# **1. Write a FastAPi example to demonstrate async.**

Here's a simple FastAPI example that demonstrates the use of asynchronous functions (`async def`) to handle non-blocking I/O operations, such as simulating a database call or external API request. This example will illustrate how async can improve performance, especially when handling multiple simultaneous requests.

---

### **FastAPI Example with Async:**

```python
from fastapi import FastAPI
import asyncio  # For simulating I/O-bound operations

app = FastAPI()

# Simulate a database call or long-running I/O operation
async def simulate_db_call(delay: int):
    await asyncio.sleep(delay)  # Non-blocking sleep to simulate delay
    return {"message": f"Data retrieved after {delay} second(s)"}

# Asynchronous endpoint
@app.get("/async-operation/")
async def async_operation():
    result = await simulate_db_call(3)  # Simulate a 3-second delay
    return result

# Another endpoint to show FastAPI can handle other requests concurrently
@app.get("/quick-response/")
async def quick_response():
    return {"message": "This endpoint responds quickly!"}
```

---

### **Explanation:**

1. **Import FastAPI and asyncio:**  
   `asyncio` is used to simulate an asynchronous, non-blocking operation like a database call or API request.

2. **Create an Async Function:**  
   The `simulate_db_call` function simulates a long-running I/O operation using `await asyncio.sleep(delay)`.

3. **Define an Async Route:**  
   The `/async-operation/` endpoint calls the `simulate_db_call` function, which introduces a 3-second delay without blocking the server.

4. **Concurrent Endpoint:**  
   The `/quick-response/` endpoint demonstrates that other requests can be processed while the async operation is still ongoing.

---

### **Running the Example:**

1. Save the code to a file, e.g., `main.py`.
2. Run the FastAPI app using `uvicorn`:
   ```bash
   uvicorn main:app --reload
   ```

3. Open your browser and test the endpoints:
   - Visit `http://127.0.0.1:8000/async-operation/`: You’ll see a 3-second delay before getting the response.
   - Visit `http://127.0.0.1:8000/quick-response/`: This endpoint responds immediately, even if the previous request is still being processed.

---

### **Key Benefits of Using Async:**
- **Non-blocking:** The server can handle other requests while waiting for I/O operations to complete.
- **Improved Performance:** Efficient for applications dealing with many simultaneous connections, such as web APIs or chat systems.
- **Scalability:** Better resource utilization, especially for I/O-bound operations like database queries or network requests.

This demonstrates how FastAPI leverages Python's async capabilities to create efficient and scalable applications! 🚀

# **2. Write a FastApi example to demonstrate String Validations.**

Here's a FastAPI example demonstrating **string validations** using query parameters and Pydantic models. We'll use various validation tools such as length constraints, regex patterns, and optional parameters.

---

### **FastAPI Example with String Validations:**

```python
from fastapi import FastAPI, Query
from pydantic import BaseModel, Field, constr

app = FastAPI()

# Query Parameter String Validation
@app.get("/validate-query/")
async def validate_query(
    username: str = Query(..., min_length=3, max_length=15, regex="^[a-zA-Z0-9_]+$")
):
    return {"message": f"Hello, {username}!"}

# Request Body with String Validation
class User(BaseModel):
    name: constr(min_length=2, max_length=50)  # Constrained string
    email: str = Field(..., regex=r"^[\w\.-]+@[\w\.-]+\.\w+$")  # Email validation with regex
    password: str = Field(..., min_length=8, max_length=20)

@app.post("/validate-body/")
async def validate_body(user: User):
    return {"message": f"User {user.name} registered successfully!"}
```

---

### **Explanation:**

#### **1. Query Parameter Validation:**
```python
@app.get("/validate-query/")
async def validate_query(
    username: str = Query(..., min_length=3, max_length=15, regex="^[a-zA-Z0-9_]+$")
):
```
- **`Query(...)`:** Defines a required query parameter.
- **`min_length` and `max_length`:** Ensure the username has between 3 and 15 characters.
- **`regex`:** Only allows alphanumeric characters and underscores (`^[a-zA-Z0-9_]+$`).

**Test Example:**  
- Valid: `http://127.0.0.1:8000/validate-query/?username=Devanshu123`
- Invalid: `http://127.0.0.1:8000/validate-query/?username=ab` (Too short)

---

#### **2. Request Body Validation Using Pydantic Model:**
```python
class User(BaseModel):
    name: constr(min_length=2, max_length=50)
    email: str = Field(..., regex=r"^[\w\.-]+@[\w\.-]+\.\w+$")
    password: str = Field(..., min_length=8, max_length=20)
```
- **`constr`:** Constrained string type for `name`.
- **Regex for `email`:** Ensures a proper email format.
- **`Field(..., min_length, max_length)`:** Validates the password's length.

**Example Request Body:**  
```json
{
  "name": "Devanshu",
  "email": "devanshu@example.com",
  "password": "StrongPass123"
}
```

---

### **Running the Example:**
1. Save the code to a file, e.g., `main.py`.
2. Run the FastAPI app using `uvicorn`:
   ```bash
   uvicorn main:app --reload
   ```

3. **Testing Endpoints:**
   - **Query Parameter Validation:**  
     Visit: `http://127.0.0.1:8000/validate-query/?username=Devanshu123`
   - **Request Body Validation:**  
     Use a tool like **Postman** or **Swagger UI** (`http://127.0.0.1:8000/docs`) to send a POST request to `/validate-body/` with the JSON data.

---

### **Benefits of String Validations:**
- **Data Integrity:** Ensures consistent and valid input.
- **Security:** Reduces risks from malformed or malicious inputs.
- **Clear Error Messages:** FastAPI provides detailed validation error responses automatically.

This example shows how to enforce and document string constraints effectively in FastAPI! 🚀

# **3. Write a FastApi example to demonstrate deeply nested models.**

Here's a FastAPI example demonstrating **deeply nested models** using Pydantic. This example simulates a data structure for an online store where each order contains nested details about items, users, and addresses.

---

### **FastAPI Example with Deeply Nested Models:**

```python
from fastapi import FastAPI
from pydantic import BaseModel, Field
from typing import List

app = FastAPI()

# Address model
class Address(BaseModel):
    street: str
    city: str
    postal_code: str = Field(..., regex=r"^\d{5}$")  # Simple postal code validation (5 digits)

# User model
class User(BaseModel):
    username: str
    email: str
    address: Address  # Nested Address model

# Item model
class Item(BaseModel):
    name: str
    description: str
    price: float
    quantity: int

# Order model with nested User and Item models
class Order(BaseModel):
    order_id: int
    user: User          # Nested User model
    items: List[Item]   # List of nested Item models
    total_amount: float = Field(..., gt=0)  # Total must be greater than 0

@app.post("/orders/")
async def create_order(order: Order):
    return {
        "message": "Order created successfully!",
        "order_details": order.dict()
    }
```

---

### **Explanation:**

1. **Deeply Nested Models:**  
   Each model (`Address`, `User`, `Item`, and `Order`) contains fields that may include other models as types.

2. **Nested in Request Body:**  
   The `Order` model nests the `User` model, which in turn nests the `Address` model. The `Order` also contains a list of `Item` objects.

3. **Validation:**  
   - **Postal Code Validation:** Uses a regex to enforce a 5-digit postal code.
   - **Total Amount Constraint:** Ensures the total order amount is positive.

---

### **Example Request Body:**

To test this, you can send the following JSON in a POST request to `/orders/`:

```json
{
  "order_id": 101,
  "user": {
    "username": "devanshu",
    "email": "devanshu@example.com",
    "address": {
      "street": "123 Main St",
      "city": "New Delhi",
      "postal_code": "11001"
    }
  },
  "items": [
    {
      "name": "Laptop",
      "description": "High-end gaming laptop",
      "price": 1500.0,
      "quantity": 1
    },
    {
      "name": "Wireless Mouse",
      "description": "Ergonomic mouse",
      "price": 25.0,
      "quantity": 2
    }
  ],
  "total_amount": 1550.0
}
```

---

### **Running the Example:**
1. Save the code to a file, e.g., `main.py`.
2. Run the FastAPI app using `uvicorn`:
   ```bash
   uvicorn main:app --reload
   ```

3. **Test the Endpoint:**  
   Use a tool like **Postman** or **Swagger UI** (`http://127.0.0.1:8000/docs`) to send a POST request to `/orders/` with the JSON data above.

---

### **Benefits of Using Deeply Nested Models:**
- **Structured Data:** Allows complex real-world data structures to be modeled accurately.
- **Automatic Validation:** FastAPI checks all nested fields, ensuring data integrity.
- **Clear Documentation:** Nested models are automatically documented in the Swagger UI, showing the full data structure clearly.

This example demonstrates how to create and handle deeply nested data structures in FastAPI using Pydantic models! 🚀

# **4. Write a FastApi example to retrieve form data.**

In FastAPI, you can retrieve form data from POST requests using `Form` to extract data from `application/x-www-form-urlencoded` or `multipart/form-data` requests. Below is a FastAPI example demonstrating how to handle and retrieve form data:

---

### **FastAPI Example to Retrieve Form Data:**

```python
from fastapi import FastAPI, Form
from fastapi.responses import HTMLResponse

app = FastAPI()

# Endpoint to display the form
@app.get("/", response_class=HTMLResponse)
async def get_form():
    html_content = """
    <html>
        <body>
            <h2>FastAPI Form Example</h2>
            <form action="/submit/" method="post">
                <label for="username">Username:</label><br>
                <input type="text" id="username" name="username" required><br><br>
                <label for="password">Password:</label><br>
                <input type="password" id="password" name="password" required><br><br>
                <input type="submit" value="Submit">
            </form>
        </body>
    </html>
    """
    return html_content

# Endpoint to handle form submission
@app.post("/submit/")
async def handle_form_submission(username: str = Form(...), password: str = Form(...)):
    # Process the form data (e.g., validation, storing in DB)
    return {"username": username, "password": password}
```

---

### **Explanation:**

1. **Display Form:**
   - The `get_form` endpoint serves a simple HTML form where the user can enter their username and password.
   - The form sends a `POST` request to the `/submit/` endpoint with the form data.

2. **Retrieve Form Data:**
   - The `handle_form_submission` endpoint uses `Form(...)` to retrieve the `username` and `password` fields from the form data.
   - The `Form` function is used to declare the form fields, and `...` indicates that these fields are required.

---

### **Running the Example:**

1. Save the code to a file, e.g., `main.py`.
2. Run the FastAPI app using `uvicorn`:
   ```bash
   uvicorn main:app --reload
   ```

3. **Test the Form:**
   - Open your browser and navigate to `http://127.0.0.1:8000/`.
   - Fill out the form with a username and password, then click "Submit."
   - The form data will be displayed in the response in JSON format.

---

### **Benefits of Using Form Data in FastAPI:**
- **Ease of Use:** FastAPI makes it simple to handle form data and integrate it with your API logic.
- **Validation:** You can add type hints and validation to form data just like with query parameters or request bodies.
- **Interactivity:** Forms can be used to collect user input in a simple way, which is ideal for applications that need direct user interaction.

This example shows how to retrieve form data from an HTML form in FastAPI! 🚀

# **5. Write a FastApi example to define files to be uploaded by the client-side.**

In FastAPI, you can define endpoints that handle file uploads using the `File` dependency. This allows you to receive files from the client-side (e.g., images, documents) and process them accordingly. Below is a FastAPI example that demonstrates how to define and handle file uploads.

---

### **FastAPI Example to Define File Uploads:**

```python
from fastapi import FastAPI, File, UploadFile
from fastapi.responses import HTMLResponse
import shutil

app = FastAPI()

# Endpoint to display the file upload form
@app.get("/", response_class=HTMLResponse)
async def get_form():
    html_content = """
    <html>
        <body>
            <h2>FastAPI File Upload Example</h2>
            <form action="/upload/" method="post" enctype="multipart/form-data">
                <label for="file">Choose a file to upload:</label><br>
                <input type="file" id="file" name="file" required><br><br>
                <input type="submit" value="Upload">
            </form>
        </body>
    </html>
    """
    return html_content

# Endpoint to handle file upload
@app.post("/upload/")
async def upload_file(file: UploadFile = File(...)):
    # Save the uploaded file to a directory
    file_location = f"./uploaded_files/{file.filename}"
    with open(file_location, "wb") as buffer:
        shutil.copyfileobj(file.file, buffer)
    
    return {"filename": file.filename, "file_location": file_location}
```

---

### **Explanation:**

1. **Display the File Upload Form:**
   - The `get_form` endpoint serves an HTML form with a file input field, which allows the user to choose a file to upload.
   - The form sends a `POST` request with the file to the `/upload/` endpoint using `multipart/form-data`.

2. **Handling the File Upload:**
   - The `upload_file` endpoint receives the file using the `File(...)` dependency and the `UploadFile` class. `UploadFile` provides efficient handling for large files by not loading them entirely into memory.
   - The file is saved to the `uploaded_files` directory using the `shutil.copyfileobj()` function.

