@flusys/nestjs-storage 0.1.0-beta.3 → 1.0.0-rc

package/fesm/providers/local-provider.js

@@ -32,6 +32,29 @@ import { v4 as uuidv4 } from 'uuid';
  * Uses Node.js built-in fs module - no external dependencies
  */ export class LocalProvider {
     /**
+   * SECURITY: Validates that a target path does not escape the base directory
+   * Prevents path traversal attacks using ../ sequences
+   * @throws Error if path traversal is detected
+   */ validatePathWithinBase(targetPath) {
+        const normalizedBasePath = path.resolve(this.basePath);
+        const normalizedTargetPath = path.resolve(targetPath);
+        if (!normalizedTargetPath.startsWith(normalizedBasePath + path.sep) && normalizedTargetPath !== normalizedBasePath) {
+            this.logger.warn(`Path traversal attempt detected: ${targetPath}`);
+            throw new Error('Invalid path: Path traversal attempt detected');
+        }
+    }
+    /**
+   * SECURITY: Validates file key format to prevent malicious input
+   * @throws Error if key contains suspicious patterns
+   */ validateKeyFormat(key) {
+        if (!key || typeof key !== 'string' || key.trim().length === 0) {
+            throw new Error('Invalid file key: empty or invalid');
+        }
+        if (key.includes('\0')) {
+            throw new Error('Invalid file key: contains null bytes');
+        }
+    }
+    /**
    * Initialize Local File System provider with configuration
    * @param config.basePath - Base path for file storage (default: './uploads')
    * @param config.baseUrl - Optional base URL for generating file URLs
@@ -64,7 +87,11 @@ import { v4 as uuidv4 } from 'uuid';
         }
         // Build file path
         const folderPath = options.folderPath ? path.join(this.basePath, options.folderPath) : this.basePath;
+        // SECURITY: Validate path does not escape base directory
+        this.validatePathWithinBase(folderPath);
         const filePath = path.join(folderPath, fileName);
+        // SECURITY: Double-check final file path
+        this.validatePathWithinBase(filePath);
         // Ensure directory exists
         await fs.mkdir(folderPath, {
             recursive: true
@@ -87,14 +114,20 @@ import { v4 as uuidv4 } from 'uuid';
     }
     async deleteFile(key) {
         try {
+            // SECURITY: Validate key format first
+            this.validateKeyFormat(key);
             // Key now includes the basePath, resolve from cwd
             let filePath = path.resolve(key);
+            // SECURITY: Validate resolved path is within base directory
+            this.validatePathWithinBase(filePath);
             // Check if file exists at the resolved path
             try {
                 await fs.access(filePath);
             } catch  {
                 // Fallback: try with basePath prefix (for old keys without basePath)
                 const fallbackPath = path.join(this.basePath, key);
+                // SECURITY: Validate fallback path as well
+                this.validatePathWithinBase(fallbackPath);
                 try {
                     await fs.access(fallbackPath);
                     filePath = fallbackPath;
@@ -107,7 +140,11 @@ import { v4 as uuidv4 } from 'uuid';
             }
             await fs.unlink(filePath);
             this.logger.log(`Deleted file from local storage: ${key}`);
-        } catch (_error) {
+        } catch (error) {
+            // Re-throw security errors
+            if (error instanceof Error && error.message.includes('Invalid')) {
+                throw error;
+            }
             this.logger.warn(`Failed to delete file from local storage: ${key}`);
         }
     }
@@ -138,14 +175,23 @@ import { v4 as uuidv4 } from 'uuid';
    * Get the absolute path for a file key
    * Key now includes basePath, so resolve from cwd
    */ getAbsolutePath(key) {
-        return path.resolve(key);
+        // SECURITY: Validate key format
+        this.validateKeyFormat(key);
+        const filePath = path.resolve(key);
+        // SECURITY: Validate path is within base directory
+        this.validatePathWithinBase(filePath);
+        return filePath;
     }
     /**
    * Check if a file exists
    */ async fileExists(key) {
         try {
+            // SECURITY: Validate key format
+            this.validateKeyFormat(key);
