如果我在上传图片时没有提供文件名,我想看看我的服务器的行为方式,multer只是挂起。有没有办法让multer超时?或者在糟糕的表格上抛出错误?创建DoS攻击非常容易,这就是我所关注的原因。
这是我发送的多部分标题,故意省略文件名:
String header = "--" + boundary + LINE_FEED +
// "Content-Disposition: form-data; name=\"" + field_name + "\"; filename=\"" + "bitmap.jpg" + "\"" + LINE_FEED +
"Content-Disposition: form-data; name=\"" + field_name + "\"" + LINE_FEED +
"Content-Type: " + content_type + LINE_FEED +
"Content-Transfer-Encoding: binary" + LINE_FEED +
LINE_FEED;
这是我的服务器代码挂起。 before upload打印但after upload或Error语句均未打印出来:
const Upload = multer( my_multer_options ); //makes use of multer's fileFilter which isn't even touched when a filename isn't provided.
const uploadFiles = Promise.promisify( Upload.fields([{name: "image", maxCount: 1}]) );
try
{
console.log( "before upload" ); //prints
await uploadFiles(context.req, context.res);
console.log( "after upload" ); //never prints
}
catch ( error )
{
console.log( "Error: " + error ); //never prints
}