npm - @flusys/nestjs-storage - Versions diffs - 1.0.0-beta → 1.0.0 - Mend

@flusys/nestjs-storage 1.0.0-beta → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (118) hide show

package/README.md +174 -13
package/cjs/config/index.js +0 -1
package/cjs/config/storage.constants.js +0 -17
package/cjs/controllers/file-manager.controller.js +44 -1
package/cjs/controllers/folder.controller.js +44 -1
package/cjs/controllers/storage-config.controller.js +44 -1
package/cjs/controllers/upload.controller.js +18 -29
package/cjs/docs/storage-swagger.config.js +24 -136
package/cjs/dtos/file-manager.dto.js +71 -35
package/cjs/dtos/folder.dto.js +15 -9
package/cjs/dtos/storage-config.dto.js +25 -66
package/cjs/dtos/upload.dto.js +24 -17
package/cjs/entities/file-manager-with-company.entity.js +3 -4
package/cjs/entities/file-manager.entity.js +71 -3
package/cjs/entities/folder-with-company.entity.js +3 -4
package/cjs/entities/folder.entity.js +19 -3
package/cjs/entities/index.js +9 -10
package/cjs/entities/storage-config-with-company.entity.js +3 -4
package/cjs/entities/storage-config.entity.js +73 -3
package/cjs/interfaces/index.js +0 -1
package/cjs/middlewares/file-serve.middleware.js +113 -100
package/cjs/modules/storage.module.js +82 -136
package/cjs/providers/azure-provider.optional.js +10 -38
package/cjs/providers/local-provider.js +38 -31
package/cjs/providers/s3-provider.optional.js +19 -40
package/cjs/providers/storage-factory.service.js +54 -99
package/cjs/providers/storage-provider.registry.js +8 -18
package/cjs/services/file-manager.service.js +238 -323
package/cjs/services/folder.service.js +8 -11
package/cjs/services/index.js +1 -0
package/cjs/{config → services}/storage-config.service.js +32 -76
package/cjs/services/storage-datasource.provider.js +16 -26
package/cjs/services/storage-provider-config.service.js +21 -38
package/cjs/services/upload.service.js +72 -88
package/cjs/utils/file-validator.util.js +458 -0
package/cjs/utils/image-compressor.util.js +3 -8
package/config/index.d.ts +0 -1
package/config/storage.constants.d.ts +0 -8
package/controllers/upload.controller.d.ts +3 -6
package/dtos/file-manager.dto.d.ts +13 -7
package/dtos/folder.dto.d.ts +5 -5
package/dtos/storage-config.dto.d.ts +13 -14
package/entities/file-manager-with-company.entity.d.ts +2 -2
package/entities/file-manager.entity.d.ts +11 -2
package/entities/folder-with-company.entity.d.ts +2 -2
package/entities/folder.entity.d.ts +4 -2
package/entities/index.d.ts +3 -4
package/entities/storage-config-with-company.entity.d.ts +2 -2
package/entities/storage-config.entity.d.ts +7 -2
package/fesm/config/index.js +0 -1
package/fesm/config/storage.constants.js +0 -8
package/fesm/controllers/file-manager.controller.js +45 -2
package/fesm/controllers/folder.controller.js +45 -2
package/fesm/controllers/storage-config.controller.js +45 -2
package/fesm/controllers/upload.controller.js +19 -30
package/fesm/docs/storage-swagger.config.js +27 -142
package/fesm/dtos/file-manager.dto.js +72 -36
package/fesm/dtos/folder.dto.js +16 -10
package/fesm/dtos/storage-config.dto.js +29 -76
package/fesm/dtos/upload.dto.js +25 -19
package/fesm/entities/file-manager-with-company.entity.js +3 -4
package/fesm/entities/file-manager.entity.js +72 -4
package/fesm/entities/folder-with-company.entity.js +3 -4
package/fesm/entities/folder.entity.js +20 -4
package/fesm/entities/index.js +5 -13
package/fesm/entities/storage-config-with-company.entity.js +3 -4
package/fesm/entities/storage-config.entity.js +74 -4
package/fesm/interfaces/index.js +0 -1
package/fesm/interfaces/storage-config.interface.js +1 -3
package/fesm/middlewares/file-serve.middleware.js +114 -101
