modo-rs 0.11.0

Rust web framework for small monolithic apps
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371

# modo::extractor

Sanitizing axum extractors for request bodies, query strings, and multipart uploads
(modo 0.11).

All sanitizing extractors call [`Sanitize::sanitize`](../sanitize/index.html) on the
deserialized value before returning it, so whitespace trimming and other normalization
happen automatically. Every rejection is a `modo::Error` that renders through
`Error::into_response()` — handlers never see raw HTTP responses.

## Extractors

| Type                  | Extracts                               | Trait impl          | Rejection (`modo::Error`)                                                                                |
| --------------------- | -------------------------------------- | ------------------- | -------------------------------------------------------------------------------------------------------- |
| `JsonRequest<T>`      | JSON request body                      | `FromRequest`       | `400 Bad Request` — missing/invalid content-type, malformed JSON, deserialization into `T` failed        |
| `FormRequest<T>`      | URL-encoded form body                  | `FromRequest`       | `400 Bad Request` — body is not valid `application/x-www-form-urlencoded` or cannot deserialize into `T` |
| `Query<T>`            | URL query string                       | `FromRequestParts`  | `400 Bad Request` — query string cannot deserialize into `T`                                             |
| `MultipartRequest<T>` | `multipart/form-data` body → `(T, Files)` | `FromRequest`    | `400 Bad Request` — not valid multipart, a field cannot be read, or text fields cannot deserialize into `T` |
| `Path<T>`             | URL path parameters (axum re-export)   | `FromRequestParts`  | axum's `PathRejection` — no sanitization                                                                 |
| `UploadedFile`        | Single file from a multipart field     | value type          ||
| `Files`               | Map of field names to uploaded files   | value type          ||
| `UploadValidator<'_>` | Fluent size/content-type validator     | value type          | `.check()` returns `422 Unprocessable Entity` with a `details` payload listing violations                |

`T: DeserializeOwned + Sanitize` applies to every extractor except `Path<T>` (only
`DeserializeOwned`).

### Optional extractors

In axum 0.8, `Option<MyExtractor>` requires an explicit `OptionalFromRequestParts`
impl — none is provided for the modo extractors above. Instead, make the wrapped
type tolerant: use `#[serde(default)]` or `Option<_>` fields on the deserialized
struct (e.g. `SearchParams { q: Option<String>, page: Option<u32> }`).

## Usage

### JSON body

```rust
use modo::extractor::JsonRequest;
use modo::sanitize::Sanitize;
use serde::Deserialize;

#[derive(Deserialize)]
struct CreateItem {
    name: String,
}

impl Sanitize for CreateItem {
    fn sanitize(&mut self) {
        self.name = self.name.trim().to_string();
    }
}

async fn create(JsonRequest(body): JsonRequest<CreateItem>) {
    // body.name is already trimmed
}
```

### URL-encoded form

```rust
use modo::extractor::FormRequest;
use modo::sanitize::Sanitize;
use serde::Deserialize;

#[derive(Deserialize)]
struct LoginForm {
    username: String,
    password: String,
}

impl Sanitize for LoginForm {
    fn sanitize(&mut self) {
        self.username = self.username.trim().to_lowercase();
    }
}

async fn login(FormRequest(form): FormRequest<LoginForm>) {
    // form.username is trimmed and lowercased
}
```

`FormRequest` reads the body through `axum::body::Bytes`, so any
`DefaultBodyLimit` (or `RequestBodyLimit` middleware) you apply to the router is
honored — oversized requests short-circuit with `413 Payload Too Large` before any
deserialization runs.