---

### **Running the Example:**

1. Save the code to a file, e.g., `main.py`.
2. Run the FastAPI app using `uvicorn`:
   ```bash
   uvicorn main:app --reload
   ```

3. **Test the File Upload:**
   - Open your browser and navigate to `http://127.0.0.1:8000/`.
   - Choose a file to upload, and click "Upload."
   - The file will be saved in the `uploaded_files` directory, and the response will include the filename and location.

---

### **Directory Structure:**

Ensure that you have the `uploaded_files` directory created before uploading files. If it doesn't exist, create it manually or handle it in your code like so:

```python
import os

# Ensure the uploaded_files directory exists
os.makedirs("./uploaded_files", exist_ok=True)
```

---

### **File Handling with FastAPI:**

- **UploadFile:**  
  FastAPI's `UploadFile` is a special class designed for handling file uploads. It provides an efficient interface for reading files, allowing you to process large files without loading them into memory all at once.

- **Saving Files:**  
  In the example, we use `shutil.copyfileobj()` to copy the file from the incoming request to the file system.

---

### **Benefits of File Upload Handling in FastAPI:**
- **Efficient File Handling:** FastAPI’s `UploadFile` handles file uploads asynchronously, reducing memory usage.
- **Easy Integration:** Integrates easily into applications needing file uploads, such as image or document management systems.
- **Simple API:** FastAPI automatically parses the incoming file as part of the form-data and provides it to your endpoint as an easily usable object.

This example demonstrates how to upload and save files on the server using FastAPI! 🚀

# **6. Create a web app: calculator using FastAPI**

Here's a simple example of how to create a web-based calculator using FastAPI, allowing users to perform basic arithmetic operations like addition, subtraction, multiplication, and division. We'll use FastAPI for the backend logic and serve an HTML form to interact with the user.

---

### **FastAPI Web App: Simple Calculator**

```python
from fastapi import FastAPI, Form
from fastapi.responses import HTMLResponse
from fastapi.staticfiles import StaticFiles

app = FastAPI()

# Serve static files (like CSS or JavaScript) if needed (for future enhancement)
app.mount("/static", StaticFiles(directory="static"), name="static")

# Endpoint to display the calculator form
@app.get("/", response_class=HTMLResponse)
async def get_calculator_form():
    html_content = """
    <html>
        <head>
            <title>Simple Calculator</title>
        </head>
        <body>
            <h2>FastAPI Calculator</h2>
            <form action="/calculate/" method="post">
                <label for="num1">First Number:</label><br>
                <input type="number" id="num1" name="num1" required><br><br>
                
                <label for="num2">Second Number:</label><br>
                <input type="number" id="num2" name="num2" required><br><br>
                
                <label for="operation">Select Operation:</label><br>
                <select id="operation" name="operation" required>
                    <option value="add">Addition (+)</option>
                    <option value="subtract">Subtraction (-)</option>
                    <option value="multiply">Multiplication (*)</option>
                    <option value="divide">Division (/)</option>
                </select><br><br>
                
                <input type="submit" value="Calculate">
            </form>
        </body>
    </html>
    """
    return html_content

# Endpoint to handle form submission and perform the calculation
@app.post("/calculate/")
async def calculate(num1: float = Form(...), num2: float = Form(...), operation: str = Form(...)):
    result = None
    if operation == "add":
        result = num1 + num2
    elif operation == "subtract":
        result = num1 - num2
    elif operation == "multiply":
        result = num1 * num2
    elif operation == "divide":
        if num2 == 0:
            return {"error": "Division by zero is not allowed!"}
        result = num1 / num2
    
    return {"result": result}

```

---

### **Explanation:**

1. **HTML Form:**
   - The `get_calculator_form` endpoint returns an HTML form where the user can input two numbers and select an operation (Addition, Subtraction, Multiplication, or Division).
   - The form sends the input data to the `/calculate/` endpoint via a `POST` request.

2. **Calculation Logic:**
   - The `calculate` endpoint processes the form data, performs the corresponding arithmetic operation, and returns the result.
   - If division is selected and the second number is `0`, it returns an error message (`Division by zero is not allowed!`).

---

### **Running the Example:**

1. Save the code to a file, e.g., `main.py`.
2. Run the FastAPI app using `uvicorn`:
   ```bash
   uvicorn main:app --reload
   ```

3. Open your browser and navigate to `http://127.0.0.1:8000/` to view the calculator form.

---

### **Testing the Calculator:**

- **Add Numbers:** Enter `5` for the first number and `3` for the second, then select "Addition" from the dropdown. The result will be displayed on the response page.
- **Subtraction, Multiplication, and Division:** Try the other operations similarly.
- **Error Handling:** If you try to divide by zero, it will return an error message.

---

### **Enhancements:**

- **Styling:** You can add CSS in the `/static` directory to make the calculator look better.
- **JavaScript (Optional):** To add client-side validation or dynamic calculations, you could add JavaScript.
  
---

This FastAPI app demonstrates how to build a simple web-based calculator! 🚀

# **7. Create a timer app using FastAPI**

Creating a **Timer App** using FastAPI involves setting up a basic web application that allows users to set a timer and get notifications when the time is up. Below is a simple implementation of such an app that provides functionality to start a timer and display the remaining time.

---

### **FastAPI Timer App Example:**

```python
from fastapi import FastAPI, Form
from fastapi.responses import HTMLResponse
from datetime import datetime, timedelta
import threading
import time

app = FastAPI()

# A global dictionary to store active timers (for simplicity)
timers = {}

# Helper function to start a timer in the background
def start_timer(timer_id: str, duration: int):
    start_time = datetime.now()
    end_time = start_time + timedelta(seconds=duration)
    
    # Run a background thread to wait until the timer finishes
    while datetime.now() < end_time:
        time.sleep(1)  # Sleep for a second
        remaining_time = end_time - datetime.now()
        timers[timer_id]["remaining_time"] = remaining_time.total_seconds()
    
    # When the timer finishes
    timers[timer_id]["status"] = "Time's up!"
    timers[timer_id]["remaining_time"] = 0

@app.get("/", response_class=HTMLResponse)
async def get_timer_form():
    html_content = """
    <html>
        <head>
            <title>FastAPI Timer App</title>
        </head>
        <body>
            <h2>Timer App</h2>
            <form action="/start_timer/" method="post">
                <label for="duration">Timer Duration (seconds):</label><br>
                <input type="number" id="duration" name="duration" required><br><br>
                <input type="submit" value="Start Timer">
            </form>
        </body>
    </html>
    """
    return html_content

@app.post("/start_timer/")
async def start_timer_handler(duration: int = Form(...)):
    # Generate a unique timer ID
    timer_id = str(len(timers) + 1)
    timers[timer_id] = {"status": "Timer is running", "remaining_time": duration}
    
    # Start the timer in a background thread
    threading.Thread(target=start_timer, args=(timer_id, duration), daemon=True).start()

    return {"message": "Timer started!", "timer_id": timer_id}

@app.get("/timer_status/{timer_id}")
async def get_timer_status(timer_id: str):
    # Return the current status of the timer
    if timer_id not in timers:
        return {"error": "Timer not found"}
    
    return timers[timer_id]

```

---

### **Explanation:**

1. **Global Timer Storage:**
   - The `timers` dictionary stores active timers by their `timer_id`. Each timer has a `status` and a `remaining_time`.

2. **Timer Background Task:**
   - The `start_timer` function runs in a background thread, simulating the countdown. It checks the time remaining every second.
   - When the timer finishes, it updates the timer's status and sets the `remaining_time` to 0.

3. **Form to Set Timer:**
   - The `get_timer_form` endpoint serves an HTML form where the user can enter the duration for the timer (in seconds). Upon submitting, the form sends a POST request to start the timer.

4. **Start Timer:**
   - The `start_timer_handler` endpoint starts a new timer, adds it to the `timers` dictionary, and spawns a background thread to handle the countdown.

5. **Timer Status:**
   - The `get_timer_status` endpoint retrieves the current status of a timer by its `timer_id`. It returns the status (e.g., "Timer is running", "Time's up!") and the remaining time (in seconds).

---

### **Running the Example:**

1. Save the code to a file, e.g., `main.py`.
2. Run the FastAPI app using `uvicorn`:
   ```bash
   uvicorn main:app --reload
   ```

3. Open your browser and navigate to `http://127.0.0.1:8000/` to view the timer form.

---

### **Testing the Timer App:**

1. **Start Timer:**
   - Enter a duration (e.g., 10 seconds) and click "Start Timer."
   - The timer will start in the background, and you will receive a response with a `timer_id`.

2. **Check Timer Status:**
   - You can check the status of the timer by navigating to `http://127.0.0.1:8000/timer_status/{timer_id}` (replace `{timer_id}` with the actual ID returned when the timer was started).
   - While the timer is running, it will show the remaining time in seconds. When the timer finishes, it will display `"status": "Time's up!"`.

---

### **Example Timer Flow:**

1. Start a 10-second timer.
2. After a few seconds, check the timer status (e.g., at `/timer_status/1`).
3. When the timer finishes, it will show `{"status": "Time's up!", "remaining_time": 0}`.

---

### **Enhancements for the Timer App:**

- **WebSocket Integration:** You could use WebSockets to push updates about the timer to the client in real-time.
- **User Interface (UI):** Add JavaScript to refresh the timer status periodically or handle the user interface in a more interactive way.
- **Multiple Timers:** Allow the user to set and manage multiple timers simultaneously with different durations.

This is a simple FastAPI-based timer app! 🚀

# **8. Create a movie scrapper using FastAPI.**

To create a **Movie Scraper** using FastAPI, we can use `BeautifulSoup` and `requests` libraries to scrape movie data from a website like IMDB or any other source. Then, FastAPI will serve an endpoint to display the scraped movie information.

Here’s a step-by-step guide to creating a movie scraper that scrapes movie details like name, rating, and year of release.

### **FastAPI Movie Scraper Example**

1. **Install Dependencies:**
   You will need to install the following Python packages:
   ```bash
   pip install fastapi uvicorn beautifulsoup4 requests
   ```

2. **Create the Movie Scraper App:**

```python
import requests
from bs4 import BeautifulSoup
from fastapi import FastAPI
from fastapi.responses import JSONResponse

app = FastAPI()

# Function to scrape movie details from IMDB
def scrape_movie(movie_url: str):
    try:
        # Send GET request to the movie URL
        response = requests.get(movie_url)
        soup = BeautifulSoup(response.content, 'html.parser')

        # Extract movie details
        title = soup.find('h1').get_text(strip=True)
        rating = soup.find('span', itemprop='ratingValue').get_text(strip=True)
        year = soup.find('span', id='titleYear').a.get_text(strip=True)
        description = soup.find('div', class_='summary_text').get_text(strip=True)

        # Return movie details as a dictionary
        return {
            "title": title,
            "rating": rating,
            "year": year,
            "description": description
        }
    
    except Exception as e:
        return {"error": str(e)}

# Movie scraping endpoint
@app.get("/scrape_movie/")
async def get_movie_info(movie_url: str):
    movie_details = scrape_movie(movie_url)
    return JSONResponse(content=movie_details)

```

---

### **Explanation of the Code:**

1. **scrape_movie Function:**
   - This function takes a URL (of a movie from IMDB or another movie website) and scrapes key information from the page, such as the title, rating, year, and description using `BeautifulSoup`.
   - The URL is fetched using the `requests` library, and the content is parsed with `BeautifulSoup`.
   - The `find` method is used to search for specific elements on the page, like the movie title, rating, and year.

2. **FastAPI Endpoint (`/scrape_movie/`):**
   - The FastAPI app defines a GET endpoint `/scrape_movie/` where users can pass a movie URL (`movie_url`) as a query parameter.
   - FastAPI calls the `scrape_movie` function and returns the scraped movie details as a JSON response.

---

### **Running the Example:**

1. Save the code to a file, e.g., `main.py`.
2. Run the FastAPI app using `uvicorn`:
   ```bash
   uvicorn main:app --reload
   ```

3. **Scrape Movie Data:**
   - Open your browser and go to `http://127.0.0.1:8000/docs` to see the auto-generated API documentation.
   - Use the `/scrape_movie/` endpoint with a `movie_url` parameter, like:
     - Example URL for scraping (IMDB): `https://www.imdb.com/title/tt4154796/` (Avengers: Endgame).
   
     So, the URL in your browser should look like this:
     ```
     http://127.0.0.1:8000/scrape_movie/?movie_url=https://www.imdb.com/title/tt4154796/
     ```

4. **Response Example:**
   When you visit the above URL, you will receive a JSON response with movie details:
   ```json
   {
       "title": "Avengers: Endgame",
       "rating": "8.4",
       "year": "2019",
       "description": "After the devastating events of Avengers: Infinity War (2018), the universe is in ruins. With the help of remaining allies, the Avengers assemble once more in order to reverse Thanos' actions and restore balance to the universe."
   }
   ```

---

### **Error Handling:**
- If the scraper encounters an error (e.g., invalid URL, missing data), it returns an error message like:
  ```json
  {
    "error": "Some error message here"
  }
  ```

---

### **Improvements/Enhancements:**
1. **Support Multiple Sources:**
   You can enhance the scraper by adding support for multiple movie websites (e.g., Rotten Tomatoes, TMDB) by creating separate scraping functions for each source.
   
