FastAPI中的安全路由

huangapple
go评论84阅读模式
英文:

Secure route in FastAPI

问题

  1. from fastapi import FastAPI, HTTPException, Depends
  2. from fastapi.security import OAuth2PasswordBearer
  3. import jwt
  4. from passlib.context import CryptContext
  5. from datetime import timedelta
  7. app = FastAPI()
  9. SECRET_KEY = "very-secret1234567890"
  10. ALGORITHM = "HS256"
  11. ACCESS_TOKEN_EXPIRE_MINUTES = 15
  13. oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
  15. pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
  17. class TokenData:
  18.     def __init__(self, username: str):
  19.         self.username = username
  21. def create_access_token(data: dict):
  22.     to_encode = data.copy()
  23.     expire = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
  24.     to_encode.update({"exp": expire})
  25.     encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
  26.     return encoded_jwt
  28. @app.post("/token")
  29. async def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends()):
  30.     # Authenticate user here
  31.     # ...
  32.     # If authentication is successful, create and return access token
  33.     access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
  34.     access_token = create_access_token(
  35.         data={"sub": form_data.username}, expires_delta=access_token_expires
  36.     )
  37.     return {"access_token": access_token, "token_type": "bearer"}
英文:

<br>
I have a Flask-based backend REST API and I want to migrate to FastAPI. However, I am not sure how to implement secure routes and create access tokens in FastAPI.<br>
In Flask, we have methods from the flask_jwt_extended library such as:
<li>@jwt_required() decorator for secure routes
<li>create_access_token() function for creating JWT tokens.<br><br>
Does FastAPI have a similar feature or capability, or how can I implement this in FastAPI?<br>
Thank you in advance.<br>
Here is an example implementation of secure route and create access token in Flask:<br><br>

  1. import hashlib
  2. import traceback
  3. from datetime import timedelta
  4. from http import HTTPStatus
  5. from flask import Flask, jsonify, request
  6. from flask_jwt_extended import JWTManager, jwt_required, get_jwt_identity, create_access_token
  8. app = Flask(__name__)
  9. jwt = JWTManager(app)
  10. app.config[&quot;JWT_SECRET_KEY&quot;] = &quot;very-secret1234567890&quot;
  11. app.config[&quot;JWT_ACCESS_TOKEN_EXPIRES&quot;] = timedelta(minutes=15)
  12. app.config[&quot;JWT_REFRESH_TOKEN_EXPIRES&quot;] = timedelta(days=30)
  13. host = &quot;localhost&quot;
  14. port = 5000
  15. test_password = &quot;test_password&quot;
  16. db = [
  17.     {
  18.         &quot;username&quot;: &quot;test_user&quot;,
  19.         &quot;email&quot;: &quot;test_email.gmail.com&quot;,
  20.         &quot;password&quot;: hashlib.sha256(test_password.encode()).hexdigest()
  21.     }
  22. ]
  25. @app.route(&#39;/login&#39;, methods=[&#39;POST&#39;])
  26. def login():
  27.     try:
  28.         json_data = request.get_json()
  29.         email = json_data.get(&quot;email&quot;)
  30.         password = json_data.get(&quot;password&quot;)
  31.         if not email or not password:
  32.             response = jsonify(error=&quot;&#39;email&#39; and &#39;password&#39; are required&quot;)
  33.             return response, HTTPStatus.BAD_REQUEST
  34.         # Check if email exists in DB
  35.         user_result = [user for user in db if user[&quot;email&quot;].lower() == email.lower()]
  36.         # Check if the password is correct
  37.         encoded_password = hashlib.sha256(password.encode()).hexdigest()
  38.         if not user_result or user_result[0][&quot;password&quot;] != encoded_password:
  39.             response = jsonify(error=&quot;Wrong credentials&quot;)
  40.             return response, HTTPStatus.BAD_REQUEST
  41.         user = user_result[0]
  42.         # Generate JWT token and return it
  43.         access_token = create_access_token(identity=user[&quot;username&quot;])
  44.         response = jsonify(username=user[&quot;username&quot;], token=access_token)
  45.         return response, HTTPStatus.OK
  46.     except Exception as e:
  47.         print(f&quot;Error: {e}&quot;)
  48.         print(traceback.format_exc())
  49.         response = jsonify(result={&quot;error&quot;: &quot;Server error&quot;})
  50.         return response, HTTPStatus.INTERNAL_SERVER_ERROR
  53. @app.route(&#39;/secured_page&#39;, methods=[&#39;GET&#39;])
  54. @jwt_required()
  55. def __create_participant():
  56.     try:
  57.         response = jsonify(message=&quot;You are logged in as {}&quot;.format(get_jwt_identity()))
  58.         return response, HTTPStatus.OK
  59.     except Exception as e:
  60.         print(f&quot;Error: {e}&quot;)
  61.         print(traceback.format_exc())
  62.         response = jsonify(result={&quot;error&quot;: &quot;Server error&quot;})
  63.         return response, HTTPStatus.INTERNAL_SERVER_ERROR
  66. if __name__ == &#39;__main__&#39;:
  67.     app.run(host=host, port=port, debug=True)

