multer/constraints.rs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88
use crate::size_limit::SizeLimit;
/// Represents some rules to be applied on the stream and field's content size
/// to prevent DoS attacks.
///
/// It's recommended to add some rules on field (specially text field) size to
/// avoid potential DoS attacks from attackers running the server out of memory.
/// This type provides some API to apply constraints on very granular level to
/// make `multipart/form-data` safe. By default, it does not apply any
/// constraint.
///
/// # Examples
///
/// ```
/// use multer::{Multipart, Constraints, SizeLimit};
/// # use bytes::Bytes;
/// # use std::convert::Infallible;
/// # use futures_util::stream::once;
///
/// # async fn run() {
/// # let data = "--X-BOUNDARY\r\nContent-Disposition: form-data; name=\"my_text_field\"\r\n\r\nabcd\r\n--X-BOUNDARY--\r\n";
/// # let some_stream = once(async move { Result::<Bytes, Infallible>::Ok(Bytes::from(data)) });
/// // Create some constraints to be applied to the fields to prevent DoS attack.
/// let constraints = Constraints::new()
/// // We only accept `my_text_field` and `my_file_field` fields,
/// // For any unknown field, we will throw an error.
/// .allowed_fields(vec!["my_text_field", "my_file_field"])
/// .size_limit(
/// SizeLimit::new()
/// // Set 15mb as size limit for the whole stream body.
/// .whole_stream(15 * 1024 * 1024)
/// // Set 10mb as size limit for all fields.
/// .per_field(10 * 1024 * 1024)
/// // Set 30kb as size limit for our text field only.
/// .for_field("my_text_field", 30 * 1024),
/// );
///
/// // Create a `Multipart` instance from a stream and the constraints.
/// let mut multipart = Multipart::with_constraints(some_stream, "X-BOUNDARY", constraints);
///
/// while let Some(field) = multipart.next_field().await.unwrap() {
/// let content = field.text().await.unwrap();
/// assert_eq!(content, "abcd");
/// }
/// # }
/// # tokio::runtime::Runtime::new().unwrap().block_on(run());
/// ```
#[derive(Debug, Default)]
pub struct Constraints {
pub(crate) size_limit: SizeLimit,
pub(crate) allowed_fields: Option<Vec<String>>,
}
impl Constraints {
/// Creates a set of rules with default behaviour.
pub fn new() -> Constraints {
Constraints::default()
}
/// Applies rules on field's content length.
pub fn size_limit(self, size_limit: SizeLimit) -> Constraints {
Constraints {
size_limit,
allowed_fields: self.allowed_fields,
}
}
/// Specify which fields should be allowed, for any unknown field, the
/// [`next_field`](crate::Multipart::next_field) will throw an error.
pub fn allowed_fields<N: Into<String>>(self, allowed_fields: Vec<N>) -> Constraints {
let allowed_fields = allowed_fields.into_iter().map(|item| item.into()).collect();
Constraints {
size_limit: self.size_limit,
allowed_fields: Some(allowed_fields),
}
}
pub(crate) fn is_it_allowed(&self, field: Option<&str>) -> bool {
if let Some(ref allowed_fields) = self.allowed_fields {
field
.map(|field| allowed_fields.iter().any(|item| item == field))
.unwrap_or(false)
} else {
true
}
}
}