I'm using UploadThing DX, but I've found that the file validation it provides isn't very robust and can be easy to spoof. I'm searching for options that offer zero trust and end-to-end security for file uploads, including features like magic byte checks. It seems like my only current solution is combining S3 pre-signed URLs with various libraries and custom logic, which feels overly complicated. Ideally, I would love to find a package that abstracts this process into a clean API, much like better-auth does for authentication. I'm curious if anyone has found or created solutions that meet these criteria!
1 Answer
When you mention 'zero trust end to end with magic byte checks', it's a bit unclear what you specifically need to validate. File validity can differ greatly between applications, making it tricky to find a one-size-fits-all library. Could you clarify what you're looking for?
I get what you mean! For instance, a user uploaded a file without a .pdf extension or any PDF metadata, which led to issues with client-side validation. Although it was blocked elsewhere, some platforms accepted it with no problem, so now I have to deal with magic bytes myself. There's libraries that handle parts of this but not all in one.