Simple integration of Cross-Site Request Forgery (XSRF) Protection by using either Cookies or Context combined with Headers
Project description
FastAPI CSRF Protect
Features
FastAPI extension that provides Cross-Site Request Forgery (XSRF) Protection support (easy to use and lightweight).
If you were familiar with flask-wtf library this extension suitable for you.
This extension inspired by fastapi-jwt-auth 😀
- Storing
fastapi-csrf-tokenin cookies or serve it in template's context
Installation
The easiest way to start working with this extension with pip
pip install fastapi-csrf-protect
Usage
With Context and Headers
from fastapi import FastAPI, Request, Depends
from fastapi.responses import JSONResponse
from fastapi.templating import Jinja2Templates
from fastapi_csrf_protect import CsrfProtect
from fastapi_csrf_protect.exceptions import CsrfProtectError
from pydantic import BaseModel
app = FastAPI()
templates = Jinja2Templates(directory='templates')
class CsrfSettings(BaseModel):
secret_key:str = 'asecrettoeverybody'
@CsrfProtect.load_config
def get_csrf_config():
return CsrfSettings()
@app.get('/form')
def form(request: Request, csrf_protect:CsrfProtect = Depends()):
'''
Returns form template.
'''
csrf_token = csrf_protect.generate_csrf()
response = templates.TemplateResponse('form.html', {
'request': request, 'csrf_token': csrf_token
})
return response
@app.post('/posts', response_class=JSONResponse)
def create_post(request: Request, csrf_protect:CsrfProtect = Depends()):
'''
Creates a new Post
'''
csrf_token = csrf_protect.get_csrf_from_headers(request.headers)
csrf_protect.validate_csrf(csrf_token)
# Do stuff
@app.exception_handler(CsrfProtectError)
def csrf_protect_exception_handler(request: Request, exc: CsrfProtectError):
return JSONResponse(
status_code=exc.status_code,
content={ 'detail': exc.message
}
)
With Cookies
from fastapi import FastAPI, Request, Depends
from fastapi.responses import JSONResponse
from fastapi.templating import Jinja2Templates
from fastapi_csrf_protect import CsrfProtect
from fastapi_csrf_protect.exceptions import CsrfProtectError
from pydantic import BaseModel
app = FastAPI()
templates = Jinja2Templates(directory='templates')
class CsrfSettings(BaseModel):
secret_key:str = 'asecrettoeverybody'
@CsrfProtect.load_config
def get_csrf_config():
return CsrfSettings()
@app.get('/form')
def form(request: Request, csrf_protect:CsrfProtect = Depends()):
'''
Returns form template.
'''
response = templates.TemplateResponse('form.html', { 'request': request })
csrf_protect.set_csrf_cookie(response)
return response
@app.post('/posts', response_class=JSONResponse)
def create_post(request: Request, csrf_protect:CsrfProtect = Depends()):
'''
Creates a new Post
'''
csrf_protect.validate_csrf_in_cookies(request)
# Do stuff
@app.exception_handler(CsrfProtectError)
def csrf_protect_exception_handler(request: Request, exc: CsrfProtectError):
return JSONResponse(status_code=exc.status_code, content={ 'detail': exc.message })
License
This project is licensed under the terms of the MIT license.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
File details
Details for the file fastapi-csrf-protect-0.1.6.tar.gz.
File metadata
- Download URL: fastapi-csrf-protect-0.1.6.tar.gz
- Upload date:
- Size: 6.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.2 importlib_metadata/4.6.3 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.0 CPython/3.7.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | bb6d288fdd5293a6c331bf34e3f1408d935274c293316e796ed4d32c2cf9ff59 |
|
| MD5 | f43e486bcffe1425ecfb23191fa6e714 |
|
| BLAKE2b-256 | e098b2dbeb30727e17c09814b902843451e682b411f1c7d6b20a385912f4c14c |
File details
Details for the file fastapi_csrf_protect-0.1.6-py3.7.egg.
File metadata
- Download URL: fastapi_csrf_protect-0.1.6-py3.7.egg
- Upload date:
- Size: 13.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.2 importlib_metadata/4.6.3 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.0 CPython/3.7.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 18b7a200d88885edad8222c8042e017f330bb7262c06e4e3de8686216e941436 |
|
| MD5 | 5f1ff15c9d643f1084fe189518006da8 |
|
| BLAKE2b-256 | 94ea5d46cd34025ebb55ae34989bb1436825aad84a3cc63f7b3a419765ad53a1 |
File details
Details for the file fastapi_csrf_protect-0.1.6-py3-none-any.whl.
File metadata
- Download URL: fastapi_csrf_protect-0.1.6-py3-none-any.whl
- Upload date:
- Size: 8.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.2 importlib_metadata/4.6.3 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.0 CPython/3.7.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f3709e02746f21cb44adfc86f100f741147083bb5dc8391e055ee192f90d3427 |
|
| MD5 | f717a9dc7b127bea83ff0c55c86909ee |
|
| BLAKE2b-256 | ea1217ad161c352fb1be05d3008e668c5fa8852d37123c393d9debf67c3a7ae1 |
