underpost 3.2.4 → 3.2.8

package/src/api/document/document.controller.js

@@ -2,8 +2,8 @@ import { loggerFactory } from '../../server/logger.js';
 import { DocumentService } from './document.service.js';
 const logger = loggerFactory(import.meta);
 
-const DocumentController = {
-  post: async (req, res, options) => {
+class DocumentController {
+  static post = async (req, res, options) => {
     try {
       return res.status(200).json({
         status: 'success',
@@ -16,8 +16,8 @@ const DocumentController = {
         message: error.message,
       });
     }
-  },
-  get: async (req, res, options) => {
+  };
+  static get = async (req, res, options) => {
     try {
       return res.status(200).json({
         status: 'success',
@@ -30,8 +30,8 @@ const DocumentController = {
         message: error.message,
       });
     }
-  },
-  delete: async (req, res, options) => {
+  };
+  static delete = async (req, res, options) => {
     try {
       const result = await DocumentService.delete(req, res, options);
       return res.status(200).json({
@@ -45,8 +45,8 @@ const DocumentController = {
         message: error.message,
       });
     }
-  },
-  put: async (req, res, options) => {
+  };
+  static put = async (req, res, options) => {
     try {
       const result = await DocumentService.put(req, res, options);
       return res.status(200).json({
@@ -60,8 +60,8 @@ const DocumentController = {
         message: error.message,
       });
     }
-  },
-  patch: async (req, res, options) => {
+  };
+  static patch = async (req, res, options) => {
     try {
       const result = await DocumentService.patch(req, res, options);
       return res.status(200).json({
@@ -75,7 +75,7 @@ const DocumentController = {
         message: error.message,
       });
     }
-  },
-};
+  };
+}
 
 export { DocumentController };

package/src/api/document/document.model.js

@@ -1,7 +1,5 @@
 import { Schema, model, Types } from 'mongoose';
-
 // https://mongoosejs.com/docs/2.7.x/docs/schematypes.html
-
 const DocumentSchema = new Schema(
   {
     userId: {
@@ -35,13 +33,10 @@ const DocumentSchema = new Schema(
     timestamps: true,
   },
 );
-
 const DocumentModel = model('Document', DocumentSchema);
-
 const ProviderSchema = DocumentSchema;
-
-const DocumentDto = {
-  populate: {
+class DocumentDto {
+  static populate = {
     file: () => {
       return {
         path: 'fileId',
@@ -68,34 +63,33 @@ const DocumentDto = {
         },
       };
     },
-  },
-  getTotalCopyShareLinkCount: (document) => {
+  };
+  static getTotalCopyShareLinkCount = (document) => {
     if (!document.share || !document.share.copyShareLinkEvent) return 0;
     return document.share.copyShareLinkEvent.reduce((total, event) => total + (event.count || 0), 0);
-  },
+  };
   /**
    * Filter 'public' tag from tags array
    * The 'public' tag is internal and should not be rendered to users
    * @param {string[]} tags - Array of tags
    * @returns {string[]} - Filtered tags without 'public'
    */
-  filterPublicTag: (tags) => {
+  static filterPublicTag = (tags) => {
     if (!tags || !Array.isArray(tags)) return [];
     return tags.filter((tag) => tag !== 'public');
-  },
+  };
   /**
    * Extract isPublic boolean from tags array and return cleaned tags
    * @param {string[]} tags - Array of tags potentially containing 'public'
    * @returns {{ isPublic: boolean, tags: string[] }} - Object with isPublic flag and cleaned tags
    */
-  extractPublicFromTags: (tags) => {
+  static extractPublicFromTags = (tags) => {
     if (!tags || !Array.isArray(tags)) {
       return { isPublic: false, tags: [] };
     }
     const hasPublicTag = tags.includes('public');
     const cleanedTags = tags.filter((tag) => tag !== 'public');
     return { isPublic: hasPublicTag, tags: cleanedTags };
-  },
-};
-
+  };
+}
 export { DocumentSchema, DocumentModel, ProviderSchema, DocumentDto };

package/src/api/file/file.controller.js

@@ -2,8 +2,8 @@ import { loggerFactory } from '../../server/logger.js';
 import { FileService } from './file.service.js';
 const logger = loggerFactory(import.meta);
 
