# üìö Panduan Lengkap FastAPI - Dari Dasar Hingga Mahir

## Selamat Datang!

Notebook ini adalah panduan lengkap untuk mempelajari **FastAPI**, sebuah framework modern, cepat (high-performance), untuk membangun API dengan Python 3.7+ berdasarkan standard type hints Python.

### üéØ Apa yang Akan Anda Pelajari:

1. **Instalasi FastAPI dan Setup Environment**
2. **Konsep Dasar dan Aplikasi Pertama**
3. **Routing dan Path Parameters**
4. **Query Parameters dan Request Body**
5. **Response Models dan Validasi Data**
6. **HTTP Methods (GET, POST, PUT, DELETE, PATCH)**
7. **Form Data dan File Uploads**
8. **Headers dan Cookies**
9. **Dependency Injection**
10. **Middleware dan CORS**
11. **Database Integration dengan SQLAlchemy**
12. **Authentication & Security (JWT)**
13. **Background Tasks**
14. **Testing**
15. **Tips dan Best Practices**

### ‚ö° Kenapa FastAPI?

- **Cepat**: Performa sangat tinggi, setara dengan NodeJS dan Go
- **Mudah**: Dirancang untuk mudah dipelajari dan digunakan
- **Robust**: Production-ready code dengan automatic interactive documentation
- **Standards-based**: Berdasarkan OpenAPI dan JSON Schema
- **Automatic Documentation**: Interactive API docs (Swagger UI dan ReDoc)
- **Type Hints**: Menggunakan Python type hints untuk validasi otomatis

---

Mari kita mulai! üöÄ

## 1. üì¶ Instalasi FastAPI dan Uvicorn

Sebelum memulai, kita perlu menginstal FastAPI dan Uvicorn (ASGI server untuk menjalankan aplikasi FastAPI).

### Apa itu Uvicorn?
Uvicorn adalah ASGI (Asynchronous Server Gateway Interface) server yang sangat cepat, dibangun menggunakan uvloop dan httptools. Ini adalah server yang kita gunakan untuk menjalankan aplikasi FastAPI kita.

### Instalasi dengan pip:

In [None]:
# Instalasi FastAPI dan Uvicorn
# Jalankan perintah ini di terminal atau uncomment baris di bawah:

# !pip install fastapi
# !pip install "uvicorn[standard]"

# Atau install keduanya sekaligus:
# !pip install fastapi uvicorn[standard]

# Untuk development, Anda juga bisa install dengan semua dependencies optional:
# !pip install "fastapi[all]"

# Verifikasi instalasi
import fastapi
import uvicorn

print(f"FastAPI version: {fastapi.__version__}")
print(f"Uvicorn version: {uvicorn.__version__}")
print("‚úÖ FastAPI dan Uvicorn berhasil diinstall!")

## 2. üöÄ Aplikasi FastAPI Pertama Anda

Mari kita buat aplikasi FastAPI yang paling sederhana. Aplikasi ini akan memiliki satu endpoint yang mengembalikan pesan "Hello World".

### Penjelasan Kode:
- `FastAPI()`: Membuat instance aplikasi FastAPI
- `@app.get("/")`: Decorator yang mendefinisikan route dengan HTTP method GET
- Function di bawah decorator adalah **path operation function** yang akan dijalankan ketika endpoint diakses
- Return value akan otomatis dikonversi ke JSON

In [None]:
# Buat file bernama main.py dengan kode berikut:

from fastapi import FastAPI

# Membuat instance aplikasi FastAPI
app = FastAPI()

# Mendefinisikan route untuk endpoint root
@app.get("/")
def read_root():
    """
    Endpoint sederhana yang mengembalikan pesan sambutan
    """
    return {"message": "Hello World", "status": "success"}

# Endpoint kedua dengan path berbeda
@app.get("/info")
def get_info():
    """
    Endpoint yang mengembalikan informasi tentang API
    """
    return {
        "app_name": "FastAPI Tutorial",
        "version": "1.0.0",
        "description": "Belajar FastAPI dari dasar"
    }

print("‚úÖ Aplikasi FastAPI berhasil dibuat!")
print("\nUntuk menjalankan aplikasi:")
print("1. Simpan kode di atas dalam file bernama 'main.py'")
print("2. Jalankan di terminal: uvicorn main:app --reload")
print("3. Buka browser: http://127.0.0.1:8000")
print("4. Dokumentasi otomatis: http://127.0.0.1:8000/docs")

### üìù Cara Menjalankan Aplikasi

Ada beberapa cara untuk menjalankan aplikasi FastAPI:

#### Metode 1: Menggunakan Uvicorn dari Terminal
```bash
uvicorn main:app --reload
```

Penjelasan parameter:
- `main`: nama file Python (main.py)
- `app`: nama variabel instance FastAPI di dalam file
- `--reload`: auto-reload ketika ada perubahan kode (untuk development)

#### Metode 2: Menjalankan dengan Konfigurasi Custom
```bash
uvicorn main:app --host 0.0.0.0 --port 8080 --reload
```

#### Metode 3: Menjalankan dari dalam Python Script
Anda bisa menambahkan kode ini di akhir file main.py:

In [None]:
# Menjalankan Uvicorn dari dalam script Python
import uvicorn
from fastapi import FastAPI

app = FastAPI()

@app.get("/")
def read_root():
    return {"message": "Hello from embedded uvicorn"}

# Bagian ini hanya dijalankan jika file dijalankan langsung
if __name__ == "__main__":
    # Jalankan server dengan konfigurasi custom
    uvicorn.run(
        "main:app",  # atau bisa juga: app (tanpa string)
        host="0.0.0.0",  # Bisa diakses dari network
        port=8000,       # Port yang digunakan
        reload=True,     # Auto-reload untuk development
        log_level="info" # Level logging
    )

print("üí° Tips: Simpan kode ini di file main.py dan jalankan dengan: python main.py")

## 3. üõ£Ô∏è Path Parameters

Path parameters adalah parameter yang menjadi bagian dari URL path. Sangat berguna untuk mengidentifikasi resource spesifik.

### Konsep:
- Didefinisikan dengan `{parameter_name}` dalam path
- Otomatis di-parse dan divalidasi berdasarkan type hint
- Wajib ada (tidak bisa optional)

### Contoh Penggunaan:

In [None]:
from fastapi import FastAPI, Path
from typing import Optional

app = FastAPI()

# 1. Path Parameter Sederhana
@app.get("/items/{item_id}")
def read_item(item_id: int):
    """
    Endpoint dengan path parameter sederhana
    URL: /items/5
    """
    return {"item_id": item_id, "message": f"Anda mengakses item dengan ID: {item_id}"}

# 2. Path Parameter dengan String
@app.get("/users/{username}")
def read_user(username: str):
    """
    Path parameter dengan tipe string
    URL: /users/john_doe
    """
    return {"username": username, "message": f"Profile user: {username}"}

# 3. Multiple Path Parameters
@app.get("/users/{user_id}/items/{item_id}")
def read_user_item(user_id: int, item_id: int):
    """
    Beberapa path parameters dalam satu endpoint
    URL: /users/123/items/456
    """
    return {
        "user_id": user_id, 
        "item_id": item_id,
        "message": f"User {user_id} mengakses item {item_id}"
    }

# 4. Path Parameter dengan Validasi
@app.get("/products/{product_id}")
def read_product(
    product_id: int = Path(
        ...,  # ... berarti required
        title="Product ID",
        description="ID produk yang ingin diakses",
        ge=1,  # greater than or equal (>=)
        le=1000  # less than or equal (<=)
    )
):
    """
    Path parameter dengan validasi nilai
    URL: /products/50
    Akan error jika product_id < 1 atau > 1000
    """
    return {"product_id": product_id, "valid": True}

# 5. Path Parameter dengan Enum
from enum import Enum

class ModelName(str, Enum):
    """Enum untuk membatasi nilai yang diperbolehkan"""
    alexnet = "alexnet"
    resnet = "resnet"
    lenet = "lenet"

@app.get("/models/{model_name}")
def get_model(model_name: ModelName):
    """
    Path parameter dengan nilai terbatas (Enum)
    URL: /models/alexnet
    Hanya menerima: alexnet, resnet, atau lenet
    """
    if model_name == ModelName.alexnet:
        return {"model_name": model_name, "message": "Deep Learning FTW!"}
    
    if model_name.value == "lenet":
        return {"model_name": model_name, "message": "LeCNN all the images"}
    
    return {"model_name": model_name, "message": "Have some residuals"}

# 6. Path Parameter dengan File Path
@app.get("/files/{file_path:path}")
def read_file(file_path: str):
    """
    Path parameter yang bisa menerima path lengkap dengan slash
    URL: /files/home/user/documents/file.txt
    Tanpa :path, slash akan diperlakukan sebagai pemisah path
    """
    return {"file_path": file_path}

print("‚úÖ Path Parameters examples created!")
print("\nContoh URL yang bisa diakses:")
print("- GET /items/42")
print("- GET /users/john_doe")
print("- GET /users/1/items/5")
print("- GET /products/100")
print("- GET /models/alexnet")
print("- GET /files/home/user/file.txt")

## 4. üîç Query Parameters

Query parameters adalah parameter yang muncul setelah `?` di URL. Berbeda dengan path parameters, query parameters bersifat optional dan cocok untuk filtering, sorting, atau pagination.

