Tag Archives: Programming

Control Access to a FastAPI App

Leave a reply

Controlling access to a FastAPI app typically involves implementing authentication and authorization mechanisms. Here are some **decent approaches** to achieve this:

## 1. Authentication

– **OAuth2 with Password (and Bearer)**

    – Use FastAPI’s built-in support for OAuth2 for handling user login and issuing JWT tokens.

    – Users authenticate by providing a username and password, and receive a token which they then include in the Authorization header for subsequent API requests.

– **API Key**

    – Require clients to include a secret API key (in headers or query parameters) with each request.

    – Simple but less user-friendly and secure than OAuth2/JWT.

– **Session Authentication**

    – Use cookie-based sessions for traditional web apps.

## 2. Authorization

– **Role-Based Access Control (RBAC)**

    – Assign users roles (like admin, user, guest) and restrict certain endpoints or actions based on the user’s role.

– **Resource-Based Permissions**

    – Check user-specific access for resources (e.g., users can only access their own data).

## 3. Implementation in FastAPI

Example of using OAuth2/JWT bearer authentication:

“`python

from fastapi import FastAPI, Depends, HTTPException, status

from fastapi.security import OAuth2PasswordBearer

from jose import JWTError, jwt

app = FastAPI()

oauth2_scheme = OAuth2PasswordBearer(tokenUrl=”token”)

def verify_token(token: str = Depends(oauth2_scheme)):

    # Add your logic to verify JWT token here

    try:

        payload = jwt.decode(token, “your_secret_key”, algorithms=[“HS256”])

        return payload

    except JWTError:

        raise HTTPException(status_code=401, detail=”Invalid token”)

@app.get(“/protected-route”)

def protected_route(user=Depends(verify_token)):

    return {“message”: “You have access!”}

“`

## 4. Third-Party Libraries

– **fastapi-users**

Provides pluggable user authentication, registration, password management, and more.

– **Authlib**

Flexible library for implementing OAuth and JWT.

## 5. Additional Tips

– Always use HTTPS in production to protect credentials in transit.

– Regularly update dependencies to keep security patches up to date.

– Use environment variables to store secrets (never commit secrets in code).

This approach ensures robust access control suitable for both web and API-based FastAPI apps.

Python, Ruby & Swift

Leave a reply

These are simply programming languages to help us learn “Object Oriented Programming”. While we will be trying to learn each of the languages as best we can, the goal is to learn to Program and user “Object Oriented Programming” as the foundation.

Data Structures

Struct

Class

  • Class Inheritence

Struct vs Class

  1. Class requires initializer to be written and Struct does not require
  2. Struct is of “Value Type”, Class is “Reference Type”

Method

  1. Instance Method

Initializer

Default / Memberwise

Functions

Optionals (need to go over) / Unwrapping Optionals / Optionals Chaining

– manzoor

Related Posts (internal)

Learn to “Program”

1 Reply

We will use “python”, “ruby” and “swift” as our “programming languages” to “Learn to Program”. Before we begin we will need to check if we have “python” / “ruby” / “swift” already installed on our system. We can do this by typing:

python

or

ruby

If they are NOT, we will need to install. If they are, we will need / want to check the version of “python”.

Once the version is verified, you will want to write your very first python / ruby script. Keeping with tradition, the very first program should be”

  1. Hello World

– manzoor

Related Links:

Internal:

External:

Web Programming in Python Links