Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

express-fileupload

Package Overview
Dependencies
Maintainers
1
Versions
49
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

express-fileupload - npm Package Compare versions

Comparing version 1.1.5 to 1.1.6-alpha.1

2

lib/index.js

@@ -10,2 +10,4 @@ 'use strict';

const DEFAULT_OPTIONS = {
debug: false,
uploadTimeout: 60000,
fileHandler: false,

@@ -12,0 +14,0 @@ uriDecodeFileNames: false,

18

lib/processMultipart.js

@@ -8,2 +8,3 @@ const Busboy = require('busboy');

isFunc,
debugLog,
buildOptions,

@@ -27,3 +28,9 @@ buildFields,

req.files = null;
// Close connection with specified reason and http code, default: 400 Bad Request.
const closeConnection = (code, reason) => {
res.writeHead(code || 400, { Connection: 'close' });
res.end(reason || 'Bad Request');
};
// Build busboy options and init busboy instance.

@@ -46,2 +53,3 @@ let busboyOptions = buildOptions(options, {headers: req.headers});

file.on('limit', () => {
debugLog(options, `File size limit reached for ${field} -> ${name}, bytes: ${getFileSize()}`);
// Run user defined limit handler if it has been set.

@@ -53,4 +61,5 @@ if (isFunc(options.limitHandler)){

if (options.abortOnLimit) {
res.writeHead(413, { Connection: 'close' });
res.end(options.responseOnLimit);
debugLog(options, `Aborting upload because of size limit ${field} -> ${name}, bytes: ${getFileSize()}`);
closeConnection(413, options.responseOnLimit);
cleanup();
}

@@ -79,2 +88,5 @@ });

file.on('error', cleanup, next);
// Debug logging for a new file upload.
debugLog(options, `New file opload ${field} -> ${name}, bytes: ${getFileSize()}`);
});

@@ -81,0 +93,0 @@

2

package.json
{
"name": "express-fileupload",
"version": "1.1.5",
"version": "1.1.6-alpha.1",
"author": "Richard Girges <richardgirges@gmail.com>",

@@ -5,0 +5,0 @@ "description": "Simple express file upload middleware that wraps around Busboy",

3

README.md

@@ -82,3 +82,3 @@ # express-fileupload

preserveExtension | <ul><li><code>false</code>&nbsp;**(default)**</li><li><code>true</code></li><li><code>*Number*</code></li></ul> | Preserves filename extension when using <code>safeFileNames</code> option. If set to <code>true</code>, will default to an extension length of 3. If set to <code>*Number*</code>, this will be the max allowable extension length. If an extension is smaller than the extension length, it remains untouched. If the extension is longer, it is shifted.<br /><br />**Example #1 (true):**<br /><code>app.use(fileUpload({ safeFileNames: true, preserveExtension: true }));</code><br />*myFileName.ext* --> *myFileName.ext*<br /><br />**Example #2 (max extension length 2, extension shifted):**<br /><code>app.use(fileUpload({ safeFileNames: true, preserveExtension: 2 }));</code><br />*myFileName.ext* --> *myFileNamee.xt*
abortOnLimit | <ul><li><code>false</code>&nbsp;**(default)**</li><li><code>true</code></ul> | Returns a HTTP 413 when the file is bigger than the size limit if true. Otherwise, it will add a <code>truncate = true</code> to the resulting file structure.
abortOnLimit | <ul><li><code>false</code>&nbsp;**(default)**</li><li><code>true</code></ul> | Returns a HTTP 413 when the file is bigger than the size limit if true. Otherwise, it will add a <code>truncated = true</code> to the resulting file structure.
responseOnLimit | <ul><li><code>'File size limit has been reached'</code>&nbsp;**(default)**</li><li><code>*String*</code></ul> | Response which will be send to client if file size limit exceeded when abortOnLimit set to true.

@@ -89,2 +89,3 @@ limitHandler | <ul><li><code>false</code>&nbsp;**(default)**</li><li><code>function(req, res, next)</code></li></ul> | User defined limit handler which will be invoked if the file is bigger than configured limits.

parseNested | <ul><li><code>false</code>&nbsp;**(default)**</li><li><code>true</code></li></ul> | By default, req.body and req.files are flattened like this: <code>{'name': 'John', 'hobbies[0]': 'Cinema', 'hobbies[1]': 'Bike'}</code><br /><br/>When this option is enabled they are parsed in order to be nested like this: <code>{'name': 'John', 'hobbies': ['Cinema', 'Bike']}</code>
debug | <ul><li><code>false</code>&nbsp;**(default)**</li><li><code>true</code></ul> | Turn on/off upload process logging. Can be usefull for troubleshooting.

