>_SkillsHub

> nestjs-file-uploads

Handle file uploads securely with Validation and S3 streaming in NestJS. Use when implementing secure file uploads, validation, or S3 streaming in NestJS. (triggers: **/*.controller.ts, FileInterceptor, Multer, S3, UploadedFile)

fetch
$curl "https://skillshub.wtf/HoangNguyen0403/agent-skills-standard/nestjs-file-uploads?format=md"
SKILL.mdnestjs-file-uploads

File Upload Patterns

Priority: P0 (FOUNDATIONAL)

Secure file upload handling with validation and storage patterns.

  • Magic Bytes: NEVER trust content-type header or file extension.
    • Tool: Use file-type or mmmagic to verify the actual buffer signature.
  • Limits: Set strict limits: { fileSize: 5000000 } (5MB) in Multer config to prevent DoS.

Streaming (Scalability)

  • Memory Warning: Default Multer MemoryStorage crashes servers with large files.
  • Pattern: Use Streaming for any file > 10MB.
    • Library: multer-s3 (direct upload to bucket) or busboy (raw stream processing).
    • Architecture:
      1. Client requests Signed URL from API.
      2. Client uploads directly to S3/GCS (Bypassing API server completely).
      3. Pro Tip: This is the only way to scale file uploads infinitely.

Processing

  • Async: Don't process images/videos in the HTTP Request.
  • Flow:
    1. Upload file.
    2. Push FileUploadedEvent to Queue (BullMQ).
    3. Worker downloads, resizes/converts, and re-uploads.

Anti-Patterns

  • No content-type trust: Always verify file magic bytes; MIME header can be spoofed.
  • No MemoryStorage for large files: Use streaming or signed URL pattern for files > 10MB.
  • No synchronous file processing: Offload image/video work to BullMQ workers via FileUploadedEvent.

References

> related_skills --same-repo

> common-store-changelog

Generate user-facing release notes for the Apple App Store and Google Play Store by collecting git history, triaging user-impacting changes, and drafting store-compliant changelogs. Enforces character limits (App Store ≤4000, Google Play ≤500), tone, and bullet format. Use when generating release notes, app store changelog, play store release, what's new, or version release notes for any mobile app. (triggers: generate changelog, app store notes, play store release, what's new, release notes, ve

> golang-tooling

Go developer toolchain — gopls LSP diagnostics, linting, formatting, and vet. Use when setting up Go tooling, running linters, or integrating gopls with Claude Code. (triggers: gopls, golangci-lint, golangci.yml, go vet, goimports, staticcheck, go tooling, go lint)

> common-ui-design

Design distinctive, production-grade frontend UI with bold aesthetic choices. Use when building web components, pages, interfaces, dashboards, or applications in any framework (React, Next.js, Angular, Vue, HTML/CSS). (triggers: build a page, create a component, design a dashboard, landing page, UI for, build a layout, make it look good, improve the design, build UI, create interface, design screen)

> common-owasp

OWASP Top 10 audit checklist for Web Applications (2021) and APIs (2023). Load during any security review, PR review, or codebase audit touching web, mobile backend, or API code. (triggers: security review, OWASP, broken access control, IDOR, BOLA, injection, broken auth, API review, authorization, access control)

┌ stats

installs/wk0
░░░░░░░░░░
github stars452
██████████
first seenMar 17, 2026
└────────────

┌ repo

HoangNguyen0403/agent-skills-standard
by HoangNguyen0403
└────────────