Skip to main content

An authorization middleware for FastAPI that supports ACL, RBAC, ABAC, based on PyCasbin

Project description

fastapi-casbin-auth

Build Status Coverage Status Version PyPI - Wheel Pyversions Download Discord

fastapi-casbin-auth is an authorization middleware for FastAPI, it's based on PyCasbin.

Installation

Install from pip

pip install fastapi-casbin-auth

Clone this repo

git clone https://github.com/officialpycasbin/fastapi-casbin-auth.git
python setup.py install

Quickstart

This middleware is designed to work with another middleware which implement AuthenticationMiddleware interface.

import base64
import binascii

import casbin

from fastapi import FastAPI
from starlette.authentication import AuthenticationBackend, AuthenticationError, SimpleUser, AuthCredentials
from starlette.middleware.authentication import AuthenticationMiddleware

from fastapi_casbin_auth import CasbinMiddleware

app = FastAPI()


class BasicAuth(AuthenticationBackend):
    async def authenticate(self, request):
        if "Authorization" not in request.headers:
            return None

        auth = request.headers["Authorization"]
        try:
            scheme, credentials = auth.split()
            decoded = base64.b64decode(credentials).decode("ascii")
        except (ValueError, UnicodeDecodeError, binascii.Error):
            raise AuthenticationError("Invalid basic auth credentials")

        username, _, password = decoded.partition(":")
        return AuthCredentials(["authenticated"]), SimpleUser(username)


enforcer = casbin.Enforcer('../examples/rbac_model.conf', '../examples/rbac_policy.csv')

app.add_middleware(CasbinMiddleware, enforcer=enforcer)
app.add_middleware(AuthenticationMiddleware, backend=BasicAuth())


@app.get('/')
async def index():
    return "If you see this, you have been authenticated."


@app.get('/dataset1/protected')
async def auth_test():
    return "You must be alice to see this."
  • anonymous request
curl -i http://127.0.0.1:8000/dataset1/protected
HTTP/1.1 403 Forbidden
date: Mon, 01 Mar 2021 09:00:08 GMT
server: uvicorn
content-length: 11
content-type: application/json

"Forbidden"
  • authenticated request
curl -i -u alice:password http://127.0.0.1:8000/dataset1/protected
HTTP/1.1 200 OK
date: Mon, 01 Mar 2021 09:04:54 GMT
server: uvicorn
content-length: 32
content-type: application/json

"You must be alice to see this."

It used the casbin config from examples folder, and you can find this demo in demo folder.

You can also view the unit tests to understand this middleware.

Besides, there is another example for CasbinMiddleware which is designed to work with JWT authentication. You can find it in demo/jwt_test.py.

Development

Run unit tests

  1. Fork/Clone repository
  2. Install fastapi-casbin-auth dependencies, and run pytest
pip install -r dev_requirements.txt
pip install -r requirements.txt
pytest

Update requirements with pip-tools

# update requirements.txt
pip-compile --no-annotate --no-header --rebuild requirements.in
# sync venv
pip-sync

Manually Bump Version

bumpversion major  # major release
or
bumpversion minor  # minor release
or
bumpversion patch  # hotfix release

Documentation

The authorization determines a request based on {subject, object, action}, which means what subject can perform what action on what object. In this plugin, the meanings are:

  1. subject: the logged-in user name
  2. object: the URL path for the web resource like dataset1/item1
  3. action: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like "read-file", " write-blog" (currently no official support in this middleware)

For how to write authorization policy and other details, please refer to the Casbin's documentation.

Getting Help

License

This project is under Apache 2.0 License. See the LICENSE file for the full license text.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fastapi_casbin_auth-1.0.0.tar.gz (9.4 kB view details)

Uploaded Source

Built Distribution

fastapi_casbin_auth-1.0.0-py3-none-any.whl (11.0 kB view details)

Uploaded Python 3

File details

Details for the file fastapi_casbin_auth-1.0.0.tar.gz.

File metadata

  • Download URL: fastapi_casbin_auth-1.0.0.tar.gz
  • Upload date:
  • Size: 9.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.12.7

File hashes

Hashes for fastapi_casbin_auth-1.0.0.tar.gz
Algorithm Hash digest
SHA256 d5af56559b38af5c0d4916eef289b7bb43cd3b58f1be220641057b010a87a4f6
MD5 8966fdb3c5fe89949a780af79ddb5bcd
BLAKE2b-256 27dc231c89d63933efef394c116496dc9a2dfc06c4afad2018d07e7a752a210e

See more details on using hashes here.

File details

Details for the file fastapi_casbin_auth-1.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for fastapi_casbin_auth-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 f8c917fb210b4473b2672bc1bbce9d0fdb8b92ab522a5e3b217b58a2acb059f4
MD5 737f039a233ac20ec9a20fad0e6ed48f
BLAKE2b-256 266fed8983cfacaff21ee5b00bb4b4956e94173f4f34b5d43996a08548cb5f3d

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page