underpost 2.8.884 → 2.8.886

package/src/server/auth.js

@@ -325,33 +325,13 @@ const validatePasswordMiddleware = (req) => {
 /**
  * Creates cookie options for the refresh token.
  * @param {import('express').Request} req The Express request object.
+ * @param {string} host The host name.
  * @returns {object} Cookie options.
  * @memberof Auth
  */
-const cookieOptionsFactory = (req) => {
+const cookieOptionsFactory = (req, host) => {
   const isProduction = process.env.NODE_ENV === 'production';
 
-  // Determine hostname safely:
-  // Prefer origin header if present (it contains protocol + host)
-  let candidateHost = undefined;
-  try {
-    if (req.headers && req.headers.origin) {
-      candidateHost = new URL(req.headers.origin).hostname;
-    }
-  } catch (e) {
-    /* ignore parse error */
-    logger.error(e);
-  }
-
-  // fallback to req.hostname (Express sets this; ensure trust proxy if behind proxy)
-  if (!candidateHost) candidateHost = (req.hostname || '').split(':')[0];
-
-  candidateHost = (candidateHost || '').trim().replace(/^www\./i, '');
-
-  // Do not set domain for localhost, 127.x.x.x, or plain IPs
-  const isIpOrLocal = /^(localhost|127(?:\.\d+){0,2}\.\d+|\[::1\]|\d+\.\d+\.\d+\.\d+)$/i.test(candidateHost);
-  const domain = isProduction && candidateHost && !isIpOrLocal ? `.${candidateHost}` : undefined;
-
   // Determine if request is secure: respect X-Forwarded-Proto when behind proxy
   const forwardedProto = (req.headers && req.headers['x-forwarded-proto']) || '';
   const reqIsSecure = Boolean(req.secure || forwardedProto.split(',')[0] === 'https');
@@ -361,17 +341,16 @@ const cookieOptionsFactory = (req) => {
   const sameSite = secure ? 'None' : 'Lax';
 
   // Safe parse of maxAge minutes
-  const minutes = Number.parseInt(process.env.ACCESS_EXPIRE_MINUTES, 10);
-  const maxAge = Number.isFinite(minutes) && minutes > 0 ? minutes * 60 * 1000 : undefined;
+  const maxAge = parseInt(process.env.ACCESS_EXPIRE_MINUTES) * 60 * 1000;
 
   const opts = {
     httpOnly: true,
     secure,
     sameSite,
     path: '/',
+    domain: process.env.NODE_ENV === 'production' ? host : 'localhost',
+    maxAge,
   };
-  if (typeof maxAge !== 'undefined') opts.maxAge = maxAge;
-  if (domain) opts.domain = domain;
 
   return opts;
 };
@@ -409,7 +388,7 @@ async function createSessionAndUserToken(user, User, req, res, options = { host:
   const jwtid = session._id.toString();
 
   // Secure cookie settings
-  res.cookie('refreshToken', refreshToken, cookieOptionsFactory(req));
+  res.cookie('refreshToken', refreshToken, cookieOptionsFactory(req, options.host));
 
   return { jwtid };
 }
@@ -512,6 +491,7 @@ async function refreshSessionAndToken(req, res, User, options = { host: '', path
 
   if (!user) {
     // Possible token reuse: look up user by some other signals? If not possible, log and throw.
+    // TODO: on cors requests, this will throw an error, because the cookie is not sent.
     logger.warn('Refresh token reuse or invalid token detected');
     // Optional: revoke by clearing cookie and returning unauthorized
     res.clearCookie('refreshToken', { path: '/' });
@@ -543,7 +523,7 @@ async function refreshSessionAndToken(req, res, User, options = { host: '', path
 
   logger.warn('Refreshed session for user ' + user.email);
 
-  res.cookie('refreshToken', refreshToken, cookieOptionsFactory(req));
+  res.cookie('refreshToken', refreshToken, cookieOptionsFactory(req, options.host));
 
   return jwtSign(
     UserDto.auth.payload(user, session._id.toString(), req.ip, req.headers['user-agent'], options.host, options.path),
@@ -663,6 +643,7 @@ function applySecurity(app, opts = {}) {
       maxAge: 600,
     }),
   );
+  logger.info('Cors origin', origin);
 
