fix(security): remove fileId from API responses

- Remove internal database ID (fileId) from formatFileResponse
- Remove fileId from formatFilesResponse
- Update LibresignNextcloudFile type definition
- Only expose nodeId which is the Nextcloud file system ID
- Prevents exposure of internal database structure

Signed-off-by: Vitor Mattos <[email protected]>

Author: vitormattos

lib/Controller/FileController.php

@@ -684,7 +684,6 @@ private function formatFileResponse(FileEntity $mainEntity, array $childFiles):
 		$response = [
 			'message' => $this->l10n->t('Success'),
 			'id' => $mainEntity->getNodeId(),
-			'fileId' => $mainEntity->getId(),
 			'nodeId' => $mainEntity->getNodeId(),
 			'uuid' => $mainEntity->getUuid(),
 			'name' => $mainEntity->getName(),
@@ -718,11 +717,10 @@ private function extractFileName(array $fileData): string {
 
 	/**
 	 * @param FileEntity[] $files
-	 * @return list<array{fileId: int, nodeId: int, uuid: string, name: string, status: int, statusText: string}>
+	 * @return list<array{nodeId: int, uuid: string, name: string, status: int, statusText: string}>
 	 */
 	private function formatFilesResponse(array $files): array {
 		return array_values(array_map(fn (FileEntity $file) => [
-			'fileId' => $file->getId(),
 			'nodeId' => $file->getNodeId(),
 			'uuid' => $file->getUuid(),
 			'name' => $file->getName(),

lib/ResponseDefinitions.php

@@ -47,12 +47,14 @@
  *     message: string,
  *     name: non-falsy-string,
  *     id: int,
+ *     nodeId: int,
  *     uuid: string,
  *     status: int,
  *     statusText: string,
  *     nodeType: 'file'|'envelope',
  *     created_at: string,
- *     files: list<array{id: int, uuid: string, name: string, status: int, statusText: string}>,
+ *     filesCount: int<0, max>,
+ *     files: list<array{nodeId: int, uuid: string, name: string, status: int, statusText: string}>,
  * }
  * @psalm-type LibresignIdentifyAccount = array{
  *     id: non-negative-int,