File Storage & Uploads
Multipart file upload handling for images, screenshots, and device assets.
Source: src/upload/
API Endpoints
| Method | Endpoint | Description |
|---|---|---|
POST | /upload | General image upload |
POST | /upload/screenshot | Device screenshot upload |
GET | /upload/assets | List uploaded assets |
GET | /upload/assets/:id | Get asset details |
DELETE | /upload/assets/:id | Delete asset |
Upload Validation
| Check | Rule |
|---|---|
| MIME type | image/jpeg, image/png, image/webp, image/gif only |
| File size | Max 10 MB |
| Multipart | Request must be multipart (req.isMultipart()) |
| Filename | Sanitized — random suffix via crypto.randomBytes(6), extension cleaned with regex |
Storage
- Directory:
uploads/(project root) - Screenshots:
uploads/screenshots/ - Directories auto-created on service init
- Files served via static file serving or Cloudinary (production)
Screenshot Uploads
Device screenshots include:
deviceId— Required, validated against device ownershipuserId— Attached manually (file uploads skipTenantInterceptor)
Security Note
File upload handlers bypass the standard TenantInterceptor. The userId must be manually attached in upload handlers to maintain tenant isolation.
Prisma Model
UploadAsset— Asset metadata (filename, path, size, device association)
Related Modules
ScreenshotsModule— Screenshot management layerDevicesModule— Device ownership verification