Crate multer

source ·
Expand description

An async parser for multipart/form-data content-type in Rust.

It accepts a Stream of Bytes, or with the tokio-io feature enabled, an AsyncRead reader as a source, so that it can be plugged into any async Rust environment e.g. any async server.


use std::convert::Infallible;

use bytes::Bytes;
// Import multer types.
use futures_util::stream::once;
use futures_util::stream::Stream;
use multer::Multipart;

async fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Generate a byte stream and the boundary from somewhere e.g. server request body.
    let (stream, boundary) = get_byte_stream_from_somewhere().await;

    // Create a `Multipart` instance from that byte stream and the boundary.
    let mut multipart = Multipart::new(stream, boundary);

    // Iterate over the fields, use `next_field()` to get the next field.
    while let Some(mut field) = multipart.next_field().await? {
        // Get field name.
        let name =;
        // Get the field's filename if provided in "Content-Disposition" header.
        let file_name = field.file_name();

        println!("Name: {:?}, File Name: {:?}", name, file_name);

        // Process the field data chunks e.g. store them in a file.
        while let Some(chunk) = field.chunk().await? {
            // Do something with field chunk.
            println!("Chunk: {:?}", chunk);


// Generate a byte stream and the boundary from somewhere e.g. server request body.
async fn get_byte_stream_from_somewhere(
) -> (impl Stream<Item = Result<Bytes, Infallible>>, &'static str) {
    let data = "--X-BOUNDARY\r\nContent-Disposition: form-data; \

    let stream = once(async move { Result::<Bytes, Infallible>::Ok(Bytes::from(data)) });
    (stream, "X-BOUNDARY")

Prevent Denial of Service (DoS) Attack

This crate also provides some APIs to prevent potential DoS attacks with fine grained control. It’s recommended to add some constraints on field (specially text field) size to avoid potential DoS attacks from attackers running the server out of memory.

An example:

use multer::{Constraints, Multipart, SizeLimit};

// Create some constraints to be applied to the fields to prevent DoS attack.
let constraints = Constraints::new()
    // We only accept `my_text_field` and `my_file_field` fields,
    // For any unknown field, we will throw an error.
    .allowed_fields(vec!["my_text_field", "my_file_field"])
            // Set 15mb as size limit for the whole stream body.
            .whole_stream(15 * 1024 * 1024)
            // Set 10mb as size limit for all fields.
            .per_field(10 * 1024 * 1024)
            // Set 30kb as size limit for our text field only.
            .for_field("my_text_field", 30 * 1024),

// Create a `Multipart` instance from a stream and the constraints.
let mut multipart = Multipart::with_constraints(some_stream, "X-BOUNDARY", constraints);

while let Some(field) = multipart.next_field().await.unwrap() {
    let content = field.text().await.unwrap();
    assert_eq!(content, "abcd");

Please refer Constraints for more info.

Usage with server

An example showing usage with

For more examples, please visit examples.



  • Represents some rules to be applied on the stream and field’s content size to prevent DoS attacks.
  • A single field in a multipart stream.
  • Represents the implementation of multipart/form-data formatted data.
  • Represents size limit of the stream to prevent DoS attacks.


  • A set of errors that can occur during parsing multipart stream and in other operations.


  • Parses the Content-Type header to extract the boundary value.

Type Definitions

  • A Result type often returned from methods that can have multer errors.