   // Rate limiting + slow down
   const limiter = rateLimit({

package/src/server/backup.js

@@ -1,3 +1,9 @@
+/**
+ * Manages backup operations for deployments.
+ * @module src/server/backup.js
+ * @namespace BackUp
+ */
+
 import fs from 'fs-extra';
 import { loggerFactory } from './logger.js';
 import { shellExec } from './process.js';
@@ -8,7 +14,21 @@ dotenv.config();
 
 const logger = loggerFactory(import.meta);
 
+/**
+ * @class BackUp
+ * @description Manages backup operations for deployments.
+ * @memberof BackUp
+ */
 class BackUp {
+  /**
+   * @method callback
+   * @description Initiates a backup operation for the specified deployment list.
+   * @param {string} deployList - The list of deployments to backup.
+   * @param {Object} options - The options for the backup operation.
+   * @param {boolean} options.itc - Whether to backup inside container data.
+   * @param {boolean} options.git - Whether to backup data using Git.
+   * @memberof BackUp
+   */
   static callback = async function (deployList, options = { itc: false, git: false }) {
     if ((!deployList || deployList === 'dd') && fs.existsSync(`./engine-private/deploy/dd.router`))
       deployList = fs.readFileSync(`./engine-private/deploy/dd.router`, 'utf8');

package/src/server/client-build-live.js

@@ -1,3 +1,9 @@
+/**
+ * Module for live building client-side code
+ * @module src/server/client-build-live.js
+ * @namespace clientLiveBuild
+ */
+
 import fs from 'fs-extra';
 import { Config, loadConf } from './conf.js';
 import { loggerFactory } from './logger.js';
@@ -5,21 +11,28 @@ import { buildClient } from './client-build.js';
 
 const logger = loggerFactory(import.meta);
 
+/**
+ * @function clientLiveBuild
+ * @description Initiates a live build of client-side code.
+ * @memberof clientLiveBuild
+ */
 const clientLiveBuild = async () => {
   if (fs.existsSync(`./tmp/client.build.json`)) {
     const deployId = process.argv[2];
-
+    const subConf = process.argv[3];
     let clientId = 'default';
     let host = 'default.net';
     let path = '/';
     let baseHost = `${host}${path === '/' ? '' : path}`;
     let views = Config.default.client[clientId].views;
+    let apiBaseHost;
+    let apiBaseProxyPath;
 
     if (
       deployId &&
       (fs.existsSync(`./engine-private/conf/${deployId}`) || fs.existsSync(`./engine-private/replica/${deployId}`))
     ) {
-      loadConf(deployId);
+      loadConf(deployId, subConf);
       const confClient = JSON.parse(
         fs.readFileSync(
           fs.existsSync(`./engine-private/replica/${deployId}`)
@@ -31,29 +44,27 @@ const clientLiveBuild = async () => {
         ),
       );
       const confServer = JSON.parse(
-        fs.readFileSync(
-          fs.existsSync(`./engine-private/replica/${deployId}`)
-            ? `./engine-private/replica/${deployId}/conf.server.json`
-            : fs.existsSync(`./engine-private/conf/${deployId}/conf.server.json`)
-            ? `./engine-private/conf/${deployId}/conf.server.json`
-            : `./conf/conf.server.json`,
-          'utf8',
-        ),
+        fs.readFileSync(`./engine-private/conf/${deployId}/conf.server.dev.${subConf}.json`, 'utf8'),
       );
-      host = process.argv[3];
-      path = process.argv[4];
+      host = process.argv[4];
+      path = process.argv[5];
       clientId = confServer[host][path].client;
       views = confClient[clientId].views;
       baseHost = `${host}${path === '/' ? '' : path}`;
+      apiBaseHost = confServer[host][path].apiBaseHost;
+      apiBaseProxyPath = confServer[host][path].apiBaseProxyPath;
     }
 
     logger.info('Live build config', {
       deployId,
+      subConf,
       host,
       path,
       clientId,
       baseHost,
       views: views.length,
+      apiBaseHost,
+      apiBaseProxyPath,
     });
 
     const updates = JSON.parse(fs.readFileSync(`./tmp/client.build.json`, 'utf8'));

package/src/server/client-build.js

@@ -1,3 +1,9 @@
+/**
+ * Manages the client-side build process, including full builds and incremental builds.
+ * @module server/client-build.js
+ * @namespace clientBuild
+ */
+
 'use strict';
 
 import fs from 'fs-extra';
@@ -26,97 +32,17 @@ dotenv.config();
 
 // Static Site Generation (SSG)
 