### Karakteristik Query Parameters:
- Muncul setelah `?` dalam URL (contoh: `/items?skip=0&limit=10`)
- Bersifat optional (bisa diberi default value)
- Ideal untuk filtering, pagination, sorting
- Bisa ada multiple query parameters

### Contoh:

In [None]:
from fastapi import FastAPI, Query
from typing import Optional, List

app = FastAPI()

# 1. Query Parameter Sederhana
@app.get("/items/")
def read_items(skip: int = 0, limit: int = 10):
    """
    Query parameters dengan default values
    URL: /items/?skip=0&limit=10
    Jika tidak disediakan, akan menggunakan nilai default
    """
    return {
        "skip": skip, 
        "limit": limit,
        "message": f"Menampilkan items dari {skip} hingga {skip + limit}"
    }

# 2. Optional Query Parameter
@app.get("/users/")
def read_users(user_id: Optional[int] = None, name: Optional[str] = None):
    """
    Query parameters yang benar-benar optional (bisa None)
    URL: /users/?user_id=5&name=John
    Atau: /users/ (tanpa parameter)
    """
    if user_id:
        return {"user_id": user_id, "name": name, "type": "specific_user"}
    return {"message": "Semua users", "type": "all_users"}

# 3. Required Query Parameter
@app.get("/search/")
def search_items(q: str):
    """
    Query parameter yang required (wajib ada)
    URL: /search/?q=laptop
    Akan error jika q tidak disediakan
    """
    return {"query": q, "results": f"Hasil pencarian untuk: {q}"}

# 4. Query Parameter dengan Validasi
@app.get("/products/")
def get_products(
    q: Optional[str] = Query(
        None,  # Default value
        min_length=3,  # Minimal 3 karakter
        max_length=50,  # Maksimal 50 karakter
        regex="^[a-zA-Z0-9 ]+$",  # Hanya huruf, angka, dan spasi
        title="Query String",
        description="String untuk mencari produk"
    ),
    price_min: float = Query(0, ge=0, description="Harga minimum"),
    price_max: float = Query(10000, le=100000, description="Harga maksimum"),
    in_stock: bool = Query(True, description="Hanya tampilkan yang tersedia")
):
    """
    Query parameters dengan berbagai validasi
    URL: /products/?q=laptop&price_min=1000&price_max=5000&in_stock=true
    """
    return {
        "query": q,
        "price_range": {"min": price_min, "max": price_max},
        "in_stock": in_stock,
        "message": "Filter applied successfully"
    }

# 5. Query Parameter dengan List/Array
@app.get("/items/filter/")
def filter_items(
    tags: List[str] = Query(
        [],  # Default empty list
        title="Tags",
        description="Filter items berdasarkan tags",
        example=["electronics", "computers"]
    )
):
    """
    Query parameter yang menerima multiple values (array)
    URL: /items/filter/?tags=electronics&tags=computers&tags=laptop
    Atau: /items/filter/?tags=electronics,computers,laptop
    """
    return {"tags": tags, "count": len(tags)}

# 6. Query Parameter dengan Alias
@app.get("/articles/")
def get_articles(
    item_query: str = Query(
        ...,  # Required
        alias="item-query",  # URL akan menggunakan "item-query" bukan "item_query"
        title="Item Query",
        description="Query string untuk mencari artikel"
    )
):
    """
    Query parameter dengan alias (nama berbeda di URL)
    URL: /articles/?item-query=python
    Perhatikan: menggunakan dash (-) bukan underscore (_)
    """
    return {"query": item_query, "results": "Article list"}

# 7. Query Parameter dengan Deprecated Warning
@app.get("/old-api/")
def old_api_endpoint(
    old_param: Optional[str] = Query(
        None,
        deprecated=True,  # Menandai parameter ini sudah deprecated
        description="Parameter ini akan dihapus di versi mendatang"
    )
):
    """
    Query parameter yang ditandai sebagai deprecated
    Akan muncul warning di dokumentasi
    """
    return {"old_param": old_param, "warning": "This parameter is deprecated"}

# 8. Complex Query dengan Multiple Types
@app.get("/search/advanced/")
def advanced_search(
    keyword: str = Query(..., min_length=1),
    category: Optional[str] = None,
    min_price: float = Query(0, ge=0),
    max_price: float = Query(1000000, le=1000000),
    sort_by: str = Query("relevance", regex="^(relevance|price|date)$"),
    order: str = Query("asc", regex="^(asc|desc)$"),
    page: int = Query(1, ge=1),
    per_page: int = Query(10, ge=1, le=100),
    include_archived: bool = False
):
    """
    Contoh endpoint dengan banyak query parameters untuk pencarian advanced
    URL: /search/advanced/?keyword=laptop&category=electronics&min_price=1000&max_price=5000&sort_by=price&order=desc&page=1&per_page=20
    """
    return {
        "search_params": {
            "keyword": keyword,
            "category": category,
            "price_range": {"min": min_price, "max": max_price},
            "sorting": {"by": sort_by, "order": order},
            "pagination": {"page": page, "per_page": per_page},
            "include_archived": include_archived
        },
        "message": "Advanced search executed"
    }

print("‚úÖ Query Parameters examples created!")
print("\nContoh URL yang bisa diakses:")
print("- GET /items/?skip=10&limit=20")
print("- GET /users/?user_id=5&name=John")
print("- GET /search/?q=laptop")
print("- GET /products/?q=laptop&price_min=1000&price_max=5000")
print("- GET /items/filter/?tags=electronics&tags=computers")
print("- GET /articles/?item-query=python")

## 5. üì¶ Request Body dengan Pydantic Models

Request body adalah data yang dikirim oleh client dalam body HTTP request (biasanya untuk POST, PUT, PATCH). FastAPI menggunakan Pydantic untuk validasi dan serialization data.

### Keuntungan Pydantic:
- ‚úÖ Automatic data validation
- ‚úÖ Automatic JSON parsing
- ‚úÖ Type checking dan autocompletion di IDE
- ‚úÖ Automatic interactive documentation
- ‚úÖ Error handling yang jelas

### Contoh Penggunaan:

In [None]:
from fastapi import FastAPI, Body
from pydantic import BaseModel, Field, EmailStr, validator
from typing import Optional, List
from datetime import datetime

app = FastAPI()

# 1. Model Sederhana
class Item(BaseModel):
    """Model untuk item/produk"""
    name: str
    description: Optional[str] = None
    price: float
    tax: Optional[float] = None

@app.post("/items/")
def create_item(item: Item):
    """
    Endpoint untuk membuat item baru
    Request body akan divalidasi berdasarkan model Item
    """
    item_dict = item.dict()
    
    # Hitung total price jika ada tax
    if item.tax:
        price_with_tax = item.price + item.tax
        item_dict.update({"price_with_tax": price_with_tax})
    
    return item_dict

# 2. Model dengan Field Validation
class User(BaseModel):
    """Model user dengan validasi lengkap"""
    username: str = Field(
        ...,  # Required
        min_length=3,
        max_length=50,
        description="Username harus 3-50 karakter"
    )
    email: str = Field(
        ...,
        regex=r'^[\w\.-]+@[\w\.-]+\.\w+$',
        description="Email harus valid"
    )
    full_name: Optional[str] = Field(None, max_length=100)
    age: int = Field(..., ge=18, le=120, description="Umur harus 18-120 tahun")
    is_active: bool = Field(default=True)
    
    # Contoh data untuk dokumentasi
    class Config:
        schema_extra = {
            "example": {
                "username": "johndoe",
                "email": "john@example.com",
                "full_name": "John Doe",
                "age": 25,
                "is_active": True
            }
        }

@app.post("/users/")
def create_user(user: User):
    """Membuat user baru dengan validasi lengkap"""
    return {
        "message": "User created successfully",
        "user": user.dict()
    }

# 3. Nested Models (Model dalam Model)
class Image(BaseModel):
    """Model untuk gambar"""
    url: str
    name: str

class Product(BaseModel):
    """Model produk dengan nested model"""
    name: str
    description: Optional[str] = None
    price: float = Field(..., gt=0, description="Harga harus lebih dari 0")
    tax: float = 10.5
    tags: List[str] = []  # List of strings
    images: Optional[List[Image]] = None  # List of Image objects

@app.post("/products/")
def create_product(product: Product):
    """Membuat produk dengan nested model"""
    return {
        "message": "Product created",
        "product": product.dict(),
        "total_images": len(product.images) if product.images else 0
    }

# 4. Model dengan Custom Validator
class Article(BaseModel):
    """Model artikel dengan custom validator"""
    title: str = Field(..., min_length=5, max_length=200)
    content: str = Field(..., min_length=10)
    author: str
    published_date: Optional[datetime] = None
    tags: List[str] = []
    
    @validator('title')
    def title_must_be_capitalized(cls, v):
        """Custom validator: title harus diawali huruf kapital"""
        if not v[0].isupper():
            raise ValueError('Title must start with a capital letter')
        return v
    
    @validator('tags')
    def tags_must_be_unique(cls, v):
        """Custom validator: tags harus unique"""
        if len(v) != len(set(v)):
            raise ValueError('Tags must be unique')
        return v
    
    @validator('published_date', pre=True, always=True)
    def set_published_date(cls, v):
        """Set published_date ke sekarang jika tidak disediakan"""
        return v or datetime.now()

@app.post("/articles/")
def create_article(article: Article):
    """Membuat artikel dengan custom validation"""
    return {
        "message": "Article created",
        "article": article.dict()
    }

# 5. Multiple Body Parameters
class Order(BaseModel):
    """Model untuk order"""
    product_id: int
    quantity: int = Field(..., gt=0)
    notes: Optional[str] = None

class Customer(BaseModel):
    """Model untuk customer"""
    name: str
    email: str
    phone: Optional[str] = None

@app.post("/orders/")
def create_order(order: Order, customer: Customer):
    """
    Endpoint dengan multiple body parameters
    Request body akan berisi object order dan customer
    """
    return {
        "message": "Order created",
        "order": order.dict(),
        "customer": customer.dict()
    }

# 6. Body dengan Singular Values (bukan object)
@app.post("/login/")
def login(
    username: str = Body(...),
    password: str = Body(...),
    remember_me: bool = Body(False)
):
    """
    Body dengan singular values (bukan object lengkap)
    Request body: {"username": "john", "password": "secret", "remember_me": true}
    """
    return {
        "username": username,
        "remember_me": remember_me,
        "message": "Login successful"
    }

# 7. Combining Path, Query, and Body Parameters
@app.put("/items/{item_id}")
def update_item(
    item_id: int,  # Path parameter
    item: Item,  # Body parameter
    q: Optional[str] = None,  # Query parameter
    importance: int = Body(..., ge=1, le=5)  # Singular body value
):
    """
    Kombinasi path, query, dan body parameters
    URL: /items/5?q=search_term
    Body: {item object} dengan field importance
    """
    result = {
        "item_id": item_id,
        "item": item.dict(),
        "importance": importance
    }
    if q:
        result.update({"q": q})
    return result

