zoukankan      html  css  js  c++  java

  • FastAPI 安全 (Security)

    OAuth2

      OAuth2是一个规范,它定义了几种处理身份验证和授权的方式。它是一个相当广泛的规范,涵盖了几个复杂的用例。

    它包括使用“第三方”进行身份验证的方法。

    这就是所有带有“使用Facebook,Google,Twitter,GitHub登录”的系统的基础。

      OAuth1,它与OAuth2完全不同,并且更为复杂,因为它直接包含有关如何加密通信的规范。

    如今它不是很流行或使用过, OAuth2没有指定如何加密通信,它希望您使用HTTPS为您的应用程序提供服务。

    # OAuth2PasswordBearer

from fastapi import Depends, FastAPI
from fastapi.security import OAuth2PasswordBearer

app = FastAPI()

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")


@app.get("/items/")
async def read_items(token: str = Depends(oauth2_scheme)):
    return {"token": token}

     

    from typing import Optional

from fastapi import Depends, FastAPI, HTTPException, status
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from pydantic import BaseModel

fake_users_db = {
    "johndoe": {
        "username": "johndoe",
        "full_name": "John Doe",
        "email": "johndoe@example.com",
        "hashed_password": "fakehashedsecret",
        "disabled": False,
    },
    "alice": {
        "username": "alice",
        "full_name": "Alice Wonderson",
        "email": "alice@example.com",
        "hashed_password": "fakehashedsecret2",
        "disabled": True,
    },
}

app = FastAPI()


def fake_hash_password(password: str):
    return "fakehashed" + password


oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
print(oauth2_scheme)


class User(BaseModel):
    username: str
    email: Optional[str] = None
    full_name: Optional[str] = None
    disabled: Optional[bool] = None


class UserInDB(User):
    hashed_password: str


async def get_current_user(token: str = Depends(oauth2_scheme)):
    print(token)
    user_dict = fake_users_db[token]
    user = UserInDB(**user_dict)
    if not user:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid authentication credentials",
            headers={"WWW-Authenticate": "Bearer"},
        )
    return user


async def get_current_active_user(current_user: User = Depends(get_current_user)):
    if current_user.disabled:
        raise HTTPException(status_code=400, detail="Inactive user")
    return current_user


@app.post("/token")
async def login(form_data: OAuth2PasswordRequestForm = Depends()):
    user_dict = fake_users_db.get(form_data.username)
    if not user_dict:
        raise HTTPException(status_code=400, detail="Incorrect username or password")
    user = UserInDB(**user_dict)
    hashed_password = fake_hash_password(form_data.password)
    if not hashed_password == user.hashed_password:
        raise HTTPException(status_code=400, detail="Incorrect username or password")

    return {"access_token": user.username, "token_type": "bearer"}


@app.get("/users/me")
async def read_users_me(current_user: User = Depends(get_current_active_user)):
    return current_user

    https://fastapi.tiangolo.com/tutorial/security/
  • 相关阅读:
    网站、数据库的衍变之路(三)
    脚本嵌入式抓取引擎
    db4objects 7.4应用笔记
    网站、数据库的衍变之路(二)
    IIS连接数实验——Web开发必读
    攻破WebService,WCF的改进
    C#使用BerkeleyDB操作简介
    面试两个星期来的一点体会
    Lucene.Net 2.3.1开发介绍 —— 四、搜索(三)
    轻量级爬虫+全文检索解决方案项目——NukeLite(20081114 更新r24版 引入新线程机制)
  • 原文地址:https://www.cnblogs.com/Mint-diary/p/14445609.html
Copyright © 2011-2022 走看看