@flusys/nestjs-storage 1.0.0-rc → 1.0.1

package/cjs/services/folder.service.js

@@ -12,7 +12,7 @@ const _classes = require("@flusys/nestjs-shared/classes");
 const _modules = require("@flusys/nestjs-shared/modules");
 const _utils = require("@flusys/nestjs-shared/utils");
 const _common = require("@nestjs/common");
-const _config = require("../config");
+const _storageconfigservice = require("./storage-config.service");
 const _entities = require("../entities");
 const _storagedatasourceprovider = require("./storage-datasource.provider");
 function _define_property(obj, key, value) {
@@ -93,13 +93,13 @@ FolderService = _ts_decorate([
     }),
     _ts_param(0, (0, _common.Inject)('CACHE_INSTANCE')),
     _ts_param(1, (0, _common.Inject)(_modules.UtilsService)),
-    _ts_param(2, (0, _common.Inject)(_config.StorageConfigService)),
+    _ts_param(2, (0, _common.Inject)(_storageconfigservice.StorageConfigService)),
     _ts_param(3, (0, _common.Inject)(_storagedatasourceprovider.StorageDataSourceProvider)),
     _ts_metadata("design:type", Function),
     _ts_metadata("design:paramtypes", [
         typeof _classes.HybridCache === "undefined" ? Object : _classes.HybridCache,
         typeof _modules.UtilsService === "undefined" ? Object : _modules.UtilsService,
-        typeof _config.StorageConfigService === "undefined" ? Object : _config.StorageConfigService,
+        typeof _storageconfigservice.StorageConfigService === "undefined" ? Object : _storageconfigservice.StorageConfigService,
         typeof _storagedatasourceprovider.StorageDataSourceProvider === "undefined" ? Object : _storagedatasourceprovider.StorageDataSourceProvider
     ])
 ], FolderService);

package/cjs/services/index.js

@@ -4,6 +4,7 @@ Object.defineProperty(exports, "__esModule", {
 });
 _export_star(require("./file-manager.service"), exports);
 _export_star(require("./folder.service"), exports);
+_export_star(require("./storage-config.service"), exports);
 _export_star(require("./storage-provider-config.service"), exports);
 _export_star(require("./storage-datasource.provider"), exports);
 _export_star(require("./upload.service"), exports);

