nestjs-file-uploads

$npx mdskill add HoangNguyen0403/agent-skills-standard/nestjs-file-uploads

- **Magic Bytes**: NEVER trust `content-type` header or file extension. - **Tool**: Use `file-type` or `mmmagic` to verify actual buffer signature. - **Limits**: Set strict `limits: { fileSize: 5000000 }` (5MB) in Multer config to prevent DoS.

SKILL.md

.github/skills/nestjs-file-uploadsView on GitHub ↗
---
name: nestjs-file-uploads
description: Validate and stream file uploads securely with Validation and S3 streaming in NestJS. Use when implementing secure file uploads, validation, or S3 streaming in NestJS.
metadata:
  triggers:
    files:
    - '**/*.controller.ts'
    keywords:
    - FileInterceptor
    - Multer
    - S3
    - UploadedFile
---
# File Upload Patterns

## **Priority: P0 (FOUNDATIONAL)**

- **Magic Bytes**: NEVER trust `content-type` header or file extension.
 - **Tool**: Use `file-type` or `mmmagic` to verify actual buffer signature.
- **Limits**: Set strict `limits: { fileSize: 5000000 }` (5MB) in Multer config to prevent DoS.

## Streaming (Scalability)

- **Memory Warning**: Default Multer `MemoryStorage` crashes servers with large files.
- **Pattern**: Use **Streaming** for any file > 10MB.
 - **Library**: `multer-s3` (direct upload to bucket) or `busboy` (raw stream processing).
 - **Architecture**:
 1. Client requests Signed URL from API.
 2. Client uploads directly to S3/GCS (Bypassing API server completely).
 3. **Pro Tip**: Only approach to scale file uploads infinitely.

## Processing

- **Async**: Don't process images/videos in HTTP Request.
- **Flow**:
 1. Upload file.
 2. Push `FileUploadedEvent` to Queue (BullMQ).
 3. Worker downloads, resizes/converts, and re-uploads.

## Anti-Patterns

- **No content-type trust**: Always verify file magic bytes; MIME header can spoofed.
- **No MemoryStorage for large files**: Use streaming or signed URL pattern for files > 10MB.
- **No synchronous file processing**: Offload image/video work to BullMQ workers via FileUploadedEvent.

## References

More from HoangNguyen0403/agent-skills-standard

SkillDescription
android-agp-upgradeUpgrade an Android project to Android Gradle Plugin (AGP) 9. Use when migrating to AGP 9, updating Gradle build files, migrating to built-in Kotlin, or adopting the new AGP DSL.
android-architectureApply Clean Architecture layering, modularization, and Unidirectional Data Flow in Android projects. Use when setting up project structure, placing code in layers, configuring feature/core modules, or implementing UDF patterns.
android-background-workImplement WorkManager and background processing correctly on Android. Use when creating Worker classes, scheduling tasks, choosing between WorkManager and Foreground Services, or setting up Hilt in workers.
android-composeBuild high-performance declarative UI with Jetpack Compose. Use when writing Composable functions, optimizing recomposition, hoisting state, or working with LazyColumn and side effects.
android-compose-migrationMigrate an Android XML View to Jetpack Compose following a structured 10-step workflow. Use when converting XML layouts to Compose, setting up Compose in an existing View-based project, or incrementally adopting Compose.
android-concurrencyWrite correct coroutine scopes, Flow collection, and dispatcher injection in Android. Use when writing suspend functions, choosing between StateFlow and SharedFlow, or injecting Dispatchers for testability.
android-deploymentConfigure release signing, R8 obfuscation, and App Bundle publishing for Android. Use when setting up signing configs, enabling minification, adding ProGuard keep rules, or preparing for Play Store submission.
android-design-systemEnforce Material Design 3 theming and design token usage in Jetpack Compose. Use when implementing M3 components, color schemes, typography, or design tokens.
android-diConfigure Hilt dependency injection with proper scoping, modules, and constructor injection in Android. Use when setting up Hilt DI, defining modules, or configuring component scoping.
android-edge-to-edgeMigrate a Jetpack Compose app to edge-to-edge display and fix system bar inset issues. Use when UI components are obscured by navigation/status bars, fixing IME insets, or enabling edge-to-edge for SDK 35+.