@flusys/nestjs-storage 1.1.0-beta → 1.1.0

package/fesm/services/folder.service.js

@@ -27,8 +27,9 @@ function _ts_param(paramIndex, decorator) {
 }
 import { RequestScopedApiService, HybridCache } from '@flusys/nestjs-shared/classes';
 import { UtilsService } from '@flusys/nestjs-shared/modules';
+import { applyCompanyFilter } from '@flusys/nestjs-shared/utils';
 import { Inject, Injectable, Scope } from '@nestjs/common';
-import { StorageConfigService } from '../config';
+import { StorageConfigService } from './storage-config.service';
 import { Folder, FolderWithCompany } from '../entities';
 import { StorageDataSourceProvider } from './storage-datasource.provider';
 export class FolderService extends RequestScopedApiService {
@@ -38,16 +39,13 @@ export class FolderService extends RequestScopedApiService {
     getDataSourceProvider() {
         return this.dataSourceProvider;
     }
-    // Entity Conversion
     async convertSingleDtoToEntity(dto, user) {
         const entity = await super.convertSingleDtoToEntity(dto, user);
-        // Set companyId from user context if company feature enabled
         if (this.storageConfig.isCompanyFeatureEnabled()) {
             entity.companyId = user?.companyId ?? null;
         }
         return entity;
     }
-    // Query Customization
     async getSelectQuery(query, _user, select) {
         if (!select?.length) {
             select = [
@@ -69,11 +67,10 @@ export class FolderService extends RequestScopedApiService {
     }
     async getExtraManipulateQuery(query, filterDto, user) {
         const result = await super.getExtraManipulateQuery(query, filterDto, user);
-        if (this.storageConfig.isCompanyFeatureEnabled() && user?.companyId) {
-            query.andWhere('folder.companyId = :companyId', {
-                companyId: user.companyId
-            });
-        }
+        applyCompanyFilter(query, {
+            isCompanyFeatureEnabled: this.storageConfig.isCompanyFeatureEnabled(),
+            entityAlias: 'folder'
+        }, user);
         return result;
     }
     constructor(cacheManager, utilsService, storageConfig, dataSourceProvider){

package/fesm/services/index.js

@@ -1,5 +1,6 @@
 export * from './file-manager.service';
 export * from './folder.service';
+export * from './storage-config.service';
 export * from './storage-provider-config.service';
 export * from './storage-datasource.provider';
 export * from './upload.service';

package/fesm/{config → services}/storage-config.service.js

@@ -27,115 +27,71 @@ function _ts_param(paramIndex, decorator) {
 }
 import { Inject, Injectable } from '@nestjs/common';
 import { StorageModuleOptions } from '../interfaces';
-import { STORAGE_MODULE_OPTIONS, DEFAULT_MAX_FILE_SIZE, DEFAULT_ALLOWED_FILE_TYPES } from './storage.constants';
+import { STORAGE_MODULE_OPTIONS, DEFAULT_MAX_FILE_SIZE, DEFAULT_ALLOWED_FILE_TYPES } from '../config/storage.constants';
+const BYTES_PER_MB = 1024 * 1024;
+const DEFAULT_LOCAL_PATH = './uploads';
+const DEFAULT_PORT = '3000';
 export class StorageConfigService {
-    /**
-   * Check if company feature is enabled
-   */ isCompanyFeatureEnabled() {
+    // ─── IModuleConfigService Implementation ────────────────────────────────────
+    isCompanyFeatureEnabled() {
         return this.options.bootstrapAppConfig?.enableCompanyFeature ?? false;
     }
-    /**
-   * Get database mode
-   */ getDatabaseMode() {
+    getDatabaseMode() {
         return this.options.bootstrapAppConfig?.databaseMode ?? 'single';
     }
-    /**
-   * Get maximum file size in bytes
-   */ getMaxFileSize() {
+    isMultiTenant() {
+        return this.getDatabaseMode() === 'multi-tenant';
+    }
+    // ─── Config Getters ─────────────────────────────────────────────────────────
+    getMaxFileSize() {
         return this.options.config?.maxFileSize ?? DEFAULT_MAX_FILE_SIZE;
     }
-    /**
-   * Get allowed file types (MIME types or patterns)
-   */ getAllowedFileTypes() {
+    getAllowedFileTypes() {
         return this.options.config?.allowedFileTypes ?? DEFAULT_ALLOWED_FILE_TYPES;
     }
-    /**
-   * Check if file type is allowed
-   */ isFileTypeAllowed(mimeType) {
+    getOptions() {
+        return this.options;
+    }
+    getDefaultLocalStoragePath() {
+        return this.options.config?.localStoragePath ?? DEFAULT_LOCAL_PATH;
+    }
+    getAppUrl() {