             // Key now includes basePath, resolve from cwd
             const filePath = path.resolve(key);
+            // SECURITY: Validate path is within base directory
+            this.validatePathWithinBase(filePath);
             await fs.access(filePath);
             return true;
         } catch  {
@@ -155,8 +201,12 @@ import { v4 as uuidv4 } from 'uuid';
     /**
    * Get file stats
    */ async getFileStats(key) {
+        // SECURITY: Validate key format
+        this.validateKeyFormat(key);
         // Key now includes basePath, resolve from cwd
         const filePath = path.resolve(key);
+        // SECURITY: Validate path is within base directory
+        this.validatePathWithinBase(filePath);
         const stats = await fs.stat(filePath);
         return {
             size: stats.size,

package/fesm/providers/storage-factory.service.js

@@ -79,8 +79,8 @@ export class StorageFactoryService {
         } catch (error) {
             this.logger.error(`Failed to create provider ${config.provider}:`, error);
             // Preserve original error message for better debugging
-            const originalMessage = error?.message || 'Unknown error';
-            throw new Error(`Failed to initialize storage provider '${config.provider}': ${originalMessage}`);
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            throw new Error(`Failed to initialize storage provider '${config.provider}': ${errorMessage}`);
         }
     }
     /**

package/fesm/services/file-manager.service.js

@@ -25,8 +25,9 @@ function _ts_param(paramIndex, decorator) {
         decorator(target, key, paramIndex);
     };
 }
-import { RequestScopedApiService, HybridCache } from '@flusys/nestjs-shared/classes';
+import { HybridCache, RequestScopedApiService } from '@flusys/nestjs-shared/classes';
 import { UtilsService } from '@flusys/nestjs-shared/modules';
+import { applyCompanyFilter, ErrorHandler } from '@flusys/nestjs-shared/utils';
 import { BadRequestException, Inject, Injectable, NotFoundException, Scope } from '@nestjs/common';
 import { Brackets, In } from 'typeorm';
 import { StorageConfigService } from '../config';
@@ -103,8 +104,9 @@ export class FileManagerService extends RequestScopedApiService {
                 const enableCompanyFeature = this.storageConfig.isCompanyFeatureEnabled();
                 const storageConfigEntity = enableCompanyFeature ? (await import('../entities')).StorageConfigWithCompany : (await import('../entities')).StorageConfig;
                 const storageConfigRepository = await this.dataSourceProvider.getRepository(storageConfigEntity);
+                const storageConfigId = dto.storageConfigId;
                 const whereCondition = {
-                    id: dto.storageConfigId
+                    id: storageConfigId
                 };
                 // Filter by company if company feature is enabled
                 if (enableCompanyFeature && user?.companyId) {
@@ -114,25 +116,30 @@ export class FileManagerService extends RequestScopedApiService {
                     where: whereCondition
                 });
                 if (storageConfig) {
-                    storageLocation = storageConfig.storage;
+                    const typedConfig = storageConfig;
+                    if (typedConfig.storage) {
+                        storageLocation = typedConfig.storage;
+                    }
                 }
             } catch (error) {
-                this.logger.warn(`Failed to get storage location from config: ${error}`);
+                const errorMessage = ErrorHandler.getErrorMessage(error);
+                this.logger.warn(`Failed to get storage location from config ${dto.storageConfigId}: ${errorMessage}`);
             // Fall back to DTO location or default
             }
         }
-        // Set basic fields
-        fileManager = {
+        // Set basic fields - merge existing data with DTO
+        const mergedFileManager = {
             ...fileManager,
             ...dto,
             location: storageLocation,
             folder: validatedFolder
         };
-        // Only set company fields if they exist on the entity (when company feature is enabled)
-        if ('companyId' in fileManager) {
-            fileManager.companyId = user?.companyId ?? null;
