Bird
Raised Fist0
FastAPIframework~30 mins

File validation (size, type) in FastAPI - Mini Project: Build & Apply

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
File validation (size, type) with FastAPI
📖 Scenario: You are building a simple web API that accepts file uploads. To keep your server safe and efficient, you want to check that uploaded files are not too large and are of allowed types.
🎯 Goal: Create a FastAPI app that accepts a file upload and validates the file size and type before accepting it.
📋 What You'll Learn
Create a FastAPI app instance named app
Create an endpoint /upload that accepts a file upload using UploadFile
Add a configuration variable MAX_FILE_SIZE set to 1_000_000 bytes (1 MB)
Check the uploaded file's content type is either image/jpeg or image/png
Check the uploaded file's size does not exceed MAX_FILE_SIZE
Return a JSON response with a success message if validations pass
💡 Why This Matters
🌍 Real World
File upload validation is essential for web apps that accept user files to prevent server overload and security risks.
💼 Career
Backend developers often implement file validation to ensure safe and efficient file handling in APIs.
Progress0 / 4 steps
1
Create FastAPI app and upload endpoint
Import FastAPI and UploadFile from fastapi. Create a FastAPI app instance called app. Define a POST endpoint /upload that accepts a parameter file of type UploadFile.
FastAPI
Hint

Start by importing FastAPI and UploadFile. Then create the app and define the upload function with the correct decorator and parameter.

2
Add max file size configuration
Add a variable called MAX_FILE_SIZE and set it to 1_000_000 (1 million bytes).
FastAPI
Hint

Define a constant variable for the maximum allowed file size in bytes.

3
Check file type and size
Inside the upload function, check if file.content_type is either image/jpeg or image/png. Then read the file content using await file.read() and check if its length is less than or equal to MAX_FILE_SIZE.
FastAPI
Hint

Use an if statement to check the content type. Use await file.read() to get the file bytes and check its length.

4
Return success message
If the file passes both checks, return a dictionary with message key and value "File uploaded successfully".
FastAPI
Hint

Return a success message dictionary if all validations pass.

Practice

(1/5)
1. What is the main purpose of validating file size and type in a FastAPI upload endpoint?
easy
A. To ensure only allowed file types and sizes are accepted for security and performance
B. To automatically convert files to a specific format
C. To speed up the file upload process by skipping checks
D. To store files directly in the database without validation

Solution

  1. Step 1: Understand file validation purpose

    File validation ensures that only files meeting size and type rules are accepted.

  2. Step 2: Recognize security and performance reasons

    Validating prevents harmful files and avoids server overload from large files.

  3. Final Answer:

    To ensure only allowed file types and sizes are accepted for security and performance -> Option A

  4. Quick Check:

    File validation = security and performance [OK]
Hint: File validation protects server and users from bad files [OK]
Common Mistakes:
  • Thinking validation changes file content
  • Assuming validation speeds upload without checks
  • Ignoring security risks of unvalidated files
2. Which of the following is the correct way to declare a file upload parameter in a FastAPI endpoint to accept files asynchronously?
easy
A. def upload(file: UploadFile = File(...)):
B. def upload(file: str):
C. def upload(file: bytes):
D. def upload(file: int):

Solution

  1. Step 1: Identify FastAPI file upload type

    FastAPI uses UploadFile with File(...) to handle async file uploads.

  2. Step 2: Check parameter types

    Only UploadFile supports async file handling, bytes or str do not.

  3. Final Answer:

    def upload(file: UploadFile = File(...)): -> Option A

  4. Quick Check:

    UploadFile + File(...) = async file upload [OK]
Hint: Use UploadFile with File(...) for async uploads [OK]
Common Mistakes:
  • Using bytes or str instead of UploadFile
  • Missing File(...) dependency
  • Using int type for file parameter
3. Given this FastAPI code snippet, what will happen if a user uploads a 5MB PNG file? 
from fastapi import FastAPI, File, UploadFile, HTTPException

app = FastAPI()

@app.post('/upload')
async def upload(file: UploadFile = File(...)):
    if file.content_type not in ['image/png', 'image/jpeg']:
        raise HTTPException(status_code=400, detail='Invalid file type')
    contents = await file.read()
    if len(contents) > 2_000_000:
        raise HTTPException(status_code=400, detail='File too large')
    return {'filename': file.filename, 'size': len(contents)}
medium
A. Returns filename and size successfully
B. Raises HTTPException with 'File too large'
C. Raises HTTPException with 'Invalid file type'
D. Raises a syntax error

Solution

  1. Step 1: Check file type condition

    The file is PNG, which is allowed, so no error here.

