FastAPI的基于路由的授权框架
项目描述
FastAPI授权网关
这个库为FastAPI应用提供了路由级别的授权。它在需要限制对您不直接控制的路由的访问时特别有用。例如,如果您使用了一个为您设置了一组路由的库(它针对stac-fastapi进行了设计),您可以使用这个库通过授权策略来限制对其中任何路由的访问。这些策略可以针对路由路径、方法、路径参数和查询参数的组合进行评估。它还提供了一个在将请求传递到下游端点之前修改请求的机制,适用于需要预先过滤请求的情况。
设置
通过pip安装
python -m pip install fastapi-authorization-gateway
# or from source
python -m pip install git+https://github.com/developmentseed/fastapi-authorization-gateway.git`
用法
如果您是初学者,想要了解这个库的工作原理以及如何将其集成到您的应用程序中,请查看教程。
如果您正在寻找解决特定问题的配方,请查看如何做。
快速入门
如果您不想进行完整教程,只想将此直接集成到您的应用程序中,可以使用以下代码片段。
from fastapi import Depends, Request
from typing import Annotated, Optional
from fastapi_authorization_gateway.auth import build_authorization_dependency
from fastapi_authorization_gateway.types import Policy, RoutePermission
async def get_user(request: Request):
"""
Replace this with a function to retrieve a real user
(from a token, for example).
"""
return {
"username": "test"
}
async def policy_generator(request: Request, user: Annotated[dict, Depends(get_user)]) -> Policy:
"""
Define your policies here based on the requesting user or, really,
whatever you like. This function will be injected as a dependency
into the authorization dependency and must return a Policy.
"""
# We will generate some policies that cover all routes for the app,
# so we need to enumerate them here.
all_routes: list[APIRoute] = request.app.routes
# A permission matching write access to all routes, with no constraints
# on path or query parameters
all_write = RoutePermission(
paths=[route.path_format for route in all_routes],
methods=["POST", "PUT", "PATCH", "DELETE"],
)
# a permission matching read access to all routes, with no constraints
# on path or query parameters
all_read = RoutePermission(
paths=[route.path_format for route in all_routes], methods=["GET"]
)
# read only policy allows read requests on all routes and denies write requests
# falling back to denying a request if it matches none of the permissions
read_only_policy = Policy(allow=[all_read], deny=[all_write], default_deny=True)
# a more permissive policy granting write and read access on all routes, falling back
# to approving a request if it matches none of the permissions
authorized_policy = Policy(allow=[all_write, all_read], default_deny=False)
if not user:
# anonymous requests get read only permissions
return read_only_policy
else:
# authenticated requests get full permissions
return authorized_policy
# build the authorization dependency
authorization = build_authorization_dependency(
policy_generator=policy_generator,
)
app = FastAPI(dependencies=[Depends(authorization)])
@app.get("/test")
def get_test(request: Request):
return {"status": "ok"}
@app.post("/test")
def post_test(request: Request):
print("Should not be able to reach this endpoint with read-only policy")
return {"status": "ok"}
关闭
散列值 for fastapi_authorization_gateway-0.0.4-py3-none-any.whl
| 算法 | 散列摘要 | |
|---|---|---|
| SHA256 | 93ca35edf87a367a555cf378775252ea09f3a271bcb00f1d5185050de11ee28a |
|
| MD5 | 64cd42693db2bf3aecada24dcf9b21fe |
|
| BLAKE2b-256 | 676bce6aa714d01185bdffdb6b3dd93923ea47f8cdeccf983cd18be951abb398 |