• FastAPI 安全 (Security)


    OAuth2

      OAuth2是一个规范,它定义了几种处理身份验证和授权的方式。它是一个相当广泛的规范,涵盖了几个复杂的用例。

    它包括使用“第三方”进行身份验证的方法。

    这就是所有带有“使用Facebook,Google,Twitter,GitHub登录”的系统的基础。

      OAuth1,它与OAuth2完全不同,并且更为复杂,因为它直接包含有关如何加密通信的规范。

    如今它不是很流行或使用过, OAuth2没有指定如何加密通信,它希望您使用HTTPS为您的应用程序提供服务。

    # OAuth2PasswordBearer
    
    from fastapi import Depends, FastAPI
    from fastapi.security import OAuth2PasswordBearer
    
    app = FastAPI()
    
    oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
    
    
    @app.get("/items/")
    async def read_items(token: str = Depends(oauth2_scheme)):
        return {"token": token}

     

    from typing import Optional
    
    from fastapi import Depends, FastAPI, HTTPException, status
    from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
    from pydantic import BaseModel
    
    fake_users_db = {
        "johndoe": {
            "username": "johndoe",
            "full_name": "John Doe",
            "email": "johndoe@example.com",
            "hashed_password": "fakehashedsecret",
            "disabled": False,
        },
        "alice": {
            "username": "alice",
            "full_name": "Alice Wonderson",
            "email": "alice@example.com",
            "hashed_password": "fakehashedsecret2",
            "disabled": True,
        },
    }
    
    app = FastAPI()
    
    
    def fake_hash_password(password: str):
        return "fakehashed" + password
    
    
    oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
    print(oauth2_scheme)
    
    
    class User(BaseModel):
        username: str
        email: Optional[str] = None
        full_name: Optional[str] = None
        disabled: Optional[bool] = None
    
    
    class UserInDB(User):
        hashed_password: str
    
    
    async def get_current_user(token: str = Depends(oauth2_scheme)):
        print(token)
        user_dict = fake_users_db[token]
        user = UserInDB(**user_dict)
        if not user:
            raise HTTPException(
                status_code=status.HTTP_401_UNAUTHORIZED,
                detail="Invalid authentication credentials",
                headers={"WWW-Authenticate": "Bearer"},
            )
        return user
    
    
    async def get_current_active_user(current_user: User = Depends(get_current_user)):
        if current_user.disabled:
            raise HTTPException(status_code=400, detail="Inactive user")
        return current_user
    
    
    @app.post("/token")
    async def login(form_data: OAuth2PasswordRequestForm = Depends()):
        user_dict = fake_users_db.get(form_data.username)
        if not user_dict:
            raise HTTPException(status_code=400, detail="Incorrect username or password")
        user = UserInDB(**user_dict)
        hashed_password = fake_hash_password(form_data.password)
        if not hashed_password == user.hashed_password:
            raise HTTPException(status_code=400, detail="Incorrect username or password")
    
        return {"access_token": user.username, "token_type": "bearer"}
    
    
    @app.get("/users/me")
    async def read_users_me(current_user: User = Depends(get_current_active_user)):
        return current_user

    https://fastapi.tiangolo.com/tutorial/security/

  • 相关阅读:
    Swizzle在OC问题排查中的应用
    MacOS中系统提供的音频单元
    Mac catalyst 使用iOS-AudioUnit的音频采集、播放
    删除单向链表中的某一个节点
    C语言的的free和c++的delete的区别
    Mac下使用源码编译安装TensorFlow CPU版本
    ROC曲线与AUC值
    Linux中如何产生core文件?
    更改Linux默认栈空间的大小
    互信息(Mutual Information)
  • 原文地址:https://www.cnblogs.com/Mint-diary/p/14445609.html
Copyright © 2020-2023  润新知