underpost 3.2.8 → 3.2.10

package/src/api/user/user.service.js

@@ -1,3 +1,12 @@
+/**
+ * User service module for handling user account operations.
+ * Provides REST API handlers for authentication, registration, profile management,
+ * email verification, password recovery, and guest user lifecycle management.
+ *
+ * @module src/api/user/user.service.js
+ * @namespace UserService
+ */
+
 import { loggerFactory } from '../../server/logger.js';
 import { DataQuery } from '../../server/data-query.js';
 import {
@@ -15,21 +24,40 @@ import { MailerProvider } from '../../mailer/MailerProvider.js';
 import { CoreWsEmitter } from '../../ws/core/core.ws.emit.js';
 import { CoreWsMailerChannel } from '../../ws/core/channels/core.ws.mailer.js';
 import validator from 'validator';
-import { DataBaseProvider } from '../../db/DataBaseProvider.js';
+import { DataBaseProviderService } from '../../db/DataBaseProvider.js';
 import { FileFactory, FileCleanup } from '../file/file.service.js';
 import { UserDto } from './user.model.js';
 import { timer } from '../../client/components/core/CommonJs.js';
 import { GuestService } from './guest.service.js';
+import { resolveHostKeyContext } from '../../server/conf.js';
 
 const logger = loggerFactory(import.meta);
 
-const UserService = {
-  post: async (req, res, options) => {
-    /** @type {import('./user.model.js').UserModel} */
-    const User = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.User;
-
+/**
+ * User Service for handling REST API user operations.
+ * Manages authentication, registration, profile CRUD, email verification,
+ * password recovery, session management, and guest user lifecycle.
+ * @namespace UserService
+ */
+class UserService {
+  /**
+   * POST - Create or authenticate users.
+   * Supports authentication, guest account creation, email verification,
+   * and password recovery email sending.
+   * @async
+   * @function post
+   * @memberof UserService
+   * @param {Object} req - Express request object.
+   * @param {Object} res - Express response object.
+   * @param {Object} options - Request options containing host and path.
+   * @returns {Promise<Object>} User data with auth token, or status message.
+   * @throws {Error} If authentication fails, email is invalid, or email send error.
+   */
+  static post = async (req, res, options) => {
     /** @type {import('../file/file.model.js').FileModel} */
-    const File = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.File;
+    const File = DataBaseProviderService.getModel('File', options);
+    /** @type {import('./user.model.js').UserModel} */
+    const User = DataBaseProviderService.getModel('User', options);
 
     if (req.params.id === 'recover-verify-email') {
       const user = await User.findOne({
@@ -44,11 +72,10 @@ const UserService = {
 
       const token = jwtSign({ email: req.body.email }, options, 15);
       const payloadToken = jwtSign({ email: req.body.email }, options, 15);
-      const id = `${options.host}${options.path}`;
+      const id = resolveHostKeyContext(options);
       const translate = MailerProvider.instance[id].translateTemplates.recoverEmail;
-      const recoverUrl = `${process.env.NODE_ENV === 'development' ? 'http://' : 'https://'}${req.body.hostname}${
-        req.body.proxyPath
-      }recover?payload=${payloadToken}`;
+      const recoverUrl = `${process.env.NODE_ENV === 'development' ? 'http://' : 'https://'}${req.body.hostname}${req.body.proxyPath
+        }recover?payload=${payloadToken}`;
       const sendResult = await MailerProvider.send({
         id,
         sendOptions: {
@@ -81,7 +108,7 @@ const UserService = {
       if (!validator.isEmail(req.body.email)) throw { message: 'invalid email' };
 
       const token = jwtSign({ email: req.body.email }, options, 15);
-      const id = `${options.host}${options.path}`;
+      const id = resolveHostKeyContext(options);
       const user = await User.findById(req.auth.user._id);
 
       if (user.emailConfirmed) throw new Error('email already confirmed');
@@ -130,10 +157,9 @@ const UserService = {
         });
         const getMinutesRemaining = () => (-1 * user.failedLoginAttempts - new Date().getTime()) / (1000 * 60);
         const accountLocketMessage = () =>
-          `Account locked. Please try again in: ${
-            getMinutesRemaining() < 1
-              ? `${(getMinutesRemaining() * 60).toFixed(0)} s`
-              : `${getMinutesRemaining().toFixed(0)} min`
+          `Account locked. Please try again in: ${getMinutesRemaining() < 1
+            ? `${(getMinutesRemaining() * 60).toFixed(0)} s`
+            : `${getMinutesRemaining().toFixed(0)} min`
           }.`;
 