package/cjs/{config → services}/storage-config.service.js

@@ -10,7 +10,7 @@ Object.defineProperty(exports, "StorageConfigService", {
 });
 const _common = require("@nestjs/common");
 const _interfaces = require("../interfaces");
-const _storageconstants = require("./storage.constants");
+const _storageconstants = require("../config/storage.constants");
 function _define_property(obj, key, value) {
     if (key in obj) {
         Object.defineProperty(obj, key, {
@@ -38,119 +38,70 @@ function _ts_param(paramIndex, decorator) {
         decorator(target, key, paramIndex);
     };
 }
+const BYTES_PER_MB = 1024 * 1024;
+const DEFAULT_LOCAL_PATH = './uploads';
+const DEFAULT_PORT = '3000';
 let StorageConfigService = class StorageConfigService {
-    /**
-   * Check if company feature is enabled
-   */ isCompanyFeatureEnabled() {
+    // ─── IModuleConfigService Implementation ────────────────────────────────────
+    isCompanyFeatureEnabled() {
         return this.options.bootstrapAppConfig?.enableCompanyFeature ?? false;
     }
-    /**
-   * Get database mode
-   */ getDatabaseMode() {
+    getDatabaseMode() {
         return this.options.bootstrapAppConfig?.databaseMode ?? 'single';
     }
-    /**
-   * Check if running in multi-tenant mode
-   */ isMultiTenant() {
+    isMultiTenant() {
         return this.getDatabaseMode() === 'multi-tenant';
     }
-    /**
-   * Get maximum file size in bytes
-   */ getMaxFileSize() {
+    // ─── Config Getters ─────────────────────────────────────────────────────────
+    getMaxFileSize() {
         return this.options.config?.maxFileSize ?? _storageconstants.DEFAULT_MAX_FILE_SIZE;
     }
-    /**
-   * Get allowed file types (MIME types or patterns)
-   */ getAllowedFileTypes() {
+    getAllowedFileTypes() {
         return this.options.config?.allowedFileTypes ?? _storageconstants.DEFAULT_ALLOWED_FILE_TYPES;
     }
-    /**
-   * Check if file type is allowed
-   */ isFileTypeAllowed(mimeType) {
+    getOptions() {
+        return this.options;
+    }
+    getDefaultLocalStoragePath() {
+        return this.options.config?.localStoragePath ?? DEFAULT_LOCAL_PATH;
+    }
+    getAppUrl() {
+        return this.options.config?.appUrl ?? process.env.APP_URL ?? `http://localhost:${process.env.PORT ?? DEFAULT_PORT}`;
+    }
+    // ─── Validation Methods ─────────────────────────────────────────────────────
+    isFileTypeAllowed(mimeType) {
         const allowedTypes = this.getAllowedFileTypes();
-        // If wildcard, allow all
         if (allowedTypes.includes('*/*')) {
             return true;
         }
-        // Check exact match or wildcard pattern
-        return allowedTypes.some((allowedType)=>{
-            if (allowedType.endsWith('/*')) {
-                const prefix = allowedType.slice(0, -2);
-                return mimeType.startsWith(prefix);
-            }
-            return allowedType === mimeType;
-        });
+        return allowedTypes.some((type)=>type.endsWith('/*') ? mimeType.startsWith(type.slice(0, -2)) : type === mimeType);
     }
-    /**
-   * Validate file size
-   */ validateFileSize(fileSize) {
+    validateFileSize(fileSize) {
         const maxSize = this.getMaxFileSize();
         if (fileSize > maxSize) {
-            const maxSizeMB = (maxSize / (1024 * 1024)).toFixed(2);
-            const fileSizeMB = (fileSize / (1024 * 1024)).toFixed(2);
             return {
                 valid: false,
-                message: `File size (${fileSizeMB}MB) exceeds the maximum allowed size of ${maxSizeMB}MB`
+                message: `File size (${this.toMB(fileSize)}MB) exceeds maximum ${this.toMB(maxSize)}MB`
             };
         }
         return {
             valid: true
         };
     }
-    /**
-   * Validate file type
-   */ validateFileType(mimeType) {
+    validateFileType(mimeType) {
         if (!this.isFileTypeAllowed(mimeType)) {
-            const allowedTypes = this.getAllowedFileTypes();
             return {
                 valid: false,
-                message: `File type "${mimeType}" is not allowed. Allowed types: ${allowedTypes.join(', ')}`
+                message: `File type "${mimeType}" not allowed. Allowed: ${this.getAllowedFileTypes().join(', ')}`
             };
         }
         return {
             valid: true
         };
     }
-    /**
-   * Get default database config
-   */ getDefaultDatabaseConfig() {
-        return this.options.config?.defaultDatabaseConfig;
-    }
-    /**
-   * Get all options
-   */ getOptions() {
-        return this.options;
-    }
-    /**
-   * Get default local storage base path
-   * Used for serving local files without database lookup
-   * Falls back to './uploads' if not configured
-   */ getDefaultLocalStoragePath() {
-        // Check if localStoragePath is configured in module options
-        const configuredPath = this.options.config?.localStoragePath;
-        if (configuredPath) {
-            return configuredPath;
-        }
-        // Default to ./uploads in the project root
-        return './uploads';
-    }
-    /**
-   * Get application base URL for generating file URLs
-   * - First tries module config
-   * - Falls back to APP_URL env var
-   * - Finally constructs from PORT env var
-   */ getAppUrl() {
-        // Try from module config first
-        if (this.options.config?.appUrl) {
-            return this.options.config.appUrl;
-        }
-        // Fallback: read directly from environment
-        if (process.env.APP_URL) {
-            return process.env.APP_URL;
-        }
-        // Last resort: construct from PORT
-        const port = process.env.PORT || '3000';
-        return `http://localhost:${port}`;
+    // ─── Private Helpers ────────────────────────────────────────────────────────
+    toMB(bytes) {
+        return (bytes / BYTES_PER_MB).toFixed(2);
     }
     constructor(options){
         _define_property(this, "options", void 0);