package/fesm/modules/storage.module.js +83 -136
package/fesm/providers/azure-provider.optional.js +11 -42
package/fesm/providers/local-provider.js +38 -31
package/fesm/providers/s3-provider.optional.js +20 -44
package/fesm/providers/storage-factory.service.js +52 -97
package/fesm/providers/storage-provider.registry.js +10 -20
package/fesm/services/file-manager.service.js +237 -322
package/fesm/services/folder.service.js +6 -9
package/fesm/services/index.js +1 -0
package/fesm/{config → services}/storage-config.service.js +32 -76
package/fesm/services/storage-datasource.provider.js +16 -26
package/fesm/services/storage-provider-config.service.js +19 -36
package/fesm/services/upload.service.js +71 -87
package/fesm/utils/file-validator.util.js +451 -0
package/fesm/utils/image-compressor.util.js +3 -8
package/interfaces/file-manager.interface.d.ts +7 -4
package/interfaces/index.d.ts +0 -1
package/interfaces/storage-config.interface.d.ts +3 -22
package/interfaces/storage-module-options.interface.d.ts +0 -5
package/middlewares/file-serve.middleware.d.ts +9 -1
package/modules/storage.module.d.ts +1 -2
package/package.json +6 -6
package/providers/azure-provider.optional.d.ts +8 -6
package/providers/local-provider.d.ts +2 -7
package/providers/s3-provider.optional.d.ts +9 -7
package/providers/storage-factory.service.d.ts +8 -9
package/providers/storage-provider.registry.d.ts +4 -4
package/services/file-manager.service.d.ts +23 -16
package/services/folder.service.d.ts +4 -4
package/services/index.d.ts +1 -0
package/services/storage-config.service.d.ts +24 -0
package/services/storage-datasource.provider.d.ts +3 -4
package/services/storage-provider-config.service.d.ts +5 -6
package/services/upload.service.d.ts +5 -5
package/utils/file-validator.util.d.ts +19 -0
package/cjs/entities/file-manager-base.entity.js +0 -115
package/cjs/entities/folder-base.entity.js +0 -55
package/cjs/entities/storage-config-base.entity.js +0 -64
package/cjs/interfaces/file-upload-response.interface.js +0 -4
package/config/storage-config.service.d.ts +0 -22
package/entities/file-manager-base.entity.d.ts +0 -13
package/entities/folder-base.entity.d.ts +0 -5
package/entities/storage-config-base.entity.d.ts +0 -7
package/fesm/entities/file-manager-base.entity.js +0 -108
package/fesm/entities/folder-base.entity.js +0 -48
package/fesm/entities/storage-config-base.entity.js +0 -57
package/fesm/interfaces/file-upload-response.interface.js +0 -1
package/interfaces/file-upload-response.interface.d.ts +0 -6

package/fesm/services/upload.service.js CHANGED Viewed

@@ -25,25 +25,60 @@ function _ts_param(paramIndex, decorator) {
         decorator(target, key, paramIndex);
     };
 }
-import { BadRequestException, Inject, Injectable, InternalServerErrorException, Logger, NotFoundException, Scope } from '@nestjs/common';
-import { StorageConfigService } from '../config';
+import { ErrorHandler, validateCompanyOwnership } from '@flusys/nestjs-shared/utils';
+import { BadRequestException, Inject, Injectable, Logger, NotFoundException, Scope } from '@nestjs/common';
+import { StorageConfigService } from './storage-config.service';
 import { FileLocationEnum } from '../enums/file-location.enum';
 import { StorageFactoryService } from '../providers/storage-factory.service';
 import { StorageProviderConfigService } from './storage-provider-config.service';
+import { FileValidator } from '../utils/file-validator.util';
 export class UploadService {
     /**
-   * Validate file before upload
+   * Validate file before upload - includes size, type, and content validation.
+   * Uses magic bytes to verify file content matches declared MIME type.
