# FastAPI bearer class for Cloudflare Access (Argo Tunnel)
A FastAPI middleware for authenticating requests from Cloudflare Access (formerly Argo Tunnel) using JWT tokens.
## Why?
When using Cloudflare Access to protect your FastAPI application, you need to validate the JWT tokens that Cloudflare Access sends with each request. This package provides a simple way to validate these tokens and protect your FastAPI routes.
## Installation
```sh
pip install fastapi-cloudflare-access-jwt
```
## Usage
1. Set up your environment variables:
```sh
export CF_ACCESS_CERTS_URL="https://your-team-name.cloudflareaccess.com/cdn-cgi/access/certs"
export CF_ACCESS_POLICY_AUD="your-application-audience-tag"
```
2. Use in your FastAPI application:
```python
from fastapi import FastAPI, Depends
from cloudflare_access_jwt import enforce_cf_access
app = FastAPI(dependencies=[Depends(enforce_cf_access)])
@app.get("/protected")
async def protected_route():
return {"message": "This route is protected by Cloudflare Access"}
# Or protect specific routes:
@app.get("/also-protected")
async def another_protected_route(cf_claims=Depends(enforce_cf_access)):
return {"message": "This route is also protected", "user": cf_claims}
```
You can also initialize the middleware with parameters instead of environment variables:
```python
from cloudflare_access_jwt import CloudflareAccessJWT
custom_enforcer = CloudflareAccessJWT(
certs_url="https://your-team-name.cloudflareaccess.com/cdn-cgi/access/certs",
policy_aud="your-application-audience-tag"
)
app = FastAPI(dependencies=[Depends(custom_enforcer)])
```
## Development
1. Clone the repository and install dependencies:
```sh
git clone https://github.com/aluxian/fastapi-cloudflare-access-jwt.git
cd fastapi-cloudflare-access-jwt
uv venv
source .venv/bin/activate
uv sync
```
2. Run linting checks:
```sh
uv run ruff check .
```
3. Run tests:
```sh
uv run pytest
```
4. Start Aider:
```sh
uvx --python 3.12 --from 'aider-chat[playwright]' --with 'aider-chat[help]' aider
```
Raw data
{
"_id": null,
"home_page": null,
"name": "fastapi-cloudflare-access-jwt",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.12",
"maintainer_email": null,
"keywords": "authentication, cloudflare, fastapi, jwt, middleware",
"author": null,
"author_email": "Alexandru Rosianu <me@aluxian.com>",
"download_url": "https://files.pythonhosted.org/packages/71/8a/141de0b89c25ec27a59d5c2c14397eb7326a974638bbced547ed6f971006/fastapi_cloudflare_access_jwt-0.1.1.tar.gz",
"platform": null,
"description": "# FastAPI bearer class for Cloudflare Access (Argo Tunnel)\n\nA FastAPI middleware for authenticating requests from Cloudflare Access (formerly Argo Tunnel) using JWT tokens.\n\n## Why?\n\nWhen using Cloudflare Access to protect your FastAPI application, you need to validate the JWT tokens that Cloudflare Access sends with each request. This package provides a simple way to validate these tokens and protect your FastAPI routes.