# 8. Model dengan Config dan Example
class Settings(BaseModel):
    """Model dengan config lengkap"""
    theme: str = Field(default="light", regex="^(light|dark)$")
    language: str = Field(default="en", max_length=5)
    notifications_enabled: bool = True
    auto_save: bool = True
    font_size: int = Field(default=14, ge=10, le=24)
    
    class Config:
        # Contoh untuk dokumentasi
        schema_extra = {
            "example": {
                "theme": "dark",
                "language": "id",
                "notifications_enabled": True,
                "auto_save": True,
                "font_size": 16
            }
        }

@app.post("/settings/")
def update_settings(settings: Settings):
    """Update user settings"""
    return {
        "message": "Settings updated",
        "settings": settings.dict()
    }

print("‚úÖ Request Body with Pydantic Models examples created!")
print("\nContoh request body:")
print("POST /items/")
print('{"name": "Laptop", "price": 1000, "tax": 100}')
print("\nPOST /users/")
print('{"username": "johndoe", "email": "john@example.com", "age": 25}')

## 6. üì§ Response Models

Response models digunakan untuk mendefinisikan struktur data yang dikembalikan oleh endpoint. Ini membantu:
- üìã Validasi output data
- üîí Filtering data sensitif (password, token, dll)
- üìö Dokumentasi yang lebih baik
- üéØ Type safety

### Parameter `response_model`:
- Menentukan model yang digunakan untuk response
- Otomatis melakukan filtering dan validasi
- Muncul di dokumentasi API

In [None]:
from fastapi import FastAPI
from pydantic import BaseModel, EmailStr, Field
from typing import Optional, List
from datetime import datetime

app = FastAPI()

# 1. Basic Response Model
class UserIn(BaseModel):
    """Model untuk input user (dengan password)"""
    username: str
    email: str
    password: str
    full_name: Optional[str] = None

class UserOut(BaseModel):
    """Model untuk output user (tanpa password)"""
    username: str
    email: str
    full_name: Optional[str] = None
    
@app.post("/users/", response_model=UserOut)
def create_user(user: UserIn):
    """
    Endpoint ini menerima UserIn (dengan password)
    tetapi mengembalikan UserOut (tanpa password)
    Password tidak akan muncul di response
    """
    # Dalam praktik nyata, hash password dan simpan ke database
    return user  # FastAPI otomatis filter berdasarkan UserOut

# 2. Response Model dengan List
class ItemBase(BaseModel):
    """Model dasar untuk item"""
    name: str
    price: float
    description: Optional[str] = None

# Database dummy
fake_items_db = [
    {"name": "Laptop", "price": 1000, "description": "Gaming laptop"},
    {"name": "Mouse", "price": 25, "description": "Wireless mouse"},
    {"name": "Keyboard", "price": 75, "description": "Mechanical keyboard"}
]

@app.get("/items/", response_model=List[ItemBase])
def get_items():
    """
    Mengembalikan list of items
    Response model adalah List[ItemBase]
    """
    return fake_items_db

# 3. Response Model dengan response_model_exclude
class UserComplete(BaseModel):
    """Model user lengkap"""
    username: str
    email: str
    full_name: Optional[str] = None
    password: str
    credit_card: Optional[str] = None

@app.get("/user/{user_id}", response_model=UserComplete, response_model_exclude={"password", "credit_card"})
def get_user(user_id: int):
    """
    Menggunakan response_model_exclude untuk exclude field tertentu
    password dan credit_card tidak akan muncul di response
    """
    return {
        "username": "johndoe",
        "email": "john@example.com",
        "full_name": "John Doe",
        "password": "secret123",  # Akan di-exclude
        "credit_card": "1234-5678"  # Akan di-exclude
    }

# 4. Response Model dengan response_model_include
@app.get("/user/{user_id}/public", response_model=UserComplete, response_model_include={"username", "email"})
def get_user_public(user_id: int):
    """
    Menggunakan response_model_include untuk hanya include field tertentu
    Hanya username dan email yang akan muncul
    """
    return {
        "username": "johndoe",
        "email": "john@example.com",
        "full_name": "John Doe",
        "password": "secret123",
        "credit_card": "1234-5678"
    }

# 5. Multiple Response Models
class ItemShort(BaseModel):
    """Model item sederhana"""
    name: str
    price: float

class ItemDetailed(BaseModel):
    """Model item detail"""
    name: str
    price: float
    description: Optional[str] = None
    tax: float = 0
    tags: List[str] = []
    created_at: datetime = Field(default_factory=datetime.now)

@app.get("/items/{item_id}/short", response_model=ItemShort)
def get_item_short(item_id: int):
    """Mengembalikan item dengan data minimal"""
    return {
        "name": "Sample Item",
        "price": 100,
        "description": "This will be filtered out",
        "extra_field": "This too"
    }

@app.get("/items/{item_id}/detailed", response_model=ItemDetailed)
def get_item_detailed(item_id: int):
    """Mengembalikan item dengan data lengkap"""
    return {
        "name": "Sample Item",
        "price": 100,
        "description": "Detailed description",
        "tax": 10,
        "tags": ["electronics", "computers"]
    }

# 6. Response Model dengan Union Types
from typing import Union

class ErrorResponse(BaseModel):
    """Model untuk error response"""
    error: str
    detail: str
    code: int

class SuccessResponse(BaseModel):
    """Model untuk success response"""
    message: str
    data: dict

# Note: Union di response_model memerlukan discriminator atau conditional logic
@app.get("/operation/{success}")
def perform_operation(success: bool):
    """
    Endpoint yang bisa return success atau error
    """
    if success:
        return {
            "message": "Operation successful",
            "data": {"result": "completed"}
        }
    else:
        return {
            "error": "Operation failed",
            "detail": "Something went wrong",
            "code": 500
        }

# 7. Response Model dengan status_code
from fastapi import status

class NewItem(BaseModel):
    name: str
    price: float

@app.post("/items/create", response_model=NewItem, status_code=status.HTTP_201_CREATED)
def create_new_item(item: NewItem):
    """
    Endpoint dengan custom status code (201 Created)
    Dan response model yang jelas
    """
    return item

# 8. Response Model dengan response_model_exclude_unset
class ItemOptional(BaseModel):
    """Model dengan banyak optional fields"""
    name: str
    description: Optional[str] = None
    price: Optional[float] = None
    tax: Optional[float] = None
    tags: Optional[List[str]] = None

@app.get("/items/{item_id}/minimal", response_model=ItemOptional, response_model_exclude_unset=True)
def get_item_minimal(item_id: int):
    """
    response_model_exclude_unset=True akan exclude field yang tidak di-set
    Hanya field yang explicitly di-set yang akan muncul di response
    """
    return {
        "name": "Laptop",
        "price": 1000
        # description, tax, tags tidak di-set, jadi tidak akan muncul di response
    }

# 9. Response Model dengan response_model_exclude_none
@app.get("/items/{item_id}/no-none", response_model=ItemOptional, response_model_exclude_none=True)
def get_item_no_none(item_id: int):
    """
    response_model_exclude_none=True akan exclude field yang None
    """
    return {
        "name": "Mouse",
        "price": 25,
        "description": None,  # Akan di-exclude
        "tax": None,  # Akan di-exclude
        "tags": ["accessories"]
    }

# 10. Response Model dengan Nested Models
class Address(BaseModel):
    street: str
    city: str
    country: str
    postal_code: str

class UserProfile(BaseModel):
    username: str
    email: str
    address: Address
    created_at: datetime = Field(default_factory=datetime.now)

@app.get("/profile/{user_id}", response_model=UserProfile)
def get_user_profile(user_id: int):
    """Response dengan nested model"""
    return {
        "username": "johndoe",
        "email": "john@example.com",
        "address": {
            "street": "123 Main St",
            "city": "Jakarta",
            "country": "Indonesia",
            "postal_code": "12345"
        }
    }

print("‚úÖ Response Models examples created!")
print("\nKeuntungan menggunakan Response Model:")
print("- Automatic filtering data sensitif")
print("- Validasi output")
print("- Better documentation")
print("- Type safety")

## 7. üîÑ HTTP Methods untuk CRUD Operations

FastAPI mendukung semua HTTP methods standar. Setiap method memiliki konvensi penggunaan tertentu:

- **GET**: Membaca/mengambil data (Read)
- **POST**: Membuat data baru (Create)
- **PUT**: Update data lengkap (Replace)
- **PATCH**: Update data sebagian (Partial Update)
- **DELETE**: Menghapus data (Delete)
- **HEAD**: Seperti GET, tapi tanpa body
- **OPTIONS**: Mendeskripsikan opsi komunikasi

Mari kita implementasikan operasi CRUD lengkap:

In [None]:
from fastapi import FastAPI, HTTPException, status
from pydantic import BaseModel
from typing import Optional, List, Dict

app = FastAPI()

# Model untuk Book
class BookBase(BaseModel):
    title: str
    author: str
    description: Optional[str] = None
    published_year: int
    isbn: str

class BookCreate(BookBase):
    """Model untuk create book"""
    pass

class BookUpdate(BookBase):
    """Model untuk update book (semua field required)"""
    pass

class BookPatch(BaseModel):
    """Model untuk partial update (semua field optional)"""
    title: Optional[str] = None
    author: Optional[str] = None
    description: Optional[str] = None
    published_year: Optional[int] = None
    isbn: Optional[str] = None

class Book(BookBase):
    """Model lengkap dengan ID"""
    id: int

# Database dummy (dalam praktik nyata, gunakan database sesungguhnya)
books_db: Dict[int, Book] = {
    1: Book(id=1, title="Python 101", author="John Doe", published_year=2020, isbn="123-456"),
    2: Book(id=2, title="FastAPI Guide", author="Jane Smith", published_year=2021, isbn="789-012"),
}
next_id = 3

# ==================== CREATE (POST) ====================
@app.post("/books/", response_model=Book, status_code=status.HTTP_201_CREATED)
def create_book(book: BookCreate):
    """
    CREATE: Membuat book baru
    Method: POST
    Status Code: 201 Created
    """
    global next_id
    
