underpost 2.8.883 → 2.8.885

package/src/runtime/express/Express.js

@@ -0,0 +1,248 @@
+/**
+ * A service dedicated to creating and configuring an Express.js application
+ * instance based on server configuration data.
+ * @module src/runtime/express/Express.js
+ * @namespace ExpressService
+ */
+
+import fs from 'fs-extra';
+import express from 'express';
+import fileUpload from 'express-fileupload';
+import swaggerUi from 'swagger-ui-express';
+import compression from 'compression';
+import { createServer } from 'http';
+
+import UnderpostStartUp from '../../server/start.js';
+import { loggerFactory, loggerMiddleware } from '../../server/logger.js';
+import { getCapVariableName, newInstance } from '../../client/components/core/CommonJs.js';
+import { MailerProvider } from '../../mailer/MailerProvider.js';
+import { DataBaseProvider } from '../../db/DataBaseProvider.js';
+import { createPeerServer } from '../../server/peer.js';
+import { createValkeyConnection } from '../../server/valkey.js';
+import { applySecurity, authMiddlewareFactory } from '../../server/auth.js';
+import { ssrMiddlewareFactory } from '../../server/ssr.js';
+
+const logger = loggerFactory(import.meta);
+
+/**
+ * @class ExpressService
+ * @description A service dedicated to creating and configuring an Express.js application
+ * instance based on server configuration data.
+ * @memberof ExpressService
+ */
+class ExpressService {
+  /**
+   * Creates and configures a complete Express application instance for a specific host/path configuration.
+   *
+   * @method createApp
+   * @memberof ExpressService
+   * @param {string} config.host - The host name for the instance (e.g., 'www.example.com').
+   * @param {string} config.path - The URL path for the instance (e.g., '/', '/api/v1').
+   * @param {number} config.port - The primary listening port for the instance.
+   * @param {string} config.client - The client associated with the instance (used for SSR/Mailer configuration lookup).
+   * @param {string[]} [config.apis] - A list of API names to load and attach routers for.
+   * @param {string[]} config.origins - Allowed origins for CORS.
+   * @param {string} [config.directory] - The directory for static files (if overriding default).
+   * @param {string} [config.ws] - The WebSocket server name to use.
+   * @param {object} [config.mailer] - Mailer configuration.
+   * @param {object} [config.db] - Database configuration.
+   * @param {string} [config.redirect] - URL or flag to indicate an HTTP redirect should be configured.
+   * @param {boolean} [config.peer] - Whether to enable the peer server.
+   * @param {object} [config.valkey] - Valkey connection configuration.
+   * @param {string} [config.apiBaseHost] - Base host for the API (if running separate API).
+   * @param {string} config.redirectTarget - The full target URL for redirection (used if `redirect` is true).
+   * @param {string} config.rootHostPath - The root path for public host assets (e.g., `/public/hostname`).
+   * @param {object} config.confSSR - The SSR configuration object, used to look up Mailer templates.
+   * @param {import('prom-client').Counter<string>} config.promRequestCounter - Prometheus request counter instance.
+   * @param {import('prom-client').Registry} config.promRegister - Prometheus register instance for metrics.
+   * @returns {Promise<{portsUsed: number}>} An object indicating how many additional ports were used (e.g., for PeerServer).
+   */
+  async createApp({
+    host,
+    path,
+    port,
+    client,
+    apis,
+    origins,
+    directory,
+    ws,
+    mailer,
+    db,
+    redirect,
+    peer,
+    valkey,
+    apiBaseHost,
+    redirectTarget,
+    rootHostPath,
+    confSSR,
+    promRequestCounter,
+    promRegister,
+  }) {
+    let portsUsed = 0;
+    const runningData = {
+      host,
+      path,
+      runtime: 'nodejs',
+      client,
+      meta: import.meta,
+      apis,
+    };
+
+    const app = express();
+
+    if (process.env.NODE_ENV === 'production') app.set('trust proxy', true);
+
+    app.use((req, res, next) => {
+      res.on('finish', () => {
+        promRequestCounter.inc({
+          instance: `${host}:${port}${path}`,
+          method: req.method,
+          status_code: res.statusCode,
+        });
+      });
+      return next();
+    });
+
+    // Metrics endpoint
+    app.get(`${path === '/' ? '' : path}/metrics`, async (req, res) => {
+      res.set('Content-Type', promRegister.contentType);
+      return res.end(await promRegister.metrics());
+    });
+
+    // Logging, Compression, and Body Parsers
+    app.use(loggerMiddleware(import.meta));
+    // Compression filter logic is correctly inlined here
+    app.use(compression({ filter: (req, res) => !req.headers['x-no-compression'] && compression.filter(req, res) }));
