search

jaydenseric / graphql-upload

Middleware and an Upload scalar to add support for GraphQL multipart requests (file uploads via queries and mutations) to various Node.js GraphQL servers.
https://npm.im/graphql-upload
MIT License
1.42k stars 131 forks source link

Can we add filter by disabled file mime types? #373

Closed pashak09 closed 1 year ago

pashak09 commented 1 year ago

This will most likely slow down the processing of the request, but will allow the to check the client sent file type.

jaydenseric commented 1 year ago

Thank you for putting together a contribution :)

There are two reasons not to add a feature like this:

  1. It doesn't make sense to restrict the types of uploads the GraphQL server accepts for the Upload scalar, in the same way that it wouldn't make sense to have a server wide filter on the types of strings or numbers the String or Int scalars can accept. It is up to resolvers to validate the inputs they receive; ideally if your GraphQL schema grows to have a mutation that accepts different kinds of files than past mutations, you just need to add that new mutation with new validation rules in the resolver. You shouldn't have to reconfigure the server middleware.
  2. The MIME type for file fields in multipart requests can easily be lied about by the client, so you need to have resolver code that inspects the file upload stream to detect and validate the real content type of the file's data anyway. I have deliberately avoided adding features that validate the client provided file MIME types because almost certainly people won't read the fine print and will solely rely on it.