+        return this.options.config?.appUrl ?? process.env.APP_URL ?? `http://localhost:${process.env.PORT ?? DEFAULT_PORT}`;
+    }
+    // ─── Validation Methods ─────────────────────────────────────────────────────
+    isFileTypeAllowed(mimeType) {
         const allowedTypes = this.getAllowedFileTypes();
-        // If wildcard, allow all
         if (allowedTypes.includes('*/*')) {
             return true;
         }
-        // Check exact match or wildcard pattern
-        return allowedTypes.some((allowedType)=>{
-            if (allowedType.endsWith('/*')) {
-                const prefix = allowedType.slice(0, -2);
-                return mimeType.startsWith(prefix);
-            }
-            return allowedType === mimeType;
-        });
+        return allowedTypes.some((type)=>type.endsWith('/*') ? mimeType.startsWith(type.slice(0, -2)) : type === mimeType);
     }
-    /**
-   * Validate file size
-   */ validateFileSize(fileSize) {
+    validateFileSize(fileSize) {
         const maxSize = this.getMaxFileSize();
         if (fileSize > maxSize) {
-            const maxSizeMB = (maxSize / (1024 * 1024)).toFixed(2);
-            const fileSizeMB = (fileSize / (1024 * 1024)).toFixed(2);
             return {
                 valid: false,
-                message: `File size (${fileSizeMB}MB) exceeds the maximum allowed size of ${maxSizeMB}MB`
+                message: `File size (${this.toMB(fileSize)}MB) exceeds maximum ${this.toMB(maxSize)}MB`
             };
         }
         return {
             valid: true
         };
     }
-    /**
-   * Validate file type
-   */ validateFileType(mimeType) {
+    validateFileType(mimeType) {
         if (!this.isFileTypeAllowed(mimeType)) {
-            const allowedTypes = this.getAllowedFileTypes();
             return {
                 valid: false,
-                message: `File type "${mimeType}" is not allowed. Allowed types: ${allowedTypes.join(', ')}`
+                message: `File type "${mimeType}" not allowed. Allowed: ${this.getAllowedFileTypes().join(', ')}`
             };
         }
         return {
             valid: true
         };
     }
-    /**
-   * Get default database config
-   */ getDefaultDatabaseConfig() {
-        return this.options.config?.defaultDatabaseConfig;
-    }
-    /**
-   * Get all options
-   */ getOptions() {
-        return this.options;
-    }
-    /**
-   * Get default local storage base path
-   * Used for serving local files without database lookup
-   * Falls back to './uploads' if not configured
-   */ getDefaultLocalStoragePath() {
-        // Check if localStoragePath is configured in module options
-        const configuredPath = this.options.config?.localStoragePath;
-        if (configuredPath) {
-            return configuredPath;
-        }
-        // Default to ./uploads in the project root
-        return './uploads';
-    }
-    /**
-   * Get application base URL for generating file URLs
-   * - First tries module config
-   * - Falls back to APP_URL env var
-   * - Finally constructs from PORT env var
-   */ getAppUrl() {
-        // Try from module config first
-        if (this.options.config?.appUrl) {
-            return this.options.config.appUrl;
-        }
-        // Fallback: read directly from environment
-        if (process.env.APP_URL) {
-            return process.env.APP_URL;
-        }
-        // Last resort: construct from PORT
-        const port = process.env.PORT || '3000';
-        return `http://localhost:${port}`;
+    // ─── Private Helpers ────────────────────────────────────────────────────────
+    toMB(bytes) {
+        return (bytes / BYTES_PER_MB).toFixed(2);
     }
     constructor(options){
         _define_property(this, "options", void 0);

package/fesm/services/storage-datasource.provider.js

@@ -29,8 +29,7 @@ import { MultiTenantDataSourceService } from '@flusys/nestjs-shared/modules';
 import { Inject, Injectable, Logger, Optional, Scope } from '@nestjs/common';
 import { REQUEST } from '@nestjs/core';
 import { Request } from 'express';
-import { StorageModuleOptions } from '../interfaces';
-import { STORAGE_MODULE_OPTIONS } from '../config/storage.constants';
+import { StorageConfigService } from './storage-config.service';
 export class StorageDataSourceProvider extends MultiTenantDataSourceService {
     // Factory Methods
     /** Build parent options from StorageModuleOptions */ static buildParentOptions(options) {