-const FileController = {
-  post: async (req, res, options) => {
+class FileController {
+  static post = async (req, res, options) => {
     try {
       return res.status(200).json({
         status: 'success',
@@ -16,8 +16,8 @@ const FileController = {
         message: error.message,
       });
     }
-  },
-  get: async (req, res, options) => {
+  };
+  static get = async (req, res, options) => {
     try {
       if (req && req.headers && req.headers.origin) {
         res.set('Access-Control-Allow-Origin', req.headers.origin);
@@ -38,8 +38,8 @@ const FileController = {
         message: error.message,
       });
     }
-  },
-  delete: async (req, res, options) => {
+  };
+  static delete = async (req, res, options) => {
     try {
       const result = await FileService.delete(req, res, options);
       return res.status(200).json({
@@ -53,7 +53,7 @@ const FileController = {
         message: error.message,
       });
     }
-  },
-};
+  };
+}
 
 export { FileController };

package/src/api/file/file.model.js

@@ -47,7 +47,7 @@ const ProviderSchema = FileSchema;
  * @namespace FileModelServer.FileModelDto
  * @memberof FileModelServer
  */
-const FileModelDto = {
+class FileModelDto {
   /**
    * Returns file metadata only (no buffer data).
    * Used for list responses and API integration.
@@ -56,7 +56,7 @@ const FileModelDto = {
    * @param {Object} file - File document from database.
    * @returns {Object|null} File metadata object, or null if file is falsy.
    */
-  toMetadata: (file) => {
+  static toMetadata = (file) => {
     if (!file) return null;
     return {
       _id: file._id,
@@ -68,7 +68,7 @@ const FileModelDto = {
       createdAt: file.createdAt,
       updatedAt: file.updatedAt,
     };
-  },
+  };
 
   /**
    * Returns file with complete data.
@@ -78,7 +78,7 @@ const FileModelDto = {
    * @param {Object} file - File document from database.
    * @returns {Object|null} Complete file object with buffer data, or null if file is falsy.
    */
-  toFull: (file) => {
+  static toFull = (file) => {
     if (!file) return null;
     return {
       _id: file._id,
@@ -92,7 +92,7 @@ const FileModelDto = {
       createdAt: file.createdAt,
       updatedAt: file.updatedAt,
     };
-  },
+  };
 
   /**
    * Transforms array of files to metadata only.
@@ -101,10 +101,10 @@ const FileModelDto = {
    * @param {Array} files - Array of file documents.
    * @returns {Array} Array of file metadata objects.
    */
-  toMetadataArray: (files) => {
+  static toMetadataArray = (files) => {
     if (!Array.isArray(files)) return [];
     return files.map((file) => FileModelDto.toMetadata(file));
-  },
+  };
 
   /**
    * Ensures UTF-8 encoding for filenames.
@@ -114,14 +114,14 @@ const FileModelDto = {
    * @param {string} filename - Raw filename from upload.
    * @returns {string} UTF-8 encoded filename.
    */
-  normalizeFilename: (filename) => {
+  static normalizeFilename = (filename) => {
     if (!filename) return '';
     // Ensure string and normalize to UTF-8
     let normalized = String(filename);
     // Replace any incorrectly encoded sequences
     normalized = Buffer.from(normalized, 'utf8').toString('utf8');
     return normalized;
-  },
-};
+  };
+}
 
 export { FileSchema, FileModel, ProviderSchema, FileModelDto };

package/src/api/file/file.service.js

@@ -27,7 +27,7 @@ const logger = loggerFactory(import.meta);
  * @namespace FileServiceServer.FileServiceDto
  * @memberof FileServiceServer
  */
-const FileServiceDto = {
+class FileServiceDto {
   /**
    * Returns file metadata only (no buffer data).
    * Used for list responses and API integration.
@@ -36,7 +36,7 @@ const FileServiceDto = {
    * @param {Object} file - File document from database.
    * @returns {Object|null} File metadata object, or null if file is falsy.
    */
-  toMetadata: (file) => {
+  static toMetadata = (file) => {
     if (!file) return null;
     return {
       _id: file._id,
@@ -48,7 +48,7 @@ const FileServiceDto = {
       createdAt: file.createdAt,
       updatedAt: file.updatedAt,
     };
-  },
+  };
 
   /**
    * Transforms array of files to metadata only.
@@ -57,10 +57,10 @@ const FileServiceDto = {
    * @param {Array} files - Array of file documents.
    * @returns {Array} Array of file metadata objects.
    */
-  toMetadataArray: (files) => {
+  static toMetadataArray = (files) => {
     if (!Array.isArray(files)) return [];
     return files.map((file) => FileServiceDto.toMetadata(file));
-  },
+  };
 
