@flusys/nestjs-storage 1.1.0-beta → 1.1.0

package/cjs/utils/file-validator.util.js

@@ -0,0 +1,458 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "FileValidator", {
+    enumerable: true,
+    get: function() {
+        return FileValidator;
+    }
+});
+const _common = require("@nestjs/common");
+function _define_property(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
+    }
+    return obj;
+}
+/**
+ * Magic byte signatures for common file types.
+ * Each entry maps a hex signature pattern to its MIME type.
+ */ const MAGIC_BYTES = [
+    // Images
+    {
+        signature: [
+            0xff,
+            0xd8,
+            0xff
+        ],
+        offset: 0,
+        mimeType: 'image/jpeg'
+    },
+    {
+        signature: [
+            0x89,
+            0x50,
+            0x4e,
+            0x47,
+            0x0d,
+            0x0a,
+            0x1a,
+            0x0a
+        ],
+        offset: 0,
+        mimeType: 'image/png'
+    },
+    {
+        signature: [
+            0x47,
+            0x49,
+            0x46,
+            0x38,
+            0x37,
+            0x61
+        ],
+        offset: 0,
+        mimeType: 'image/gif'
+    },
+    {
+        signature: [
+            0x47,
+            0x49,
+            0x46,
+            0x38,
+            0x39,
+            0x61
+        ],
+        offset: 0,
+        mimeType: 'image/gif'
+    },
+    {
+        signature: [
+            0x42,
+            0x4d
+        ],
+        offset: 0,
+        mimeType: 'image/bmp'
+    },
+    {
+        signature: [
+            0x52,
+            0x49,
+            0x46,
+            0x46
+        ],
+        offset: 0,
+        mimeType: 'image/webp'
+    },
+    {
+        signature: [
+            0x00,
+            0x00,
+            0x01,
+            0x00
+        ],
+        offset: 0,
+        mimeType: 'image/x-icon'
+    },
+    {
+        signature: [
+            0x00,
+            0x00,
+            0x02,
+            0x00
+        ],
+        offset: 0,
+        mimeType: 'image/x-icon'
+    },
+    // Documents
+    {
+        signature: [
+            0x25,
+            0x50,
+            0x44,
+            0x46
+        ],
+        offset: 0,
+        mimeType: 'application/pdf'
+    },
+    {
+        signature: [
+            0x50,
+            0x4b,
+            0x03,
+            0x04
+        ],
+        offset: 0,
+        mimeType: 'application/zip'
+    },
+    // Audio
+    {
+        signature: [
+            0x49,
+            0x44,
+            0x33
+        ],
+        offset: 0,
+        mimeType: 'audio/mpeg'
+    },
+    {
+        signature: [
+            0xff,
+            0xfb
+        ],
+        offset: 0,
+        mimeType: 'audio/mpeg'
+    },
+    {
+        signature: [
+            0xff,
+            0xfa
+        ],
+        offset: 0,
+        mimeType: 'audio/mpeg'
+    },
+    {
+        signature: [
+            0x4f,
+            0x67,
+            0x67,
+            0x53
+        ],
+        offset: 0,
+        mimeType: 'audio/ogg'
+    },
+    {
+        signature: [
+            0x66,
+            0x4c,
+            0x61,
+            0x43
+        ],
+        offset: 0,
+        mimeType: 'audio/flac'
+    },
+    // Video
+    {
+        signature: [
+            0x00,
+            0x00,
+            0x00,
+            0x1c,
+            0x66,
+            0x74,
+            0x79,
+            0x70
+        ],
+        offset: 0,
+        mimeType: 'video/mp4'
+    },
+    {
+        signature: [
+            0x00,
+            0x00,
+            0x00,
+            0x20,
+            0x66,
+            0x74,
+            0x79,
+            0x70
+        ],
+        offset: 0,
+        mimeType: 'video/mp4'
+    },
+    {
+        signature: [
+            0x1a,
+            0x45,
+            0xdf,
+            0xa3
+        ],
+        offset: 0,
+        mimeType: 'video/webm'
+    },
+    {
+        signature: [
+            0x52,
+            0x49,
+            0x46,
+            0x46
+        ],
+        offset: 0,
+        mimeType: 'video/avi'
+    },
+    // Archives
+    {
+        signature: [
+            0x1f,
+            0x8b
+        ],
+        offset: 0,
+        mimeType: 'application/gzip'
+    },
+    {
+        signature: [
+            0x37,
+            0x7a,
+            0xbc,