@@ -91,0 +92,0 @@ # Help Wanted

419

test/multipartUploads.spec.js

@@ -21,3 +21,3 @@ 'use strict';

// Reset response body.uploadDir/uploadPath for testing.
const resetBodyUploadData = (res)=>{
const resetBodyUploadData = (res) => {
res.body.uploadDir = '';

@@ -27,6 +27,18 @@ res.body.uploadPath = '';

const genUploadResult = (fileName, filePath) => {
const fileStat = fs.statSync(filePath);
const fileBuffer = fs.readFileSync(filePath);
return {
name: fileName,
md5: md5(fileBuffer),
size: fileStat.size,
uploadDir: '',
uploadPath: ''
};
};
describe('Test Directory Cleaning Method', function() {
it('emptied "uploads" directory', function(done) {
clearUploadsDir();
let filesFound = fs.readdirSync(uploadDir).length;
const filesFound = fs.readdirSync(uploadDir).length;
done(filesFound ? `Directory not empty. Found ${filesFound} files.` : null);

@@ -39,14 +51,9 @@ });

for (let i = 0; i < mockFiles.length; i++) {
let fileName = mockFiles[i];
mockFiles.forEach((fileName) => {
const filePath = path.join(fileDir, fileName);
const uploadedFilePath = path.join(uploadDir, fileName);
const result = genUploadResult(fileName, filePath);
it(`upload ${fileName} with POST`, function(done) {
let filePath = path.join(fileDir, fileName);
let fileBuffer = fs.readFileSync(filePath);
let fileHash = md5(fileBuffer);
let fileStat = fs.statSync(filePath);
let uploadedFilePath = path.join(uploadDir, fileName);
clearUploadsDir();
request(app)

@@ -56,27 +63,7 @@ .post('/upload/single')

.expect(resetBodyUploadData)
.expect(200, {
name: fileName,
md5: fileHash,
size: fileStat.size,
uploadDir: '',
uploadPath: ''
})
.end(function(err) {
if (err) {
return done(err);
}
fs.stat(uploadedFilePath, done);
});
.expect(200, result, err => (err ? done(err) : fs.stat(uploadedFilePath, done)));
});
it(`upload ${fileName} with PUT`, function(done) {
let filePath = path.join(fileDir, fileName);
let fileBuffer = fs.readFileSync(filePath);
let fileHash = md5(fileBuffer);
let fileStat = fs.statSync(filePath);
let uploadedFilePath = path.join(uploadDir, fileName);
clearUploadsDir();
request(app)

@@ -86,19 +73,6 @@ .post('/upload/single')

.expect(resetBodyUploadData)
.expect(200, {
name: fileName,
md5: fileHash,
size: fileStat.size,
uploadDir: '',
uploadPath: ''
})
.end(function(err) {
if (err) {
return done(err);
}
.expect(200, result, err => (err ? done(err) : fs.stat(uploadedFilePath, done)));
});
});
fs.stat(uploadedFilePath, done);
});
});
}
it('fail when no files were attached', function(done) {

@@ -112,7 +86,5 @@ request(app)

it('fail when using GET', function(done) {
let filePath = path.join(fileDir, mockFiles[0]);
request(app)
.get('/upload/single')
.attach('testFile', filePath)
.attach('testFile', path.join(fileDir, mockFiles[0]))
.expect(400)

@@ -123,7 +95,5 @@ .end(done);

it('fail when using HEAD', function(done) {
let filePath = path.join(fileDir, mockFiles[0]);
request(app)
.head('/upload/single')
.attach('testFile', filePath)
.attach('testFile', path.join(fileDir, mockFiles[0]))
.expect(400)

@@ -137,14 +107,9 @@ .end(done);

for (let i = 0; i < mockFiles.length; i++) {
let fileName = mockFiles[i];
mockFiles.forEach((fileName) => {
const filePath = path.join(fileDir, fileName);
const uploadedFilePath = path.join(uploadDir, fileName);
const result = genUploadResult(fileName, filePath);
it(`upload ${fileName} with POST w/ .mv()`, function(done) {
let filePath = path.join(fileDir, fileName);
let fileBuffer = fs.readFileSync(filePath);
let fileHash = md5(fileBuffer);
let fileStat = fs.statSync(filePath);
let uploadedFilePath = path.join(uploadDir, fileName);
clearUploadsDir();
request(app)

@@ -154,27 +119,7 @@ .post('/upload/single')

