Support Topics Documentation Slack YouTube Blog

Image upload from cordova app

i have a block that saves a file(image). but i don’t know how to send the file to codeless?
codeless doesnt accept multipart/form-data
im using cordova

You could upload the file using the API, and then send the file URL (returned by the API) to a codeless API service.

but that is not going to work since i need to execute some logic on the server first then see if i should upload the image or change its directory or name.

You can execute that logic in the API service. If the file is not needed, you can delete it. If you need to change the file name or the directory name, you can rename/move the file - there are APIs for that too.

you mean add event handler with codeless for the upload?

No, I mean what I said here.

you lost me here :smile:
its not practical to make those checks on the client side. and to allow the upload first while exposing the upload path or folder then make my checking logic after, is a potential security issue on my app.
or im misunderstanding something here.

I never said anything about any checks on the client side. Here’s what I suggested:

  1. Client side uses the file upload API to file to the server.
  2. Server responds for (1) with the file URL
  3. Client sends invokes an API service (business logic) to perform any kind of processing on the file
  4. API service on the server does whatever the logic you need to decide if the file is needed or not, if needs to be moved, renamed, etc.

ok but don’t i have to pass path of the file in the first step? any user can alter that information.

The first is done either with this:
https://backendless.com/docs/js/files_file_upload.html
or this:
https://backendless.com/docs/js/file_save_files_from_byte_arrays.html

yea there is a path and file name variable and the option to overwrite files on the server
all on the client side.

should i use the blocking API and set some event handlers with codeless?

What do you mean by “all on the client side”?

As for the question below, I do not know. You should do whatever makes sense to execute the logic of your app…

should i use the blocking API and set some event handlers with codeless?

i mean what stop the user from making a fake requests and flooding the server with files or overwriting files on the server?

Backendless.Files.saveFile( path, fileName, fileContent, overwrite )
 .then( function( fileURL ) {
  })
 .catch( function( error ) {
  });

as for this question

im asking is this possible? since as i remember event handlers didn’t work from codeless logic.
and to take your opinion if this is a valid way to handle this scenario

Backendless security would stop the user from making things you do not want them to make. If you want to restrict any action in Backendless to only authenticated (logged in) users, then you need to disable APIs for the NotAuthenticatedUser role. I recommend reading the docs for it:
https://backendless.com/docs/js/users_user_roles.html

im asking is this possible? since as i remember event handlers didn’t work from codeless logic.
and to take your opinion if this is a valid way to handle this scenario

I do not quite understand what you’re asking. We were discussing a scenario which you described in the original post and I offered a solution. In the context of that discussion, I could not understand your question about the blocking API and “some event handlers with codeless”.

Backendless will never know since the user have the AuthenticatedUser role

hypothetical example:
a user opening the console in his browser and watching the js and XHR requests. he can change the file or the folder variable and resend the request after he is logged in normally.

If the user is authenticated and makes a request, you will know who that user is… So how is that a break in?

im only going to know if im tracking him so he is already done and uploaded.
knowing after the action is not great :grinning:

server logic should be in the middle and stop any request before even the file is saved to the server

Relying on server-code to enforce your security is an option for most cases, however, it is not required. You can assign different permissions to different folders and have one “drop in” directory where the files originally go.

ok
thanks for the help @mark-piller :grinning:
loving the options i have to handle this issue using backendless