Bird
Raised Fist0
Expressframework~5 mins

File type validation in Express - Cheat Sheet & Quick Revision

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What is file type validation in Express?
File type validation in Express means checking the type of a file uploaded by a user to make sure it matches allowed formats before saving or processing it.
Click to reveal answer
beginner
Which middleware is commonly used in Express to handle file uploads and validate file types?
Multer is a popular middleware for handling file uploads in Express. It can be configured to validate file types by checking the file's mimetype or extension.
Click to reveal answer
intermediate
How can you reject files with disallowed types using Multer?
You can use Multer's fileFilter option, a function that receives the file and a callback. Inside, check the file's mimetype or extension. If allowed, call callback(null, true); if not, call callback(new Error('Invalid file type'), false).
Click to reveal answer
beginner
Why is it important to validate file types on the server side?
Validating file types on the server protects your app from harmful files, prevents unexpected errors, and ensures users upload only supported formats.
Click to reveal answer
intermediate
What is a simple example of a fileFilter function in Multer that only allows PNG and JPEG images?
A fileFilter function checks if file.mimetype is 'image/png' or 'image/jpeg'. If yes, it accepts the file; otherwise, it rejects it with an error.
Click to reveal answer
Which Express middleware is best suited for handling file uploads and validating file types?
ABody-parser
BHelmet
CCors
DMulter
In Multer's fileFilter function, what should you do to reject a file with an invalid type?
ACall callback(null, true)
BCall callback(new Error('Invalid file type'), false)
CThrow an exception
DReturn false
Which property of the uploaded file is commonly checked to validate its type?
Afile.size
Bfile.path
Cfile.mimetype
Dfile.name
Why should file type validation not rely only on the file extension?
AExtensions can be changed by users and may not reflect the real file type
BExtensions are always correct
CExtensions are checked by the browser
DExtensions are not sent in uploads
What happens if you do not validate file types on the server?
AUsers can upload harmful or unsupported files
BAll files are accepted safely
CFiles are automatically converted
DUploads are blocked
Explain how to implement file type validation in Express using Multer.
Think about how Multer lets you control which files to accept.
You got /4 concepts.
    Why is server-side file type validation important even if the client validates files?
    Consider what happens if a user ignores client checks.
    You got /4 concepts.

      Practice

      (1/5)
      1. What is the main purpose of using fileFilter in multer when handling file uploads in Express?
      easy
      A. To store files in a database
      B. To rename the uploaded files automatically
      C. To compress files before saving
      D. To allow only specific file types to be uploaded

      Solution

      1. Step 1: Understand multer's fileFilter role

        The fileFilter function is designed to check the file type before saving.

      2. Step 2: Identify the purpose of fileFilter

        It filters files by MIME type or extension to allow only certain types.

      3. Final Answer:

        To allow only specific file types to be uploaded -> Option D

      4. Quick Check:

        fileFilter controls allowed file types [OK]
      Hint: fileFilter controls which file types multer accepts [OK]
      Common Mistakes:
      • Confusing fileFilter with file renaming
      • Thinking fileFilter compresses files
      • Assuming fileFilter stores files in DB
      2. Which of the following is the correct syntax to define a fileFilter function in multer that only accepts PNG files?
      easy
      A. fileFilter: (req, file, cb) => { cb(null, file.mimetype === 'image/png'); }
      B. fileFilter: (req, file, cb) => { cb(file.mimetype === 'image/png'); }
      C. fileFilter: (req, file) => { return file.mimetype === 'image/png'; }
      D. fileFilter: (file, cb) => { cb(null, file.type === 'image/png'); }

      Solution

      1. Step 1: Check multer fileFilter signature

        The function receives (req, file, cb) and calls cb(error, acceptBoolean).

      2. Step 2: Validate correct callback usage

        fileFilter: (req, file, cb) => { cb(null, file.mimetype === 'image/png'); } correctly calls cb with null error and true/false for acceptance based on mimetype.

