fix(upload): resolve lint warnings in cloudinary service

- Add eslint-disable for buffer check (can be undefined with disk storage)
- Add type assertion for cloudinary destroy result
- Fix object injection warning by extracting file to variable

Author: PhuocHoan

backend/src/upload/cloudinary.service.ts

@@ -2,6 +2,7 @@ import { Readable } from 'stream';
 
 import { Injectable, BadRequestException } from '@nestjs/common';
 import { ConfigService } from '@nestjs/config';
+
 import {
   v2 as cloudinary,
   UploadApiResponse,
@@ -28,7 +29,7 @@ export class CloudinaryService {
     const apiKey = this.configService.get<string>('CLOUDINARY_API_KEY');
     const apiSecret = this.configService.get<string>('CLOUDINARY_API_SECRET');
 
-    this.isConfigured = !!(cloudName && apiKey && apiSecret);
+    this.isConfigured = Boolean(cloudName && apiKey && apiSecret);
 
     if (this.isConfigured) {
       cloudinary.config({
@@ -120,8 +121,9 @@ export class CloudinaryService {
   ): Promise<CloudinaryUploadResult> {
     // For memory storage, file.buffer is available
     // For disk storage, we'd need to read the file
-    const buffer = file.buffer;
+    const { buffer } = file;
 
+    // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- buffer can be undefined with disk storage
     if (!buffer) {
       throw new BadRequestException(
         'File buffer not available. Ensure memory storage is used.',
@@ -145,7 +147,9 @@ export class CloudinaryService {
   /**
    * Upload an avatar image with automatic optimization
    */
-  async uploadAvatar(file: Express.Multer.File): Promise<CloudinaryUploadResult> {
+  async uploadAvatar(
+    file: Express.Multer.File,
+  ): Promise<CloudinaryUploadResult> {
     return this.uploadFile(file, {
       folder: 'learnix/avatars',
       transformation: {
@@ -189,9 +193,9 @@ export class CloudinaryService {
     }
 
     try {
-      const result = await cloudinary.uploader.destroy(publicId, {
+      const result = (await cloudinary.uploader.destroy(publicId, {
         resource_type: resourceType,
-      });
+      })) as { result: string };
       return result.result === 'ok';
     } catch {
       return false;
@@ -210,7 +214,9 @@ export class CloudinaryService {
 
       // Find the index of 'upload' and get everything after version
       const uploadIndex = pathParts.indexOf('upload');
-      if (uploadIndex === -1) return null;
+      if (uploadIndex === -1) {
+        return null;
+      }
 
       // Skip 'upload' and version (vXXXXXXX)
       const publicIdParts = pathParts.slice(uploadIndex + 2);

backend/src/upload/upload.controller.ts

@@ -14,8 +14,8 @@ import {
 import { ConfigService } from '@nestjs/config';
 import { FileInterceptor, FilesInterceptor } from '@nestjs/platform-express';
 
-import { UploadService } from './upload.service';
 import { CloudinaryService } from './cloudinary.service';
+import { UploadService } from './upload.service';
 import { JwtAuthGuard } from '../auth/guards/jwt-auth.guard';
 
 import type { FileUploadResult } from './upload.service';
@@ -188,13 +188,17 @@ export class UploadController {
       const results = await Promise.all(
         files.map((file) => this.cloudinaryService.uploadCourseImage(file)),
       );
-      return results.map((result, index) => ({
-        filename: result.publicId,
-        originalName: files[index].originalname,
-        mimetype: files[index].mimetype,
-        size: result.bytes,
-        url: result.secureUrl,
-      }));
+      return results.map((result, idx) => {
+        // eslint-disable-next-line security/detect-object-injection -- idx is from array iteration, not user input
+        const file = files[idx];
+        return {
+          filename: result.publicId,
+          originalName: file.originalname,
+          mimetype: file.mimetype,
+          size: result.bytes,
+          url: result.secureUrl,
+        };
+      });
     }
 
     return this.uploadService.processUploadedFiles(files);
@@ -244,7 +248,9 @@ export class UploadController {
     // Try to delete from Cloudinary first if it looks like a Cloudinary public ID
     if (this.useCloudinary || filename.includes('/')) {
       const deleted = await this.cloudinaryService.deleteFile(filename);
-      if (deleted) return;
+      if (deleted) {
+        return;
+      }
     }
 
     // Fall back to local file deletion

backend/src/upload/upload.module.ts

@@ -8,20 +8,20 @@ import { MulterModule } from '@nestjs/platform-express';
 
 import { diskStorage, memoryStorage } from 'multer';
 
+import { CloudinaryService } from './cloudinary.service';
 import { UploadController } from './upload.controller';
 import { UploadService } from './upload.service';
-import { CloudinaryService } from './cloudinary.service';
 
 @Module({
   imports: [
     MulterModule.registerAsync({
       imports: [ConfigModule],
       useFactory: (configService: ConfigService) => {
         // Check if Cloudinary is configured
-        const cloudinaryConfigured = !!(
+        const cloudinaryConfigured = Boolean(
           configService.get<string>('CLOUDINARY_CLOUD_NAME') &&
           configService.get<string>('CLOUDINARY_API_KEY') &&
-          configService.get<string>('CLOUDINARY_API_SECRET')
+          configService.get<string>('CLOUDINARY_API_SECRET'),
         );
 
         // Use memory storage if Cloudinary is configured (for cloud upload)