Route-level file signature validation for hapi stream payloads
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib
test
.gitignore
.travis.yml
CHANGELOG.md
CONTRIBUTING.md
LICENSE
README.md
package-lock.json
package.json

README.md

thurston

Route-level file type validation for hapi parsed multipart/form-data stream request payloads. Also works as a standalone module, and most importantly, works in tandem with houdin for a truly magical experience.

NPM Version Build Status Coverage Status Dependencies Dev Dependencies

Table of Contents

Installation

Install via NPM.

$ npm install thurston

Usage

async validate(payload, options)

Validates all Stream.Readable values in a payload given a whitelist of file types provided in the options. Throws a joi-like ValidationError if some file type is not allowed or unknown otherwise it returns the original parsed payload.

Hapi

const Hapi = require('hapi');
const Thurston = require('thurston');

const server = new Hapi.Server({
    routes: {
        validate: {
            options: {
                whitelist: ['image/png']
            }
        }
    }
});

server.route({
    config: {
        validate: {
            // override the default `failAction` if you want further
            // details about the validation error
            failAction: (request, h, err) => {
                // throw the error as is
                throw err;
            },
            payload: Thurston.validate
        },
        payload: {
            output: 'stream',
            parse: true
        }
    }
});

Standalone

const Fs = require('fs');
const Thurston = require('thurston');

const options = { whitelist: ['image/png'] };

Fs.createWriteStream('file.png').end(Buffer.from('89504e470d0a1a0a', 'hex'));
const png = Fs.createReadStream('file.png');

try {
    const payload = await Thurston.validate({ file: png }, options);
    console.log(payload); // { file: ReadStream { _readableState: { ..., buffer: [ <Buffer 89 50> ], ... }, ... } }
}
catch (err) {
    // Unreachable code.
});
const Fs = require('fs');
const Thurston = require('thurston');

const options = { whitelist: ['image/png'] };

Fs.createWriteStream('file.gif').end(Buffer.from('474946383761', 'hex'));
const gif = Fs.createReadStream('file.gif');

try {
    await Thurston.validate({ file: gif }, options);
}
catch (err) {
    console.log(err); // [ValidationError: child "file" fails because ["file" type is not allowed]]
}

Supported File Types

The same as file-type.