.expect(resetBodyUploadData)
.expect(200, {
name: fileName,
md5: fileHash,
size: fileStat.size,
uploadDir: '',
uploadPath: ''
})
.end(function(err) {
if (err) {
return done(err);
}
fs.stat(uploadedFilePath, done);
});
.expect(200, result, err => (err ? done(err) : fs.stat(uploadedFilePath, done)));
});
it(`upload ${fileName} with PUT w/ .mv()`, function(done) {
let filePath = path.join(fileDir, fileName);
let fileBuffer = fs.readFileSync(filePath);
let fileHash = md5(fileBuffer);
let fileStat = fs.statSync(filePath);
let uploadedFilePath = path.join(uploadDir, fileName);
clearUploadsDir();
request(app)

@@ -184,38 +129,17 @@ .post('/upload/single')

.expect(resetBodyUploadData)
.expect(200, {
name: fileName,
md5: fileHash,
size: fileStat.size,
uploadDir: '',
uploadPath: ''
})
.end(function(err) {
if (err) {
return done(err);
}
fs.stat(uploadedFilePath, done);
});
.expect(200, result, err => (err ? done(err) : fs.stat(uploadedFilePath, done)));
});
}
});
});
describe('Test Single File Upload with useTempFiles option.', function() {
const app = server.setup({
useTempFiles: true,
tempFileDir: '/tmp/'
});
const app = server.setup({ useTempFiles: true, tempFileDir: '/tmp/' });
for (let i = 0; i < mockFiles.length; i++) {
let fileName = mockFiles[i];
mockFiles.forEach((fileName) => {
const filePath = path.join(fileDir, fileName);
const uploadedFilePath = path.join(uploadDir, fileName);
const result = genUploadResult(fileName, filePath);
it(`upload ${fileName} with POST`, function(done) {
let filePath = path.join(fileDir, fileName);
let fileBuffer = fs.readFileSync(filePath);
let fileHash = md5(fileBuffer);
let fileStat = fs.statSync(filePath);
let uploadedFilePath = path.join(uploadDir, fileName);
clearUploadsDir();
request(app)

@@ -225,24 +149,7 @@ .post('/upload/single')

.expect(resetBodyUploadData)
.expect(200, {
name: fileName,
md5: fileHash,
size: fileStat.size,
uploadDir: '',
uploadPath: ''
})
.end((err) => {
if (err) return done(err);
fs.stat(uploadedFilePath, done);
});
.expect(200, result, err => (err ? done(err) : fs.stat(uploadedFilePath, done)));
});
it(`upload ${fileName} with PUT`, function(done) {
let filePath = path.join(fileDir, fileName);
let fileBuffer = fs.readFileSync(filePath);
let fileHash = md5(fileBuffer);
let fileStat = fs.statSync(filePath);
let uploadedFilePath = path.join(uploadDir, fileName);
clearUploadsDir();
request(app)

@@ -252,15 +159,5 @@ .post('/upload/single')

.expect(resetBodyUploadData)
.expect(200, {
name: fileName,
md5: fileHash,
size: fileStat.size,
uploadDir: '',
uploadPath: ''
})
.end((err) => {
if (err) return done(err);
fs.stat(uploadedFilePath, done);
});
});
}
.expect(200, result, err => (err ? done(err) : fs.stat(uploadedFilePath, done)));
});
});

@@ -275,7 +172,5 @@ it('fail when no files were attached', function(done) {

it('fail when using GET', function(done) {
let filePath = path.join(fileDir, mockFiles[0]);
request(app)
.get('/upload/single')
.attach('testFile', filePath)
.attach('testFile', path.join(fileDir, mockFiles[0]))
.expect(400)

@@ -286,7 +181,5 @@ .end(done);

it('fail when using HEAD', function(done) {
let filePath = path.join(fileDir, mockFiles[0]);
request(app)
.head('/upload/single')
.attach('testFile', filePath)
.attach('testFile', path.join(fileDir, mockFiles[0]))
.expect(400)

@@ -298,19 +191,11 @@ .end(done);

describe('Test Single File Upload with useTempFiles option and empty tempFileDir.', function() {
const app = server.setup({
useTempFiles: true,
tempFileDir: ''
});
const app = server.setup({ useTempFiles: true, tempFileDir: '' });
for (let i = 0; i < mockFiles.length; i++) {
let fileName = mockFiles[i];
mockFiles.forEach((fileName) => {
const filePath = path.join(fileDir, fileName);
const uploadedFilePath = path.join(uploadDir, fileName);
const result = genUploadResult(fileName, filePath);
it(`upload ${fileName} with POST`, function(done) {
let filePath = path.join(fileDir, fileName);
let fileBuffer = fs.readFileSync(filePath);
let fileHash = md5(fileBuffer);
let fileStat = fs.statSync(filePath);
let uploadedFilePath = path.join(uploadDir, fileName);
clearUploadsDir();
request(app)

