Security News
Combatting Alert Fatigue by Prioritizing Malicious Intent
In 2023, data breaches surged 78% from zero-day and supply chain attacks, but developers are still buried under alerts that are unable to prevent these threats.
Multer is a node.js middleware for handling multipart/form-data, which is primarily used for uploading files. It is written on top of busboy for maximum efficiency.
File Uploads
This feature allows you to upload files to your server. The code sample demonstrates how to handle a single file upload with Multer.
const multer = require('multer');
const upload = multer({ dest: 'uploads/' });
app.post('/upload', upload.single('file'), function (req, res) {
// req.file is the `file` file
res.send('File uploaded!');
});
Multiple Files Upload
Multer also supports uploading multiple files at once. The code sample shows how to handle multiple file uploads, limiting to 12 files in this case.
const multer = require('multer');
const upload = multer({ dest: 'uploads/' });
app.post('/upload', upload.array('files', 12), function (req, res) {
// req.files is array of `files` files
res.send('Multiple files uploaded!');
});
Disk Storage
Multer allows you to customize the storage of files. This code sample demonstrates how to use disk storage to control the storage location and file naming.
const multer = require('multer');
const storage = multer.diskStorage({
destination: function (req, file, cb) {
cb(null, 'uploads/')
},
filename: function (req, file, cb) {
cb(null, file.fieldname + '-' + Date.now())
}
});
const upload = multer({ storage: storage });
Memory Storage
For temporary storage or when you want to process the file without saving it to disk, you can use memory storage. The code sample shows how to store a file in memory.
const multer = require('multer');
const upload = multer({ storage: multer.memoryStorage() });
app.post('/upload', upload.single('file'), function (req, res) {
// req.file is the `file` file stored in memory
res.send('File uploaded and stored in memory!');
});
File Filtering
Multer provides a way to filter out files based on conditions you set. This code sample demonstrates file filtering to only allow JPEG images.
const multer = require('multer');
const upload = multer({
fileFilter: function (req, file, cb) {
if (file.mimetype !== 'image/jpeg') {
return cb(new Error('Only JPEG files are allowed!'), false);
}
cb(null, true);
}
});
Formidable is an alternative to Multer for parsing form data, especially file uploads. It is less middleware-oriented and more flexible in terms of handling various form parsing tasks.
Busboy is a low-level Node.js module for parsing incoming HTML form data. Multer is built on top of Busboy, but provides a more convenient middleware API for integrating with Express.js applications.
Multiparty is another module for handling multipart/form-data requests, which is the type of requests that file uploads usually come in. It is similar to Multer but has a different API and is used in a slightly different way.
Multer is a Connect middleware for handling multipart/form-data. It can be used with both Connect and Express, seamlessly. It is based on busboy.
Install the Multer package from npm:
$ npm install multer
Include the Multer middleware in your app:
...
var multer = require('multer');
app.use(multer({ dest: './uploads/'}));
...
IMPORTANT: Multer will not process any form which not multipart/form-data submitted via the POST method.
A multer file object is a JSON object with the following properties.
fieldname
- Field name specified in the formoriginalname
- Name of the file on the user's computername
- Renamed file nameencoding
- Encoding type of the filemimetype
- Mime type of the filepath
- Location of the uploaded fileextension
- Extension of the fileMulter accepts an options object, the most basic of which is the dest
property, which tells Multer where to upload the files to. In case you omit the options object, the file will be renamed and uploaded to the temporary directory of the system.
By the default, Multer will rename the files so as to avoid name conflicts. The renaming function can be customized according to your needs.
The following are the options that can be passed to Multer.
dest
rename(fieldname, filename)
onFileUploadStart(file)
onFileUploadData(file, data)
onFileUploadComplete(file)
onParseStart()
onParseEnd()
onError()
In an average web app, only dest
and rename
might be required, and configured as shown in the example.
app.use(multer({
dest: './uploads/',
rename: function(fieldname, filename) {
return filename.replace(/\W+/g, '-').toLowerCase() + Date.now();
}
}));
The details of the properties of the options object is explained in the following sections.
###dest
The destination directory for the uploaded files.
Example:
dest: './uploads/'
###rename(fieldname, filename)
Function to rename the uploaded files. Whatever the function returns will become the new name of the uploaded file (extension is not included). The fieldname
and filename
of the file will be available in this function, use them if you need to.
Example:
rename: function(fieldname, filename) {
return fieldname + filename + Date.now();
}
###onFileUploadStart(file)
Event handler triggered when a file starts to be uploaded. A file object with the following properties are available to this function: fieldname
, originalname
, name
, encoding
, mimetype
, path
, extension
.
Example:
onFileUploadStart: function(file) {
console.log(file.fieldname + ' is starting ...');
}
###onFileUploadData(file, data)
Event handler triggered when a chunk of buffer is received. A buffer object along with a file object is available to the function.
Example:
onFileUploadData: function(file, data) {
console.log(data.lenth + ' of ' + file.fieldname + ' arrived');
}
###onFileUploadComplete(file)
Event handler trigger when a file is completely uploaded. A file object is available to the function.
Example:
onFileUploadComplete: function(file) {
console.log(file.fieldname + ' uploaded to ' + file.path);
}
###onParseStart()
Event handler triggered when the form parsing starts.
Example:
onParseStart: function() {
console.log('Form parsing started at: ', new Date());
}
###onParseEnd()
Event handler triggered when the form parsing completes.
Example:
onParseStart: function() {
console.log('Form parsing completed at: ', new Date());
}
###onError()
Event handler for any errors encountering while processing the form. The error
object and the next
object is available to the function. If you are handling errors yourself, make sure to terminate the request or call the next()
function, else the request will be left hanging.
Example:
onError: function(error, next) {
console.log(error);
next(error);
}
Copyright (c) 2014 Hage Yaapa <http://www.hacksparrow.com>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Middleware for handling `multipart/form-data`.
The npm package multer receives a total of 4,139,357 weekly downloads. As such, multer popularity was classified as popular.
We found that multer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In 2023, data breaches surged 78% from zero-day and supply chain attacks, but developers are still buried under alerts that are unable to prevent these threats.
Security News
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
Security News
License exceptions modify the terms of open source licenses, impacting how software can be used, modified, and distributed. Developers should be aware of the legal implications of these exceptions.