      3. Final Answer:

        fileFilter: (req, file, cb) => { cb(null, file.mimetype === 'image/png'); } -> Option A

      4. Quick Check:

        fileFilter uses cb(null, boolean) [OK]
      Hint: fileFilter callback needs (null, true/false) to accept/reject [OK]
      Common Mistakes:
      • Omitting the null error argument in callback
      • Using wrong parameter order
      • Checking file.type instead of file.mimetype
      3. Given the following multer setup, what happens when a user uploads a file with MIME type 'image/jpeg'? 
      const upload = multer({
  fileFilter: (req, file, cb) => {
    if (file.mimetype === 'image/png') {
      cb(null, true);
    } else {
      cb(new Error('Only PNG files allowed'), false);
    }
  }
});
      medium
      A. The upload succeeds but file is renamed
      B. The upload succeeds and file is saved
      C. The upload fails with an error 'Only PNG files allowed'
      D. The upload is ignored silently

      Solution

      1. Step 1: Analyze fileFilter logic for 'image/jpeg'

        The code only accepts 'image/png'; other types cause an error callback.

      2. Step 2: Determine multer behavior on error in fileFilter

        Calling cb with an Error rejects the upload and triggers the error handler.

      3. Final Answer:

        The upload fails with an error 'Only PNG files allowed' -> Option C

      4. Quick Check:

        fileFilter error rejects upload [OK]
      Hint: fileFilter error callback blocks upload with message [OK]
      Common Mistakes:
      • Assuming non-PNG files are accepted
      • Thinking files get renamed automatically
      • Believing upload silently ignores invalid files
      4. Identify the error in this multer fileFilter function that aims to accept only PDF files: 
      fileFilter: (req, file, cb) => {
  if (file.mimetype = 'application/pdf') {
    cb(null, true);
  } else {
    cb(null, false);
  }
}
      medium
      A. Missing error argument in callback
      B. Using assignment (=) instead of comparison (===) in the if condition
      C. Incorrect parameter order in fileFilter function
      D. Using file.type instead of file.mimetype

      Solution

      1. Step 1: Check the if condition syntax

        The code uses single = which assigns value instead of comparing.

      2. Step 2: Understand impact of assignment in condition

        This causes the condition to always be true, accepting all files incorrectly.

      3. Final Answer:

        Using assignment (=) instead of comparison (===) in the if condition -> Option B

      4. Quick Check:

        Use === for comparison, not = [OK]
      Hint: Use === for comparison, not = assignment [OK]
      Common Mistakes:
      • Confusing = and === in conditions
      • Omitting error argument in callback is allowed here
      • Mixing up file.type and file.mimetype
      5. You want to allow users to upload only images (PNG, JPEG) and PDFs, and provide a clear error message if the file type is invalid. Which fileFilter function correctly implements this in Express using multer?
      hard
      A. fileFilter: (req, file, cb) => { const allowed = ['image/png', 'image/jpeg', 'application/pdf']; if (allowed.includes(file.mimetype)) { cb(null, true); } else { cb(new Error('Invalid file type. Only PNG, JPEG, PDF allowed'), false); } }
      B. fileFilter: (req, file, cb) => { if (file.mimetype === 'image/png' || 'image/jpeg' || 'application/pdf') { cb(null, true); } else { cb(null, false); } }
      C. fileFilter: (req, file, cb) => { if (file.mimetype === 'image/png' && file.mimetype === 'image/jpeg' && file.mimetype === 'application/pdf') { cb(null, true); } else { cb(new Error('Only images and PDFs allowed'), false); } }
      D. fileFilter: (req, file, cb) => { const allowed = ['png', 'jpeg', 'pdf']; if (allowed.includes(file.extension)) { cb(null, true); } else { cb(new Error('Wrong file type'), false); } }

      Solution

      1. Step 1: Check correct MIME type validation

        fileFilter: (req, file, cb) => { const allowed = ['image/png', 'image/jpeg', 'application/pdf']; if (allowed.includes(file.mimetype)) { cb(null, true); } else { cb(new Error('Invalid file type. Only PNG, JPEG, PDF allowed'), false); } } uses an array and includes() to check if file.mimetype matches allowed types.

      2. Step 2: Verify error handling and message clarity

        fileFilter: (req, file, cb) => { const allowed = ['image/png', 'image/jpeg', 'application/pdf']; if (allowed.includes(file.mimetype)) { cb(null, true); } else { cb(new Error('Invalid file type. Only PNG, JPEG, PDF allowed'), false); } } calls cb with an Error and false to reject invalid types with a clear message.

      3. Final Answer:

        fileFilter function that checks allowed MIME types array and returns error with message -> Option A

      4. Quick Check:

        Use array.includes and error callback for validation [OK]
      Hint: Use array.includes for multiple types and error callback for messages [OK]
      Common Mistakes:
      • Using || incorrectly without repeating comparisons
      • Using && which requires all types at once (impossible)
      • Checking file.extension which is not a multer property