2. **Caching Results:**
   To avoid scraping the same movie multiple times, you could implement caching using Redis or in-memory cache to store the scraped results.

3. **Add More Movie Information:**
   You could scrape additional data like actors, directors, genre, or box office details by extending the scraper.

4. **User Interface:**
   A frontend (HTML/JavaScript) could be added to make the scraper more user-friendly, allowing users to search for movies and view results interactively.

---

### **Conclusion:**
This FastAPI app demonstrates how to create a simple movie scraper. It leverages FastAPI to expose a RESTful API and BeautifulSoup to scrape movie data from websites. The scraped data is then served through FastAPI's JSON response. This setup can be enhanced with more features, such as supporting multiple movie sources or adding a frontend for user interaction.

# **9. Create an image scrapper using FastAPI.**

To create an **Image Scraper** using FastAPI, we'll use the `requests` and `BeautifulSoup` libraries to scrape images from a webpage. This example will scrape all image URLs from a webpage and return them as a list.

Here's how you can build an image scraper using FastAPI:

### **Install Dependencies:**

First, install the required libraries:
```bash
pip install fastapi uvicorn beautifulsoup4 requests
```

### **FastAPI Image Scraper Example:**

```python
import requests
from bs4 import BeautifulSoup
from fastapi import FastAPI
from fastapi.responses import JSONResponse

app = FastAPI()

# Function to scrape images from a webpage
def scrape_images(url: str):
    try:
        # Send GET request to the URL
        response = requests.get(url)
        soup = BeautifulSoup(response.content, 'html.parser')

        # Find all <img> tags in the webpage
        img_tags = soup.find_all('img')

        # Extract image URLs (src attribute)
        img_urls = [img['src'] for img in img_tags if 'src' in img.attrs]

        return {"image_urls": img_urls}
    
    except Exception as e:
        return {"error": str(e)}

# Endpoint to get images from a webpage
@app.get("/scrape_images/")
async def get_images(url: str):
    image_data = scrape_images(url)
    return JSONResponse(content=image_data)

```

---

### **Explanation of the Code:**

1. **scrape_images Function:**
   - This function accepts a `url` and sends a GET request to fetch the webpage content.
   - It parses the content using `BeautifulSoup`.
   - The `find_all('img')` method is used to get all `<img>` tags on the page.
   - For each `<img>` tag, it extracts the `src` attribute, which contains the image URL.
   - The function returns a list of image URLs.

2. **FastAPI Endpoint (`/scrape_images/`):**
   - The FastAPI app defines a GET endpoint `/scrape_images/` where the user can provide a URL to scrape images.
   - FastAPI calls the `scrape_images` function and returns the list of image URLs in a JSON response.

---

### **Running the Example:**

1. Save the code to a file, e.g., `main.py`.
2. Run the FastAPI app using `uvicorn`:
   ```bash
   uvicorn main:app --reload
   ```

3. Open your browser and navigate to `http://127.0.0.1:8000/docs` to see the auto-generated API documentation.
4. To scrape images, visit the `/scrape_images/` endpoint with a `url` query parameter. For example:
   ```
   http://127.0.0.1:8000/scrape_images/?url=https://example.com
   ```

   Replace `https://example.com` with the URL of the webpage you want to scrape images from.

---

### **Example Response:**

If the URL is valid and contains images, the response will look like this:

```json
{
    "image_urls": [
        "https://example.com/image1.jpg",
        "https://example.com/image2.png",
        "https://example.com/image3.jpg"
    ]
}
```

If an error occurs (e.g., invalid URL), the response will contain an error message:

```json
{
    "error": "Some error message here"
}
```

---

### **Enhancements/Improvements:**

1. **Handle Relative URLs:**
   - Many websites provide image URLs as relative paths (e.g., `/images/photo.jpg`). You can convert these to absolute URLs by prepending the domain of the website to the relative path.

   Example modification:
   ```python
   from urllib.parse import urljoin

   # Convert relative URLs to absolute URLs
   img_urls = [urljoin(url, img['src']) for img in img_tags if 'src' in img.attrs]
   ```

2. **Scrape Images from Multiple Pages:**
   - You can extend the scraper to handle pagination and scrape images from multiple pages of a website by following links to the next pages.

3. **Download Images:**
   - You could extend the scraper to download the images directly to the server or allow users to download them via links.

4. **Store Image Data:**
   - You can save the image URLs to a database, or allow users to download a zip file containing all the images.

5. **Image Filtering:**
   - You can add filtering capabilities to only scrape images of certain types (e.g., only `.jpg` or `.png` images).

---

### **Conclusion:**

This FastAPI app demonstrates how to scrape image URLs from a given webpage using `BeautifulSoup`. The app exposes a simple API endpoint that accepts a URL and returns a list of image URLs found on the page. You can extend this app with various features like image downloading, pagination handling, and filtering images based on certain criteria.

# **10. Create a weather app using FastAPI.**

Creating a **Weather App** using FastAPI involves integrating an external weather API to fetch real-time weather data based on the user's location or city. For this example, we’ll use the **OpenWeatherMap** API, which provides weather data in a simple format. You can sign up on [OpenWeatherMap](https://openweathermap.org/) and get an API key for free.

### **Steps to Create a Weather App using FastAPI:**

1. **Install Dependencies:**
   You'll need the `requests` library to make HTTP requests to the OpenWeatherMap API and `FastAPI` to create the app.
   ```bash
   pip install fastapi uvicorn requests
   ```

2. **Create the FastAPI Weather App:**

```python
import requests
from fastapi import FastAPI, HTTPException
from fastapi.responses import JSONResponse

app = FastAPI()

# OpenWeatherMap API key and base URL
API_KEY = "YOUR_OPENWEATHERMAP_API_KEY"  # Replace with your actual API key
BASE_URL = "http://api.openweathermap.org/data/2.5/weather"

# Function to get weather data from OpenWeatherMap
def get_weather(city: str):
    params = {
        "q": city,
        "appid": API_KEY,
        "units": "metric"  # Get temperature in Celsius
    }
    response = requests.get(BASE_URL, params=params)

    if response.status_code != 200:
        raise HTTPException(status_code=response.status_code, detail="City not found or error in fetching data")

    return response.json()

# FastAPI endpoint to fetch weather data for a given city
@app.get("/weather/")
async def weather(city: str):
    weather_data = get_weather(city)

    # Extract relevant weather details from the API response
    main_weather = weather_data.get("weather", [{}])[0].get("description", "No description")
    temperature = weather_data.get("main", {}).get("temp", "No temperature data")
    humidity = weather_data.get("main", {}).get("humidity", "No humidity data")
    wind_speed = weather_data.get("wind", {}).get("speed", "No wind data")
    
    # Return a structured JSON response
    return JSONResponse(content={
        "city": city,
        "description": main_weather,
        "temperature": temperature,
        "humidity": humidity,
        "wind_speed": wind_speed
    })

```

---

### **Explanation of the Code:**

1. **OpenWeatherMap API Key:**
   - You need to replace `"YOUR_OPENWEATHERMAP_API_KEY"` with the actual API key you get from OpenWeatherMap.

2. **get_weather Function:**
   - This function takes a `city` as input and sends a request to the OpenWeatherMap API to get the weather data.
   - The `appid` parameter is your API key, and `units="metric"` ensures the temperature is in Celsius.
   - If the city is found, the data is returned as JSON. If the request fails (e.g., invalid city), it raises an HTTP exception.

3. **FastAPI Endpoint (`/weather/`):**
   - The `weather` endpoint accepts a query parameter `city` and calls the `get_weather` function.
   - The returned weather data is parsed to extract relevant details such as the weather description, temperature, humidity, and wind speed.
   - The weather information is then returned as a JSON response.

---

### **Running the Example:**

1. Save the code to a file, e.g., `main.py`.
2. Run the FastAPI app using `uvicorn`:
   ```bash
   uvicorn main:app --reload
   ```

3. Open your browser and go to `http://127.0.0.1:8000/docs` to see the automatically generated API documentation.

4. **Test the Weather API:**
   You can test the endpoint by entering a city name in the query parameter, like:
   ```
   http://127.0.0.1:8000/weather/?city=London
   ```

---

### **Example Response:**

For a valid city like `London`, the response will look like:

```json
{
    "city": "London",
    "description": "overcast clouds",
    "temperature": 15.5,
    "humidity": 81,
    "wind_speed": 3.09
}
```

If an invalid city is provided, you will get a response like this:

```json
{
    "detail": "City not found or error in fetching data"
}
```

---

### **Additional Features You Could Add:**

1. **Handle More Data:**
   - You can extend the `get_weather` function to include more detailed information like sunrise, sunset, or the weather icon.

2. **Multiple Units:**
   - You can allow users to choose between different units for temperature (e.g., Imperial for Fahrenheit, Metric for Celsius, or Kelvin).

3. **Forecast Endpoint:**
   - You can create another endpoint to provide a weather forecast for the next few days by using OpenWeatherMap’s `/forecast` endpoint.

4. **Caching Weather Data:**
   - To prevent hitting the API too frequently, you can cache the results in memory for a short period (e.g., 10 minutes) using a cache library or a database.

5. **Frontend:**
   - You can add a simple HTML frontend with JavaScript to allow users to input their city and display the weather information.

---

### **Conclusion:**

This FastAPI weather app demonstrates how to fetch real-time weather data from an external API (OpenWeatherMap) and serve it via FastAPI's RESTful API. The app can easily be extended to include more features like weather forecasts, support for multiple units, and more. You can integrate this backend with a simple frontend to make a fully functional weather web application.

# **11. What are APIRouter instances in FastAPI and how are they used to organize routes?**

In FastAPI, **`APIRouter`** instances are used to organize and structure your application by grouping related routes. This helps in keeping the code modular, maintainable, and easier to navigate, especially in larger applications.

### **What is `APIRouter`?**
`APIRouter` is a class in FastAPI that allows you to create independent route groups. You can define routes in separate files or modules, then include them in the main FastAPI application.

### **Benefits of Using `APIRouter`:**
1. **Modularity:** Helps break down large applications into smaller, manageable modules.
2. **Reusability:** Common functionality (e.g., authentication or CRUD operations) can be grouped and reused across projects.
3. **Maintainability:** Easier to update, debug, and scale code when routes are organized logically.
4. **Isolation:** Different routers can be assigned their own dependencies or tags.

---

### **How to Use `APIRouter`:**

#### **1. Define Routes in a Separate Module:**
Create a file called `items.py` to define routes related to "items."

```python
from fastapi import APIRouter

# Create an instance of APIRouter
router = APIRouter()

# Define routes using the router instance
@router.get("/items/")
async def read_items():
    return [{"item_id": "item1"}, {"item_id": "item2"}]

@router.get("/items/{item_id}")
async def read_item(item_id: str):
    return {"item_id": item_id}
```

#### **2. Include the Router in the Main Application:**
Create the main FastAPI application file, e.g., `main.py`:

```python
from fastapi import FastAPI
from items import router as items_router  # Import the router

app = FastAPI()

# Include the router
app.include_router(items_router)
```

---

### **Key Parameters of `include_router`:**

- **`prefix`:** Adds a common prefix to all the routes in the router.
- **`tags`:** Adds metadata tags to the routes for documentation.
- **`dependencies`:** Define dependencies common to all routes in the router.
- **`responses`:** Set default responses for all the routes in the router.

#### **Example with `prefix` and `tags`:**

```python
from fastapi import FastAPI, APIRouter

# Define the router
user_router = APIRouter()

@user_router.get("/users/")
async def get_users():
    return [{"username": "user1"}, {"username": "user2"}]

# Main FastAPI application
app = FastAPI()

# Include the router with a prefix and tags
app.include_router(user_router, prefix="/api/v1", tags=["users"])
```

In this example:
- All endpoints in `user_router` will now be accessible under `/api/v1/users/`.
- The tag `"users"` will appear in the Swagger documentation, grouping these routes together.

---

### **Organizing Complex Applications:**

In a larger application, you might have multiple routers for different functionalities (e.g., users, items, auth). Each router can be defined in its own file and included in the main app:

```
project/
│
├── main.py
├── routers/
│   ├── users.py
│   ├── items.py
│   └── auth.py
└── ...
```

**Example `main.py`:**
```python
from fastapi import FastAPI
from routers import users, items, auth

app = FastAPI()

# Include routers
app.include_router(users.router, prefix="/users", tags=["Users"])
app.include_router(items.router, prefix="/items", tags=["Items"])
app.include_router(auth.router, prefix="/auth", tags=["Auth"])
```

---

### **Conclusion:**

`APIRouter` in FastAPI provides a powerful way to organize routes into modular components. By grouping related routes and including them in the main application, you improve code structure, maintainability, and scalability. This approach is especially useful as your application grows, making it easier to manage and extend.

