All the code we write, plus Express, EJS, etc. comes under the umbrella of "middleware". But maybe you meant one of the following questions.
Express is designed as a kind of pipeline, where the request and response objects are passed from function to function until eventually it reaches our endpoint handler.
Each of those functions can do something useful, maybe add some behavior.
We have middleware to parse the query string, to handle requests for static files, to handle cookies, to create session objects, to add the "flashing" behavior, and more.
The milter middleware parses multi-part forms and puts the files into the request object for us.
A form to upload a file A. Has code to access the local filesystem of the client computer B. Has a new input type to browse the filesystem C. Has to specify the MIME type of the uploaded file D. Has to limit the size of the uploaded file.
(A) would be a security violation;
(B) is correct, we use type=file
;
(C) is possible but not required. We should check the MIME type on the server side;
(D) is not possible; we limit file size on the server side.
It opens up a little window in the browser that allows the user to choose a file from their computer to upload. It's important that the user be involved, otherwise websites could grab files from your computer without your knowledge.
If you store files in the filesystem, you can access them with normal tools like "ls", you can edit them with VS Code or PhotoShop, and you can easily delete them.
If you store them in the database, they are more secure, but less convenient.
We are using the diskStorage
configuration of Multer.
Not automatically. But it can request them.
Multipart Internet Mail Extensions, since it was first invented for attaching files to email messages.
That's not where the "trick" is. The trick is earlier:
We only get to the sendFile
if they are authorized.
upload.single('photo')and how it is used in
app.post('/upload', upload.single('photo'), async (req, res) => {.I also don't really get how
return res.sendFile(path.join(__dirname, pathname));works. I am a little confused about these:
const DB = process.env.USER; const FILES = 'filesOwned'; const USERS = 'fileOwners';
Are FILE and USERS new directories created in my local environment? Does these only allow access to files on my local machine?"
They are MongoDB collections, where we store info about the files.
The files are on the CS server, where Node.js is running.