Image upload to cloud code (JS)

#1

Hello, I’m trying to upload an image to my server. I can do with if I create an object and use the .save() methods but I want to do it through cloud code to make it secure but I get the following error:

Captura de ecrã 2021-10-23, às 18.17.02
Captura de ecrã 2021-10-23, às 18.17.021182×610 112 KB

this code is run when the user selected an image

  fileChangeEvent(input:any){
    var file = input.target.files[0];
    var name = file.name; //This does *NOT* need to be a unique name
    this.thumbnailImageFile = new Parse.File(name, file);
  }

and when the user pressed submit:

    const params = {
      title: this.form.title.value,
      lat: this.getNewArtLat(),
      lng: this.getNewArtLng(),
      thumbnail:this.thumbnailImageFile
    };
    
    const response = await Parse.Cloud.run("addArt", params);

Thanks for taking the time :slight_smile:

#2

You can convert file to base64 string and pass that string to cloud params. And construct file in cloud code.

1 Like
#3

Hey thanks for the help.
What if I decide to do something like this is the client

let thumbnailUrl = (await this.thumbnailImageFile.save())._url;

and then pass the thumbnailUrl to the cloud code function.
How can I make sure a malicious user doesn’t abuse the permission of uploading files to my server?

#4

İf you want absolute security you can use file triggers.

#5

By saying absolute security are you implying that saving the object in the client side is already a secure implementation ?

#6

No. Client side code is not secure and can always be compromised. Default file settings are not totally secure either. İn the latest parse server version there are some restrictions but for me it’s not enough. I’m a fan of validating every input on backend side so i would and did use file trigger. With file trigger you have the control of every uploaded file. Who uploaded that file? What’s the file type? Video? Pdf? İf you want this level of security you need to use file triggers.

1 Like