Add `max_part_size` parameter to `MultiPartParser` (#2815)

author Irfanuddin Shafi Ahmed <irfanudeen08@gmail.com>

Sat, 28 Dec 2024 04:57:20 +0000 (08:57 +0400)

committer GitHub <noreply@github.com>

Sat, 28 Dec 2024 04:57:20 +0000 (04:57 +0000)
author Irfanuddin Shafi Ahmed <irfanudeen08@gmail.com>
Sat, 28 Dec 2024 04:57:20 +0000 (08:57 +0400)
committer GitHub <noreply@github.com>
Sat, 28 Dec 2024 04:57:20 +0000 (04:57 +0000)
diff --git a/docs/requests.md b/docs/requests.md

index 9140bb964f7c49c4718455542d5f25ed3f9a39e9..368755f137f54a89815da65fcd2275bd2bb34577 100644 (file)
--- a/docs/requests.md
+++ b/docs/requests.md
@@ -113,12 +113,12 @@ state with `disconnected = await request.is_disconnected()`.
  
  Request files are normally sent as multipart form data (`multipart/form-data`).
  
-Signature: `request.form(max_files=1000, max_fields=1000)`
+Signature: `request.form(max_files=1000, max_fields=1000, max_part_size=1024*1024)`
  
-You can configure the number of maximum fields or files with the parameters `max_files` and `max_fields`:
+You can configure the number of maximum fields or files with the parameters `max_files` and `max_fields`; and part size using `max_part_size`:
  
  ```python
-async with request.form(max_files=1000, max_fields=1000):
+async with request.form(max_files=1000, max_fields=1000, max_part_size=1024*1024):
      ...
  ```
  
diff --git a/starlette/formparsers.py b/starlette/formparsers.py

index 82e2ad1955fd039ba27a5e69959bf2f89affa998..87d262c1d8e4837bc41a21e654ba5c74ee8ee900 100644 (file)
--- a/starlette/formparsers.py
+++ b/starlette/formparsers.py
@@ -123,7 +123,6 @@ class FormParser:
  
  class MultiPartParser:
      max_file_size = 1024 * 1024  # 1MB
-    max_part_size = 1024 * 1024  # 1MB
  
      def __init__(
          self,
@@ -132,6 +131,7 @@ class MultiPartParser:
          *,
          max_files: int | float = 1000,
          max_fields: int | float = 1000,
+        max_part_size: int = 1024 * 1024,  # 1MB
      ) -> None:
          assert multipart is not None, "The `python-multipart` library must be installed to use form parsing."
          self.headers = headers
@@ -148,6 +148,7 @@ class MultiPartParser:
          self._file_parts_to_write: list[tuple[MultipartPart, bytes]] = []
          self._file_parts_to_finish: list[MultipartPart] = []
          self._files_to_close_on_error: list[SpooledTemporaryFile[bytes]] = []
+        self.max_part_size = max_part_size
  
      def on_part_begin(self) -> None:
          self._current_part = MultipartPart()
diff --git a/starlette/requests.py b/starlette/requests.py

index f85a3b914939abfa4b70c73659178d836787bf84..992988a4572d5908b9bf0d67e7c4f8ae6a11e93b 100644 (file)
--- a/starlette/requests.py
+++ b/starlette/requests.py
@@ -249,7 +249,13 @@ class Request(HTTPConnection):
              self._json = json.loads(body)
          return self._json
  
-    async def _get_form(self, *, max_files: int | float = 1000, max_fields: int | float = 1000) -> FormData:
+    async def _get_form(
+        self,
+        *,
+        max_files: int | float = 1000,
+        max_fields: int | float = 1000,
+        max_part_size: int = 1024 * 1024,
+    ) -> FormData:
          if self._form is None:  # pragma: no branch
              assert (
                  parse_options_header is not None
@@ -264,6 +270,7 @@ class Request(HTTPConnection):
                          self.stream(),
                          max_files=max_files,
                          max_fields=max_fields,
+                        max_part_size=max_part_size,
                      )
                      self._form = await multipart_parser.parse()
                  except MultiPartException as exc:
@@ -278,9 +285,15 @@ class Request(HTTPConnection):
          return self._form
  
