burton

burton

File type validation for hapi raw stream multipart/form-data request payloads.

Like most modern magicians, builds on the work, knowledge and influence of others before it, in this case, henning.

Table of Contents

• Installation
• Usage
  • Example
• Supported File Types

Installation

Install via NPM.

$ npm install burton

Usage

Register the package as a server plugin to enable validation for each route that does not parse — parse: false — into a stream, the files in the request payload — output: 'stream'. For every other route with a different configuration, the validation is skipped.

If the validation fails, a joi-like 400 Bad Request error is returned alongside an additional content-validation: failure response header. If everything is ok, the response will ultimately contain a content-validation: success header.

Also, if the Content-Type request header is not multipart/form-data, a 415 Unsupported Media Type error is returned, but in this case, without any additional response header.

Example

const Hapi = require('hapi');
const Burton = require('burton');

try {
    const server = new Hapi.Server();

    server.route({
        options: {
            payload: {
                output: 'stream',
                parse: false
            }
            // go nuts
        }
    });

    await server.register({
        plugin: Burton,
        options: {
            // Allow png files only
            whitelist: ['image/png']
        }
    });

    await server.start();
}
catch (err) {
    throw err;
}

Supported File Types

The same as file-type.