@@ -42,14 +41,11 @@ export class StorageDataSourceProvider extends MultiTenantDataSourceService {
         };
     }
     // Feature Flags
-    /** Get global enable company feature flag */ getEnableCompanyFeature() {
-        return this.storageOptions.bootstrapAppConfig?.enableCompanyFeature ?? false;
-    }
     /**
    * Get enable company feature for specific tenant
    * Falls back to global setting if not specified per-tenant
    */ getEnableCompanyFeatureForTenant(tenant) {
-        return tenant?.enableCompanyFeature ?? this.getEnableCompanyFeature();
+        return tenant?.enableCompanyFeature ?? this.configService.isCompanyFeatureEnabled();
     }
     /**
    * Get enable company feature for current request context
@@ -62,22 +58,16 @@ export class StorageDataSourceProvider extends MultiTenantDataSourceService {
    * For TypeORM repositories, we always use the base entities (FileManager, etc.)
    * but for migrations, we need the correct entity based on the feature flag.
    */ async getStorageEntities(enableCompanyFeature) {
-        const enable = enableCompanyFeature ?? this.getEnableCompanyFeature();
-        const { FileManager, Folder, StorageConfig } = await import('../entities');
-        // For migrations and schema sync, return the appropriate entity
-        // Both versions map to the same table, but with different columns
-        if (enable) {
-            const { FileManagerWithCompany, FolderWithCompany, StorageConfigWithCompany } = await import('../entities');
-            return [
-                FileManagerWithCompany,
-                FolderWithCompany,
-                StorageConfigWithCompany
-            ];
-        }
-        return [
-            FileManager,
-            Folder,
-            StorageConfig
+        const enable = enableCompanyFeature ?? this.configService.isCompanyFeatureEnabled();
+        const entities = await import('../entities');
+        return enable ? [
+            entities.FileManagerWithCompany,
+            entities.FolderWithCompany,
+            entities.StorageConfigWithCompany
+        ] : [
+            entities.FileManager,
+            entities.Folder,
+            entities.StorageConfig
         ];
     }
     // Overrides
@@ -138,8 +128,8 @@ export class StorageDataSourceProvider extends MultiTenantDataSourceService {
             StorageDataSourceProvider.connectionLocks.delete(tenant.id);
         }
     }
-    constructor(storageOptions, request){
-        super(StorageDataSourceProvider.buildParentOptions(storageOptions), request), _define_property(this, "storageOptions", void 0), _define_property(this, "logger", void 0), this.storageOptions = storageOptions, this.logger = new Logger(StorageDataSourceProvider.name);
+    constructor(configService, request){
+        super(StorageDataSourceProvider.buildParentOptions(configService.getOptions()), request), _define_property(this, "configService", void 0), _define_property(this, "logger", void 0), this.configService = configService, this.logger = new Logger(StorageDataSourceProvider.name);
     }
 }
 // Override parent's static properties to have Storage-specific cache
@@ -153,12 +143,12 @@ StorageDataSourceProvider = _ts_decorate([
     Injectable({
         scope: Scope.REQUEST
     }),
-    _ts_param(0, Inject(STORAGE_MODULE_OPTIONS)),
+    _ts_param(0, Inject(StorageConfigService)),
     _ts_param(1, Optional()),
     _ts_param(1, Inject(REQUEST)),
     _ts_metadata("design:type", Function),
     _ts_metadata("design:paramtypes", [
-        typeof StorageModuleOptions === "undefined" ? Object : StorageModuleOptions,
+        typeof StorageConfigService === "undefined" ? Object : StorageConfigService,
         typeof Request === "undefined" ? Object : Request
     ])
 ], StorageDataSourceProvider);

package/fesm/services/storage-provider-config.service.js

@@ -27,8 +27,9 @@ function _ts_param(paramIndex, decorator) {
 }
 import { RequestScopedApiService, HybridCache } from '@flusys/nestjs-shared/classes';
 import { UtilsService } from '@flusys/nestjs-shared/modules';
+import { applyCompanyFilter, buildCompanyWhereCondition } from '@flusys/nestjs-shared/utils';
 import { Inject, Injectable, Scope } from '@nestjs/common';
-import { StorageConfigService } from '../config';
+import { StorageConfigService } from './storage-config.service';
