FastAPI-User-Auth is a simple and powerful FastAPI user RBAC authentication and authorization library. Based on FastAPI-Amis-Admin and provides a freely extensible visual management interface.
Project description
项目介绍
FastAPI-User-Auth
FastAPI-User-Auth是一个简单而强大的FastAPI用户RBAC认证与授权库.
基于FastAPI-Amis-Admin并提供可自由拓展的可视化管理界面.
FastAPI-User-Auth
是一个基于 FastAPI-Amis-Admin
的应用插件,与FastAPI-Amis-Admin
深度结合,为其提供用户认证与授权.
安装
pip install fastapi-user-auth
简单示例
from fastapi import FastAPI
from fastapi_amis_admin.admin.settings import Settings
from fastapi_user_auth.site import AuthAdminSite
from starlette.requests import Request
from sqlmodel import SQLModel
# 创建FastAPI应用
app = FastAPI()
# 创建AdminSite实例
site = AuthAdminSite(settings=Settings(database_url_async='sqlite+aiosqlite:///amisadmin.db'))
auth = site.auth
# 挂载后台管理系统
site.mount_app(app)
# 创建初始化数据库表
@app.on_event("startup")
async def startup():
await site.db.async_run_sync(SQLModel.metadata.create_all, is_session=False)
# 创建默认测试用户, 请及时修改密码!!!
await auth.create_role_user('admin')
await auth.create_role_user('vip')
# 要求: 用户必须登录
@app.get("/auth/get_user")
@auth.requires()
def get_user(request: Request):
return request.user
if __name__ == '__main__':
import uvicorn
uvicorn.run(app, debug=True)
验证方式
装饰器
- 推荐场景: 单个路由.支持同步/异步路由.
# 要求: 用户必须登录
@app.get("/auth/user")
@auth.requires()
def user(request: Request):
return request.user # 当前请求用户对象.
# 验证路由: 用户拥有admin角色
@app.get("/auth/admin_roles")
@auth.requires('admin')
def admin_roles(request: Request):
return request.user
# 要求: 用户拥有vip角色
# 支持同步/异步路由
@app.get("/auth/vip_roles")
@auth.requires(['vip'])
async def vip_roles(request: Request):
return request.user
# 要求: 用户拥有admin角色 或 vip角色
@app.get("/auth/admin_or_vip_roles")
@auth.requires(roles=['admin', 'vip'])
def admin_or_vip_roles(request: Request):
return request.user
# 要求: 用户属于admin用户组
@app.get("/auth/admin_groups")
@auth.requires(groups=['admin'])
def admin_groups(request: Request):
return request.user
# 要求: 用户拥有admin角色 且 属于admin用户组
@app.get("/auth/admin_roles_and_admin_groups")
@auth.requires(roles=['admin'], groups=['admin'])
def admin_roles_and_admin_groups(request: Request):
return request.user
# 要求: 用户拥有vip角色 且 拥有`article:update`权限
@app.get("/auth/vip_roles_and_article_update")
@auth.requires(roles=['vip'], permissions=['article:update'])
def vip_roles_and_article_update(request: Request):
return request.user
依赖项
- 推荐场景: 路由集合,FastAPI应用
from fastapi import Depends
from typing import Tuple
from fastapi_user_auth.auth import Auth
from fastapi_user_auth.auth.models import User
# 路由参数依赖项
@app.get("/auth/admin_roles_depend_1")
def admin_roles(request: Request,
auth_result: Tuple[Auth, User] = Depends(auth.requires('admin')())):
return request.user
# 路径操作装饰器依赖项
@app.get("/auth/admin_roles_depend_2", dependencies=[Depends(auth.requires('admin')())])
def admin_roles(request: Request):
return request.user
# 全局依赖项
# 在app应用下全部请求都要求拥有admin角色
app = FastAPI(dependencies=[Depends(auth.requires('admin')())])
@app.get("/auth/admin_roles_depend_3")
def admin_roles(request: Request):
return request.user
中间件
- 推荐场景: FastAPI应用
app = FastAPI()
# 在app应用下每条请求处理之前都附加`request.auth`和`request.user`对象
auth.backend.attach_middleware(app)
直接调用
- 推荐场景: 非路由方法
from fastapi_user_auth.auth.models import User
async def get_request_user(request: Request) -> Optional[User]:
if await auth.requires('admin', response=False)(request):
return request.user
else:
return None
Token存储后端
fastapi-user-auth
支持多种token存储方式.默认为: DbTokenStore
, 建议自定义修改为: JwtTokenStore
JwtTokenStore
from fastapi_user_auth.auth.backends.jwt import JwtTokenStore
from sqlalchemy.ext.asyncio import create_async_engine
from sqlalchemy_database import AsyncDatabase
# 创建异步数据库引擎
engine = create_async_engine(url='sqlite+aiosqlite:///amisadmin.db', future=True)
# 使用`JwtTokenStore`创建auth对象
auth = Auth(db=AsyncDatabase(engine),
token_store=JwtTokenStore(secret_key='09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7'))
# 将auth对象传入AdminSite
site = AuthAdminSite(settings=Settings(database_url_async='sqlite+aiosqlite:///amisadmin.db'),
auth=auth)
DbTokenStore
# 使用`DbTokenStore`创建auth对象
from fastapi_user_auth.auth.backends.db import DbTokenStore
auth = Auth(db=AsyncDatabase(engine),
token_store=DbTokenStore(db=AsyncDatabase(engine)))
RedisTokenStore
# 使用`RedisTokenStore`创建auth对象
from fastapi_user_auth.auth.backends.redis import RedisTokenStore
from aioredis import Redis
auth = Auth(db=AsyncDatabase(engine),
token_store=RedisTokenStore(redis=Redis.from_url('redis://localhost?db=0')))
RBAC模型
本系统采用的RBAC
模型如下, 你也可以根据自己的需求进行拓展.
- 参考: 权限系统的设计
flowchart LR
User -. m:n .-> Group
User -. m:n .-> Role
Group -. m:n .-> Role
Role -. m:n .-> Perimission
高级拓展
拓展User
模型
from datetime import date
from fastapi_amis_admin.models.fields import Field
from fastapi_user_auth.auth.models import BaseUser
# 自定义`User`模型,继承`BaseUser`
class MyUser(BaseUser, table=True):
birthday: date = Field(None, title="出生日期")
location: str = Field(None, title="位置")
# 使用自定义的`User`模型,创建auth对象
auth = Auth(db=AsyncDatabase(engine), user_model=MyUser)
拓展Role
,Group
,Permission
模型
# 自定义`Group`模型,继承`BaseRBAC`;覆盖`Role`,`Permission`模型类似,区别在于表名.
class MyGroup(BaseRBAC, table=True):
__tablename__ = 'auth_group' # 数据库表名,必须是这个才能覆盖默认模型
icon: str = Field(None, title='图标')
is_active: bool = Field(default=True, title="是否激活")
自定义UserAuthApp
默认管理类
默认管理类均可通过继承重写替换.
例如: UserLoginFormAdmin
,UserRegFormAdmin
,UserInfoFormAdmin
,
UserAdmin
,GroupAdmin
,RoleAdmin
,PermissionAdmin
# 自定义模型管理类,继承重写对应的默认管理类
class MyGroupAdmin(admin.ModelAdmin):
group_schema = None
page_schema = PageSchema(label='用户组管理', icon='fa fa-group')
model = MyGroup
link_model_fields = [Group.roles]
readonly_fields = ['key']
# 自定义用户认证应用,继承重写默认的用户认证应用
class MyUserAuthApp(UserAuthApp):
GroupAdmin = MyGroupAdmin
# 自定义用户管理站点,继承重写默认的用户管理站点
class MyAuthAdminSite(AuthAdminSite):
UserAuthApp = MyUserAuthApp
# 使用自定义的`AuthAdminSite`类,创建site对象
site = MyAuthAdminSite(settings, auth=auth)
界面预览
- Open
http://127.0.0.1:8000/admin/auth/form/login
in your browser:
- Open
http://127.0.0.1:8000/admin/
in your browser:
- Open
http://127.0.0.1:8000/admin/docs
in your browser:
许可协议
fastapi-amis-admin
基于Apache2.0
开源免费使用,可以免费用于商业用途,但请在展示界面中明确显示关于FastAPI-Amis-Admin的版权信息.
鸣谢
感谢以下开发者对 FastAPI-User-Auth 作出的贡献:
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file fastapi_user_auth-0.2.0.tar.gz
.
File metadata
- Download URL: fastapi_user_auth-0.2.0.tar.gz
- Upload date:
- Size: 26.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: python-requests/2.28.1
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 18fbfede58cfe001e92587dfb868a7d9ea2e7cf96c6a76e0959dc75e2be96acf |
|
MD5 | fdfdedb118ecb68e7ef24c431e1f9fdc |
|
BLAKE2b-256 | c530c8da34d6126f4b6c1c3763b4b225fd7fd9a5d914263efe7cddcb444c9e6f |
File details
Details for the file fastapi_user_auth-0.2.0-py3-none-any.whl
.
File metadata
- Download URL: fastapi_user_auth-0.2.0-py3-none-any.whl
- Upload date:
- Size: 24.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: python-requests/2.28.1
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 773f8e524ddbfbd636961ee857a44ad42d665746ad4da53401fed5d247f3f242 |
|
MD5 | 37d2ad68ff2b19314d3158a9a2df7771 |
|
BLAKE2b-256 | f4db87c5e6b815c81b3ea31aedcdbd73e2629e0b1ee84b490b92e40ba2a151b7 |