在为整个应用程序添加 API 密钥后,如何将 FastAPI 中的 api 路径列入白名单?
How to whitelist an api path in FastAPI after adding API key for entire app?
我创建了一个应用如下:
X_API_KEY = APIKeyHeader(name='X-API-Key')
def validate_api_key(x_api_key: str = Depends(X_API_KEY)):
if x_api_key == ENV_API_KEY:
return True
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid API Key",
)
app = FastAPI(
title="My boring app",
version=APP_VERSION,
dependencies=[Security(validate_api_key)],
root_path="/api/v1"
)
@app.get("/secretdata")
def secretdata() -> dict:
return 'data'
@app.get("/")
def is_alive() -> dict:
return True
如何将安全路径(api 密钥)列入白名单?
实现此目的的一种方法是将您的应用程序拆分为多个路由器,如 bigger applications in the FastAPI documentation 的示例所示。
这是一个适合您情况的示例:
# add import
from fastapi import APIRouter
X_API_KEY = APIKeyHeader(name='X-API-Key')
def validate_api_key(x_api_key: str = Depends(X_API_KEY)):
if x_api_key == ENV_API_KEY:
return True
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid API Key",
)
app = FastAPI(
title="My boring app",
version=APP_VERSION,
# removed global dependency
root_path="/api/v1"
)
# generate new routers
protected_router = APIRouter()
unprotected_router = APIRouter()
# use respective router
@protected_router.get("/secretdata")
def secretdata() -> dict:
return 'data'
@unprotected_router.get("/")
def is_alive() -> dict:
return True
# include the routers in the application, and add dependencies where needed
app.include_router(protected_router, dependencies=[Security(validate_api_key)]
# note: no dependency for this one
app.include_router(unprotected_router)
为了更清晰一些,您通常会将这些路由器拆分成单独的文件,如前面提到的文档中所示!
我创建了一个应用如下:
X_API_KEY = APIKeyHeader(name='X-API-Key')
def validate_api_key(x_api_key: str = Depends(X_API_KEY)):
if x_api_key == ENV_API_KEY:
return True
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid API Key",
)
app = FastAPI(
title="My boring app",
version=APP_VERSION,
dependencies=[Security(validate_api_key)],
root_path="/api/v1"
)
@app.get("/secretdata")
def secretdata() -> dict:
return 'data'
@app.get("/")
def is_alive() -> dict:
return True
如何将安全路径(api 密钥)列入白名单?
实现此目的的一种方法是将您的应用程序拆分为多个路由器,如 bigger applications in the FastAPI documentation 的示例所示。
这是一个适合您情况的示例:
# add import
from fastapi import APIRouter
X_API_KEY = APIKeyHeader(name='X-API-Key')
def validate_api_key(x_api_key: str = Depends(X_API_KEY)):
if x_api_key == ENV_API_KEY:
return True
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid API Key",
)
app = FastAPI(
title="My boring app",
version=APP_VERSION,
# removed global dependency
root_path="/api/v1"
)
# generate new routers
protected_router = APIRouter()
unprotected_router = APIRouter()
# use respective router
@protected_router.get("/secretdata")
def secretdata() -> dict:
return 'data'
@unprotected_router.get("/")
def is_alive() -> dict:
return True
# include the routers in the application, and add dependencies where needed
app.include_router(protected_router, dependencies=[Security(validate_api_key)]
# note: no dependency for this one
app.include_router(unprotected_router)
为了更清晰一些,您通常会将这些路由器拆分成单独的文件,如前面提到的文档中所示!