How to implement user authentication and authorization in FastAPI

How to implement user authentication and authorization in FastAPI

FastAPI is a high-performance web framework based on Python that provides many powerful features such as asynchronous support, automatic document generation and type hints. In modern web applications, user authentication and authorization are very important functions that can protect the security of the application. In this article, we will explore how to implement user authentication and authorization in FastAPI.

1. Install the required libraries

Before we begin, we must first install the required libraries. In FastAPI, the PyJWT library is typically used to handle JSON Web Tokens, and the Passlib library is used for password hashing and verification. We can install these libraries using the following command:

pip install fastapi pyjwt passlib

2. Create User Model

Before we start implementing authentication and authorization, we need to define a user model. User models usually contain fields such as username and password. The following is the definition of a sample user model:

from pydantic import BaseModel

class User(BaseModel):
    username: str
    password: str

3. Implementing the user registration and login interface

Next, we need to implement the user registration and login interface. In the registration interface, we will obtain the username and password, hash the password and save it to the database. In the login interface we will verify that the username and password provided by the user match those in the database. The following is an example implementation:

from fastapi import FastAPI
from passlib.hash import bcrypt

app = FastAPI()

DATABASE = []

@app.post("/register")
def register_user(user: User):
    # Hash password
    hashed_password = bcrypt.hash(user.password)
    
    # Save user to database
    DATABASE.append({"username": user.username, "password": hashed_password})
    
    return {"message": "User registered successfully"}

@app.post("/login")
def login_user(user: User):
    # Find user in database
    for data in DATABASE:
        if data["username"] == user.username:
            # Check password
            if bcrypt.verify(user.password, data["password"]):
                return {"message": "User logged in successfully"}
    
    return {"message": "Invalid username or password"}

4. Implementing authentication and authorization middleware

Now that we have implemented the user registration and login interface, next we need to implement the identity Authentication and authorization middleware. This will ensure that users can only access protected routes if a valid token is provided.

The following is an example implementation of authentication and authorization middleware:

from fastapi import FastAPI, Depends, HTTPException, status
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from passlib.hash import bcrypt
from jose import jwt, JWTError

app = FastAPI()

SECRET_KEY = "your-secret-key"

security = HTTPBearer()

@app.post("/register")
def register_user(user: User):
    # ...

@app.post("/login")
def login_user(user: User):
    # ...

def get_current_user(credentials: HTTPAuthorizationCredentials = Depends(security)):
    try:
        token = credentials.credentials
        payload = jwt.decode(token, SECRET_KEY, algorithms=["HS256"])
        user = payload.get("username")
        return user
    except JWTError:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid token",
            headers={"WWW-Authenticate": "Bearer"},
        )

@app.get("/protected")
def protected_route(current_user: str = Depends(get_current_user)):
    return {"message": f"Hello, {current_user}"}

5. Generate and verify tokens

Finally, we need to implement a method to generate tokens. A token is a security credential used for authentication and authorization. After the user successfully logs in, we can use this method to generate a token and return it to the client.

The following is an implementation of a sample method to generate and verify tokens:

from fastapi import FastAPI, Depends, HTTPException, status
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from passlib.hash import bcrypt
from jose import jwt, JWTError, ExpiredSignatureError
from datetime import datetime, timedelta

app = FastAPI()

SECRET_KEY = "your-secret-key"
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30

security = HTTPBearer()

@app.post("/register")
def register_user(user: User):
    # ...

@app.post("/login")
def login_user(user: User):
    # ...

def get_current_user(credentials: HTTPAuthorizationCredentials = Depends(security)):
    try:
        token = credentials.credentials
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        user = payload.get("username")
        return user
    except JWTError:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid token",
            headers={"WWW-Authenticate": "Bearer"},
        )

def create_access_token(username: str):
    expires = datetime.utcnow() + timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
    payload = {"username": username, "exp": expires}
    token = jwt.encode(payload, SECRET_KEY, algorithm=ALGORITHM)
    return token

@app.get("/protected")
def protected_route(current_user: str = Depends(get_current_user)):
    return {"message": f"Hello, {current_user}"}

@app.post("/token")
def get_access_token(user: User):
    # Check username and password
    for data in DATABASE:
        if data["username"] == user.username:
            if bcrypt.verify(user.password, data["password"]):
                # Generate access token
                access_token = create_access_token(user.username)
                return {"access_token": access_token}
    
    raise HTTPException(
        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Invalid username or password",
        headers={"WWW-Authenticate": "Bearer"},
    )

In summary, we have learned how to implement user authentication and authorization in FastAPI. By using the PyJWT library and Passlib library, we are able to securely handle user credentials and protect the security of our application. These sample codes serve as a starting point that you can further customize and extend to suit your needs. Hope this article helps you!

The above is the detailed content of How to implement user authentication and authorization in FastAPI. For more information, please follow other related articles on the PHP Chinese website!