输入验证失败时如何防止Multer文件上载

时间:2019-05-01 15:14:49

标签: node.js express multer joi

我正在创建(POST)路由来处理文件上载,并且除了文件路径之外,还将一些其他属性存储到MongoDB。问题是,当输入验证失败时,该文件仍会上传到static(uploads)文件夹中。

我正在使用Multer中间件进行文件上传。

设置

const storage = multer.diskStorage({
  destination: (req, file, cb) => {
    cb(null, "./uploads/");
  },
  filename: (req, file, cb) => {
    cb(null, Date.now() + "-" + file.originalname);
  }
});

const fileFilter = (req, file, cb) => {
  if (file.mimetype === "image/jpeg" || file.mimetype === "image/png") {
    cb(null, true);
  } else {
    //rejects storing a file
    cb(null, false);
  }
};

const upload = multer({
  storage: storage,
  limits: {
    fileSize: 1024 * 1024 * 5
  },
  fileFilter: fileFilter
});

字段

const seamUpload = upload.fields([
  { name: "stylePicture", maxCount: 1 },
  { name: "materialPicture", maxCount: 1 }
]);

路线

router.post("/", [auth, seamUpload], async (req, res) => {
  const { error } = validateSeam(req.body);
  if (error) return res.status(400).send(error.details[0].message);

  const seam = new Seam({
    stylePicture: req.files["stylePicture"][0].path,
    materialPicture: req.files["materialPicture"][0].path,
    description: req.body.description,
    deliveryDate: req.body.deliveryDate,
    customer: req.body.customerId
  });

  await seam.save();

  res.send(seam);
});

Client(PostMan) Screenshot

2 个答案:

答案 0 :(得分:0)

您可以在multer中间件之前使用验证中间件。 这样,当验证失败时,将不会执行所有后续的中间件,因此不会上传文件。

像这样分开验证:

const validateSeamUpload = (req, res, next) => {
    const { error } = validateSeam(req.body);
    if (error) return res.status(400).send(error.details[0].message);
    return next();
};

然后,像这样在validateSeamUpload中间件之前挂载此seamUpload

router.post("/", [auth, validateSeamUpload, seamUpload], async (req, res) => {
    /** No need for validation here as it was already done in validateSeamUpload */
    const seam = new Seam({
        stylePicture: req.files["stylePicture"][0].path,
        materialPicture: req.files["materialPicture"][0].path,
        description: req.body.description,
        deliveryDate: req.body.deliveryDate,
        customer: req.body.customerId
    });

    await seam.save();

    res.send(seam);
});

顺便说一句,您也可以将它们作为参数传递给post()。像这样:

router.post("/", /** => See, no need for an array */ auth, validateSeamUpload, seamUpload, async (req, res) => {
    /** your controller code */
});

答案 1 :(得分:0)

遇到这个问题的我。 我发现的一种解决方案是,当您在所有模式下的身份验证都出现错误时,在这种情况下,如果您有来自客户端的文件,则可以像这样轻松地将其删除:

    if(req.file) {
       fs.unlink(
             path.join(__dirname, "go to root folder that 'req.file.path' leads to the file", req.file.path),
                (err) => console.log(err));
    }

,或者如果您有多个文件,则应对每个文件执行相同的方法。如果有的话,我很高兴在这里。

我希望通过使用multer软件包来解决这一问题。

祝你好运

相关问题
最新问题