Charaf
Reputation: 324
Node JS / Hapi image upload and security
Like many webservices, we need to get our visitors' profile picture. This is done through a simple hapi upload script.
We are now wondering what are the best practices to prevent us from getting a malicious image that could contain a script to be executed directly or through a vulnerability.
What is the best secure process ? Resizing the image ? But what about the several formats available ? Convert everything to PNG in a two-step pass using two different libraries ?
Is there any npm written for that purpose ?
Advises needed.
Upvotes: 1
Views: 1026
Answers (1)
Soni Pandey
Reputation: 514
You can visit for working code in github https://github.com/pandeysoni/Hapi-file-upload-download
/*
* upload file
*/
exports.uploadFile = {
payload: {
maxBytes: 209715200,
output: 'stream',
parse: false
},
handler: function(requset, reply) {
var form = new multiparty.Form();
form.parse(requset.payload, function(err, fields, files) {
if (err) return reply(err);
else upload(files, reply);
});
}
};
/*
* upload file function
*/
var upload = function(files, reply) {
fs.readFile(files.file[0].path, function(err, data) {
checkFileExist();
fs.writeFile(Config.MixInsideFolder + files.file[0].originalFilename, data, function(err) {
if (err) return reply(err);
else return reply('File uploaded to: ' + Config.MixInsideFolder + files.file[0].originalFilename);
});
});
};
Upvotes: 1
Related Questions
- how to upload image or any file using hapijs
- NodeJS remote file upload vulnerability
- How do I give direct access to my files on Hapi (Node.js) server?
- NodeJS/Formidable : secure the backend for images upload
- Hapi: How to send image
- How to upload files using nodejs and HAPI?
- image upload with security related issue
- Manage security on file upload to nodejs
- Image upload in node js
- Uploading photographs