答案1

得分: 1

你可以使用像python-jose这样的库来处理JWT功能,但是你必须自己实现jwt_requiredcreate_access_token,例如

create_access_token

  1. from jose import JWTError, jwt
  2. from datetime import datetime, timedelta
  4. def create_access_token(data: dict):
  5.     to_encode = data.copy()
  6.     expire = datetime.utcnow() + timedelta(minutes=15)
  7.     to_encode.update({"exp": expire})
  8.     encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
  9.     return encoded_jwt

jwt_required(不是一个装饰器,而是创建一个函数,并将其设置为你的路由的依赖项)

  1. from fastapi import Depends, HTTPException, status
  2. from fastapi.security import OAuth2PasswordBearer
  3. from jose import JWTError, jwt
  5. oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
  7. async def jwt_required(token: str = Depends(oauth2_scheme)):
  8.     credentials_exception = HTTPException(
  9.         status_code=status.HTTP_401_UNAUTHORIZED,
  10.         detail="Could not validate credentials",
  11.         headers={"WWW-Authenticate": "Bearer"},
  12.     )
  13.     try:
  14.         payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
  15.         username: str = payload.get("sub")
  16.         if username is None:
  17.             raise credentials_exception
  18.     except JWTError:
  19.         raise credentials_exception
  20.     user = get_user(username=username)
  21.     if user is None:
  22.         raise credentials_exception
  24. @app.get('/secured_page', dependencies=[jwt_required])
  25. def __create_participant():
  26. ...
英文:

You can use libs like python-jose for JWT functionalities, but you have to implement jwt_required and create_access_token by yourself, for example

create_access_token

  1. from jose import JWTError, jwt
  2. from datetime import datetime, timedelta
  4. def create_access_token(data: dict):
  5.     to_encode = data.copy()
  6.     expire = datetime.utcnow() + timedelta(minutes=15)
  7.     to_encode.update({&quot;exp&quot;: expire})
  8.     encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
  9.     return encoded_jwt

jwt_required (instead of a decorator, you create a function and set it as a dependency of your route)

  1. from fastapi import Depends, HTTPException, status
  2. from fastapi.security import OAuth2PasswordBearer
  3. from jose import JWTError, jwt
  5. oauth2_scheme = OAuth2PasswordBearer(tokenUrl=&quot;token&quot;)
  7. async def jwt_required(token: str = Depends(oauth2_scheme)):
  8.     credentials_exception = HTTPException(
  9.         status_code=status.HTTP_401_UNAUTHORIZED,
  10.         detail=&quot;Could not validate credentials&quot;,
  11.         headers={&quot;WWW-Authenticate&quot;: &quot;Bearer&quot;},
  12.     )
  13.     try:
  14.         payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
  15.         username: str = payload.get(&quot;sub&quot;)
  16.         if username is None:
  17.             raise credentials_exception
  18.     except JWTError:
  19.         raise credentials_exception
  20.     user = get_user(username=username)
  21.     if user is None:
  22.         raise credentials_exception
  24. @app.get(&#39;/secured_page&#39;, dependencies=[jwt_required])
  25. def __create_participant():
  26. ...

huangapple
  • 本文由 发表于 2023年4月20日 00:35:19
  • 转载请务必保留本文链接:https://go.coder-hub.com/76056906.html
  • fastapi
  • flask
  • python
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定