![[The AI Show Episode 145]: OpenAI Releases o3 and o4-mini, AI Is Causing “Quiet Layoffs,” Executive Order on Youth AI Education & GPT-4o’s Controversial Update](https://www.marketingaiinstitute.com/hubfs/ep%20145%20cover.png)
![Re-designing a Git/development workflow with best practices [closed]](https://i.postimg.cc/tRvBYcrt/branching-example.jpg)
![[DEALS] Microsoft 365: 1-Year Subscription (Family/Up to 6 Users) (23% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![From Art School Drop-out to Microsoft Engineer with Shashi Lo [Podcast #170]](https://cdn.hashnode.com/res/hashnode/image/upload/v1746203291209/439bf16b-c820-4fe8-b69e-94d80533b2df.png?#)
(1).jpg?#)
![What Google Messages features are rolling out [May 2025]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2023/12/google-messages-name-cover.png?resize=1200%2C628&quality=82&strip=all&ssl=1)
_Inge_Johnsson-Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![New Apple iPad mini 7 On Sale for $399! [Lowest Price Ever]](https://www.iclarified.com/images/news/96096/96096/96096-640.jpg)
![Apple to Split iPhone Launches Across Fall and Spring in Major Shakeup [Report]](https://www.iclarified.com/images/news/97211/97211/97211-640.jpg)
![Apple to Move Camera to Top Left, Hide Face ID Under Display in iPhone 18 Pro Redesign [Report]](https://www.iclarified.com/images/news/97212/97212/97212-640.jpg)
![Apple Developing Battery Case for iPhone 17 Air Amid Battery Life Concerns [Report]](https://www.iclarified.com/images/news/97208/97208/97208-640.jpg)
Build a File Upload API in Golang
Just look around you, we are all surrounded by apps that upload files in one form or another - Facebook, Gmail, Github and even the videos I have uploaded on YouTube is an implementation of some file upload API. In fact, I can confidently say that File Upload is Second most implemented feature after the login Page. Still, its hardly the case that many of us can implement this, the right way. So lets fix that. File Uploaded with Local Storage Lets start with a basic implementation. Trust me its so simple, like a kindergarten syllabus. Here we create an API Handler which takes in a file (multipart/form-data) from request, processes the file and save it in the server codebase. The above example works, but the problem is, it just works. Let’s take it to the NEXT LEVEL and make this API a bit more resilient to client request. Well If you code this example, You my friend will soon be HACKED!!! And this is something not many teach you not even ChatGPT. This code is more insecure than hard-coded secrets in GitHub repository. Think about it - What if I send text data instead of a file? What if the file I am sending, is more than 50 GB? What if I upload a PDF file when the server is expecting an image file? Let’s go by an example, suppose you are building user profile picture API. Almost every app has this API be it Github, YouTube, Facebook, Instagram, you name it. Here in this series, we will build a similar API. How to Improve this API? Check the header Content-Type has multipart/form-data Set maximum and minimum limits for file size to be uploaded Properly sanitise the filename before saving Avoid file name clashes, with unique file names First we improve the mime type detector, well what’s wrong with MIME detector. Even though, it works fine we can add some simple optimisation using Maps for O(1) lookups Next We will tackle checking the header section. We are checking the request header (Content-Type) then the file header for relevant information. Since our profile picture API only needs to upload images, we check for accepted file-types only Finally, we improve the file name, by adding a UUID for uniqueness and replace space with underscores. In the next post we will further improve this API and move towards more scalable, production ready API with S3 Integration. Full Code on Github for your reference Subscribe Bits Of Mandal in YouTube for Awesome GoLang videos
Just look around you, we are all surrounded by apps that upload files in one form or another - Facebook, Gmail, Github and even the videos I have uploaded on YouTube is an implementation of some file upload API.
In fact, I can confidently say that File Upload is Second most implemented feature after the login Page. Still, its hardly the case that many of us can implement this, the right way. So lets fix that.
File Uploaded with Local Storage
Lets start with a basic implementation. Trust me its so simple, like a kindergarten syllabus.
Here we create an API Handler which takes in a file (multipart/form-data) from request, processes the file and save it in the server codebase.
The above example works, but the problem is, it just works.
Let’s take it to the NEXT LEVEL and make this API a bit more resilient to client request. Well If you code this example, You my friend will soon be HACKED!!! And this is something not many teach you not even ChatGPT.
This code is more insecure than hard-coded secrets in GitHub repository.
Think about it -
- What if I send text data instead of a file?
- What if the file I am sending, is more than 50 GB?
- What if I upload a PDF file when the server is expecting an image file?
Let’s go by an example, suppose you are building user profile picture API. Almost every app has this API be it Github, YouTube, Facebook, Instagram, you name it. Here in this series, we will build a similar API.
How to Improve this API?
- Check the header Content-Type has multipart/form-data
- Set maximum and minimum limits for file size to be uploaded
- Properly sanitise the filename before saving
- Avoid file name clashes, with unique file names
First we improve the mime type detector, well what’s wrong with MIME detector. Even though, it works fine we can add some simple optimisation using Maps for O(1) lookups
Next We will tackle checking the header section. We are checking the request header (Content-Type) then the file header for relevant information.
Since our profile picture API only needs to upload images, we check for accepted file-types only
Finally, we improve the file name, by adding a UUID for uniqueness and replace space with underscores.
In the next post we will further improve this API and move towards more scalable, production ready API with S3 Integration.
- Full Code on Github for your reference
- Subscribe Bits Of Mandal in YouTube for Awesome GoLang videos