# **12 How can you define request parameters in FastAPI for handling HTTP GET requests?**

In FastAPI, you can define **request parameters** for handling **HTTP GET requests** using **query parameters** and **path parameters**. FastAPI automatically parses these parameters from the URL and validates them based on the type hints you provide.

---

### **Types of Request Parameters:**

1. **Path Parameters**
2. **Query Parameters**
3. **Optional and Default Values**

---

### **1. Path Parameters:**

Path parameters are part of the URL path and are used to identify a specific resource.

#### **Example:**
```python
from fastapi import FastAPI

app = FastAPI()

@app.get("/items/{item_id}")
async def read_item(item_id: int):
    return {"item_id": item_id}
```

**Explanation:**
- `{item_id}` is a path parameter. The value is extracted from the URL (e.g., `/items/42`).
- FastAPI ensures the `item_id` is of type `int`. If a non-integer value is provided, it returns a validation error.

---

### **2. Query Parameters:**

Query parameters are part of the URL after the `?` and are typically used to filter or modify the response.

#### **Example:**
```python
@app.get("/items/")
async def read_items(skip: int = 0, limit: int = 10):
    return {"skip": skip, "limit": limit}
```

**Explanation:**
- The endpoint `/items/` accepts query parameters `skip` and `limit`.
- Access it using a URL like `/items/?skip=5&limit=20`.
- Default values (`skip=0`, `limit=10`) are used if the parameters are not provided.

---

### **3. Optional Parameters and Default Values:**

You can make query parameters optional by providing a default value, typically `None`.

#### **Example:**
```python
from typing import Optional

@app.get("/users/")
async def read_user(name: Optional[str] = None, age: Optional[int] = None):
    return {"name": name, "age": age}
```

**Explanation:**
- Both `name` and `age` are optional. If not provided, their value will be `None`.
- Access it using `/users/?name=John` or `/users/?name=John&age=30`.

---

### **4. Combining Path and Query Parameters:**

You can use both path and query parameters in the same endpoint.

#### **Example:**
```python
@app.get("/books/{book_id}")
async def read_book(book_id: int, author: Optional[str] = None):
    return {"book_id": book_id, "author": author}
```

**Explanation:**
- `book_id` is a path parameter, while `author` is a query parameter.
- Access it using `/books/10?author=Orwell`.

---

### **5. Query Parameter Type Conversion and Validation:**

FastAPI automatically converts query parameters to the specified data types and performs validation.

#### **Example with Boolean and List Types:**
```python
from typing import List

@app.get("/products/")
async def get_products(on_sale: bool = False, tags: List[str] = []):
    return {"on_sale": on_sale, "tags": tags}
```

**Usage:**
- `/products/?on_sale=true&tags=electronics&tags=gaming`
- FastAPI will parse `on_sale` as a boolean and `tags` as a list.

---

### **Summary:**
- **Path parameters** are defined in the URL path (e.g., `/items/{item_id}`).
- **Query parameters** are appended to the URL (e.g., `/items/?skip=0&limit=10`).
- FastAPI validates parameters based on the type hints provided.
- You can combine different parameter types and provide default or optional values for flexibility.

This approach ensures clean, maintainable, and well-documented API endpoints.

# **13. In FastAPI, how can you handle request body data when creating POST or PUT endpoints?**

In FastAPI, handling **request body data** for **POST** or **PUT** endpoints is straightforward and relies on **Pydantic models** to parse and validate incoming data. FastAPI automatically extracts the body data and maps it to the specified data model or parameters.

---

### **Steps to Handle Request Body Data:**

1. **Define a Pydantic Model**
2. **Create an Endpoint with the Model**
3. **Access and Validate Data**

---

### **1. Define a Pydantic Model:**

Pydantic models define the structure and validation rules for the data. These models ensure that incoming request bodies adhere to expected formats.

#### **Example:**

```python
from pydantic import BaseModel

class Item(BaseModel):
    name: str
    description: str = None  # Optional field
    price: float
    tax: float = None
```

- **`BaseModel`** is the base class for creating Pydantic models.
- Fields include data types and can have default values (e.g., `None` for optional fields).

---

### **2. Create a POST Endpoint with the Model:**

You can declare the model as a parameter in the endpoint function. FastAPI will parse the incoming JSON body into an instance of the model.

```python
from fastapi import FastAPI
from pydantic import BaseModel

app = FastAPI()

class Item(BaseModel):
    name: str
    description: str = None
    price: float
    tax: float = None

@app.post("/items/")
async def create_item(item: Item):
    return {"item_name": item.name, "item_price": item.price, "tax": item.tax}
```

---

### **3. Send Data to the Endpoint:**

When a client sends a **POST** request with a JSON body, FastAPI:
- Parses the JSON payload.
- Validates the data against the Pydantic model.
- Provides the validated data as an `item` object in the function.

**Example Request Body:**
```json
{
  "name": "Book",
  "description": "A fantasy novel",
  "price": 29.99,
  "tax": 2.5
}
```

---

### **4. Accessing and Using Request Data:**

You can directly access the model's fields like any Python object.

```python
@app.post("/items/")
async def create_item(item: Item):
    total_price = item.price + (item.tax if item.tax else 0)
    return {
        "item_name": item.name,
        "description": item.description,
        "total_price": total_price
    }
```

---

### **Handling Nested Models:**

You can also use nested Pydantic models for more complex data structures.

```python
class Manufacturer(BaseModel):
    name: str
    country: str

class Item(BaseModel):
    name: str
    price: float
    manufacturer: Manufacturer

@app.post("/items/")
async def create_item(item: Item):
    return {
        "item": item.name,
        "manufacturer": item.manufacturer.name
    }
```

---

### **Validation and Error Handling:**

FastAPI automatically returns a 422 status code with detailed error messages if the incoming request body does not match the expected model.

**Example Error Response:**
```json
{
  "detail": [
    {
      "loc": ["body", "price"],
      "msg": "field required",
      "type": "value_error.missing"
    }
  ]
}
```

---

### **Additional Tips:**

- **Optional Fields:** Use `Optional` from the `typing` module to indicate fields that may not be required.
- **Default Values:** Fields with default values will be optional.
- **Field Validation:** You can add custom validation using Pydantic's `Field` or validators.

---

### **Summary:**
In FastAPI, request body data is handled using **Pydantic models**, ensuring data validation and type safety. This approach simplifies development, improves code readability, and enhances error handling.

# **14. Explain the role of Pydantic models in FastAPI's request and response handling.**

In FastAPI, **Pydantic models** play a crucial role in handling both request and response data. They provide a way to define the structure, types, and validation rules for the data exchanged between the client and the server. This ensures that the API endpoints process data consistently and reliably, improving code quality and robustness.

---

### **Roles of Pydantic Models in FastAPI:**

1. **Data Validation**
2. **Data Serialization and Deserialization**
3. **Data Parsing**
4. **Automatic Documentation**
5. **Type Hints and Code Clarity**

---

### **1. Data Validation:**

Pydantic models validate incoming request data against predefined rules. If the data doesn't match the expected types or constraints, FastAPI automatically returns a detailed error response.

**Example:**
```python
from fastapi import FastAPI
from pydantic import BaseModel, Field

app = FastAPI()

class Item(BaseModel):
    name: str
    price: float
    quantity: int = Field(..., gt=0, description="Quantity must be greater than zero")

@app.post("/items/")
async def create_item(item: Item):
    return item
```

**Validation Rules:**
- `name`: Must be a string.
- `price`: Must be a float.
- `quantity`: Must be greater than zero (`gt=0`).

If validation fails, FastAPI returns a 422 status code with error details.

---

### **2. Data Serialization and Deserialization:**

- **Serialization:** Converts Python objects into JSON responses for the client.
- **Deserialization:** Converts incoming JSON data into Python objects.

**Example:**
```python
@app.post("/items/")
async def create_item(item: Item):
    return {"message": f"{item.quantity} units of {item.name} created at ${item.price} each"}
```
- **Request:** JSON data is parsed into a Python object (`Item` instance).
- **Response:** Python dictionaries are serialized back into JSON.

---

### **3. Data Parsing:**

Pydantic models parse complex nested data structures effortlessly, including lists and nested objects.

**Example with Nested Models:**
```python
from typing import List

class User(BaseModel):
    username: str
    email: str

class Order(BaseModel):
    items: List[Item]
    user: User

@app.post("/orders/")
async def create_order(order: Order):
    return {"message": f"Order received for {order.user.username}"}
```
- The `Order` model contains a list of `Item` objects and a `User` object.
- FastAPI parses nested JSON into corresponding Python structures.

---

### **4. Automatic Documentation:**

FastAPI generates OpenAPI documentation based on Pydantic models. The documentation includes:
- Data types and structures
- Field descriptions and constraints

**Example:** Access the documentation at `http://127.0.0.1:8000/docs`.

---

### **5. Type Hints and Code Clarity:**

Using Pydantic models with FastAPI improves code readability and maintainability:
- Clear data structures and validation rules.
- Automatic IDE support for type hints and error checking.

**Example:**
```python
class Item(BaseModel):
    name: str
    price: float
```
This code clearly defines the expected structure for `Item` objects, making it easier for developers to understand and maintain.

---

### **Role in Response Handling:**

Pydantic models can also be used for defining structured responses:
```python
@app.get("/items/{item_id}", response_model=Item)
async def get_item(item_id: int):
    return Item(name="Example", price=10.5)
```
- **`response_model`:** Specifies the format of the response, ensuring consistency and automatic documentation updates.

---

### **Key Benefits of Using Pydantic Models in FastAPI:**

1. **Robust Data Validation:** Prevents invalid data from being processed.
2. **Clean, Maintainable Code:** Clear definitions of data structures and types.
3. **Enhanced Documentation:** Auto-generates Swagger docs for better API understanding.
4. **Error Handling:** Returns informative errors when validation fails.
5. **Flexibility:** Supports complex nested structures and custom validators.

---

### **Conclusion:**

Pydantic models are central to FastAPI's ability to handle request and response data effectively. They provide a powerful framework for validating, parsing, and documenting data, ensuring that your API is reliable, consistent, and easy to use.

# **15. What is dependency injection in FastAPI, and how is it used in building APIs?**

**Dependency injection** in FastAPI is a design pattern that allows you to manage and provide resources, configurations, or logic to different parts of your application in a structured way. This helps keep your code clean, modular, and easy to test.

In FastAPI, dependency injection means you can define reusable components (dependencies) that can be injected into your endpoint functions or other dependencies. Dependencies can include things like database connections, authentication checks, or common logic.

---

### **Key Benefits of Dependency Injection:**

1. **Reusability:** Write code once and use it across multiple endpoints.
2. **Modularity:** Break down complex logic into smaller, manageable pieces.
3. **Testability:** Easily mock or replace dependencies for testing.
4. **Separation of Concerns:** Keep endpoint logic clean by offloading reusable logic to dependencies.

---

### **How Dependency Injection Works in FastAPI:**

FastAPI uses the **`Depends`** class to declare dependencies. It automatically handles the execution and injection of the dependency.

---

### **Basic Example of Dependency Injection:**

```python
from fastapi import FastAPI, Depends

app = FastAPI()

# Define a dependency function
def get_user_agent():
    return "Custom-User-Agent"

# Use the dependency in an endpoint
@app.get("/items/")
async def read_items(user_agent: str = Depends(get_user_agent)):
    return {"user_agent": user_agent}
```

**Explanation:**
- **`get_user_agent`** is a dependency function.
- **`Depends(get_user_agent)`** tells FastAPI to call this function and inject its return value (`user_agent`) into the endpoint.

---

### **More Complex Example: Dependency for Database Connection:**

```python
from fastapi import FastAPI, Depends

app = FastAPI()

# Simulate a database connection
def get_db():
    db = {"connection": "database_connection"}
    try:
        yield db  # Use yield for teardown logic if needed
    finally:
        print("Closing DB connection")

# Inject the database dependency into the endpoint
@app.get("/users/")
async def read_users(db: dict = Depends(get_db)):
    return {"db_connection": db["connection"]}
```

**Explanation:**
- The `get_db` function simulates a database connection.
- **`yield`** is used to release the resource after the request is processed.
- The dependency is injected into the `db` parameter of the endpoint function.

---

### **Dependencies with Parameters:**

Dependencies can also accept parameters, making them more dynamic.

```python
def common_parameters(q: str = None, limit: int = 10):
    return {"q": q, "limit": limit}

@app.get("/search/")
async def search_items(params: dict = Depends(common_parameters)):
    return params
```

---

### **Class-Based Dependencies:**

You can use classes to define dependencies with state.

```python
class Settings:
    def __init__(self, env: str):
        self.env = env

# Instantiate the class and use it as a dependency
@app.get("/config/")
async def read_config(settings: Settings = Depends(lambda: Settings(env="production"))):
    return {"env": settings.env}
```

---

### **Using Dependencies with Middleware and Global Scope:**

You can apply dependencies globally for things like authentication or logging.

```python
from fastapi import Request

async def log_request(request: Request):
    print(f"Request to {request.url}")
    return request

@app.middleware("http")
async def add_process_time_header(request: Request, call_next):
    await log_request(request)
    response = await call_next(request)
    return response
```

---

### **Summary:**

**Dependency injection** in FastAPI simplifies managing reusable logic and shared resources like database connections or authentication. Using **`Depends`**, you can define modular, testable code while keeping your endpoints clean and maintainable. This approach promotes code reusability, enhances testability, and ensures a clear separation of concerns in API development.

# **16. How can you handle file uploads in FastAPI for API endpoints?**

In FastAPI, handling **file uploads** for API endpoints is simple and efficient. You use the `File` class from `fastapi` to define and process files sent as part of the request. Files are commonly uploaded via a **`multipart/form-data`** request.

---

### **Steps to Handle File Uploads:**

1. **Use the `File` Dependency**  
2. **Access File Content**  
3. **Handle Multiple File Uploads**  

---

### **1. Use the `File` Dependency:**

To handle a file upload, use the `File` dependency to define the parameter for the uploaded file.

**Example: Single File Upload**
```python
from fastapi import FastAPI, File, UploadFile

app = FastAPI()

@app.post("/uploadfile/")
async def upload_file(file: UploadFile = File(...)):
    return {
        "filename": file.filename,
        "content_type": file.content_type,
    }
```

- **`File(...)`:** Declares the file as required in the request.
- **`UploadFile`:** A class that provides an interface to interact with the uploaded file, such as reading content or saving it.

---

### **2. Access File Content:**

The `UploadFile` class allows you to:
- Access the file's metadata (filename, content type).
- Read or stream its content.

**Example: Reading File Content**
```python
@app.post("/readfile/")
async def read_file(file: UploadFile = File(...)):
    content = await file.read()  # Read file content as bytes
    return {"filename": file.filename, "content_size": len(content)}
```

---

### **3. Handle Multiple File Uploads:**

You can define multiple `File` dependencies for handling multiple files or use a list for uploading multiple files in one request.

**Example: Multiple Files**
```python
from typing import List

@app.post("/uploadfiles/")
async def upload_files(files: List[UploadFile] = File(...)):
    return {"filenames": [file.filename for file in files]}
```

- In the request, send multiple files under the same form field.
- Use a `List[UploadFile]` type hint to accept multiple files.

---

### **Saving Uploaded Files:**

You can save the uploaded file to disk if needed.

**Example: Save Uploaded File**
```python
@app.post("/savefile/")
async def save_file(file: UploadFile = File(...)):
    with open(f"./uploads/{file.filename}", "wb") as f:
        f.write(await file.read())
    return {"message": f"File {file.filename} saved successfully!"}
```

---

### **Complete Example: File with Additional Data**

You can combine file uploads with additional form data.

**Example:**
```python
from fastapi import Form

@app.post("/upload/")
async def upload_file_with_data(
    description: str = Form(...),  # Form field
    file: UploadFile = File(...),  # File upload
):
    return {
        "description": description,
        "filename": file.filename,
    }
```

In this example:
- **`Form(...)`** extracts non-file data sent as part of the `multipart/form-data`.
- Both form data and file uploads are handled seamlessly.

---

### **Using Swagger UI for Testing:**

FastAPI's auto-generated Swagger UI (`/docs`) makes testing file uploads easy:
1. Open `/docs` in your browser.
2. Navigate to the endpoint.
3. Use the "Choose File" button to upload a file and submit the request.

---

### **Key Benefits of File Handling in FastAPI:**

1. **Built-in Validation:** Ensures files are uploaded in the correct format (`multipart/form-data`).
2. **Ease of Access:** `UploadFile` makes accessing file metadata and content straightforward.
3. **Streaming Support:** Suitable for large file uploads.
4. **Integration with Form Data:** Combines file uploads with other fields seamlessly.

---

### **Conclusion:**

File uploads in FastAPI are efficient and developer-friendly, with built-in support for handling single or multiple files. By using `File` and `UploadFile`, you can build APIs that process file data in various scenarios, such as image uploads, document processing, or multimedia handling.

# **17. Explain the process of documenting FastAPI APIs using Swagger UI and OpenAPI.**

FastAPI automatically generates interactive **Swagger UI** and **OpenAPI documentation** for your APIs. This makes it easy to understand, test, and share your API's functionality without additional tools or manual documentation efforts.

---

### **Key Concepts:**

1. **OpenAPI Specification**  
   OpenAPI (formerly known as Swagger) is a standard format for describing REST APIs. FastAPI generates an OpenAPI schema that describes your API, including endpoints, methods, request parameters, and response models.

2. **Swagger UI**  
   Swagger UI is a web-based interface that uses the OpenAPI schema to provide interactive documentation. It allows users to:
   - View endpoint details
   - Test API requests
   - See expected responses and error codes

3. **ReDoc**  
   FastAPI also provides **ReDoc**, an alternative to Swagger UI with a cleaner, more structured layout.

---

### **Accessing Documentation:**

By default, FastAPI provides two documentation interfaces:

- **Swagger UI:** Accessible at `/docs`  
- **ReDoc:** Accessible at `/redoc`

These are automatically available when you run a FastAPI app.

---

### **Basic Example with Automatic Documentation:**

```python
from fastapi import FastAPI

app = FastAPI()

@app.get("/items/{item_id}", summary="Get an item", description="Retrieve an item by its ID")
async def read_item(item_id: int, q: str = None):
    """
    Retrieve an item from the inventory.

    - **item_id**: Unique identifier for the item
    - **q**: Optional query parameter for filtering
    """
    return {"item_id": item_id, "query": q}
```

**Swagger UI** at `/docs` will display:
- The endpoint URL (`/items/{item_id}`)
- HTTP method (`GET`)
- Parameters (`item_id` and `q`)
- Descriptions and summary

---

### **Customizing OpenAPI and Swagger UI:**

#### **1. Add Tags and Metadata:**
You can group endpoints into logical sections using **tags**.

```python
@app.get("/users/", tags=["Users"])
async def read_users():
    return [{"username": "johndoe"}]

@app.get("/items/", tags=["Items"])
async def read_items():
    return [{"item_name": "book"}]
```

#### **2. Define Request and Response Models:**
Using **Pydantic models**, you can document expected data structures.

```python
from pydantic import BaseModel

class Item(BaseModel):
    name: str
    price: float
    description: str = None

@app.post("/items/", response_model=Item, tags=["Items"])
async def create_item(item: Item):
    return item
```

Swagger UI will display:
- Required and optional fields.
- Data types and validation rules.

---

### **3. Customize the OpenAPI Schema:**

You can customize the OpenAPI schema's metadata by passing parameters to the **FastAPI** instance:

```python
app = FastAPI(
    title="My API",
    description="This is a sample API using FastAPI",
    version="1.0.0",
    contact={
        "name": "Support",
        "email": "support@example.com",
    },
    license_info={
        "name": "MIT",
        "url": "https://opensource.org/licenses/MIT",
    },
)
```

---

### **4. Custom Path Operation Documentation:**

You can add detailed information to individual endpoints:

```python
@app.get(
    "/items/{item_id}",
    summary="Retrieve an item",
    description="Get the details of a specific item by its ID.",
    response_description="Details of the requested item.",
)
async def read_item(item_id: int):
    return {"item_id": item_id}
```

---

### **5. Disable or Secure Documentation:**

For security or production environments, you may want to disable or restrict access to the documentation:

```python
from fastapi.openapi.docs import get_swagger_ui_html

@app.get("/docs", include_in_schema=False)
async def custom_swagger_ui():
    return get_swagger_ui_html(openapi_url="/openapi.json", title="Custom Docs")
```

---

### **6. Generate and Export OpenAPI Schema:**

You can access the raw OpenAPI schema in JSON format at `/openapi.json`. This is useful for external tools or integrations.

---

### **Benefits of FastAPI Documentation:**

1. **Interactive Testing:** Easily test API endpoints directly from the browser.
2. **Auto-generated:** Saves time and reduces documentation errors.
3. **Clear and Detailed:** Provides rich details about request/response models, parameters, and error codes.
4. **Collaboration:** Useful for sharing API specifications with frontend teams or external developers.
5. **Compliance:** Adheres to OpenAPI standards, ensuring compatibility with various tools and platforms.

---

### **Summary:**

FastAPI’s built-in support for **Swagger UI** and **OpenAPI** ensures that your APIs are well-documented and easy to use. By leveraging **Pydantic models**, **tags**, and **metadata**, you can create clear, interactive documentation that enhances API development, testing, and collaboration.

# **18. Discuss the use of 'async/await' in FastAPI middleware functions.**

In FastAPI, **middleware** functions play a crucial role in processing requests and responses globally, enabling tasks like logging, authentication, request modifications, and response manipulation. **`async/await`** syntax is used in middleware to handle asynchronous operations efficiently, making FastAPI highly performant.

---

### **What is Middleware in FastAPI?**
Middleware is a function that runs before and after the main request handler (endpoint). It wraps around the request processing pipeline, allowing you to perform operations on incoming requests or outgoing responses.

---

### **Structure of an Async Middleware:**

An async middleware is defined as a function that:
- Takes a **request** object and a **call_next** function.
- Uses **`await`** to process asynchronous tasks.
- Calls **`call_next`** to pass the request to the next middleware or endpoint.

**Basic Syntax:**
```python
from fastapi import FastAPI, Request

app = FastAPI()

@app.middleware("http")
async def custom_middleware(request: Request, call_next):
    # Code before processing the request
    response = await call_next(request)
    # Code after processing the request
    return response
```

---

### **Key Components:**

1. **`Request` Object:** Contains the incoming HTTP request details.
2. **`call_next` Function:** Invokes the next middleware or endpoint in the chain.
3. **`await` Expression:** Ensures non-blocking I/O operations, improving performance for tasks like database queries, file access, or network calls.

---

### **Use Cases of Async Middleware:**

1. **Logging Requests and Responses:**
   ```python
   @app.middleware("http")
   async def log_requests(request: Request, call_next):
       print(f"Request: {request.method} {request.url}")
       response = await call_next(request)
       print(f"Response status: {response.status_code}")
       return response
   ```
   - Logs details before and after processing each request.

2. **Timing Requests:**
   ```python
   import time

   @app.middleware("http")
   async def add_process_time_header(request: Request, call_next):
       start_time = time.time()
       response = await call_next(request)
       process_time = time.time() - start_time
       response.headers["X-Process-Time"] = str(process_time)
       return response
   ```
   - Measures and records the time taken to process each request.

3. **Authentication or Authorization Checks:**
   ```python
   from fastapi.responses import JSONResponse

   @app.middleware("http")
   async def check_authentication(request: Request, call_next):
       if "authorization" not in request.headers:
           return JSONResponse(content={"detail": "Unauthorized"}, status_code=401)
       response = await call_next(request)
       return response
   ```
   - Ensures that incoming requests contain an authorization header.

4. **Modifying Requests:**
   ```python
   @app.middleware("http")
   async def add_custom_header(request: Request, call_next):
       request.headers.__setitem__("Custom-Header", "AddedValue")
       response = await call_next(request)
       return response
   ```
   - Adds or modifies headers before passing the request downstream.

---

### **Handling Asynchronous Tasks in Middleware:**

**Async middleware** is particularly useful when dealing with:
- **I/O-bound operations:** Database calls, file reading, or external API requests.
- **Network latency:** Ensures the server doesn't block while waiting for external data.

---

### **Middleware Execution Flow:**
1. **Before the Endpoint:**  
   Middleware code runs before the request reaches the endpoint.
2. **After the Endpoint:**  
   After the endpoint returns a response, the middleware can process or modify it before sending it back to the client.

---

### **Best Practices:**
1. **Keep it Lightweight:** Avoid heavy processing in middleware to maintain performance.
2. **Handle Exceptions Gracefully:** Ensure that errors in middleware don't crash the application.
3. **Chain Responsibly:** Use **`await call_next(request)`** to pass control to the next layer. Omitting this will block the request.

---

### **Conclusion:**
**`async/await`** in FastAPI middleware enables efficient handling of asynchronous tasks, ensuring non-blocking operations and enhancing performance. Middleware functions offer a powerful way to apply global logic to requests and responses, supporting use cases like logging, authentication, and performance monitoring. By leveraging asynchronous programming, FastAPI maintains high scalability, especially for I/O-bound applications.

# **19. How can you implement WebSocket communication in FastAPI for real-time features?**

FastAPI supports **WebSocket communication** natively, enabling real-time, two-way interaction between clients and servers. WebSockets are ideal for applications that require live updates, such as chat apps, stock tickers, or live notifications.

---

### **WebSocket Overview:**
- **WebSocket Protocol:** Establishes a persistent connection, allowing data to be sent and received simultaneously.
- **Bidirectional:** Unlike HTTP, where the client initiates requests, WebSockets allow both client and server to send messages at any time.

---

### **Implementing WebSocket in FastAPI:**

1. **Import WebSocket Class:** FastAPI provides a `WebSocket` class to manage connections.
2. **Define an Endpoint:** Use the `websocket` route decorator (`@app.websocket`).
3. **Manage Connections:** Handle connection establishment and message exchange within the endpoint.