+        // Only set company fields if company feature is enabled
+        const enableCompanyFeatureForEntity = this.storageConfig.isCompanyFeatureEnabled();
+        if (enableCompanyFeatureForEntity) {
+            mergedFileManager.companyId = user?.companyId ?? null;
         }
-        return fileManager;
+        return mergedFileManager;
     }
     async getSelectQuery(query, _user, select) {
         if (!select || !select.length) {
@@ -209,7 +216,8 @@ export class FileManagerService extends RequestScopedApiService {
             this.logger.debug(`enrichWithProviderNames: First enriched item: ${JSON.stringify(enrichedItems[0])}`);
             return enrichedItems;
         } catch (error) {
-            this.logger.warn(`Failed to fetch provider names: ${error}`);
+            const errorMessage = ErrorHandler.getErrorMessage(error);
+            this.logger.warn(`Failed to fetch provider names: ${errorMessage}`);
             return items.map((item)=>({
                     ...item,
                     providerName: undefined
@@ -247,13 +255,12 @@ export class FileManagerService extends RequestScopedApiService {
    * Override: Extra query manipulation - Auto-filter by user's company and private file permissions
    */ async getExtraManipulateQuery(query, filterDto, user) {
         const result = await super.getExtraManipulateQuery(query, filterDto, user);
-        // If company feature enabled and user has companyId, filter by user's company
+        // Apply company filter using shared utility
         const enableCompanyFeature = this.storageConfig.isCompanyFeatureEnabled();
-        if (enableCompanyFeature && user?.companyId) {
-            query.andWhere('file_manager.companyId = :companyId', {
-                companyId: user.companyId
-            });
-        }
+        applyCompanyFilter(query, {
+            isCompanyFeatureEnabled: enableCompanyFeature,
+            entityAlias: 'file_manager'
+        }, user);
         // Check if user has permission to see private files
         if (user) {
             const cacheKey = enableCompanyFeature ? `${USER_ACTION_PERMISSION_CACHE_KEY}_${user.id}_${user.companyId}` : `${USER_ACTION_PERMISSION_CACHE_KEY}_${user.id}`;
@@ -316,8 +323,9 @@ export class FileManagerService extends RequestScopedApiService {
                                 'config'
                             ]
                         });
-                        if (config && config.config?.basePath) {
-                            const basePath = config.config.basePath.replace(/^\.\//, '');
+                        const typedConfig = config;
+                        if (typedConfig?.config?.basePath) {
+                            const basePath = typedConfig.config.basePath.replace(/^\.\//, '');
                             // Convert old keys to new format
                             deleteKeys = keys.map((key)=>{
                                 if (!key.includes('/')) {
@@ -327,7 +335,8 @@ export class FileManagerService extends RequestScopedApiService {
                             });
                         }
                     } catch (error) {
-                        this.logger.warn(`Failed to get basePath for delete: ${error}`);
+                        const errorMessage = ErrorHandler.getErrorMessage(error);
+                        this.logger.warn(`Failed to get basePath for delete: ${errorMessage}`);
                     }
                 }
                 await this.uploadService.deleteMultipleFile(deleteKeys, configId === 'default' ? undefined : configId, user ?? undefined, location);
@@ -361,7 +370,8 @@ export class FileManagerService extends RequestScopedApiService {
                     file.expiresAt = now + expiresIn * 1000;
                     shouldUpdate = true;
                 } catch (error) {
-                    this.logger.error(`Failed to generate URL for file ${file.id}: ${error?.message || 'Unknown error'}`);
+                    const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+                    this.logger.error(`Failed to generate URL for file ${file.id}: ${errorMessage}`);
                     // Use fallback URL with appUrl from config
                     const baseUrl = this.getFileBaseUrl(protocol, host);
                     file.url = `${baseUrl}/storage/upload/file/${file.key}`;