package/cjs/services/storage-datasource.provider.js

@@ -12,8 +12,7 @@ const _modules = require("@flusys/nestjs-shared/modules");
 const _common = require("@nestjs/common");
 const _core = require("@nestjs/core");
 const _express = require("express");
-const _interfaces = require("../interfaces");
-const _storageconstants = require("../config/storage.constants");
+const _storageconfigservice = require("./storage-config.service");
 function _define_property(obj, key, value) {
     if (key in obj) {
         Object.defineProperty(obj, key, {
@@ -93,14 +92,11 @@ let StorageDataSourceProvider = class StorageDataSourceProvider extends _modules
         };
     }
     // Feature Flags
-    /** Get global enable company feature flag */ getEnableCompanyFeature() {
-        return this.storageOptions.bootstrapAppConfig?.enableCompanyFeature ?? false;
-    }
     /**
    * Get enable company feature for specific tenant
    * Falls back to global setting if not specified per-tenant
    */ getEnableCompanyFeatureForTenant(tenant) {
-        return tenant?.enableCompanyFeature ?? this.getEnableCompanyFeature();
+        return tenant?.enableCompanyFeature ?? this.configService.isCompanyFeatureEnabled();
     }
     /**
    * Get enable company feature for current request context
@@ -113,22 +109,16 @@ let StorageDataSourceProvider = class StorageDataSourceProvider extends _modules
    * For TypeORM repositories, we always use the base entities (FileManager, etc.)
    * but for migrations, we need the correct entity based on the feature flag.
    */ async getStorageEntities(enableCompanyFeature) {
-        const enable = enableCompanyFeature ?? this.getEnableCompanyFeature();
-        const { FileManager, Folder, StorageConfig } = await Promise.resolve().then(()=>/*#__PURE__*/ _interop_require_wildcard(require("../entities")));
-        // For migrations and schema sync, return the appropriate entity
-        // Both versions map to the same table, but with different columns
-        if (enable) {
-            const { FileManagerWithCompany, FolderWithCompany, StorageConfigWithCompany } = await Promise.resolve().then(()=>/*#__PURE__*/ _interop_require_wildcard(require("../entities")));
-            return [
-                FileManagerWithCompany,
-                FolderWithCompany,
-                StorageConfigWithCompany
-            ];
-        }
-        return [
-            FileManager,
-            Folder,
-            StorageConfig
+        const enable = enableCompanyFeature ?? this.configService.isCompanyFeatureEnabled();
+        const entities = await Promise.resolve().then(()=>/*#__PURE__*/ _interop_require_wildcard(require("../entities")));
+        return enable ? [
+            entities.FileManagerWithCompany,
+            entities.FolderWithCompany,
+            entities.StorageConfigWithCompany
+        ] : [
+            entities.FileManager,
+            entities.Folder,
+            entities.StorageConfig
         ];
     }
     // Overrides
@@ -189,8 +179,8 @@ let StorageDataSourceProvider = class StorageDataSourceProvider extends _modules
             StorageDataSourceProvider.connectionLocks.delete(tenant.id);
         }
     }
-    constructor(storageOptions, request){
-        super(StorageDataSourceProvider.buildParentOptions(storageOptions), request), _define_property(this, "storageOptions", void 0), _define_property(this, "logger", void 0), this.storageOptions = storageOptions, this.logger = new _common.Logger(StorageDataSourceProvider.name);
+    constructor(configService, request){
+        super(StorageDataSourceProvider.buildParentOptions(configService.getOptions()), request), _define_property(this, "configService", void 0), _define_property(this, "logger", void 0), this.configService = configService, this.logger = new _common.Logger(StorageDataSourceProvider.name);
     }
 };
 // Override parent's static properties to have Storage-specific cache
@@ -204,12 +194,12 @@ StorageDataSourceProvider = _ts_decorate([
     (0, _common.Injectable)({
         scope: _common.Scope.REQUEST
     }),
-    _ts_param(0, (0, _common.Inject)(_storageconstants.STORAGE_MODULE_OPTIONS)),
+    _ts_param(0, (0, _common.Inject)(_storageconfigservice.StorageConfigService)),
     _ts_param(1, (0, _common.Optional)()),
     _ts_param(1, (0, _common.Inject)(_core.REQUEST)),
     _ts_metadata("design:type", Function),
     _ts_metadata("design:paramtypes", [
-        typeof _interfaces.StorageModuleOptions === "undefined" ? Object : _interfaces.StorageModuleOptions,
+        typeof _storageconfigservice.StorageConfigService === "undefined" ? Object : _storageconfigservice.StorageConfigService,
         typeof _express.Request === "undefined" ? Object : _express.Request
     ])
 ], StorageDataSourceProvider);