+            0xaf,
+            0x27,
+            0x1c
+        ],
+        offset: 0,
+        mimeType: 'application/x-7z-compressed'
+    },
+    {
+        signature: [
+            0x52,
+            0x61,
+            0x72,
+            0x21,
+            0x1a,
+            0x07
+        ],
+        offset: 0,
+        mimeType: 'application/x-rar-compressed'
+    }
+];
+/**
+ * MIME type aliases - types that are equivalent.
+ */ const MIME_ALIASES = {
+    'image/jpeg': [
+        'image/jpg'
+    ],
+    'image/jpg': [
+        'image/jpeg'
+    ],
+    'video/mp4': [
+        'video/quicktime'
+    ],
+    'application/zip': [
+        'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+        'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+        'application/vnd.openxmlformats-officedocument.presentationml.presentation'
+    ]
+};
+/**
+ * File types that are text-based and don't have magic bytes.
+ * SECURITY NOTE: Dangerous types (HTML, JS, SVG) are excluded as they can contain scripts.
+ * These types require explicit allowlisting and additional content scanning.
+ */ const TEXT_BASED_TYPES = [
+    'text/plain',
+    'text/csv',
+    'text/markdown',
+    'application/json',
+    'application/xml',
+    'application/typescript',
+    'text/css'
+];
+/**
+ * Dangerous text-based types that can execute scripts.
+ * These bypass magic-bytes validation but require explicit allowlisting.
+ */ const DANGEROUS_TEXT_TYPES = [
+    'text/html',
+    'application/javascript',
+    'text/javascript',
+    'image/svg+xml',
+    'application/xhtml+xml'
+];
+/**
+ * ZIP-based format prefixes that are valid when detected as application/zip.
+ */ const ZIP_VARIANT_PREFIXES = [
+    'application/vnd.openxmlformats-officedocument',
+    'application/x-zip',
+    'application/x-compressed'
+];
+let FileValidator = class FileValidator {
+    // Result Helpers
+    static failureResult(message, detectedType, declaredType) {
+        return {
+            valid: false,
+            detectedType,
+            declaredType,
+            message
+        };
+    }
+    static successResult(detectedType, declaredType) {
+        return {
+            valid: true,
+            detectedType,
+            declaredType
+        };
+    }
+    /**
+   * Detect file type from buffer using magic bytes.
+   * @param buffer - File buffer to analyze
+   * @returns Detected MIME type or null if unknown
+   */ static detectFileType(buffer) {
+        for (const { signature, offset, mimeType } of MAGIC_BYTES){
+            if (buffer.length < offset + signature.length) continue;
+            let matches = true;
+            for(let i = 0; i < signature.length; i++){
+                if (buffer[offset + i] !== signature[i]) {
+                    matches = false;
+                    break;
+                }
+            }
+            if (matches) {
+                return mimeType;
+            }
+        }
+        return null;
+    }
+    /**
+   * Check if a MIME type is text-based (doesn't have magic bytes).
+   */ static isTextBasedType(mimeType) {
+        return TEXT_BASED_TYPES.some((t)=>mimeType.startsWith(t) || mimeType === t);
+    }
+    /**
+   * Check if a MIME type is a dangerous text type that can execute scripts.
+   */ static isDangerousTextType(mimeType) {
+        return DANGEROUS_TEXT_TYPES.some((t)=>mimeType === t);
+    }
+    /**
+   * Check if two MIME types are compatible (exact match or aliases).
+   */ static mimeTypesMatch(detected, declared) {
+        // Exact match
+        if (detected === declared) return true;
+        // Check aliases
+        const aliases = MIME_ALIASES[detected];
+        if (aliases?.includes(declared)) return true;
+        // Check reverse aliases
+        const reverseAliases = MIME_ALIASES[declared];
+        if (reverseAliases?.includes(detected)) return true;
+        // Check if both are in same category (e.g., both images)
+        const detectedCategory = detected.split('/')[0];
+        const declaredCategory = declared.split('/')[0];
+        // For ZIP-based formats, allow any ZIP-detected file if declared is a ZIP variant
+        if (detected === 'application/zip' && ZIP_VARIANT_PREFIXES.some((v)=>declared.startsWith(v))) {
+            return true;
+        }
+        return detectedCategory === declaredCategory;
+    }
