| Name | fastapi-authorization-gateway JSON |
| Version |
0.0.4
JSON |
| download |
| home_page | None |
| Summary | A route-based authorization framework for FastAPI |
| upload_time | 2024-08-22 09:19:48 |
| maintainer | None |
| docs_url | None |
| author | None |
| requires_python | >=3.8 |
| license | MIT License Copyright (c) 2023 Development Seed Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
| keywords |
authorization
fastapi
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# FastAPI Authorization Gateway
[](https://github.com/developmentseed/fastapi-authorization-gateway/actions/workflows/test.yaml)
[](https://pypi.org/project/fastapi-authorization-gateway/)
This library enables route-level authorization for FastAPI apps. It is particularly useful in cases where you need to limit access to routes that you do not directly control. For example, if you make use of a library which sets up a range of routes on your behalf (it was designed with [stac-fastapi](https://github.com/stac-utils/stac-fastapi) in mind), you can use this library to restrict access to any of those routes using authorization policies. These policies can be evaluated against a combination of route paths, methods, path parameters and query parameters. It also provides a mechanism for mutating requests before passing them on to downstream endpoints, for cases where you need to pre-emptively filter a request.
## Setup
Install via pip
```bash
python -m pip install fastapi-authorization-gateway
# or from source
python -m pip install git+https://github.com/developmentseed/fastapi-authorization-gateway.git`
```
## Usage
If you are just starting out and want an end-to-end explanation of how this library works and how to integrate it into your app, please check out the [Tutorial](./docs/tutorial.md).
If you are looking for a recipe to solve a specific issue, please check out the [How To](./docs/howto.md).
## Quickstart
If you don't want the full tutorial and just want to plug this right into your app with minimal explanation, you can use the code snippet below.
```python
from fastapi import Depends, Request
from typing import Annotated, Optional
from fastapi_authorization_gateway.auth import build_authorization_dependency
from fastapi_authorization_gateway.types import Policy, RoutePermission
async def get_user(request: Request):
"""
Replace this with a function to retrieve a real user
(from a token, for example).
"""
return {
"username": "test"
}
async def policy_generator(request: Request, user: Annotated[dict, Depends(get_user)]) -> Policy:
"""
Define your policies here based on the requesting user or, really,
whatever you like. This function will be injected as a dependency
into the authorization dependency and must return a Policy.
"""
# We will generate some policies that cover all routes for the app,
# so we need to enumerate them here.
all_routes: list[APIRoute] = request.app.routes
# A permission matching write access to all routes, with no constraints
# on path or query parameters
all_write = RoutePermission(
paths=[route.path_format for route in all_routes],
methods=["POST", "PUT", "PATCH", "DELETE"],
)
# a permission matching read access to all routes, with no constraints
# on path or query parameters
all_read = RoutePermission(
paths=[route.path_format for route in all_routes], methods=["GET"]
)
# read only policy allows read requests on all routes and denies write requests
# falling back to denying a request if it matches none of the permissions
read_only_policy = Policy(allow=[all_read], deny=[all_write], default_deny=True)
# a more permissive policy granting write and read access on all routes, falling back
# to approving a request if it matches none of the permissions
authorized_policy = Policy(allow=[all_write, all_read], default_deny=False)
if not user:
# anonymous requests get read only permissions
return read_only_policy
else:
# authenticated requests get full permissions
return authorized_policy
# build the authorization dependency
authorization = build_authorization_dependency(
policy_generator=policy_generator,
)
app = FastAPI(dependencies=[Depends(authorization)])
@app.get("/test")
def get_test(request: Request):
return {"status": "ok"}
@app.post("/test")
def post_test(request: Request):
print("Should not be able to reach this endpoint with read-only policy")
return {"status": "ok"}
```
Raw data
{
"_id": null,
"home_page": null,
"name": "fastapi-authorization-gateway",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": "Authorization, FastAPI",
"author": null,
"author_email": "Edward Keeble <ed@developmentseed.org>, Anthony Lukach <anthony@developmentseed.org>, Vincent Sarago <vincent@developmentseed.org>",
"download_url": "https://files.pythonhosted.org/packages/77/ae/276abc21bec5e6fe39c7c36714511d38fb9e28dbb4ddfaa405a26fe8effb/fastapi_authorization_gateway-0.0.4.tar.gz",
"platform": null,
