Bird
Raised Fist0
Expressframework~20 mins

File type validation in Express - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
File Type Validation Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What happens when uploading a .txt file with this Express file validation?

Consider this Express middleware snippet that validates uploaded file types:

const multer = require('multer');
const upload = multer({
  fileFilter: (req, file, cb) => {
    if (file.mimetype === 'image/png' || file.mimetype === 'image/jpeg') {
      cb(null, true);
    } else {
      cb(new Error('Only PNG and JPEG allowed'));
    }
  }
});

If a user uploads a file named notes.txt, what will happen?

AThe upload is rejected and an error 'Only PNG and JPEG allowed' is triggered.
BThe upload is accepted and file is saved.
CThe upload is accepted but file is renamed to .png.
DThe upload is rejected with a generic server error.
Attempts:
2 left
💡 Hint

Check the fileFilter function and what happens when the mimetype is not allowed.

📝 Syntax
intermediate
2:00remaining
Which option correctly validates only PDF files in Express multer?

Choose the correct fileFilter function to accept only PDF files.

AfileFilter: (req, file, cb) => { if (file.mimetype === 'application/pdf') cb(null, true); else cb(null, false); }
BfileFilter: (req, file, cb) => { if (file.mimetype === 'pdf') cb(null, true); else cb(null, false); }
CfileFilter: (req, file, cb) => { if (file.mimetype === 'application/pdf') cb(null, true); else cb(new Error('Only PDFs allowed')); }
DfileFilter: (req, file, cb) => { if (file.type === 'application/pdf') cb(null, true); else cb(null, false); }
Attempts:
2 left
💡 Hint

Check the exact mimetype string and how errors are handled.

🔧 Debug
advanced
2:00remaining
Why does this Express file validation always accept files regardless of type?

Look at this fileFilter function:

fileFilter: (req, file, cb) => {
  if (file.mimetype === 'image/png' || 'image/jpeg') {
    cb(null, true);
  } else {
    cb(new Error('Invalid file type'));
  }
}

Why does it accept all files, even non-images?

ABecause the callback is never called.
BBecause the condition always evaluates to true due to incorrect logical OR usage.
CBecause the mimetype property is misspelled.
DBecause the error callback is missing.
Attempts:
2 left
💡 Hint

Look carefully at the condition inside the if statement.

state_output
advanced
2:00remaining
What is the value of req.file after uploading a valid PNG file?

Given this Express route using multer:

const upload = multer({
  fileFilter: (req, file, cb) => {
    if (file.mimetype === 'image/png') cb(null, true);
    else cb(new Error('Only PNG allowed'));
  }
});

app.post('/upload', upload.single('photo'), (req, res) => {
  res.json(req.file);
});

If a user uploads a valid PNG file named pic.png, what will req.file contain?

AAn object with file details including originalname, mimetype, and buffer.
BUndefined, because fileFilter does not save the file.
CAn error object with message 'Only PNG allowed'.
DAn empty object {}.
Attempts:
2 left
💡 Hint

Think about what multer does when the file passes the filter.

🧠 Conceptual
expert
3:00remaining
Which approach best prevents uploading dangerous file types in Express?

To protect your Express app from dangerous file uploads, which approach is most effective?

ARename all files to .txt to neutralize them.
BAllow all uploads and rely on client-side validation.
COnly check the file extension in the filename string.
DCheck the file mimetype and reject disallowed types in multer's fileFilter, then scan file content for malware.
Attempts:
2 left
💡 Hint

Think about both file type validation and security scanning.

Practice

(1/5)
1. What is the main purpose of using fileFilter in multer when handling file uploads in Express?
easy
A. To store files in a database
B. To rename the uploaded files automatically
C. To compress files before saving
D. To allow only specific file types to be uploaded

Solution

  1. Step 1: Understand multer's fileFilter role

    The fileFilter function is designed to check the file type before saving.

  2. Step 2: Identify the purpose of fileFilter

    It filters files by MIME type or extension to allow only certain types.

  3. Final Answer:

    To allow only specific file types to be uploaded -> Option D

  4. Quick Check:

    fileFilter controls allowed file types [OK]
Hint: fileFilter controls which file types multer accepts [OK]
Common Mistakes:
  • Confusing fileFilter with file renaming
  • Thinking fileFilter compresses files
  • Assuming fileFilter stores files in DB
2. Which of the following is the correct syntax to define a fileFilter function in multer that only accepts PNG files?
easy
A. fileFilter: (req, file, cb) => { cb(null, file.mimetype === 'image/png'); }
B. fileFilter: (req, file, cb) => { cb(file.mimetype === 'image/png'); }
C. fileFilter: (req, file) => { return file.mimetype === 'image/png'; }
D. fileFilter: (file, cb) => { cb(null, file.type === 'image/png'); }

Solution

  1. Step 1: Check multer fileFilter signature

    The function receives (req, file, cb) and calls cb(error, acceptBoolean).