+    /**
+   * Check if a MIME type is in the allowed list.
+   */ static isTypeAllowed(mimeType, allowedTypes) {
+        // Wildcard allows all
+        if (allowedTypes.includes('*/*')) return true;
+        return allowedTypes.some((allowed)=>{
+            // Category wildcard (e.g., "image/*")
+            if (allowed.endsWith('/*')) {
+                const category = allowed.slice(0, -2);
+                return mimeType.startsWith(category);
+            }
+            return allowed === mimeType;
+        });
+    }
+    /**
+   * Validate file content matches declared MIME type using magic bytes.
+   * @param buffer - File buffer
+   * @param declaredMimeType - MIME type declared by client
+   * @param allowedTypes - List of allowed MIME types/patterns
+   * @returns Validation result
+   */ static validateFileContent(buffer, declaredMimeType, allowedTypes = [
+        '*/*'
+    ]) {
+        try {
+            const detectedType = this.detectFileType(buffer);
+            // No magic bytes detected - handle text-based types
+            if (!detectedType) {
+                return this.validateUndetectedType(declaredMimeType, allowedTypes);
+            }
+            // Verify detected type matches declared type
+            if (!this.mimeTypesMatch(detectedType, declaredMimeType)) {
+                this.logger.warn(`MIME type mismatch: declared=${declaredMimeType}, detected=${detectedType}`);
+                return this.failureResult(`File content does not match declared type. Detected: ${detectedType}, Declared: ${declaredMimeType}`, detectedType, declaredMimeType);
+            }
+            // Verify type is in allowed list
+            if (!this.isTypeAllowed(detectedType, allowedTypes)) {
+                return this.failureResult(`File type "${detectedType}" is not allowed`, detectedType, declaredMimeType);
+            }
+            return this.successResult(detectedType, declaredMimeType);
+        } catch (error) {
+            this.logger.error('File validation error:', error);
+            return this.failureResult('File validation failed');
+        }
+    }
+    /**
+   * Handle validation for files without detectable magic bytes.
+   */ static validateUndetectedType(declaredMimeType, allowedTypes) {
+        // Check for dangerous text types first (HTML, JS, SVG)
+        if (this.isDangerousTextType(declaredMimeType)) {
+            const explicitlyAllowed = allowedTypes.some((t)=>t === declaredMimeType && t !== '*/*' && !t.endsWith('/*'));
+            if (!explicitlyAllowed) {
+                this.logger.warn(`Blocked dangerous file type: ${declaredMimeType} - requires explicit allowlisting`);
+                return this.failureResult(`File type "${declaredMimeType}" is potentially dangerous and not explicitly allowed`, declaredMimeType, declaredMimeType);
+            }
+            this.logger.warn(`Allowing explicitly permitted dangerous file type: ${declaredMimeType}`);
+        }
+        // Safe text-based files don't have magic bytes, trust declared type
+        if (this.isTextBasedType(declaredMimeType)) {
+            const isAllowed = this.isTypeAllowed(declaredMimeType, allowedTypes);
+            return isAllowed ? this.successResult(declaredMimeType, declaredMimeType) : this.failureResult(`File type "${declaredMimeType}" is not allowed`, declaredMimeType, declaredMimeType);
+        }
+        // Binary files without recognized signatures - be cautious
+        this.logger.warn(`Unable to detect file type for declared type: ${declaredMimeType}`);
+        return this.failureResult('Unable to verify file type. File may be corrupted or unsupported.', undefined, declaredMimeType);
+    }
+    /**
+   * Sanitize filename to prevent path traversal and special character issues.
+   * @param filename - Original filename
+   * @returns Sanitized filename
+   */ static sanitizeFilename(filename) {
+        return filename// Remove path components (prevent traversal)
+        .replace(/^.*[\\\/]/, '')// Remove null bytes
+        .replace(/\0/g, '')// Replace multiple dots with single
+        .replace(/\.{2,}/g, '.')// Remove special characters except allowed ones
+        .replace(/[^a-zA-Z0-9._-]/g, '_')// Limit length
+        .substring(0, 255);
+    }
+};
+_define_property(FileValidator, "logger", new _common.Logger(FileValidator.name));