-const buildAcmeChallengePath = (acmeChallengeFullPath = '') => {
-  fs.mkdirSync(acmeChallengeFullPath, {
-    recursive: true,
-  });
-  fs.writeFileSync(`${acmeChallengeFullPath}/.gitkeep`, '', 'utf8');
-};
-
-const fullBuild = async ({
-  path,
-  logger,
-  client,
-  db,
-  dists,
-  rootClientPath,
-  acmeChallengeFullPath,
-  publicClientId,
-  iconsBuild,
-  metadata,
-}) => {
-  logger.warn('Full build', rootClientPath);
-
-  buildAcmeChallengePath(acmeChallengeFullPath);
-
-  if (publicClientId && publicClientId.startsWith('html-website-templates')) {
-    if (!fs.existsSync(`/home/dd/html-website-templates/`))
-      shellExec(`cd /home/dd && git clone https://github.com/designmodo/html-website-templates.git`);
-    if (!fs.existsSync(`${rootClientPath}/index.php`)) {
-      fs.copySync(`/home/dd/html-website-templates/${publicClientId.split('-publicClientId-')[1]}`, rootClientPath);
-      shellExec(`cd ${rootClientPath} && git init && git add . && git commit -m "Base template implementation"`);
-      // git remote add origin git@github.com:<username>/<repo>.git
-      fs.writeFileSync(`${rootClientPath}/.git/.htaccess`, `Deny from all`, 'utf8');
-    }
-    return;
-  }
-
-  fs.removeSync(rootClientPath);
-
-  if (fs.existsSync(`./src/client/public/${publicClientId}`)) {
-    if (iconsBuild === true) await buildIcons({ publicClientId, metadata });
-
-    fs.copySync(
-      `./src/client/public/${publicClientId}`,
-      rootClientPath /* {
-          filter: function (name) {
-            console.log(name);
-            return true;
-          },
-        } */,
-    );
-  } else if (fs.existsSync(`./engine-private/src/client/public/${publicClientId}`)) {
-    switch (publicClientId) {
-      case 'mysql_test':
-        if (db) {
-          fs.copySync(`./engine-private/src/client/public/${publicClientId}`, rootClientPath);
-          fs.writeFileSync(
-            `${rootClientPath}/index.php`,
-            fs
-              .readFileSync(`${rootClientPath}/index.php`, 'utf8')
-              .replace('test_servername', 'localhost')
-              .replace('test_username', db.user)
-              .replace('test_password', db.password)
-              .replace('test_dbname', db.name),
-            'utf8',
-          );
-        } else logger.error('not provided db config');
-        break;
-
-      default:
-        break;
-    }
-  }
-  if (dists)
-    for (const dist of dists) {
-      if ('folder' in dist) {
-        if (fs.statSync(dist.folder).isDirectory()) {
-          fs.mkdirSync(`${rootClientPath}${dist.public_folder}`, { recursive: true });
-          fs.copySync(dist.folder, `${rootClientPath}${dist.public_folder}`);
-        } else {
-          const folder = dist.public_folder.split('/');
-          folder.pop();
-          fs.mkdirSync(`${rootClientPath}${folder.join('/')}`, { recursive: true });
-          fs.copyFileSync(dist.folder, `${rootClientPath}${dist.public_folder}`);
-        }
-      }
-      if ('styles' in dist) {
-        fs.mkdirSync(`${rootClientPath}${dist.public_styles_folder}`, { recursive: true });
-        fs.copySync(dist.styles, `${rootClientPath}${dist.public_styles_folder}`);
-      }
-    }
-};
-
+/**
+ * @async
+ * @function buildClient
+ * @memberof clientBuild
+ * @param {Object} options - Options for the build process.
+ * @param {Array} options.liveClientBuildPaths - List of paths to build incrementally.
+ * @param {Array} options.instances - List of instances to build.
+ * @returns {Promise<void>} - Promise that resolves when the build is complete.
+ * @throws {Error} - If the build fails.
+ * @memberof clientBuild
+ */
 const buildClient = async (options = { liveClientBuildPaths: [], instances: [] }) => {
   const logger = loggerFactory(import.meta);
   const confClient = JSON.parse(fs.readFileSync(`./conf/conf.client.json`, 'utf8'));
@@ -126,6 +52,125 @@ const buildClient = async (options = { liveClientBuildPaths: [], instances: [] }
   const acmeChallengePath = `/.well-known/acme-challenge`;
   const publicPath = `./public`;
 