    # Check if ISBN already exists
    for existing_book in books_db.values():
        if existing_book.isbn == book.isbn:
            raise HTTPException(
                status_code=status.HTTP_400_BAD_REQUEST,
                detail=f"Book with ISBN {book.isbn} already exists"
            )
    
    # Create new book
    new_book = Book(id=next_id, **book.dict())
    books_db[next_id] = new_book
    next_id += 1
    
    return new_book

# ==================== READ (GET) ====================
@app.get("/books/", response_model=List[Book])
def get_all_books(
    skip: int = 0,
    limit: int = 10,
    author: Optional[str] = None
):
    """
    READ ALL: Mengambil semua books dengan pagination dan filtering
    Method: GET
    """
    books = list(books_db.values())
    
    # Filter by author if provided
    if author:
        books = [book for book in books if author.lower() in book.author.lower()]
    
    # Pagination
    return books[skip : skip + limit]

@app.get("/books/{book_id}", response_model=Book)
def get_book(book_id: int):
    """
    READ ONE: Mengambil satu book berdasarkan ID
    Method: GET
    """
    if book_id not in books_db:
        raise HTTPException(
            status_code=status.HTTP_404_NOT_FOUND,
            detail=f"Book with id {book_id} not found"
        )
    
    return books_db[book_id]

# ==================== UPDATE (PUT) ====================
@app.put("/books/{book_id}", response_model=Book)
def update_book(book_id: int, book: BookUpdate):
    """
    UPDATE FULL: Replace seluruh data book
    Method: PUT
    Semua field harus disediakan (full replacement)
    """
    if book_id not in books_db:
        raise HTTPException(
            status_code=status.HTTP_404_NOT_FOUND,
            detail=f"Book with id {book_id} not found"
        )
    
    # Check if new ISBN conflicts with other books
    for bid, existing_book in books_db.items():
        if bid != book_id and existing_book.isbn == book.isbn:
            raise HTTPException(
                status_code=status.HTTP_400_BAD_REQUEST,
                detail=f"ISBN {book.isbn} is already used by another book"
            )
    
    # Replace entire book
    updated_book = Book(id=book_id, **book.dict())
    books_db[book_id] = updated_book
    
    return updated_book

# ==================== PARTIAL UPDATE (PATCH) ====================
@app.patch("/books/{book_id}", response_model=Book)
def patch_book(book_id: int, book: BookPatch):
    """
    PARTIAL UPDATE: Update hanya field yang disediakan
    Method: PATCH
    Hanya field yang di-set yang akan diupdate
    """
    if book_id not in books_db:
        raise HTTPException(
            status_code=status.HTTP_404_NOT_FOUND,
            detail=f"Book with id {book_id} not found"
        )
    
    stored_book = books_db[book_id]
    
    # Update hanya field yang disediakan (exclude_unset=True)
    update_data = book.dict(exclude_unset=True)
    
    # Check ISBN conflict if ISBN is being updated
    if "isbn" in update_data:
        for bid, existing_book in books_db.items():
            if bid != book_id and existing_book.isbn == update_data["isbn"]:
                raise HTTPException(
                    status_code=status.HTTP_400_BAD_REQUEST,
                    detail=f"ISBN {update_data['isbn']} is already used"
                )
    
    # Create updated book
    updated_book = stored_book.copy(update=update_data)
    books_db[book_id] = updated_book
    
    return updated_book

# ==================== DELETE ====================
@app.delete("/books/{book_id}", status_code=status.HTTP_204_NO_CONTENT)
def delete_book(book_id: int):
    """
    DELETE: Menghapus book
    Method: DELETE
    Status Code: 204 No Content (tidak mengembalikan body)
    """
    if book_id not in books_db:
        raise HTTPException(
            status_code=status.HTTP_404_NOT_FOUND,
            detail=f"Book with id {book_id} not found"
        )
    
    del books_db[book_id]
    
    # 204 No Content tidak mengembalikan response body
    return None

# ==================== Additional Methods ====================

# HEAD: Seperti GET tapi tanpa response body
@app.head("/books/{book_id}")
def check_book_exists(book_id: int):
    """
    HEAD: Check apakah book exists tanpa mengambil datanya
    Useful untuk checking existence
    """
    if book_id not in books_db:
        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND)
    return None

# OPTIONS: Biasanya handled otomatis oleh FastAPI untuk CORS
# Tapi bisa dibuat manual jika diperlukan
@app.options("/books/")
def options_books():
    """
    OPTIONS: Mengembalikan method-method yang allowed
    """
    return {
        "allowed_methods": ["GET", "POST", "OPTIONS"],
        "description": "Books collection endpoint"
    }

print("‚úÖ CRUD Operations with HTTP Methods created!")
print("\nRingkasan HTTP Methods:")
print("- POST /books/ -> Create new book (201 Created)")
print("- GET /books/ -> Get all books")
print("- GET /books/{id} -> Get specific book")
print("- PUT /books/{id} -> Full update (replace all fields)")
print("- PATCH /books/{id} -> Partial update (update only provided fields)")
print("- DELETE /books/{id} -> Delete book (204 No Content)")
print("- HEAD /books/{id} -> Check if book exists")
print("- OPTIONS /books/ -> Get allowed methods")

## 8. üéØ HTTP Status Codes

Status codes memberitahu client tentang hasil dari request mereka. FastAPI memudahkan penggunaan status codes yang tepat.

### Kategori Status Codes:
- **1xx**: Informational
- **2xx**: Success (200 OK, 201 Created, 204 No Content)
- **3xx**: Redirection
- **4xx**: Client Error (400 Bad Request, 401 Unauthorized, 404 Not Found)
- **5xx**: Server Error (500 Internal Server Error)

### Best Practices:

In [None]:
from fastapi import FastAPI, HTTPException, status, Response
from pydantic import BaseModel
from typing import Optional

app = FastAPI()

class Item(BaseModel):
    name: str
    price: float

# Database dummy
items_db = {}

# ==================== 2xx Success Status Codes ====================

# 200 OK - Default untuk GET, PUT, PATCH
@app.get("/items/{item_id}", status_code=status.HTTP_200_OK)
def get_item(item_id: int):
    """200 OK: Request berhasil"""
    if item_id not in items_db:
        raise HTTPException(status_code=404, detail="Item not found")
    return items_db[item_id]

# 201 Created - Untuk POST (resource baru dibuat)
@app.post("/items/", status_code=status.HTTP_201_CREATED)
def create_item(item: Item):
    """201 Created: Resource baru berhasil dibuat"""
    item_id = len(items_db) + 1
    items_db[item_id] = item.dict()
    return {"id": item_id, **item.dict()}

# 202 Accepted - Request diterima tapi belum diproses
@app.post("/items/{item_id}/process", status_code=status.HTTP_202_ACCEPTED)
def process_item(item_id: int):
    """202 Accepted: Request diterima, akan diproses nanti (async)"""
    return {
        "message": "Item processing started",
        "status": "pending",
        "item_id": item_id
    }

# 204 No Content - Request berhasil, tapi tidak ada content untuk dikembalikan
@app.delete("/items/{item_id}", status_code=status.HTTP_204_NO_CONTENT)
def delete_item(item_id: int):
    """204 No Content: Delete berhasil, tidak ada response body"""
    if item_id not in items_db:
        raise HTTPException(status_code=404, detail="Item not found")
    del items_db[item_id]
    return None  # Atau bisa tidak return apa-apa

# ==================== 4xx Client Error Status Codes ====================

# 400 Bad Request - Request tidak valid
@app.post("/validate/")
def validate_data(value: int):
    """400 Bad Request: Data tidak valid"""
    if value < 0:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="Value must be positive"
        )
    return {"value": value, "valid": True}

# 401 Unauthorized - Authentication required
@app.get("/protected/", status_code=status.HTTP_200_OK)
def protected_route(token: Optional[str] = None):
    """401 Unauthorized: Butuh authentication"""
    if not token or token != "valid_token":
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Not authenticated",
            headers={"WWW-Authenticate": "Bearer"}
        )
    return {"message": "Access granted"}

# 403 Forbidden - Tidak punya permission
@app.get("/admin/", status_code=status.HTTP_200_OK)
def admin_route(user_role: str):
    """403 Forbidden: Authenticated tapi tidak punya permission"""
    if user_role != "admin":
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail="Admin access required"
        )
    return {"message": "Welcome admin"}

# 404 Not Found - Resource tidak ditemukan
@app.get("/users/{user_id}")
def get_user(user_id: int):
    """404 Not Found: Resource tidak ada"""
    users_db = {1: "Alice", 2: "Bob"}
    
    if user_id not in users_db:
        raise HTTPException(
            status_code=status.HTTP_404_NOT_FOUND,
            detail=f"User {user_id} not found"
        )
    return {"user_id": user_id, "name": users_db[user_id]}

# 405 Method Not Allowed - HTTP method tidak diizinkan
# Ini handled otomatis oleh FastAPI

# 409 Conflict - Konflik dengan state saat ini
@app.post("/users/")
def create_user(username: str):
    """409 Conflict: Resource sudah ada"""
    existing_users = ["alice", "bob", "charlie"]
    
    if username.lower() in existing_users:
        raise HTTPException(
            status_code=status.HTTP_409_CONFLICT,
            detail=f"Username {username} already exists"
        )
    return {"username": username, "created": True}

# 422 Unprocessable Entity - Validasi error (otomatis oleh Pydantic)
class StrictItem(BaseModel):
    name: str
    price: float
    quantity: int

@app.post("/strict-items/")
def create_strict_item(item: StrictItem):
    """
    422 Unprocessable Entity: Otomatis dari Pydantic validation
    Jika data tidak sesuai model, FastAPI otomatis return 422
    """
    return item

# 429 Too Many Requests - Rate limiting
request_counts = {}

@app.get("/rate-limited/")
def rate_limited_endpoint(user_id: int):
    """429 Too Many Requests: Terlalu banyak request"""
    max_requests = 5
    
    if user_id not in request_counts:
        request_counts[user_id] = 0
    
    request_counts[user_id] += 1
    
    if request_counts[user_id] > max_requests:
        raise HTTPException(
            status_code=status.HTTP_429_TOO_MANY_REQUESTS,
            detail="Too many requests. Please try again later.",
            headers={"Retry-After": "60"}
        )
    
    return {
        "message": "Success",
        "requests_remaining": max_requests - request_counts[user_id]
    }

