two-fast-auth 1.1.0

FastAPI 2-Factor Authentication Middleware

---

two-fast-auth is a FastAPI middleware that provides seamless two-factor authentication implementation. It integrates with FastAPI to offer robust 2FA protection for your application routes.

---

Documentation

📚 Full Documentation - Comprehensive technical documentation and API reference

Features

• QR Code Generation: Automatic QR code creation for authenticator apps
• TOTP Verification: Time-based one-time password validation
• Recovery Codes: Secure recovery code generation and management
• Optional Secret Encryption: Securely store and verify 2FA secrets
• Middleware Integration: Easy integration with FastAPI routes

Installation

To install two-fast-auth, use pip:

pip install two-fast-auth

Basic Usage

from fastapi import FastAPI
from two_fast_auth import TwoFactorMiddleware, TwoFactorAuth

app = FastAPI()

async def get_user_secret(user_id: str) -> str:
    # Implement your logic to retrieve user's secret from database
    return "user_stored_secret"  # Replace with actual DB lookup

app.add_middleware(
    TwoFactorMiddleware,
    get_user_secret_callback=get_user_secret,
    excluded_paths=["/docs", "/redoc"],
    header_name="X-2FA-Code",
    encryption_key="your-key-here"  # Optional
)

@app.get("/protected-route")
async def protected_route():
    return {"message": "2FA protected content"}

Configuration Options

TwoFactorAuth Parameters

Parameter	Default	Description
secret	Auto-generated	Base32 secret for TOTP generation
qr_fill_color	"black"	QR code foreground color
qr_back_color	"white"	QR code background color
issuer_name	"2FastAuth"	Name displayed in authenticator apps

TwoFactorMiddleware Parameters

Parameter	Default	Description
encryption_key	None	Encryption key for securing 2FA secrets (Fernet-compatible key)
excluded_paths	["/login", "/setup-2fa"]	Paths that bypass 2FA verification
header_name	"X-2FA-Code"	Request header containing 2FA verification code

Advanced Configuration

# Generate and encrypt secret
secret = TwoFactorAuth().secret
encrypted_secret = TwoFactorAuth.encrypt_secret(
    secret,
    encryption_key="your-key-here"
)

# Store encrypted secret in database
async def get_user_secret(user_id: str) -> str:
    return await fetch_encrypted_secret_from_db(user_id)

# Middleware with encrypted secrets
app.add_middleware(
    TwoFactorMiddleware,
    get_user_secret_callback=get_user_secret,
    encryption_key="your-key-here",
    excluded_paths=["/healthcheck"]
)

Contributing

Contributions are welcome! Please open an issue or submit a pull request on GitHub.

License

MIT License - See LICENSE for details

Author

Renzo Franceschini

• GitHub Profile
• Email

Acknowledgements

• Cryptography
• FastAPI
• PyOTP
• qrcode