---

### **Basic WebSocket Example:**

```python
from fastapi import FastAPI, WebSocket

app = FastAPI()

@app.websocket("/ws")
async def websocket_endpoint(websocket: WebSocket):
    await websocket.accept()  # Accept the WebSocket connection
    while True:
        data = await websocket.receive_text()  # Receive message from client
        await websocket.send_text(f"Message received: {data}")  # Send response back to client
```

---

### **Explanation:**
1. **Route Declaration:**
   - `@app.websocket("/ws")`: Defines the WebSocket endpoint at `/ws`.

2. **Connection Acceptance:**
   - `await websocket.accept()`: Establishes the connection, allowing communication to begin.

3. **Message Handling:**
   - `await websocket.receive_text()`: Reads incoming messages from the client.
   - `await websocket.send_text()`: Sends messages back to the client.

---

### **Client-Side Example:**

You can test WebSocket functionality using JavaScript in the browser console or a simple HTML page:

```html
<!DOCTYPE html>
<html>
<body>
    <script>
        const socket = new WebSocket("ws://localhost:8000/ws");

        socket.onopen = () => {
            socket.send("Hello, server!");
        };

        socket.onmessage = (event) => {
            console.log("Message from server:", event.data);
        };
    </script>
</body>
</html>
```

---

### **Advanced WebSocket Features:**

#### **1. Handling Multiple Clients:**
For real-time apps like chatrooms, you may need to broadcast messages to multiple clients.

```python
from fastapi import WebSocket, WebSocketDisconnect

app = FastAPI()

class ConnectionManager:
    def __init__(self):
        self.active_connections = []

    async def connect(self, websocket: WebSocket):
        await websocket.accept()
        self.active_connections.append(websocket)

    def disconnect(self, websocket: WebSocket):
        self.active_connections.remove(websocket)

    async def broadcast(self, message: str):
        for connection in self.active_connections:
            await connection.send_text(message)

manager = ConnectionManager()

@app.websocket("/ws/chat")
async def websocket_chat(websocket: WebSocket):
    await manager.connect(websocket)
    try:
        while True:
            data = await websocket.receive_text()
            await manager.broadcast(f"User says: {data}")
    except WebSocketDisconnect:
        manager.disconnect(websocket)
```

- **`ConnectionManager`:** Manages active connections and broadcasting messages.
- **`broadcast`:** Sends messages to all connected clients.

---

#### **2. Sending JSON Data:**
WebSocket supports text and binary data, and FastAPI makes it easy to send JSON objects.

```python
import json

@app.websocket("/ws/json")
async def websocket_json(websocket: WebSocket):
    await websocket.accept()
    while True:
        data = await websocket.receive_json()  # Receive JSON data
        response = {"received_data": data, "message": "JSON received!"}
        await websocket.send_json(response)  # Send JSON response
```

---

### **3. Error Handling:**
WebSocket connections can be closed unexpectedly, so handle disconnects gracefully:

```python
from fastapi import WebSocketDisconnect

@app.websocket("/ws/secure")
async def websocket_with_error_handling(websocket: WebSocket):
    await websocket.accept()
    try:
        while True:
            data = await websocket.receive_text()
            await websocket.send_text(f"Echo: {data}")
    except WebSocketDisconnect:
        print("Client disconnected")
```

---

### **Use Cases for WebSocket:**
- **Chat Applications:** Real-time messaging between users.
- **Live Notifications:** Instant updates on data changes.
- **Collaborative Tools:** Real-time document or whiteboard collaboration.
- **Gaming:** Real-time state synchronization between players.
- **Financial Dashboards:** Streaming stock or market data.

---

### **Conclusion:**
FastAPI’s support for WebSockets simplifies building real-time, interactive applications. By leveraging asynchronous programming (`async/await`), you can handle multiple connections efficiently, ensuring smooth communication between clients and servers. This makes FastAPI an excellent choice for modern, real-time web applications.

# **20. Discuss the integration of databases with FastAPI for backend data management.**

Integrating databases with **FastAPI** is essential for building dynamic and data-driven applications. FastAPI supports various databases, including SQL (like **PostgreSQL**, **MySQL**) and NoSQL (like **MongoDB**), leveraging **ORMs** (Object Relational Mappers) and asynchronous libraries to efficiently manage backend data.

---

### **Key Concepts for Database Integration:**

1. **Database Libraries:**  
   FastAPI can work with both synchronous and asynchronous libraries:
   - **SQLAlchemy** (for SQL databases, supports both sync/async)
   - **Tortoise ORM** (asynchronous ORM for SQL)
   - **Motor** (async driver for MongoDB)

2. **Dependency Injection:**  
   Use FastAPI's dependency injection system to manage database connections and sessions.

3. **Asynchronous Operations:**  
   FastAPI can perform non-blocking database operations with async-compatible libraries, improving performance.

---

### **Steps to Integrate a Database:**

#### **1. Install Required Libraries:**
For example, using SQLAlchemy with PostgreSQL:
```bash
pip install fastapi uvicorn sqlalchemy psycopg2-binary
```

---

#### **2. Define the Database Model:**
Create your database schema using an ORM. Here's an example with SQLAlchemy:

```python
from sqlalchemy import Column, Integer, String, create_engine
from sqlalchemy.ext.declarative import declarative_base
from sqlalchemy.orm import sessionmaker

DATABASE_URL = "postgresql://user:password@localhost/dbname"

engine = create_engine(DATABASE_URL)
SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)

Base = declarative_base()

class User(Base):
    __tablename__ = "users"
    
    id = Column(Integer, primary_key=True, index=True)
    name = Column(String, index=True)
    email = Column(String, unique=True, index=True)
```

---

#### **3. Create a Database Dependency:**
Dependencies ensure a database session is available for each request and closed afterward.

```python
from fastapi import Depends
from sqlalchemy.orm import Session

# Dependency for getting the database session
def get_db():
    db = SessionLocal()
    try:
        yield db
    finally:
        db.close()
```

---

#### **4. Define CRUD Operations:**
Create endpoints to interact with the database.

```python
from fastapi import FastAPI, HTTPException, Depends
from sqlalchemy.orm import Session
from typing import List

app = FastAPI()

@app.post("/users/", response_model=UserSchema)
async def create_user(user: UserCreate, db: Session = Depends(get_db)):
    db_user = db.query(User).filter(User.email == user.email).first()
    if db_user:
        raise HTTPException(status_code=400, detail="Email already registered")
    
    new_user = User(name=user.name, email=user.email)
    db.add(new_user)
    db.commit()
    db.refresh(new_user)
    return new_user

@app.get("/users/{user_id}", response_model=UserSchema)
async def read_user(user_id: int, db: Session = Depends(get_db)):
    db_user = db.query(User).filter(User.id == user_id).first()
    if db_user is None:
        raise HTTPException(status_code=404, detail="User not found")
    return db_user
```

---

### **Handling Asynchronous Databases:**

For asynchronous support (important for performance in I/O-bound apps), use async-capable libraries like **Tortoise ORM** or **Gino**:

#### **Example with Tortoise ORM:**
1. **Install Dependencies:**
   ```bash
   pip install tortoise-orm aiosqlite
   ```

2. **Configuration:**
   ```python
   from tortoise.contrib.fastapi import register_tortoise

   app = FastAPI()

   register_tortoise(
       app,
       db_url="sqlite://db.sqlite3",
       modules={"models": ["models"]},
       generate_schemas=True,
       add_exception_handlers=True,
   )
   ```

---

### **Best Practices:**

1. **Session Management:**  
   Always close the session to avoid connection leaks. Use context managers or FastAPI’s dependency injection to handle this.

2. **Security:**  
   Protect against SQL injection by using parameterized queries or ORMs.

3. **Data Validation:**  
   Use **Pydantic models** to validate and serialize input/output data.

4. **Async Operations:**  
   For scalable applications, prefer asynchronous database libraries. Avoid mixing sync and async code.

5. **Error Handling:**  
   Handle database errors gracefully to improve API robustness.

---

### **Conclusion:**
Integrating a database with FastAPI involves setting up models, managing sessions, and defining endpoints with proper CRUD operations. FastAPI’s support for both synchronous and asynchronous libraries allows developers to choose the best tool for their needs, ensuring efficient data handling and high performance. Dependency injection simplifies resource management, making database interactions clean and maintainable.

# **21. Can you provide an example of implementing role-based access control (RBAC) in FastAPI?**

Implementing **Role-Based Access Control (RBAC)** in FastAPI is a great way to ensure that users can only access resources based on their roles and permissions. RBAC generally involves creating a system where users are assigned roles (e.g., admin, user, etc.), and those roles are granted specific permissions to perform actions on resources.

Here's how you can implement **RBAC** in FastAPI using dependencies and custom security logic:

---

### **Step-by-Step Example:**

#### **1. Define User Roles and Permissions:**

First, we need to define roles and their associated permissions. In a simple scenario, you could have roles such as "admin" and "user".

```python
from enum import Enum

class Role(str, Enum):
    admin = "admin"
    user = "user"
    manager = "manager"
```

---

#### **2. Define Dependencies for Authentication and Authorization:**

You can use **OAuth2** or any other authentication mechanism for user login. In this example, we'll assume a simplified version where user roles are passed as part of the request.

We will implement two main dependencies:
1. **`get_current_user`:** To retrieve the current logged-in user (simplified here).
2. **`role_required`:** A dependency to ensure that the user has the required role to access the endpoint.

```python
from fastapi import Depends, HTTPException, status
from pydantic import BaseModel
from typing import List

# Simulate user authentication and role fetching
class User(BaseModel):
    username: str
    roles: List[Role]  # List of roles assigned to the user

# Fake in-memory users database for demo purposes
fake_users_db = {
    "admin_user": User(username="admin_user", roles=[Role.admin]),
    "regular_user": User(username="regular_user", roles=[Role.user]),
}

def get_current_user(username: str) -> User:
    """Fake function to simulate getting current logged-in user."""
    user = fake_users_db.get(username)
    if not user:
        raise HTTPException(status_code=404, detail="User not found")
    return user

def role_required(role: Role):
    def _role_required(user: User = Depends(get_current_user)):
        if role not in user.roles:
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail=f"User does not have {role.value} role",
            )
        return user
    return _role_required
```

---

#### **3. Define the API Endpoints with Role-Based Access Control:**

Now, we can define FastAPI endpoints where certain actions are restricted to users with specific roles.

```python
from fastapi import FastAPI, Depends

app = FastAPI()

@app.get("/admin-only")
async def get_admin_data(user: User = Depends(role_required(Role.admin))):
    return {"message": f"Welcome Admin {user.username}, here is your data"}

@app.get("/user-only")
async def get_user_data(user: User = Depends(role_required(Role.user))):
    return {"message": f"Hello {user.username}, here is your data"}

@app.get("/manager-only")
async def get_manager_data(user: User = Depends(role_required(Role.manager))):
    return {"message": f"Hello Manager {user.username}, here is your data"}
```

- **`role_required(Role.admin)`** ensures that only users with the "admin" role can access the `/admin-only` endpoint.
- Similarly, other roles (like "user" or "manager") are required for the respective endpoints.

---

#### **4. Run the FastAPI Application:**

Now, run the application and test the endpoints.

```bash
uvicorn app:app --reload
```

You can use **curl** or a REST client like **Postman** to test the access control:

1. **Access the `/admin-only` endpoint with an admin user:**

```bash
curl -X 'GET' \
  'http://127.0.0.1:8000/admin-only?username=admin_user' \
  -H 'accept: application/json'
```

This should return:

```json
{
  "message": "Welcome Admin admin_user, here is your data"
}
```

2. **Access the `/user-only` endpoint with a regular user:**

```bash
curl -X 'GET' \
  'http://127.0.0.1:8000/user-only?username=regular_user' \
  -H 'accept: application/json'
```

This should return:

```json
{
  "message": "Hello regular_user, here is your data"
}
```

3. **Access the `/manager-only` endpoint (denied for non-managers):**

```bash
curl -X 'GET' \
  'http://127.0.0.1:8000/manager-only?username=regular_user' \
  -H 'accept: application/json'
```

This will return:

```json
{
  "detail": "User does not have manager role"
}
```

---

### **5. Explanation of the Code:**

1. **User Model:**
   - The `User` model contains the `username` and a list of roles associated with the user.
   - `fake_users_db` is a simple dictionary simulating a user database.

2. **Dependency Functions:**
   - **`get_current_user(username: str)`:** Simulates retrieving the current user from a database.
   - **`role_required(role: Role)`:** Ensures that the user has the required role. It is a higher-order function that returns a dependency, allowing you to specify which role is needed for the endpoint.

3. **Endpoints:**
   - Each endpoint uses **role-based authorization** by including the `role_required` dependency, checking if the user has the correct role.

---

### **Enhancements and Real-World Considerations:**

1. **JWT Token Authentication:**  
   For a production system, you would likely use JWT tokens to securely authenticate users and associate them with roles. In that case, `get_current_user` would decode the JWT and fetch roles from the token or database.

2. **Database Integration:**  
   Replace the in-memory `fake_users_db` with a real database (e.g., using SQLAlchemy or Tortoise ORM) to store and retrieve user data and roles.