# ==================== 5xx Server Error Status Codes ====================

# 500 Internal Server Error
@app.get("/error-prone/")
def error_prone_endpoint(cause_error: bool = False):
    """
    500 Internal Server Error: Unhandled exception
    FastAPI otomatis menangkap exception dan return 500
    """
    if cause_error:
        # Ini akan menghasilkan 500 error
        raise Exception("Something went wrong on the server")
    return {"message": "Everything is fine"}

# 503 Service Unavailable
maintenance_mode = False

@app.get("/health/")
def health_check():
    """503 Service Unavailable: Service sedang maintenance"""
    if maintenance_mode:
        raise HTTPException(
            status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
            detail="Service is under maintenance",
            headers={"Retry-After": "3600"}
        )
    return {"status": "healthy"}

# ==================== Custom Status Code ====================

@app.get("/custom-status/")
def custom_status(response: Response):
    """
    Menggunakan Response object untuk set custom status code
    """
    response.status_code = status.HTTP_206_PARTIAL_CONTENT
    return {"message": "Partial content returned"}

# ==================== Multiple Status Codes Documentation ====================

@app.post(
    "/complex-operation/",
    status_code=status.HTTP_201_CREATED,
    responses={
        201: {"description": "Item created successfully"},
        400: {"description": "Invalid input"},
        409: {"description": "Item already exists"},
        500: {"description": "Internal server error"}
    }
)
def complex_operation(item: Item):
    """
    Endpoint dengan dokumentasi untuk multiple possible status codes
    """
    # Check if item already exists
    for existing_item in items_db.values():
        if existing_item["name"] == item.name:
            raise HTTPException(
                status_code=status.HTTP_409_CONFLICT,
                detail="Item with this name already exists"
            )
    
    # Validate price
    if item.price < 0:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="Price must be positive"
        )
    
    # Create item
    item_id = len(items_db) + 1
    items_db[item_id] = item.dict()
    
    return {"id": item_id, **item.dict()}

print("‚úÖ HTTP Status Codes examples created!")
print("\nStatus Codes yang umum digunakan:")
print("Success:")
print("- 200 OK: Request berhasil (GET, PUT, PATCH)")
print("- 201 Created: Resource baru dibuat (POST)")
print("- 204 No Content: Berhasil tanpa response body (DELETE)")
print("\nClient Errors:")
print("- 400 Bad Request: Data tidak valid")
print("- 401 Unauthorized: Perlu authentication")
print("- 403 Forbidden: Tidak punya permission")
print("- 404 Not Found: Resource tidak ada")
print("- 409 Conflict: Resource sudah ada")
print("- 422 Unprocessable Entity: Validation error")
print("\nServer Errors:")
print("- 500 Internal Server Error: Error di server")
print("- 503 Service Unavailable: Service tidak tersedia")

## 9. üìù Form Data

Selain JSON, FastAPI juga bisa menerima data dalam format form (seperti HTML form submission). Ini berguna untuk:
- Upload file dengan metadata
- Traditional web forms
- Integration dengan legacy systems

### Instalasi Dependency:
Untuk menggunakan Form, perlu install `python-multipart`:
```bash
pip install python-multipart
```

In [None]:
from fastapi import FastAPI, Form, File, UploadFile
from typing import Optional, List
from pydantic import BaseModel, EmailStr

app = FastAPI()

# ==================== Basic Form Data ====================

@app.post("/login/")
def login(username: str = Form(...), password: str = Form(...)):
    """
    Basic form submission
    Content-Type: application/x-www-form-urlencoded
    
    HTML Form example:
    <form method="post" action="/login/">
        <input name="username" type="text">
        <input name="password" type="password">
        <button type="submit">Login</button>
    </form>
    """
    # Dalam praktik nyata, verify password hash
    return {
        "username": username,
        "message": "Login successful",
        "token": "fake-jwt-token"
    }

# ==================== Form dengan Multiple Fields ====================

@app.post("/register/")
def register(
    username: str = Form(..., min_length=3, max_length=50),
    email: str = Form(...),
    password: str = Form(..., min_length=8),
    full_name: Optional[str] = Form(None),
    age: int = Form(..., ge=18),
    newsletter: bool = Form(False)
):
    """
    Form dengan multiple fields dan validasi
    Form(...) sama seperti Body(...) tapi untuk form data
    """
    return {
        "message": "Registration successful",
        "user": {
            "username": username,
            "email": email,
            "full_name": full_name,
            "age": age,
            "newsletter_subscribed": newsletter
        }
    }

# ==================== Form dengan Default Values ====================

@app.post("/settings/")
def update_settings(
    theme: str = Form("light"),
    language: str = Form("en"),
    notifications: bool = Form(True),
    auto_save: bool = Form(True)
):
    """
    Form dengan default values
    Jika field tidak disediakan, akan menggunakan default
    """
    return {
        "settings": {
            "theme": theme,
            "language": language,
            "notifications": notifications,
            "auto_save": auto_save
        }
    }

# ==================== Form + JSON Body (Mixed) ====================

# Note: Tidak bisa mix Form dan JSON Body secara langsung
# Tapi bisa menggunakan File + Form fields

@app.post("/submit-application/")
async def submit_application(
    applicant_name: str = Form(...),
    email: str = Form(...),
    cover_letter: str = Form(...),
    resume: UploadFile = File(...)
):
    """
    Form dengan file upload
    Mengkombinasikan form fields dengan file
    """
    return {
        "applicant_name": applicant_name,
        "email": email,
        "cover_letter_length": len(cover_letter),
        "resume_filename": resume.filename,
        "resume_content_type": resume.content_type
    }

# ==================== Form dengan List Values ====================

@app.post("/survey/")
def submit_survey(
    name: str = Form(...),
    interests: List[str] = Form(...),
    rating: int = Form(..., ge=1, le=5)
):
    """
    Form dengan list values
    HTML: <select name="interests" multiple>
    Atau multiple checkboxes dengan name yang sama
    """
    return {
        "name": name,
        "interests": interests,
        "interests_count": len(interests),
        "rating": rating
    }

# ==================== OAuth2 Password Flow ====================

@app.post("/token")
def get_token(
    username: str = Form(...),
    password: str = Form(...),
    grant_type: Optional[str] = Form(None),
    scope: str = Form(""),
    client_id: Optional[str] = Form(None),
    client_secret: Optional[str] = Form(None)
):
    """
    OAuth2 password flow menggunakan form data
    Ini adalah standar OAuth2 yang menggunakan form, bukan JSON
    """
    # Dalam praktik nyata, validate credentials
    if username != "admin" or password != "secret":
        return {"error": "Invalid credentials"}
    
    return {
        "access_token": "fake-access-token",
        "token_type": "bearer",
        "expires_in": 3600
    }

# ==================== Form + Query Parameters ====================

@app.post("/comments/{post_id}")
def add_comment(
    post_id: int,  # Path parameter
    author: str = Form(...),
    content: str = Form(..., min_length=1, max_length=500),
    reply_to: Optional[int] = None  # Query parameter
):
    """
    Kombinasi path parameter, form data, dan query parameter
    URL: /comments/123?reply_to=456
    Form: author, content
    """
    comment = {
        "post_id": post_id,
        "author": author,
        "content": content,
        "reply_to": reply_to,
        "id": 999  # Generated
    }
    return comment

# ==================== HTML Form Example ====================

@app.get("/form-example/", response_class=HTMLResponse)
def get_form():
    """
    Mengembalikan HTML form sebagai contoh
    """
    from fastapi.responses import HTMLResponse
    
    html_content = """
    <!DOCTYPE html>
    <html>
    <head>
        <title>FastAPI Form Example</title>
        <style>
            body { font-family: Arial; margin: 50px; }
            form { max-width: 400px; }
            input, textarea { width: 100%; padding: 8px; margin: 5px 0; }
            button { padding: 10px 20px; background: #007bff; color: white; border: none; cursor: pointer; }
        </style>
    </head>
    <body>
        <h1>User Registration</h1>
        <form method="post" action="/register/">
            <label>Username:</label>
            <input type="text" name="username" required>
            
            <label>Email:</label>
            <input type="email" name="email" required>
            
            <label>Password:</label>
            <input type="password" name="password" required>
            
            <label>Full Name:</label>
            <input type="text" name="full_name">
            
            <label>Age:</label>
            <input type="number" name="age" min="18" required>
            
            <label>
                <input type="checkbox" name="newsletter" value="true">
                Subscribe to newsletter
            </label>
            
            <br><br>
            <button type="submit">Register</button>
        </form>
    </body>
    </html>
    """
    return HTMLResponse(content=html_content)

print("‚úÖ Form Data examples created!")
print("\nPerbedaan Form vs JSON:")
print("- Form: Content-Type: application/x-www-form-urlencoded")
print("- JSON: Content-Type: application/json")
print("\nCapabilities:")
print("- Form dapat menghandle file uploads")
print("- Form kompatibel dengan HTML forms")
print("- Form digunakan dalam OAuth2 password flow")
print("\n‚ö†Ô∏è  Catatan: Install python-multipart terlebih dahulu!")
print("pip install python-multipart")

## 10. üì§ File Uploads

FastAPI memudahkan handling file uploads dengan `File` dan `UploadFile`. 