@@ -320,15 +205,5 @@ .post('/upload/single')

.expect(resetBodyUploadData)
.expect(200, {
name: fileName,
md5: fileHash,
size: fileStat.size,
uploadDir: '',
uploadPath: ''
})
.end((err) => {
if (err) return done(err);
fs.stat(uploadedFilePath, done);
});
});
}
.expect(200, result, err => (err ? done(err) : fs.stat(uploadedFilePath, done)));
});
});
});

@@ -339,14 +214,9 @@

for (let i = 0; i < mockFiles.length; i++) {
let fileName = mockFiles[i];
mockFiles.forEach((fileName) => {
const filePath = path.join(fileDir, fileName);
const uploadedFilePath = path.join(uploadDir, fileName);
const result = genUploadResult(fileName, filePath);
it(`upload ${fileName} with POST w/ .mv() Promise`, function(done) {
let filePath = path.join(fileDir, fileName);
let fileBuffer = fs.readFileSync(filePath);
let fileHash = md5(fileBuffer);
let fileStat = fs.statSync(filePath);
let uploadedFilePath = path.join(uploadDir, fileName);
clearUploadsDir();
request(app)

@@ -356,24 +226,7 @@ .post('/upload/single/promise')

.expect(resetBodyUploadData)
.expect(200, {
name: fileName,
md5: fileHash,
size: fileStat.size,
uploadDir: '',
uploadPath: ''
})
.end((err) => {
if (err) return done(err);
fs.stat(uploadedFilePath, done);
});
.expect(200, result, err => (err ? done(err) : fs.stat(uploadedFilePath, done)));
});
it(`upload ${fileName} with PUT w/ .mv() Promise`, function(done) {
let filePath = path.join(fileDir, fileName);
let fileBuffer = fs.readFileSync(filePath);
let fileHash = md5(fileBuffer);
let fileStat = fs.statSync(filePath);
let uploadedFilePath = path.join(uploadDir, fileName);
clearUploadsDir();
request(app)

@@ -383,15 +236,5 @@ .post('/upload/single/promise')

.expect(resetBodyUploadData)
.expect(200, {
name: fileName,
md5: fileHash,
size: fileStat.size,
uploadDir: '',
uploadPath: ''
})
.end((err) => {
if (err) return done(err);
fs.stat(uploadedFilePath, done);
});
});
}
.expect(200, result, err => (err ? done(err) : fs.stat(uploadedFilePath, done)));
});
});

@@ -406,7 +249,5 @@ it('fail when no files were attached', function(done) {

it('fail when using GET', function(done) {
let filePath = path.join(fileDir, mockFiles[0]);
request(app)
.get('/upload/single')
.attach('testFile', filePath)
.attach('testFile', path.join(fileDir, mockFiles[0]))
.expect(400)

@@ -417,7 +258,5 @@ .end(done);

it('fail when using HEAD', function(done) {
let filePath = path.join(fileDir, mockFiles[0]);
request(app)
.head('/upload/single')
.attach('testFile', filePath)
.attach('testFile', path.join(fileDir, mockFiles[0]))
.expect(400)

@@ -429,19 +268,11 @@ .end(done);

describe('Test Single File Upload w/ .mv() Promise and useTempFiles set to true', function() {
const app = server.setup({
useTempFiles: true,
tempFileDir: '/tmp/'
});
const app = server.setup({ useTempFiles: true, tempFileDir: '/tmp/' });
for (let i = 0; i < mockFiles.length; i++) {
let fileName = mockFiles[i];
mockFiles.forEach((fileName) => {
const filePath = path.join(fileDir, fileName);
const uploadedFilePath = path.join(uploadDir, fileName);
const result = genUploadResult(fileName, filePath);
it(`upload ${fileName} with POST w/ .mv() Promise`, function(done) {
let filePath = path.join(fileDir, fileName);
let fileBuffer = fs.readFileSync(filePath);
let fileHash = md5(fileBuffer);
let fileStat = fs.statSync(filePath);
let uploadedFilePath = path.join(uploadDir, fileName);
clearUploadsDir();
request(app)

@@ -451,24 +282,7 @@ .post('/upload/single/promise')

