How can i controll file uploads on node.js & express 3.0 server

Question

How can i controll file uploads on node.js & express 3.0 server

As you can see here: https://github.com/visionmedia/express/blob/master/examples/multipart/index.js Express support file uploads by default and store each uploaded file on the temp folder for later use.

My question is: Is it safe?

As I see it, an attacker can fill up all the temp folder with garbage files without any control on it. Should i check each POST request and delete any unused file?

node.js
file-upload
express

Answer 1

Let me suggest two solutions to your problem.

Use a virtual drive for your upload location. If your server is running on linux, it is very easy to mount a virtual file system which is in memory only. The files will be placed here faster than if it was on a real harddrive, and if you have problems like the one you describe, it is only a matter of cleaning out the virtual drive or restarting the server. Look at this article for an explaination of ram disks.
Make sure that you only accept a maximum number of x uploads from the same ip address during during a 24 hour period. Combine this solution with solution 1 for maximum effect. One way of implementing this, is to have a global object with upload counts for each ip address, and then clear it out every 24 hours.
```
var uploads = {}
setInterval(function(){
 uploads = {}
}, 24*60*60*1000); //Run every 24 hours

var onUpload = function(request, file){
  if(uploads[req.ip] > maxUploadsAllowedPrUser)
    fs.unlink(file) //Delete the file
  else
    uploads[req.ip]++ //Keep the file, and increase count
}
```