File upload only in allowed routes

[raphaelgoms]

Currently the file upload middleware is added as a global middleware. So, we can send files to all routes, which is not a good security practice.