+  /**
+   * @async
+   * @function buildAcmeChallengePath
+   * @memberof clientBuild
+   * @param {string} acmeChallengeFullPath - Full path to the acme-challenge directory.
+   * @returns {void}
+   * @throws {Error} - If the directory cannot be created.
+   * @memberof clientBuild
+   */
+  const buildAcmeChallengePath = (acmeChallengeFullPath = '') => {
+    fs.mkdirSync(acmeChallengeFullPath, {
+      recursive: true,
+    });
+    fs.writeFileSync(`${acmeChallengeFullPath}/.gitkeep`, '', 'utf8');
+  };
+
+  /**
+   * @async
+   * @function fullBuild
+   * @memberof clientBuild
+   * @param {Object} options - Options for the full build process.
+   * @param {string} options.path - Path to the client directory.
+   * @param {Object} options.logger - Logger instance.
+   * @param {string} options.client - Client name.
+   * @param {Object} options.db - Database configuration.
+   * @param {Array} options.dists - List of distributions to build.
+   * @param {string} options.rootClientPath - Full path to the client directory.
+   * @param {string} options.acmeChallengeFullPath - Full path to the acme-challenge directory.
+   * @param {string} options.publicClientId - Public client ID.
+   * @param {boolean} options.iconsBuild - Whether to build icons.
+   * @param {Object} options.metadata - Metadata for the client.
+   * @returns {Promise<void>} - Promise that resolves when the full build is complete.
+   * @throws {Error} - If the full build fails.
+   * @memberof clientBuild
+   */
+  const fullBuild = async ({
+    path,
+    logger,
+    client,
+    db,
+    dists,
+    rootClientPath,
+    acmeChallengeFullPath,
+    publicClientId,
+    iconsBuild,
+    metadata,
+  }) => {
+    logger.warn('Full build', rootClientPath);
+
+    buildAcmeChallengePath(acmeChallengeFullPath);
+
+    if (publicClientId && publicClientId.startsWith('html-website-templates')) {
+      if (!fs.existsSync(`/home/dd/html-website-templates/`))
+        shellExec(`cd /home/dd && git clone https://github.com/designmodo/html-website-templates.git`);
+      if (!fs.existsSync(`${rootClientPath}/index.php`)) {
+        fs.copySync(`/home/dd/html-website-templates/${publicClientId.split('-publicClientId-')[1]}`, rootClientPath);
+        shellExec(`cd ${rootClientPath} && git init && git add . && git commit -m "Base template implementation"`);
+        // git remote add origin git@github.com:<username>/<repo>.git
+        fs.writeFileSync(`${rootClientPath}/.git/.htaccess`, `Deny from all`, 'utf8');
+      }
+      return;
+    }
+
+    fs.removeSync(rootClientPath);
+
+    if (fs.existsSync(`./src/client/public/${publicClientId}`)) {
+      if (iconsBuild === true) await buildIcons({ publicClientId, metadata });
+
+      fs.copySync(
+        `./src/client/public/${publicClientId}`,
+        rootClientPath /* {
+            filter: function (name) {
+              console.log(name);
+              return true;
+            },
+          } */,
+      );
+    } else if (fs.existsSync(`./engine-private/src/client/public/${publicClientId}`)) {
+      switch (publicClientId) {
+        case 'mysql_test':
+          if (db) {
+            fs.copySync(`./engine-private/src/client/public/${publicClientId}`, rootClientPath);
+            fs.writeFileSync(
+              `${rootClientPath}/index.php`,
+              fs
+                .readFileSync(`${rootClientPath}/index.php`, 'utf8')
+                .replace('test_servername', 'localhost')
+                .replace('test_username', db.user)
+                .replace('test_password', db.password)
+                .replace('test_dbname', db.name),
+              'utf8',
+            );
+          } else logger.error('not provided db config');
+          break;
+
+        default:
+          break;
+      }
+    }
+    if (dists)
+      for (const dist of dists) {
+        if ('folder' in dist) {
+          if (fs.statSync(dist.folder).isDirectory()) {
+            fs.mkdirSync(`${rootClientPath}${dist.public_folder}`, { recursive: true });
+            fs.copySync(dist.folder, `${rootClientPath}${dist.public_folder}`);
+          } else {
+            const folder = dist.public_folder.split('/');
+            folder.pop();
+            fs.mkdirSync(`${rootClientPath}${folder.join('/')}`, { recursive: true });
+            fs.copyFileSync(dist.folder, `${rootClientPath}${dist.public_folder}`);
+          }
+        }
+        if ('styles' in dist) {
+          fs.mkdirSync(`${rootClientPath}${dist.public_styles_folder}`, { recursive: true });
+          fs.copySync(dist.styles, `${rootClientPath}${dist.public_styles_folder}`);
+        }
+      }
+  };
+
   // { srcBuildPath, publicBuildPath }
   const enableLiveRebuild =
     options && options.liveClientBuildPaths && options.liveClientBuildPaths.length > 0 ? true : false;

