Fra*_*nho 6 python authentication fastapi
我有一个与 Web 应用程序通信的 FastAPI 服务器。我的网络应用程序也有两种类型的用户:用户(非管理员)和管理员。我向 FastAPI 添加了全局依赖项来验证用户。我希望验证依赖项默认只允许管理员访问端点,并有一些装饰器(或类似的东西)来允许非管理员访问某些路由。这样,就不会有人意外地创建一条只供管理员使用的公共路由。
def verify_token(request: Request):
# make sure the user's auth token is valid
# retrieve the user's details from the database
# make sure user is Admin, otherwise throw HTTP exception
return True
app = FastAPI(
title="My App",
dependencies=[Depends(verify_token)]
)
@app.get(/admins_only)
def admins_only():
# this works well!
return {'result': 2}
@app.get(/non_admin_route)
def non_admin_route():
# this doesn't work because verify_token
# only allows admins by default, but it should
# be accessible to non admins
return {'result': 1}
您不能有条件全局依赖项。您要么将它们安装在应用程序的所有端点上,要么不安装在任何端点上。我的建议是将端点分成两个路由器,并且仅将路由添加到各自的路由器。然后,您可以仅向其中一个路由器添加全局依赖项,如下所示:
from fastapi import APIRouter, FastAPI, Request, Depends
def verify_token(request: Request):
# make sure the user's auth token is valid
# retrieve the user's details from the database
# make sure user is Admin, otherwise throw HTTP exception
return True
app = FastAPI(
title="My App",
)
only_admin_router = APIRouter(
tags=["forAdmins"],
dependencies=[Depends(verify_token)]
)
all_users_router = APIRouter(tags="forEverybody")
@only_admin_router.get("/admins_only")
def admins_only():
# this will only work if verify doesn't raise.
return {'result': 2}
@all_users_router.get("/non_admin_route")
def non_admin_route():
#this will work for all users, verify will not be called.
return {'result': 1}
app.include_router(only_admin_router)
app.include_router(all_users_router)
| 归档时间: |
|
| 查看次数: |
2088 次 |
| 最近记录: |