   /**
    * Ensures UTF-8 encoding for filenames.
@@ -70,14 +70,14 @@ const FileServiceDto = {
    * @param {string} filename - Raw filename from upload.
    * @returns {string} UTF-8 encoded filename.
    */
-  normalizeFilename: (filename) => {
+  static normalizeFilename = (filename) => {
     if (!filename) return '';
     // Ensure string and normalize to UTF-8
     let normalized = String(filename);
     // Replace any incorrectly encoded sequences
     normalized = Buffer.from(normalized, 'utf8').toString('utf8');
     return normalized;
-  },
+  };
 
   /**
    * Get select fields for metadata-only queries.
@@ -86,17 +86,17 @@ const FileServiceDto = {
    * @memberof FileServiceServer.FileServiceDto
    * @returns {string} Space-separated list of field names for metadata selection.
    */
-  metadataSelect: () => {
+  static metadataSelect = () => {
     return '_id name mimetype size encoding md5 cid createdAt updatedAt';
-  },
-};
+  };
+}
 
 /**
  * File Factory for file extraction, upload, and creation utilities.
  * @namespace FileServiceServer.FileFactory
  * @memberof FileServiceServer
  */
-const FileFactory = {
+class FileFactory {
   /**
    * Extract files from request.
    * Handles both standard 'file' field and custom fields.
@@ -105,7 +105,7 @@ const FileFactory = {
    * @param {Object} req - Express request object with files.
    * @returns {Array} Array of extracted file objects.
    */
-  filesExtract: (req) => {
+  static filesExtract = (req) => {
     const files = [];
     if (!req.files || Object.keys(req.files).length === 0) {
       return files;
@@ -139,7 +139,7 @@ const FileFactory = {
     }
 
     return files;
-  },
+  };
 
   /**
    * Upload files to database with UTF-8 encoding.
@@ -150,7 +150,7 @@ const FileFactory = {
    * @param {import('mongoose').Model} File - Mongoose File model.
    * @returns {Promise<Array>} Array of uploaded file metadata objects.
    */
-  upload: async function (req, File) {
+  static async upload(req, File) {
     const results = FileFactory.filesExtract(req);
     let index = -1;
 
@@ -172,7 +172,7 @@ const FileFactory = {
     }
 
     return results;
-  },
+  }
 
   /**
    * Convert string to hexadecimal.
@@ -181,9 +181,9 @@ const FileFactory = {
    * @param {string} [raw=''] - Raw string to convert.
    * @returns {string} Hexadecimal representation of the string.
    */
-  hex: (raw = '') => {
+  static hex = (raw = '') => {
     return Buffer.from(raw, 'utf8').toString('hex');
-  },
+  };
 
   /**
    * Get MIME type from file path based on extension.
@@ -192,7 +192,7 @@ const FileFactory = {
    * @param {string} path - File path or filename with extension.
    * @returns {string} MIME type string.
    */
-  getMymeTypeFromPath: (path) => {
+  static getMymeTypeFromPath = (path) => {
     const ext = String(path || '')
       .toLowerCase()
       .split('.')
@@ -210,7 +210,7 @@ const FileFactory = {
       json: 'application/json',
     };
     return mimeTypes[ext] || 'application/octet-stream';
-  },
+  };
 
   /**
    * Create file object with proper encoding.
@@ -220,7 +220,7 @@ const FileFactory = {
    * @param {string} [name=''] - File name.
    * @returns {Object} File object with name, data, size, encoding, mimetype, and md5.
    */
-  create: (data = Buffer.from([]), name = '') => {
+  static create = (data = Buffer.from([]), name = '') => {
     const normalizedName = FileServiceDto.normalizeFilename(name);
 
     return {
@@ -234,8 +234,8 @@ const FileFactory = {
       md5: crypto.createHash('md5').update(data).digest('hex'),
       cid: undefined,
     };
-  },
-};
+  };
+}
 
