fix(wireguard): resolve 500 parse failure on encrypted file upload stream memory buffers

backend/internal/wireguard-fs.js

@@ -67,11 +67,22 @@ export default {
 		const iv = crypto.randomBytes(16);
 		const cipher = crypto.createCipheriv("aes-256-cbc", key, iv);
 
-		// We will write the IV to the very beginning of the file, followed by encrypted data
-		const encryptedBuffer = Buffer.concat([iv, cipher.update(fileBuffer), cipher.final()]);
+		return new Promise((resolve, reject) => {
+			const writeStream = fs.createWriteStream(filePath);
 			
-		await fs.promises.writeFile(filePath, encryptedBuffer);
-		return { success: true, name: safeFilename };
+			writeStream.on("error", (err) => reject(err));
+			writeStream.on("finish", () => resolve({ success: true, name: safeFilename }));
+
+			// Write the 16-byte IV first
+			writeStream.write(iv);
+
+			// Pipe the cipher output to the file
+			cipher.pipe(writeStream);
+
+			// Write the actual file buffer into the cipher
+			cipher.write(fileBuffer);
+			cipher.end();
+		});
 	},
 
 	/**

backend/routes/wireguard.js

@@ -4,7 +4,6 @@ import internalWireguard from "../internal/wireguard.js";
 import internalWireguardFs from "../internal/wireguard-fs.js";
 import internalAuditLog from "../internal/audit-log.js";
 import jwtdecode from "../lib/express/jwt-decode.js";
-import fileUpload from "express-fileupload";
 import db from "../db.js";
 
 const router = express.Router({
@@ -16,12 +15,6 @@ const router = express.Router({
 // Protect all WireGuard routes
 router.use(jwtdecode());
 
-// Enable File Uploads for the File Manager endpoints
-router.use(fileUpload({
-	limits: { fileSize: 500 * 1024 * 1024 }, // 500MB max limit
-	abortOnLimit: true
-}));
-
 /**
  * GET /api/wireguard
  * Get WireGuard interfaces info