    */ validateFile(file) {
         // Validate file size
         const sizeValidation = this.storageConfigService.validateFileSize(file.size);
         if (!sizeValidation.valid) {
             throw new BadRequestException(sizeValidation.message);
         }
-        // Validate file type
+        // Validate declared file type (MIME)
         const typeValidation = this.storageConfigService.validateFileType(file.mimetype);
         if (!typeValidation.valid) {
             throw new BadRequestException(typeValidation.message);
         }
+        // Validate file content matches declared type (magic bytes check)
+        // This prevents MIME type spoofing attacks
+        const allowedTypes = this.storageConfigService.getAllowedFileTypes();
+        const contentValidation = FileValidator.validateFileContent(file.buffer, file.mimetype, allowedTypes);
+        if (!contentValidation.valid) {
+            this.logger.warn(`File content validation failed: ${contentValidation.message}`, {
+                declaredType: file.mimetype,
+                detectedType: contentValidation.detectedType
+            });
+            throw new BadRequestException(contentValidation.message || 'File content validation failed');
+        }
+        // Sanitize filename to prevent path traversal attacks
+        file.originalname = FileValidator.sanitizeFilename(file.originalname);
+    }
+    /**
+   * Create provider from storage config entity
+   */ async createProviderFromConfig(config) {
+        return this.storageFactory.createProvider({
+            provider: config.storage,
+            config: config.config
+        });
+    }
+    /**
+   * Create fallback local provider
+   */ async createFallbackLocalProvider() {
+        this.logger.warn('No storage config found, using fallback local provider');
+        return this.storageFactory.createProvider({
+            provider: FileLocationEnum.LOCAL,
+            config: {
+                basePath: this.storageConfigService.getDefaultLocalStoragePath()
+            }
+        });
     }
     /**
    * Get storage provider and config info based on storage config ID
@@ -57,13 +92,8 @@ export class UploadService {
             if (!config) {
                 throw new NotFoundException('Storage configuration not found');
             }
-            // Validate company ownership if company feature enabled
-            if (this.storageConfigService.isCompanyFeatureEnabled() && user?.companyId) {
-                const configWithCompany = config;
-                if (configWithCompany.companyId && configWithCompany.companyId !== user.companyId) {
-                    throw new BadRequestException('Storage configuration belongs to another company');
-                }
-            }
+            // Validate company ownership using shared utility
+            validateCompanyOwnership(config, user, this.storageConfigService.isCompanyFeatureEnabled(), 'Storage configuration');
             storageConfig = config;
         } else {
             // Use default config (scoped to user's company/branch)
@@ -73,13 +103,7 @@ export class UploadService {
             }
             storageConfig = defaultConfig;
         }
-        // Create provider config
-        const providerConfig = {
-            provider: storageConfig.storage,
-            config: storageConfig.config
-        };
-        // Get or create provider instance
-        const provider = await this.storageFactory.createProvider(providerConfig);
+        const provider = await this.createProviderFromConfig(storageConfig);
         return {
             provider,
             location: storageConfig.storage,
@@ -87,74 +111,33 @@ export class UploadService {
         };
     }
     /**
-   * Get storage provider based on storage config ID (convenience method)
-   */ async getStorageProvider(storageConfigId, user) {
-        const { provider } = await this.getStorageProviderWithConfig(storageConfigId, user);
-        return provider;
-    }
-    /**
    * Get storage provider for delete operations with fallback
    * If the original storage config doesn't exist, falls back based on locationHint
-   * This ensures files can still be deleted even if storage config was removed
-   * @param storageConfigId - The storage config ID to look up
-   * @param user - User context for company filtering
-   * @param locationHint - The file's original location type (used for fallback)
    */ async getStorageProviderForDelete(storageConfigId, user, locationHint) {
-        // If storageConfigId provided, try to find it
+        // Try to find by storageConfigId
         if (storageConfigId) {
             const config = await this.storageProviderConfigService.findByIdDirect(storageConfigId);
             if (config) {
-                const providerConfig = {
-                    provider: config.storage,
-                    config: config.config
-                };
-                return await this.storageFactory.createProvider(providerConfig);
+                return this.createProviderFromConfig(config);
             }
-            // Config not found, log warning and try fallback
-            this.logger.warn(`Storage config ${storageConfigId} not found, trying fallback for delete`);
+            this.logger.warn(`Storage config ${storageConfigId} not found, trying fallback`);
         }
-        // Fallback: Use locationHint to find a matching config or create provider
+        // Fallback: Use locationHint to find a matching config
         if (locationHint) {
-            // Try to find a config matching the file's original location type
             const matchingConfigs = await this.storageProviderConfigService.getConfigByType(locationHint, user);
             if (matchingConfigs.length > 0) {
-                const providerConfig = {
-                    provider: matchingConfigs[0].storage,
-                    config: matchingConfigs[0].config
-                };
-                this.logger.debug(`Using matching ${locationHint} config for delete fallback`);
