Upload files to server using Node.js and Multer package
In this article I will tell about how to upload files to server using Node.js and multer package from npm, filter upload files by extension and validate file by check magic numbers.
First, install all dependencies
and create simple express server with render index.ejs
Now you can run server, open url http://localhost:8080/api/file in your browser and see form to choose uploaded file.
Add to server.js file new dependencies: path and multer
and add config object
There are two options available, destination and filename.
destination is to specify the path to the directory where uploaded files will be stored.
filename is used to determine what the file should be named inside the folder. In this case, we upload the file using a return number value from Date.now() instead of the original name and add a original file extension using the built-in path Node.js library.
Thus, the file will be uploaded to the server with original extension.
Now we need to create a POST route that will send the file to the server. Add following code snippet after GET route.
Here multer used settings from storage object we was written above and send the file to the server. If all goes well, you will see the message File is uploaded. You can try it.
Filter upload by file extension
At the moment, we can upload the file to the server with any extension. But what if we want to allow to upload only image files?
To control which files should be uploaded and which should be skipped in multer module provides fileFilter function.
Let’s add this feature.
Add this code snippet
to POST route after storage property like this
Now you can upload files only with png, jpg, gif and jpeg extensions.
Edited: April 23, 2017. Validate Files by Check Magic Numbers.
Comment by Araik Martirosyan:Hey Mikhail, I have a question. How I can validate uploade file, if i change file name and make this myscript.js.jpeg. I dont want this file save on my server side.
To determine if a file is an valid we can read the first bytes of the stream and compare it with magic numbers https://en.wikipedia.org/wiki/Magic_number_(programming). Since multer does not provide file data (we need bitmap in this case) as a solution we can check the magic numbers after uploading the file to the server and if it does not match then delete this file from filesystem.
Since In this article I give an example about the validation image files then the following example I will give about images.
First, declare an object that will contain magic numbers for the file types of interest to us:
then write simple function that we will use to check magic numbers:
at the moment we do not need fileFilter option and you can delete it.
Full code for this example:
Edited: August 1, 2017. Validate Files by Check Magic Numbers Before Write to File System.
In the previous example, we checked the file after it uploaded to the file system and if file is not valid deleted it.
Quote from previous chapter:
Since multer does not provide file data as a solution we can check the magic numbers after uploading the file to the server and if it does not match then delete this file from filesystem.
Multer does not provide file data (we need buffer) if as storage we are using multer.diskStorage(). In this chapter I will tell how to check file signatures (magic numbers) before write file to the filesystem using multer.memoryStorage().
Remove this part of code:
Now every time we upload a file we will have buffer of entire file in req.
We will check first bytes of buffer before write file to the filesystem and if the buffer is no valid the file will not be written to the file system.
buffer variable contains buffer of the entire file, magic variable contains first bytes to check and filename contains name for write file in filesystem.
If buffer is valid if (checkMagicNumbers(magic)) file will be written to the filesystem using fs.writeFile. Otherwise user will have File is no valid message.