+    app.use(express.json({ limit: '100MB' }));
+    app.use(express.urlencoded({ extended: true, limit: '20MB' }));
+    app.use(fileUpload());
+
+    if (process.env.NODE_ENV === 'development') app.set('json spaces', 2);
+
+    // Language handling middleware
+    app.use((req, res, next) => {
+      const lang = req.headers['accept-language'] || 'en';
+      req.lang = typeof lang === 'string' && lang.toLowerCase().match('es') ? 'es' : 'en';
+      return next();
+    });
+
+    // Static file serving
+    app.use('/', express.static(directory ? directory : `.${rootHostPath}`));
+
+    // Handle redirection-only instances
+    if (redirect) {
+      app.use((req, res, next) => {
+        if (process.env.NODE_ENV === 'production' && !req.url.startsWith(`/.well-known/acme-challenge`)) {
+          return res.status(302).redirect(redirectTarget + req.url);
+        }
+        return next();
+      });
+      await UnderpostStartUp.API.listenPortController(app, port, runningData);
+      return { portsUsed };
+    }
+
+    // Create HTTP server for regular instances (required for WebSockets)
+    const server = createServer({}, app);
+
+    if (!apiBaseHost) {
+      // Swagger path definition
+      const swaggerJsonPath = `./public/${host}${path === '/' ? path : `${path}/`}swagger-output.json`;
+      const swaggerPath = `${path === '/' ? `/api-docs` : `${path}/api-docs`}`;
+
+      // Flag swagger requests before security middleware
+      if (fs.existsSync(swaggerJsonPath)) {
+        app.use(swaggerPath, (req, res, next) => {
+          res.locals.isSwagger = true;
+          next();
+        });
+      }
+
+      // Swagger UI setup
+      if (fs.existsSync(swaggerJsonPath)) {
+        const swaggerDoc = JSON.parse(fs.readFileSync(swaggerJsonPath, 'utf8'));
+        // Reusing swaggerPath defined outside, removing unnecessary redeclaration
+        app.use(swaggerPath, swaggerUi.serve, swaggerUi.setup(swaggerDoc));
+      }
+
+      // Security and CORS
+      applySecurity(app, {
+        origin: origins,
+      });
+
+      // Database and Valkey connections
+      if (db && apis) await DataBaseProvider.load({ apis, host, path, db });
+      if (valkey) await createValkeyConnection({ host, path }, valkey);
+
+      // Mailer setup
+      if (mailer) {
+        const mailerSsrConf = confSSR[getCapVariableName(client)];
+        await MailerProvider.load({
+          id: `${host}${path}`,
+          meta: `mailer-${host}${path}`,
+          host,
+          path,
+          ...mailer,
+          templates: mailerSsrConf ? mailerSsrConf.mailer : {},
+        });
+      }
+
+      // API router loading
+      if (apis && apis.length > 0) {
+        const authMiddleware = authMiddlewareFactory({ host, path });
+        const apiPath = `${path === '/' ? '' : path}/${process.env.BASE_API}`;
+        for (const api of apis) {
+          logger.info(`Build api server`, `${host}${apiPath}/${api}`);
+          const { ApiRouter } = await import(`../../api/${api}/${api}.router.js`);
+          const router = ApiRouter({ host, path, apiPath, mailer, db, authMiddleware, origins });
+          app.use(`${apiPath}/${api}`, router);
+        }
+      }
+
+      // WebSocket server setup
+      if (ws) {
+        const { createIoServer } = await import(`../../ws/${ws}/${ws}.ws.server.js`);
+        const { options, meta, ioServer } = await createIoServer(server, { host, path, db, port, origins });
+
+        // Listen on the main port for the WS server
+        await UnderpostStartUp.API.listenPortController(ioServer, port, {
+          runtime: 'nodejs',
+          client: null,
+          host,
+          path: options.path,
+          meta,
+        });
+      }
+
+      // Peer server setup
+      if (peer) {
+        portsUsed++; // Peer server uses one additional port
+        const peerPort = newInstance(port + portsUsed); // portsUsed is 1 here
+        const { options, meta, peerServer } = await createPeerServer({
+          port: peerPort,
+          devPort: port,
+          origins,
+          host,
+          path,
+        });
+        await UnderpostStartUp.API.listenPortController(peerServer, peerPort, {
+          runtime: 'nodejs',
+          client: null,
+          host,
+          path: options.path,
+          meta,
+        });
+      }
+    }
+
+    // SSR middleware loading
+    const ssr = await ssrMiddlewareFactory({ app, directory, rootHostPath, path });
+    for (const [_, ssrMiddleware] of Object.entries(ssr)) app.use(ssrMiddleware);
+
+    // Start listening on the main port
+    await UnderpostStartUp.API.listenPortController(server, port, runningData);
+
+    return { portsUsed };
+  }
+}
+
+export default new ExpressService();

