File type validation for hapi raw temporary file request payloads.
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib
test
.gitignore
.travis.yml
CHANGELOG.md
CONTRIBUTING.md
LICENSE
README.md
package-lock.json
package.json

README.md

coutts

File type validation for hapi raw temporary file multipart/form-data request payloads.

Like most modern magicians, builds on the work, knowledge and influence of others before it, in this case, fischbacher.

NPM Version Build Status Coverage Status Dependencies Dev Dependencies

Table of Contents

Installation

Install via NPM.

$ npm install coutts

Usage

Register the package as a server plugin to enable validation for each route that does not parse — parse: false — into a temporary file, the request payload — output: 'file'. For every other route with a different configuration, the validation is skipped.

If the validation fails, a joi-like 400 Bad Request error is returned alongside an additional content-validation: failure response header. If everything is ok, the response will ultimately contain a content-validation: success header.

Also, if the Content-Type request header is not multipart/form-data, a 415 Unsupported Media Type error is returned, but in this case, without any additional response header.

Example

const Hapi = require('hapi');
const Coutts = require('coutts');

try {
    const server = new Hapi.Server();

    server.route({
        options: {
            payload: {
                output: 'file',
                parse: false
            }
            // go nuts
        }
    });

    await server.register({
        plugin: Coutts,
        options: {
            // Allow png files only
            whitelist: ['image/png']
        }
    });

    await server.start();
}
catch (err) {
    throw err;
}

Supported File Types

The same as file-type.