Python FastAPI ABAC Realization.
Requirements:
redis- for cache supportdatabases- for database support
Install:
pip install dauthAfter installing import main functions by
from dauth import authLibrary represents function
def Policy(
subject_call: Callable,
resource_type: Any,
method: str,
check_callback: Callable,
database: Optional[Database] = None,
cache: Optional[Redis] = None
)subject_callback- Is function that library put in FastAPIDepends. Usually function returns user which tries to work withresourceresource_type- Isstrwhich on which User tries to get accessmethod- Is API method by which working endpointcheck_callback- Is function that realize Policy's check. Function take arguments:check_callback(subject, resource_type, item_id, method, db, cache)
-
subjectis result ofDepends(subject_callback)
-
resource_typeis argument ofPolicy()
-
item_id(by default '*') is providing by FastAPI decorator@app.get(/test/{item_id})
-
methodis argument ofPolicy()
-
dbis database connection
-
cacheis redis connection
database- Is a database connecioncache- Is a Redis connection
Simple usage
from fastapi import FastAPI, Depends
from dauth import auth
app = FastAPI()
def is_admin(subject, resource_type, item_id, method, db, cache):
if 'admin' not in subject.scopes:
raise auth.DENY
@app.get("/test")
# function get_user_auth returns User's object
def test(
user = Depends(auth.Policy(
get_user_auth,
'test',
'get',
is_admin
))
):
return {"message":"Good"}
@app.get("/test_with_db")
# function get_database returns Databases connection
def test_db(
user = Depends(auth.Policy(
get_user_auth,
'test',
'get',
is_admin,
database=Depends(get_database)
))
):
return {"message":"Good"}
@app.get("/test_with_cache")
# function get_cache returns Redis connection
def test_cache(
user = Depends(auth.Policy(
get_user_auth,
'test',
'get',
is_admin,
cache=Depends(get_cache)
))
):
return {"message":"Good"}Developed by DenVilk