Bird
Raised Fist0
FastAPIframework~5 mins

File validation (size, type) in FastAPI

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction

We check files to make sure they are safe and the right kind before saving or using them.

When users upload profile pictures and you want only images under 2MB.
When accepting documents but only want PDFs or Word files.
When limiting file size to avoid using too much server space.
When preventing harmful files like executables from being uploaded.
Syntax
FastAPI
from fastapi import FastAPI, File, UploadFile, HTTPException
from fastapi.responses import JSONResponse

app = FastAPI()

@app.post("/upload/")
async def upload_file(file: UploadFile = File(...)):
    # Check file size and type here
    pass

Use UploadFile to handle uploaded files efficiently.

File size must be checked by reading the file content or using headers.

Examples
This example checks if the file is a JPEG or PNG and smaller than 2MB.
FastAPI
from fastapi import FastAPI, File, UploadFile, HTTPException

app = FastAPI()

@app.post("/upload/")
async def upload_file(file: UploadFile = File(...)):
    if file.content_type not in ["image/jpeg", "image/png"]:
        raise HTTPException(status_code=400, detail="Only JPEG or PNG files allowed")
    contents = await file.read()
    if len(contents) > 2_000_000:
        raise HTTPException(status_code=400, detail="File too large")
    return {"filename": file.filename, "size": len(contents)}
This example allows only PDF files up to 5MB.
FastAPI
from fastapi import FastAPI, File, UploadFile, HTTPException

app = FastAPI()

@app.post("/upload/")
async def upload_file(file: UploadFile = File(...)):
    allowed_types = ["application/pdf"]
    if file.content_type not in allowed_types:
        raise HTTPException(status_code=400, detail="Only PDF files allowed")
    contents = await file.read()
    max_size = 5_000_000  # 5MB
    if len(contents) > max_size:
        raise HTTPException(status_code=400, detail="File too large")
    return {"filename": file.filename, "size": len(contents)}
Sample Program

This FastAPI app has one endpoint /upload/. It accepts a file upload, checks if the file is a JPEG or PNG, and ensures it is smaller than 2MB. If checks fail, it sends an error. Otherwise, it returns the file name and size.

FastAPI
from fastapi import FastAPI, File, UploadFile, HTTPException
from fastapi.responses import JSONResponse

app = FastAPI()

@app.post("/upload/")
async def upload_file(file: UploadFile = File(...)):
    allowed_types = ["image/jpeg", "image/png"]
    max_size = 2_000_000  # 2MB

    if file.content_type not in allowed_types:
        raise HTTPException(status_code=400, detail="Only JPEG or PNG files allowed")

    contents = await file.read()
    if len(contents) > max_size:
        raise HTTPException(status_code=400, detail="File too large")

    return JSONResponse(content={"filename": file.filename, "size": len(contents)})
OutputSuccess
Important Notes

Always check file.content_type to verify file type before reading content.

Reading the whole file with await file.read() lets you check size but can use memory for big files.

For very large files, consider streaming or chunk reading to avoid memory issues.

Summary

File validation helps keep uploads safe and within limits.

Check both file type and size before accepting files.

FastAPI's UploadFile makes it easy to handle uploaded files asynchronously.

Practice

(1/5)
1. What is the main purpose of validating file size and type in a FastAPI upload endpoint?
easy
A. To ensure only allowed file types and sizes are accepted for security and performance
B. To automatically convert files to a specific format
C. To speed up the file upload process by skipping checks
D. To store files directly in the database without validation

Solution

  1. Step 1: Understand file validation purpose

    File validation ensures that only files meeting size and type rules are accepted.

  2. Step 2: Recognize security and performance reasons

    Validating prevents harmful files and avoids server overload from large files.

  3. Final Answer:

    To ensure only allowed file types and sizes are accepted for security and performance -> Option A

  4. Quick Check:

    File validation = security and performance [OK]
Hint: File validation protects server and users from bad files [OK]
Common Mistakes:
  • Thinking validation changes file content
  • Assuming validation speeds upload without checks
  • Ignoring security risks of unvalidated files
2. Which of the following is the correct way to declare a file upload parameter in a FastAPI endpoint to accept files asynchronously?
easy
A. def upload(file: UploadFile = File(...)):
B. def upload(file: str):
C. def upload(file: bytes):
D. def upload(file: int):

Solution

  1. Step 1: Identify FastAPI file upload type

    FastAPI uses UploadFile with File(...) to handle async file uploads.

  2. Step 2: Check parameter types

    Only UploadFile supports async file handling, bytes or str do not.

