Documentation of my FastAPI learning process. I document what I find necessary.
Posts are listed in the Related post(s) section below. Each entry includes the link to the actual post, the git clone
command for the target code revision, and an excerpt from the post.
To install Python 3.12.4, please refer to the following post: Installing Python 3.12.4 as an Additional Interpreter on Ubuntu 22.10 and Windows 10.
Simply remove the existing virtual environment venv
and recreate it using the following command:
▶️Windows 10: F:\fastapi_learning>C:\PF\Python312\python.exe -m venv venv
▶️Ubuntu 22.10: behai@hp-pavilion-15:~/fastapi_learning$ /usr/local/bin/python3.12 -m venv venv
Verify the version of the Python interpreter in venv
:
▶️Windows 10: (venv) F:\fastapi_learning>venv\Scripts\python.exe --version
▶️Ubuntu 22.10: (venv) behai@hp-pavilion-15:~/fastapi_learning$ ./venv/bin/python --version
▶️Windows 10: (venv) F:\fastapi_learning>venv\Scripts\pip.exe install -e .
▶️Ubuntu 22.10: (venv) behai@hp-pavilion-15:~/fastapi_learning$ ./venv/bin/pip install -e .
▶️Windows 10: (venv) F:\fastapi_learning>venv\Scripts\pip.exe install -e .[dev]
▶️Ubuntu 22.10: (venv) behai@hp-pavilion-15:~/fastapi_learning$ ./venv/bin/pip install -e .[dev]
git clone -b v0.1.0 https://github.com/behai-nguyen/fastapi_learning.git
FastAPI
provides excellent tutorials that thoroughly introduce the framework. Two sections on security, namely Tutorial - User Guide Security and Advanced User Guide Security, have sparked further questions, which we are discussing in this post. Hopefully, this discussion will lead to a better understanding of how FastAPI
security works.
git clone -b v0.2.0 https://github.com/behai-nguyen/fastapi_learning.git
In the first post, we explore some aspects of OAuth2
authentication, focusing on the /token
path as illustrated in an example from the Simple OAuth2 with Password and Bearer
section of the Tutorial - User Guide Security. In this subsequent post, we implement our own custom preliminary login process, leveraging the /token
path. This means that both the Swagger UI Authorize
button and our application's login button utilise the same server code.
git clone -b v0.3.0 https://github.com/behai-nguyen/fastapi_learning.git
In the second post of our FastAPI learning series, we implemented a placeholder for the application's own authentication process. In this post, we will complete this process by implementing persistent server-side HTTP sessions using the starsessions library and its Redis store store, as well as extending the OAuth2PasswordBearer class.
git clone -b v0.4.0 https://github.com/behai-nguyen/fastapi_learning.git
In the third post, we implemented persistent stateful HTTP sessions. In this post, we will complete the application’s authentication UI flow. For the existing /auth/token
and /admin/me
routes, we will add functionality to conditionally return either HTML or JSON. Based on this new functionality, we will implement two new routes: /api/login
and /api/me
. These routes will only return JSON, and their endpoint handlers will be the same as those of the aforementioned routes respectively.
git clone -b v0.5.0 https://github.com/behai-nguyen/fastapi_learning.git
Continuing with our Python FastAPI learning series, this post explores the implementation of non-blocking logging using Python’s built-in QueueHandler and QueueListener classes.
git clone -b v0.6.0 https://github.com/behai-nguyen/fastapi_learning.git
In this installment of our Python FastAPI learning series, we explore the implementation of SSL/HTTPS for localhost
and also the enabling of Cross-Origin Resource Sharing, or CORS.
git clone -b v0.7.0 https://github.com/behai-nguyen/fastapi_learning.git
Continuing with our Python FastAPI learning series, in this installment, we enable database support for MySQL, PostgreSQL, and MariaDB. We will not add any new functionality; instead, the existing authentication process will check user information from a proper database instead of mock hard-coded data. We will also add a business logic layer responsible for data validation, enforcing business rules, etc.
git clone -b v0.8.0 https://github.com/behai-nguyen/fastapi_learning.git
In the fourth post of our Python FastAPI learning series, we introduced a bug in the authentication process. In this post, we describe the bug and discuss how to fix it.
git clone -b v0.9.0 https://github.com/behai-nguyen/fastapi_learning.git
Continuing with our Python FastAPI learning series, we will implement proper JSON Web Token (JWT) authentication as discussed in the official tutorial, with a few minor tweaks of our own.
git clone -b v0.10.0 https://github.com/behai-nguyen/fastapi_learning.git
In this part of our Python FastAPI learning series, we implement OAuth2 scopes. Our implementation is based on the advanced official tutorial on OAuth2 scopes, with some variations of our own.
git clone -b v0.11.0 https://github.com/behai-nguyen/fastapi_learning.git
In the previous post, we implemented OAuth2 scopes for endpoint handler methods. This post extends that implementation to include UI elements — components that send HTTP requests to the server application.
git clone -b v0.12.0 https://github.com/behai-nguyen/fastapi_learning.git
Continuing with the FastAPI OAuth2 scopes topic, in this installment of our Python FastAPI learning series, we will implement seven (7) new routes that perform CRUD operations on the employees
table. These new routes require scopes that we have implemented but have not used so far: user:write
, admin:read
, and admin:write
. Please recall that we proposed this implementation in the last post.
git clone -b v0.13.0 https://github.com/behai-nguyen/fastapi_learning.git
In the last post of this Python FastAPI learning series, we concluded with a list of to-do items. In this post, we will address these issues. Additionally, we are performing some code cleanup and improvements.
Route | Method | Scopes | Response | |
---|---|---|---|---|
1 | /auth/token (/api/login) | POST | None | JSON, HTML |
2 | /auth/login (/) | GET | None | HTML |
3 | /admin/me (/api/me) | GET | user:read | JSON, HTML |
4 | /auth/home | GET | None | HTML |
5 | / (/auth/login) | GET | None | HTML |
6 | /auth/logout | POST | None | HTML |
7 | /api/me (/admin/me) | GET | user:read | JSON, HTML |
8 | /api/login (/auth/token) | POST | None | JSON, HTML |
9 | /emp/search | GET | admin:read | HTML |
10 | /emp/search/{partial-last-name}/{partial-first-name} | GET, POST | admin:read | HTML, JSON |
11 | /emp/admin-get-update/{emp_no} | GET | admin:read | HTML, JSON |
12 | /emp/own-get-update/{emp_no} | GET | user:read | HTML, JSON |
13 | /emp/admin-save | POST | admin:write | JSON |
14 | /emp/user-save | POST | user:write | JSON |
15 | /emp/new | GET | admin:write | HTML |
MIT license and the GPL license.