@flusys/nestjs-storage 1.0.0-beta → 1.0.0-rc

package/cjs/middlewares/file-serve.middleware.js

@@ -76,6 +76,11 @@ function _ts_decorate(decorators, target, key, desc) {
 function _ts_metadata(k, v) {
     if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 }
+function _ts_param(paramIndex, decorator) {
+    return function(target, key) {
+        decorator(target, key, paramIndex);
+    };
+}
 let FileServeMiddleware = class FileServeMiddleware {
     async use(req, res, next) {
         try {
@@ -197,6 +202,7 @@ let FileServeMiddleware = class FileServeMiddleware {
 };
 FileServeMiddleware = _ts_decorate([
     (0, _common.Injectable)(),
+    _ts_param(0, (0, _common.Inject)(_uploadservice.UploadService)),
     _ts_metadata("design:type", Function),
     _ts_metadata("design:paramtypes", [
         typeof _uploadservice.UploadService === "undefined" ? Object : _uploadservice.UploadService

package/cjs/providers/local-provider.js

@@ -80,6 +80,29 @@ function _interop_require_wildcard(obj, nodeInterop) {
 }
 let LocalProvider = class LocalProvider {
     /**
+   * SECURITY: Validates that a target path does not escape the base directory
+   * Prevents path traversal attacks using ../ sequences
+   * @throws Error if path traversal is detected
+   */ validatePathWithinBase(targetPath) {
+        const normalizedBasePath = _path.resolve(this.basePath);
+        const normalizedTargetPath = _path.resolve(targetPath);
+        if (!normalizedTargetPath.startsWith(normalizedBasePath + _path.sep) && normalizedTargetPath !== normalizedBasePath) {
+            this.logger.warn(`Path traversal attempt detected: ${targetPath}`);
+            throw new Error('Invalid path: Path traversal attempt detected');
+        }
+    }
+    /**
+   * SECURITY: Validates file key format to prevent malicious input
+   * @throws Error if key contains suspicious patterns
+   */ validateKeyFormat(key) {
+        if (!key || typeof key !== 'string' || key.trim().length === 0) {
+            throw new Error('Invalid file key: empty or invalid');
+        }
+        if (key.includes('\0')) {
+            throw new Error('Invalid file key: contains null bytes');
+        }
+    }
+    /**
    * Initialize Local File System provider with configuration
    * @param config.basePath - Base path for file storage (default: './uploads')
    * @param config.baseUrl - Optional base URL for generating file URLs
@@ -112,7 +135,11 @@ let LocalProvider = class LocalProvider {
         }
         // Build file path
         const folderPath = options.folderPath ? _path.join(this.basePath, options.folderPath) : this.basePath;
+        // SECURITY: Validate path does not escape base directory
+        this.validatePathWithinBase(folderPath);
         const filePath = _path.join(folderPath, fileName);
+        // SECURITY: Double-check final file path
+        this.validatePathWithinBase(filePath);
         // Ensure directory exists
         await _promises.mkdir(folderPath, {
             recursive: true
@@ -135,14 +162,20 @@ let LocalProvider = class LocalProvider {
     }
     async deleteFile(key) {
         try {
+            // SECURITY: Validate key format first
+            this.validateKeyFormat(key);
             // Key now includes the basePath, resolve from cwd
             let filePath = _path.resolve(key);
+            // SECURITY: Validate resolved path is within base directory
+            this.validatePathWithinBase(filePath);
             // Check if file exists at the resolved path
             try {
                 await _promises.access(filePath);
             } catch  {
                 // Fallback: try with basePath prefix (for old keys without basePath)
                 const fallbackPath = _path.join(this.basePath, key);
+                // SECURITY: Validate fallback path as well
+                this.validatePathWithinBase(fallbackPath);
                 try {
                     await _promises.access(fallbackPath);
                     filePath = fallbackPath;
@@ -155,7 +188,11 @@ let LocalProvider = class LocalProvider {
             }
             await _promises.unlink(filePath);
             this.logger.log(`Deleted file from local storage: ${key}`);
-        } catch (_error) {
+        } catch (error) {
+            // Re-throw security errors
+            if (error instanceof Error && error.message.includes('Invalid')) {
+                throw error;
+            }
             this.logger.warn(`Failed to delete file from local storage: ${key}`);
         }
     }
@@ -186,14 +223,23 @@ let LocalProvider = class LocalProvider {
    * Get the absolute path for a file key
    * Key now includes basePath, so resolve from cwd
    */ getAbsolutePath(key) {
-        return _path.resolve(key);
+        // SECURITY: Validate key format
+        this.validateKeyFormat(key);
+        const filePath = _path.resolve(key);
+        // SECURITY: Validate path is within base directory
+        this.validatePathWithinBase(filePath);
+        return filePath;
     }
     /**
    * Check if a file exists
    */ async fileExists(key) {
         try {
+            // SECURITY: Validate key format
+            this.validateKeyFormat(key);
             // Key now includes basePath, resolve from cwd
             const filePath = _path.resolve(key);
+            // SECURITY: Validate path is within base directory
+            this.validatePathWithinBase(filePath);
             await _promises.access(filePath);
             return true;
         } catch  {
@@ -203,8 +249,12 @@ let LocalProvider = class LocalProvider {
     /**
    * Get file stats
    */ async getFileStats(key) {
+        // SECURITY: Validate key format
+        this.validateKeyFormat(key);
         // Key now includes basePath, resolve from cwd
         const filePath = _path.resolve(key);
+        // SECURITY: Validate path is within base directory
+        this.validatePathWithinBase(filePath);
         const stats = await _promises.stat(filePath);
         return {
             size: stats.size,