 /**
  * File cleanup utilities for preventing orphaned files.
@@ -244,7 +244,7 @@ const FileFactory = {
  * @namespace FileServiceServer.FileCleanup
  * @memberof FileServiceServer
  */
-const FileCleanup = {
+class FileCleanup {
   /**
    * Clean up old file references when document fields are updated.
    * Deletes old files that are being replaced by new file IDs.
@@ -258,7 +258,7 @@ const FileCleanup = {
    * @param {import('mongoose').Model} options.File - Mongoose File model.
    * @returns {Promise<Array>} Array of deleted file IDs.
    */
-  cleanupReplacedFiles: async ({ oldDoc, newData, fileFields, File }) => {
+  static cleanupReplacedFiles = async ({ oldDoc, newData, fileFields, File }) => {
     const deletedFileIds = [];
 
     for (const field of fileFields) {
@@ -281,7 +281,7 @@ const FileCleanup = {
     }
 
     return deletedFileIds;
-  },
+  };
 
   /**
    * Delete all files referenced in a document.
@@ -297,7 +297,7 @@ const FileCleanup = {
    * @param {import('mongoose').Model} options.File - Mongoose File model.
    * @returns {Promise<Array>} Array of deleted file IDs.
    */
-  deleteDocumentFiles: async ({ doc, fileFields, File }) => {
+  static deleteDocumentFiles = async ({ doc, fileFields, File }) => {
     const deletedFileIds = [];
 
     for (const field of fileFields) {
@@ -318,15 +318,15 @@ const FileCleanup = {
     }
 
     return deletedFileIds;
-  },
-};
+  };
+}
 
 /**
  * File Service for handling REST API file operations.
  * @namespace FileServiceServer.FileService
  * @memberof FileServiceServer
  */
-const FileService = {
+class FileService {
   /**
    * POST - Upload files.
    * Returns metadata-only response (no buffer data).
@@ -338,7 +338,7 @@ const FileService = {
    * @param {Object} options - Request options containing host and path.
    * @returns {Promise<Array>} Array of uploaded file metadata objects.
    */
-  post: async (req, res, options) => {
+  static post = async (req, res, options) => {
     // Check that user is authenticated and not a guest
     if (!req.auth || !req.auth.user || req.auth.user.role === 'guest') {
       throw new Error('Authentication required. Guest users cannot upload files.');
@@ -349,7 +349,7 @@ const FileService = {
 
     const uploadedFiles = await FileFactory.upload(req, File);
     return FileServiceDto.toMetadataArray(uploadedFiles);
-  },
+  };
 
   /**
    * GET - Retrieve files.
@@ -365,7 +365,7 @@ const FileService = {
    * @returns {Promise<Array|Buffer>} Array of file metadata objects or Buffer for blob endpoint.
    * @throws {Error} If file not found or user not authorized.
    */
-  get: async (req, res, options) => {
+  static get = async (req, res, options) => {
     /** @type {import('./file.model.js').FileModel} */
     const File = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.File;
     /** @type {import('../document/document.model.js').DocumentModel} */
@@ -467,7 +467,7 @@ const FileService = {
         return FileServiceDto.toMetadataArray(files);
       }
     }
-  },
+  };
 
   /**
    * DELETE - Remove files.
@@ -480,7 +480,7 @@ const FileService = {
    * @returns {Promise<Object>} Deleted file metadata object.
    * @throws {Error} If file not found.
    */
-  delete: async (req, res, options) => {
+  static delete = async (req, res, options) => {
     /** @type {import('./file.model.js').FileModel} */
     const File = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.File;
 
@@ -491,7 +491,7 @@ const FileService = {
     }
 
     return FileServiceDto.toMetadata(result);
-  },
-};
+  };
+}
 
 export { FileService, FileFactory, FileServiceDto, FileCleanup };

package/src/api/test/test.controller.js

@@ -3,8 +3,8 @@ import { TestService } from './test.service.js';
 
 const logger = loggerFactory(import.meta);
 
-const TestController = {
-  post: async (req, res, options) => {
+class TestController {
+  static post = async (req, res, options) => {
     try {
       return res.status(200).json({
         status: 'success',
@@ -17,8 +17,8 @@ const TestController = {
         message: error.message,
       });
     }
-  },
-  get: async (req, res, options) => {
+  };
+  static get = async (req, res, options) => {
     try {
       const result = await TestService.get(req, res, options);
       if (result)
@@ -37,8 +37,8 @@ const TestController = {
         message: error.message,
       });
     }
-  },
-  delete: async (req, res, options) => {
+  };
+  static delete = async (req, res, options) => {
     try {
       const result = await TestService.delete(req, res, options);
 
@@ -53,7 +53,7 @@ const TestController = {
         message: error.message,
       });
     }
-  },
-};
+  };
+}
 
 export { TestController };

package/src/api/test/test.service.js

@@ -5,14 +5,14 @@ import { getYouTubeID, validatePassword } from '../../client/components/core/Com
 
 const logger = loggerFactory(import.meta);
 
