File type validation for hapi raw stream request payloads
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib
test
.gitignore
.travis.yml
CHANGELOG.md
CONTRIBUTING.md
LICENSE
README.md
package-lock.json
package.json

README.md

burton

File type validation for hapi raw stream multipart/form-data request payloads.

Like most modern magicians, builds on the work, knowledge and influence of others before it, in this case, henning.

NPM Version Build Status Coverage Status Dependencies Dev Dependencies

Table of Contents

Installation

Install via NPM.

$ npm install burton

Usage

Register the package as a server plugin to enable validation for each route that does not parse — parse: false — into a stream, the files in the request payload — output: 'stream'. For every other route with a different configuration, the validation is skipped.

If the validation fails, a joi-like 400 Bad Request error is returned alongside an additional content-validation: failure response header. If everything is ok, the response will ultimately contain a content-validation: success header.

Also, if the Content-Type request header is not multipart/form-data, a 415 Unsupported Media Type error is returned, but in this case, without any additional response header.

Example

const Hapi = require('hapi');
const Burton = require('burton');

try {
    const server = new Hapi.Server();

    server.route({
        options: {
            payload: {
                output: 'stream',
                parse: false
            }
            // go nuts
        }
    });

    await server.register({
        plugin: Burton,
        options: {
            // Allow png files only
            whitelist: ['image/png']
        }
    });

    await server.start();
}
catch (err) {
    throw err;
}

Supported File Types

The same as file-type.