Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

How to properly validate the file size of the upload?

See original GitHub issue

I’ve spent about an hour trying to find some resources about this, but couldn’t find anything that actually explained how to validate the file size before uploading it to S3 or wherever. All of the file upload guides/tutorials conveniently skip the issue of file size validation.

So, how would I properly validate the size to make sure an absurdly big file isn’t being POSTed? Sure, I know that I can limit the max file size for this entire lib, but that isn’t granular enough. Some mutations might need to limit the max size at 1MB, and others might need to limit it at 100MB.

My only idea right now is to take the stream returned by createReadStream and try to read it to see how big it is. And then if its ok, create a new read stream for passing to S3 using createReadStream again.

Another relevant question: If I find the file size to be too big, how can I tell this package to clean up the huge file that’s been written to the temp directory?

Thanks in advance

Issue Analytics

State:
Created 3 years ago
Reactions:1
Comments:7 (2 by maintainers)

Top GitHub Comments

3reactions

fabis94commented, May 20, 2020

Improved my example so that the stream is uploaded & validated at the same time.

  // Create pass-through streams for validating file size while uploading to S3
  const validationStream = new PassThrough();
  const uploadStream = new PassThrough();

  let byteLength = 0;
  stream.pipe(validationStream).on("data", (data: Buffer) => {
    byteLength += data.byteLength;

    // Once file size gets too big, kill all streams and halt the upload
    if (byteLength > MaxImageFileSize) {
      uploadStream.destroy(
        new FileManagerError( `Upload exceeds the maximum allowed size!!`)
      );
    }
  });
  stream.pipe(uploadStream);
  
  try {
    const result = await s3client.upload({Body: uploadStream, Bucket: X, Key: Y}).promise();
  } finally {
    uploadStream.destroy();
    validationStream.destroy();
    stream.destroy();
  }

Not sure if I need to destroy all streams at the end, but did it anyway to be safe

Edit: There’s an even better suggestion here https://github.com/mike-marcacci/fs-capacitor/issues/27#issuecomment-631570106. Instead of two pass through streams, you can create a special SizeValidatorStream and just pipe the original stream through it, and then pass the validatorStream into the S3 client.

0reactions

albertlycommented, Nov 26, 2020

@fabis94 or somebody else. Why do you need uploadStream ?

Can you use const result = await s3client.upload({Body: validationStream , Bucket: X, Key: Y}).promise();

Top Results From Across the Web

JavaScript file upload size validation - Stack Overflow

Yes, you can use the File API for this. Here's a complete example (see comments):. document.getElementById("btnLoad").addEventListener("click", function ...

File Upload - OWASP Cheat Sheet Series

Restrict the allowed characters if possible; Set a file size limit; Only allow authorized users to upload files; Store the files on a...

Validation of file size while uploading using JavaScript / jQuery

In this article, we will learn how to implement file size validation by checking file size before uploading using Javascript and jQuery.

File Upload Validation Techniques - Triaxiom Security

Signature Validation This could be done by reading the first 4 – 6 bytes of a file (as an example, a GIF's first...

PHP Image Upload with Size Type Dimension Validation

In PHP, we validate the file type, size and dimension before uploading. The uploaded file data like name size, temporary target are in...