首页 开源 资讯 活动 开源许可证
软件工程云服务
软件代码质量检测云服务 持续集成与部署云服务 社区个性化内容推荐服务 贡献审阅人推荐服务 群体化学习服务 重睛鸟代码扫描工具
Watch 1 Star 1 Fork 4

zilai2003/FastAPI_Study_Yinyu

forked from 尹煜/FastAPI_Study_Yinyu 
代码 Issues 0 Pull Requests 0 Wiki 0 统计
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
8.4_security.py 4.30 KB
一键复制 编辑 原始数据 按行查看 历史
尹煜 提交于 2023-06-04 19:35 . 8章内容
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146
#pip install python-jose,pip install passlib[bcrypt]

from datetime import datetime, timedelta

from typing import Union



from fastapi import Depends, FastAPI, HTTPException, status

from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm

from jose import JWTError, jwt

from passlib.context import CryptContext

from pydantic import BaseModel



# to get a string like this run:

# openssl rand -hex 32

SECRET_KEY = "yinyusecuritykey"

ALGORITHM = "HS256"

ACCESS_TOKEN_EXPIRE_MINUTES = 30





fake_users_db = {

    "johndoe": {

        "username": "johndoe",

        "full_name": "John Doe",

        "email": "johndoe@example.com",

        "hashed_password": "$2b$12$Iy1FxkhNXVtoJjDfTVTo9erntJ2FFFPJKZbQH3FcBFijS/zNCzGK.",

        "disabled": False,

    }

}





class Token(BaseModel):

    access_token: str

    token_type: str





class TokenData(BaseModel):

    username: Union[str, None] = None





class User(BaseModel):

    username: str

    email: Union[str, None] = None

    full_name: Union[str, None] = None

    disabled: Union[bool, None] = None





class UserInDB(User):

    hashed_password: str





pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")



oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")



app = FastAPI()





def verify_password(plain_password, hashed_password):

    return pwd_context.verify(plain_password, hashed_password)





def get_password_hash(password):

    return pwd_context.hash(password)





def get_user(db, username: str):

    if username in db:

        user_dict = db[username]

        return UserInDB(**user_dict)





def authenticate_user(fake_db, username: str, password: str):

    user = get_user(fake_db, username)

    if not user:

        return False

    if not verify_password(password, user.hashed_password):

        return False

    return user





def create_access_token(data: dict, expires_delta: Union[timedelta, None] = None):

    to_encode = data.copy()

    if expires_delta:

        expire = datetime.utcnow() + expires_delta

    else:

        expire = datetime.utcnow() + timedelta(minutes=15)

    to_encode.update({"exp": expire})

    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)

    return encoded_jwt





async def get_current_user(token: str = Depends(oauth2_scheme)):

    credentials_exception = HTTPException(

        status_code=status.HTTP_401_UNAUTHORIZED,

        detail="Could not validate credentials",

        headers={"WWW-Authenticate": "Bearer"},

    )

    try:

        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])

        username: str = payload.get("sub")

        if username is None:

            raise credentials_exception

        token_data = TokenData(username=username)

    except JWTError:

        raise credentials_exception

    user = get_user(fake_users_db, username=token_data.username)

    if user is None:

        raise credentials_exception

    return user





async def get_current_active_user(current_user: User = Depends(get_current_user)):

    if current_user.disabled:

        raise HTTPException(status_code=400, detail="Inactive user")

    return current_user





@app.post("/token", response_model=Token)

async def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends()):

    user = authenticate_user(fake_users_db, form_data.username, form_data.password)

    if not user:

        raise HTTPException(

            status_code=status.HTTP_401_UNAUTHORIZED,

            detail="Incorrect username or password",

            headers={"WWW-Authenticate": "Bearer"},

        )

    access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)

    access_token = create_access_token(

        data={"sub": user.username}, expires_delta=access_token_expires

    )

    return {"access_token": access_token, "token_type": "bearer"}





@app.get("/users/me/", response_model=User)

async def read_users_me(current_user: User = Depends(get_current_active_user)):

    return current_user





@app.get("/users/me/items/")

async def read_own_items(current_user: User = Depends(get_current_active_user)):

    return [{"item_id": "Foo", "owner": current_user.username}]





if __name__ == '__main__':

    import uvicorn

    uvicorn.run(app, host="127.0.0.1", port=8000)

    # print(get_password_hash("yinyusecurity")) #此为“yinyusecurity”加密后的 👇,然后放在fake_users_db中

    # $2b$12$Iy1FxkhNXVtoJjDfTVTo9erntJ2FFFPJKZbQH3FcBFijS/zNCzGK.
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化