mrtolkien / fastapi_simple_security Goto Github PK
View Code? Open in Web Editor NEWDrop-in API-key based security for FastAPI
License: MIT License
Drop-in API-key based security for FastAPI
License: MIT License
Hello,
I was just looking through fastapi security/auth libraries and I saw that in this library, api keys and also the secret value is created with uuid4(). However, UUID is not secure for that purpose and should not be used according to RFC4122. Instead, use something like token_urlsafe
from the secrets package.
Using:
fastapi==0.68.0
After setup, setting the FASTAPI_SIMPLE_SECURITY_DB_LOCATION
does not change the path from the default of /app/sqlite.db as expected. Instead getting hit with this error sqlite3.OperationalError: unable to open database file
Looking at the _sqlite_access.py definition doing this instead:
def __init__(self): try: self.db_location = os.environ["FASTAPI_SIMPLE_SECURITY_DB_LOCATION"] except KeyError: self.db_location = ""
seems to work.
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.
docker-compose.yml
Dockerfile
.github/workflows/pr_python_tests.yml
actions/checkout v3
actions/setup-python v4
abatilo/actions-poetry v2.2.0
.github/workflows/push_sanity_check.yml
actions/checkout v3
actions/checkout v3
actions/setup-python v4
pyproject.toml
fastapi >=0.70
urllib3 >=1.26.12
pytest ^7.0.0
black ^22.3.0
requests ^2.26.0
pre-commit ^2.20.0
pylint ^2.15.4
isort ^5.10.1
coverage ^6.5.0
basically the db file is not kept
I was trying to run the sample code in the Readme. I got an error
Traceback (most recent call last):
File "pdfkitv2.py", line 8, in <module>
from fastapi_simple_security import api_key_router, api_key_security
File "D:\enviorments\pdfkit\lib\site-packages\fastapi_simple_security\__init__.py", line 1, in <module>
from fastapi_simple_security.endpoints import api_key_router
File "D:\enviorments\pdfkit\lib\site-packages\fastapi_simple_security\endpoints.py", line 7, in <module>
from fastapi_simple_security._security_secret import secret_based_security
File "<fstring>", line 1
(SECRET=)
I think there is an error in the file _security_secret.py Line 18.
Running the script like described in the readme results in a
File "/home/kai/PycharmProjects/fdm-api/app/main.py", line 5, in <module>
from fastapi_simple_security import api_key_router, api_key_security
File "/home/kai/PycharmProjects/fdm-api/venv/lib/python3.9/site-packages/fastapi_simple_security/__init__.py", line 1, in <module>
from fastapi_simple_security.endpoints import api_key_router
File "/home/kai/PycharmProjects/fdm-api/venv/lib/python3.9/site-packages/fastapi_simple_security/endpoints.py", line 8, in <module>
from fastapi_simple_security._sqlite_access import sqlite_access
File "/home/kai/PycharmProjects/fdm-api/venv/lib/python3.9/site-packages/fastapi_simple_security/_sqlite_access.py", line 218, in <module>
sqlite_access = SQLiteAccess()
File "/home/kai/PycharmProjects/fdm-api/venv/lib/python3.9/site-packages/fastapi_simple_security/_sqlite_access.py", line 21, in __init__
self.init_db()
File "/home/kai/PycharmProjects/fdm-api/venv/lib/python3.9/site-packages/fastapi_simple_security/_sqlite_access.py", line 24, in init_db
with sqlite3.connect(self.db_location) as connection:
sqlite3.OperationalError: unable to open database file
Tried with Python 3.6 as well as 3.9
when using pip (and not poetry...) the error is
The conflict is caused by:
From the package on pypi
fastapi_simple_security-1.0.1.dist-info/METADATA:Requires-Dist: fastapi (>=0.70,<0.71)
The only other ref to fastapi in your repo is
[[package]]
name = "fastapi"
version = "0.70.0"
description = "FastAPI framework, high performance, easy to learn, fast to code, ready for production"
category = "main"
optional = false
python-versions = ">=3.6.1"
pip install -r requirements.txt
fails to resolve dependencies, because fastapi_simple_security is trying to force an older version of fastapi.
I Momentarily solved it by manually installing an older fastapi version in my application, but I see no reason why this should be the way to go (new versions don't introduce breaking changes).
Thanks!
Thank you for this great library. I have a question. Is there a way to access the API key that was used to request a secure endpoint when the dependency is used globally? For example:
app.include_router(myrouter, prefix='/myrouter', dependencies=[Depends(api_key_security)])
@myrouter.get('/secured-endpoint/')
async def secured_endpoint():
return {'key': 'api-key'}
Does the request state contain the API key or it isn't passed anywhere? If the key isn't available in any context, we will have to use the dependency in each function like this:
from fastapi.security.api_key import APIKey
@app.get('/secured-endpoint/')
async def secured_endpoint(api_key: APIKey = Depends(api_key_security)):
return {'key': api_key}
Please let me know if there's a possibility to use the dependency globally on a router and still get the API key value in all sub-routes.
warnings.warn(
f"ENVIRONMENT VARIABLE 'FASTAPI_SIMPLE_SECURITY_SECRET' NOT FOUND\n"
f"\tGenerated a single-use secret key for this session:\n"
f"\t{SECRET=}"
)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.