 import { StorageConfig, StorageConfigWithCompany } from '../entities';
 import { StorageDataSourceProvider } from './storage-datasource.provider';
 export class StorageProviderConfigService extends RequestScopedApiService {
@@ -38,16 +39,13 @@ export class StorageProviderConfigService extends RequestScopedApiService {
     getDataSourceProvider() {
         return this.dataSourceProvider;
     }
-    // Entity Conversion
     async convertSingleDtoToEntity(dto, user) {
         const entity = await super.convertSingleDtoToEntity(dto, user);
-        // Set companyId from user context if company feature enabled
         if (this.storageConfig.isCompanyFeatureEnabled()) {
             entity.companyId = user?.companyId ?? null;
         }
         return entity;
     }
-    // Query Customization
     async getSelectQuery(query, _user, select) {
         if (!select?.length) {
             select = [
@@ -72,19 +70,14 @@ export class StorageProviderConfigService extends RequestScopedApiService {
     }
     async getExtraManipulateQuery(query, filterDto, user) {
         const result = await super.getExtraManipulateQuery(query, filterDto, user);
-        if (this.storageConfig.isCompanyFeatureEnabled() && user?.companyId) {
-            query.andWhere('storageConfig.companyId = :companyId', {
-                companyId: user.companyId
-            });
-        }
+        applyCompanyFilter(query, {
+            isCompanyFeatureEnabled: this.storageConfig.isCompanyFeatureEnabled(),
+            entityAlias: 'storageConfig'
+        }, user);
         query.orderBy(`${this.entityName}.createdAt`, 'DESC');
         return result;
     }
-    /**
-   * Find storage config by ID without throwing (returns null if not found)
-   * Uses direct repository query - bypasses company filtering
-   * Use for internal operations like file deletion where config ID is already known
-   */ async findByIdDirect(id) {
+    async findByIdDirect(id) {
         await this.ensureRepositoryInitialized();
         return await this.repository.findOne({
             where: {
@@ -92,19 +85,11 @@ export class StorageProviderConfigService extends RequestScopedApiService {
             }
         });
     }
-    /**
-   * Get default storage configuration (scoped to user's company if enabled)
-   * Priority: isDefault=true > any active config (oldest first)
-   */ async getDefaultConfig(user) {
+    async getDefaultConfig(user) {
         await this.ensureRepositoryInitialized();
-        const baseWhere = {
+        const baseWhere = buildCompanyWhereCondition({
             isActive: true
-        };
-        // Filter by company only if company feature is enabled and user is provided
-        if (this.storageConfig.isCompanyFeatureEnabled() && user?.companyId) {
-            baseWhere.companyId = user.companyId;
-        }
-        // First try to find config marked as default
+        }, this.storageConfig.isCompanyFeatureEnabled(), user);
         const defaultConfig = await this.repository.findOne({
             where: {
                 ...baseWhere,
@@ -117,7 +102,6 @@ export class StorageProviderConfigService extends RequestScopedApiService {
         if (defaultConfig) {
             return defaultConfig;
         }
-        // Fall back to any available active config (oldest first for consistency)
         return await this.repository.findOne({
             where: baseWhere,
             order: {
@@ -125,18 +109,12 @@ export class StorageProviderConfigService extends RequestScopedApiService {
             }
         });
     }
-    /**
-   * Get storage configuration by type (scoped to user's company if enabled)
-   */ async getConfigByType(storage, user) {
+    async getConfigByType(storage, user) {
         await this.ensureRepositoryInitialized();
-        const where = {
+        const where = buildCompanyWhereCondition({
             storage,
             isActive: true
-        };
-        // Filter by company only if company feature is enabled and user is provided
-        if (this.storageConfig.isCompanyFeatureEnabled() && user?.companyId) {
-            where.companyId = user.companyId;
-        }
+        }, this.storageConfig.isCompanyFeatureEnabled(), user);
         return await this.repository.find({
             where
         });

package/fesm/services/upload.service.js

@@ -25,25 +25,60 @@ function _ts_param(paramIndex, decorator) {
