payload icon indicating copy to clipboard operation
payload copied to clipboard
verified publisher icon payloadcms

Prevent the file from being uploaded if the mimeType is invalid

Open denolfe opened this issue 3 years ago • 2 comments

Discussed in https://github.com/payloadcms/payload/discussions/937

Originally posted by predaytor August 14, 2022 Сurrently, regardless of the configuration, the data is loaded to the disk, even after displaying an invalid mimeType error.

upload: {
    staticURL: '/uploads',

    staticDir: path.resolve(__dirname, '../../uploads'),

    mimeTypes: ['image/*'],
}

image

image

denolfe avatar Aug 15 '22 13:08 denolfe

Successfully recreated issue. Looking into a fix now.

denolfe avatar Aug 15 '22 13:08 denolfe

Right now the create handler writes the uploaded file so that the validation can be performed on it in the beforeValidation hook. That means the file is already written before the error is returned.

To change that we have a few options: A) Split the upload handling into two parts, first write the file, then validate it, and if validation fails delete the file. B) Figure out if we can reliably validate the file as it is coming in as a steam before saving the file so that it is never persisted when invalid.

If we can reliably get B to work that would be ideal as it will take up less bandwidth / IO. I did find this package that might help: https://github.com/sindresorhus/file-type/ There are some types it doesn't cover and we'll need to figure out the details on how this will work.

DanRibbens avatar Aug 16 '22 14:08 DanRibbens