package/cjs/utils/image-compressor.util.js

@@ -147,17 +147,12 @@ let ImageCompressor = class ImageCompressor {
                 break;
         }
         try {
-            // Process main image
-            const { data, info } = await image.toBuffer({
-                resolveWithObject: true
-            });
+            const compressedBuffer = await image.toBuffer();
             return {
-                buffer: data,
+                buffer: compressedBuffer,
                 format: `image/${targetFormat}`
             };
-        } catch (error) {
-            // Fallback to original if processing fails
-            console.warn(`Image processing failed: ${error instanceof Error ? error.message : String(error)}`);
+        } catch  {
             return {
                 buffer,
                 format: mimetype

package/config/index.d.ts

@@ -1,2 +1 @@
 export * from './storage.constants';
-export * from './storage-config.service';

package/config/storage.constants.d.ts

@@ -1,11 +1,3 @@
 export declare const STORAGE_MODULE_OPTIONS = "STORAGE_MODULE_OPTIONS";
-export declare const STORAGE_CONFIG_SERVICE = "STORAGE_CONFIG_SERVICE";
-export declare const STORAGE_DATA_SOURCE_PROVIDER = "STORAGE_DATA_SOURCE_PROVIDER";
 export declare const DEFAULT_MAX_FILE_SIZE: number;
 export declare const DEFAULT_ALLOWED_FILE_TYPES: string[];
-export declare const FILE_VALIDATION_MESSAGES: {
-    readonly FILE_TOO_LARGE: "File size exceeds the maximum allowed size";
-    readonly INVALID_FILE_TYPE: "File type is not allowed";
-    readonly NO_FILE_PROVIDED: "No file was provided";
-    readonly UPLOAD_FAILED: "File upload failed";
-};

package/controllers/upload.controller.d.ts

@@ -2,13 +2,10 @@ import { SingleResponseDto } from '@flusys/nestjs-shared/dtos';
 import { ILoggedUserInfo } from '@flusys/nestjs-shared/interfaces';
 import { DeleteMultipleFileDto, DeleteSingleFileDto, FileUploadResponsePayloadDto, UploadOptionsDto } from '../dtos';
 import { UploadService } from '../services/upload.service';
-import { StorageConfigService } from '../config';
-import { StorageFactoryService } from '../providers/storage-factory.service';
 export declare class UploadController {
-    private uploadService;
-    private storageConfigService;
-    private storageFactoryService;
-    constructor(uploadService: UploadService, storageConfigService: StorageConfigService, storageFactoryService: StorageFactoryService);
+    private readonly uploadService;
+    constructor(uploadService: UploadService);
+    private toFileUploadResponse;
     uploadSingleFile(file: Express.Multer.File, options: UploadOptionsDto, user: ILoggedUserInfo): Promise<SingleResponseDto<FileUploadResponsePayloadDto>>;
     uploadMultipleFiles(files: Express.Multer.File[], options: UploadOptionsDto, user: ILoggedUserInfo): Promise<SingleResponseDto<FileUploadResponsePayloadDto[]>>;
     deleteSingleFile(dto: DeleteSingleFileDto, user: ILoggedUserInfo): Promise<SingleResponseDto<boolean>>;