@@ -388,13 +398,15 @@ export class FileManagerService extends RequestScopedApiService {
                                 'config'
                             ]
                         });
-                        if (config && config.config?.basePath) {
-                            const basePath = config.config.basePath.replace(/^\.\//, ''); // Remove leading ./
+                        const typedConfig = config;
+                        if (typedConfig?.config?.basePath) {
+                            const basePath = typedConfig.config.basePath.replace(/^\.\//, ''); // Remove leading ./
                             fileKey = `${basePath}/${file.key}`;
                             this.logger.debug(`Prefixed old key with basePath: ${fileKey}`);
                         }
                     } catch (error) {
-                        this.logger.warn(`Failed to get basePath for file ${file.id}: ${error}`);
+                        const errorMessage = ErrorHandler.getErrorMessage(error);
+                        this.logger.warn(`Failed to get basePath for file ${file.id}: ${errorMessage}`);
                     }
                 }
                 const baseUrl = this.getFileBaseUrl(protocol, host);
@@ -419,7 +431,8 @@ export class FileManagerService extends RequestScopedApiService {
             try {
                 await this.repository.save(updatedFiles);
             } catch (error) {
-                this.logger.error(`Failed to save updated file URLs: ${error?.message || 'Unknown error'}`);
+                const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+                this.logger.error(`Failed to save updated file URLs: ${errorMessage}`);
             }
         }
         return responses;

package/fesm/services/folder.service.js

@@ -27,51 +27,27 @@ function _ts_param(paramIndex, decorator) {
 }
 import { RequestScopedApiService, HybridCache } from '@flusys/nestjs-shared/classes';
 import { UtilsService } from '@flusys/nestjs-shared/modules';
-import { Inject, Injectable, NotFoundException, Scope } from '@nestjs/common';
+import { applyCompanyFilter } from '@flusys/nestjs-shared/utils';
+import { Inject, Injectable, Scope } from '@nestjs/common';
 import { StorageConfigService } from '../config';
 import { Folder, FolderWithCompany } from '../entities';
 import { StorageDataSourceProvider } from './storage-datasource.provider';
 export class FolderService extends RequestScopedApiService {
-    /**
-   * Resolve entity class for this service
-   * @returns Folder or FolderWithCompany based on configuration
-   */ resolveEntity() {
-        const enableCompanyFeature = this.storageConfig.isCompanyFeatureEnabled();
-        return enableCompanyFeature ? FolderWithCompany : Folder;
+    resolveEntity() {
+        return this.storageConfig.isCompanyFeatureEnabled() ? FolderWithCompany : Folder;
     }
-    /**
-   * Get DataSource provider for this service
-   * @returns StorageDataSourceProvider instance
-   */ getDataSourceProvider() {
+    getDataSourceProvider() {
         return this.dataSourceProvider;
     }
     async convertSingleDtoToEntity(dto, user) {
-        let folder = {};
-        // NOTE: Using 'id' in dto check instead of instanceof - instanceof may not work after esbuild bundling
-        if ('id' in dto && dto.id && typeof dto.id === 'string') {
-            const dbData = await this.repository.findOne({
-                where: {
-                    id: dto.id
-                }
-            });
-            if (!dbData) {
-                throw new NotFoundException('No such entity data found for update! Please, Try Again.');
-            }
-            folder = dbData;
-        }
-        // Set company/branch IDs if company feature is enabled
-        folder = {
-            ...folder,
-            ...dto
-        };
-        // Only set company fields if they exist on the entity (when company feature is enabled)
-        if ('companyId' in folder) {
-            folder.companyId = user?.companyId ?? null;
+        const entity = await super.convertSingleDtoToEntity(dto, user);
+        if (this.storageConfig.isCompanyFeatureEnabled()) {
+            entity.companyId = user?.companyId ?? null;
         }
-        return folder;
+        return entity;
     }
