Category Archives: Technology

Control Access to a FastAPI App

Leave a reply

Controlling access to a FastAPI app typically involves implementing authentication and authorization mechanisms. Here are some **decent approaches** to achieve this:

## 1. Authentication

– **OAuth2 with Password (and Bearer)**

    – Use FastAPI’s built-in support for OAuth2 for handling user login and issuing JWT tokens.

    – Users authenticate by providing a username and password, and receive a token which they then include in the Authorization header for subsequent API requests.

– **API Key**

    – Require clients to include a secret API key (in headers or query parameters) with each request.

    – Simple but less user-friendly and secure than OAuth2/JWT.

– **Session Authentication**

    – Use cookie-based sessions for traditional web apps.

## 2. Authorization

– **Role-Based Access Control (RBAC)**

    – Assign users roles (like admin, user, guest) and restrict certain endpoints or actions based on the user’s role.

– **Resource-Based Permissions**

    – Check user-specific access for resources (e.g., users can only access their own data).

## 3. Implementation in FastAPI

Example of using OAuth2/JWT bearer authentication:

“`python

from fastapi import FastAPI, Depends, HTTPException, status

from fastapi.security import OAuth2PasswordBearer

from jose import JWTError, jwt

app = FastAPI()

oauth2_scheme = OAuth2PasswordBearer(tokenUrl=”token”)

def verify_token(token: str = Depends(oauth2_scheme)):

    # Add your logic to verify JWT token here

    try:

        payload = jwt.decode(token, “your_secret_key”, algorithms=[“HS256”])

        return payload

    except JWTError:

        raise HTTPException(status_code=401, detail=”Invalid token”)

@app.get(“/protected-route”)

def protected_route(user=Depends(verify_token)):

    return {“message”: “You have access!”}

“`

## 4. Third-Party Libraries

– **fastapi-users**

Provides pluggable user authentication, registration, password management, and more.

– **Authlib**

Flexible library for implementing OAuth and JWT.

## 5. Additional Tips

– Always use HTTPS in production to protect credentials in transit.

– Regularly update dependencies to keep security patches up to date.

– Use environment variables to store secrets (never commit secrets in code).

This approach ensures robust access control suitable for both web and API-based FastAPI apps.

Deploy FastAPI App onto AWS

Leave a reply

Here’s a comprehensive guide for deploying a FastAPI application with Docker on AWS:This comprehensive guide covers multiple deployment strategies for FastAPI applications on AWS. Here are the key approaches:

For “production” applications:

  • ECS with Fargate for scalable, managed container orchestration
  • Application Load Balancer for high availability and SSL termination
  • ECR for private container registry
  • CloudWatch for monitoring and logging

For simple/low-traffic applications:

  • Lambda with Mangum for serverless deployment (cost-effective for sporadic traffic)
  • EC2 with Docker Compose for full control

Key considerations:

  • Use multi-stage builds to minimize image size
  • Implement proper health checks
  • Set up auto-scaling policies
  • Use infrastructure as code (Terraform/CloudFormation)
  • Implement CI/CD pipelines for automated deployments

– manzoor

Computing Power YT

SQLAlchemy

Leave a reply

SQLAlchemy is an ORM that allows interacting with DB using Python objects instead of writing raw SQL queries. Which in turn allows for developing Python solutions more in it’s own without having to jump out into SQL.

In addition, SQLAlchemy supports SQLite, PostgreSQL, MySQL and many many other DBs. Which takes yet another layer of abstraction for the development.

– manzoor

SMS vs RCS

Leave a reply

RCS (Rich Communication Services) is essentially the modern evolution of SMS, designed to bring messaging into the smartphone era. Here are the key differences:

SMS limitations:

  • 160 character limit per message
  • Text-only (or basic MMS for media)
  • No read receipts, typing indicators, or delivery confirmations
  • No encryption
  • Works over cellular networks only

RCS advantages:

  • Much longer message limits (up to 8000 characters)
  • Rich media support (high-res photos, videos, audio messages)
  • Read receipts and typing indicators
  • Group messaging features
  • Works over Wi-Fi or cellular data
  • End-to-end encryption (when both parties support it)
  • Interactive features like quick replies and suggested actions

Current state: RCS adoption has been somewhat fragmented. Google has been the biggest pusher, integrating it into Android Messages. Apple finally announced RCS support for iPhones starting with iOS 18, though they’re implementing it selectively. Carriers have had varying levels of support.

The main challenge has been the network effect – RCS features only work when both sender and receiver support it, otherwise it falls back to SMS.

– manzoor

Agentic AI

Leave a reply

Agentic AI often involves multiple LLM calls, but the defining characteristic isn’t really the number of calls or their automation – it’s about agency and goal-directed behavior. An agentic AI system can pursue objectives, make decisions, and take actions to achieve those goals, rather than just responding to single prompts.

Here are the core elements that make AI “agentic”:

Autonomy: The system can operate independently, making its own decisions about what actions to take next based on its current situation and goals.

Goal-oriented behavior: It works toward specific objectives, potentially breaking down complex tasks into smaller steps.

Environmental interaction: It can perceive its environment (whether that’s web searches, file systems, APIs, etc.) and take actions that change that environment.

Planning and reasoning: It can think through sequences of actions and adapt its approach based on feedback.

The multiple LLM calls are often a technique used in agentic systems – where the AI might call itself recursively to plan, execute, reflect, and re-plan. But you could also have agentic behavior in a single conversation where an AI is making strategic decisions about how to approach a complex problem.

Think of it like the difference between a calculator (reactive – you input, it outputs) versus a research assistant (agentic – given a goal, it figures out what information to gather, where to look, how to synthesize findings, etc.).

<generated by claude.ai>

– manzoor

From Queries to Conversations: The Art of Training the Thread

Leave a reply

Recently, literally last night, I was discussing LLMs with a couple of my friends and it became very obvious that we each had vastly different ideas / expectations of what they are.

They are not search engines, that was the one thing we all agreed. But past that we all had different ideas / definitions. And I am not even sure we all had a definition – I know now that I didn’t and I still don’t. So, this morning I did what I have been doing lately when I have a question that bothers me – I put it to a couple of my LLMs of choice Claude and chatGPT. The responses I got from them:

LLMs aren’t oracles or search engines, but rather language pattern prediction systems that can be remarkably helpful while still requiring human oversight.

ChatGPT – strong all-rounder, especially great at explanation, tone control, and multi-step reasoning.

Claude – excels at long-context thinking and “softer,” more reflective responses—Anthropic definitely trained it with a more careful tone.

Perplexity – the search-hybrid beast. Super fast, source-backed, very handy for staying close to the real-time web.

interesting, at least I thought it was. And while I am still searching for the definition I like where this is leading me.

Both claude and chatGPT actually asked what I thought of LLMs and how defined tham. And I responded to both and they both responded to my response. And it was over the interactive conversation that I thnk I got a better sense of what I was trying to ask and get to.

Even though they both suggested that I write something I intentionally did not ask them to write something for me, but chatGPT did suggest the title. Another interesting observation.

– manzoor

P.S. the title of this post was actually suggested by one of the LLMs (chatGPT) and they both suggested / implied that maybe I was going to write something.