package/src/server/client-dev-server.js

@@ -1,3 +1,8 @@
+/**
+ * Module for creating a client-side development server
+ * @module src/server/client-dev-server.js
+ * @namespace clientDevServer
+ */
 import fs from 'fs-extra';
 import nodemon from 'nodemon';
 import { shellExec } from './process.js';
@@ -5,14 +10,32 @@ import { loggerFactory } from './logger.js';
 
 const logger = loggerFactory(import.meta);
 
-const createClientDevServer = () => {
-  // process.argv.slice(2).join(' ')
-  shellExec(`env-cmd -f .env.development node bin/deploy build-full-client ${process.argv.slice(2).join(' ')}`);
+/**
+ * @function createClientDevServer
+ * @description Creates a client-side development server.
+ * @memberof clientDevServer
+ * @param {string} deployId - The deployment ID.
+ * @param {string} subConf - The sub-configuration.
+ * @param {string} host - The host.
+ * @param {string} path - The path.
+ * @returns {void}
+ * @memberof clientDevServer
+ */
+const createClientDevServer = (
+  deployId = process.argv[2] || 'dd-default',
+  subConf = process.argv[3] || '',
+  host = process.argv[4] || 'default.net',
+  path = process.argv[5] || '/',
+) => {
   shellExec(
-    `env-cmd -f .env.development node src/api ${process.argv[2]}${process.argv[5] ? ` ${process.argv[5]}` : ''}${
-      process.argv.includes('static') ? ' static' : ''
-    }`,
-    { async: true },
+    `env-cmd -f ./engine-private/conf/${deployId}/.env.${process.env.NODE_ENV}.${subConf}-dev-client node bin/deploy build-full-client ${deployId} ${subConf}-dev-client ${host} ${path}`.trim(),
+  );
+
+  shellExec(
+    `env-cmd -f ./engine-private/conf/${deployId}/.env.${process.env.NODE_ENV}.${subConf}-dev-client node src/server ${deployId} ${subConf}-dev-client`.trim(),
+    {
+      async: true,
+    },
   );
 
   // https://github.com/remy/nodemon/blob/main/doc/events.md
@@ -28,7 +51,11 @@ const createClientDevServer = () => {
 
   let buildPathScope = [];
 
-  const nodemonOptions = { script: './src/client.build', args: process.argv.slice(2), watch: 'src/client' };
+  const nodemonOptions = {
+    script: './src/client.build',
+    args: [`${deployId}`, `${subConf}-dev-client`, `${host}`, `${path}`],
+    watch: 'src/client',
+  };
   logger.info('nodemon option', { nodemonOptions });
   nodemon(nodemonOptions)
     .on('start', function (...args) {

package/src/server/client-icons.js

@@ -1,3 +1,8 @@
+/**
+ * Module for building client-side icons
+ * @module src/server/client-icons.js
+ * @namespace clientIcons
+ */
 import { favicons } from 'favicons';
 import { loggerFactory } from './logger.js';
 import fs from 'fs-extra';
@@ -5,6 +10,20 @@ import { getCapVariableName } from '../client/components/core/CommonJs.js';
 
 const logger = loggerFactory(import.meta);
 
+/**
+ * @function buildIcons
+ * @description Builds icons for a client-side application.
+ * @memberof clientIcons
+ * @param {Object} metadata - The metadata for the client-side application.
+ * @param {string} metadata.title - The title of the client-side application.
+ * @param {string} metadata.description - The description of the client-side application.
+ * @param {string} metadata.keywords - The keywords for the client-side application.
+ * @param {string} metadata.author - The author of the client-side application.
+ * @param {string} metadata.thumbnail - The thumbnail of the client-side application.
+ * @param {string} metadata.themeColor - The theme color of the client-side application.
+ * @param {string} metadata.baseBuildIconReference - The base build icon reference for the client-side application.
+ * @returns {Promise<void>}
+ */
 const buildIcons = async ({
   publicClientId,
   metadata: { title, description, keywords, author, thumbnail, themeColor, baseBuildIconReference },