"description": "# FastAPI Authorization Gateway\n\n[](https://github.com/developmentseed/fastapi-authorization-gateway/actions/workflows/test.yaml)\n[](https://pypi.org/project/fastapi-authorization-gateway/)\n\nThis library enables route-level authorization for FastAPI apps. It is particularly useful in cases where you need to limit access to routes that you do not directly control. For example, if you make use of a library which sets up a range of routes on your behalf (it was designed with [stac-fastapi](https://github.com/stac-utils/stac-fastapi) in mind), you can use this library to restrict access to any of those routes using authorization policies. These policies can be evaluated against a combination of route paths, methods, path parameters and query parameters. It also provides a mechanism for mutating requests before passing them on to downstream endpoints, for cases where you need to pre-emptively filter a request.\n\n## Setup\n\nInstall via pip\n\n```bash\npython -m pip install fastapi-authorization-gateway\n\n# or from source\npython -m pip install git+https://github.com/developmentseed/fastapi-authorization-gateway.git`\n```\n\n## Usage\n\nIf you are just starting out and want an end-to-end explanation of how this library works and how to integrate it into your app, please check out the [Tutorial](./docs/tutorial.md).\n\nIf you are looking for a recipe to solve a specific issue, please check out the [How To](./docs/howto.md).\n\n\n## Quickstart\n\nIf you don't want the full tutorial and just want to plug this right into your app with minimal explanation, you can use the code snippet below.\n\n```python\nfrom fastapi import Depends, Request\nfrom typing import Annotated, Optional\nfrom fastapi_authorization_gateway.auth import build_authorization_dependency\nfrom fastapi_authorization_gateway.types import Policy, RoutePermission\n\n\nasync def get_user(request: Request):\n \"\"\"\n Replace this with a function to retrieve a real user\n (from a token, for example).\n \"\"\"\n return {\n \"username\": \"test\"\n }\n\n\nasync def policy_generator(request: Request, user: Annotated[dict, Depends(get_user)]) -> Policy:\n \"\"\"\n Define your policies here based on the requesting user or, really,\n whatever you like. This function will be injected as a dependency\n into the authorization dependency and must return a Policy.\n \"\"\"\n\n # We will generate some policies that cover all routes for the app,\n # so we need to enumerate them here.\n all_routes: list[APIRoute] = request.app.routes\n\n # A permission matching write access to all routes, with no constraints\n # on path or query parameters\n all_write = RoutePermission(\n paths=[route.path_format for route in all_routes],\n methods=[\"POST\", \"PUT\", \"PATCH\", \"DELETE\"],\n )\n\n # a permission matching read access to all routes, with no constraints\n # on path or query parameters\n all_read = RoutePermission(\n paths=[route.path_format for route in all_routes], methods=[\"GET\"]\n )\n\n # read only policy allows read requests on all routes and denies write requests\n # falling back to denying a request if it matches none of the permissions\n read_only_policy = Policy(allow=[all_read], deny=[all_write], default_deny=True)\n\n # a more permissive policy granting write and read access on all routes, falling back\n # to approving a request if it matches none of the permissions\n authorized_policy = Policy(allow=[all_write, all_read], default_deny=False)\n\n if not user:\n # anonymous requests get read only permissions\n return read_only_policy\n else:\n # authenticated requests get full permissions\n return authorized_policy\n\n\n# build the authorization dependency\nauthorization = build_authorization_dependency(\n policy_generator=policy_generator,\n)\n\n\napp = FastAPI(dependencies=[Depends(authorization)])\n\n\n@app.get(\"/test\")\ndef get_test(request: Request):\n return {\"status\": \"ok\"}\n\n\n@app.post(\"/test\")\ndef post_test(request: Request):\n print(\"Should not be able to reach this endpoint with read-only policy\")\n return {\"status\": \"ok\"}\n```\n",
"bugtrack_url": null,
"license": "MIT License Copyright (c) 2023 Development Seed Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.",
"summary": "A route-based authorization framework for FastAPI",
"version": "0.0.4",
"project_urls": {
"Homepage": "https://github.com/developmentseed/fastapi-authorization-gateway",
"Source": "https://github.com/developmentseed/fastapi-authorization-gateway"
},
"split_keywords": [
"authorization",
" fastapi"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "676bce6aa714d01185bdffdb6b3dd93923ea47f8cdeccf983cd18be951abb398",
"md5": "64cd42693db2bf3aecada24dcf9b21fe",
"sha256": "93ca35edf87a367a555cf378775252ea09f3a271bcb00f1d5185050de11ee28a"
},
"downloads": -1,
"filename": "fastapi_authorization_gateway-0.0.4-py3-none-any.whl",
"has_sig": false,
"md5_digest": "64cd42693db2bf3aecada24dcf9b21fe",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 10922,
"upload_time": "2024-08-22T09:19:47",
"upload_time_iso_8601": "2024-08-22T09:19:47.254084Z",
"url": "https://files.pythonhosted.org/packages/67/6b/ce6aa714d01185bdffdb6b3dd93923ea47f8cdeccf983cd18be951abb398/fastapi_authorization_gateway-0.0.4-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "77ae276abc21bec5e6fe39c7c36714511d38fb9e28dbb4ddfaa405a26fe8effb",
"md5": "e1c8a2740e69d688016b8e74505e6f74",
"sha256": "089feda199cfe91a2c0de22febfe3e40ec5e0ecf588c11ff71d840969b58b831"
},
"downloads": -1,
"filename": "fastapi_authorization_gateway-0.0.4.tar.gz",
"has_sig": false,
"md5_digest": "e1c8a2740e69d688016b8e74505e6f74",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 9188,
"upload_time": "2024-08-22T09:19:48",
"upload_time_iso_8601": "2024-08-22T09:19:48.484263Z",
"url": "https://files.pythonhosted.org/packages/77/ae/276abc21bec5e6fe39c7c36714511d38fb9e28dbb4ddfaa405a26fe8effb/fastapi_authorization_gateway-0.0.4.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-08-22 09:19:48",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "developmentseed",
"github_project": "fastapi-authorization-gateway",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "fastapi-authorization-gateway"
}
