The Big Idea
What if a simple file rename could crash your app or open security holes?
0Why File type validation in Express? - Purpose & Use Cases
Start learning this pattern below
Jump into concepts and practice - no test required
or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
The Scenario
Imagine you build a website where users upload images. You try to check file types by looking at file extensions manually after upload.
The Problem
Manual checks are unreliable because users can rename files to wrong extensions. This causes security risks and broken app behavior.
The Solution
File type validation libraries in Express automatically check the real file type before saving, preventing bad files from entering your system.
Before vs After
✗ Before
if (file.originalname.endsWith('.jpg')) { saveFile(file); } else { reject(); }
✓ After
fileFilter: (req, file, cb) => { if (file.mimetype.startsWith('image/')) cb(null, true); else cb(null, false); }What It Enables
This lets your app safely accept only allowed file types, improving security and user experience.
Real Life Example
A photo sharing app uses file type validation to ensure users upload only images, avoiding crashes from unsupported files.
Key Takeaways
Manual file type checks are error-prone and unsafe.
Express file validation checks real file data, not just names.
This protects your app and users from bad uploads.
Practice
1. What is the main purpose of using
fileFilter in multer when handling file uploads in Express?easy
Solution
Step 1: Understand multer's fileFilter role
ThefileFilterfunction is designed to check the file type before saving.Step 2: Identify the purpose of fileFilter
It filters files by MIME type or extension to allow only certain types.Final Answer:
To allow only specific file types to be uploaded -> Option DQuick Check:
fileFilter controls allowed file types [OK]
Hint: fileFilter controls which file types multer accepts [OK]
Common Mistakes:
- Confusing fileFilter with file renaming
- Thinking fileFilter compresses files
- Assuming fileFilter stores files in DB
2. Which of the following is the correct syntax to define a
fileFilter function in multer that only accepts PNG files?easy
Solution
Step 1: Check multer fileFilter signature
The function receives (req, file, cb) and calls cb(error, acceptBoolean).Step 2: Validate correct callback usage
fileFilter: (req, file, cb) => { cb(null, file.mimetype === 'image/png'); } correctly calls cb with null error and true/false for acceptance based on mimetype.Final Answer:
fileFilter: (req, file, cb) => { cb(null, file.mimetype === 'image/png'); } -> Option AQuick Check:
fileFilter uses cb(null, boolean) [OK]
Hint: fileFilter callback needs (null, true/false) to accept/reject [OK]
Common Mistakes:
- Omitting the null error argument in callback
- Using wrong parameter order
- Checking file.type instead of file.mimetype
3. Given the following multer setup, what happens when a user uploads a file with MIME type 'image/jpeg'?
const upload = multer({
fileFilter: (req, file, cb) => {
if (file.mimetype === 'image/png') {
cb(null, true);
} else {
cb(new Error('Only PNG files allowed'), false);
}
}
});medium
Solution
Step 1: Analyze fileFilter logic for 'image/jpeg'
The code only accepts 'image/png'; other types cause an error callback.Step 2: Determine multer behavior on error in fileFilter
Calling cb with an Error rejects the upload and triggers the error handler.Final Answer:
The upload fails with an error 'Only PNG files allowed' -> Option CQuick Check:
fileFilter error rejects upload [OK]
Hint: fileFilter error callback blocks upload with message [OK]
Common Mistakes:
- Assuming non-PNG files are accepted
- Thinking files get renamed automatically
- Believing upload silently ignores invalid files
4. Identify the error in this multer fileFilter function that aims to accept only PDF files:
fileFilter: (req, file, cb) => {
if (file.mimetype = 'application/pdf') {
cb(null, true);
} else {
cb(null, false);
}
}medium
Solution
Step 1: Check the if condition syntax
The code uses single = which assigns value instead of comparing.Step 2: Understand impact of assignment in condition
This causes the condition to always be true, accepting all files incorrectly.Final Answer:
Using assignment (=) instead of comparison (===) in the if condition -> Option BQuick Check:
Use === for comparison, not = [OK]
Hint: Use === for comparison, not = assignment [OK]
Common Mistakes:
- Confusing = and === in conditions
- Omitting error argument in callback is allowed here
- Mixing up file.type and file.mimetype
5. You want to allow users to upload only images (PNG, JPEG) and PDFs, and provide a clear error message if the file type is invalid. Which
fileFilter function correctly implements this in Express using multer?hard
Solution
Step 1: Check correct MIME type validation
fileFilter: (req, file, cb) => { const allowed = ['image/png', 'image/jpeg', 'application/pdf']; if (allowed.includes(file.mimetype)) { cb(null, true); } else { cb(new Error('Invalid file type. Only PNG, JPEG, PDF allowed'), false); } } uses an array and includes() to check if file.mimetype matches allowed types.Step 2: Verify error handling and message clarity
fileFilter: (req, file, cb) => { const allowed = ['image/png', 'image/jpeg', 'application/pdf']; if (allowed.includes(file.mimetype)) { cb(null, true); } else { cb(new Error('Invalid file type. Only PNG, JPEG, PDF allowed'), false); } } calls cb with an Error and false to reject invalid types with a clear message.Final Answer:
fileFilter function that checks allowed MIME types array and returns error with message -> Option AQuick Check:
Use array.includes and error callback for validation [OK]
Hint: Use array.includes for multiple types and error callback for messages [OK]
Common Mistakes:
- Using || incorrectly without repeating comparisons
- Using && which requires all types at once (impossible)
- Checking file.extension which is not a multer property