     async getSelectQuery(query, _user, select) {
-        if (!select || !select.length) {
+        if (!select?.length) {
             select = [
                 'id',
                 'name',
@@ -79,35 +55,25 @@ export class FolderService extends RequestScopedApiService {
                 'createdAt',
                 'deletedAt'
             ];
+            if (this.storageConfig.isCompanyFeatureEnabled()) {
+                select.push('companyId');
+            }
         }
-        const selectFields = select.map((field)=>`${this.entityName}.${field}`);
-        // Add company context fields if company feature is enabled
-        // The entity will have these fields only if company feature is enabled
-        if (this.storageConfig.isCompanyFeatureEnabled()) {
-            selectFields.push('folder.companyId');
-        }
-        query.select(selectFields);
+        query.select(select.map((f)=>`${this.entityName}.${f}`));
         return {
             query,
             isRaw: false
         };
     }
-    /**
-   * Override: Extra query manipulation - Auto-filter by user's company
-   */ async getExtraManipulateQuery(query, filterDto, user) {
+    async getExtraManipulateQuery(query, filterDto, user) {
         const result = await super.getExtraManipulateQuery(query, filterDto, user);
-        // If company feature enabled and user has companyId, filter by user's company
-        const enableCompanyFeature = this.storageConfig.isCompanyFeatureEnabled();
-        if (enableCompanyFeature && user?.companyId) {
-            query.andWhere('folder.companyId = :companyId', {
-                companyId: user.companyId
-            });
-        }
+        applyCompanyFilter(query, {
+            isCompanyFeatureEnabled: this.storageConfig.isCompanyFeatureEnabled(),
+            entityAlias: 'folder'
+        }, user);
         return result;
     }
-    // NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild
     constructor(cacheManager, utilsService, storageConfig, dataSourceProvider){
-        // Repository will be set asynchronously by RequestScopedApiService
         super('folder', null, cacheManager, utilsService, FolderService.name, true), _define_property(this, "cacheManager", void 0), _define_property(this, "utilsService", void 0), _define_property(this, "storageConfig", void 0), _define_property(this, "dataSourceProvider", void 0), this.cacheManager = cacheManager, this.utilsService = utilsService, this.storageConfig = storageConfig, this.dataSourceProvider = dataSourceProvider;
     }
 }

package/fesm/services/storage-datasource.provider.js

@@ -32,10 +32,8 @@ import { Request } from 'express';
 import { StorageModuleOptions } from '../interfaces';
 import { STORAGE_MODULE_OPTIONS } from '../config/storage.constants';
 export class StorageDataSourceProvider extends MultiTenantDataSourceService {
-    // ==================== Factory Methods ====================
-    /**
-   * Build parent options from StorageModuleOptions
-   */ static buildParentOptions(options) {
+    // Factory Methods
+    /** Build parent options from StorageModuleOptions */ static buildParentOptions(options) {
         return {
             bootstrapAppConfig: options.bootstrapAppConfig,
             defaultDatabaseConfig: options.config?.defaultDatabaseConfig,
@@ -43,10 +41,8 @@ export class StorageDataSourceProvider extends MultiTenantDataSourceService {
             tenants: options.config?.tenants
         };
     }
-    // ==================== Feature Flags ====================
-    /**
-   * Get global enable company feature flag
-   */ getEnableCompanyFeature() {
+    // Feature Flags
+    /** Get global enable company feature flag */ getEnableCompanyFeature() {
         return this.storageOptions.bootstrapAppConfig?.enableCompanyFeature ?? false;
     }
     /**
@@ -60,11 +56,11 @@ export class StorageDataSourceProvider extends MultiTenantDataSourceService {
    */ getEnableCompanyFeatureForCurrentTenant() {
         return this.getEnableCompanyFeatureForTenant(this.getCurrentTenant() ?? undefined);
     }
-    // ==================== Entity Management ====================
+    // Entity Management
     /**
-   * Get storage entities for migrations based on company feature flag
-   * Note: For TypeORM repositories, we always use the base entities (FileManager, etc.)