package/cjs/providers/storage-factory.service.js

@@ -130,8 +130,8 @@ let StorageFactoryService = class StorageFactoryService {
         } catch (error) {
             this.logger.error(`Failed to create provider ${config.provider}:`, error);
             // Preserve original error message for better debugging
-            const originalMessage = error?.message || 'Unknown error';
-            throw new Error(`Failed to initialize storage provider '${config.provider}': ${originalMessage}`);
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            throw new Error(`Failed to initialize storage provider '${config.provider}': ${errorMessage}`);
         }
     }
     /**

package/cjs/services/file-manager.service.js

@@ -10,6 +10,7 @@ Object.defineProperty(exports, "FileManagerService", {
 });
 const _classes = require("@flusys/nestjs-shared/classes");
 const _modules = require("@flusys/nestjs-shared/modules");
+const _utils = require("@flusys/nestjs-shared/utils");
 const _common = require("@nestjs/common");
 const _typeorm = require("typeorm");
 const _config = require("../config");
@@ -154,8 +155,9 @@ let FileManagerService = class FileManagerService extends _classes.RequestScoped
                 const enableCompanyFeature = this.storageConfig.isCompanyFeatureEnabled();
                 const storageConfigEntity = enableCompanyFeature ? (await Promise.resolve().then(()=>/*#__PURE__*/ _interop_require_wildcard(require("../entities")))).StorageConfigWithCompany : (await Promise.resolve().then(()=>/*#__PURE__*/ _interop_require_wildcard(require("../entities")))).StorageConfig;
                 const storageConfigRepository = await this.dataSourceProvider.getRepository(storageConfigEntity);
+                const storageConfigId = dto.storageConfigId;
                 const whereCondition = {
-                    id: dto.storageConfigId
+                    id: storageConfigId
                 };
                 // Filter by company if company feature is enabled
                 if (enableCompanyFeature && user?.companyId) {
@@ -165,25 +167,30 @@ let FileManagerService = class FileManagerService extends _classes.RequestScoped
                     where: whereCondition
                 });
                 if (storageConfig) {
-                    storageLocation = storageConfig.storage;
+                    const typedConfig = storageConfig;
+                    if (typedConfig.storage) {
+                        storageLocation = typedConfig.storage;
+                    }
                 }
             } catch (error) {
-                this.logger.warn(`Failed to get storage location from config: ${error}`);
+                const errorMessage = _utils.ErrorHandler.getErrorMessage(error);
+                this.logger.warn(`Failed to get storage location from config ${dto.storageConfigId}: ${errorMessage}`);
             // Fall back to DTO location or default
             }
         }
-        // Set basic fields
-        fileManager = {
+        // Set basic fields - merge existing data with DTO
+        const mergedFileManager = {
             ...fileManager,
             ...dto,
             location: storageLocation,
             folder: validatedFolder
         };
-        // Only set company fields if they exist on the entity (when company feature is enabled)
-        if ('companyId' in fileManager) {
-            fileManager.companyId = user?.companyId ?? null;
+        // Only set company fields if company feature is enabled
+        const enableCompanyFeatureForEntity = this.storageConfig.isCompanyFeatureEnabled();
+        if (enableCompanyFeatureForEntity) {
+            mergedFileManager.companyId = user?.companyId ?? null;
         }
-        return fileManager;
+        return mergedFileManager;
     }
     async getSelectQuery(query, _user, select) {
         if (!select || !select.length) {
@@ -260,7 +267,8 @@ let FileManagerService = class FileManagerService extends _classes.RequestScoped
             this.logger.debug(`enrichWithProviderNames: First enriched item: ${JSON.stringify(enrichedItems[0])}`);
             return enrichedItems;
         } catch (error) {
-            this.logger.warn(`Failed to fetch provider names: ${error}`);
+            const errorMessage = _utils.ErrorHandler.getErrorMessage(error);
+            this.logger.warn(`Failed to fetch provider names: ${errorMessage}`);
             return items.map((item)=>({
                     ...item,
                     providerName: undefined
@@ -298,13 +306,12 @@ let FileManagerService = class FileManagerService extends _classes.RequestScoped
    * Override: Extra query manipulation - Auto-filter by user's company and private file permissions
    */ async getExtraManipulateQuery(query, filterDto, user) {
         const result = await super.getExtraManipulateQuery(query, filterDto, user);