### Perbedaan File vs UploadFile:
- **File**: File di-load seluruhnya ke memory (untuk file kecil)
- **UploadFile**: File di-stream (lebih efisien untuk file besar)

### Keuntungan UploadFile:
- ‚úÖ Spooled file (memory sampai max size, lalu disk)
- ‚úÖ Metadata (filename, content_type, dll)
- ‚úÖ Async methods untuk read/write
- ‚úÖ Lebih efisien memory

In [None]:
from fastapi import FastAPI, File, UploadFile, Form, HTTPException
from typing import List, Optional
import shutil
from pathlib import Path

app = FastAPI()

# Create uploads directory jika belum ada
UPLOAD_DIR = Path("uploads")
UPLOAD_DIR.mkdir(exist_ok=True)

# ==================== Single File Upload dengan File ====================

@app.post("/upload-file/")
async def upload_file(file: bytes = File(...)):
    """
    Upload file menggunakan File (bytes)
    File seluruhnya di-load ke memory
    Cocok untuk file kecil
    """
    return {
        "file_size": len(file),
        "message": "File uploaded successfully (in memory)"
    }

# ==================== Single File Upload dengan UploadFile ====================

@app.post("/upload/")
async def upload_single_file(file: UploadFile = File(...)):
    """
    Upload file menggunakan UploadFile
    Lebih efisien untuk file besar
    File di-stream, tidak langsung di-load seluruhnya ke memory
    """
    # Baca content file
    contents = await file.read()
    
    # Save file ke disk
    file_path = UPLOAD_DIR / file.filename
    with open(file_path, "wb") as f:
        f.write(contents)
    
    return {
        "filename": file.filename,
        "content_type": file.content_type,
        "size": len(contents),
        "saved_to": str(file_path)
    }

# ==================== Upload dengan Validasi ====================

@app.post("/upload-validated/")
async def upload_validated_file(file: UploadFile = File(...)):
    """
    Upload dengan validasi tipe dan ukuran file
    """
    # Validasi tipe file
    allowed_types = ["image/jpeg", "image/png", "image/gif", "application/pdf"]
    if file.content_type not in allowed_types:
        raise HTTPException(
            status_code=400,
            detail=f"File type {file.content_type} not allowed. Allowed: {allowed_types}"
        )
    
    # Baca dan validasi ukuran
    contents = await file.read()
    max_size = 5 * 1024 * 1024  # 5 MB
    
    if len(contents) > max_size:
        raise HTTPException(
            status_code=400,
            detail=f"File too large. Max size: {max_size / 1024 / 1024} MB"
        )
    
    # Save file
    file_path = UPLOAD_DIR / file.filename
    with open(file_path, "wb") as f:
        f.write(contents)
    
    return {
        "filename": file.filename,
        "content_type": file.content_type,
        "size_kb": len(contents) / 1024,
        "status": "validated and saved"
    }

# ==================== Multiple Files Upload ====================

@app.post("/upload-multiple/")
async def upload_multiple_files(files: List[UploadFile] = File(...)):
    """
    Upload multiple files sekaligus
    HTML: <input type="file" multiple name="files">
    """
    uploaded_files = []
    
    for file in files:
        contents = await file.read()
        file_path = UPLOAD_DIR / file.filename
        
        with open(file_path, "wb") as f:
            f.write(contents)
        
        uploaded_files.append({
            "filename": file.filename,
            "size": len(contents),
            "content_type": file.content_type
        })
    
    return {
        "files_count": len(uploaded_files),
        "files": uploaded_files,
        "total_size": sum(f["size"] for f in uploaded_files)
    }

# ==================== File Upload dengan Form Data ====================

@app.post("/upload-with-metadata/")
async def upload_with_metadata(
    file: UploadFile = File(...),
    description: str = Form(...),
    category: str = Form("general"),
    tags: Optional[str] = Form(None)
):
    """
    Upload file dengan metadata tambahan dari form
    Kombinasi file upload dan form fields
    """
    contents = await file.read()
    file_path = UPLOAD_DIR / file.filename
    
    with open(file_path, "wb") as f:
        f.write(contents)
    
    return {
        "file": {
            "filename": file.filename,
            "size": len(contents),
            "content_type": file.content_type,
            "path": str(file_path)
        },
        "metadata": {
            "description": description,
            "category": category,
            "tags": tags.split(",") if tags else []
        }
    }

# ==================== Multiple Files dengan Metadata ====================

@app.post("/upload-multiple-with-metadata/")
async def upload_multiple_with_metadata(
    files: List[UploadFile] = File(...),
    title: str = Form(...),
    description: str = Form(...)
):
    """
    Upload multiple files dengan metadata
    """
    uploaded_files = []
    
    for file in files:
        contents = await file.read()
        file_path = UPLOAD_DIR / file.filename
        
        with open(file_path, "wb") as f:
            f.write(contents)
        
        uploaded_files.append({
            "filename": file.filename,
            "size": len(contents)
        })
    
    return {
        "title": title,
        "description": description,
        "files_count": len(uploaded_files),
        "files": uploaded_files
    }

# ==================== Optional File Upload ====================

@app.post("/upload-optional/")
async def upload_optional_file(
    file: Optional[UploadFile] = File(None),
    message: str = Form(...)
):
    """
    File upload yang optional
    Endpoint bisa dipanggil dengan atau tanpa file
    """
    result = {"message": message}
    
    if file:
        contents = await file.read()
        file_path = UPLOAD_DIR / file.filename
        
        with open(file_path, "wb") as f:
            f.write(contents)
        
        result["file"] = {
            "filename": file.filename,
            "size": len(contents)
        }
    else:
        result["file"] = None
    
    return result

# ==================== Streaming Large Files ====================

@app.post("/upload-large/")
async def upload_large_file(file: UploadFile = File(...)):
    """
    Upload large file dengan streaming
    Lebih memory efficient
    """
    file_path = UPLOAD_DIR / file.filename
    
    # Stream file langsung ke disk tanpa load ke memory
    with open(file_path, "wb") as f:
        # Read in chunks
        chunk_size = 1024 * 1024  # 1 MB chunks
        while chunk := await file.read(chunk_size):
            f.write(chunk)
    
    # Get file size dari disk
    file_size = file_path.stat().st_size
    
    return {
        "filename": file.filename,
        "size_mb": file_size / (1024 * 1024),
        "message": "Large file uploaded successfully using streaming"
    }

# ==================== Image Upload dengan Processing ====================

@app.post("/upload-image/")
async def upload_image(image: UploadFile = File(...)):
    """
    Upload image dengan basic validation
    Bisa ditambahkan image processing (resize, compress, dll)
    """
    # Validasi image type
    if not image.content_type.startswith("image/"):
        raise HTTPException(
            status_code=400,
            detail="File must be an image"
        )
    
    # Validasi extension
    allowed_extensions = [".jpg", ".jpeg", ".png", ".gif", ".webp"]
    file_ext = Path(image.filename).suffix.lower()
    
    if file_ext not in allowed_extensions:
        raise HTTPException(
            status_code=400,
            detail=f"Image extension {file_ext} not allowed"
        )
    
    # Save image
    contents = await image.read()
    file_path = UPLOAD_DIR / image.filename
    
    with open(file_path, "wb") as f:
        f.write(contents)
    
    # Dalam praktik nyata, bisa tambahkan:
    # - Resize image
    # - Compress image
    # - Generate thumbnail
    # - Extract EXIF data
    # - Virus scan
    
    return {
        "filename": image.filename,
        "content_type": image.content_type,
        "size_kb": len(contents) / 1024,
        "extension": file_ext,
        "saved_to": str(file_path)
    }

# ==================== File Download ====================

from fastapi.responses import FileResponse

@app.get("/download/{filename}")
async def download_file(filename: str):
    """
    Download file yang sudah diupload
    """
    file_path = UPLOAD_DIR / filename
    
    if not file_path.exists():
        raise HTTPException(status_code=404, detail="File not found")
    
    return FileResponse(
        path=file_path,
        filename=filename,
        media_type="application/octet-stream"
    )

# ==================== List Uploaded Files ====================

@app.get("/files/")
async def list_files():
    """
    List semua files yang sudah diupload
    """
    files = []
    
    for file_path in UPLOAD_DIR.iterdir():
        if file_path.is_file():
            stat = file_path.stat()
            files.append({
                "filename": file_path.name,
                "size_kb": stat.st_size / 1024,
                "created": stat.st_ctime
            })
    
    return {
        "files_count": len(files),
        "files": files
    }

print("‚úÖ File Upload examples created!")
print("\nFile Upload Features:")
print("- Single file upload")
print("- Multiple files upload")
print("- File validation (type, size)")
print("- File with metadata (form data)")
print("- Streaming untuk large files")
print("- Image upload dengan validation")
print("- File download")
print("- List uploaded files")
print("\n‚ö†Ô∏è  Catatan: Folder 'uploads' akan dibuat otomatis")

## 11. üìã Header Parameters

Headers adalah metadata yang dikirim bersama dengan HTTP request. FastAPI memudahkan untuk membaca dan memvalidasi headers.

### Common Headers:
- `User-Agent`: Informasi tentang client
- `Accept`: Tipe content yang diterima client
- `Authorization`: Token untuk authentication
- `Content-Type`: Tipe content yang dikirim
- Custom headers: Biasanya diawali `X-`

In [None]:
from fastapi import FastAPI, Header, HTTPException
from typing import Optional, List

app = FastAPI()

# ==================== Basic Header ====================

@app.get("/headers/basic/")
def read_basic_header(user_agent: Optional[str] = Header(None)):
    """
    Membaca header User-Agent
    Header otomatis dikonversi dari kebab-case (User-Agent) ke snake_case (user_agent)
    """
    return {
        "User-Agent": user_agent,
        "message": "Header received"
    }

# ==================== Custom Headers ====================

@app.get("/headers/custom/")
def read_custom_headers(
    x_token: Optional[str] = Header(None),
    x_request_id: Optional[str] = Header(None)
):
    """
    Membaca custom headers
    Custom headers biasanya diawali dengan X-
    x_token akan otomatis match dengan header X-Token
    """
    return {
        "X-Token": x_token,
        "X-Request-ID": x_request_id
    }