  2. Step 2: Check file size condition

    The file size is 5MB (5,000,000 bytes), exceeding 2,000,000 limit, so it raises 'File too large'.

  3. Final Answer:

    Raises HTTPException with 'File too large' -> Option B

  4. Quick Check:

    File size > 2MB = 'File too large' error [OK]
Hint: Check size limit after reading file contents [OK]
Common Mistakes:
  • Confusing file type error with size error
  • Not reading file contents before size check
  • Assuming no error for large files
4. Identify the error in this FastAPI file validation code: 
from fastapi import FastAPI, File, UploadFile, HTTPException

app = FastAPI()

@app.post('/upload')
async def upload(file: UploadFile = File(...)):
    if file.content_type != 'image/png' or file.content_type != 'image/jpeg':
        raise HTTPException(status_code=400, detail='Invalid file type')
    contents = await file.read()
    if len(contents) > 1_000_000:
        raise HTTPException(status_code=400, detail='File too large')
    return {'filename': file.filename}
medium
A. The file size check uses wrong comparison operator
B. UploadFile should not be used with File(...)
C. The file type condition always raises error due to incorrect logic
D. Missing await keyword before file.read()

Solution

  1. Step 1: Analyze file type condition logic

    The condition uses 'or' with != checks, so it is always true (a file can't be both types).

  2. Step 2: Understand consequence of condition

    This causes the error to always raise, rejecting all files incorrectly.

  3. Final Answer:

    The file type condition always raises error due to incorrect logic -> Option C

  4. Quick Check:

    Incorrect 'or' with != always true = logic error [OK]
Hint: Use 'and' when checking multiple 'not equals' conditions [OK]
Common Mistakes:
  • Using 'or' instead of 'and' in file type checks
  • Forgetting to await file.read()
  • Misunderstanding UploadFile usage
5. You want to create a FastAPI endpoint that accepts only PDF files smaller than 3MB. Which code snippet correctly implements this validation?
hard
A. async def upload(file: UploadFile = File(...)): contents = await file.read() if file.content_type == 'application/pdf' or len(contents) < 3_000_000: return {'filename': file.filename} raise HTTPException(400, 'Invalid file')
B. async def upload(file: UploadFile = File(...)): if file.content_type == 'application/pdf' or len(await file.read()) < 3_000_000: return {'filename': file.filename} raise HTTPException(400, 'Invalid file')
C. async def upload(file: UploadFile = File(...)): if file.content_type == 'application/pdf' or len(await file.read()) > 3_000_000: raise HTTPException(400, 'Invalid file') return {'filename': file.filename}
D. async def upload(file: UploadFile = File(...)): if file.content_type != 'application/pdf': raise HTTPException(400, 'Invalid type') contents = await file.read() if len(contents) > 3_000_000: raise HTTPException(400, 'Too large') return {'filename': file.filename}

Solution

  1. Step 1: Check file type validation

    Correct snippet uses != 'application/pdf' to reject invalid types before reading contents. Distractors misuse operators like 'or' instead of 'and' or check type after reading.

  2. Step 2: Check file size validation

    After type approval, read contents once and raise if len > 3_000_000. Combined conditions fail due to incorrect logic.

  3. Final Answer:

    Separate type (!=) and size (> 3MB) checks -> Option D

  4. Quick Check:

    != type reject + read then > size reject [OK]
Hint: Check type and size separately with correct logic [OK]
Common Mistakes:
  • Using 'or' instead of 'and' in conditions
  • Reading file multiple times causing empty content
  • Incorrect comparison operators in conditions