一、JWT简介
随着Web应用程序的发展,用户身份验证和授权成为了一个至关重要的部分。使用JWT(JSON Web Token)令牌可以方便地实现身份验证和授权功能。 FastAPI是一个基于Python的现代Web框架,它提供了简单易用的功能来处理身份验证和授权。本文将介绍如何在fastapi中使用jwt令牌进行身份验证和授权。
二、使用
1、安装依赖库
pip install pyjwt
pip install passlib
pip install bcrypt
2、增加实体Model
from pydantic import BaseModel
class User(BaseModel):
username: str
password: str
3、路由控制器代码
import logging
from fastapi import APIRouter, Path, Query
from modules.user.enties.user import User
logger = logging.getLogger(__name__)
user_api = APIRouter()
from fastapi import FastAPI, HTTPException
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from passlib.context import CryptContext
from datetime import datetime, timedelta
import jwt
pwd_context = CryptContext(schemes=["bcrypt"])
security = HTTPBearer()
# 模拟数据库中的用户
users_db = {
"admin": {
"username": "admin",
"password": pwd_context.hash("123456")
}
}
secret_key = 'thisisasecretkey'
def generate_token(username: str) -> str:
expiration = datetime.utcnow() + timedelta(minutes=30)
payload = {"username": username, "exp": expiration}
return jwt.encode(payload, secret_key, algorithm="HS256")
@user_api.post("/login")
def login(user: User):
if user.username not in users_db:
raise HTTPException(status_code=401, detail="Invalid username")
stored_user = users_db[user.username]
if not pwd_context.verify(user.password, stored_user["password"]):
raise HTTPException(status_code=401, detail="Invalid password")
token = generate_token(user.username)
return {"access_token": token}
@user_api.get("/users/me")
def get_user_profile(credentials: HTTPAuthorizationCredentials = security):
token = credentials.credentials
try:
payload = jwt.decode(token, secret_key, algorithms=["HS256"])
username = payload["username"]
if username not in users_db:
raise HTTPException(status_code=401, detail="Invalid username")
return {"username": username}
except jwt.DecodeError:
raise HTTPException(status_code=401, detail="Invalid token")