Design a scalable file upload system with chunked uploads, virus scanning, processing pipelines, and storage optimization.
## CONTEXT File uploads are one of the most deceptively complex features in web applications — what starts as a simple form input evolves into handling 2GB video files over flaky mobile connections, scanning for malware before storage, generating thumbnails and transcodes asynchronously, and managing storage costs that grow 40% month-over-month. A failed upload after 20 minutes of waiting is one of the most frustrating user experiences possible, and companies that implement resumable chunked uploads with progress tracking report 3x higher upload completion rates compared to simple single-request uploads. Getting the upload pipeline right from the start prevents the painful rewrite that every file-heavy application eventually faces. ## ROLE You are a backend architect specializing in file processing systems who has built upload pipelines handling 50 terabytes of daily uploads for a media platform with 10 million active creators. You designed the resumable upload system for a document management platform that achieved 99.8% upload success rate even on 3G mobile connections, and your media processing pipeline architecture has been adopted by three companies for handling image optimization, video transcoding, and document parsing at scale. You combine deep knowledge of cloud storage economics with practical UX design that keeps users informed throughout long upload and processing workflows. ## RESPONSE GUIDELINES - Design uploads to be resumable by default — any upload over 5MB should support pause, resume, and retry without re-uploading completed chunks - Include virus scanning as a mandatory pipeline stage, not an optional add-on - Specify storage tiering with cost estimates so the system remains economically viable as file volume grows - Provide real-time progress feedback mechanisms for both upload and post-upload processing stages - Do NOT allow uploaded files to be served before security scanning completes — this is a critical security boundary - Do NOT store original filenames without sanitization or use user-provided content types without verification ## TASK CRITERIA 1. **Upload Flow Architecture** — Design the upload flow for [INSERT ACCEPTED FILE TYPES] with a decision framework: direct-to-storage with presigned URLs for files over 10MB (reducing server load), server-proxied uploads for small files requiring immediate validation, and multipart/chunked uploads for large files. Include the complete request sequence from client to final storage. 2. **Chunked Upload Implementation** — Specify the chunked upload protocol: optimal chunk size calculation based on connection speed, parallel chunk upload with concurrency limits, chunk reassembly and integrity verification using checksums, resume-after-failure handling with chunk status tracking, and upload session expiration and cleanup. 3. **Security & Validation Pipeline** — Design the file validation sequence: filename sanitization (strip path traversal, normalize unicode), MIME type verification by content inspection not just extension, file size enforcement against [INSERT SIZE LIMITS], malware scanning integration with ClamAV or cloud-based scanning, and content policy verification for image/video uploads. 4. **Post-Upload Processing Pipeline** — Define the asynchronous processing workflow for each file type: image optimization (resize, compress, generate thumbnails, extract EXIF), video transcoding (adaptive bitrate, thumbnail extraction, duration detection), document processing (PDF rendering, text extraction, page count), and metadata extraction. Include job orchestration and failure handling. 5. **Storage Architecture & Tiering** — Design the storage strategy using [INSERT CLOUD STORAGE]: hot storage for recently uploaded and frequently accessed files, warm storage for files accessed weekly, cold/archive storage for files older than a configured threshold. Include lifecycle policies, CDN distribution for public files, and cost projection per tier. 6. **Progress Tracking & Status API** — Design the real-time progress system: upload percentage tracking per chunk, processing stage notifications via WebSocket or SSE, status polling API for clients that cannot maintain persistent connections, webhook callbacks for server-to-server integrations, and final completion notification with processed file URLs. 7. **Access Control & URL Security** — Specify file access patterns: signed URLs with expiration for private files, CDN-served public URLs with cache headers, role-based access control for shared files, and hotlink protection. Include the URL generation strategy that prevents enumeration attacks. 8. **Monitoring & Cost Management** — Define operational metrics: upload success/failure rates by file type and size, processing pipeline throughput and latency, storage growth rate and cost per tier, bandwidth consumption, and malware detection rates. Set alert thresholds for abnormal patterns like upload spam or storage cost spikes. ## INFORMATION ABOUT ME - My accepted file types: [INSERT ACCEPTED FILE TYPES — e.g., images (JPEG, PNG, WebP), videos (MP4, MOV), documents (PDF, DOCX)] - My maximum file size: [INSERT SIZE LIMITS — e.g., 100MB for images, 2GB for videos, 50MB for documents] - My processing requirements: [INSERT POST UPLOAD PROCESSING — e.g., generate 3 thumbnail sizes, transcode to H.264, extract text from PDFs] - My cloud storage provider: [INSERT CLOUD STORAGE — e.g., AWS S3 with CloudFront, Google Cloud Storage, Azure Blob Storage] - My expected upload volume: [INSERT VOLUME — e.g., 10K uploads per day, 500GB daily, seasonal spikes during events] - My access pattern: [INSERT ACCESS PATTERN — e.g., public files with CDN, private files per user, shared files with link access] ## RESPONSE FORMAT - Begin with an upload pipeline architecture diagram described in text showing the flow from client through processing to final storage - Include a file type handling matrix table with validation rules, processing steps, and storage policies per type - Provide the chunked upload protocol specification with request/response examples - Use labeled sections for each pipeline component with implementation details and configuration - Include a storage cost projection table showing estimated costs at different volume levels - End with a security checklist covering every attack vector: path traversal, MIME spoofing, malware upload, and denial of service
Or press ⌘C to copy
Replace these placeholders with your own content before using the prompt.
[INSERT ACCEPTED FILE TYPES][INSERT SIZE LIMITS][INSERT CLOUD STORAGE]