-        // If company feature enabled and user has companyId, filter by user's company
+        // Apply company filter using shared utility
         const enableCompanyFeature = this.storageConfig.isCompanyFeatureEnabled();
-        if (enableCompanyFeature && user?.companyId) {
-            query.andWhere('file_manager.companyId = :companyId', {
-                companyId: user.companyId
-            });
-        }
+        (0, _utils.applyCompanyFilter)(query, {
+            isCompanyFeatureEnabled: enableCompanyFeature,
+            entityAlias: 'file_manager'
+        }, user);
         // Check if user has permission to see private files
         if (user) {
             const cacheKey = enableCompanyFeature ? `${USER_ACTION_PERMISSION_CACHE_KEY}_${user.id}_${user.companyId}` : `${USER_ACTION_PERMISSION_CACHE_KEY}_${user.id}`;
@@ -367,8 +374,9 @@ let FileManagerService = class FileManagerService extends _classes.RequestScoped
                                 'config'
                             ]
                         });
-                        if (config && config.config?.basePath) {
-                            const basePath = config.config.basePath.replace(/^\.\//, '');
+                        const typedConfig = config;
+                        if (typedConfig?.config?.basePath) {
+                            const basePath = typedConfig.config.basePath.replace(/^\.\//, '');
                             // Convert old keys to new format
                             deleteKeys = keys.map((key)=>{
                                 if (!key.includes('/')) {
@@ -378,7 +386,8 @@ let FileManagerService = class FileManagerService extends _classes.RequestScoped
                             });
                         }
                     } catch (error) {
-                        this.logger.warn(`Failed to get basePath for delete: ${error}`);
+                        const errorMessage = _utils.ErrorHandler.getErrorMessage(error);
+                        this.logger.warn(`Failed to get basePath for delete: ${errorMessage}`);
                     }
                 }
                 await this.uploadService.deleteMultipleFile(deleteKeys, configId === 'default' ? undefined : configId, user ?? undefined, location);
@@ -412,7 +421,8 @@ let FileManagerService = class FileManagerService extends _classes.RequestScoped
                     file.expiresAt = now + expiresIn * 1000;
                     shouldUpdate = true;
                 } catch (error) {
-                    this.logger.error(`Failed to generate URL for file ${file.id}: ${error?.message || 'Unknown error'}`);
+                    const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+                    this.logger.error(`Failed to generate URL for file ${file.id}: ${errorMessage}`);
                     // Use fallback URL with appUrl from config
                     const baseUrl = this.getFileBaseUrl(protocol, host);
                     file.url = `${baseUrl}/storage/upload/file/${file.key}`;
@@ -439,13 +449,15 @@ let FileManagerService = class FileManagerService extends _classes.RequestScoped
                                 'config'
                             ]
                         });
-                        if (config && config.config?.basePath) {
-                            const basePath = config.config.basePath.replace(/^\.\//, ''); // Remove leading ./
+                        const typedConfig = config;
+                        if (typedConfig?.config?.basePath) {
+                            const basePath = typedConfig.config.basePath.replace(/^\.\//, ''); // Remove leading ./
                             fileKey = `${basePath}/${file.key}`;
                             this.logger.debug(`Prefixed old key with basePath: ${fileKey}`);
                         }
                     } catch (error) {
-                        this.logger.warn(`Failed to get basePath for file ${file.id}: ${error}`);
+                        const errorMessage = _utils.ErrorHandler.getErrorMessage(error);
+                        this.logger.warn(`Failed to get basePath for file ${file.id}: ${errorMessage}`);
                     }
                 }
                 const baseUrl = this.getFileBaseUrl(protocol, host);
@@ -470,7 +482,8 @@ let FileManagerService = class FileManagerService extends _classes.RequestScoped
             try {
                 await this.repository.save(updatedFiles);
             } catch (error) {
-                this.logger.error(`Failed to save updated file URLs: ${error?.message || 'Unknown error'}`);
+                const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+                this.logger.error(`Failed to save updated file URLs: ${errorMessage}`);
             }
         }
         return responses;

