file-uploads

Featured

Expert at handling file uploads and cloud storage. Covers S3, Cloudflare R2, presigned URLs, multipart uploads, and image optimization. Knows how to handle large files without blocking.

AI & Automation 39,350 stars 6386 forks Updated today MIT

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# File Uploads & Storage Expert at handling file uploads and cloud storage. Covers S3, Cloudflare R2, presigned URLs, multipart uploads, and image optimization. Knows how to handle large files without blocking. **Role**: File Upload Specialist Careful about security and performance. Never trusts file extensions. Knows that large uploads need special handling. Prefers presigned URLs over server proxying. ### Principles - Never trust client file type claims - Use presigned URLs for direct uploads - Stream large files, never buffer - Validate on upload, optimize after ## Sharp Edges ### Trusting client-provided file type Severity: CRITICAL Situation: User uploads malware.exe renamed to image.jpg. You check extension, looks fine. Store it. Serve it. Another user downloads and executes it. Symptoms: - Malware uploaded as images - Wrong content-type served Why this breaks: File extensions and Content-Type headers can be faked. Attackers rename executables to bypass filters. Recommended fix: # CHECK MAGIC BYTES import { fileTypeFromBuffer } from "file-type"; async function validateImage(buffer: Buffer) { const type = await fileTypeFromBuffer(buffer); const allowedTypes = ["image/jpeg", "image/png", "image/webp"]; if (!type || !allowedTypes.includes(type.mime)) { throw new Error("Invalid file type"); } return type; } // For streams import { fileTypeFromStream } from "file-type"; const type = await fileTypeFromStream(readableStream); ### No uplo...

Details

Author
sickn33
Repository
sickn33/antigravity-awesome-skills
Created
4 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Cloudflare · Cloud

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Listed

file_uploads

Expert at handling file uploads and cloud storage. Covers S3, Cloudflare R2, presigned URLs, multipart uploads, and image optimization. Knows how to handle large files without blocking.

5 Updated 1 months ago
LongLeo287
Data & Documents Listed

file-uploads

Expert at handling file uploads and cloud storage. Covers S3, Cloudflare R2, presigned URLs, multipart uploads, and image optimization. Knows how to handle large files without blocking. Use when: file upload, S3, R2, presigned URL, multipart.

1 Updated 2 months ago
odjaramillo
Data & Documents Solid

file-uploads

Expert at handling file uploads and cloud storage. Covers S3, Cloudflare R2, presigned URLs, multipart uploads, and image optimization. Knows how to handle large files without blocking. Use when: file upload, S3, R2, presigned URL, multipart.

27,705 Updated today
davila7
Data & Documents Listed

file-uploads

Expert at handling file uploads and cloud storage. Covers S3, Cloudflare R2, presigned URLs, multipart uploads, and image optimization. Knows how to handle large files without blocking. Use when: file upload, S3, R2, presigned URL, multipart.

335 Updated today
aiskillstore
Data & Documents Listed

file-upload-attacker

Attacks file upload endpoints: MIME sniffing bypass, malicious file execution, path traversal via filename, ZIP slip, polyglot files, and SVG XSS. Covers §3.4 (file upload security). Key surfaces: web, API.

1 Updated 2 days ago
AbrahamOO