Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Search API HTML Element Filter 1.0.7 Minor update available for module search_api_html_element_filter (1.0.7). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). Varbase Media Header 9.2.1 Minor update available for module varbase_media_header (9.2.1). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

This project enables file uploads through GraphQL mutations using the "Multipart HTTP Request" standard. It validates uploads against field settings and supports any file field on any entity type, returning detailed error information for invalid uploads.

About

Enable file upload mutations for GraphQL using the Multipart HTTP Request. Based on module graphql_compose.

Features

  • Upload files via GraphQL mutations
  • Validates file uploads against field instance settings
  • Supports any file field on any entity type
  • Returns proper error violations for invalid uploads
  • Based on the GraphQL Compose schema

Requirements

Usage

GraphQL Mutation

The module adds a fileUpload mutation to the GraphQL schema:

mutation UploadFile($file: Upload!, $metadata: fieldMetadata!) {
  fileUpload(file: $file, metadata: $metadata) {
    errors {
      message
    }
    results {
      entity {
        ... on File {
          id
          url
          filename
        }
      }
    }
  }
}

Metadata Input

The fieldMetadata input requires:

Field Type Description field_name String! The machine name of the file field entity_type EntityType! The entity type (node, user, etc.) entity_bundle String! The bundle of the entity

Example: Upload a File

JS example

const operation = {
  query: `
    mutation UploadFile($file: Upload!, $metadata: fieldMetadata!) {
      fileUpload(file: $file, metadata: $metadata) {
        errors {
          message
        }
        results {
          entity {
            ... on File {
              id
              url
              filename
              mimetype
              filesize
            }
          }
        }
      }
    }
  `,
  variables: {
    file: null, // Set by FormData
    metadata: {
      field_name: 'field_document',
      entity_type: 'node',
      entity_bundle: 'article',
    },
  },
};

const formData = new FormData();
formData.append('operations', JSON.stringify(operation));
formData.append('map', JSON.stringify({ 0: ['variables.file'] }));
formData.append(0, fileUpload);

fetch('https://example.com/graphql', {
  method: 'POST',
  body: formData,
});

curl example

# Create file
curl https://example.com/graphql \
  -F operations='{  "query": "fileUploadMutation ($file: Upload!) { fileUpload( file: $file, metadata: { field_name: \"field_my_file\", entity_type: NODE, entity_bundle: \"event\" } ) { errors results { entity_bundle entity_type id values } }}", "variables": { "file": null }}' \
  -F map='{ "0": ["variables.file"] }' \
  -F 0=@/path/to/myfile.pdf

# Create image
curl https://example.com/graphql \
  -F operations='{  "query": "mutation ($file: Upload!) { fileUpload( file: $file, metadata: { field_name: \"field_my_file\", entity_type: NODE, entity_bundle: \"event\" } ) { errors results { entity_bundle entity_type id values } }}", "variables": { "file": null }}' \
  -F map='{ "0": ["variables.file"] }' \
  -F 0=@/path/to/myimage.jpeg

Response Type

The mutation returns an AnyFileUploadResponse with:

Field Type Description errors [Violation] Array of validation violations (if any) results AnyEntity The uploaded file entity

Security

  • File uploads are validated against Drupal's field instance settings
  • File size restrictions are enforced
  • Allowed file extensions are validated
  • Access control respects Drupal's permissions

Troubleshooting

Upload returns validation errors

Check that:

  1. The field exists on the specified entity bundle
  2. The file extension is allowed by the field settings
  3. The file size is within limits
  4. The user has permission to create files

File is not saved

Ensure:

  1. The file system is writable
  2. The upload directory exists and is configured
  3. PHP's upload_max_filesize and post_max_size are sufficient

Activity

Total releases
3
First release
Jan 2026
Latest release
5 months ago
Releases (12 mo)
3 ▲ from 0
Maintenance
Active

Release Timeline

Releases

Version Type Release date
2.0.1 Stable Jan 23, 2026
2.0.x-dev Dev Jan 23, 2026
1.0.x-dev Dev Jan 23, 2026