Storing Uploaded Files and Serving Them in Express
Handling file uploads is a common requirement in web applications—whether we're building a profile photo uploader, document storage system, or media-sharing platform. In an Express.js application, this involves two key responsibilities: storing uploaded files and serving them back to users.
Let’s walk through how this works in a clear, practical way.
Where Uploaded Files Are Stored
When a user uploads a file (via a form or API), your server needs to decide where to put it. In Express apps, files are typically handled using middleware like multer.
A simple storage structure might look like this:
project-root/
|
|--- uploads/
| |-- images/
| |-- documents/
|
|--- server.js
Here:
uploads/is your main storage folderYou can further organize files by type (images, PDFs, etc.)
When a file is uploaded, it's saved physically on the server’s disk inside this folder.
Local Storage vs External Storage
There are two main approaches to storing uploaded files:
1. Local Storage (Disk Storage)
Files are saved directly on your server.
Pros:
Easy to implement
No external dependency
Fast access within the server
Cons:
Limited by server disk space
Not scalable for large apps
Risk of data loss if server crashes
2. External Storage (Cloud Storage)
Examples include AWS S3, Cloudinary, Firebase Storage.
Pros:
Highly scalable
Reliable and backed up
Accessible globally
Cons:
Slightly more complex setup
May incur cost
Real-world note:
Small apps or learning projects → use local storage
Production apps → prefer cloud storage
Serving Static Files in Express
Once files are uploaded, users need a way to access them. This is where static file serving comes in.
In Express, you can expose a folder like this:
const express = require("express");
const app = express;
app.use("/uploads", express.static("uploads"));
This line tells Express:
"Whenever someone visits
/uploads/..., serve files from theuploadsfolder."
Static File Serving Flow
Flow :-
User requests a URL (e.g.,
/uploads/image.jpg)Express checks the
uploadsfolderIf file exists → it is returned
Browser displays or downloads it
Accessing Uploaded Files via URL
Once static serving is enabled, accessing files becomes simple.
If a file is stored at:
uploads/images/profile.png
It can be accessed via:
http://localhost:3000/uploads/images/profile.png
This URL can be stored in your database and reused anywhere:
User profile image
Product thumbnails
Document links
Upload Storage Folder Structure
project-root/
|
|--- uploads/
| |-- images/
| |-- documents/
|
|--- server.js
Organizing uploads properly helps avoid chaos as your app grows.
Best practices:
Separate files by type (
images/,videos/,docs/)Use unique filenames (avoid overwriting)
Consider date-based folders for large systems
Security Considerations for Uploads
File uploads are a common attack vector. You need to handle them carefully.
- Validate File Types
Never trust the client. Always check:
file.mimetype === "image/png"
2. Limit File Size
Prevent abuse:
limits: { fileSize: 2 * 1024 * 1024 } // 2MB
3. Rename Files Safely
Avoid using original filenames directly:
const uniqueName = Date.now() + "-" + file.originalname;
4. Prevent Executable Uploads
Block .exe, .js, .sh, etc.
Store Outside Root (Optional Advanced)
For sensitive systems, store files outside public directories and serve them via controlled routes.
