Home > Article > Backend Development > How to implement user authentication and authorization in FastAPI
How to implement user authentication and authorization in FastAPI
FastAPI is a high-performance web framework based on Python that provides many powerful features such as asynchronous support, automatic document generation and type hints. In modern web applications, user authentication and authorization are very important functions that can protect the security of the application. In this article, we will explore how to implement user authentication and authorization in FastAPI.
Before we begin, we must first install the required libraries. In FastAPI, the PyJWT library is typically used to handle JSON Web Tokens, and the Passlib library is used for password hashing and verification. We can install these libraries using the following command:
pip install fastapi pyjwt passlib
Before we start implementing authentication and authorization, we need to define a user model. User models usually contain fields such as username and password. The following is the definition of a sample user model:
from pydantic import BaseModel class User(BaseModel): username: str password: str
Next, we need to implement the user registration and login interface. In the registration interface, we will obtain the username and password, hash the password and save it to the database. In the login interface we will verify that the username and password provided by the user match those in the database. The following is an example implementation:
from fastapi import FastAPI from passlib.hash import bcrypt app = FastAPI() DATABASE = [] @app.post("/register") def register_user(user: User): # Hash password hashed_password = bcrypt.hash(user.password) # Save user to database DATABASE.append({"username": user.username, "password": hashed_password}) return {"message": "User registered successfully"} @app.post("/login") def login_user(user: User): # Find user in database for data in DATABASE: if data["username"] == user.username: # Check password if bcrypt.verify(user.password, data["password"]): return {"message": "User logged in successfully"} return {"message": "Invalid username or password"}
Now that we have implemented the user registration and login interface, next we need to implement the identity Authentication and authorization middleware. This will ensure that users can only access protected routes if a valid token is provided.
The following is an example implementation of authentication and authorization middleware:
from fastapi import FastAPI, Depends, HTTPException, status from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials from passlib.hash import bcrypt from jose import jwt, JWTError app = FastAPI() SECRET_KEY = "your-secret-key" security = HTTPBearer() @app.post("/register") def register_user(user: User): # ... @app.post("/login") def login_user(user: User): # ... def get_current_user(credentials: HTTPAuthorizationCredentials = Depends(security)): try: token = credentials.credentials payload = jwt.decode(token, SECRET_KEY, algorithms=["HS256"]) user = payload.get("username") return user except JWTError: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token", headers={"WWW-Authenticate": "Bearer"}, ) @app.get("/protected") def protected_route(current_user: str = Depends(get_current_user)): return {"message": f"Hello, {current_user}"}
Finally, we need to implement a method to generate tokens. A token is a security credential used for authentication and authorization. After the user successfully logs in, we can use this method to generate a token and return it to the client.
The following is an implementation of a sample method to generate and verify tokens:
from fastapi import FastAPI, Depends, HTTPException, status from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials from passlib.hash import bcrypt from jose import jwt, JWTError, ExpiredSignatureError from datetime import datetime, timedelta app = FastAPI() SECRET_KEY = "your-secret-key" ALGORITHM = "HS256" ACCESS_TOKEN_EXPIRE_MINUTES = 30 security = HTTPBearer() @app.post("/register") def register_user(user: User): # ... @app.post("/login") def login_user(user: User): # ... def get_current_user(credentials: HTTPAuthorizationCredentials = Depends(security)): try: token = credentials.credentials payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM]) user = payload.get("username") return user except JWTError: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token", headers={"WWW-Authenticate": "Bearer"}, ) def create_access_token(username: str): expires = datetime.utcnow() + timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES) payload = {"username": username, "exp": expires} token = jwt.encode(payload, SECRET_KEY, algorithm=ALGORITHM) return token @app.get("/protected") def protected_route(current_user: str = Depends(get_current_user)): return {"message": f"Hello, {current_user}"} @app.post("/token") def get_access_token(user: User): # Check username and password for data in DATABASE: if data["username"] == user.username: if bcrypt.verify(user.password, data["password"]): # Generate access token access_token = create_access_token(user.username) return {"access_token": access_token} raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid username or password", headers={"WWW-Authenticate": "Bearer"}, )
In summary, we have learned how to implement user authentication and authorization in FastAPI. By using the PyJWT library and Passlib library, we are able to securely handle user credentials and protect the security of our application. These sample codes serve as a starting point that you can further customize and extend to suit your needs. Hope this article helps you!
The above is the detailed content of How to implement user authentication and authorization in FastAPI. For more information, please follow other related articles on the PHP Chinese website!