This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@app.get("/") | |
async def homepage(): | |
return "Welcome to the security test!" | |
@app.get("/openapi.json", tags=["documentation"]) | |
async def get_open_api_endpoint(api_key: APIKey = Depends(get_api_key)): | |
response = JSONResponse( | |
get_openapi(title="FastAPI security test", version=1, routes=app.routes) | |
) | |
return response |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
async def get_api_key( | |
api_key_query: str = Security(api_key_query), | |
api_key_header: str = Security(api_key_header), | |
api_key_cookie: str = Security(api_key_cookie), | |
): | |
if api_key_query == API_KEY: | |
return api_key_query | |
elif api_key_header == API_KEY: | |
return api_key_header |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
API_KEY = "1234567asdfgh" | |
API_KEY_NAME = "access_token" | |
COOKIE_DOMAIN = "localtest.me" | |
api_key_query = APIKeyQuery(name=API_KEY_NAME, auto_error=False) | |
api_key_header = APIKeyHeader(name=API_KEY_NAME, auto_error=False) | |
api_key_cookie = APIKeyCookie(name=API_KEY_NAME, auto_error=False) | |
app = FastAPI(docs_url=None, redoc_url=None, openapi_url=None) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from fastapi import Security, Depends, FastAPI, HTTPException | |
from fastapi.security.api_key import APIKeyQuery, APIKeyCookie, APIKeyHeader, APIKey | |
from fastapi.openapi.docs import get_swagger_ui_html | |
from fastapi.openapi.utils import get_openapi | |
from starlette.status import HTTP_403_FORBIDDEN | |
from starlette.responses import RedirectResponse, JSONResponse |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from fastapi import Security, Depends, FastAPI, HTTPException | |
from fastapi.security.api_key import APIKeyQuery, APIKeyCookie, APIKeyHeader, APIKey | |
from fastapi.openapi.docs import get_swagger_ui_html | |
from fastapi.openapi.utils import get_openapi | |
from starlette.status import HTTP_403_FORBIDDEN | |
from starlette.responses import RedirectResponse, JSONResponse | |
API_KEY = "1234567asdfgh" | |
API_KEY_NAME = "access_token" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
app = FastAPI(docs_url=None, redoc_url=None, openapi_url=None) | |
@app.get("/") | |
async def homepage(): | |
return "Welcome to the security test!" | |
@app.get("/openapi.json") | |
async def get_open_api_endpoint(current_user: User = Depends(get_current_active_user)): | |
return JSONResponse(get_openapi(title="FastAPI", version=1, routes=app.routes)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@app.get("/logout") | |
async def route_logout_and_remove_cookie(): | |
response = RedirectResponse(url="/") | |
response.delete_cookie("Authorization", domain="localtest.me") | |
return response |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@app.get("/login_basic") | |
async def login_basic(auth: BasicAuth = Depends(basic_auth)): | |
if not auth: | |
response = Response(headers={"WWW-Authenticate": "Basic"}, status_code=401) | |
return response | |
try: | |
decoded = base64.b64decode(auth).decode("ascii") | |
username, _, password = decoded.partition(":") | |
user = authenticate_user(fake_users_db, username, password) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class BasicAuth(SecurityBase): | |
def __init__(self, scheme_name: str = None, auto_error: bool = True): | |
self.scheme_name = scheme_name or self.__class__.__name__ | |
self.auto_error = auto_error | |
async def __call__(self, request: Request) -> Optional[str]: | |
authorization: str = request.headers.get("Authorization") | |
scheme, param = get_authorization_scheme_param(authorization) | |
if not authorization or scheme.lower() != "basic": | |
if self.auto_error: |