# ==================== Required Headers ====================

@app.get("/headers/required/")
def read_required_header(authorization: str = Header(...)):
    """
    Header yang required (wajib ada)
    Akan error 422 jika header tidak disediakan
    """
    if not authorization.startswith("Bearer "):
        raise HTTPException(
            status_code=401,
            detail="Invalid authorization header format"
        )
    
    token = authorization.replace("Bearer ", "")
    
    return {
        "message": "Authorized",
        "token": token
    }

# ==================== Header dengan Validasi ====================

@app.get("/headers/validated/")
def read_validated_header(
    x_api_key: str = Header(
        ...,
        min_length=32,
        max_length=64,
        description="API key for authentication"
    )
):
    """
    Header dengan validasi panjang
    """
    # Dalam praktik nyata, validasi API key di database
    valid_api_key = "a" * 32
    
    if x_api_key != valid_api_key:
        raise HTTPException(status_code=401, detail="Invalid API key")
    
    return {"message": "Valid API key", "authenticated": True}

# ==================== Multiple Header Values ====================

@app.get("/headers/multiple/")
def read_multiple_header_values(x_tags: Optional[List[str]] = Header(None)):
    """
    Header yang bisa memiliki multiple values
    Client bisa mengirim header yang sama berkali-kali:
    X-Tags: tag1
    X-Tags: tag2
    X-Tags: tag3
    """
    return {
        "X-Tags": x_tags,
        "tags_count": len(x_tags) if x_tags else 0
    }

# ==================== All Headers ====================

from fastapi import Request

@app.get("/headers/all/")
def read_all_headers(request: Request):
    """
    Membaca semua headers dari request
    Gunakan Request object untuk akses semua headers
    """
    return {
        "headers": dict(request.headers),
        "headers_count": len(request.headers)
    }

# ==================== Header Conversion ====================

@app.get("/headers/conversion/")
def header_conversion(
    content_type: Optional[str] = Header(None),
    accept_language: Optional[str] = Header(None),
    x_custom_header: Optional[str] = Header(None)
):
    """
    Demonstrasi konversi nama header
    - content_type -> Content-Type
    - accept_language -> Accept-Language  
    - x_custom_header -> X-Custom-Header
    
    FastAPI otomatis konversi underscore ke dash
    """
    return {
        "Content-Type": content_type,
        "Accept-Language": accept_language,
        "X-Custom-Header": x_custom_header
    }

# ==================== Header dengan Alias ====================

@app.get("/headers/alias/")
def header_with_alias(
    strange_header: Optional[str] = Header(
        None,
        alias="X-Strange-Header",
        description="Header dengan nama yang tidak mengikuti konvensi"
    )
):
    """
    Menggunakan alias untuk header dengan nama yang tidak standard
    """
    return {"X-Strange-Header": strange_header}

# ==================== Conditional Logic berdasarkan Header ====================

@app.get("/content/")
def get_content(accept: Optional[str] = Header("application/json")):
    """
    Response berbeda berdasarkan Accept header
    """
    if "text/html" in accept:
        return {"format": "html", "content": "<h1>Hello</h1>"}
    elif "application/xml" in accept:
        return {"format": "xml", "content": "<message>Hello</message>"}
    else:
        return {"format": "json", "content": {"message": "Hello"}}

# ==================== Security Headers ====================

@app.get("/secure/")
def secure_endpoint(
    authorization: Optional[str] = Header(None),
    x_api_key: Optional[str] = Header(None),
    x_csrf_token: Optional[str] = Header(None)
):
    """
    Multiple security headers
    Endpoint yang memerlukan berbagai header untuk security
    """
    if not authorization and not x_api_key:
        raise HTTPException(
            status_code=401,
            detail="Either Authorization or X-API-Key header required"
        )
    
    return {
        "message": "Access granted",
        "auth_method": "Bearer token" if authorization else "API key"
    }

# ==================== Setting Response Headers ====================

from fastapi import Response

@app.get("/headers/response/")
def set_response_headers(response: Response):
    """
    Menset custom headers di response
    """
    response.headers["X-Custom-Header"] = "Custom Value"
    response.headers["X-Process-Time"] = "0.005"
    response.headers["X-Request-ID"] = "abc-123-def-456"
    
    return {"message": "Check response headers"}

# ==================== Cache Control Headers ====================

@app.get("/headers/cache/")
def cache_control_headers(response: Response):
    """
    Menset cache control headers
    """
    response.headers["Cache-Control"] = "max-age=3600, public"
    response.headers["ETag"] = '"abc123"'
    response.headers["Last-Modified"] = "Wed, 21 Oct 2023 07:28:00 GMT"
    
    return {"data": "This response can be cached"}

# ==================== CORS Headers ====================

@app.get("/headers/cors/")
def cors_headers(response: Response, origin: Optional[str] = Header(None)):
    """
    CORS headers (biasanya handled by middleware, ini hanya contoh)
    """
    if origin:
        response.headers["Access-Control-Allow-Origin"] = origin
        response.headers["Access-Control-Allow-Methods"] = "GET, POST, PUT, DELETE"
        response.headers["Access-Control-Allow-Headers"] = "Content-Type, Authorization"
    
    return {"message": "CORS headers set"}

print("‚úÖ Header Parameters examples created!")
print("\nHeader Features:")
print("- Read standard headers (User-Agent, Authorization, etc)")
print("- Read custom headers (X-Token, X-API-Key, etc)")
print("- Required vs optional headers")
print("- Header validation")
print("- Multiple values for same header")
print("- Set response headers")
print("- Automatic underscore to dash conversion")
print("\nüí° Tips:")
print("- Header names are case-insensitive")
print("- Use Header(...) untuk required, Header(None) untuk optional")
print("- Custom headers biasanya diawali 'X-'")

## 12. üç™ Cookie Parameters

Cookies adalah small pieces of data yang disimpan di browser client. Berguna untuk:
- Session management
- User preferences
- Tracking
- Authentication tokens

FastAPI mempermudah membaca dan menset cookies.

In [None]:
from fastapi import FastAPI, Cookie, Response, HTTPException
from typing import Optional
from datetime import datetime, timedelta

app = FastAPI()

# ==================== Reading Cookies ====================

@app.get("/cookies/read/")
def read_cookie(session_id: Optional[str] = Cookie(None)):
    """
    Membaca cookie dari request
    Cookie(...) untuk required, Cookie(None) untuk optional
    """
    if not session_id:
        return {"message": "No session cookie found"}
    
    return {
        "session_id": session_id,
        "message": "Session cookie received"
    }

# ==================== Multiple Cookies ====================

@app.get("/cookies/multiple/")
def read_multiple_cookies(
    session_id: Optional[str] = Cookie(None),
    user_id: Optional[str] = Cookie(None),
    preferences: Optional[str] = Cookie(None)
):
    """
    Membaca multiple cookies
    """
    return {
        "session_id": session_id,
        "user_id": user_id,
        "preferences": preferences
    }

# ==================== Setting Cookies ====================

@app.post("/cookies/set/")
def set_cookie(response: Response, name: str, value: str):
    """
    Menset cookie di response
    """
    response.set_cookie(key=name, value=value)
    return {
        "message": f"Cookie '{name}' has been set",
        "value": value
    }

# ==================== Cookie dengan Options ====================

@app.post("/login/")
def login(response: Response, username: str, remember_me: bool = False):
    """
    Login dan set session cookie dengan options
    """
    # Generate session token (dalam praktik nyata, gunakan JWT atau session ID)
    session_token = f"session_{username}_{datetime.now().timestamp()}"
    
    # Set cookie dengan berbagai options
    response.set_cookie(
        key="session_token",
        value=session_token,
        max_age=86400 if remember_me else 3600,  # 24 jam atau 1 jam
        expires=None,  # Atau bisa set datetime
        path="/",  # Cookie available untuk semua paths
        domain=None,  # Domain mana cookie valid
        secure=False,  # True jika HTTPS only
        httponly=True,  # Tidak bisa diakses via JavaScript (security)
        samesite="lax"  # CSRF protection: "strict", "lax", atau "none"
    )
    
    return {
        "message": "Login successful",
        "username": username,
        "session_valid_hours": 24 if remember_me else 1
    }

# ==================== Deleting Cookies ====================

@app.post("/logout/")
def logout(response: Response):
    """
    Logout dengan menghapus session cookie
    """
    # Delete cookie dengan set max_age=0
    response.delete_cookie(key="session_token")
    
    return {"message": "Logged out successfully"}

# ==================== Secure Cookie (HTTPS Only) ====================

@app.post("/cookies/secure/")
def set_secure_cookie(response: Response):
    """
    Set secure cookie (HTTPS only)
    """
    response.set_cookie(
        key="secure_token",
        value="secret_value",
        secure=True,  # Hanya dikirim via HTTPS
        httponly=True,  # Tidak bisa diakses JavaScript
        samesite="strict"  # Strict CSRF protection
    )
    
    return {"message": "Secure cookie set (HTTPS only)"}

# ==================== Cookie-based Session ====================

# Dummy session storage (dalam praktik nyata, gunakan Redis atau database)
sessions = {}

@app.post("/session/create/")
def create_session(response: Response, user_id: int):
    """
    Create new session dan set cookie
    """
    import secrets
    
    # Generate random session ID
    session_id = secrets.token_urlsafe(32)
    
    # Store session data
    sessions[session_id] = {
        "user_id": user_id,
        "created_at": datetime.now().isoformat(),
        "last_active": datetime.now().isoformat()
    }
    
    # Set session cookie
    response.set_cookie(
        key="session_id",
        value=session_id,
        max_age=3600,  # 1 hour
        httponly=True,
        samesite="lax"
    )
    
    return {
        "message": "Session created",
        "session_id": session_id,
        "expires_in": "1 hour"
    }

@app.get("/session/data/")
def get_session_data(session_id: Optional[str] = Cookie(None)):
    """
    Mengambil data dari session berdasarkan cookie
    """
    if not session_id:
        raise HTTPException(status_code=401, detail="No session cookie")
    
    if session_id not in sessions:
        raise HTTPException(status_code=401, detail="Invalid or expired session")
    
    session_data = sessions[session_id]
    
    # Update last active
    sessions[session_id]["last_active"] = datetime.now().isoformat()
    
    return {
        "user_id": session_data["user_id"],
        "session_created": session_data["created_at"],
        "last_active": session_data["last_active"]
    }

@app.post("/session/destroy/")
def destroy_session(response: Response, session_id: Optional[str] = Cookie(None)):
    """
    Destroy session dan hapus cookie
    """
    if session_id and session_id in sessions:
        del sessions[session_id]
    
    response.delete_cookie(key="session_id")
    
    return {"message": "Session destroyed"}

# ==================== Cookie Preferences ====================

@app.post("/preferences/save/")
def save_preferences(
    response: Response,
    theme: str = "light",
    language: str = "en",
    notifications: bool = True
):
    """
    Save user preferences di cookie
    """
    import json
    
    preferences = {
        "theme": theme,
        "language": language,
        "notifications": notifications
    }
    