         decorator(target, key, paramIndex);
     };
 }
-import { BadRequestException, Inject, Injectable, InternalServerErrorException, Logger, NotFoundException, Scope } from '@nestjs/common';
-import { StorageConfigService } from '../config';
+import { ErrorHandler, validateCompanyOwnership } from '@flusys/nestjs-shared/utils';
+import { BadRequestException, Inject, Injectable, Logger, NotFoundException, Scope } from '@nestjs/common';
+import { StorageConfigService } from './storage-config.service';
 import { FileLocationEnum } from '../enums/file-location.enum';
 import { StorageFactoryService } from '../providers/storage-factory.service';
 import { StorageProviderConfigService } from './storage-provider-config.service';
+import { FileValidator } from '../utils/file-validator.util';
 export class UploadService {
     /**
-   * Validate file before upload
+   * Validate file before upload - includes size, type, and content validation.
+   * Uses magic bytes to verify file content matches declared MIME type.
    */ validateFile(file) {
         // Validate file size
         const sizeValidation = this.storageConfigService.validateFileSize(file.size);
         if (!sizeValidation.valid) {
             throw new BadRequestException(sizeValidation.message);
         }
-        // Validate file type
+        // Validate declared file type (MIME)
         const typeValidation = this.storageConfigService.validateFileType(file.mimetype);
         if (!typeValidation.valid) {
             throw new BadRequestException(typeValidation.message);
         }
+        // Validate file content matches declared type (magic bytes check)
+        // This prevents MIME type spoofing attacks
+        const allowedTypes = this.storageConfigService.getAllowedFileTypes();
+        const contentValidation = FileValidator.validateFileContent(file.buffer, file.mimetype, allowedTypes);
+        if (!contentValidation.valid) {
+            this.logger.warn(`File content validation failed: ${contentValidation.message}`, {
+                declaredType: file.mimetype,
+                detectedType: contentValidation.detectedType
+            });
+            throw new BadRequestException(contentValidation.message || 'File content validation failed');
+        }
+        // Sanitize filename to prevent path traversal attacks
+        file.originalname = FileValidator.sanitizeFilename(file.originalname);
+    }
+    /**
+   * Create provider from storage config entity
+   */ async createProviderFromConfig(config) {
+        return this.storageFactory.createProvider({
+            provider: config.storage,
+            config: config.config
+        });
+    }
+    /**
+   * Create fallback local provider
+   */ async createFallbackLocalProvider() {
+        this.logger.warn('No storage config found, using fallback local provider');
+        return this.storageFactory.createProvider({
+            provider: FileLocationEnum.LOCAL,
+            config: {
+                basePath: this.storageConfigService.getDefaultLocalStoragePath()
+            }
+        });
     }
     /**
    * Get storage provider and config info based on storage config ID
@@ -57,13 +92,8 @@ export class UploadService {
             if (!config) {
                 throw new NotFoundException('Storage configuration not found');
             }
-            // Validate company ownership if company feature enabled
-            if (this.storageConfigService.isCompanyFeatureEnabled() && user?.companyId) {
-                const configWithCompany = config;
-                if (configWithCompany.companyId && configWithCompany.companyId !== user.companyId) {
-                    throw new BadRequestException('Storage configuration belongs to another company');
-                }
-            }
+            // Validate company ownership using shared utility
+            validateCompanyOwnership(config, user, this.storageConfigService.isCompanyFeatureEnabled(), 'Storage configuration');
             storageConfig = config;
         } else {
             // Use default config (scoped to user's company/branch)
@@ -73,13 +103,7 @@ export class UploadService {
             }
             storageConfig = defaultConfig;
         }
-        // Create provider config
-        const providerConfig = {
-            provider: storageConfig.storage,
-            config: storageConfig.config
-        };
