despite failing file type validation, file is still uploaded to cloudinary

[ryan-k8]

code that still allowed false file to be uploaded to cloudinary

const storage = new CloudinaryStorage({
  cloudinary,
  params: async (req, file) => {
    return {
      folder: process.env.CLOUDINARY_FOLDER_NAME,
      allowedFormats: ['png','jpeg','jpg'],
      public_id: crypto.randomBytes(16).toString("hex"),
    };
  },
});

const upload = multer({
  storage: storage,
  limits: { fileSize: MAXFILESIZE },
  fileFilter: (req, file, cb) => {
    if (!allowedFormats.includes(file.mimetype)) {
      cb(new UploadError("only jpeg/png/jpg images allowed!"));
    }

    cb(null, true);
  },
});

this still allowed file to be uploaded to cloudinary. so i had to throw an err in instantiation of CloudinaryStorage object to prevent that.

const allowedFormats = ["image/jpeg", "image/jpg", "image/png"];

const storage = new CloudinaryStorage({
  cloudinary,
  params: async (req, file) => {
    if (!allowedFormats.includes(file.mimetype)) {
      throw new UploadError(
        `only files of mimetype ${allowedFormats.join(",")} are allowed`
      );
    }

    return {
      folder: process.env.CLOUDINARY_FOLDER_NAME,
      public_id: crypto.randomBytes(16).toString("hex"),
    };
  },
});

i think something to handle this situation should be added to this package for improvement