#### Repeated keys (multi-select checkboxes / dropdowns)

`FormRequest`, `Query`, and the text-field side of `MultipartRequest` deserialize via
`serde_qs`, so a repeated form key populates a `Vec<…>` field. A 7-checkbox work-day
picker that posts `work_days=1&work_days=2&work_days=3&work_days=4&work_days=5`
arrives as `Vec<u8>` with five elements:

```rust
use modo::extractor::FormRequest;
use modo::sanitize::Sanitize;
use serde::Deserialize;

#[derive(Deserialize)]
struct NewEmployee {
    name: String,
    work_days: Vec<u8>,        // multi-select checkbox group
    policy_ids: Vec<String>,   // multi-select list
}

impl Sanitize for NewEmployee {
    fn sanitize(&mut self) {
        self.name = self.name.trim().to_string();
    }
}

async fn create(FormRequest(form): FormRequest<NewEmployee>) {
    // form.work_days = [1, 2, 3, 4, 5]
}
```

#### Nested structs (bracketed keys)

For grouped fields, use bracket notation in the input names:

```html
<input name="address[city]" />
<input name="address[postcode]" />
```

```rust
#[derive(Deserialize)]
struct Address { city: String, postcode: String }

#[derive(Deserialize)]
struct OrderForm { customer_email: String, address: Address }

impl Sanitize for OrderForm {
    fn sanitize(&mut self) {
        self.customer_email = self.customer_email.trim().to_lowercase();
    }
}

async fn place_order(FormRequest(o): FormRequest<OrderForm>) {
    // o.address.city, o.address.postcode
}
```

#### `Vec<Struct>` for dynamic rows (htmx, JS-added rows)

For per-row dynamic forms — e.g. a contact list where each row has `kind`, `value`,
and `comment` — use **indexed** bracket notation. The index disambiguates which
fields belong to which row:

```html
<!-- Row 0 -->
<input name="contacts[0][kind]"    value="email" />
<input name="contacts[0][value]"   value="a@b.com" />
<input name="contacts[0][comment]" value="primary" />
<!-- Row 1 -->
<input name="contacts[1][kind]"    value="phone" />
<input name="contacts[1][value]"   value="555-0100" />
<input name="contacts[1][comment]" value="" />
```

```rust
#[derive(Deserialize)]
struct Contact { kind: String, value: String, comment: String }

#[derive(Deserialize)]
struct NewClient { name: String, contacts: Vec<Contact> }

impl Sanitize for NewClient {
    fn sanitize(&mut self) { self.name = self.name.trim().to_string(); }
}

async fn save(FormRequest(c): FormRequest<NewClient>) {
    // c.contacts is one entry per submitted row, in index order
}
```

> **Indexed names are required for `Vec<Struct>`.** Without indices the
> deserializer cannot tell which fields belong to which row. For top-level
> `Vec<scalar>` fields (e.g. `tag=a&tag=b`) the indices are optional.

#### Files alongside nested fields (multipart)

`MultipartRequest<T>` returns `(T, Files)`. Nested-struct deserialization applies to
the text fields in `T`; uploaded files come back through the `Files` map keyed by
the multipart field name (which can itself use bracket notation):

```rust
use modo::extractor::{MultipartRequest, Files};

# use serde::Deserialize;
# use modo::sanitize::Sanitize;
#[derive(Deserialize)]
struct Contact { kind: String, value: String }
#[derive(Deserialize)]
struct NewClient { name: String, contacts: Vec<Contact> }
impl Sanitize for NewClient { fn sanitize(&mut self) {} }

async fn save(MultipartRequest(c, mut files): MultipartRequest<NewClient>) {
    let avatar = files.file("avatar"); // Option<UploadedFile>
}
```

### Query string

```rust
use modo::extractor::Query;
use modo::sanitize::Sanitize;
use serde::Deserialize;

#[derive(Deserialize)]
struct SearchParams {
    q: String,
    page: Option<u32>,
}

impl Sanitize for SearchParams {
    fn sanitize(&mut self) {
        self.q = self.q.trim().to_lowercase();
    }
}

async fn search(Query(params): Query<SearchParams>) {
    // params.q is trimmed and lowercased
}
```

