Skill

role-fullstack:file-upload-handling

Implement file upload flows with presigned URLs (S3, GCS, R2), multipart/tus resumable uploads, Sharp image processing, drag-and-drop UI with progress indicators, server-side MIME validation via magic bytes, virus scanning, and CDN serving. Use when adding profile pictures, document attachments, media galleries, or any user-submitted file feature.

Install

npx claudepluginhub rnavarych/alpha-engineer --plugin role-fullstack

Tool Access

This skill is limited to using the following tools:

ReadGrepGlobBash

Preview

- Implementing profile picture or avatar upload

Supporting Assets

references/upload-strategies.mdreferences/validation-security.md

SKILL.md

Similar Skills

skill-lookup

Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.

prompts.chat

157.6k

prompt-lookup

Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.

prompts.chat

157.6k

accessibility

Designs, implements, and audits WCAG 2.2 AA accessible UIs for Web (ARIA/HTML5), iOS (SwiftUI traits), and Android (Compose semantics). Audits code for compliance gaps.

everything-claude-code

156.2k

Stats

Parent Repo Stars9

Parent Repo Forks0

Last CommitMar 3, 2026

Actions

View Source View Plugin View on GitHub View README

role-fullstack:file-upload-handling

Core principles

Never trust client-reported types — always validate MIME type server-side by reading magic bytes, not the Content-Type header

Presigned URLs over server proxy — upload directly from client to S3/GCS; never stream file bytes through the application server

Rename to UUIDs — strip original filenames entirely to prevent path traversal, collisions, and enumeration attacks

Process media asynchronously — run Sharp resizing and format conversion in BullMQ jobs, not in the request handler

Clean up orphans — run a periodic job to delete uploads unreferenced in the database; storage costs compound silently

Reference Files

references/upload-strategies.md — strategy selection table (multipart form vs presigned URL vs tus), presigned URL flow steps, AWS SDK v3 code example, progress indicator with XMLHttpRequest, CDN serving with signed URLs and cache headers

references/validation-security.md — client-side vs server-side validation responsibilities, magic byte MIME checking, ClamAV/cloud malware scanning, Sharp image processing pipeline, react-dropzone UI patterns, common pitfalls

File Upload Handling

When to use

Implementing profile picture or avatar upload
Building document attachment or media gallery features
Handling bulk file imports or exports
Adding drag-and-drop upload UX with progress feedback
Setting up CDN serving for uploaded assets
Adding virus scanning or strict file type enforcement

Core principles

Never trust client-reported types — always validate MIME type server-side by reading magic bytes, not the Content-Type header
Presigned URLs over server proxy — upload directly from client to S3/GCS; never stream file bytes through the application server
Rename to UUIDs — strip original filenames entirely to prevent path traversal, collisions, and enumeration attacks
Process media asynchronously — run Sharp resizing and format conversion in BullMQ jobs, not in the request handler
Clean up orphans — run a periodic job to delete uploads unreferenced in the database; storage costs compound silently

Reference Files

references/upload-strategies.md — strategy selection table (multipart form vs presigned URL vs tus), presigned URL flow steps, AWS SDK v3 code example, progress indicator with XMLHttpRequest, CDN serving with signed URLs and cache headers
references/validation-security.md — client-side vs server-side validation responsibilities, magic byte MIME checking, ClamAV/cloud malware scanning, Sharp image processing pipeline, react-dropzone UI patterns, common pitfalls