-        // Get or create provider instance
-        const provider = await this.storageFactory.createProvider(providerConfig);
+        const provider = await this.createProviderFromConfig(storageConfig);
         return {
             provider,
             location: storageConfig.storage,
@@ -87,74 +111,33 @@ export class UploadService {
         };
     }
     /**
-   * Get storage provider based on storage config ID (convenience method)
-   */ async getStorageProvider(storageConfigId, user) {
-        const { provider } = await this.getStorageProviderWithConfig(storageConfigId, user);
-        return provider;
-    }
-    /**
    * Get storage provider for delete operations with fallback
    * If the original storage config doesn't exist, falls back based on locationHint
-   * This ensures files can still be deleted even if storage config was removed
-   * @param storageConfigId - The storage config ID to look up
-   * @param user - User context for company filtering
-   * @param locationHint - The file's original location type (used for fallback)
    */ async getStorageProviderForDelete(storageConfigId, user, locationHint) {
-        // If storageConfigId provided, try to find it
+        // Try to find by storageConfigId
         if (storageConfigId) {
             const config = await this.storageProviderConfigService.findByIdDirect(storageConfigId);
             if (config) {
-                const providerConfig = {
-                    provider: config.storage,
-                    config: config.config
-                };
-                return await this.storageFactory.createProvider(providerConfig);
+                return this.createProviderFromConfig(config);
             }
-            // Config not found, log warning and try fallback
-            this.logger.warn(`Storage config ${storageConfigId} not found, trying fallback for delete`);
+            this.logger.warn(`Storage config ${storageConfigId} not found, trying fallback`);
         }
-        // Fallback: Use locationHint to find a matching config or create provider
+        // Fallback: Use locationHint to find a matching config
         if (locationHint) {
-            // Try to find a config matching the file's original location type
             const matchingConfigs = await this.storageProviderConfigService.getConfigByType(locationHint, user);
             if (matchingConfigs.length > 0) {
-                const providerConfig = {
-                    provider: matchingConfigs[0].storage,
-                    config: matchingConfigs[0].config
-                };
-                this.logger.debug(`Using matching ${locationHint} config for delete fallback`);
-                return await this.storageFactory.createProvider(providerConfig);
+                return this.createProviderFromConfig(matchingConfigs[0]);
             }
-            // No matching config found, create a basic provider based on locationHint
             if (locationHint === FileLocationEnum.LOCAL) {
-                this.logger.warn('No local config found, using fallback local provider for delete');
-                const localProviderConfig = {
-                    provider: FileLocationEnum.LOCAL,
-                    config: {
-                        basePath: this.storageConfigService.getDefaultLocalStoragePath()
-                    }
-                };
-                return await this.storageFactory.createProvider(localProviderConfig);
+                return this.createFallbackLocalProvider();
             }
         }
-        // Last resort: Try default config (might be different provider type)
+        // Last resort: Try default config
         const defaultConfig = await this.storageProviderConfigService.getDefaultConfig(user);
         if (defaultConfig) {
-            const providerConfig = {
-                provider: defaultConfig.storage,
-                config: defaultConfig.config
-            };
-            return await this.storageFactory.createProvider(providerConfig);
+            return this.createProviderFromConfig(defaultConfig);
         }
-        // Final fallback: Create a basic local provider
-        this.logger.warn('No storage config found, using fallback local provider for delete');
-        const localProviderConfig = {
-            provider: FileLocationEnum.LOCAL,
-            config: {
-                basePath: this.storageConfigService.getDefaultLocalStoragePath()