-   * But for migrations, we need the correct entity based on the feature flag
+   * Get storage entities for migrations based on company feature flag.
+   * For TypeORM repositories, we always use the base entities (FileManager, etc.)
+   * but for migrations, we need the correct entity based on the feature flag.
    */ async getStorageEntities(enableCompanyFeature) {
         const enable = enableCompanyFeature ?? this.getEnableCompanyFeature();
         const { FileManager, Folder, StorageConfig } = await import('../entities');
@@ -84,10 +80,8 @@ export class StorageDataSourceProvider extends MultiTenantDataSourceService {
             StorageConfig
         ];
     }
-    // ==================== Overrides ====================
-    /**
-   * Override to dynamically set entities based on tenant config
-   */ async createDataSourceFromConfig(config) {
+    // Overrides
+    /** Override to dynamically set entities based on tenant config */ async createDataSourceFromConfig(config) {
         const currentTenant = this.getCurrentTenant();
         const enableCompanyFeature = this.getEnableCompanyFeatureForTenant(currentTenant ?? undefined);
         const entities = await this.getStorageEntities(enableCompanyFeature);

package/fesm/services/storage-provider-config.service.js

@@ -27,78 +27,57 @@ function _ts_param(paramIndex, decorator) {
 }
 import { RequestScopedApiService, HybridCache } from '@flusys/nestjs-shared/classes';
 import { UtilsService } from '@flusys/nestjs-shared/modules';
+import { applyCompanyFilter, buildCompanyWhereCondition } from '@flusys/nestjs-shared/utils';
 import { Inject, Injectable, Scope } from '@nestjs/common';
 import { StorageConfigService } from '../config';
 import { StorageConfig, StorageConfigWithCompany } from '../entities';
 import { StorageDataSourceProvider } from './storage-datasource.provider';
 export class StorageProviderConfigService extends RequestScopedApiService {
-    /**
-   * Resolve entity class for this service
-   * @returns StorageConfig or StorageConfigWithCompany based on configuration
-   */ resolveEntity() {
-        const enableCompanyFeature = this.storageConfig.isCompanyFeatureEnabled();
-        return enableCompanyFeature ? StorageConfigWithCompany : StorageConfig;
+    resolveEntity() {
+        return this.storageConfig.isCompanyFeatureEnabled() ? StorageConfigWithCompany : StorageConfig;
     }
-    /**
-   * Get DataSource provider for this service
-   * @returns StorageDataSourceProvider instance
-   */ getDataSourceProvider() {
+    getDataSourceProvider() {
         return this.dataSourceProvider;
     }
     async convertSingleDtoToEntity(dto, user) {
-        let storageConfig = {};
-        // Set basic fields
-        storageConfig = {
-            ...storageConfig,
-            ...dto
-        };
-        // Only set company fields if they exist on the entity (when company feature is enabled)
-        if ('companyId' in storageConfig) {
-            storageConfig.companyId = user?.companyId ?? null;
+        const entity = await super.convertSingleDtoToEntity(dto, user);
+        if (this.storageConfig.isCompanyFeatureEnabled()) {
+            entity.companyId = user?.companyId ?? null;
         }
-        return storageConfig;
+        return entity;
     }
     async getSelectQuery(query, _user, select) {
-        if (!select || !select.length) {
+        if (!select?.length) {
             select = [
                 'id',
                 'name',
                 'storage',
                 'config',
+                'isActive',
+                'isDefault',
                 'createdAt',
                 'updatedAt'
             ];
-            // Add company fields if company feature is enabled
             if (this.storageConfig.isCompanyFeatureEnabled()) {
                 select.push('companyId');
             }
         }
-        const selectFields = select.map((field)=>`${this.entityName}.${field}`);
-        query.select(selectFields);
+        query.select(select.map((f)=>`${this.entityName}.${f}`));
         return {
             query,
             isRaw: false
         };
     }
-    /**
-   * Override: Extra query manipulation - Auto-filter by user's company
-   */ async getExtraManipulateQuery(query, filterDto, user) {
