Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ericmiguel/missil

Simple FastAPI declarative endpoint-level access control.
https://github.com/ericmiguel/missil

api fastapi fastapi-extension fastapi-framework framework python web

Last synced: 14 days ago
JSON representation

Simple FastAPI declarative endpoint-level access control.

Host: GitHub
URL: https://github.com/ericmiguel/missil
Owner: ericmiguel
License: mit
Created: 2023-11-14T13:34:58.000Z (12 months ago)
Default Branch: main
Last Pushed: 2024-05-05T14:20:23.000Z (6 months ago)
Last Synced: 2024-10-01T06:25:40.895Z (about 1 month ago)
Topics: api, fastapi, fastapi-extension, fastapi-framework, framework, python, web
Language: Python
Homepage: https://ericmiguel.github.io/missil/
Size: 741 KB
Stars: 98
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        


  





    Simple FastAPI declarative endpoint-level access control, somewhat inspired by Pyramid.





    [DOCS]

    [SOURCE]







    





    





```python

@app.get("/", dependencies=[rules["finances"].READ])

def read_root():

    return {"Hello": "World"}

```

## Installation

```bash

pip install missil

```

## Why use Missil?

For most applications the use of [scopes]("https://fastapi.tiangolo.com/advanced/security/oauth2-scopes/?h=oauth2") to determine the rights of a user is sufficient enough. Nonetheless, scopes are tied to the state of the user, while 'missil' also take the state of the requested resource into account.

Let's take an scientific paper as an example: depending on the state of the submission process (like "draft", "submitted", "peer review" or "published") different users should have different permissions on viewing and editing. This could be acomplished with custom code in the path definition functions, but Missil offers a very legible and to-the-point to define these constraints.

## Quick usage

```python

import missil

from fastapi import FastAPI

from fastapi import Response

app = FastAPI()

TOKEN_KEY = "Authorization"

SECRET_KEY = "2ef9451be5d149ceaf5be306b5aa03b41a0331218926e12329c5eeba60ed5cf0"

bearer = missil.FlexibleTokenBearer(TOKEN_KEY, SECRET_KEY)

rules = missil.make_rules(bearer, "finances", "it", "other")

@app.get("/", dependencies=[rules["finances"].READ])

def read_root():

    return {"Hello": "World"}

@app.get("/set-cookies")

def set_cookies(response: Response) -> None:

    """Just for example purposes."""

    sample_user_privileges = {

        "finances": missil.READ,

        "it": missil.WRITE,

    }

    token_expiration_in_hours = 8

    token = missil.encode_jwt_token(claims, SECRET_KEY, token_expiration_in_hours)

    response.set_cookie(

        key=TOKEN_KEY,

        value=f"Bearer {token}",

        httponly=True,

        max_age=1800,

        expires=1800,

    )

```

## Disclaimer

Scopes did not meet my needs and other permission systems were too complex, so

I designed this code for me and my team needs, but feel free to use it if you like.

## License

This project is licensed under the terms of the MIT license.