\n\n## Installation\n\n```sh\npip install fastapi-cloudflare-access-jwt\n```\n\n## Usage\n\n1. Set up your environment variables:\n\n```sh\nexport CF_ACCESS_CERTS_URL=\"https://your-team-name.cloudflareaccess.com/cdn-cgi/access/certs\"\nexport CF_ACCESS_POLICY_AUD=\"your-application-audience-tag\"\n```\n\n2. Use in your FastAPI application:\n\n```python\nfrom fastapi import FastAPI, Depends\nfrom cloudflare_access_jwt import enforce_cf_access\n\napp = FastAPI(dependencies=[Depends(enforce_cf_access)])\n\n@app.get(\"/protected\")\nasync def protected_route():\n return {\"message\": \"This route is protected by Cloudflare Access\"}\n\n# Or protect specific routes:\n@app.get(\"/also-protected\")\nasync def another_protected_route(cf_claims=Depends(enforce_cf_access)):\n return {\"message\": \"This route is also protected\", \"user\": cf_claims}\n```\n\nYou can also initialize the middleware with parameters instead of environment variables:\n\n```python\nfrom cloudflare_access_jwt import CloudflareAccessJWT\n\ncustom_enforcer = CloudflareAccessJWT(\n certs_url=\"https://your-team-name.cloudflareaccess.com/cdn-cgi/access/certs\",\n policy_aud=\"your-application-audience-tag\"\n)\n\napp = FastAPI(dependencies=[Depends(custom_enforcer)])\n```\n\n## Development\n\n1. Clone the repository and install dependencies:\n\n```sh\ngit clone https://github.com/aluxian/fastapi-cloudflare-access-jwt.git\ncd fastapi-cloudflare-access-jwt\nuv venv\nsource .venv/bin/activate\nuv sync\n```\n\n2. Run linting checks:\n\n```sh\nuv run ruff check .\n```\n\n3. Run tests:\n\n```sh\nuv run pytest\n```\n\n4. Start Aider:\n\n```sh\nuvx --python 3.12 --from 'aider-chat[playwright]' --with 'aider-chat[help]' aider\n```\n",
"bugtrack_url": null,
"license": null,
"summary": "FastAPI middleware for Cloudflare Access JWT authentication",
"version": "0.1.1",
"project_urls": {
"Changelog": "https://github.com/aluxian/fastapi-cloudflare-access-jwt/releases",
"Homepage": "https://github.com/aluxian/fastapi-cloudflare-access-jwt",
"Issues": "https://github.com/aluxian/fastapi-cloudflare-access-jwt/issues",
"Repository": "https://github.com/aluxian/fastapi-cloudflare-access-jwt.git"
},
"split_keywords": [
"authentication",
" cloudflare",
" fastapi",
" jwt",
" middleware"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "6e817315ea32a2a44e01b8e188aa8b6977354a543d45c5cb50f3d8165ba1a95e",
"md5": "9fb7a26b42b8f3e15f8583a9851d9097",
"sha256": "5d3f1311dda0384a00da2899e450fd5901e2fe2f74eba4e503d8f1203855e757"
},
"downloads": -1,
"filename": "fastapi_cloudflare_access_jwt-0.1.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "9fb7a26b42b8f3e15f8583a9851d9097",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.12",
"size": 5299,
"upload_time": "2024-12-22T17:32:09",
"upload_time_iso_8601": "2024-12-22T17:32:09.960964Z",
"url": "https://files.pythonhosted.org/packages/6e/81/7315ea32a2a44e01b8e188aa8b6977354a543d45c5cb50f3d8165ba1a95e/fastapi_cloudflare_access_jwt-0.1.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "718a141de0b89c25ec27a59d5c2c14397eb7326a974638bbced547ed6f971006",
"md5": "28507eb51a43c4d130df1d52ca11cc69",
"sha256": "fb5d441ede28d5dea562b942269ceed914134af2824ad6beddb3f2e05ad54f46"
},
"downloads": -1,
"filename": "fastapi_cloudflare_access_jwt-0.1.1.tar.gz",
"has_sig": false,
"md5_digest": "28507eb51a43c4d130df1d52ca11cc69",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.12",
"size": 38658,
"upload_time": "2024-12-22T17:32:12",
"upload_time_iso_8601": "2024-12-22T17:32:12.525767Z",
"url": "https://files.pythonhosted.org/packages/71/8a/141de0b89c25ec27a59d5c2c14397eb7326a974638bbced547ed6f971006/fastapi_cloudflare_access_jwt-0.1.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-12-22 17:32:12",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "aluxian",
"github_project": "fastapi-cloudflare-access-jwt",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "fastapi-cloudflare-access-jwt"
}
JSON