  2. Step 2: Validate correct callback usage

    fileFilter: (req, file, cb) => { cb(null, file.mimetype === 'image/png'); } correctly calls cb with null error and true/false for acceptance based on mimetype.

  3. Final Answer:

    fileFilter: (req, file, cb) => { cb(null, file.mimetype === 'image/png'); } -> Option A

  4. Quick Check:

    fileFilter uses cb(null, boolean) [OK]
Hint: fileFilter callback needs (null, true/false) to accept/reject [OK]
Common Mistakes:
  • Omitting the null error argument in callback
  • Using wrong parameter order
  • Checking file.type instead of file.mimetype
3. Given the following multer setup, what happens when a user uploads a file with MIME type 'image/jpeg'? 
const upload = multer({
  fileFilter: (req, file, cb) => {
    if (file.mimetype === 'image/png') {
      cb(null, true);
    } else {
      cb(new Error('Only PNG files allowed'), false);
    }
  }
});
medium
A. The upload succeeds but file is renamed
B. The upload succeeds and file is saved
C. The upload fails with an error 'Only PNG files allowed'
D. The upload is ignored silently

Solution

  1. Step 1: Analyze fileFilter logic for 'image/jpeg'

    The code only accepts 'image/png'; other types cause an error callback.

  2. Step 2: Determine multer behavior on error in fileFilter

    Calling cb with an Error rejects the upload and triggers the error handler.

  3. Final Answer:

    The upload fails with an error 'Only PNG files allowed' -> Option C

  4. Quick Check:

    fileFilter error rejects upload [OK]
Hint: fileFilter error callback blocks upload with message [OK]
Common Mistakes:
  • Assuming non-PNG files are accepted
  • Thinking files get renamed automatically
  • Believing upload silently ignores invalid files
4. Identify the error in this multer fileFilter function that aims to accept only PDF files: 
fileFilter: (req, file, cb) => {
  if (file.mimetype = 'application/pdf') {
    cb(null, true);
  } else {
    cb(null, false);
  }
}
medium
A. Missing error argument in callback
B. Using assignment (=) instead of comparison (===) in the if condition
C. Incorrect parameter order in fileFilter function
D. Using file.type instead of file.mimetype

Solution

  1. Step 1: Check the if condition syntax

    The code uses single = which assigns value instead of comparing.

  2. Step 2: Understand impact of assignment in condition

    This causes the condition to always be true, accepting all files incorrectly.

  3. Final Answer:

    Using assignment (=) instead of comparison (===) in the if condition -> Option B

  4. Quick Check:

    Use === for comparison, not = [OK]
Hint: Use === for comparison, not = assignment [OK]
Common Mistakes:
  • Confusing = and === in conditions
  • Omitting error argument in callback is allowed here
  • Mixing up file.type and file.mimetype
5. You want to allow users to upload only images (PNG, JPEG) and PDFs, and provide a clear error message if the file type is invalid. Which fileFilter function correctly implements this in Express using multer?
hard
A. fileFilter: (req, file, cb) => { const allowed = ['image/png', 'image/jpeg', 'application/pdf']; if (allowed.includes(file.mimetype)) { cb(null, true); } else { cb(new Error('Invalid file type. Only PNG, JPEG, PDF allowed'), false); } }
B. fileFilter: (req, file, cb) => { if (file.mimetype === 'image/png' || 'image/jpeg' || 'application/pdf') { cb(null, true); } else { cb(null, false); } }
C. fileFilter: (req, file, cb) => { if (file.mimetype === 'image/png' && file.mimetype === 'image/jpeg' && file.mimetype === 'application/pdf') { cb(null, true); } else { cb(new Error('Only images and PDFs allowed'), false); } }
D. fileFilter: (req, file, cb) => { const allowed = ['png', 'jpeg', 'pdf']; if (allowed.includes(file.extension)) { cb(null, true); } else { cb(new Error('Wrong file type'), false); } }

Solution

  1. Step 1: Check correct MIME type validation

    fileFilter: (req, file, cb) => { const allowed = ['image/png', 'image/jpeg', 'application/pdf']; if (allowed.includes(file.mimetype)) { cb(null, true); } else { cb(new Error('Invalid file type. Only PNG, JPEG, PDF allowed'), false); } } uses an array and includes() to check if file.mimetype matches allowed types.

  2. Step 2: Verify error handling and message clarity

    fileFilter: (req, file, cb) => { const allowed = ['image/png', 'image/jpeg', 'application/pdf']; if (allowed.includes(file.mimetype)) { cb(null, true); } else { cb(new Error('Invalid file type. Only PNG, JPEG, PDF allowed'), false); } } calls cb with an Error and false to reject invalid types with a clear message.

  3. Final Answer:

    fileFilter function that checks allowed MIME types array and returns error with message -> Option A

  4. Quick Check:

    Use array.includes and error callback for validation [OK]
Hint: Use array.includes for multiple types and error callback for messages [OK]
Common Mistakes:
  • Using || incorrectly without repeating comparisons
  • Using && which requires all types at once (impossible)
  • Checking file.extension which is not a multer property