.expect(resetBodyUploadData)
.expect(200, {
name: fileName,
md5: fileHash,
size: fileStat.size,
uploadDir: '',
uploadPath: ''
})
.end((err) => {
if (err) return done(err);
fs.stat(uploadedFilePath, done);
});
.expect(200, result, err => (err ? done(err) : fs.stat(uploadedFilePath, done)));
});
it(`upload ${fileName} with PUT w/ .mv() Promise`, function(done) {
let filePath = path.join(fileDir, fileName);
let fileBuffer = fs.readFileSync(filePath);
let fileHash = md5(fileBuffer);
let fileStat = fs.statSync(filePath);
let uploadedFilePath = path.join(uploadDir, fileName);
clearUploadsDir();
request(app)

@@ -478,15 +292,5 @@ .post('/upload/single/promise')

.expect(resetBodyUploadData)
.expect(200, {
name: fileName,
md5: fileHash,
size: fileStat.size,
uploadDir: '',
uploadPath: ''
})
.end((err) => {
if (err) return done(err);
fs.stat(uploadedFilePath, done);
});
});
}
.expect(200, result, err => (err ? done(err) : fs.stat(uploadedFilePath, done)));
});
});

@@ -501,7 +305,5 @@ it('fail when no files were attached', function(done) {

it('fail when using GET', function(done) {
let filePath = path.join(fileDir, mockFiles[0]);
request(app)
.get('/upload/single')
.attach('testFile', filePath)
.attach('testFile', path.join(fileDir, mockFiles[0]))
.expect(400)

@@ -512,7 +314,5 @@ .end(done);

it('fail when using HEAD', function(done) {
let filePath = path.join(fileDir, mockFiles[0]);
request(app)
.head('/upload/single')
.attach('testFile', filePath)
.attach('testFile', path.join(fileDir, mockFiles[0]))
.expect(400)

@@ -523,3 +323,2 @@ .end(done);

describe('Test Multi-File Upload', function() {

@@ -529,6 +328,4 @@ const app = server.setup();

it('upload multiple files with POST', function(done) {
let req = request(app).post('/upload/multiple');
clearUploadsDir();
const req = request(app).post('/upload/multiple');
let expectedResult = [];

@@ -542,3 +339,3 @@ let expectedResultSorted = [];

expectedResult.push({
name:fileName,
name: fileName,
md5: md5(fs.readFileSync(filePath)),

@@ -579,6 +376,4 @@ size: fileStat.size,

it('upload array of files with POST', function(done) {
let req = request(app).post('/upload/array');
clearUploadsDir();
const req = request(app).post('/upload/array');
let expectedResult = [];

@@ -623,15 +418,13 @@ let expectedResultSorted = [];

const app = server.setup();
mockFiles.forEach((fileName) => {
const filePath = path.join(fileDir, fileName);
const uploadedFilePath = path.join(uploadDir, fileName);
// Expected results
const result = genUploadResult(fileName, filePath);
result.firstName = mockUser.firstName;
result.lastName = mockUser.lastName;
result.email = mockUser.email;
for (let i = 0; i < mockFiles.length; i++) {
let fileName = mockFiles[i];
it(`upload ${fileName} and submit fields at the same time with POST`, function(done) {
let filePath = path.join(fileDir, fileName);
let fileBuffer = fs.readFileSync(filePath);
let fileHash = md5(fileBuffer);
let fileStat = fs.statSync(filePath);
let uploadedFilePath = path.join(uploadDir, fileName);
clearUploadsDir();
request(app)

@@ -644,28 +437,7 @@ .post('/upload/single/withfields')

.expect(resetBodyUploadData)
.expect(200, {
firstName: mockUser.firstName,
lastName: mockUser.lastName,
email: mockUser.email,
name: fileName,
md5: fileHash,
size: fileStat.size,
uploadDir: '',
uploadPath: ''
},
function(err) {
if (err) return done(err);
fs.stat(uploadedFilePath, done);
});
.expect(200, result, err => (err ? done(err) : fs.stat(uploadedFilePath, done)));
});
it(`upload ${fileName} and submit fields at the same time with PUT`, function(done) {
let filePath = path.join(fileDir, fileName);
let fileBuffer = fs.readFileSync(filePath);
let fileStat = fs.statSync(filePath);
let fileHash = md5(fileBuffer);
let uploadedFilePath = path.join(uploadDir, fileName);
clearUploadsDir();
request(app)

@@ -678,18 +450,5 @@ .put('/upload/single/withfields')

.expect(resetBodyUploadData)
.expect(200, {
firstName: mockUser.firstName,
lastName: mockUser.lastName,
email: mockUser.email,
name: fileName,
md5: fileHash,
size: fileStat.size,
uploadDir: '',
uploadPath: ''
},
function(err) {
if (err) return done(err);
fs.stat(uploadedFilePath, done);
});
});
}
.expect(200, result, err => (err ? done(err) : fs.stat(uploadedFilePath, done)));
});
});
});
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc