Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
multer-azure-blob-storage
Advanced tools
ES5/6 & Typescript friendly multer storage engine for Azure's blob storage.
ES6 & Typescript friendly Multer storage engine for Azure's blob storage.
npm i -S multer-azure-blob-storage
or
yard add multer-azure-blob-storage
Leverages strong typings
import * as multer from 'multer';
import { MulterAzureStorage, MASNameResolver } from 'multer-azure-blob-storage';
const resolveBlobName: MASNameResolver = (req: any, file: Express.Multer.File): Promise<string> => {
return new Promise<string>((resolve, reject) => {
const blobName: string = yourCustomLogic(req, file);
resolve(blobName);
});
};
export type MetadataObj = { [k: string]: string };
const resolveMetadata: MASObjectResolver = (req: any, file: Express.Multer.File): Promise<MetadataObj> => {
return new Promise<MetadataObj>((resolve, reject) => {
const metadata: MetadataObj = yourCustomLogic(req, file);
resolve(metadata);
});
};
const azureStorage: MulterAzureStorage = new MulterAzureStorage({
connectionString: 'DefaultEndpointsProtocol=https;AccountName=mystorageaccountname;AccountKey=wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY;EndpointSuffix=core.windows.net',
accessKey: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY',
accountName: 'mystorageaccountname',
containerName: 'documents',
blobName: resolveBlobName,
metadata: resolveMetadata,
containerAccessLevel: 'blob',
urlExpirationTime: 60
});
const upload: multer.Instance = multer({
storage: azureStorage
});
app.post('/documents', upload.any(), (req: Request, res: Response, next: NextFunction) => {
console.log(req.files)
res.status(200).json(req.files)
});
Common.js style imports
const multer = require('multer')
const MulterAzureStorage = require('multer-azure-blob-storage').MulterAzureStorage;
E6 style imports
import * as multer from 'multer';
import { MulterAzureStorage } from 'multer-azure-blob-storage';
Rest of the JS code
const resolveBlobName = (req, file) => {
return new Promise((resolve, reject) => {
const blobName = yourCustomLogic(req, file);
resolve(blobName);
});
};
const resolveMetadata = (req, file) => {
return new Promise((resolve, reject) => {
const metadata = yourCustomLogic(req, file);
resolve(metadata);
});
};
const azureStorage = new MulterAzureStorage({
connectionString: 'DefaultEndpointsProtocol=https;AccountName=mystorageaccountname;AccountKey=wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY;EndpointSuffix=core.windows.net',
accessKey: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY',
accountName: 'mystorageaccountname',
containerName: 'documents',
blobName: resolveBlobName,
metadata: resolveMetadata,
containerAccessLevel: 'blob',
urlExpirationTime: 60
});
const upload = multer({
storage: azureStorage
});
app.post('/documents', upload.any(), (req, res, next) => {
console.log(req.files)
res.status(200).json(req.files)
});
More details on using upload
can be found in the Multer documentation
Multer Azure Blob Storage will return the following information in each file uploaded. This can be found in the req.files param:
Key | Description | Note |
---|---|---|
fieldname | The field name/key sent in the form's post request. | Added by Multer |
originalname | Full original name of the file on the user's computer. | Added by Multer |
encoding | File encoding type. | Added by Multer |
mimetype | MIME type of the file. | Added by Multer |
blobName | Blob/file name of created blob in Azure storage. | |
container | Name of azure storage container where the blob/file was uploaded to. | |
blobType | Type of blob. | From the result of call to azure's getBlobProperties() of blobService |
size | Size of the blob. | From the result of call to azure's getBlobProperties() of blobService |
etag | Etag. | From the result of call to azure's getBlobProperties() of blobService |
metadata | Blob's metadata. | From the result of call to azure's getBlobProperties() of blobService |
url | The full url to access the uploaded blob/file. |
Details of the configuration object that needs to be passed into the constructor of the MulterAzureStorage class.
Parameter Name | Type | Sample Value |
---|---|---|
connectionString | string | 'DefaultEndpointsProtocol=https;AccountName=mystorageaccountname;AccountKey=wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY;EndpointSuffix=core.windows.net' |
accessKey | string | 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY' |
accountName | string | 'mystorageaccountname' |
containerName | string or function: MASNameResolver | 'documents' or (req: any, file: Express.Multer.File) => Promise<string> |
metadata | { [k: string]: string } or function: MASObjectResolver | '{author: John Doe; album: ASOT}' or (req: any, file: Express.Multer.File) => Promise<{[k: string]: string}> |
blobName | function: MASNameResolver (optional) | (req: any, file: Express.Multer.File) => Promise<string> |
containerAccessLevel | string (optional) | 'blob' or 'container' or 'private' |
urlExpirationTime | number (optional) | 60 |
For more information about the meaning of individual parameters please check Azure documentation on node.js integration.
For the optional parameters in the configuration object for the MulterAzureStorage class, here are the default fallback:
containerAccessLevel
: bloburlExpirationTime
: 60 minutesblobName
: Date.now() + '-' + uuid.v4() + path.extname(file.originalname). This results in a url safe filename that looks like '1511161727560-d83d24c8-d213-444c-ba72-316c7a858805.png'
The containerName
can be anything you choose, as long as it's unique to the storage account and as long as it fits Azure's naming restrictions. If the container does not exist the storage engine will create it.
The blobName
in an Azure container also needs to have a unique name.
multer-azure-blob-storage
allows you to customize the containerName
and blobName
per request before uploading the file. This can be done by proving a MASNameResolver
function in the configuation object for the desired parameter.
const resolveName: MASNameResolver = (req: any, file: Express.Multer.File): Promise<string> => {
return new Promise<string>((resolve, reject) => {
// Compute containerName or blobName with your custom logic.
const computedName: string = yourCustomLogic(req, file);
resolve(computedName);
});
};
multer-azure-blob-storage
also allows you to add/customize metadata
per request before uploading the file. This can be done by proving a MASObjectResolver
function in the configuation object for the desired parameter.
export type MetadataObj = { [k: string]: string };
const resolveMetadata: MASObjectResolver = (req: any, file: Express.Multer.File): Promise<MetadataObj> => {
return new Promise<MetadataObj>((resolve, reject) => {
const metadata: MetadataObj = yourCustomLogic(req, file);
resolve(metadata);
});
};
For instructions on how to create a storage account, see the following Azure documentation.
Your credentials can all be obtained under the Access keys section in the storage account pane in Azure.
The connectionString
is prefered. If its not provides, please provide accessKey
and accountName
.
You only need to provide one of the two access keys in the accessKey
field.
The accountName
is just the name of your storage account that you've created in Azure.
If using the MulterAzureStorage class without passing in any configuration options then the following environment variables will need to be set:
connectionString
.accessKey
.accountName
.Not implemented yet
All great things are built on the shoulder of giants. I want to thank my giants for lending their shoulders:
FAQs
ES5/6 & Typescript friendly multer storage engine for Azure's blob storage.
The npm package multer-azure-blob-storage receives a total of 2,718 weekly downloads. As such, multer-azure-blob-storage popularity was classified as popular.
We found that multer-azure-blob-storage demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.