How to restrict file upload, if it is not valid file format in loopback?

Question

I have added meta data by referring How to store files with meta data in LoopBack?

Now I have to check if the filetype is in csv, before uploading it to the server.

Right now, I delete the uploaded file if it is not valid. Is there a better way to solve this?

let filePath;
File.app.models.container.upload(ctx.req, ctx.result, options, function(err, fileObj) {
    if (err) {
      callback(err);
    }
    let fileInfo = fileObj.files.file[0];
    filePath = path.join("server/storage", fileInfo.container, fileInfo.name);
    if (fileInfo.type === "text/csv") {
      File.create({
        name: fileInfo.name,
        type: fileInfo.type,
        container: fileInfo.container,
        url: path.join(CONTAINERS_URL, fileInfo.container, "/download/",
          fileInfo.name)
      }, function(err, obj) {
        if (err) {
          callback(err);
        }
        callback(null, filePath);
      });
    } else {
      fs.unlinkSync(filePath); //delete if it is not csv
      let error = new Error();
      error.message = "Please upload only csv file";
      error.name = "InvalidFile";
      callback(error);
    }
  });

Answer 1

Here is what I've done,

in middleware.json

 "parse": {
    "body-parser#json": {},
    "body-parser#urlencoded": {"params": { "extended": true }}
 },

in server/server.js

var multer = require('multer');
var boot = require('loopback-boot');
var app = module.exports = loopback();
app.use(bodyParser.json()); // for parsing application/json
app.use(bodyParser.urlencoded({ extended: true })); // for parsing application/x-www-form-urlencoded
app.use(multer()); // for parsing multipart/form-data

and remote method as ,

File.remoteMethod(
  'upload', {
    description: 'Uploads a file with metadata',
    accepts: {arg: 'ctx', type: 'object', http: function(ctx) {
        console.log(ctx.req.files);
        return ctx;
      }
    },
    returns: {arg: 'fileObject', type: 'object', root: true},
    http: {verb: 'post'}
  }
);

Now ctx can give the mime type..

Update 1:

There is another easier option,

You could define the restriction in datasources.local.js as below, I tested with a filesystem provider

module.exports = {
  container: {
    root: "./upload",
    acl: 'public-read',
    allowedContentTypes: ['image/jpg', 'image/jpeg', 'image/png'],
    maxFileSize: 10 * 1024 * 1024
  }
}