File Uploads Done Right: Presigned S3 URLs, Direct Upload, and Image Processing

File uploads are deceptively complex. A naive implementation using multipart/form-data works until you hit file size limits, memory pressure, slow uploads, or storage costs. Here's how to do it right: direct-to-S3 uploads, signed URLs, and image processing pipelines. Direct Upload Architecture Never proxy file uploads through your server. The correct flow: 1. Client requests a signed upload URL from your API 2. Your API generates a presigned S3 URL (15 min expiry) 3. Client uploads directly to S3 using the presigned URL 4. Client notifies your API that the upload is complete 5. Your API processes the file (resize, scan, index) This keeps your server out of the data path entirely. Generating Presigned Upload URLs import { S3Client, PutObjectCommand } from '@aws-sdk/client-s3' import { getSignedUrl } from '@aws-sdk/s3-request-presigner' const s3 = new S3Client({ region: process.env.AWS_REGION!, credentials: { accessKeyId: process.env.AWS_ACCESS_KEY_ID!, secretAccessKey: process.env.AWS_S