package/cjs/services/folder.service.js

@@ -10,6 +10,7 @@ Object.defineProperty(exports, "FolderService", {
 });
 const _classes = require("@flusys/nestjs-shared/classes");
 const _modules = require("@flusys/nestjs-shared/modules");
+const _utils = require("@flusys/nestjs-shared/utils");
 const _common = require("@nestjs/common");
 const _config = require("../config");
 const _entities = require("../entities");
@@ -48,16 +49,13 @@ let FolderService = class FolderService extends _classes.RequestScopedApiService
     getDataSourceProvider() {
         return this.dataSourceProvider;
     }
-    // Entity Conversion
     async convertSingleDtoToEntity(dto, user) {
         const entity = await super.convertSingleDtoToEntity(dto, user);
-        // Set companyId from user context if company feature enabled
         if (this.storageConfig.isCompanyFeatureEnabled()) {
             entity.companyId = user?.companyId ?? null;
         }
         return entity;
     }
-    // Query Customization
     async getSelectQuery(query, _user, select) {
         if (!select?.length) {
             select = [
@@ -79,11 +77,10 @@ let FolderService = class FolderService extends _classes.RequestScopedApiService
     }
     async getExtraManipulateQuery(query, filterDto, user) {
         const result = await super.getExtraManipulateQuery(query, filterDto, user);
-        if (this.storageConfig.isCompanyFeatureEnabled() && user?.companyId) {
-            query.andWhere('folder.companyId = :companyId', {
-                companyId: user.companyId
-            });
-        }
+        (0, _utils.applyCompanyFilter)(query, {
+            isCompanyFeatureEnabled: this.storageConfig.isCompanyFeatureEnabled(),
+            entityAlias: 'folder'
+        }, user);
         return result;
     }
     constructor(cacheManager, utilsService, storageConfig, dataSourceProvider){