+    async getExtraManipulateQuery(query, filterDto, user) {
         const result = await super.getExtraManipulateQuery(query, filterDto, user);
-        // If company feature enabled and user has companyId, filter by user's company
-        const enableCompanyFeature = this.storageConfig.isCompanyFeatureEnabled();
-        if (enableCompanyFeature && user?.companyId) {
-            query.andWhere('storageConfig.companyId = :companyId', {
-                companyId: user.companyId
-            });
-        }
+        applyCompanyFilter(query, {
+            isCompanyFeatureEnabled: this.storageConfig.isCompanyFeatureEnabled(),
+            entityAlias: 'storageConfig'
+        }, user);
         query.orderBy(`${this.entityName}.createdAt`, 'DESC');
         return result;
     }
-    /**
-   * Find storage config by ID without throwing (returns null if not found)
-   * Uses direct repository query - bypasses company filtering
-   * Use for internal operations like file deletion where config ID is already known
-   */ async findByIdDirect(id) {
+    async findByIdDirect(id) {
         await this.ensureRepositoryInitialized();
         return await this.repository.findOne({
             where: {
@@ -106,21 +85,15 @@ export class StorageProviderConfigService extends RequestScopedApiService {
             }
         });
     }
-    /**
-   * Get default storage configuration (scoped to user's company if enabled)
-   * Falls back to any available config if 'default' not found
-   */ async getDefaultConfig(user) {
+    async getDefaultConfig(user) {
         await this.ensureRepositoryInitialized();
-        const baseWhere = {};
-        // Filter by company only if company feature is enabled and user is provided
-        if (this.storageConfig.isCompanyFeatureEnabled() && user?.companyId) {
-            baseWhere.companyId = user.companyId;
-        }
-        // First try to find config named 'default'
+        const baseWhere = buildCompanyWhereCondition({
+            isActive: true
+        }, this.storageConfig.isCompanyFeatureEnabled(), user);
         const defaultConfig = await this.repository.findOne({
             where: {
                 ...baseWhere,
-                name: 'default'
+                isDefault: true
             },
             order: {
                 createdAt: 'ASC'
@@ -129,7 +102,6 @@ export class StorageProviderConfigService extends RequestScopedApiService {
         if (defaultConfig) {
             return defaultConfig;
         }
-        // Fall back to any available config for this company/user
         return await this.repository.findOne({
             where: baseWhere,
             order: {
@@ -137,24 +109,17 @@ export class StorageProviderConfigService extends RequestScopedApiService {
             }
         });
     }
-    /**
-   * Get storage configuration by type (scoped to user's company if enabled)
-   */ async getConfigByType(storage, user) {
+    async getConfigByType(storage, user) {
         await this.ensureRepositoryInitialized();
-        const where = {
-            storage
-        };
-        // Filter by company only if company feature is enabled and user is provided
-        if (this.storageConfig.isCompanyFeatureEnabled() && user?.companyId) {
-            where.companyId = user.companyId;
-        }
+        const where = buildCompanyWhereCondition({
+            storage,
+            isActive: true
+        }, this.storageConfig.isCompanyFeatureEnabled(), user);
         return await this.repository.find({
             where
         });
     }
-    // NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild
     constructor(cacheManager, utilsService, storageConfig, dataSourceProvider){
-        // Repository will be set asynchronously by RequestScopedApiService
         super('storageConfig', null, cacheManager, utilsService, StorageProviderConfigService.name, true), _define_property(this, "cacheManager", void 0), _define_property(this, "utilsService", void 0), _define_property(this, "storageConfig", void 0), _define_property(this, "dataSourceProvider", void 0), this.cacheManager = cacheManager, this.utilsService = utilsService, this.storageConfig = storageConfig, this.dataSourceProvider = dataSourceProvider;
     }
 }