Struct rocket::data::Limits

source · 
pub struct Limits { /* private fields */ }
Expand description

Mapping from (hierarchical) data types to size limits.

A Limits structure contains a mapping from a given hierarchical data type (“form”, “data-form”, “ext/pdf”, and so on) to the maximum size in bytes that should be accepted by Rocket for said data type. For instance, if the limit for “form” is set to 256, only 256 bytes from an incoming non-data form (that is, url-encoded) will be accepted.

To help in preventing DoS attacks, all incoming data reads must capped by a limit. As such, all data guards impose a limit. The name of the limit is dictated by the data guard or type itself. For instance, Form imposes the form limit for value-based forms and data-form limit for data-based forms.

If a limit is exceeded, a guard will typically fail. The Capped type allows retrieving some data types even when the limit is exceeded.

Hierarchy

Data limits are hierarchical. The / (forward slash) character delimits the levels, or layers, of a given limit. To obtain a limit value for a given name, layers are peeled from right to left until a match is found, if any. For example, fetching the limit named pet/dog/bingo will return the first of pet/dog/bingo, pet/dog or pet:

use rocket::data::{Limits, ToByteUnit};

let limits = Limits::default()
    .limit("pet", 64.kibibytes())
    .limit("pet/dog", 128.kibibytes())
    .limit("pet/dog/bingo", 96.kibibytes());

assert_eq!(limits.get("pet/dog/bingo"), Some(96.kibibytes()));
assert_eq!(limits.get("pet/dog/ralph"), Some(128.kibibytes()));
assert_eq!(limits.get("pet/cat/bingo"), Some(64.kibibytes()));

assert_eq!(limits.get("pet/dog/bingo/hat"), Some(96.kibibytes()));

Built-in Limits

The following table details recognized built-in limits used by Rocket.

Limit NameDefaultTypeDescription
form32KiBFormentire non-data-based form
data-form2MiBFormentire data-based form
file1MiBTempFileTempFile data guard or form field
file/$extN/ATempFilefile form field with extension $ext
string8KiBStringdata guard or data form field
bytes8KiBVec<u8>data guard
json1MiBJsonJSON data and form payloads
msgpack1MiBMsgPackMessagePack data and form payloads

Usage

A Limits structure is created following the builder pattern:

use rocket::data::{Limits, ToByteUnit};

// Set a limit of 64KiB for forms, 3MiB for PDFs, and 1MiB for JSON.
let limits = Limits::default()
    .limit("form", 64.kibibytes())
    .limit("file/pdf", 3.mebibytes())
    .limit("json", 2.mebibytes());

The Limits::default() method populates the Limits structure with default limits in the table above. A configured limit can be retrieved via the &Limits request guard:

use std::io;

use rocket::data::{Data, Limits, ToByteUnit};

#[post("/echo", data = "<data>")]
async fn echo(data: Data<'_>, limits: &Limits) -> io::Result<String> {
    let limit = limits.get("data").unwrap_or(1.mebibytes());
    Ok(data.open(limit).into_string().await?.value)
}

…or via the Request::limits() method:

use rocket::request::Request;
use rocket::data::{self, Data, FromData};

#[rocket::async_trait]
impl<'r> FromData<'r> for MyType {
    type Error = MyError;

    async fn from_data(req: &'r Request<'_>, data: Data<'r>) -> data::Outcome<'r, Self> {
        let limit = req.limits().get("my-data-type");
        /* .. */
    }
}

Implementations§

source§

impl Limits

source

pub const FORM: ByteUnit = _

Default limit for value-based forms.

source

pub const DATA_FORM: ByteUnit = _

Default limit for data-based forms.

source

pub const FILE: ByteUnit = _

Default limit for temporary files.

source

pub const STRING: ByteUnit = _

Default limit for strings.

source

pub const BYTES: ByteUnit = _

Default limit for bytes.

source

pub const JSON: ByteUnit = _

Default limit for JSON payloads.

source

pub const MESSAGE_PACK: ByteUnit = _

Default limit for MessagePack payloads.

source

pub fn new() -> Self

Construct a new Limits structure with no limits set.

Example
use rocket::data::{Limits, ToByteUnit};

let limits = Limits::default();
assert_eq!(limits.get("form"), Some(32.kibibytes()));

let limits = Limits::new();
assert_eq!(limits.get("form"), None);
source

pub fn limit<S: Into<Uncased<'static>>>(self, name: S, limit: ByteUnit) -> Self

Adds or replaces a limit in self, consuming self and returning a new Limits structure with the added or replaced limit.

Example
use rocket::data::{Limits, ToByteUnit};

let limits = Limits::default();
assert_eq!(limits.get("form"), Some(32.kibibytes()));
assert_eq!(limits.get("json"), Some(1.mebibytes()));
assert_eq!(limits.get("cat"), None);

let limits = limits.limit("cat", 1.mebibytes());
assert_eq!(limits.get("form"), Some(32.kibibytes()));
assert_eq!(limits.get("cat"), Some(1.mebibytes()));

let limits = limits.limit("json", 64.mebibytes());
assert_eq!(limits.get("json"), Some(64.mebibytes()));
source

pub fn get<S: AsRef<str>>(&self, name: S) -> Option<ByteUnit>

Returns the limit named name, proceeding hierarchically from right to left until one is found, or returning None if none is found.

