Expand description
An async parser for multipart/form-data
content-type in Rust.
It accepts a Stream
of
Bytes
, or with the tokio-io
feature enabled, an
AsyncRead
reader as a source, so that it can be plugged into any async
Rust environment e.g. any async server.
To enable trace logging via the log
crate, enable the log
feature.
§Examples
use std::convert::Infallible;
use bytes::Bytes;
// Import multer types.
use futures_util::stream::once;
use futures_util::stream::Stream;
use multer::Multipart;
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
// Generate a byte stream and the boundary from somewhere e.g. server request body.
let (stream, boundary) = get_byte_stream_from_somewhere().await;
// Create a `Multipart` instance from that byte stream and the boundary.
let mut multipart = Multipart::new(stream, boundary);
// Iterate over the fields, use `next_field()` to get the next field.
while let Some(mut field) = multipart.next_field().await? {
// Get field name.
let name = field.name();
// Get the field's filename if provided in "Content-Disposition" header.
let file_name = field.file_name();
println!("Name: {:?}, File Name: {:?}", name, file_name);
// Process the field data chunks e.g. store them in a file.
while let Some(chunk) = field.chunk().await? {
// Do something with field chunk.
println!("Chunk: {:?}", chunk);
}
}
Ok(())
}
// Generate a byte stream and the boundary from somewhere e.g. server request body.
async fn get_byte_stream_from_somewhere(
) -> (impl Stream<Item = Result<Bytes, Infallible>>, &'static str) {
let data = "--X-BOUNDARY\r\nContent-Disposition: form-data; \
name=\"my_text_field\"\r\n\r\nabcd\r\n--X-BOUNDARY--\r\n";
let stream = once(async move { Result::<Bytes, Infallible>::Ok(Bytes::from(data)) });
(stream, "X-BOUNDARY")
}
§Prevent Denial of Service (DoS) Attack
This crate also provides some APIs to prevent potential DoS attacks with fine grained control. It’s recommended to add some constraints on field (specially text field) size to avoid potential DoS attacks from attackers running the server out of memory.
An example:
use multer::{Constraints, Multipart, SizeLimit};
// Create some constraints to be applied to the fields to prevent DoS attack.
let constraints = Constraints::new()
// We only accept `my_text_field` and `my_file_field` fields,
// For any unknown field, we will throw an error.
.allowed_fields(vec!["my_text_field", "my_file_field"])
.size_limit(
SizeLimit::new()
// Set 15mb as size limit for the whole stream body.
.whole_stream(15 * 1024 * 1024)
// Set 10mb as size limit for all fields.
.per_field(10 * 1024 * 1024)
// Set 30kb as size limit for our text field only.
.for_field("my_text_field", 30 * 1024),
);
// Create a `Multipart` instance from a stream and the constraints.
let mut multipart = Multipart::with_constraints(some_stream, "X-BOUNDARY", constraints);
while let Some(field) = multipart.next_field().await.unwrap() {
let content = field.text().await.unwrap();
assert_eq!(content, "abcd");
}
Please refer Constraints
for more info.
§Usage with hyper.rs server
An example showing usage with hyper.rs.
For more examples, please visit examples.
Re-exports§
pub use bytes;
Structs§
- Represents some rules to be applied on the stream and field’s content size to prevent DoS attacks.
- A single field in a multipart stream.
- Represents the implementation of
multipart/form-data
formatted data. - Represents size limit of the stream to prevent DoS attacks.
Enums§
- A set of errors that can occur during parsing multipart stream and in other operations.
Functions§
- Parses the
Content-Type
header to extract the boundary value.
Type Aliases§
- A Result type often returned from methods that can have
multer
errors.