https://github.com/bigbuildbench/mrtolkien_fastapi_simple_security
https://github.com/bigbuildbench/mrtolkien_fastapi_simple_security
Science Score: 13.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
○CITATION.cff file
-
✓codemeta.json file
Found codemeta.json file -
○.zenodo.json file
-
○DOI references
-
○Academic publication links
-
○Academic email domains
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (15.5%) to scientific vocabulary
Repository
Basic Info
- Host: GitHub
- Owner: BigBuildBench
- License: mit
- Language: Python
- Default Branch: master
- Size: 216 KB
Statistics
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
- Releases: 0
Metadata Files
README.md
FastAPI simple security
API key based security package for FastAPI, focused on simplicity of use:
- Full functionality out of the box, no configuration required
- API key security with local
sqlitebackend, working with both header and query parameters - Default 15 days deprecation for generated API keys
- Key creation, revocation, renewing, and usage logs handled through administrator endpoints
- No dependencies, only requiring
FastAPIand the python standard library
This module cannot be used for any kind of distributed deployment. It's goal is to help have some basic security features for simple one-server API deployments, mostly during development.
Installation
pip install fastapi_simple_security
Usage
Creating an application
```python from fastapisimplesecurity import apikeyrouter, apikeysecurity from fastapi import Depends, FastAPI
app = FastAPI()
app.includerouter(apikeyrouter, prefix="/auth", tags=["auth"])
@app.get("/secure", dependencies=[Depends(apikeysecurity)]) async def secure_endpoint(): return {"message": "This is a secure endpoint"} ```
Resulting app is:

API key creation through docs
Start your API and check the logs for the automatically generated secret key if you did not provide one through environment variables.

Go to /docs on your API and inform this secret key in the Authorize/Secret header box.
All the administrator endpoints only support header security to make sure the secret key is not inadvertently
shared when sharing an URL.

Then, you can use /auth/new to generate a new API key.

And finally, you can use this API key to access the secure endpoint.

API key creation in python
You can of course automate API key acquisition through python with requests and directly querying the endpoints.
If you do so, you can hide the endpoints from your API documentation with the environment variable
FASTAPI_SIMPLE_SECURITY_HIDE_DOCS.
Configuration
Environment variables:
FASTAPI_SIMPLE_SECURITY_SECRET: Secret administrator key- Generated automatically on server startup if not provided
- Allows generation of new API keys, revoking of existing ones, and API key usage view
- It being compromised compromises the security of the API
FASTAPI_SIMPLE_SECURITY_HIDE_DOCS: Whether or not to hide the API key related endpoints from the documentationFASTAPI_SIMPLE_SECURITY_DB_LOCATION: Location of the local sqlite database filesqlite.dbin the running directory by default- When running the app inside Docker, use a bind mount for persistence
FAST_API_SIMPLE_SECURITY_AUTOMATIC_EXPIRATION: Duration, in days, until an API key is deemed expired- 15 days by default
Contributing
Setting up python environment
shell script
poetry install
poetry shell
Setting up pre-commit hooks
shell script
pre-commit install
Running tests
shell script
pytest
Running the dev environment
The attached docker image runs a test app on localhost:8080 with secret key TEST_SECRET. Run it with:
shell script
docker-compose build && docker-compose up
Needed contributions
- More options with sensible defaults
- Logging per API key?
- More back-end options for API key storage?
Owner
- Name: BigBuildBench
- Login: BigBuildBench
- Kind: organization
- Repositories: 1
- Profile: https://github.com/BigBuildBench
abbr. B3, benchmarking the repo-level understanding capability of your LLMs by reconstructing project build-file.
GitHub Events
Total
- Create event: 1
Last Year
- Create event: 1
Dependencies
- abatilo/actions-poetry v2.2.0 composite
- actions/checkout v3 composite
- actions/setup-python v4 composite
- actions/checkout v3 composite
- actions/setup-python v4 composite
- psf/black stable composite
- google-github-actions/release-please-action v3 composite
- tiangolo/uvicorn-gunicorn-fastapi latest build
- fastapi_simple_security latest
- black ^22.3.0 develop
- coverage ^6.5.0 develop
- httpx ^0.24.1 develop
- pytest ^7.0.0 develop
- requests ^2.26.0 develop
- ruff ^0.0.275 develop
- python >=3.7.2,<4