3. **Fine-grained Permissions:**  
   You can extend RBAC to include more granular permissions (e.g., read, write, delete) for each role on different resources.

4. **Role Hierarchy:**  
   You could implement role hierarchies, where an "admin" has all the permissions of a "user", and a "manager" has some permissions of both "admin" and "user".

---

### **Conclusion:**

RBAC in FastAPI is implemented using dependencies and custom security logic to enforce role-based access control. With this approach, you can easily manage user permissions and secure your application by restricting access to endpoints based on the user’s assigned roles. FastAPI’s flexible dependency injection system makes this process clean, maintainable, and highly customizable.

# **22. Explain the difference between stateful and stateless authentication, and when to use each in FastAPI.**

In FastAPI (and in web development in general), **stateful** and **stateless** authentication refer to different methods for managing user authentication and session information. Here's a breakdown of the two approaches, their differences, and when to use each in FastAPI applications.

---

### **1. Stateful Authentication:**

**Stateful Authentication** requires maintaining a session on the server-side, where the server stores information about the user's authentication state. This typically involves storing session data on the server (e.g., in memory, database, or file) and referencing it during subsequent requests.

#### **How it Works:**
- **Login:** When a user logs in, the server generates a **session ID** or **token** and stores it on the server.
- **Session Management:** The server sends this session ID or token to the client as a **cookie**.
- **Subsequent Requests:** The client sends the session ID/token in the request headers (usually in the `Cookie` header). The server checks this session ID against its stored session data to validate the user’s identity.

#### **Pros of Stateful Authentication:**
- **Server-Side Control:** The server can manage and invalidate sessions easily (e.g., force logout or track user activity).
- **No Token Management on Client-Side:** Since the session is stored on the server, there’s no need for the client to handle tokens explicitly.
  
#### **Cons of Stateful Authentication:**
- **Scalability Issues:** As the server stores the session state, it may become difficult to scale applications (especially in a distributed environment) because session data needs to be shared or synchronized across different server instances.
- **Server Load:** Storing session information can increase server memory usage, especially if the app has many active users.
- **Session Hijacking:** If cookies aren’t secured properly, attackers can steal session cookies and impersonate users.

#### **When to Use Stateful Authentication:**
- Applications with low to medium traffic and low scalability requirements.
- Situations where you need fine-grained control over user sessions (e.g., session expiration or forced logout).
- When managing a **single server** or using tools like Redis to store session data for distributed systems.

---

### **2. Stateless Authentication:**

**Stateless Authentication** doesn’t rely on storing any session data on the server. Instead, the server authenticates requests by using **tokens** (e.g., **JWT - JSON Web Tokens**) that contain all the necessary user information, and these tokens are self-contained.

#### **How it Works:**
- **Login:** The user logs in, and the server generates a **JWT** that encodes the user’s identity and other claims (like roles, expiration time).
- **Token Storage:** The server doesn’t store session data; instead, the client stores the token (usually in **local storage**, **session storage**, or in the `Authorization` header).
- **Subsequent Requests:** The client includes the token in the `Authorization` header (e.g., `Bearer <token>`). The server validates the token and grants access if it's valid.

#### **Pros of Stateless Authentication:**
- **Scalable:** Since the server doesn’t store session information, stateless authentication is highly scalable. There’s no session data to synchronize across servers.
- **No Server Load for Storing Sessions:** The server doesn’t need to track user sessions, which can reduce memory overhead.
- **Ease of Use for Distributed Systems:** Because tokens are self-contained, they work well for applications with multiple instances, microservices, or APIs.
  
#### **Cons of Stateless Authentication:**
- **Token Management:** The client needs to handle the token securely (e.g., in local storage or as an HTTP cookie).
- **No Server-Side Control:** The server can't easily invalidate tokens unless you implement token blacklisting, making it harder to force logouts or revoke access before the token expires.
- **Token Expiration:** JWT tokens typically have an expiration time, so the client may need to refresh the token (e.g., with a refresh token) or reauthenticate.

#### **When to Use Stateless Authentication:**
- Large-scale applications or microservices where scalability and server independence are important.
- Applications that need high availability and are running across multiple servers or cloud instances.
- When you don't need to store session state or require the server to track user sessions.
- **Mobile applications** or **SPAs (Single Page Applications)**, where the client-side can handle token storage and management.

---

### **Comparing Stateful vs Stateless Authentication:**

| **Feature**                     | **Stateful Authentication**              | **Stateless Authentication**            |
|----------------------------------|------------------------------------------|-----------------------------------------|
| **Session Storage**              | Stored on the server (e.g., in-memory, database) | Stored on the client (e.g., JWT in localStorage or cookies) |
| **Scalability**                  | Limited scalability (state needs to be shared between servers) | Highly scalable (no session state on the server) |
| **Server Load**                  | Higher load as sessions are stored on the server | Lower load (no session state to manage) |
| **Client Handling**              | Client sends session ID (cookie)         | Client sends a JWT in the `Authorization` header |
| **Token Expiration/Revocation**  | Server can easily revoke sessions       | Tokens need to be manually revoked (e.g., token blacklist) |
| **Use Case**                     | Smaller applications, applications with user sessions | Large-scale applications, distributed systems, mobile apps |
| **Example Use Case**             | Admin dashboards, single-server apps    | REST APIs, microservices, SPAs, mobile apps |

---

### **Implementing Stateless Authentication in FastAPI:**

In FastAPI, stateless authentication is commonly implemented with **JWT tokens**. Here's a simple example using **OAuth2** and JWT for stateless authentication:

#### **1. Install Dependencies:**
```bash
pip install fastapi uvicorn pyjwt passlib
```

#### **2. Define JWT Utility Functions:**

```python
import jwt
from datetime import datetime, timedelta
from fastapi import Depends, HTTPException, status
from pydantic import BaseModel
from typing import Optional

SECRET_KEY = "your_secret_key"
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30

class User(BaseModel):
    username: str

class Token(BaseModel):
    access_token: str
    token_type: str

# Create JWT Token
def create_access_token(data: dict, expires_delta: timedelta = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)):
    to_encode = data.copy()
    expire = datetime.utcnow() + expires_delta
    to_encode.update({"exp": expire})
    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
    return encoded_jwt

# Decode JWT Token
def verify_token(token: str):
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        return payload
    except jwt.PyJWTError:
        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token")
```

#### **3. Define FastAPI Endpoints:**

```python
from fastapi import FastAPI, Depends, HTTPException, status

app = FastAPI()

# Login route to generate JWT token
@app.post("/token", response_model=Token)
async def login_for_access_token(form_data: User):
    # Here you would verify the user's credentials (password)
    # For simplicity, we'll assume it's valid
    access_token = create_access_token(data={"sub": form_data.username})
    return {"access_token": access_token, "token_type": "bearer"}

# Protected route
@app.get("/protected")
async def read_protected(token: str = Depends(verify_token)):
    return {"message": "This is protected", "user": token["sub"]}
```

#### **4. Test the Endpoints:**
- **Get Token:**
  - POST to `/token` with JSON `{"username": "admin"}`.
- **Access Protected Endpoint:**
  - Use the returned token as `Authorization: Bearer <token>` to access `/protected`.

---

### **Conclusion:**

- **Stateful Authentication** is suitable when you need server-side control over sessions (e.g., forced logout) and you're working with a single server or smaller applications.
- **Stateless Authentication** (commonly with JWT) is ideal for scalable applications, microservices, and when you need to avoid managing sessions on the server side.

FastAPI's flexibility makes it easy to implement both methods, depending on your application's needs.

# **23. How does FastAPI handle user sessions and cookies for authentication purposes?**

FastAPI doesn't directly provide built-in session management, but it allows you to easily manage user sessions and cookies by integrating with external libraries or using custom logic.

When handling authentication with **sessions** and **cookies**, FastAPI generally relies on standard HTTP mechanisms like **cookies** to store session information and **middleware** to manage authentication. Here's an overview of how FastAPI handles user sessions and cookies for authentication purposes.

### **1. Overview of Sessions and Cookies in Authentication:**

- **Cookies**: Small pieces of data that are sent by the server and stored in the client's browser. Cookies are automatically sent with each HTTP request to the same domain.
- **Sessions**: A way to store information about a user’s activity and state on the server. When a user logs in, a session is created, and a session ID is stored in a cookie. The server uses the session ID to retrieve the session data on subsequent requests.

### **2. How FastAPI Handles Authentication with Cookies:**

In FastAPI, you can handle user sessions using cookies by creating and verifying session identifiers (e.g., **session ID** or **JWT tokens**) stored in cookies. Here's a general approach to implementing cookie-based authentication.

---

### **3. Example: Handling User Sessions with Cookies in FastAPI**

#### **Step 1: Install Necessary Dependencies**

You can use the `python-multipart` library to handle form data (if needed for login forms) and `secure-cookie` (for signing cookies securely).

```bash
pip install fastapi uvicorn python-multipart
```

#### **Step 2: Set Up FastAPI App with Cookie-Based Authentication**

This example demonstrates handling **login sessions** using cookies with JWT tokens, but it can be adapted for stateful session IDs if required.

```python
from fastapi import FastAPI, Depends, HTTPException, status, Request, Response
from fastapi.responses import JSONResponse
from fastapi.security import OAuth2PasswordBearer
from pydantic import BaseModel
from datetime import datetime, timedelta
import jwt
from typing import Optional
import os

# FastAPI instance
app = FastAPI()

# Configuration
SECRET_KEY = "your_secret_key"
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30
COOKIE_NAME = "access_token"

# OAuth2 password bearer (not used directly in this example but can be used in real scenarios)
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")

# Define models
class User(BaseModel):
    username: str

class Token(BaseModel):
    access_token: str
    token_type: str

# Fake database of users (for demo purposes)
fake_users_db = {
    "admin_user": {"username": "admin_user", "password": "secret"},
    "regular_user": {"username": "regular_user", "password": "password"},
}

# Function to create JWT token
def create_access_token(data: dict, expires_delta: timedelta = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)):
    to_encode = data.copy()
    expire = datetime.utcnow() + expires_delta
    to_encode.update({"exp": expire})
    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
    return encoded_jwt

# Function to verify JWT token
def verify_token(token: str):
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        return payload
    except jwt.PyJWTError:
        return None

# Dependency to extract token from cookies
def get_token_from_cookie(request: Request):
    return request.cookies.get(COOKIE_NAME)

# Endpoint to login and set session in cookie
@app.post("/login", response_model=Token)
async def login(response: Response, user: User):
    user_data = fake_users_db.get(user.username)
    if not user_data or user_data["password"] != "secret":  # Replace with password check
        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid credentials")
    
    # Create the access token
    access_token = create_access_token(data={"sub": user.username})
    
    # Set the token as a cookie in the response
    response.set_cookie(COOKIE_NAME, access_token, httponly=True, max_age=ACCESS_TOKEN_EXPIRE_MINUTES*60)
    
    return {"access_token": access_token, "token_type": "bearer"}

# Endpoint to read protected data (only accessible if logged in)
@app.get("/protected")
async def read_protected(token: str = Depends(get_token_from_cookie)):
    if token is None or verify_token(token) is None:
        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid or missing token")
    
    return {"message": "This is protected content"}

# Endpoint to logout (delete session cookie)
@app.post("/logout")
async def logout(response: Response):
    response.delete_cookie(COOKIE_NAME)
    return {"message": "Successfully logged out"}
```

---

### **4. How It Works:**

1. **Login (`/login`):**
   - The user sends their credentials (e.g., `username` and `password`) to the `/login` endpoint.
   - If the credentials are valid, FastAPI generates a **JWT token** and sends it as an **HTTP-only cookie** to the client using `response.set_cookie()`.
   - This cookie will be automatically sent with every subsequent request to the same domain, allowing the server to authenticate the user without needing to pass the token in each request explicitly.

2. **Protected Endpoint (`/protected`):**
   - This endpoint requires authentication. The `get_token_from_cookie` dependency extracts the token from the cookie sent by the client.
   - The token is then verified, and if it's valid, the protected content is returned.
   - If the token is invalid or missing, the server responds with a `401 Unauthorized` status.

3. **Logout (`/logout`):**
   - This endpoint allows the user to log out by deleting the session cookie using `response.delete_cookie()`.
   - The cookie will be removed, and the user will need to authenticate again to access protected resources.

---

### **5. Key Concepts in the Example:**

- **Cookies**: In this example, the **JWT token** is stored in the user's browser as an **HTTP-only cookie**. The `httponly=True` flag ensures the cookie is not accessible via JavaScript, reducing the risk of cross-site scripting (XSS) attacks.
  
- **Token Storage**: The **JWT token** is self-contained, meaning it holds all necessary user information (like the username and expiration time), and there’s no need to store session data on the server side.

- **Session Management**: Cookies automatically handle session persistence across requests. When a user makes a request, the browser includes the cookie with the token, which the server uses to validate the user.

---

### **6. Securing Cookies:**

- **HTTPOnly Cookies**: Setting `httponly=True` ensures that the cookie is inaccessible from JavaScript, protecting it from XSS attacks.
  