package/cjs/services/storage-provider-config.service.js

@@ -10,6 +10,7 @@ Object.defineProperty(exports, "StorageProviderConfigService", {
 });
 const _classes = require("@flusys/nestjs-shared/classes");
 const _modules = require("@flusys/nestjs-shared/modules");
+const _utils = require("@flusys/nestjs-shared/utils");
 const _common = require("@nestjs/common");
 const _config = require("../config");
 const _entities = require("../entities");
@@ -48,16 +49,13 @@ let StorageProviderConfigService = class StorageProviderConfigService extends _c
     getDataSourceProvider() {
         return this.dataSourceProvider;
     }
-    // Entity Conversion
     async convertSingleDtoToEntity(dto, user) {
         const entity = await super.convertSingleDtoToEntity(dto, user);
-        // Set companyId from user context if company feature enabled
         if (this.storageConfig.isCompanyFeatureEnabled()) {
             entity.companyId = user?.companyId ?? null;
         }
         return entity;
     }
-    // Query Customization
     async getSelectQuery(query, _user, select) {
         if (!select?.length) {
             select = [
@@ -65,6 +63,8 @@ let StorageProviderConfigService = class StorageProviderConfigService extends _c
                 'name',
                 'storage',
                 'config',
+                'isActive',
+                'isDefault',
                 'createdAt',
                 'updatedAt'
             ];
@@ -80,19 +80,14 @@ let StorageProviderConfigService = class StorageProviderConfigService extends _c
     }
     async getExtraManipulateQuery(query, filterDto, user) {
         const result = await super.getExtraManipulateQuery(query, filterDto, user);
-        if (this.storageConfig.isCompanyFeatureEnabled() && user?.companyId) {
-            query.andWhere('storageConfig.companyId = :companyId', {
-                companyId: user.companyId
-            });
-        }
+        (0, _utils.applyCompanyFilter)(query, {
+            isCompanyFeatureEnabled: this.storageConfig.isCompanyFeatureEnabled(),
+            entityAlias: 'storageConfig'
+        }, user);
         query.orderBy(`${this.entityName}.createdAt`, 'DESC');
         return result;
     }
-    /**
-   * Find storage config by ID without throwing (returns null if not found)
-   * Uses direct repository query - bypasses company filtering
-   * Use for internal operations like file deletion where config ID is already known
-   */ async findByIdDirect(id) {
+    async findByIdDirect(id) {
         await this.ensureRepositoryInitialized();
         return await this.repository.findOne({
             where: {
@@ -100,21 +95,15 @@ let StorageProviderConfigService = class StorageProviderConfigService extends _c
             }
         });
     }
-    /**
-   * Get default storage configuration (scoped to user's company if enabled)
-   * Falls back to any available config if 'default' not found
-   */ async getDefaultConfig(user) {
+    async getDefaultConfig(user) {
         await this.ensureRepositoryInitialized();
-        const baseWhere = {};
-        // Filter by company only if company feature is enabled and user is provided
-        if (this.storageConfig.isCompanyFeatureEnabled() && user?.companyId) {
-            baseWhere.companyId = user.companyId;
-        }
-        // First try to find config named 'default'
+        const baseWhere = (0, _utils.buildCompanyWhereCondition)({
+            isActive: true
+        }, this.storageConfig.isCompanyFeatureEnabled(), user);
         const defaultConfig = await this.repository.findOne({
             where: {
                 ...baseWhere,
-                name: 'default'
+                isDefault: true
             },
             order: {
                 createdAt: 'ASC'
@@ -123,7 +112,6 @@ let StorageProviderConfigService = class StorageProviderConfigService extends _c
         if (defaultConfig) {
             return defaultConfig;
         }
-        // Fall back to any available config for this company/user
         return await this.repository.findOne({
             where: baseWhere,
             order: {
@@ -131,17 +119,12 @@ let StorageProviderConfigService = class StorageProviderConfigService extends _c
             }
         });
     }
-    /**
-   * Get storage configuration by type (scoped to user's company if enabled)
-   */ async getConfigByType(storage, user) {
+    async getConfigByType(storage, user) {
         await this.ensureRepositoryInitialized();
-        const where = {
-            storage
-        };
-        // Filter by company only if company feature is enabled and user is provided
-        if (this.storageConfig.isCompanyFeatureEnabled() && user?.companyId) {
-            where.companyId = user.companyId;
-        }
+        const where = (0, _utils.buildCompanyWhereCondition)({
+            storage,
+            isActive: true
+        }, this.storageConfig.isCompanyFeatureEnabled(), user);
         return await this.repository.find({
             where
         });