package/dtos/file-manager.dto.d.ts

@@ -1,6 +1,4 @@
-import { FileLocationEnum } from '../enums';
-export declare class CreateFileManagerDto implements Record<string, unknown> {
-    [key: string]: unknown;
+export declare class CreateFileManagerDto {
     name: string;
     key: string;
     size: string;
@@ -8,14 +6,22 @@ export declare class CreateFileManagerDto implements Record<string, unknown> {
     isPrivate: boolean;
     folderId?: string;
     storageConfigId?: string;
-    location?: FileLocationEnum;
+    location?: string;
 }
 declare const UpdateFileManagerDto_base: import("@nestjs/common").Type<Partial<CreateFileManagerDto>>;
-export declare class UpdateFileManagerDto extends UpdateFileManagerDto_base implements Record<string, unknown> {
-    [key: string]: unknown;
+export declare class UpdateFileManagerDto extends UpdateFileManagerDto_base {
     id: string;
 }
-export declare class FileManagerResponseDto extends UpdateFileManagerDto {
+export declare class FileManagerResponseDto {
+    id: string;
+    name: string;
+    key: string;
+    size: string;
+    contentType: string;
+    isPrivate: boolean;
+    folderId?: string;
+    storageConfigId?: string;
+    location?: string;
     providerName?: string;
 }
 export declare class GetFilesRequestDto {

package/dtos/folder.dto.d.ts

@@ -1,13 +1,13 @@
-export declare class CreateFolderDto implements Record<string, unknown> {
-    [key: string]: unknown;
+export declare class CreateFolderDto {
     name: string;
 }
 declare const UpdateFolderDto_base: import("@nestjs/common").Type<Partial<CreateFolderDto>>;
-export declare class UpdateFolderDto extends UpdateFolderDto_base implements Record<string, unknown> {
-    [key: string]: unknown;
+export declare class UpdateFolderDto extends UpdateFolderDto_base {
     id: string;
 }
-export declare class FolderResponseDto extends UpdateFolderDto {
+export declare class FolderResponseDto {
+    id: string;
+    name: string;
     slug: string;
 }
 export {};

package/dtos/storage-config.dto.d.ts

@@ -1,27 +1,20 @@
 import { IdentityResponseDto } from '@flusys/nestjs-shared/dtos';
-import { FileLocationEnum } from '../enums';
-export declare class CreateStorageConfigDto implements Record<string, unknown> {
-    [key: string]: unknown;
+export declare class CreateStorageConfigDto {
     name: string;
-    storage: FileLocationEnum;
-    config: Record<string, any>;
+    storage: string;
+    config: Record<string, unknown>;
     isActive?: boolean;
     isDefault?: boolean;
 }
-export declare class UpdateStorageConfigDto implements Record<string, unknown> {
-    [key: string]: unknown;
+declare const UpdateStorageConfigDto_base: import("@nestjs/common").Type<Partial<Omit<CreateStorageConfigDto, never>>>;
+export declare class UpdateStorageConfigDto extends UpdateStorageConfigDto_base {
     id: string;
-    name?: string;
-    storage?: FileLocationEnum;
-    config?: Record<string, any>;
-    isActive?: boolean;
-    isDefault?: boolean;
 }
-export declare class StorageConfigResponseDto extends IdentityResponseDto implements Record<string, unknown> {
-    [key: string]: unknown;
+export declare class StorageConfigResponseDto extends IdentityResponseDto {
     name: string;
-    storage: FileLocationEnum;
-    config: Record<string, any>;
+    storage: string;
+    config: Record<string, unknown>;
     isActive: boolean;
     isDefault: boolean;
 }
+export {};