- **Secure Flag**: For production environments, always set `secure=True` when setting cookies to ensure they are sent only over HTTPS connections. This prevents cookies from being exposed over unencrypted HTTP requests.

- **SameSite Attribute**: This attribute helps prevent Cross-Site Request Forgery (CSRF) attacks. Set `SameSite='Strict'` or `SameSite='Lax'` depending on your use case.

```python
response.set_cookie(COOKIE_NAME, access_token, httponly=True, secure=True, max_age=ACCESS_TOKEN_EXPIRE_MINUTES*60, samesite="Strict")
```

---

### **Conclusion:**

FastAPI provides a flexible way to implement session-based authentication with cookies. By leveraging **JWT tokens** or **session IDs** in cookies, you can authenticate users in a stateless or stateful manner. FastAPI allows you to handle authentication and authorization efficiently, providing fine-grained control over how sessions and cookies are managed.

- **Stateful authentication** (server-side sessions) can be managed by storing session IDs in cookies, while the session data itself is stored on the server.
- **Stateless authentication** (using JWT tokens) stores all necessary session information inside the token itself and requires no server-side state management.

Both approaches can be implemented easily using FastAPI's `response.set_cookie()` for cookies and built-in authentication mechanisms.

# **24. What are the best practices for securely storing user credentials in FastAPI applications?**

When building FastAPI applications that handle user authentication, it is crucial to follow best practices for **securely storing user credentials** to protect against potential attacks, such as **data breaches**, **brute force attacks**, and **credential theft**. Here are the recommended best practices for securely storing user credentials in FastAPI applications:

### **1. Never Store Plaintext Passwords**
Storing passwords in plaintext is a major security risk. If an attacker gains access to your database, they will have access to all user credentials. Instead, always store **hashed** and **salted** passwords.

#### **How to Do This:**
- Use a **secure hashing algorithm** like **bcrypt**, **argon2**, or **pbkdf2** to hash passwords before storing them.
- These algorithms are designed to be slow and computationally expensive, making brute-force attacks more difficult.
  
##### Example using `passlib` with bcrypt:

```bash
pip install passlib[bcrypt]
```

```python
from passlib.context import CryptContext

# Create a CryptContext instance using bcrypt
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")

# Function to hash passwords
def hash_password(password: str) -> str:
    return pwd_context.hash(password)

# Function to verify passwords
def verify_password(plain_password: str, hashed_password: str) -> bool:
    return pwd_context.verify(plain_password, hashed_password)
```

- `hash_password` will hash the password before storing it in the database.
- `verify_password` will verify the hashed password during authentication.

### **2. Use Salted Hashing**
Most modern password hashing algorithms, such as **bcrypt**, **argon2**, and **pbkdf2**, automatically salt the password (i.e., adding random data to the password before hashing it). This ensures that even if two users have the same password, their hashed passwords will be different.

- **Salting** helps protect against **rainbow table attacks**.
- The **salt** is unique for each password and is often stored as part of the hashed password (e.g., in bcrypt).

### **3. Use a Strong Hashing Algorithm**
Avoid using weak hashing algorithms like MD5 or SHA-1. Instead, use the following secure algorithms:
- **bcrypt**: A popular choice for hashing passwords. It is slow and resistant to brute-force attacks.
- **argon2**: A modern hashing algorithm that is designed to be memory and computation-intensive.
- **PBKDF2**: A key derivation function that applies multiple iterations of a secure hash.

### **4. Implement Rate Limiting for Authentication Requests**
Brute force attacks can be mitigated by limiting the number of login attempts per user or IP address.

- **Rate limiting** can help prevent an attacker from attempting too many password guesses.
- Use libraries like **FastAPI's dependencies** or **Redis** to track login attempts and implement limits.

Example using **FastAPI** with **RateLimit** dependency:

```bash
pip install slowapi
```

```python
from slowapi import Limiter
from slowapi.util import get_remote_address

limiter = Limiter(key_func=get_remote_address)

@app.post("/login")
@limiter.limit("5/minute")  # Limit login attempts to 5 per minute
async def login(user: User):
    # Handle login
    pass
```

### **5. Secure Communication (Use HTTPS)**
Passwords and other sensitive information should only be transmitted over secure channels. Use **HTTPS** (SSL/TLS) to ensure that data sent between the client and server is encrypted.

- Always ensure that your FastAPI application uses **HTTPS** in production to protect user credentials from being intercepted during transmission.
- In development, use self-signed certificates or services like **ngrok** to test HTTPS locally.

### **6. Implement Multi-Factor Authentication (MFA)**
For added security, especially for sensitive applications, implement **multi-factor authentication (MFA)**. This requires users to provide something they know (password) and something they have (e.g., an authentication app or email verification).

FastAPI doesn't have built-in support for MFA, but you can integrate third-party libraries like **Auth0**, **Google Authenticator**, or **Twilio** for SMS-based or app-based MFA.

### **7. Protect Against Session Hijacking**
- When using **session cookies** or **JWT tokens** for authentication, make sure that cookies are set with **HTTPOnly**, **Secure**, and **SameSite** flags.
  - `HTTPOnly`: Prevents client-side access to cookies via JavaScript (protects against XSS).
  - `Secure`: Ensures that cookies are sent only over HTTPS connections.
  - `SameSite`: Restricts the cookie to be sent only from the same site (protects against CSRF).

Example of setting secure cookies:

```python
response.set_cookie(
    "access_token",
    access_token,
    httponly=True,  # Makes the cookie inaccessible to JavaScript
    secure=True,    # Ensures the cookie is sent only over HTTPS
    samesite="Strict",  # Prevents sending cookies with cross-site requests
    max_age=60*60,  # Expiry time in seconds
)
```

### **8. Use Environment Variables for Sensitive Information**
Never hard-code **API keys**, **database credentials**, or **secrets** directly in your FastAPI application code. Instead, use environment variables to keep sensitive data secure.

- Use libraries like **`python-dotenv`** to load environment variables from a `.env` file in development.
- Ensure that sensitive data is never exposed in version control systems (like Git).

Example:

```bash
SECRET_KEY="your-secret-key"
DATABASE_URL="your-database-url"
```

#### Loading environment variables in FastAPI:

```python
from dotenv import load_dotenv
import os

load_dotenv()  # Load environment variables from .env file

SECRET_KEY = os.getenv("SECRET_KEY")
```

### **9. Regularly Rotate Secrets and Keys**
Regularly rotate your **API keys**, **JWT secret keys**, and other sensitive data. If any secret is compromised, changing it immediately can limit the potential damage.

- You can implement key rotation mechanisms that allow for a smooth transition without disrupting the service.

### **10. Avoid Storing Sensitive Data (Minimal Data Collection)**
As a best practice, only collect and store the data necessary for your application’s functionality. Avoid storing sensitive data like:

- **Credit card numbers** (use third-party services for payments).
- **Social security numbers** or other sensitive identifiers (unless absolutely necessary).

### **11. Secure Your Database**
Ensure that your **database** is securely configured:
- **Encryption at rest** and **encryption in transit** for stored data.
- Regularly **back up** your database and ensure that backups are encrypted.
- Use **role-based access control (RBAC)** to limit database access.

### **12. Educate Users About Strong Password Practices**
Encourage users to choose **strong passwords** by enforcing **password strength policies**, such as:
- Minimum length (e.g., 8-12 characters).
- Require a mix of **uppercase**, **lowercase**, **digits**, and **special characters**.
- Prevent the use of **commonly used** passwords.

You can enforce these policies at the application level when users create or update their passwords.

---

### **Conclusion**

By following these best practices, you can securely store and manage user credentials in your FastAPI applications. The key aspects are:
- **Never store passwords in plaintext**—always hash and salt them.
- Use **secure hashing algorithms** like bcrypt, argon2, or PBKDF2.
- Protect sensitive data with **HTTPS** and **rate limiting**.
- Implement **multi-factor authentication** and **session security** to further secure user accounts.

These practices will help protect user credentials from various threats, including unauthorized access, data breaches, and brute-force attacks.

# **25. In FastAPI, how can you limit access to specific API endpoints based on user roles and permissions?**

In FastAPI, you can limit access to specific API endpoints based on user roles and permissions by implementing **Role-Based Access Control (RBAC)**. This allows you to define user roles (e.g., admin, user, manager) and assign specific permissions to users or groups of users. FastAPI provides several ways to achieve this, including using dependencies to check user roles and permissions at runtime.

### Steps to Implement RBAC in FastAPI:

1. **Define User Roles**: Create roles like admin, user, etc.
2. **Assign Permissions**: Map specific permissions to roles (e.g., read, write, delete).
3. **Use Dependencies**: Use dependencies to verify if the current user has the required role/permission for the endpoint.

Let's walk through an example:

### 1. **Define User Roles and Permissions**

First, you need to define the roles and permissions in your system. This can be done by using a model or just as simple constants, enums, or dictionaries.

#### **Example Roles and Permissions Model**:
You can create a dictionary or use `Enum` to represent roles and their associated permissions.

```python
from enum import Enum

class Role(str, Enum):
    admin = "admin"
    user = "user"
    manager = "manager"

class Permission(str, Enum):
    read = "read"
    write = "write"
    delete = "delete"
```

### 2. **Simulate User Data**

Next, create a fake user database or simulate user data with roles and permissions.

```python
# Fake users and their roles/permissions
fake_users_db = {
    "admin_user": {"username": "admin_user", "role": Role.admin, "permissions": [Permission.read, Permission.write, Permission.delete]},
    "regular_user": {"username": "regular_user", "role": Role.user, "permissions": [Permission.read]},
    "manager_user": {"username": "manager_user", "role": Role.manager, "permissions": [Permission.read, Permission.write]},
}
```

### 3. **Create Dependencies to Verify User Roles and Permissions**

FastAPI allows you to create custom dependencies that can be used to verify roles and permissions before granting access to a route.

#### **Role Verification Dependency**:
You can create a dependency to verify the user's role.

```python
from fastapi import Depends, HTTPException, status

# Dependency to get current user
def get_current_user(username: str):
    user = fake_users_db.get(username)
    if not user:
        raise HTTPException(status_code=404, detail="User not found")
    return user

# Dependency to check user role
def role_required(role: Role):
    def role_checker(user: dict = Depends(get_current_user)):
        if user["role"] != role:
            raise HTTPException(status_code=403, detail="Forbidden: Insufficient role")
        return user
    return role_checker
```

#### **Permission Verification Dependency**:
Similarly, you can create a dependency to verify if the user has specific permissions.

```python
# Dependency to check user permissions
def permission_required(permission: Permission):
    def permission_checker(user: dict = Depends(get_current_user)):
        if permission not in user["permissions"]:
            raise HTTPException(status_code=403, detail="Forbidden: Insufficient permissions")
        return user
    return permission_checker
```

### 4. **Define Protected Routes with Role and Permission Checks**

Now, you can apply the `role_required` and `permission_required` dependencies to specific API endpoints to enforce access control.

#### **Example:**

```python
from fastapi import FastAPI, Depends

app = FastAPI()

# Example endpoint requiring 'admin' role
@app.get("/admin-only")
async def admin_only(user: dict = Depends(role_required(Role.admin))):
    return {"message": f"Welcome, {user['username']}! You have admin access."}

# Example endpoint requiring 'read' permission
@app.get("/read-content")
async def read_content(user: dict = Depends(permission_required(Permission.read))):
    return {"message": f"Welcome, {user['username']}! You can read the content."}

# Example endpoint requiring both 'manager' role and 'write' permission
@app.post("/write-content")
async def write_content(user: dict = Depends(role_required(Role.manager)),
                         permissions: dict = Depends(permission_required(Permission.write))):
    return {"message": f"Welcome, {user['username']}! You can write content."}
```

### 5. **Explanation of the Code**:

- **`role_required`**: This dependency checks if the current user has the required role to access an endpoint. It compares the user's role with the required role (e.g., `Role.admin`) and raises an exception if the user doesn’t have sufficient privileges.
- **`permission_required`**: This dependency checks if the user has the required permission (e.g., `Permission.read`, `Permission.write`) to access the endpoint.
- **`Depends`**: FastAPI uses the `Depends` dependency injection system to enforce checks on user roles and permissions before granting access to protected endpoints.

### 6. **Test the Application**

When you run the FastAPI app, you can test the following scenarios:
1. **Access the `/admin-only` route**: Only users with the `admin` role can access this endpoint.
2. **Access the `/read-content` route**: Users with the `read` permission can access this endpoint.
3. **Access the `/write-content` route**: Users with the `manager` role and `write` permission can access this endpoint.

### **Running the App:**

```bash
uvicorn app:app --reload
```

### **Conclusion**:

Using **role-based access control (RBAC)** in FastAPI is straightforward and can be achieved by creating custom dependencies to check the user's role and permissions before allowing access to certain endpoints. This ensures that only authorized users can access certain resources based on their roles or permissions. By using FastAPI’s dependency injection system, you can keep your code modular and clean while implementing robust access control for your APIs.