An api to work with the database and return info to the frontend
FastAPI Docs / Url »
Code DocsUrl »
Table of Contents
This is an api that was gonna be used for school. This api never ended up getting used because we weren't able to get the inventory list :( But i learnt alot making it so yea it's fine.
OAuth2:
This api uses a simplified version of OAuth2. You use a username and password to get an access_token which you will use for your requests.
On every request sent to the api, The api will check the request body to check if it has the "Authorization" header
If you don't have the header it will return that you are unauthorized. If you do it will check the value of the header. This is where the token is supposed to be.
Tokens are encrypted text which contain information about the user. The token will be decrypted with the same secret key that was used to encrypt it and the user info will be extracted from it.
Then the api will lastly find a user with that info and if it finds a user then you will be authenticated ad can use the endpoint.
So how do you get a token?
-
First of all you must have access to the API, you can't currently make an account and since this project is archived I won't be adding more account either
-
Next you must make a POST request to the token endpoint. In the request data you attach your Username and Password.
Example in Python:
import requests
url = "https://osc-api.fusionsid.repl.co/token"
data = {
"username" : "Your Username",
"password" : "Your Password"
}
response = requests.post(url, data=data).json()
token = response["access_token"]Yay now you have a token, Now for all future requests put that token in the "Authorization" header, If you loose the token just make another request to the token endpoint
Users:
Users are creates and stored in a local sqlite database.
The User class has 3 attributes: username, hashed_password and disabled
User passwords are stored hashed and encrypted using the pbkdf2_hmac and sha256 algorithms which is impossible to reverse. Basicaly it encrypts the password+salt and then encrypts it again and again and again - How many times? definitely more that 150,000 iterations.
The password is never actualy stored. It is encrypted using a process that will always return the same result so when you enter a password it will encrypt that and check if that result is the same as the encrypted one that is stored in the db.
Currently theres no way to create an account apart from using the function which only i can do.
Database is hosted somewhere and uses postgresql. I use asyncpg to send SQL commands to the database.
-
Create testing API
-
Make sure Dhruv is able to make requests properly
-
Make the oauth2 system
-
Create the users endpoints
-
Create database functions
-
Make db endpoints
-
Reformat code
-
Documentation for code
Contributions are what make the open source community such an amazing place. Any contributions you make are greatly appreciated.
Distributed under the MIT License. See LICENSE for more information.
Siddhesh Zantye - School Email