         if (user) {
@@ -231,13 +257,27 @@ const UserService = {
       default:
         return await createUserAndSession(req, res, User, options);
     }
-  },
-  get: async (req, res, options) => {
-    /** @type {import('./user.model.js').UserModel} */
-    const User = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.User;
-
+  };
+
+  /**
+   * GET - Retrieve user data.
+   * Supports public profile lookup by username, asset retrieval,
+   * email lookup, password recovery flow, email verification,
+   * admin user listing, authentication refresh, and profile retrieval.
+   * @async
+   * @function get
+   * @memberof UserService
+   * @param {Object} req - Express request object.
+   * @param {Object} res - Express response object.
+   * @param {Object} options - Request options containing host and path.
+   * @returns {Promise<Object>} User data with optional session token.
+   * @throws {Error} If user not found, profile is private, or token invalid.
+   */
+  static get = async (req, res, options) => {
     /** @type {import('../file/file.model.js').FileModel} */
-    const File = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.File;
+    const File = DataBaseProviderService.getModel('File', options);
+    /** @type {import('./user.model.js').UserModel} */
+    const User = DataBaseProviderService.getModel('User', options);
 
     if (req.path.startsWith('/u/')) {
       // First lookup user by username
@@ -309,7 +349,7 @@ const UserService = {
         {
           const user = await User.findByIdAndUpdate(_id, { emailConfirmed: true }, { runValidators: true });
         }
-        const userWsId = CoreWsMailerChannel.getUserWsId(`${options.host}${options.path}`, user._id.toString());
+        const userWsId = CoreWsMailerChannel.getUserWsId(resolveHostKeyContext(options), user._id.toString());
         if (userWsId && CoreWsMailerChannel.client[userWsId]) {
           CoreWsEmitter.emit(CoreWsMailerChannel.channel, CoreWsMailerChannel.client[userWsId], {
             status: 'email-confirmed',
@@ -384,10 +424,23 @@ const UserService = {
         }
       }
     }
-  },
-  delete: async (req, res, options) => {
+  };
+
+  /**
+   * DELETE - Remove user accounts or log out sessions.
+   * Supports admin bulk deletion, user self-deletion, and session logout.
+   * @async
+   * @function delete
+   * @memberof UserService
+   * @param {Object} req - Express request object.
+   * @param {Object} res - Express response object.
+   * @param {Object} options - Request options containing host and path.
+   * @returns {Promise<Object>} Deleted user data or logout status message.
+   * @throws {Error} If logout fails, user not found, or token invalid.
+   */
+  static delete = async (req, res, options) => {
     /** @type {import('./user.model.js').UserModel} */
-    const User = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.User;
+    const User = DataBaseProviderService.getModel('User', options);
 
     if (req.params.id === 'logout') {
       const result = await logoutSession(User, req, res);
@@ -417,13 +470,25 @@ const UserService = {
         }
       }
     }
-  },
-  put: async (req, res, options) => {
-    /** @type {import('./user.model.js').UserModel} */
-    const User = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.User;
-
+  };
+
+  /**
+   * PUT - Update user data.
+   * Supports profile image upload, password recovery, and profile field updates.
+   * @async
+   * @function put
+   * @memberof UserService
+   * @param {Object} req - Express request object.
+   * @param {Object} res - Express response object.
+   * @param {Object} options - Request options containing host and path.
+   * @returns {Promise<Object>} Updated user data.
+   * @throws {Error} If user not found, token invalid, or invalid file.
+   */
+  static put = async (req, res, options) => {
     /** @type {import('../file/file.model.js').FileModel} */
-    const File = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.File;
+    const File = DataBaseProviderService.getModel('File', options);
+    /** @type {import('./user.model.js').UserModel} */
+    const User = DataBaseProviderService.getModel('User', options);
 
     // req.path | req.baseUrl
 
@@ -511,7 +576,7 @@ const UserService = {
         }
       }
     }
-  },
-};
+  };
+}
 
