This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from typing import Optional | |
import base64 | |
from passlib.context import CryptContext | |
from datetime import datetime, timedelta | |
import jwt | |
from jwt import PyJWTError | |
from pydantic import BaseModel |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from typing import Optional | |
import base64 | |
from passlib.context import CryptContext | |
from datetime import datetime, timedelta | |
import jwt | |
from jwt import PyJWTError | |
from pydantic import BaseModel |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class BasicAuth(SecurityBase): | |
def __init__(self, scheme_name: str = None, auto_error: bool = True): | |
self.scheme_name = scheme_name or self.__class__.__name__ | |
self.auto_error = auto_error | |
async def __call__(self, request: Request) -> Optional[str]: | |
authorization: str = request.headers.get("Authorization") | |
scheme, param = get_authorization_scheme_param(authorization) | |
if not authorization or scheme.lower() != "basic": | |
if self.auto_error: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@app.get("/login_basic") | |
async def login_basic(auth: BasicAuth = Depends(basic_auth)): | |
if not auth: | |
response = Response(headers={"WWW-Authenticate": "Basic"}, status_code=401) | |
return response | |
try: | |
decoded = base64.b64decode(auth).decode("ascii") | |
username, _, password = decoded.partition(":") | |
user = authenticate_user(fake_users_db, username, password) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@app.get("/logout") | |
async def route_logout_and_remove_cookie(): | |
response = RedirectResponse(url="/") | |
response.delete_cookie("Authorization", domain="localtest.me") | |
return response |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
app = FastAPI(docs_url=None, redoc_url=None, openapi_url=None) | |
@app.get("/") | |
async def homepage(): | |
return "Welcome to the security test!" | |
@app.get("/openapi.json") | |
async def get_open_api_endpoint(current_user: User = Depends(get_current_active_user)): | |
return JSONResponse(get_openapi(title="FastAPI", version=1, routes=app.routes)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from fastapi import Security, Depends, FastAPI, HTTPException | |
from fastapi.security.api_key import APIKeyQuery, APIKeyCookie, APIKeyHeader, APIKey | |
from fastapi.openapi.docs import get_swagger_ui_html | |
from fastapi.openapi.utils import get_openapi | |
from starlette.status import HTTP_403_FORBIDDEN | |
from starlette.responses import RedirectResponse, JSONResponse | |
API_KEY = "1234567asdfgh" | |
API_KEY_NAME = "access_token" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from fastapi import Security, Depends, FastAPI, HTTPException | |
from fastapi.security.api_key import APIKeyQuery, APIKeyCookie, APIKeyHeader, APIKey | |
from fastapi.openapi.docs import get_swagger_ui_html | |
from fastapi.openapi.utils import get_openapi | |
from starlette.status import HTTP_403_FORBIDDEN | |
from starlette.responses import RedirectResponse, JSONResponse |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
API_KEY = "1234567asdfgh" | |
API_KEY_NAME = "access_token" | |
COOKIE_DOMAIN = "localtest.me" | |
api_key_query = APIKeyQuery(name=API_KEY_NAME, auto_error=False) | |
api_key_header = APIKeyHeader(name=API_KEY_NAME, auto_error=False) | |
api_key_cookie = APIKeyCookie(name=API_KEY_NAME, auto_error=False) | |
app = FastAPI(docs_url=None, redoc_url=None, openapi_url=None) |
OlderNewer