package/entities/file-manager-with-company.entity.d.ts

@@ -1,6 +1,6 @@
-import { FileManagerBase } from './file-manager-base.entity';
+import { FileManager } from './file-manager.entity';
 import { FolderWithCompany } from './folder-with-company.entity';
-export declare class FileManagerWithCompany extends FileManagerBase {
+export declare class FileManagerWithCompany extends FileManager {
     companyId: string | null;
     folder: FolderWithCompany | null;
 }

package/entities/file-manager.entity.d.ts

@@ -1,5 +1,14 @@
-import { FileManagerBase } from './file-manager-base.entity';
+import { Identity } from '@flusys/nestjs-shared/entities';
 import { Folder } from './folder.entity';
-export declare class FileManager extends FileManagerBase {
+export declare class FileManager extends Identity {
+    name: string;
+    contentType: string;
+    size: string;
+    key: string;
+    url: string | null;
+    location: string;
+    storageConfigId: string | null;
+    expiresAt: number | null;
+    isPrivate: boolean;
     folder: Folder | null;
 }

package/entities/folder-with-company.entity.d.ts

@@ -1,5 +1,5 @@
-import { FolderBase } from './folder-base.entity';
-export declare class FolderWithCompany extends FolderBase {
+import { Folder } from './folder.entity';
+export declare class FolderWithCompany extends Folder {
     companyId: string | null;
     fileManager: any[];
 }

package/entities/folder.entity.d.ts

@@ -1,4 +1,6 @@
-import { FolderBase } from './folder-base.entity';
-export declare class Folder extends FolderBase {
+import { Identity } from '@flusys/nestjs-shared/entities';
+export declare class Folder extends Identity {
+    name: string;
+    slug: string;
     fileManager: any[];
 }

package/entities/index.d.ts

@@ -1,6 +1,3 @@
-export * from './file-manager-base.entity';
-export * from './folder-base.entity';
-export * from './storage-config-base.entity';
 export * from './file-manager.entity';
 export * from './folder.entity';
 export * from './storage-config.entity';
@@ -15,5 +12,7 @@ import { FolderWithCompany } from './folder-with-company.entity';
 import { StorageConfigWithCompany } from './storage-config-with-company.entity';
 export declare const StorageCoreEntities: (typeof Folder | typeof FileManager | typeof StorageConfig)[];
 export declare const StorageCompanyEntities: (typeof FolderWithCompany | typeof FileManagerWithCompany | typeof StorageConfigWithCompany)[];
-export declare const StorageAllEntities: (typeof Folder | typeof FileManager | typeof StorageConfig)[];
 export declare function getStorageEntitiesByConfig(enableCompanyFeature: boolean): any[];
+export { FileManager as FileManagerBase } from './file-manager.entity';
+export { Folder as FolderBase } from './folder.entity';
+export { StorageConfig as StorageConfigBase } from './storage-config.entity';

package/entities/storage-config-with-company.entity.d.ts

@@ -1,4 +1,4 @@
-import { StorageConfigBase } from './storage-config-base.entity';
-export declare class StorageConfigWithCompany extends StorageConfigBase {
+import { StorageConfig } from './storage-config.entity';
+export declare class StorageConfigWithCompany extends StorageConfig {
     companyId: string | null;
 }

package/entities/storage-config.entity.d.ts

@@ -1,3 +1,8 @@
-import { StorageConfigBase } from './storage-config-base.entity';
-export declare class StorageConfig extends StorageConfigBase {
+import { Identity } from '@flusys/nestjs-shared/entities';
+export declare class StorageConfig extends Identity {
+    name: string;
+    storage: string;
+    config: Record<string, any>;
+    isActive: boolean;
+    isDefault: boolean;
 }