-            }
-        };
-        return await this.storageFactory.createProvider(localProviderConfig);
+        return this.createFallbackLocalProvider();
     }
     async uploadSingleFile(file, options, user) {
         try {
@@ -168,9 +151,9 @@ export class UploadService {
                 location,
                 storageConfigId: configId
             };
-        } catch (err) {
-            this.logger.error('Single file upload failed', err);
-            throw new InternalServerErrorException(err?.message || 'Single file upload failed');
+        } catch (error) {
+            ErrorHandler.logError(this.logger, error, 'uploadSingleFile');
+            ErrorHandler.rethrowError(error);
         }
     }
     async uploadMultipleFiles(files, options, user) {
@@ -187,31 +170,31 @@ export class UploadService {
                     location,
                     storageConfigId: configId
                 }));
-        } catch (err) {
-            this.logger.error('Multiple files upload failed', err);
-            throw new InternalServerErrorException(err?.message || 'Multiple files upload failed');
+        } catch (error) {
+            ErrorHandler.logError(this.logger, error, 'uploadMultipleFiles');
+            ErrorHandler.rethrowError(error);
         }
     }
     async deleteSingleFile(key, storageConfigId, user, locationHint) {
         try {
-            if (!key) throw new Error('No file path provided');
+            if (!key) throw new BadRequestException('No file path provided');
             const provider = await this.getStorageProviderForDelete(storageConfigId, user, locationHint);
             await provider.deleteFile(key);
             return true;
-        } catch (err) {
-            this.logger.error('Delete single file failed', err);
-            throw new InternalServerErrorException(err?.message || 'Delete single file failed');
+        } catch (error) {
+            ErrorHandler.logError(this.logger, error, 'deleteSingleFile');
+            ErrorHandler.rethrowError(error);
         }
     }
     async deleteMultipleFile(keys, storageConfigId, user, locationHint) {
         try {
-            if (!keys || !keys.length) throw new Error('No file paths provided');
+            if (!keys || !keys.length) throw new BadRequestException('No file paths provided');
             const provider = await this.getStorageProviderForDelete(storageConfigId, user, locationHint);
             await provider.deleteMultipleFiles(keys);
             return true;
-        } catch (err) {
-            this.logger.error('Delete multiple files failed', err);
-            throw new InternalServerErrorException(err?.message || 'Delete multiple files failed');
+        } catch (error) {
+            ErrorHandler.logError(this.logger, error, 'deleteMultipleFiles');
+            ErrorHandler.rethrowError(error);
         }
     }
     bytesToKb(bytes) {
@@ -241,7 +224,8 @@ export class UploadService {
             }
             return null;
         } catch (error) {
-            this.logger.warn(`Failed to get local storage basePath: ${error.message}`);
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            this.logger.warn(`Failed to get local storage basePath: ${errorMessage}`);
             return null;
         }
     }
@@ -251,16 +235,16 @@ export class UploadService {
    * For Local/SFTP: returns direct path
    */ async makeFileUrl(key, storageConfigId, expiresIn = 3600, user) {
         try {
-            const provider = await this.getStorageProvider(storageConfigId, user);
+            const { provider } = await this.getStorageProviderWithConfig(storageConfigId, user);
             // Check if provider supports presigned URLs
             if (provider.generatePresignedUrl) {
                 return await provider.generatePresignedUrl(key, expiresIn);
             }
             // For SFTP or other providers without presigned URLs
             return key;
-        } catch (err) {
-            this.logger.error('Generate file URL failed', err);
-            throw new InternalServerErrorException(err?.message || 'Generate file URL failed');
+        } catch (error) {
+            ErrorHandler.logError(this.logger, error, 'makeFileUrl');
+            ErrorHandler.rethrowError(error);
         }
     }
     // NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild