will/adopt-a-street
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2cdbcfef64dabcb7ea3b2ee7e2509c6d8fa08359
adopt-a-street/backend/middleware/upload.js
William Valentin b3dc608750 feat(backend): implement comprehensive security and validation 
Implement enterprise-grade security measures and input validation:

Security Features:
- Add Helmet.js for security headers (XSS, clickjacking, MIME protection)
- Implement rate limiting (5/15min for auth, 100/15min for API)
- Add Socket.IO JWT authentication middleware
- Fix JWT auth middleware (remove throw in catch, extend token to 7 days)
- Implement centralized error handling with AppError class
- Add CORS restrictive configuration

Input Validation:
- Add express-validator to all routes (auth, streets, tasks, posts, events, rewards, reports, users)
- Create comprehensive validation schemas in middleware/validators/
- Consistent error response format for validation failures

Additional Features:
- Add pagination middleware for all list endpoints
- Add Multer file upload middleware (5MB limit, image validation)
- Update .env.example with all required environment variables

Dependencies Added:
- helmet@8.1.0
- express-rate-limit@8.2.1
- express-validator@7.3.0
- multer@1.4.5-lts.1
- cloudinary@2.8.0

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-01 10:42:19 -07:00

55 lines
1.2 KiB
JavaScript
Raw Blame History

const multer = require("multer");
// Configure multer to use memory storage
const storage = multer.memoryStorage();
// File filter for image validation
const fileFilter = (req, file, cb) => {
// Accept only image files
const allowedMimeTypes = [
"image/jpeg",
"image/jpg",
"image/png",
"image/gif",
"image/webp",
];
if (allowedMimeTypes.includes(file.mimetype)) {
cb(null, true);
} else {
cb(
new Error(
"Invalid file type. Only JPG, PNG, GIF, and WebP images are allowed.",
),
false,
);
}
};
// Create multer upload instance with size limit (5MB)
const upload = multer({
storage: storage,
limits: {
fileSize: 5 * 1024 * 1024, // 5MB max file size
},
fileFilter: fileFilter,
});
// Error handler middleware for multer
const handleUploadError = (err, req, res, next) => {
if (err instanceof multer.MulterError) {
if (err.code === "LIMIT_FILE_SIZE") {
return res.status(400).json({ msg: "File size exceeds 5MB limit" });
}
return res.status(400).json({ msg: err.message });
} else if (err) {
return res.status(400).json({ msg: err.message });
}
next();
};
module.exports = {
upload,
handleUploadError,
};
Reference in New Issue View Git Blame Copy Permalink