-const TestService = {
-  post: async (req, res, options) => {
+class TestService {
+  static post = async (req, res, options) => {
     switch (req.params.id) {
       default:
         break;
     }
-  },
-  get: async (req, res, options) => {
+  };
+  static get = async (req, res, options) => {
     switch (req.params.id) {
       case 'verify-email':
         return validator.isEmail(req.query.email);
@@ -23,13 +23,13 @@ const TestService = {
 
       default:
     }
-  },
-  delete: async (req, res, options) => {
+  };
+  static delete = async (req, res, options) => {
     switch (req.params.id) {
       default:
         break;
     }
-  },
-};
+  };
+}
 
 export { TestService };

package/src/api/user/guest.service.js

@@ -0,0 +1,99 @@
+import mongoose from 'mongoose';
+import { UserDto } from './user.model.js';
+import { ValkeyAPI } from '../../server/valkey.js';
+import { hashPassword, getBearerToken, jwtSign } from '../../server/auth.js';
+
+// ─── TTL ──────────────────────────────────────────────────────────────────────
+
+const _guestTtlMs = () => {
+  const minutes = Number.parseInt(process.env.REFRESH_EXPIRE_MINUTES || '60', 10);
+  return Number.isFinite(minutes) && minutes > 0 ? minutes * 60 * 1000 : 60 * 60 * 1000;
+};
+
+// ─── Domain helpers ───────────────────────────────────────────────────────────
+
+/**
+ * Constructs a new ephemeral guest user object.
+ * This is domain logic specific to the guest lifecycle; it does not belong
+ * in the generic Valkey storage module.
+ *
+ * @param {{ host?: string }} options
+ * @returns {object}
+ */
+const buildGuestUser = (options) => {
+  const now = new Date().toISOString();
+  const _id = new mongoose.Types.ObjectId().toString();
+  const role = 'guest';
+  return {
+    _id: `${role}${_id}`,
+    username: `${role}${_id.slice(-5)}`,
+    email: `${_id}@${options.host || 'localhost'}`,
+    password: hashPassword(process.env.JWT_SECRET),
+    role,
+    emailConfirmed: false,
+    profileImageId: null,
+    publicKey: [],
+    phoneNumbers: [],
+    activeSessions: [],
+    failedLoginAttempts: 0,
+    recoverTimeOut: null,
+    lastLoginDate: null,
+    createdAt: now,
+    updatedAt: now,
+    guestSessionExpiresAt: Date.now() + _guestTtlMs(),
+  };
+};
+
+/**
+ * Projects a user object to the public-safe fields defined by UserDto.select.get().
+ * Keeps this logic next to the guest domain instead of in a generic utility.
+ *
+ * @param {object} user
+ * @returns {object}
+ */
+const _toPublicUser = (user) => {
+  const select = UserDto.select.get();
+  return Object.fromEntries(
+    Object.keys(select)
+      .filter((k) => select[k] === 1 && k in user)
+      .map((k) => [k, user[k]]),
+  );
+};
+
+const _withRefreshedExpiry = (user) => ({ ...user, guestSessionExpiresAt: Date.now() + _guestTtlMs() });
+
+// ─── Service ──────────────────────────────────────────────────────────────────
+
+class GuestService {
+  static async create(req, options) {
+    const user = buildGuestUser(options);
+
+    await ValkeyAPI.set(options, user.email, user, _guestTtlMs());
+
+    return {
+      token: jwtSign(
+        UserDto.auth.payload(user, null, req.ip, req.headers['user-agent'], options.host, options.path),
+        options,
+      ),
+      user: _toPublicUser(user),
+    };
+  }
+
+  static async auth(req, options) {
+    const user = await ValkeyAPI.get(options, req.auth.user.email);
+    if (!user) throw new Error('guest user expired');
+
+    const expiresAt = Number(user.guestSessionExpiresAt || 0);
+    if (expiresAt && expiresAt <= Date.now()) throw new Error('guest user expired');
+
+    const refreshed = _withRefreshedExpiry(user);
+    await ValkeyAPI.set(options, refreshed.email, refreshed, _guestTtlMs());
+
+    return {
+      user: _toPublicUser(refreshed),
+      token: getBearerToken(req),
+    };
+  }
+}
+
+export { GuestService };