-
FastAPI 学习之路(二十八)使用密码和 Bearer 的简单 OAuth2
OAuth2 规定在使用(我们打算用的)「password 流程」时,客户端/用户必须将 username 和 password 字段作为表单数据发送。我们看下在我们应该去如何实现呢。
我们写一个登录接口,默认返回token和token_type
- from fastapi import FastAPI, Depends, status, HTTPException
- from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
- from pydantic import BaseModel
- from typing import Optional
- oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
- fake_db_users ={
- "mrli": {
- "username": "mrli",
- "full_name": "mrli_hanjing",
- "email": "mrli@qq.com",
- "hashed_password": "mrli",
- "disabled": False
- }
- }
- app = FastAPI()
- def fake_hash_password(password: str):
- """模拟将密码加密"""
- return password
- class User(BaseModel):
- username: str
- email: Optional[str] = None
- full_name: Optional[str] = None
- disabled: Optional[bool] = None
- class UserInDB(User):
- hashed_password: str
- def get_user(db_users, username: str):
- if username in db_users:
- user_dict = db_users[username]
- return UserInDB(**user_dict)
- def fake_decode_token(token):
- """我们模拟返回的token值就是username,所以下面可以直接传token"""
- user = get_user(fake_db_users, token)
- return user
- def get_current_user(token: str = Depends(oauth2_scheme)):
- user = fake_decode_token(token)
- if not user:
- raise HTTPException(
- status_code=status.HTTP_401_UNAUTHORIZED,
- detail="Invalid authentication",
- headers={"WWW-Autehticated": "Bearer"}
- )
- return user
- @app.post("/login")
- def login(form_data: OAuth2PasswordRequestForm = Depends()):
- """
- 校验密码
- 目前我们已经从数据库中获取了用户数据,但尚未校验密码。
- 让我们首先将这些数据放入 Pydantic UserInDB 模型中。
- 永远不要保存明文密码,因此,我们将使用(伪)哈希密码系统。
- 如果密码不匹配,我们将返回同一个错误。
- """
- user_dict = fake_db_users.get(form_data.username)
- if not user_dict:
- raise HTTPException(status_code=400, detail="Invalid username or password")
- user = UserInDB(**user_dict)
- hashed_password = fake_hash_password(form_data.password)
- if hashed_password != user.hashed_password:
- raise HTTPException(status_code=400, detail="Invalid username or password")
- return {"access_token": user.username, "token_type": "bearer"}
- @app.get("/users/me")
- def read_users_me(current_user: User = Depends(get_current_user)):
- return current_user
- if __name__ == '__main__':
- import uvicorn
- uvicorn.run("main:app", reload=True, debug=True)
我们测试下登录接口
接下来再测试下带认证的/users/me接口 (我们发现不能通过)
接下来我们带上认证(校验通过,返回了我们想要的数据)
在我们的代码中,有这样一句:
UserInDB(**user_dict)
作用是直接将user_dict的键和值作为关键字参数传递,也就是python的解包,等同于:
UserInDB( username = user_dict["username"], email = user_dict["email"], full_name = user_dict["full_name"], disabled = user_dict["disabled"], hashed_password = user_dict["hashed_password"], )假如我们把user的状态disabled改为True
fake_db_users ={ "mrli": { "username": "mrli", "full_name": "mrli_hanjing", "email": "mrli@qq.com", "hashed_password": "mrli", "disabled": False } }我们不想让disabled为True的用户获取信息,那么我们如何实现呢?
- from fastapi import FastAPI, Depends, status, HTTPException
- from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
- from pydantic import BaseModel
- from typing import Optional
- oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
- fake_db_users ={
- "mrli": {
- "username": "mrli",
- "full_name": "mrli_hanjing",
- "email": "mrli@qq.com",
- "hashed_password": "mrli",
- "disabled": True
- }
- }
- app = FastAPI()
- def fake_hash_password(password: str):
- """模拟将密码加密"""
- return password
- class User(BaseModel):
- username: str
- email: Optional[str] = None
- full_name: Optional[str] = None
- disabled: Optional[bool] = None
- class UserInDB(User):
- hashed_password: str
- def get_user(db_users, username: str):
- if username in db_users:
- user_dict = db_users[username]
- return UserInDB(**user_dict)
- def fake_decode_token(token):
- """我们模拟返回的token值就是username,所以下面可以直接传token"""
- user = get_user(fake_db_users, token)
- return user
- def get_current_user(token: str = Depends(oauth2_scheme)):
- user = fake_decode_token(token)
- if not user:
- raise HTTPException(
- status_code=status.HTTP_401_UNAUTHORIZED,
- detail="Invalid authentication",
- headers={"WWW-Autehticated": "Bearer"}
- )
- return user
- def get_current_active_user(current_user: User = Depends(get_current_user)):
- if current_user.disabled:
- raise HTTPException(status_code=400, detail="Inactive user")
- return current_user
- @app.post("/login")
- def login(form_data: OAuth2PasswordRequestForm = Depends()):
- """
- 校验密码
- 目前我们已经从数据库中获取了用户数据,但尚未校验密码。
- 让我们首先将这些数据放入 Pydantic UserInDB 模型中。
- 永远不要保存明文密码,因此,我们将使用(伪)哈希密码系统。
- 如果密码不匹配,我们将返回同一个错误。
- """
- user_dict = fake_db_users.get(form_data.username)
- if not user_dict:
- raise HTTPException(status_code=400, detail="Invalid username or password")
- user = UserInDB(**user_dict)
- hashed_password = fake_hash_password(form_data.password)
- if hashed_password != user.hashed_password:
- raise HTTPException(status_code=400, detail="Invalid username or password")
- return {"access_token": user.username, "token_type": "bearer"}
- @app.get("/users/me")
- def read_users_me(current_user: User = Depends(get_current_active_user)):
- return current_user
- if __name__ == '__main__':
- import uvicorn
- uvicorn.run("main:app", reload=True, debug=True)
其实很简单,我们就是在获取用户信息依赖的基础上增加了另一个是否是active的判断的依赖。
def get_current_active_user(current_user: User = Depends(get_current_user)): if current_user.disabled: raise HTTPException(status_code=400, detail="Inactive user") return current_user @app.get("/users/me") def read_users_me(current_user: User = Depends(get_current_active_user)): return current_user -
相关阅读:
服务容错之限流之 Tomcat 限流 & Tomcat 线程池的拒绝策略
【Python(一)】环境搭建之Anaconda安装
Elsevier出版社 | 优质好刊合集
Docker Jenkins(改错版本)
【Unity3D】Unity 游戏画面帧更新 ( 游戏物体 GameObject 移动 | 借助 Time.deltaTime 进行匀速运动 )
Go与数据库:NoSQL数据库的应用
微软Power Platform平台低代码
代码随想录算法训练营Day 55 || 583. 两个字符串的删除操作、72. 编辑距离
Linux学习系列:在CentOS 7上切换WiFi节点
ReentrantLock、ReentrantReadWriteLock、StampedLock
- 原文地址:https://blog.csdn.net/myli_binbin/article/details/126614376