package/cjs/services/upload.service.js

@@ -8,11 +8,13 @@ Object.defineProperty(exports, "UploadService", {
         return UploadService;
     }
 });
+const _utils = require("@flusys/nestjs-shared/utils");
 const _common = require("@nestjs/common");
 const _config = require("../config");
 const _filelocationenum = require("../enums/file-location.enum");
 const _storagefactoryservice = require("../providers/storage-factory.service");
 const _storageproviderconfigservice = require("./storage-provider-config.service");
+const _filevalidatorutil = require("../utils/file-validator.util");
 function _define_property(obj, key, value) {
     if (key in obj) {
         Object.defineProperty(obj, key, {
@@ -42,18 +44,32 @@ function _ts_param(paramIndex, decorator) {
 }
 let UploadService = class UploadService {
     /**
-   * Validate file before upload
+   * Validate file before upload - includes size, type, and content validation.
+   * Uses magic bytes to verify file content matches declared MIME type.
    */ validateFile(file) {
         // Validate file size
         const sizeValidation = this.storageConfigService.validateFileSize(file.size);
         if (!sizeValidation.valid) {
             throw new _common.BadRequestException(sizeValidation.message);
         }
-        // Validate file type
+        // Validate declared file type (MIME)
         const typeValidation = this.storageConfigService.validateFileType(file.mimetype);
         if (!typeValidation.valid) {
             throw new _common.BadRequestException(typeValidation.message);
         }
+        // Validate file content matches declared type (magic bytes check)
+        // This prevents MIME type spoofing attacks
+        const allowedTypes = this.storageConfigService.getAllowedFileTypes();
+        const contentValidation = _filevalidatorutil.FileValidator.validateFileContent(file.buffer, file.mimetype, allowedTypes);
+        if (!contentValidation.valid) {
+            this.logger.warn(`File content validation failed: ${contentValidation.message}`, {
+                declaredType: file.mimetype,
+                detectedType: contentValidation.detectedType
+            });
+            throw new _common.BadRequestException(contentValidation.message || 'File content validation failed');
+        }
+        // Sanitize filename to prevent path traversal attacks
+        file.originalname = _filevalidatorutil.FileValidator.sanitizeFilename(file.originalname);
     }
     /**
    * Get storage provider and config info based on storage config ID
@@ -67,13 +83,8 @@ let UploadService = class UploadService {
             if (!config) {
                 throw new _common.NotFoundException('Storage configuration not found');
             }
-            // Validate company ownership if company feature enabled
-            if (this.storageConfigService.isCompanyFeatureEnabled() && user?.companyId) {
-                const configWithCompany = config;
-                if (configWithCompany.companyId && configWithCompany.companyId !== user.companyId) {
-                    throw new _common.BadRequestException('Storage configuration belongs to another company');
-                }
-            }
+            // Validate company ownership using shared utility
+            (0, _utils.validateCompanyOwnership)(config, user, this.storageConfigService.isCompanyFeatureEnabled(), 'Storage configuration');
             storageConfig = config;
         } else {
             // Use default config (scoped to user's company/branch)
@@ -178,9 +189,9 @@ let UploadService = class UploadService {
                 location,
                 storageConfigId: configId
             };
-        } catch (err) {
-            this.logger.error('Single file upload failed', err);
-            throw new _common.InternalServerErrorException(err?.message || 'Single file upload failed');
+        } catch (error) {
+            _utils.ErrorHandler.logError(this.logger, error, 'uploadSingleFile');
+            _utils.ErrorHandler.rethrowError(error);
         }
     }
     async uploadMultipleFiles(files, options, user) {
@@ -197,31 +208,31 @@ let UploadService = class UploadService {
                     location,
                     storageConfigId: configId
                 }));
-        } catch (err) {
-            this.logger.error('Multiple files upload failed', err);
-            throw new _common.InternalServerErrorException(err?.message || 'Multiple files upload failed');
+        } catch (error) {
+            _utils.ErrorHandler.logError(this.logger, error, 'uploadMultipleFiles');
+            _utils.ErrorHandler.rethrowError(error);
         }
     }
     async deleteSingleFile(key, storageConfigId, user, locationHint) {
         try {
-            if (!key) throw new Error('No file path provided');
+            if (!key) throw new _common.BadRequestException('No file path provided');
             const provider = await this.getStorageProviderForDelete(storageConfigId, user, locationHint);
             await provider.deleteFile(key);
             return true;
-        } catch (err) {
-            this.logger.error('Delete single file failed', err);
-            throw new _common.InternalServerErrorException(err?.message || 'Delete single file failed');
+        } catch (error) {
+            _utils.ErrorHandler.logError(this.logger, error, 'deleteSingleFile');
+            _utils.ErrorHandler.rethrowError(error);
         }
     }
     async deleteMultipleFile(keys, storageConfigId, user, locationHint) {
         try {
-            if (!keys || !keys.length) throw new Error('No file paths provided');
+            if (!keys || !keys.length) throw new _common.BadRequestException('No file paths provided');
             const provider = await this.getStorageProviderForDelete(storageConfigId, user, locationHint);
             await provider.deleteMultipleFiles(keys);
             return true;
-        } catch (err) {
-            this.logger.error('Delete multiple files failed', err);
-            throw new _common.InternalServerErrorException(err?.message || 'Delete multiple files failed');
+        } catch (error) {
+            _utils.ErrorHandler.logError(this.logger, error, 'deleteMultipleFiles');
+            _utils.ErrorHandler.rethrowError(error);
         }
     }
     bytesToKb(bytes) {
@@ -251,7 +262,8 @@ let UploadService = class UploadService {
             }
             return null;
         } catch (error) {
-            this.logger.warn(`Failed to get local storage basePath: ${error.message}`);
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            this.logger.warn(`Failed to get local storage basePath: ${errorMessage}`);
             return null;
         }
     }
@@ -268,9 +280,9 @@ let UploadService = class UploadService {
             }
             // For SFTP or other providers without presigned URLs
             return key;
-        } catch (err) {
-            this.logger.error('Generate file URL failed', err);
-            throw new _common.InternalServerErrorException(err?.message || 'Generate file URL failed');
+        } catch (error) {
+            _utils.ErrorHandler.logError(this.logger, error, 'makeFileUrl');
+            _utils.ErrorHandler.rethrowError(error);
         }
     }
     // NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild