I use JS lib (https://github.com/mikedeboer/node-github) to call GitHub api: https://developer.github.com/v3/repos/contents/ to get content from repo.
When the return type is 'file', I want to know it's mime-type. If I write the return content into a file on hard driver, there are lots of way to tell the mime-type.
My question is how to know the mime-type without writing it into a file on hard driver.
That information is not available through the Git API (which for performance reason, does not scan all files to determine their MIME)
That means, since you don't want to write the file and analyse it with, for instance, npm mime-type, that you will have to rely on the file name extension (with npm broofa/node-mime, or now npm mime for instance).
That is not as reliable as analyzing the stream content, but it is a possible workaround.
var mime = require('mime');
mime.lookup('/path/to/file.txt'); // => 'text/plain'
mime.lookup('file.txt'); // => 'text/plain'
Related
i am creating a api service using nodejs and express and to parse multipart request i am using multerjs. I have to receive a pdf file from rest request and it is coming as multipart/form-data and to verify file type i am checking the file.minetype
Now the issue is if someone changes the file extension like from mp4 -> pdf it also changes the mimetype to pdf and the file is accepted as pdf so how do i sniff the mimetype for content is their any way to do without any new packages. I really need to do it without using any packages as it'll take a really long to get a new package to approved
Apollo Server 2.0 has the ability to receive file uploads as described in this blog post.
However, all the tutorials and blog posts I found only showed how to upload a file. Nobody demonstrated how to actually retrieve the file back to display it onscreen.
Does anybody know how to properly query the file contents for display onscreen?
Also, there's the possibility that maybe there is no way of querying a file and you have to build a separate rest endpoint to retrieve the contents?
Some thoughts:
I imagine the query to be something like
query {
fetchImage(id: 'someid')
}
with the respective server-side definition
type Query {
fetchImage(id : ID!): Upload //maybe also a custom type, but how do I include the actual file contents?
}
Hint: Upload is a scalar type that apollo-server automatically adds to your type definition. It is used for the upload so I imaging it also being usable for the download/query. Please read the blog post mentioned above for more information.
The response from a GraphQL service is always serialized as a JSON object. Technically, a format other than JSON could be used in serialization but in practice only JSON is used because it meets the serialization requirements in the spec. So, the only way to send a file through GraphQL would be to convert the file into some format that's JSON-compatible. For example, you could convert a Buffer to a byte array and send that as an array of integers. You would also have to send the appropriate mime type. It would be up to the client to convert the byte array back into a usable format on receiving the response.
If you go this route, you'd have to use your own scalar or object type -- the Upload scalar does not support serialization so it will throw if you try to use it as an output type (and it's not really suitable for this sort of thing anyway).
However, while doing this is technically possible, it's also inadvisable. Serializing a larger file could cause you to run out of memory since there's no way to stream data through GraphQL (the entire response has to be in memory before it can be sent). It's much better to serve the file statically (ideally using nginx instead of Node). If your API needs to refer to the file, it can then just return the file's path.
You can do this by installing express with apollo server.
apollo-server-express
Install above package and instantiate Express object with Apollo Server as explained in package docs.
Then set the static folder using express like this
app.use("/uploads", express.static("uploads")); //Server Static files over Http
uploads is my static folder & /uploads will server get request to that path
//Now I can access static files like this
http://localhost:4000/uploads/test.jpg
I am using the Pako NPM package like so: pako.deflate(JSON.stringify(json), { to: 'string' }) to compress a JSON payload and am able to open it up correctly over a REST call by using JSON.parse(pako.inflate(response.body, { to: 'string' })) via another Node.js service successfully.
However, when trying to inflate and view the JSON in a Ruby environment, I'm consistently getting 'inflate': incorrect header check (Zlib::DataError) using Zlib::Inflate.inflate(resp.body). So, in general, how does one get this data viewable from a potentially different language driven micro service by using zlib (or is there another package that can do this...)?
We had to implement an image uploader for a node.js project. As framework we are using express.js We did it like described here: http://howtonode.org/really-simple-file-uploads
But we are not sure how to secure this image uploader. What we did so far is:
checking the file size
checking extension and header
rename the file
file is only accessible over a special route and is not in the root folder
Is this enough? We don't feel very comfortable with the following line:
// CHECKING FOR FILESIZE, EXTENSION, HEADERS
fs.readFile(req.files.displayImage.path, function (err, data) {
...
...
...
// RENAMING FILE
// SAVE FILE
...
...
...
}
Is it save to read the image this way? We are afraid, there could be malicious code in req.files.displayImage.path. Do we need to add more checks or are our checks sufficient? What attack vectors do we offer an attacker if we use the code as described?
Thank you for your advices
Tschoartschi
If you are concerned for opening malicious images on client side as posted in your comments. Try opening third party scripts and untrusted files inside a sandboxed iframe this will protect your users.
In my Spring MVC 3.0 based application I am trying to test the file upload functionality with some validations.
In one validation I changed .exe(executable) file to .txt , and expecting that exe file shouldn't be uploaded in the system.But it gets uploaded.
I am checking content type of file but in this case once file extension is changed it's content types also gets changed from "application/octet-stream" to "text/plain".
I am testing on Firefox and Google Chrome. And At Controller level Uploaded file is being read using MultipartFile.
Is there any way by which I get the original content type of file in this case "application/octet-stream" ?
When we change the extension of the file before uploading it ..It depends on Operating System weather the MIME type will change or not. Moreover, it is the responsibility of the browser to find out the Mime Type and set into the request header which is being read in the controller.