-export { UserService };
+export { UserService };

package/src/cli/baremetal.js

@@ -356,7 +356,7 @@ class UnderpostBaremetal {
 
         // Build phase (skip if upload-only mode)
         if (options.packerMaasImageBuild) {
-          if (shellExec('packer version').code !== 0) {
+          if (shellExec('packer version', { silentOnError: true }).code !== 0) {
             throw new Error('Packer is not installed. Please install Packer to proceed.');
           }
 
@@ -424,7 +424,9 @@ rm -rf ${artifacts.join(' ')}`);
         const uploadCmd = `${uploadScript} ${process.env.MAAS_ADMIN_USERNAME} "${workflow.maas.name}" "${workflow.maas.title}" "${workflow.maas.architecture}" "${workflow.maas.base_image}" "${workflow.maas.filetype}" "${tarballPath}"`;
 
         logger.info(`Uploading to MAAS using: ${uploadScript}`);
-        const uploadResult = shellExec(uploadCmd);
+        // silentOnError: caller logs stdout/stderr structure on failure
+        // before throwing its own, more informative error.
+        const uploadResult = shellExec(uploadCmd, { silentOnError: true });
         if (uploadResult.code !== 0) {
           logger.error(`Upload failed with exit code: ${uploadResult.code}`);
           if (uploadResult.stdout) {
@@ -2895,9 +2897,16 @@ EOF`);
           for (const mountPath of mounts[mountCmd]) {
             const hostMountPath = `${process.env.NFS_EXPORT_PATH}/${hostname}${mountPath}`;
             // Check if the path is already mounted using `mountpoint` command.
-            const isPathMounted = !shellExec(`mountpoint ${hostMountPath}`, { silent: true, stdout: true }).match(
-              'not a mountpoint',
-            );
+            // `mountpoint` exits 1 when the path is not a mountpoint — silentOnError
+            // prevents ShellExecError so we can inspect stdout/stderr for the string.
+            const mountpointOut = shellExec(`mountpoint ${hostMountPath}`, {
+              silent: true,
+              stdout: true,
+              silentOnError: true,
+            });
+            const isPathMounted = typeof mountpointOut === 'string' && mountpointOut.length > 0
+              ? !mountpointOut.match('not a mountpoint') && !mountpointOut.match('No such file')
+              : false;
 
             if (isPathMounted) {
               logger.warn('Nfs path already mounted', mountPath);
@@ -3041,10 +3050,10 @@ udp-port = 32766
         // Check both /usr/local/bin (compiled) and system paths
         let qemuAarch64Path = null;
 
-        if (shellExec('test -x /usr/local/bin/qemu-system-aarch64').code === 0) {
+        if (shellExec('test -x /usr/local/bin/qemu-system-aarch64', { silentOnError: true }).code === 0) {
           qemuAarch64Path = '/usr/local/bin/qemu-system-aarch64';
-        } else if (shellExec('which qemu-system-aarch64').code === 0) {
-          qemuAarch64Path = shellExec('which qemu-system-aarch64').stdout.trim();
+        } else if (shellExec('which qemu-system-aarch64', { silentOnError: true }).code === 0) {
+          qemuAarch64Path = shellExec('which qemu-system-aarch64', { stdout: true }).trim();
         }
 
         if (!qemuAarch64Path) {
@@ -3070,10 +3079,10 @@ udp-port = 32766
         // Check both /usr/local/bin (compiled) and system paths
         let qemuX86Path = null;
 
-        if (shellExec('test -x /usr/local/bin/qemu-system-x86_64').code === 0) {
+        if (shellExec('test -x /usr/local/bin/qemu-system-x86_64', { silentOnError: true }).code === 0) {
           qemuX86Path = '/usr/local/bin/qemu-system-x86_64';
-        } else if (shellExec('which qemu-system-x86_64').code === 0) {
-          qemuX86Path = shellExec('which qemu-system-x86_64').stdout.trim();
+        } else if (shellExec('which qemu-system-x86_64', { silentOnError: true }).code === 0) {
+          qemuX86Path = shellExec('which qemu-system-x86_64', { stdout: true }).trim();
         }
 
         if (!qemuX86Path) {