Safer File Attachments: Content Type + Size Validation

1027 views

                  class Profile < ApplicationRecord
  has_one_attached :avatar

  validate :avatar_type_and_size

  private

  def avatar_type_and_size
    return unless avatar.attached?

    if avatar.byte_size > 2.megabytes
      errors.add(:avatar, 'must be smaller than 2MB')
    end

    allowed = %w[image/png image/jpeg image/webp]
    errors.add(:avatar, 'must be an image') unless allowed.include?(avatar.content_type)
  end
end

Active Storage makes uploads easy; production makes them dangerous. Validate content type and size at the model layer, and keep the error messages user-friendly. This prevents large or unexpected uploads from blowing up costs and processing queues.

Sarah Chen

More from Sarah Chen

Safer File Attachments: Content Type + Size Validation

0 Comments

More from Sarah Chen