package/src/runtime/lampp/Lampp.js

@@ -1,3 +1,10 @@
+/**
+ * Exported singleton instance of the LamppService class.
+ * This object is used to interact with the Lampp configuration and service.
+ * @module src/runtime/lampp/Lampp.js
+ * @namespace LamppService
+ */
+
 import fs from 'fs-extra';
 import { getRootDirectory, shellCd, shellExec } from '../../server/process.js';
 import { loggerFactory } from '../../server/logger.js';
@@ -9,12 +16,14 @@ const logger = loggerFactory(import.meta);
  * @description Provides utilities for managing the XAMPP (Lampp) service on Linux,
  * including initialization, router configuration, and virtual host creation.
  * It manages the server's configuration files and controls the service process.
+ * @memberof LamppService
  */
 class LamppService {
   /**
    * @private
    * @type {string | undefined}
    * @description Stores the accumulated Apache virtual host configuration (router definition).
+   * @memberof LamppService
    */
   router;
 
@@ -22,12 +31,15 @@ class LamppService {
    * @public
    * @type {number[]}
    * @description A list of ports currently configured and listened to by the Lampp service.
+   * @memberof LamppService
    */
   ports;
 
   /**
    * Creates an instance of LamppService.
    * Initializes the router configuration and ports list.
+   * @method constructor
+   * @memberof LamppService
    */
   constructor() {
     this.router = undefined;
@@ -37,8 +49,11 @@ class LamppService {
   /**
    * Checks if the XAMPP (Lampp) service appears to be installed based on the presence of its main configuration file.
    *
+   * @method enabled
    * @memberof LamppService
    * @returns {boolean} True if the configuration file exists, indicating Lampp is likely installed.
+   * @throws {Error} If the configuration file does not exist.
+   * @memberof LamppService
    */
   enabled() {
     return fs.existsSync('/opt/lampp/etc/httpd.conf');
@@ -49,10 +64,11 @@ class LamppService {
    * This method configures virtual hosts, disables default ports (80/443) in the main config
    * to avoid conflicts, and starts or stops the service using shell commands.
    *
-   * @memberof LamppService.prototype
+   * @method initService
    * @param {object} [options={daemon: false}] - Options for service initialization.
    * @param {boolean} [options.daemon=false] - Flag to indicate if the service should be run as a daemon (currently unused in logic).
    * @returns {Promise<void>}
+   * @memberof LamppService
    */
   async initService(options = { daemon: false }) {
     let cmd;
@@ -117,9 +133,10 @@ class LamppService {
    * Appends new Apache VirtualHost configuration content to the internal router string.
    * If a router config file exists from a previous run, it loads it first.
    *
-   * @memberof LamppService.prototype
+   * @method appendRouter
    * @param {string} render - The new VirtualHost configuration string to append.
    * @returns {string} The complete, updated router configuration string.
+   * @memberof LamppService
    */
   appendRouter(render) {
     if (!this.router) {
@@ -135,7 +152,7 @@ class LamppService {
   /**
    * Resets the internal router configuration and removes the temporary configuration file.
    *
-   * @memberof LamppService.prototype
+   * @memberof LamppService
    * @returns {void}
    */