package/cjs/services/storage-provider-config.service.js

@@ -12,7 +12,7 @@ const _classes = require("@flusys/nestjs-shared/classes");
 const _modules = require("@flusys/nestjs-shared/modules");
 const _utils = require("@flusys/nestjs-shared/utils");
 const _common = require("@nestjs/common");
-const _config = require("../config");
+const _storageconfigservice = require("./storage-config.service");
 const _entities = require("../entities");
 const _storagedatasourceprovider = require("./storage-datasource.provider");
 function _define_property(obj, key, value) {
@@ -139,13 +139,13 @@ StorageProviderConfigService = _ts_decorate([
     }),
     _ts_param(0, (0, _common.Inject)('CACHE_INSTANCE')),
     _ts_param(1, (0, _common.Inject)(_modules.UtilsService)),
-    _ts_param(2, (0, _common.Inject)(_config.StorageConfigService)),
+    _ts_param(2, (0, _common.Inject)(_storageconfigservice.StorageConfigService)),
     _ts_param(3, (0, _common.Inject)(_storagedatasourceprovider.StorageDataSourceProvider)),
     _ts_metadata("design:type", Function),
     _ts_metadata("design:paramtypes", [
         typeof _classes.HybridCache === "undefined" ? Object : _classes.HybridCache,
         typeof _modules.UtilsService === "undefined" ? Object : _modules.UtilsService,
-        typeof _config.StorageConfigService === "undefined" ? Object : _config.StorageConfigService,
+        typeof _storageconfigservice.StorageConfigService === "undefined" ? Object : _storageconfigservice.StorageConfigService,
         typeof _storagedatasourceprovider.StorageDataSourceProvider === "undefined" ? Object : _storagedatasourceprovider.StorageDataSourceProvider
     ])
 ], StorageProviderConfigService);

