This is an API made using FastAPI. This api has the following features:
Create authorization token
Return a received passed payload.
Return a list of Breweries.
'pip install -r requirements.txt'
We need to know who is a valid user of the API or not, the modules authorization and authentication takes charge of this verification, hence we need to set up a database to consult the user's credentials when necessary
Run the script_create_api_users, and a sql_app.db file will be created on the root folder, the database content will be something like:
id | hashed_password | is_active | |
---|---|---|---|
1 | fake_email0@gmail.com | $2b$12$jhCVlgWbi.IutE6sGCdEruFcbN1rWSRRbIB251Y6D8itUncinWLzG | 1 |
2 | fake_email1@gmail.com | $2b$12$3BEm9YskktFgvOUCLwT2..yQ0E6MD.16jfO9ZxBti.UrWNgRdXrEy | 1 |
3 | fake_email2@gmail.com | $2b$12$KigUNoxtKS2.uq7RIU09J..AlBYoktvnVoQXTmGPDEDigL7qAz1kG | 1 |
4 | fake_email3@gmail.com | $2b$12$6LllFe7cqcxVVZafHLnB2uWytC8es8mS.TNaav1901RYp0oI7j/Lu | 1 |
The security module is responsible for encoding, and decoding the JWT. To perform these tasks, it needs a secret key, algorithm, and a token lifetime, all are sensitive information, in order to store these variables, it uses pydantic settings and .env files.
The config file defines a class AuthorizationSettings, which when instantiated it searches in the file .env for the environment variables.
/security/config.py:
class AuthorizationSettings(BaseSettings):
secret_key: str
algorithm: str
lifetime: int = 60
class Config:
env_file = ".env"
env_file_encoding = "utf-8"
Create a file .env with the following content: a key, a hash algorithm and the desirable token lifetime.
/.env:
SECRET_KEY="4677b25090805fd888f642f9df5691ce7d9deef2e8a8af150ebdf765286fa87e"
ALGORITHM="HS256"
LIFETIME_MINUTES=30
As example, you can use the following command to generate the SECRET_KEY:
> openssl rand -hex 32
To start the BoralAPI:
> uvicorn main:app --reload
The Swagger UI for the applications will be available on:
http://127.0.0.1:8000/docs
On the Swagger UI click on the green button Authorize on the upper right side of the page, type one of the credentials used in the Setting Users Database step:
username: fake_email0@gmail.com
password: pass0
Client credentials location: Authorization Header
client_id:
client_secret:
, then click on the Authorize button. It will automatically request an authorization token and insert it in every request made by the Swagger UI.
Open the Swagger UI for the Boreal API, there is the following functions:
GET - Root
POST - Request Token
POST - Pass User
GET - Get Breweries
Will just return a message if the server if running
Will return a new JWT for the API user. You must pass an username, and password the request the token, to test purposes use:
username - fake_email0@gmail.com
password - pass0
Receives a payload and return the same payload, a token must be passed.
Sends a GET request to the BreweriesAPI, and read the list of breweries and return their names. A token must be passed.