Route-level file type validation for hapi parsed in-memory request payloads
Route-level file type validation for hapi parsed in-memory multipart/form-data request payloads. Also works as a standalone module.
Install via NPM.
$ npm install houdin
validate(payload, options)Validates all Buffer values in a payload given a whitelist of file types provided in the options. Throws a joi-like ValidationError if some file type is not allowed or unknown otherwise it returns the original payload.
const Hapi = require('hapi');
const Houdin = require('houdin');
const server = new Hapi.Server({
routes: {
validate: {
options: {
whitelist: ['image/png']
}
}
}
});
server.route({
options: {
validate: {
// override the default `failAction` if you want further
// details about the validation error
failAction: (request, h, err) => {
// throw the error as is
throw err;
},
payload: Houdin.validate
},
payload: {
output: 'data',
parse: true
}
}
});
const Houdin = require('houdin');
const options = { whitelist: ['image/png'] };
const png = Buffer.from('89504e470d0a1a0a', 'hex');
const payload = Houdin.validate({ file: png }, options);
console.log(payload); // { file: <Buffer 89 50 4e 47 0d 0a 1a 0a> }
const Houdin = require('houdin');
const options = { whitelist: ['image/png'] };
const gif = Buffer.from('474946383761', 'hex');
try {
Houdin.validate({ file: gif }, options);
}
catch (err) {
console.log(err); // [ValidationError: child "file" fails because ["file" type is not allowed]]
}
The same as file-type.
v5.0.2 (2018-03-05)
Closed issues:
Merged pull requests:
FAQs
Route-level file type validation for hapi parsed in-memory request payloads
The npm package houdin receives a total of 0 weekly downloads. As such, houdin popularity was classified as not popular.
We found that houdin demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team uncovered a malicious Python package typosquatting the popular 'fabric' SSH library, silently exfiltrating AWS credentials from unsuspecting developers.
Security News
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.