package/cjs/services/upload.service.js

@@ -10,7 +10,7 @@ Object.defineProperty(exports, "UploadService", {
 });
 const _utils = require("@flusys/nestjs-shared/utils");
 const _common = require("@nestjs/common");
-const _config = require("../config");
+const _storageconfigservice = require("./storage-config.service");
 const _filelocationenum = require("../enums/file-location.enum");
 const _storagefactoryservice = require("../providers/storage-factory.service");
 const _storageproviderconfigservice = require("./storage-provider-config.service");
@@ -72,6 +72,25 @@ let UploadService = class UploadService {
         file.originalname = _filevalidatorutil.FileValidator.sanitizeFilename(file.originalname);
     }
     /**
+   * Create provider from storage config entity
+   */ async createProviderFromConfig(config) {
+        return this.storageFactory.createProvider({
+            provider: config.storage,
+            config: config.config
+        });
+    }
+    /**
+   * Create fallback local provider
+   */ async createFallbackLocalProvider() {
+        this.logger.warn('No storage config found, using fallback local provider');
+        return this.storageFactory.createProvider({
+            provider: _filelocationenum.FileLocationEnum.LOCAL,
+            config: {
+                basePath: this.storageConfigService.getDefaultLocalStoragePath()
+            }
+        });
+    }
+    /**
    * Get storage provider and config info based on storage config ID
    * Validates company ownership when company feature is enabled
    */ async getStorageProviderWithConfig(storageConfigId, user) {
@@ -94,13 +113,7 @@ let UploadService = class UploadService {
             }
             storageConfig = defaultConfig;
         }
-        // Create provider config
-        const providerConfig = {
-            provider: storageConfig.storage,
-            config: storageConfig.config
-        };
-        // Get or create provider instance
-        const provider = await this.storageFactory.createProvider(providerConfig);
+        const provider = await this.createProviderFromConfig(storageConfig);
         return {
             provider,
             location: storageConfig.storage,
@@ -108,74 +121,33 @@ let UploadService = class UploadService {
         };
     }
     /**
-   * Get storage provider based on storage config ID (convenience method)
-   */ async getStorageProvider(storageConfigId, user) {
-        const { provider } = await this.getStorageProviderWithConfig(storageConfigId, user);
-        return provider;
-    }
-    /**
    * Get storage provider for delete operations with fallback
    * If the original storage config doesn't exist, falls back based on locationHint
-   * This ensures files can still be deleted even if storage config was removed
-   * @param storageConfigId - The storage config ID to look up
-   * @param user - User context for company filtering
-   * @param locationHint - The file's original location type (used for fallback)
    */ async getStorageProviderForDelete(storageConfigId, user, locationHint) {
-        // If storageConfigId provided, try to find it
+        // Try to find by storageConfigId
         if (storageConfigId) {
             const config = await this.storageProviderConfigService.findByIdDirect(storageConfigId);
             if (config) {
-                const providerConfig = {
-                    provider: config.storage,
-                    config: config.config
-                };
-                return await this.storageFactory.createProvider(providerConfig);
+                return this.createProviderFromConfig(config);
             }
-            // Config not found, log warning and try fallback
-            this.logger.warn(`Storage config ${storageConfigId} not found, trying fallback for delete`);
+            this.logger.warn(`Storage config ${storageConfigId} not found, trying fallback`);
         }
-        // Fallback: Use locationHint to find a matching config or create provider
+        // Fallback: Use locationHint to find a matching config
         if (locationHint) {
-            // Try to find a config matching the file's original location type
             const matchingConfigs = await this.storageProviderConfigService.getConfigByType(locationHint, user);
             if (matchingConfigs.length > 0) {
-                const providerConfig = {
-                    provider: matchingConfigs[0].storage,
-                    config: matchingConfigs[0].config
-                };
-                this.logger.debug(`Using matching ${locationHint} config for delete fallback`);
-                return await this.storageFactory.createProvider(providerConfig);
+                return this.createProviderFromConfig(matchingConfigs[0]);
             }
-            // No matching config found, create a basic provider based on locationHint
             if (locationHint === _filelocationenum.FileLocationEnum.LOCAL) {
-                this.logger.warn('No local config found, using fallback local provider for delete');
-                const localProviderConfig = {
-                    provider: _filelocationenum.FileLocationEnum.LOCAL,
-                    config: {
-                        basePath: this.storageConfigService.getDefaultLocalStoragePath()
-                    }
-                };
-                return await this.storageFactory.createProvider(localProviderConfig);
+                return this.createFallbackLocalProvider();
             }
         }
-        // Last resort: Try default config (might be different provider type)
+        // Last resort: Try default config
         const defaultConfig = await this.storageProviderConfigService.getDefaultConfig(user);
         if (defaultConfig) {
-            const providerConfig = {
-                provider: defaultConfig.storage,
-                config: defaultConfig.config
-            };
-            return await this.storageFactory.createProvider(providerConfig);
+            return this.createProviderFromConfig(defaultConfig);
         }
-        // Final fallback: Create a basic local provider
-        this.logger.warn('No storage config found, using fallback local provider for delete');
-        const localProviderConfig = {
-            provider: _filelocationenum.FileLocationEnum.LOCAL,
-            config: {
-                basePath: this.storageConfigService.getDefaultLocalStoragePath()
-            }
-        };
-        return await this.storageFactory.createProvider(localProviderConfig);
+        return this.createFallbackLocalProvider();
     }
     async uploadSingleFile(file, options, user) {
         try {
@@ -273,7 +245,7 @@ let UploadService = class UploadService {
    * For Local/SFTP: returns direct path
    */ async makeFileUrl(key, storageConfigId, expiresIn = 3600, user) {
         try {
-            const provider = await this.getStorageProvider(storageConfigId, user);
+            const { provider } = await this.getStorageProviderWithConfig(storageConfigId, user);
             // Check if provider supports presigned URLs
             if (provider.generatePresignedUrl) {
                 return await provider.generatePresignedUrl(key, expiresIn);
@@ -302,12 +274,12 @@ UploadService = _ts_decorate([
         scope: _common.Scope.REQUEST
     }),
     _ts_param(0, (0, _common.Inject)(_storagefactoryservice.StorageFactoryService)),
-    _ts_param(1, (0, _common.Inject)(_config.StorageConfigService)),
+    _ts_param(1, (0, _common.Inject)(_storageconfigservice.StorageConfigService)),
     _ts_param(2, (0, _common.Inject)(_storageproviderconfigservice.StorageProviderConfigService)),
     _ts_metadata("design:type", Function),
     _ts_metadata("design:paramtypes", [
         typeof _storagefactoryservice.StorageFactoryService === "undefined" ? Object : _storagefactoryservice.StorageFactoryService,
-        typeof _config.StorageConfigService === "undefined" ? Object : _config.StorageConfigService,
+        typeof _storageconfigservice.StorageConfigService === "undefined" ? Object : _storageconfigservice.StorageConfigService,
         typeof _storageproviderconfigservice.StorageProviderConfigService === "undefined" ? Object : _storageproviderconfigservice.StorageProviderConfigService
     ])
 ], UploadService);

package/cjs/utils/file-validator.util.js

@@ -303,7 +303,30 @@ function _define_property(obj, key, value) {
     'image/svg+xml',
     'application/xhtml+xml'
 ];
+/**
+ * ZIP-based format prefixes that are valid when detected as application/zip.
+ */ const ZIP_VARIANT_PREFIXES = [
+    'application/vnd.openxmlformats-officedocument',
+    'application/x-zip',
+    'application/x-compressed'
+];
 let FileValidator = class FileValidator {
+    // Result Helpers
+    static failureResult(message, detectedType, declaredType) {
+        return {
+            valid: false,
+            detectedType,
+            declaredType,
+            message
+        };
+    }
+    static successResult(detectedType, declaredType) {
+        return {
+            valid: true,
+            detectedType,
+            declaredType
+        };
+    }
     /**
    * Detect file type from buffer using magic bytes.
    * @param buffer - File buffer to analyze
@@ -349,15 +372,8 @@ let FileValidator = class FileValidator {
         const detectedCategory = detected.split('/')[0];
         const declaredCategory = declared.split('/')[0];
         // For ZIP-based formats, allow any ZIP-detected file if declared is a ZIP variant
-        if (detected === 'application/zip') {
-            const zipVariants = [
-                'application/vnd.openxmlformats-officedocument',
-                'application/x-zip',
-                'application/x-compressed'
-            ];
-            if (zipVariants.some((v)=>declared.startsWith(v))) {
-                return true;
-            }
+        if (detected === 'application/zip' && ZIP_VARIANT_PREFIXES.some((v)=>declared.startsWith(v))) {
+            return true;
         }
         return detectedCategory === declaredCategory;
     }
@@ -385,74 +401,46 @@ let FileValidator = class FileValidator {
         '*/*'
     ]) {
         try {
-            // Detect actual file type from magic bytes
             const detectedType = this.detectFileType(buffer);
-            // If no type detected, check if it's a text-based type
+            // No magic bytes detected - handle text-based types
             if (!detectedType) {
-                // Check for dangerous text types first (HTML, JS, SVG)
-                if (this.isDangerousTextType(declaredMimeType)) {
-                    // Only allow dangerous types if explicitly in allowedTypes (not via wildcard)
-                    const explicitlyAllowed = allowedTypes.some((t)=>t === declaredMimeType && t !== '*/*' && !t.endsWith('/*'));
-                    if (!explicitlyAllowed) {
-                        this.logger.warn(`Blocked dangerous file type: ${declaredMimeType} - requires explicit allowlisting`);
-                        return {
-                            valid: false,
-                            detectedType: declaredMimeType,
-                            declaredType: declaredMimeType,
-                            message: `File type "${declaredMimeType}" is potentially dangerous and not explicitly allowed`
-                        };
-                    }
-                    this.logger.warn(`Allowing explicitly permitted dangerous file type: ${declaredMimeType}`);
-                }
-                if (this.isTextBasedType(declaredMimeType)) {
-                    // Safe text-based files don't have magic bytes, trust the declared type
-                    const isAllowed = this.isTypeAllowed(declaredMimeType, allowedTypes);
-                    return {
-                        valid: isAllowed,
-                        detectedType: declaredMimeType,
-                        declaredType: declaredMimeType,
-                        message: isAllowed ? undefined : `File type "${declaredMimeType}" is not allowed`
-                    };
-                }
-                // For binary files without recognized signatures, be cautious
-                this.logger.warn(`Unable to detect file type for declared type: ${declaredMimeType}`);
-                return {
-                    valid: false,
-                    declaredType: declaredMimeType,
-                    message: 'Unable to verify file type. File may be corrupted or unsupported.'
-                };
+                return this.validateUndetectedType(declaredMimeType, allowedTypes);
             }
-            // Check if detected type matches declared type
+            // Verify detected type matches declared type
             if (!this.mimeTypesMatch(detectedType, declaredMimeType)) {
                 this.logger.warn(`MIME type mismatch: declared=${declaredMimeType}, detected=${detectedType}`);
-                return {
-                    valid: false,
-                    detectedType,
-                    declaredType: declaredMimeType,
-                    message: `File content does not match declared type. Detected: ${detectedType}, Declared: ${declaredMimeType}`
-                };
+                return this.failureResult(`File content does not match declared type. Detected: ${detectedType}, Declared: ${declaredMimeType}`, detectedType, declaredMimeType);
             }
-            // Check if detected type is allowed
+            // Verify type is in allowed list
             if (!this.isTypeAllowed(detectedType, allowedTypes)) {
-                return {
-                    valid: false,
-                    detectedType,
-                    declaredType: declaredMimeType,
-                    message: `File type "${detectedType}" is not allowed`
-                };
+                return this.failureResult(`File type "${detectedType}" is not allowed`, detectedType, declaredMimeType);
             }
-            return {
-                valid: true,
-                detectedType,
-                declaredType: declaredMimeType
-            };
+            return this.successResult(detectedType, declaredMimeType);
         } catch (error) {
             this.logger.error('File validation error:', error);
-            return {
-                valid: false,
-                message: 'File validation failed'
-            };
+            return this.failureResult('File validation failed');
+        }
+    }
+    /**
+   * Handle validation for files without detectable magic bytes.
+   */ static validateUndetectedType(declaredMimeType, allowedTypes) {
+        // Check for dangerous text types first (HTML, JS, SVG)
+        if (this.isDangerousTextType(declaredMimeType)) {
+            const explicitlyAllowed = allowedTypes.some((t)=>t === declaredMimeType && t !== '*/*' && !t.endsWith('/*'));
+            if (!explicitlyAllowed) {
+                this.logger.warn(`Blocked dangerous file type: ${declaredMimeType} - requires explicit allowlisting`);
+                return this.failureResult(`File type "${declaredMimeType}" is potentially dangerous and not explicitly allowed`, declaredMimeType, declaredMimeType);
+            }
+            this.logger.warn(`Allowing explicitly permitted dangerous file type: ${declaredMimeType}`);
+        }
+        // Safe text-based files don't have magic bytes, trust declared type
+        if (this.isTextBasedType(declaredMimeType)) {
+            const isAllowed = this.isTypeAllowed(declaredMimeType, allowedTypes);
+            return isAllowed ? this.successResult(declaredMimeType, declaredMimeType) : this.failureResult(`File type "${declaredMimeType}" is not allowed`, declaredMimeType, declaredMimeType);
         }
+        // Binary files without recognized signatures - be cautious
+        this.logger.warn(`Unable to detect file type for declared type: ${declaredMimeType}`);
+        return this.failureResult('Unable to verify file type. File may be corrupted or unsupported.', undefined, declaredMimeType);
     }
     /**
    * Sanitize filename to prevent path traversal and special character issues.