   removeRouter() {
@@ -148,8 +165,9 @@ class LamppService {
    * This includes downloading the installer, running it, and setting up initial configurations.
    * Only runs on the 'linux' platform.
    *
-   * @memberof LamppService.prototype
+   * @method install
    * @returns {Promise<void>}
+   * @memberof LamppService
    */
   async install() {
     if (process.platform === 'linux') {
@@ -199,7 +217,7 @@ class LamppService {
    * Creates and appends a new Apache VirtualHost entry to the router configuration for a web application.
    * The router is then applied by calling {@link LamppService#initService}.
    *
-   * @memberof LamppService.prototype
+   * @method createApp
    * @param {object} options - Configuration options for the new web application.
    * @param {number} options.port - The port the VirtualHost should listen on.
    * @param {string} options.host - The ServerName/host for the VirtualHost.
@@ -210,6 +228,7 @@ class LamppService {
    * @param {string} [options.redirectTarget] - The target URL for redirection.
    * @param {boolean} [options.resetRouter] - If true, clears the existing router configuration before appending the new one.
    * @returns {{disabled: boolean}} An object indicating if the service is disabled.
+   * @memberof LamppService
    */
   createApp({ port, host, path, directory, rootHostPath, redirect, redirectTarget, resetRouter }) {
     if (!this.enabled()) return { disabled: true };
@@ -262,13 +281,15 @@ Listen ${port}
 }
 
 /**
- * @namespace LamppService
  * @description Exported singleton instance of the LamppService class.
  * This object is used to interact with the Lampp configuration and service.
+ * @memberof LamppService
  * @type {LamppService}
  */
 const Lampp = new LamppService();
 
+export { Lampp };
+
 // -- helper info --
 
 // ERR too many redirects:
@@ -320,5 +341,3 @@ const Lampp = new LamppService();
 // RewriteCond %{HTTP_HOST} ^www\. [NC]
 // RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
 // RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
-
-export { Lampp };

package/src/server/auth.js

@@ -110,16 +110,22 @@ function jwtIssuerAudienceFactory(options = { host: '', path: '' }) {
  * @param {object} [options={}] Additional JWT sign options.
  * @param {string} options.host The host name.
  * @param {string} options.path The path name.
- * @param {number} expireMinutes The token expiration in minutes.
+ * @param {number} accessExpireMinutes The access token expiration in minutes.
+ * @param {number} refreshExpireMinutes The refresh token expiration in minutes.
  * @returns {string} The signed JWT.
  * @throws {Error} If JWT key is not configured.
  * @memberof Auth
  */
-function jwtSign(payload, options = { host: '', path: '' }, expireMinutes = process.env.ACCESS_EXPIRE_MINUTES) {
+function jwtSign(
+  payload,
+  options = { host: '', path: '' },
+  accessExpireMinutes = process.env.ACCESS_EXPIRE_MINUTES,
+  refreshExpireMinutes = process.env.REFRESH_EXPIRE_MINUTES,
+) {
   const { issuer, audience } = jwtIssuerAudienceFactory(options);
   const signOptions = {
     algorithm: config.jwtAlgorithm,
-    expiresIn: `${expireMinutes}m`,
+    expiresIn: `${accessExpireMinutes}m`,
     issuer,
     audience,
   };
@@ -128,7 +134,11 @@ function jwtSign(payload, options = { host: '', path: '' }, expireMinutes = proc
 
   if (!process.env.JWT_SECRET) throw new Error('JWT key not configured');
 
-  logger.info('JWT signed', { payload, signOptions, expireMinutes });
+  // Add refreshExpiresAt to the payload, which is the same as the token's own expiry.
+  const now = Date.now();
+  payload.refreshExpiresAt = now + refreshExpireMinutes * 60 * 1000;
+
+  logger.info('JWT signed', { payload, signOptions, accessExpireMinutes, refreshExpireMinutes });
 
   return jwt.sign(payload, process.env.JWT_SECRET, signOptions);
 }
@@ -170,6 +180,14 @@ const getBearerToken = (req) => {
   return '';
 };
 
+/**
+ * Checks if the request is a refresh token request.
+ * @param {import('express').Request} req The Express request object.
+ * @returns {boolean} True if the request is a refresh token request, false otherwise.
+ * @memberof Auth
+ */
+const isRefreshTokenReq = (req) => req.method === 'GET' && req.params.id === 'auth';
+
 // ---------- Middleware ----------
 /**
  * Creates a middleware to authenticate requests using a JWT Bearer token.
@@ -237,10 +255,7 @@ const authMiddlewareFactory = (options = { host: '', path: '' }) => {
           return res.status(401).json({ status: 'error', message: 'unauthorized: host or path mismatch' });
         }
 
-        // check session expiresAt
-        const isRefreshTokenReq = req.method === 'GET' && req.params.id === 'auth';
-
-        if (!isRefreshTokenReq && session.expiresAt < new Date()) {
+        if (!isRefreshTokenReq(req) && session.expiresAt < new Date()) {
           return res.status(401).json({ status: 'error', message: 'unauthorized: session expired' });
         }
       }
@@ -310,53 +325,32 @@ const validatePasswordMiddleware = (req) => {
 /**
  * Creates cookie options for the refresh token.
  * @param {import('express').Request} req The Express request object.
+ * @param {string} host The host name.
  * @returns {object} Cookie options.
  * @memberof Auth
  */
-const cookieOptionsFactory = (req) => {
+const cookieOptionsFactory = (req, host) => {
   const isProduction = process.env.NODE_ENV === 'production';
 
-  // Determine hostname safely:
-  // Prefer origin header if present (it contains protocol + host)
-  let candidateHost = undefined;
-  try {
-    if (req.headers && req.headers.origin) {
-      candidateHost = new URL(req.headers.origin).hostname;
-    }
-  } catch (e) {
-    /* ignore parse error */
-    logger.error(e);
-  }
-
-  // fallback to req.hostname (Express sets this; ensure trust proxy if behind proxy)
-  if (!candidateHost) candidateHost = (req.hostname || '').split(':')[0];
-
-  candidateHost = (candidateHost || '').trim().replace(/^www\./i, '');
-
-  // Do not set domain for localhost, 127.x.x.x, or plain IPs
-  const isIpOrLocal = /^(localhost|127(?:\.\d+){0,2}\.\d+|\[::1\]|\d+\.\d+\.\d+\.\d+)$/i.test(candidateHost);
-  const domain = isProduction && candidateHost && !isIpOrLocal ? `.${candidateHost}` : undefined;
-
   // Determine if request is secure: respect X-Forwarded-Proto when behind proxy
   const forwardedProto = (req.headers && req.headers['x-forwarded-proto']) || '';
   const reqIsSecure = Boolean(req.secure || forwardedProto.split(',')[0] === 'https');
 