-                return await this.storageFactory.createProvider(providerConfig);
+                return this.createProviderFromConfig(matchingConfigs[0]);
             }
-            // No matching config found, create a basic provider based on locationHint
             if (locationHint === FileLocationEnum.LOCAL) {
-                this.logger.warn('No local config found, using fallback local provider for delete');
-                const localProviderConfig = {
-                    provider: FileLocationEnum.LOCAL,
-                    config: {
-                        basePath: this.storageConfigService.getDefaultLocalStoragePath()
-                    }
-                };
-                return await this.storageFactory.createProvider(localProviderConfig);
+                return this.createFallbackLocalProvider();
             }
         }
-        // Last resort: Try default config (might be different provider type)
+        // Last resort: Try default config
         const defaultConfig = await this.storageProviderConfigService.getDefaultConfig(user);
         if (defaultConfig) {
-            const providerConfig = {
-                provider: defaultConfig.storage,
-                config: defaultConfig.config
-            };
-            return await this.storageFactory.createProvider(providerConfig);
+            return this.createProviderFromConfig(defaultConfig);
         }
-        // Final fallback: Create a basic local provider
-        this.logger.warn('No storage config found, using fallback local provider for delete');
-        const localProviderConfig = {
-            provider: FileLocationEnum.LOCAL,
-            config: {
-                basePath: this.storageConfigService.getDefaultLocalStoragePath()
-            }
-        };
-        return await this.storageFactory.createProvider(localProviderConfig);
+        return this.createFallbackLocalProvider();
     }
     async uploadSingleFile(file, options, user) {
         try {
@@ -168,9 +151,9 @@ export class UploadService {
                 location,
                 storageConfigId: configId
             };
-        } catch (err) {
-            this.logger.error('Single file upload failed', err);
-            throw new InternalServerErrorException(err?.message || 'Single file upload failed');
+        } catch (error) {
+            ErrorHandler.logError(this.logger, error, 'uploadSingleFile');
+            ErrorHandler.rethrowError(error);
         }
     }
     async uploadMultipleFiles(files, options, user) {
@@ -187,31 +170,31 @@ export class UploadService {
                     location,
                     storageConfigId: configId
                 }));
-        } catch (err) {
-            this.logger.error('Multiple files upload failed', err);
-            throw new InternalServerErrorException(err?.message || 'Multiple files upload failed');
+        } catch (error) {
+            ErrorHandler.logError(this.logger, error, 'uploadMultipleFiles');
+            ErrorHandler.rethrowError(error);
         }
     }
     async deleteSingleFile(key, storageConfigId, user, locationHint) {
         try {
-            if (!key) throw new Error('No file path provided');
+            if (!key) throw new BadRequestException('No file path provided');
             const provider = await this.getStorageProviderForDelete(storageConfigId, user, locationHint);
             await provider.deleteFile(key);
             return true;
-        } catch (err) {
-            this.logger.error('Delete single file failed', err);
-            throw new InternalServerErrorException(err?.message || 'Delete single file failed');
+        } catch (error) {
+            ErrorHandler.logError(this.logger, error, 'deleteSingleFile');
+            ErrorHandler.rethrowError(error);
         }
     }
     async deleteMultipleFile(keys, storageConfigId, user, locationHint) {
         try {
-            if (!keys || !keys.length) throw new Error('No file paths provided');
+            if (!keys || !keys.length) throw new BadRequestException('No file paths provided');
             const provider = await this.getStorageProviderForDelete(storageConfigId, user, locationHint);
             await provider.deleteMultipleFiles(keys);
             return true;
-        } catch (err) {
-            this.logger.error('Delete multiple files failed', err);
-            throw new InternalServerErrorException(err?.message || 'Delete multiple files failed');
+        } catch (error) {
+            ErrorHandler.logError(this.logger, error, 'deleteMultipleFiles');
+            ErrorHandler.rethrowError(error);
         }
     }
     bytesToKb(bytes) {
@@ -241,7 +224,8 @@ export class UploadService {
             }
             return null;
         } catch (error) {
-            this.logger.warn(`Failed to get local storage basePath: ${error.message}`);
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            this.logger.warn(`Failed to get local storage basePath: ${errorMessage}`);
             return null;
         }
     }
@@ -251,16 +235,16 @@ export class UploadService {
    * For Local/SFTP: returns direct path
    */ async makeFileUrl(key, storageConfigId, expiresIn = 3600, user) {
         try {
-            const provider = await this.getStorageProvider(storageConfigId, user);
+            const { provider } = await this.getStorageProviderWithConfig(storageConfigId, user);
             // Check if provider supports presigned URLs
             if (provider.generatePresignedUrl) {
                 return await provider.generatePresignedUrl(key, expiresIn);
             }
             // For SFTP or other providers without presigned URLs
             return key;
-        } catch (err) {
-            this.logger.error('Generate file URL failed', err);
-            throw new InternalServerErrorException(err?.message || 'Generate file URL failed');
+        } catch (error) {
+            ErrorHandler.logError(this.logger, error, 'makeFileUrl');
+            ErrorHandler.rethrowError(error);
         }
     }
     // NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild