FastAPI-User-Auth is a simple and powerful FastAPI user RBAC authentication and authorization library. Based on FastAPI-Amis-Admin and provides a freely extensible visual management interface.
Project description
Project Introduction
FastAPI-User-Auth
FastAPI-User-Auth is a simple and powerful FastAPI user RBAC authentication and authorization library.
It is based on FastAPI-Amis-Admin and provides a freely extensible visual management interface.
SourceCode · OnlineDemo · Documentation · Can't open the document?
FastAPI-User-Auth It is an application plug -in based on FastAPI-Amis-Admin
, which is deeply integrated to provide user authentication and authorization..
Install
pip install fastapi-user-auth
Simple example
from fastapi import FastAPI
from fastapi_amis_admin.admin.settings import Settings
from fastapi_user_auth.site import AuthAdminSite
from starlette.requests import Request
from sqlmodel import SQLModel
# Create Fast API application
app = FastAPI()
# Create an Admin Site instance
site = AuthAdminSite(settings=Settings(database_url_async='sqlite+aiosqlite:///amisadmin.db'))
auth = site.auth
# Mount the Site management system to the FastAPI instance
site.mount_app(app)
# Create initialization database table
@app.on_event("startup")
async def startup():
await site.db.async_run_sync(SQLModel.metadata.create_all, is_session=False)
# Create default test user, Please change your password in time!!!
await auth.create_role_user('admin')
await auth.create_role_user('vip')
# Requirements: User must be logged in
@app.get("/auth/get_user")
@auth.requires()
def get_user(request: Request):
return request.user
if __name__ == '__main__':
import uvicorn
uvicorn.run(app, debug=True)
Ways of identifying
Decorator
- Recommended scenario: Single route. Supports synchronous and asynchronous routing.
# Requirements: User must be logged in
@app.get("/auth/user")
@auth.requires()
def user(request: Request):
return request.user # current request user object.
# Authentication route: user has admin role
@app.get("/auth/admin_roles")
@auth.requires('admin')
def admin_roles(request: Request):
return request.user
# Requirement: User has vip role
# Support synchronous and asynchronous routing
@app.get("/auth/vip_roles")
@auth.requires(['vip'])
async def vip_roles(request: Request):
return request.user
# Requirements: User has admin role or vip role
@app.get("/auth/admin_or_vip_roles")
@auth.requires(roles=['admin', 'vip'])
def admin_or_vip_roles(request: Request):
return request.user
# Requirement: The user belongs to the admin user group
@app.get("/auth/admin_groups")
@auth.requires(groups=['admin'])
def admin_groups(request: Request):
return request.user
# Requirements: The user has the admin role and belongs to the admin user group
@app.get("/auth/admin_roles_and_admin_groups")
@auth.requires(roles=['admin'], groups=['admin'])
def admin_roles_and_admin_groups(request: Request):
return request.user
# Requirements: The user has the vip role and has the `article:update` permission
@app.get("/auth/vip_roles_and_article_update")
@auth.requires(roles=['vip'], permissions=['article:update'])
def vip_roles_and_article_update(request: Request):
return request.user
Dependencies (recommended)
- Recommended scenarios: single route, route collection, FastAPI application.
from fastapi import Depends
from typing import Tuple
from fastapi_user_auth.auth import Auth
from fastapi_user_auth.auth.models import User
# Route parameter dependencies, this method is recommended
@app.get("/auth/admin_roles_depend_1")
def admin_roles(user: User = Depends(auth.get_current_user)):
return user # or request.user
# Path manipulation decorator dependencies
@app.get("/auth/admin_roles_depend_2", dependencies=[Depends(auth.requires('admin')())])
def admin_roles(request: Request):
return request.user
# Global dependencies
# All requests under the app application require the admin role
app = FastAPI(dependencies=[Depends(auth.requires('admin')())])
@app.get("/auth/admin_roles_depend_3")
def admin_roles(request: Request):
return request.user
Middleware
- Recommended Scenario: FastAPI Application
app = FastAPI()
# Append `request.auth` and `request.user` objects before each request processing under the app
auth.backend.attach_middleware(app)
Call directly
- Recommended scenarios: non-routing methods
from fastapi_user_auth.auth.models import User
async def get_request_user(request: Request) -> Optional[User]:
# user= await auth.get_current_user(request)
if await auth.requires('admin', response=False)(request):
return request.user
else:
return None
Token storage backend
fastapi-user-auth Supports multiple token storage methods. The default is: DbTokenStore, It is recommended to customize the modification to: JwtTokenStore
JwtTokenStore
from fastapi_user_auth.auth.backends.jwt import JwtTokenStore
from sqlalchemy.ext.asyncio import create_async_engine
from sqlalchemy_database import AsyncDatabase
# Create an asynchronous database engine
engine = create_async_engine(url='sqlite+aiosqlite:///amisadmin.db', future=True)
# Create auth object using `Jwt Token Store`
auth = Auth(
db=AsyncDatabase(engine),
token_store=JwtTokenStore(secret_key='09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7')
)
# Pass the auth object into the Admin Site
site = AuthAdminSite(
settings=Settings(database_url_async='sqlite+aiosqlite:///amisadmin.db'),
auth=auth
)
DbTokenStore
# Create auth object using `Db Token Store`
from fastapi_user_auth.auth.backends.db import DbTokenStore
auth = Auth(
db=AsyncDatabase(engine),
token_store=DbTokenStore(db=AsyncDatabase(engine))
)
RedisTokenStore
# Create auth object using `Redis Token Store`
from fastapi_user_auth.auth.backends.redis import RedisTokenStore
from aioredis import Redis
auth = Auth(
db=AsyncDatabase(engine),
token_store=RedisTokenStore(redis=Redis.from_url('redis://localhost?db=0'))
)
RBAC model
The RBAC model adopted by this system is as follows, you can also expand it according to your own needs.
- Reference: Design of Permission System
flowchart LR
User -. m:n .-> Group
User -. m:n .-> Role
Group -. m:n .-> Role
Role -. m:n .-> Perimission
Advanced Extension
### Extending the `User` model
```python
from datetime import date
from fastapi_amis_admin.models.fields import Field
from fastapi_user_auth.auth.models import User
# Customize `User` model, inherit `User`
class MyUser(User, table = True):
point: float = Field(default = 0, title = 'Source', description = 'User source')
phone: str = Field(None, title = 'Phone number', max_length = 15)
parent_id: int = Field(None, title = "Superior", foreign_key = "auth_user.id")
birthday: date = Field(None, title = "Date of birth")
location: str = Field(None, title = "Location")
# Create an auth object using a custom `User` model
auth = Auth(db = AsyncDatabase(engine), user_model = MyUser)
Extend the Role, Group, Permission models
from fastapi_amis_admin.models.fields import Field
from fastapi_user_auth.auth.models import Group
# Customize the `Group` model, inherit `Base RBAC`; override the `Role`, the `Permission` model is similar,
# the difference is the table name.
class MyGroup(Group, table=True):
__tablename__ = 'auth_group' # Database table name, must be this to override the default model
icon: str = Field(None, title='Icon')
is_active: bool = Field(default=True, title="Activate now")
Custom User Auth App default management class
Default management classes can be overridden and replaced by inheritance.
For Example: UserLoginFormAdmin,UserRegFormAdmin,UserInfoFormAdmin,
UserAdmin,GroupAdmin,RoleAdmin,PermissionAdmin
# Customize the model management class, inherit and override the corresponding default management class
class MyGroupAdmin(admin.ModelAdmin):
group_schema = None
page_schema = PageSchema(label='用户组管理', icon='fa fa-group')
model = MyGroup
link_model_fields = [Group.roles]
readonly_fields = ['key']
# Customize the user authentication application, inherit and override the default user authentication application
class MyUserAuthApp(UserAuthApp):
GroupAdmin = MyGroupAdmin
# Customize the user management site, inherit and override the default user management site
class MyAuthAdminSite(AuthAdminSite):
UserAuthApp = MyUserAuthApp
# Create a site object using a custom `Auth Admin Site` class
site = MyAuthAdminSite(settings, auth=auth)
Interface/UI preview
- Open
http://127.0.0.1:8000/admin/auth/form/loginin your browser:
- Open
http://127.0.0.1:8000/admin/in your browser:
- Open
http://127.0.0.1:8000/admin/docsin your browser:
License
fastapi-amis-adminis based onApache2.0Open source is free to use and can be freely used for commercial purposes, but please clearly display the copyright information about Fast API-Amis-Admin in the display interface.
Thanks
Thanks to the following developers for their contributions to FastAPI-User-Auth:
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
fastapi_user_auth-0.4.1.tar.gz
(76.8 kB
view details)
Built Distribution
File details
Details for the file fastapi_user_auth-0.4.1.tar.gz.
File metadata
- Download URL: fastapi_user_auth-0.4.1.tar.gz
- Upload date:
- Size: 76.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: python-requests/2.28.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f41b5b35f9d7232266eb249d51347aba733fd958b9909223dcc20ae4cba41a15 |
|
| MD5 | 4af74f273339e4e00182023ebdc59fd0 |
|
| BLAKE2b-256 | c2e177011b19ee26f7d2322eaf9c63f8b264de5224013362760bcea987b671cd |
File details
Details for the file fastapi_user_auth-0.4.1-py3-none-any.whl.
File metadata
- Download URL: fastapi_user_auth-0.4.1-py3-none-any.whl
- Upload date:
- Size: 23.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: python-requests/2.28.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 536baf67f03a504f6715ff9b4a7834192a45e60a6e9918a288a53e90db164868 |
|
| MD5 | 00b211392141fb636c2558e302330cad |
|
| BLAKE2b-256 | 6bc8ccc4cab658f34528516a68d85b3d6011739ca349f842216b4ca22f177eea |