   // secure must be true for SameSite=None to work across sites
-  const secure = isProduction ? reqIsSecure : false;
+  const secure = isProduction ? reqIsSecure : req.protocol === 'https';
   const sameSite = secure ? 'None' : 'Lax';
 
   // Safe parse of maxAge minutes
-  const minutes = Number.parseInt(process.env.REFRESH_EXPIRE_MINUTES, 10);
-  const maxAge = Number.isFinite(minutes) && minutes > 0 ? minutes * 60 * 1000 : undefined;
+  const maxAge = parseInt(process.env.ACCESS_EXPIRE_MINUTES) * 60 * 1000;
 
   const opts = {
     httpOnly: true,
     secure,
     sameSite,
     path: '/',
+    domain: process.env.NODE_ENV === 'production' ? host : 'localhost',
+    maxAge,
   };
-  if (typeof maxAge !== 'undefined') opts.maxAge = maxAge;
-  if (domain) opts.domain = domain;
 
   return opts;
 };
@@ -394,11 +388,53 @@ async function createSessionAndUserToken(user, User, req, res, options = { host:
   const jwtid = session._id.toString();
 
   // Secure cookie settings
-  res.cookie('refreshToken', refreshToken, cookieOptionsFactory(req));
+  res.cookie('refreshToken', refreshToken, cookieOptionsFactory(req, options.host));
 
   return { jwtid };
 }
 
+/**
+ * Removes a session by its ID for a given user.
+ * @param {import('mongoose').Model} User The Mongoose User model.
+ * @param {string} userId The ID of the user.
+ * @param {string} sessionId The ID of the session to remove.
+ * @returns {Promise<void>}
+ * @memberof Auth
+ */
+async function removeSession(User, userId, sessionId) {
+  return await User.updateOne({ _id: userId }, { $pull: { activeSessions: { _id: sessionId } } });
+}
+
+/**
+ * Logs out a user session by removing it from the database and clearing the refresh token cookie.
+ * @param {import('mongoose').Model} User The Mongoose User model.
+ * @param {import('express').Request} req The Express request object.
+ * @param {import('express').Response} res The Express response object.
+ * @returns {Promise<boolean>} True if a session was found and removed, false otherwise.
+ * @memberof Auth
+ */
+async function logoutSession(User, req, res) {
+  const refreshToken = req.cookies?.refreshToken;
+
+  if (!refreshToken) {
+    return false;
+  }
+
+  const user = await User.findOne({ 'activeSessions.tokenHash': refreshToken });
+
+  if (!user) {
+    return false;
+  }
+
+  const session = user.activeSessions.find((s) => s.tokenHash === refreshToken);
+
+  const result = await removeSession(User, user._id, session._id);
+
+  res.clearCookie('refreshToken', { path: '/' });
+
+  return result.modifiedCount > 0;
+}
+
 /**
  * Create user and immediate session + access token
  * @param {import('express').Request} req The Express request object.
@@ -455,6 +491,7 @@ async function refreshSessionAndToken(req, res, User, options = { host: '', path
 
   if (!user) {
     // Possible token reuse: look up user by some other signals? If not possible, log and throw.
+    // TODO: on cors requests, this will throw an error, because the cookie is not sent.
     logger.warn('Refresh token reuse or invalid token detected');
     // Optional: revoke by clearing cookie and returning unauthorized
     res.clearCookie('refreshToken', { path: '/' });
@@ -470,12 +507,10 @@ async function refreshSessionAndToken(req, res, User, options = { host: '', path
   }
 