package/cjs/utils/image-compressor.util.js

@@ -147,12 +147,9 @@ let ImageCompressor = class ImageCompressor {
                 break;
         }
         try {
-            // Process main image
-            const { data, info } = await image.toBuffer({
-                resolveWithObject: true
-            });
+            const compressedBuffer = await image.toBuffer();
             return {
-                buffer: data,
+                buffer: compressedBuffer,
                 format: `image/${targetFormat}`
             };
         } catch  {

package/config/index.d.ts

@@ -1,2 +1 @@
 export * from './storage.constants';
-export * from './storage-config.service';

package/config/storage.constants.d.ts

@@ -1,9 +1,3 @@
 export declare const STORAGE_MODULE_OPTIONS = "STORAGE_MODULE_OPTIONS";
 export declare const DEFAULT_MAX_FILE_SIZE: number;
 export declare const DEFAULT_ALLOWED_FILE_TYPES: string[];
-export declare const FILE_VALIDATION_MESSAGES: {
-    readonly FILE_TOO_LARGE: "File size exceeds the maximum allowed size";
-    readonly INVALID_FILE_TYPE: "File type is not allowed";
-    readonly NO_FILE_PROVIDED: "No file was provided";
-    readonly UPLOAD_FAILED: "File upload failed";
-};

package/controllers/upload.controller.d.ts

@@ -5,6 +5,7 @@ import { UploadService } from '../services/upload.service';
 export declare class UploadController {
     private readonly uploadService;
     constructor(uploadService: UploadService);
+    private toFileUploadResponse;
     uploadSingleFile(file: Express.Multer.File, options: UploadOptionsDto, user: ILoggedUserInfo): Promise<SingleResponseDto<FileUploadResponsePayloadDto>>;
     uploadMultipleFiles(files: Express.Multer.File[], options: UploadOptionsDto, user: ILoggedUserInfo): Promise<SingleResponseDto<FileUploadResponsePayloadDto[]>>;
     deleteSingleFile(dto: DeleteSingleFileDto, user: ILoggedUserInfo): Promise<SingleResponseDto<boolean>>;