Skillshub nestjs-file-uploads
Secure file handling, Validation, and S3 streaming. Use when implementing secure file uploads, validation, or S3 streaming in NestJS. (triggers: **/*.controller.ts, FileInterceptor, Multer, S3, UploadedFile)
install
source · Clone the upstream repo
git clone https://github.com/ComeOnOliver/skillshub
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/ComeOnOliver/skillshub "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/HoangNguyen0403/agent-skills-standard/nestjs-file-uploads" ~/.claude/skills/comeonoliver-skillshub-nestjs-file-uploads && rm -rf "$T"
manifest:
skills/HoangNguyen0403/agent-skills-standard/nestjs-file-uploads/SKILL.mdsource content
File Upload Patterns
Priority: P0 (FOUNDATIONAL)
Secure file upload handling with validation and storage patterns.
- Magic Bytes: NEVER trust
header or file extension.content-type- Tool: Use
orfile-type
to verify the actual buffer signature.mmmagic
- Tool: Use
- Limits: Set strict
(5MB) in Multer config to prevent DoS.limits: { fileSize: 5000000 }
Streaming (Scalability)
- Memory Warning: Default Multer
crashes servers with large files.MemoryStorage - Pattern: Use Streaming for any file > 10MB.
- Library:
(direct upload to bucket) ormulter-s3
(raw stream processing).busboy - Architecture:
- Client requests Signed URL from API.
- Client uploads directly to S3/GCS (Bypassing API server completely).
- Pro Tip: This is the only way to scale file uploads infinitely.
- Library:
Processing
- Async: Don't process images/videos in the HTTP Request.
- Flow:
- Upload file.
- Push
to Queue (BullMQ).FileUploadedEvent - Worker downloads, resizes/converts, and re-uploads.
Anti-Patterns
- No content-type trust: Always verify file magic bytes; MIME header can be spoofed.
- No MemoryStorage for large files: Use streaming or signed URL pattern for files > 10MB.
- No synchronous file processing: Offload image/video work to BullMQ workers via FileUploadedEvent.