Receive files via POST; save deterministically; return explicit results.
Implement a POST route that accepts multipart/form-data and persists files safely.
multipart/form-data
Identify and mitigate basic upload risks (path traversal, overwrites).
Produce deterministic, machine-readable responses for automation/reporting.
Implement a POST route to accept multipart/form-data uploads.
Save artifacts with predictable naming in a target directory.
multipart/form-data: Form encoding that carries files in HTTP requests.
Path Traversal: Malicious filenames attempting to escape the save directory (e.g., ../../etc/passwd).
../../etc/passwd
Idempotency: Re-running an upload doesn’t corrupt prior artifacts.
/upload route that accepts one file field and persists it safely.
/upload
Route Contract: Validate presence of file → sanitize filename → save → return JSON summary.
Storage Layout: Where to store (save_dir), naming patterns, collisions.
save_dir
Security Considerations: Don’t trust client filenames; avoid path traversal; size limits (conceptually).
Milestone: curl POST works; file appears on disk with expected name.
Troubleshooting: Missing Content-Type, wrong form field name, empty files.
Content-Type
Upload multiple file types; verify extensions and sizes.
Upload same filename twice; decide overwrite vs versioning.
Base64-encoded exfil via query/body for hostile transports.
Last updated 6 months ago