      def form(
-        self, *, max_files: int | float = 1000, max_fields: int | float = 1000
+        self,
+        *,
+        max_files: int | float = 1000,
+        max_fields: int | float = 1000,
+        max_part_size: int = 1024 * 1024,
      ) -> AwaitableOrContextManager[FormData]:
-        return AwaitableOrContextManagerWrapper(self._get_form(max_files=max_files, max_fields=max_fields))
+        return AwaitableOrContextManagerWrapper(
+            self._get_form(max_files=max_files, max_fields=max_fields, max_part_size=max_part_size)
+        )
  
      async def close(self) -> None:
          if self._form is not None:  # pragma: no branch
diff --git a/tests/test_formparsers.py b/tests/test_formparsers.py

index 64efdbdbcb3441d15bef19574ac78dc52f2451bd..f781a9ecb302abf6b81e911127e233f0d13905a2 100644 (file)
--- a/tests/test_formparsers.py
+++ b/tests/test_formparsers.py
@@ -104,10 +104,10 @@ async def app_read_body(scope: Scope, receive: Receive, send: Send) -> None:
      await response(scope, receive, send)
  
  
-def make_app_max_parts(max_files: int = 1000, max_fields: int = 1000) -> ASGIApp:
+def make_app_max_parts(max_files: int = 1000, max_fields: int = 1000, max_part_size: int = 1024 * 1024) -> ASGIApp:
      async def app(scope: Scope, receive: Receive, send: Send) -> None:
          request = Request(scope, receive)
-        data = await request.form(max_files=max_files, max_fields=max_fields)
+        data = await request.form(max_files=max_files, max_fields=max_fields, max_part_size=max_part_size)
          output: dict[str, typing.Any] = {}
          for key, value in data.items():
              if isinstance(value, UploadFile):
@@ -699,3 +699,43 @@ def test_max_part_size_exceeds_limit(
          response = client.post("/", data=multipart_data, headers=headers)  # type: ignore
          assert response.status_code == 400
          assert response.text == "Part exceeded maximum size of 1024KB."
+
+
+@pytest.mark.parametrize(
+    "app,expectation",
+    [
+        (make_app_max_parts(max_part_size=1024 * 10), pytest.raises(MultiPartException)),
+        (
+            Starlette(routes=[Mount("/", app=make_app_max_parts(max_part_size=1024 * 10))]),
+            does_not_raise(),
+        ),
+    ],
+)
+def test_max_part_size_exceeds_custom_limit(
+    app: ASGIApp,
+    expectation: typing.ContextManager[Exception],
+    test_client_factory: TestClientFactory,
+) -> None:
+    client = test_client_factory(app)
+    boundary = "------------------------4K1ON9fZkj9uCUmqLHRbbR"
+
+    multipart_data = (
+        f"--{boundary}\r\n"
+        f'Content-Disposition: form-data; name="small"\r\n\r\n'
+        "small content\r\n"
+        f"--{boundary}\r\n"
+        f'Content-Disposition: form-data; name="large"\r\n\r\n'
+        + ("x" * 1024 * 10 + "x")  # 1MB + 1 byte of data
+        + "\r\n"
+        f"--{boundary}--\r\n"
+    ).encode("utf-8")
+
+    headers = {
+        "Content-Type": f"multipart/form-data; boundary={boundary}",
+        "Transfer-Encoding": "chunked",
+    }
+
+    with expectation:
+        response = client.post("/", content=multipart_data, headers=headers)
+        assert response.status_code == 400
+        assert response.text == "Part exceeded maximum size of 10KB."
author	Irfanuddin Shafi Ahmed <irfanudeen08@gmail.com>
	Sat, 28 Dec 2024 04:57:20 +0000 (08:57 +0400)
committer	GitHub <noreply@github.com>
	Sat, 28 Dec 2024 04:57:20 +0000 (04:57 +0000)
docs/requests.md		patch \| blob \| blame \| history
starlette/formparsers.py		patch \| blob \| blame \| history
starlette/requests.py		patch \| blob \| blame \| history
tests/test_formparsers.py		patch \| blob \| blame \| history