How to get user data from HTML form in Rocket handler?

2 min read 05-10-2024

How to get user data from HTML form in Rocket handler?

Capturing User Data from HTML Forms in Rocket Handlers

Rocket, a powerful web framework for Rust, offers a streamlined way to build web applications. One essential task is capturing user data submitted through HTML forms. This article will guide you through the process of extracting form data in your Rocket handlers.

The Scenario

Imagine a simple login form:

<!DOCTYPE html>
<html>
<head>
  <title>Login Form</title>
</head>
<body>
  <form method="POST" action="/login">
    <label for="username">Username:</label><br>
    <input type="text" id="username" name="username"><br><br>
    <label for="password">Password:</label><br>
    <input type="password" id="password" name="password"><br><br>
    <input type="submit" value="Login">
  </form>
</body>
</html>

This form submits the user's input to the /login route. Let's see how to handle this in Rocket.

Rocket Handler Implementation

use rocket::form::{Form, FromForm};
use rocket::http::Status;
use rocket::serde::Deserialize;

#[derive(Deserialize, FromForm)]
struct LoginForm {
    username: String,
    password: String,
}

#[post("/login", data = "<form>")]
fn login(form: Form<LoginForm>) -> Status {
    // Process the form data:
    let username = &form.username;
    let password = &form.password;

    // Here you would typically validate the username and password,
    // check if they match in a database, etc.

    // If login is successful, redirect to the user's dashboard or other pages.
    // If not, return an error status code or display an error message.

    Status::Ok
}

#[launch]
fn rocket() -> _ {
    rocket::build().mount("/", routes![login])
}

Explanation

#[derive(Deserialize, FromForm)]: This macro tells Rocket to automatically deserialize the form data into a Rust struct called LoginForm.
LoginForm: This struct holds the fields username and password, corresponding to the form input names.
#[post("/login", data = "<form>")]: This route declaration specifies the endpoint (/login), the HTTP method (POST), and declares form as a parameter. The <form> notation informs Rocket to extract the form data.
Form<LoginForm>: The form parameter is a Form instance, which carries the deserialized data. You access the individual fields (like username and password) using the .username and .password properties, respectively.

Key Insights

Form Validation: While this example focuses on data retrieval, real-world applications require thorough validation. Rocket offers form validation features, and you can use libraries like validator to enforce rules like email formatting or length constraints.
Security: Always sanitize user input to prevent vulnerabilities like cross-site scripting (XSS) and SQL injection.
Further Actions: After retrieving and validating the form data, you'd typically perform actions like:
- Authentication: Check if the user credentials are valid against a database or other authentication systems.
- Data Processing: Save user data to a database or perform other data operations.
- Redirection: Redirect the user to a success page or an error page depending on the outcome.

Conclusion

By utilizing Rocket's form handling mechanisms, you can seamlessly collect data from HTML forms and integrate it into your Rust web applications. Remember to prioritize security and validation to build robust and secure applications.

Resources

Rocket documentation: https://rocket.rs/
Validator library: https://crates.io/crates/validator