how would you validate an uploaded file's mime_type in Rails controller?

Question

I'm encrypting my Shrine file uploads in a controller action, and need some way of validating their mime types before doing anything else. Shrine's validation plugins are great, but they do not work on encrypted files. I need to come up with a way around this.

Suggestions here are for ActiveStorage, and seem off. The first post suggests validating in the model, but I need to do it in the controller. Possibly something like...

def create
 image = params.require(:id_doc).fetch(:image)
 respond_to do |format|
  if image.content_type == 'image/jpeg' || image.content_type == 'image/png' && image.size <= 3.megabytes
   #encrypt file and save
   format.html { redirect_to root_path }
  else
   format.html { redirect_to onboard_queued_path }
 end
end

Even then it seems insecure. I could just change file names. This answer seems promising. Alternately I could use this but I would prefer not to install an entire gem.

score 1 · Answer 1 · answered Nov 23 '20 at 04:44

1

The answer was in the docs.

Since I want to determine the mime type before passing the file off to anything else, I simply do Shrine.mime_type(image) in the controller.

answered Nov 23 '20 at 04:44

calyxofheld

1,538
3
24
62

how would you validate an uploaded file's mime_type in Rails controller?

1 Answers1