utf8').trim() + `,${deployId}`,
+        'utf8',
+      );
+      const updateRepo = (stage = 1) => {
+        shellExec(`git add . && git commit -m "Add base deployId ${deployId} cluster files stage:${stage}"`);
+        shellExec(
+          `cd engine-private && git add . && git commit -m "Add base deployId ${deployId} cluster files stage:${stage}"`,
+        );
+      };
+      updateRepo(1);
+      shellExec(`node bin run --build --dev sync`);
+      updateRepo(2);
+      shellExec(`node bin run --build sync`);
+      updateRepo(3);
+    }
+
     return { deployIdFolder: folder, deployId };
   },
   buildTmpConf: function (folder = './conf') {

package/src/server/runtime.js

@@ -117,9 +117,6 @@ const buildRuntime = async () => {
           // set logger
           app.use(loggerMiddleware(import.meta));
 
-          // instance public static
-          app.use('/', express.static(directory ? directory : `.${rootHostPath}`));
-
           // js src compression
           app.use(compression({ filter: shouldCompress }));
           function shouldCompress(req, res) {
@@ -164,6 +161,9 @@ const buildRuntime = async () => {
             return next();
           });
 
+          // instance public static
+          app.use('/', express.static(directory ? directory : `.${rootHostPath}`));
+
           // security
           applySecurity(app, {
             origin: origins.concat(
@@ -235,17 +235,13 @@ const buildRuntime = async () => {
               for (const api of apis)
                 await (async () => {
                   const { ApiRouter } = await import(`../api/${api}/${api}.router.js`);
-                  const router = ApiRouter({ host, path, apiPath, mailer, db, authMiddleware });
+                  const router = ApiRouter({ host, path, apiPath, mailer, db, authMiddleware, origins });
                   // router.use(cors({ origin: origins }));
                   // logger.info('Load api router', { host, path: apiPath, api });
                   app.use(`${apiPath}/${api}`, router);
                 })();
             }
 
-            // load ssr
-            const ssr = await ssrMiddlewareFactory({ app, directory, rootHostPath, path });
-            for (const [_, ssrMiddleware] of Object.entries(ssr)) app.use(ssrMiddleware);
-
             if (ws)
               await (async () => {
                 const { createIoServer } = await import(`../ws/${ws}/${ws}.ws.server.js`);
@@ -287,6 +283,10 @@ const buildRuntime = async () => {
             }
           }
 
+          // load ssr
+          const ssr = await ssrMiddlewareFactory({ app, directory, rootHostPath, path });
+          for (const [_, ssrMiddleware] of Object.entries(ssr)) app.use(ssrMiddleware);
+
           await UnderpostStartUp.API.listenPortController(server, port, runningData);
 
           break;