   // Check expiry
-  if (session.expiresAt && session.expiresAt < new Date()) {
-    // remove expired session
-    user.activeSessions.id(session._id).remove();
-    await user.save({ validateBeforeSave: false });
-    res.clearCookie('refreshToken', { path: '/' });
-    throw new Error('Refresh token expired');
+  if (!isRefreshTokenReq(req) && session.expiresAt && session.expiresAt < new Date()) {
+    const result = await removeSession(User, user._id, session._id);
+    if (result) throw new Error('Refresh token expired');
+    else throw new Error('Session not found');
   }
 
   // Rotate: generate new token, update stored hash and metadata
@@ -488,7 +523,7 @@ async function refreshSessionAndToken(req, res, User, options = { host: '', path
 
   logger.warn('Refreshed session for user ' + user.email);
 
-  res.cookie('refreshToken', refreshToken, cookieOptionsFactory(req));
+  res.cookie('refreshToken', refreshToken, cookieOptionsFactory(req, options.host));
 
   return jwtSign(
     UserDto.auth.payload(user, session._id.toString(), req.ip, req.headers['user-agent'], options.host, options.path),
@@ -608,6 +643,7 @@ function applySecurity(app, opts = {}) {
       maxAge: 600,
     }),
   );
+  logger.info('Cors origin', origin);
 
   // Rate limiting + slow down
   const limiter = rateLimit({
@@ -646,5 +682,8 @@ export {
   createSessionAndUserToken,
   createUserAndSession,
   refreshSessionAndToken,
+  logoutSession,
+  removeSession,
   applySecurity,
+  isRefreshTokenReq,
 };

package/src/server/client-build-live.js

@@ -8,18 +8,20 @@ const logger = loggerFactory(import.meta);
 const clientLiveBuild = async () => {
   if (fs.existsSync(`./tmp/client.build.json`)) {
     const deployId = process.argv[2];
-
+    const subConf = process.argv[3];
     let clientId = 'default';
     let host = 'default.net';
     let path = '/';
     let baseHost = `${host}${path === '/' ? '' : path}`;
     let views = Config.default.client[clientId].views;
+    let apiBaseHost;
+    let apiBaseProxyPath;
 
     if (
       deployId &&
       (fs.existsSync(`./engine-private/conf/${deployId}`) || fs.existsSync(`./engine-private/replica/${deployId}`))
     ) {
-      loadConf(deployId);
+      loadConf(deployId, subConf);
       const confClient = JSON.parse(
         fs.readFileSync(
           fs.existsSync(`./engine-private/replica/${deployId}`)
@@ -32,7 +34,9 @@ const clientLiveBuild = async () => {
       );
       const confServer = JSON.parse(
         fs.readFileSync(
-          fs.existsSync(`./engine-private/replica/${deployId}`)
+          fs.existsSync(`./engine-private/conf/${deployId}/conf.server.dev.${subConf}.json`)
+            ? `./engine-private/conf/${deployId}/conf.server.dev.${subConf}.json`
+            : fs.existsSync(`./engine-private/replica/${deployId}`)
             ? `./engine-private/replica/${deployId}/conf.server.json`
             : fs.existsSync(`./engine-private/conf/${deployId}/conf.server.json`)
             ? `./engine-private/conf/${deployId}/conf.server.json`
@@ -40,20 +44,25 @@ const clientLiveBuild = async () => {
           'utf8',
         ),
       );
-      host = process.argv[3];
-      path = process.argv[4];
+      host = process.argv[4];
+      path = process.argv[5];
       clientId = confServer[host][path].client;
       views = confClient[clientId].views;
       baseHost = `${host}${path === '/' ? '' : path}`;
+      apiBaseHost = confServer[host][path].apiBaseHost;
+      apiBaseProxyPath = confServer[host][path].apiBaseProxyPath;
     }
 
     logger.info('Live build config', {
       deployId,
+      subConf,
       host,
       path,
       clientId,
       baseHost,
       views: views.length,
+      apiBaseHost,
+      apiBaseProxyPath,
     });
 
     const updates = JSON.parse(fs.readFileSync(`./tmp/client.build.json`, 'utf8'));