Simple FastAPI declarative endpoint-level access control.
Project description
Simple FastAPI declarative endpoint-level access control, somewhat inspired by Pyramid.
Installation
Requirements: Python 3.10+ · FastAPI 0.104.1+ · PyJWT 2.12.1+
pip install missil
Why use Missil?
Permission checks tend to look the same across every protected endpoint: extract the token, verify it, find the area, check the level. Missil moves all of that out of your route functions and into a single declarative line per endpoint — keeping your business logic clean and your access rules explicit and auditable at a glance.
Because permissions are stored as numeric levels per business area, a single token can express fine-grained access across multiple areas of your application without requiring separate tokens or custom middleware.
Quick example
import missil
from fastapi import FastAPI, Response
app = FastAPI()
SECRET_KEY = "..."
# 1. Declare a bearer — reads token from cookie or Authorization header
bearer = missil.TokenBearer("Authorization", SECRET_KEY, permissions_key="permissions")
# 2. Declare business areas as typed attributes
class AppAreas(missil.AreasBase):
finances: missil.Area
it: missil.Area
areas = AppAreas(bearer)
# 3. Protect endpoints — one dependency, no boilerplate
@app.get("/finances/report", dependencies=[areas.finances.READ])
def finances_report(): ...
@app.get("/finances/edit", dependencies=[areas.finances.WRITE])
def finances_edit(): ...
@app.get("/it/admin", dependencies=[areas.it.ADMIN])
def it_admin(): ...
# 4. Issue a token at login
@app.post("/login")
def login(response: Response):
claims = {
"sub": "user123",
"permissions": {"finances": missil.WRITE, "it": missil.READ},
}
token = missil.encode_jwt_token(claims, SECRET_KEY, expiration_hours=8)
response.set_cookie("Authorization", f"Bearer {token}", httponly=True)
return {"msg": "logged in"}
Permission hierarchy
| Level | Constant | Satisfies |
|---|---|---|
| 0 | READ |
READ |
| 1 | WRITE |
READ, WRITE |
| 2 | ADMIN |
READ, WRITE, ADMIN |
Higher levels automatically satisfy lower requirements — a user with ADMIN access can reach READ and WRITE protected endpoints without extra entries.
Bearers
Choose the bearer that matches how your client sends the token:
| Bearer | Token source |
|---|---|
TokenBearer |
Cookie → falls back to Authorization header |
CookieTokenBearer |
Cookie only |
HeaderTokenBearer |
Authorization header only |
License
This project is licensed under the terms of the MIT license.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file missil-0.2.1.tar.gz.
File metadata
- Download URL: missil-0.2.1.tar.gz
- Upload date:
- Size: 15.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: pdm/2.26.7 CPython/3.12.2 Linux/6.6.87.2-microsoft-standard-WSL2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7ca40fd170e09badcc574eae775da632a14347c13ef8dac7b553f05aad8146ed
|
|
| MD5 |
164aa20a845df711399ff95712008165
|
|
| BLAKE2b-256 |
e2969ba8f787adc949fb6b7cbcd02f84aaaeecd77c5086a0f12d4cd84a9e273d
|
File details
Details for the file missil-0.2.1-py3-none-any.whl.
File metadata
- Download URL: missil-0.2.1-py3-none-any.whl
- Upload date:
- Size: 14.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: pdm/2.26.7 CPython/3.12.2 Linux/6.6.87.2-microsoft-standard-WSL2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0c92b043523effc57d52a5de18220b0764b809fc7bc252857bbf51c88b3e3387
|
|
| MD5 |
ab3891c742fcd1d673b572f5f1269782
|
|
| BLAKE2b-256 |
1f2b933001eb72a2d49c18b0903f71886367d831e8ffe0e4f50790dbcca8e070
|