Example
use rocket::data::{Limits, ToByteUnit};

let limits = Limits::default()
    .limit("json", 2.mebibytes())
    .limit("file/jpeg", 4.mebibytes())
    .limit("file/jpeg/special", 8.mebibytes());

assert_eq!(limits.get("form"), Some(32.kibibytes()));
assert_eq!(limits.get("json"), Some(2.mebibytes()));
assert_eq!(limits.get("data-form"), Some(Limits::DATA_FORM));

assert_eq!(limits.get("file"), Some(1.mebibytes()));
assert_eq!(limits.get("file/png"), Some(1.mebibytes()));
assert_eq!(limits.get("file/jpeg"), Some(4.mebibytes()));
assert_eq!(limits.get("file/jpeg/inner"), Some(4.mebibytes()));
assert_eq!(limits.get("file/jpeg/special"), Some(8.mebibytes()));

assert!(limits.get("cats").is_none());
source

pub fn find<S: AsRef<str>, L: AsRef<[S]>>(&self, layers: L) -> Option<ByteUnit>

Returns the limit for the name created by joining the strings in layers with / as a separator, then proceeding like Limits::get(), hierarchically from right to left until one is found, or returning None if none is found.

This methods exists to allow finding hierarchical limits without constructing a string to call get() with but otherwise returns the same results.

Example
use rocket::data::{Limits, ToByteUnit};

let limits = Limits::default()
    .limit("json", 2.mebibytes())
    .limit("file/jpeg", 4.mebibytes())
    .limit("file/jpeg/special", 8.mebibytes());

assert_eq!(limits.find(["json"]), Some(2.mebibytes()));
assert_eq!(limits.find(["json", "person"]), Some(2.mebibytes()));

assert_eq!(limits.find(["file"]), Some(1.mebibytes()));
assert_eq!(limits.find(["file", "png"]), Some(1.mebibytes()));
assert_eq!(limits.find(["file", "jpeg"]), Some(4.mebibytes()));
assert_eq!(limits.find(["file", "jpeg", "inner"]), Some(4.mebibytes()));
assert_eq!(limits.find(["file", "jpeg", "special"]), Some(8.mebibytes()));

Trait Implementations§

source§

impl Clone for Limits

source§

fn clone(&self) -> Limits

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for Limits

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Default for Limits

source§

fn default() -> Limits

Returns the “default value” for a type. Read more
source§

impl<'de> Deserialize<'de> for Limits

source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
source§

impl Display for Limits

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl<'r> FromRequest<'r> for &'r Limits

§

type Error = Infallible

The associated error to be returned if derivation fails.
source§

fn from_request<'life0, 'async_trait>( req: &'r Request<'life0> ) -> Pin<Box<dyn Future<Output = Outcome<Self, Self::Error>> + Send + 'async_trait>>where Self: 'async_trait, 'r: 'async_trait, 'life0: 'async_trait,

Derives an instance of Self from the incoming request metadata. Read more
source§

impl PartialEq<Limits> for Limits

source§

fn eq(&self, other: &Limits) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl Serialize for Limits

source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
source§

impl Eq for Limits

source§

impl StructuralEq for Limits

source§

impl StructuralPartialEq for Limits

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
§

impl<'a, T> AsTaggedExplicit<'a> for Twhere T: 'a,

§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self>

§

impl<'a, T> AsTaggedImplicit<'a> for Twhere T: 'a,

§

fn implicit( self, class: Class, constructed: bool, tag: u32 ) -> TaggedParser<'a, Implicit, Self>

source§

impl<T> Borrow<T> for Twhere T: ?Sized,

const: unstable · source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

const: unstable · source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<Q, K> Equivalent<K> for Qwhere Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

source§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
source§

impl<T> From<T> for T

const: unstable · source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T> Instrument for T

source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
source§

impl<T, U> Into<U> for Twhere U: From<T>,

const: unstable · source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> IntoCollection<T> for T

source§

fn into_collection<A>(self) -> SmallVec<A>where A: Array<Item = T>,

Converts self into a collection.
source§

fn mapped<U, F, A>(self, f: F) -> SmallVec<A>where F: FnMut(T) -> U, A: Array<Item = U>,

source§

impl<T> Same<T> for T

§

type Output = T

Should always be Self
source§

impl<T> ToOwned for Twhere T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T> ToString for Twhere T: Display + ?Sized,

source§

default fn to_string(&self) -> String

Converts the given value to a String. Read more
source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
const: unstable · source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
const: unstable · source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for Twhere V: MultiLane<T>,

§

fn vzip(self) -> V

source§

impl<T> WithSubscriber for T

source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
source§

impl<T> DeserializeOwned for Twhere T: for<'de> Deserialize<'de>,