Route-level file signature validation for hapi temporary file payloads
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib
test
.gitignore
.travis.yml
CHANGELOG.md
CONTRIBUTING.md
LICENSE
README.md
package-lock.json
package.json

README.md

lafayette

Route-level file type validation for hapi parsed multipart/form-data temporary file request payloads. Also works as a standalone module, and most importantly, works in tandem with thurston for a truly magical experience.

NPM Version Build Status Coverage Status Dependencies Dev Dependencies

Table of Contents

Installation

Install via NPM.

$ npm install lafayette

Usage

async validate(payload, options)

Validates all values in a payload that match the hapi temporary file pattern object given a whitelist of file types provided in the options. Results in a joi-like ValidationError if some file type is not allowed or unknown, otherwise it returns the original parsed payload to account for additional custom validation.

Hapi

const Hapi = require('hapi');
const Lafayette = require('lafayette');

const server = new Hapi.Server({
    routes: {
        validate: {
            options: {
                whitelist: ['image/png']
            }
        }
    }
});

server.route({
    options: {
        validate: {
            // override the default `failAction` if you want further
            // details about the validation error
            failAction: (request, h, err) => {
                // throw the error as is
                throw err;
            },
            payload: Lafayette.validate
        },
        payload: {
            output: 'file',
            parse: true
        }
    }
});

Standalone

const Fs = require('fs');
const Lafayette = require('lafayette');

const options = { whitelist: ['image/png'] };

Fs.createWriteStream('file.png').end(Buffer.from('89504e470d0a1a0a', 'hex'));

const png = {
    filename: 'file.png',
    path: '.',
    headers: {
        'content-disposition': 'form-data; name="file"; filename="file.png"',
        'content-type': 'image/png'
    },
    bytes: 8
};

try {
    const payload = await Lafayette.validate({ file: png }, options);
    console.log(payload); // { file: { filename: 'file.png', path: '.', ... } }
}
catch (err) {
    throw err;
}
const Fs = require('fs');
const Lafayette = require('lafayette');

const options = { whitelist: ['image/png'] };

Fs.createWriteStream('file.gif').end(Buffer.from('474946383761', 'hex'));

const gif = {
    filename: 'file.gif',
    path: '.',
    headers: {
        'content-disposition': 'form-data; name="file"; filename="file.gif"',
        'content-type': 'image/gif'
    },
    bytes: 6
};

try {
    await Lafayette.validate({ file: gif }, options);
}
catch (err) {
    console.log(err); // [ValidationError: child "file" fails because ["file" type is not allowed]]
}

Supported File Types

The same as file-type.