  3. Final Answer:

    def upload(file: UploadFile = File(...)): -> Option A

  4. Quick Check:

    UploadFile + File(...) = async file upload [OK]
Hint: Use UploadFile with File(...) for async uploads [OK]
Common Mistakes:
  • Using bytes or str instead of UploadFile
  • Missing File(...) dependency
  • Using int type for file parameter
3. Given this FastAPI code snippet, what will happen if a user uploads a 5MB PNG file? 
from fastapi import FastAPI, File, UploadFile, HTTPException

app = FastAPI()

@app.post('/upload')
async def upload(file: UploadFile = File(...)):
    if file.content_type not in ['image/png', 'image/jpeg']:
        raise HTTPException(status_code=400, detail='Invalid file type')
    contents = await file.read()
    if len(contents) > 2_000_000:
        raise HTTPException(status_code=400, detail='File too large')
    return {'filename': file.filename, 'size': len(contents)}
medium
A. Returns filename and size successfully
B. Raises HTTPException with 'File too large'
C. Raises HTTPException with 'Invalid file type'
D. Raises a syntax error

Solution

  1. Step 1: Check file type condition

    The file is PNG, which is allowed, so no error here.

  2. Step 2: Check file size condition

    The file size is 5MB (5,000,000 bytes), exceeding 2,000,000 limit, so it raises 'File too large'.

  3. Final Answer:

    Raises HTTPException with 'File too large' -> Option B

  4. Quick Check:

    File size > 2MB = 'File too large' error [OK]
Hint: Check size limit after reading file contents [OK]
Common Mistakes:
  • Confusing file type error with size error
  • Not reading file contents before size check
  • Assuming no error for large files
4. Identify the error in this FastAPI file validation code: 
from fastapi import FastAPI, File, UploadFile, HTTPException

app = FastAPI()

@app.post('/upload')
async def upload(file: UploadFile = File(...)):
    if file.content_type != 'image/png' or file.content_type != 'image/jpeg':
        raise HTTPException(status_code=400, detail='Invalid file type')
    contents = await file.read()
    if len(contents) > 1_000_000:
        raise HTTPException(status_code=400, detail='File too large')
    return {'filename': file.filename}
medium
A. The file size check uses wrong comparison operator
B. UploadFile should not be used with File(...)
C. The file type condition always raises error due to incorrect logic
D. Missing await keyword before file.read()

Solution

  1. Step 1: Analyze file type condition logic

    The condition uses 'or' with != checks, so it is always true (a file can't be both types).

  2. Step 2: Understand consequence of condition

    This causes the error to always raise, rejecting all files incorrectly.

  3. Final Answer:

    The file type condition always raises error due to incorrect logic -> Option C

  4. Quick Check:

    Incorrect 'or' with != always true = logic error [OK]
Hint: Use 'and' when checking multiple 'not equals' conditions [OK]
Common Mistakes:
  • Using 'or' instead of 'and' in file type checks
  • Forgetting to await file.read()
  • Misunderstanding UploadFile usage
5. You want to create a FastAPI endpoint that accepts only PDF files smaller than 3MB. Which code snippet correctly implements this validation?
hard
A. async def upload(file: UploadFile = File(...)): contents = await file.read() if file.content_type == 'application/pdf' or len(contents) < 3_000_000: return {'filename': file.filename} raise HTTPException(400, 'Invalid file')
B. async def upload(file: UploadFile = File(...)): if file.content_type == 'application/pdf' or len(await file.read()) < 3_000_000: return {'filename': file.filename} raise HTTPException(400, 'Invalid file')
C. async def upload(file: UploadFile = File(...)): if file.content_type == 'application/pdf' or len(await file.read()) > 3_000_000: raise HTTPException(400, 'Invalid file') return {'filename': file.filename}
D. async def upload(file: UploadFile = File(...)): if file.content_type != 'application/pdf': raise HTTPException(400, 'Invalid type') contents = await file.read() if len(contents) > 3_000_000: raise HTTPException(400, 'Too large') return {'filename': file.filename}

Solution

  1. Step 1: Check file type validation

    Correct snippet uses != 'application/pdf' to reject invalid types before reading contents. Distractors misuse operators like 'or' instead of 'and' or check type after reading.

  2. Step 2: Check file size validation

    After type approval, read contents once and raise if len > 3_000_000. Combined conditions fail due to incorrect logic.

  3. Final Answer:

    Separate type (!=) and size (> 3MB) checks -> Option D

  4. Quick Check:

    != type reject + read then > size reject [OK]
Hint: Check type and size separately with correct logic [OK]
Common Mistakes:
  • Using 'or' instead of 'and' in conditions
  • Reading file multiple times causing empty content
  • Incorrect comparison operators in conditions