#### Nested filters and percent-encoded brackets

`Query<T>` uses `serde_qs` form-encoding mode, so it accepts both bare brackets and
the percent-encoded form most browsers emit when JS builds the URL with
`URLSearchParams`. Both of these decode into the same `Filter` struct:

```text
GET /clients?filter[status]=active&filter[role]=admin
GET /clients?filter%5Bstatus%5D=active&filter%5Brole%5D=admin
```

```rust
use modo::extractor::Query;
use modo::sanitize::Sanitize;
use serde::Deserialize;

#[derive(Deserialize)]
struct Filter { status: String, role: String }

#[derive(Deserialize)]
struct ListClients {
    page: Option<u32>,
    filter: Filter,           // filter[status]=…&filter[role]=…
    tags: Vec<String>,        // tags=a&tags=b
}

impl Sanitize for ListClients {
    fn sanitize(&mut self) {}
}

async fn list_clients(Query(p): Query<ListClients>) {
    // p.filter.status == "active" for either bracket encoding above
}
```

### Path parameters

`Path<T>` is re-exported from axum unchanged; it does not sanitize.

```rust
use modo::extractor::Path;

async fn show_item(Path(id): Path<String>) {
    // id is the matched path segment
}
```

### Multipart file upload

`MultipartRequest<T>` deconstructs into `(T, Files)`. Text fields are deserialized and
sanitized into `T`; file fields are accessible through the [`Files`] map.

```rust
use modo::extractor::{MultipartRequest, Files};
use modo::sanitize::Sanitize;
use modo::Result;
use serde::Deserialize;

#[derive(Deserialize)]
struct ProfileForm {
    display_name: String,
}

impl Sanitize for ProfileForm {
    fn sanitize(&mut self) {
        self.display_name = self.display_name.trim().to_string();
    }
}

async fn update_profile(
    MultipartRequest(form, mut files): MultipartRequest<ProfileForm>,
) -> Result<()> {
    if let Some(avatar) = files.file("avatar") {
        // avatar.name, avatar.content_type, avatar.size, avatar.data
        avatar.validate()
            .max_size(5 * 1024 * 1024)  // 5 MB
            .accept("image/*")
            .check()?;
    }
    Ok(())
}
```

`Files` exposes three accessors for a given field name:

- `files.get("field")` — shared `Option<&UploadedFile>` reference to the first file.
- `files.file("field")` — takes ownership of the first `UploadedFile`.
- `files.files("field")` — takes ownership of all `UploadedFile` values.

### File validation

`UploadedFile::validate()` returns an `UploadValidator` for fluent constraint checking.
All violations are collected before the error is returned (422 Unprocessable Entity).

Supported patterns for `.accept`: exact (`"image/png"`), wildcard subtype (`"image/*"`),
and catch-all (`"*/*"`). Parameters after `;` in the content type are stripped before
matching.

```rust
use modo::extractor::UploadedFile;

fn check_avatar(file: &UploadedFile) -> modo::Result<()> {
    file.validate()
        .max_size(2 * 1024 * 1024)  // 2 MB
        .accept("image/*")          // allow any image type
        .check()
}
```

`UploadedFile::extension()` returns the lowercased extension without the leading dot
(e.g. `Some("jpg")` for `"photo.JPG"`), or `None` if the filename has no extension.

## Advanced use

### Building `Files` from a pre-existing map

`Files::from_map` lets you construct a [`Files`] collection from a
`HashMap<String, Vec<UploadedFile>>` that you assembled yourself — useful in tests or
when pre-processing fields before passing them to application logic.

```rust,no_run
use std::collections::HashMap;
use modo::extractor::{Files, UploadedFile};

let map: HashMap<String, Vec<UploadedFile>> = HashMap::new();
let files = Files::from_map(map);
```

### Reading a single multipart field manually

`UploadedFile::from_field` consumes an `axum_extra` multipart field and reads it fully
into memory. Prefer [`MultipartRequest`] for ordinary handlers; use this only when you
need to process fields one-by-one before all fields have been consumed.

```rust,no_run
use axum_extra::extract::multipart::Field;
use modo::extractor::UploadedFile;

async fn process_field(field: Field) -> modo::Result<()> {
    let file = UploadedFile::from_field(field).await?;
    println!("received {} ({} bytes)", file.name, file.size);
    Ok(())
}
```