    # Store preferences as JSON string di cookie
    response.set_cookie(
        key="user_preferences",
        value=json.dumps(preferences),
        max_age=365 * 24 * 3600,  # 1 year
        httponly=False  # Bisa diakses JavaScript jika perlu
    )
    
    return {
        "message": "Preferences saved",
        "preferences": preferences
    }

@app.get("/preferences/load/")
def load_preferences(user_preferences: Optional[str] = Cookie(None)):
    """
    Load user preferences dari cookie
    """
    if not user_preferences:
        return {
            "preferences": {
                "theme": "light",
                "language": "en",
                "notifications": True
            },
            "source": "defaults"
        }
    
    import json
    preferences = json.loads(user_preferences)
    
    return {
        "preferences": preferences,
        "source": "cookie"
    }

# ==================== Cookie dengan Expiry Time ====================

@app.post("/cookies/temporary/")
def set_temporary_cookie(response: Response):
    """
    Set cookie dengan waktu expiry spesifik
    """
    from datetime import datetime, timedelta
    
    expires = datetime.now() + timedelta(minutes=30)
    
    response.set_cookie(
        key="temp_token",
        value="temporary_value",
        expires=expires,  # Expire dalam 30 menit
        httponly=True
    )
    
    return {
        "message": "Temporary cookie set",
        "expires_at": expires.isoformat()
    }

# ==================== Reading All Cookies ====================

from fastapi import Request

@app.get("/cookies/all/")
def read_all_cookies(request: Request):
    """
    Membaca semua cookies dari request
    """
    return {
        "cookies": request.cookies,
        "cookies_count": len(request.cookies)
    }

# ==================== Cookie Security Best Practices ====================

@app.post("/cookies/secure-best-practice/")
def secure_cookie_best_practice(response: Response, auth_token: str):
    """
    Best practice untuk security-sensitive cookies
    """
    response.set_cookie(
        key="auth_token",
        value=auth_token,
        max_age=3600,
        httponly=True,      # Prevent XSS attacks
        secure=True,        # HTTPS only
        samesite="strict"   # Prevent CSRF attacks
    )
    
    return {
        "message": "Secure cookie set with best practices",
        "security_features": [
            "httponly=True (XSS protection)",
            "secure=True (HTTPS only)",
            "samesite=strict (CSRF protection)"
        ]
    }

print("‚úÖ Cookie Parameters examples created!")
print("\nCookie Features:")
print("- Read cookies dengan Cookie()")
print("- Set cookies dengan response.set_cookie()")
print("- Delete cookies dengan response.delete_cookie()")
print("- Cookie options: max_age, expires, path, domain")
print("- Security options: secure, httponly, samesite")
print("- Session management dengan cookies")
print("- User preferences storage")
print("\nüîí Security Best Practices:")
print("- httponly=True untuk prevent XSS")
print("- secure=True untuk HTTPS only")
print("- samesite='strict' atau 'lax' untuk CSRF protection")
print("- Set appropriate max_age/expires")

## 13. üîå Dependencies dan Dependency Injection

Dependency Injection (DI) adalah salah satu fitur paling powerful di FastAPI. Ini memungkinkan:
- ‚ôªÔ∏è Reusable code components
- üß™ Easy testing dan mocking
- üîí Authentication dan authorization
- üìä Shared logic (database connections, validation, dll)

### Konsep:
- **Dependency**: Function yang bisa dipanggil untuk menghasilkan value
- **Depends()**: Cara untuk declare dependency
- Dependencies bisa memiliki dependencies lainnya (nested)

In [None]:
from fastapi import FastAPI, Depends, HTTPException, status, Query, Header
from typing import Optional, List
from pydantic import BaseModel

app = FastAPI()

# ==================== Simple Dependency ====================

def common_parameters(q: Optional[str] = None, skip: int = 0, limit: int = 100):
    """
    Simple dependency function untuk pagination dan search
    """
    return {"q": q, "skip": skip, "limit": limit}

@app.get("/items/")
def read_items(commons: dict = Depends(common_parameters)):
    """
    Endpoint yang menggunakan dependency
    FastAPI akan otomatis call common_parameters() dan pass hasilnya
    """
    return {
        "query": commons["q"],
        "skip": commons["skip"],
        "limit": commons["limit"],
        "message": "Using shared dependency"
    }

@app.get("/users/")
def read_users(commons: dict = Depends(common_parameters)):
    """
    Endpoint lain menggunakan dependency yang sama
    Code reuse!
    """
    return {
        "pagination": commons,
        "message": "Same dependency, different endpoint"
    }

# ==================== Class-based Dependencies ====================

class CommonQueryParams:
    """
    Class-based dependency
    Lebih terstruktur dan mudah di-extend
    """
    def __init__(
        self,
        q: Optional[str] = None,
        skip: int = 0,
        limit: int = Query(default=100, le=100)
    ):
        self.q = q
        self.skip = skip
        self.limit = limit

@app.get("/products/")
def read_products(commons: CommonQueryParams = Depends(CommonQueryParams)):
    """
    Menggunakan class sebagai dependency
    FastAPI akan instantiate class dan pass instance-nya
    """
    return {
        "q": commons.q,
        "skip": commons.skip,
        "limit": commons.limit
    }

# Shortcut: Depends() bisa dipanggil tanpa parameter jika type hint sudah jelas
@app.get("/products-short/")
def read_products_short(commons: CommonQueryParams = Depends()):
    """
    Shortcut syntax untuk class dependency
    """
    return {"q": commons.q, "skip": commons.skip, "limit": commons.limit}

# ==================== Sub-dependencies (Nested) ====================

def get_query(q: Optional[str] = None):
    """Sub-dependency level 1"""
    return q

def get_skip(skip: int = 0):
    """Sub-dependency level 1"""
    return skip

def common_filters(
    query: Optional[str] = Depends(get_query),
    skip: int = Depends(get_skip),
    limit: int = Query(default=100)
):
    """
    Dependency yang menggunakan dependencies lain (nested)
    """
    return {"query": query, "skip": skip, "limit": limit}

@app.get("/nested-deps/")
def nested_dependencies(filters: dict = Depends(common_filters)):
    """
    Endpoint dengan nested dependencies
    FastAPI akan resolve semua dependencies secara otomatis
    """
    return filters

# ==================== Authentication Dependency ====================

def verify_token(x_token: str = Header(...)):
    """
    Dependency untuk verify authentication token
    """
    if x_token != "fake-super-secret-token":
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid X-Token header"
        )
    return x_token

def verify_api_key(x_api_key: str = Header(...)):
    """
    Dependency untuk verify API key
    """
    if x_api_key != "fake-api-key":
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid X-API-Key header"
        )
    return x_api_key

@app.get("/protected/", dependencies=[Depends(verify_token)])
def protected_route():
    """
    Route yang protected dengan token
    Menggunakan dependencies parameter (tidak perlu assign ke variable)
    """
    return {"message": "You have access!", "protected": True}

@app.get("/secure/", dependencies=[Depends(verify_token), Depends(verify_api_key)])
def secure_route():
    """
    Route dengan multiple dependencies
    Semua harus pass untuk akses endpoint
    """
    return {"message": "Double authentication passed!", "very_secure": True}

# ==================== User Authentication Dependency ====================

class User(BaseModel):
    username: str
    email: str
    full_name: Optional[str] = None
    is_admin: bool = False

# Fake users database
fake_users_db = {
    "john": User(username="john", email="john@example.com", full_name="John Doe", is_admin=False),
    "admin": User(username="admin", email="admin@example.com", full_name="Admin User", is_admin=True),
}

def get_current_user(token: str = Header(..., alias="Authorization")):
    """
    Dependency untuk get current user dari token
    """
    # Dalam praktik nyata, decode JWT token
    if not token.startswith("Bearer "):
        raise HTTPException(status_code=401, detail="Invalid token format")
    
    username = token.replace("Bearer ", "")
    
    if username not in fake_users_db:
        raise HTTPException(status_code=401, detail="User not found")
    
    return fake_users_db[username]

def get_admin_user(current_user: User = Depends(get_current_user)):
    """
    Dependency yang depend pada dependency lain
    Verify bahwa user adalah admin
    """
    if not current_user.is_admin:
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail="Not enough permissions"
        )
    return current_user

@app.get("/me/")
def read_current_user(current_user: User = Depends(get_current_user)):
    """
    Endpoint yang return current user
    """
    return current_user

@app.get("/admin/dashboard/")
def admin_dashboard(admin: User = Depends(get_admin_user)):
    """
    Endpoint yang hanya bisa diakses admin
    """
    return {
        "message": f"Welcome to admin dashboard, {admin.username}",
        "admin": admin
    }

# ==================== Database Dependency ====================

class FakeDatabase:
    """Fake database class"""
    def __init__(self):
        self.connection = "fake-db-connection"
    
    def get_items(self, skip: int = 0, limit: int = 10):
        return [{"id": i, "name": f"Item {i}"} for i in range(skip, skip + limit)]
    
    def close(self):
        print("Closing database connection")

def get_db():
    """
    Dependency untuk get database connection
    Menggunakan generator dengan yield untuk cleanup
    """
    db = FakeDatabase()
    try:
        yield db
    finally:
        db.close()

@app.get("/db-items/")
def get_db_items(db: FakeDatabase = Depends(get_db)):
    """
    Endpoint yang menggunakan database dependency
    Database akan otomatis di-close setelah request selesai
    """
    items = db.get_items(skip=0, limit=5)
    return {"items": items}

# ==================== Dependency dengan Parameters ====================

class Pagination:
    """Pagination dependency dengan customizable defaults"""
    def __init__(self, skip: int = 0, limit: int = 100):
        self.skip = skip
        self.limit = limit

def pagination_factory(max_limit: int = 100):
    """
    Factory function untuk create pagination dependency dengan custom max
    """
    def pagination(
        skip: int = 0,
        limit: int = Query(default=10, le=max_limit)
    ):
        return Pagination(skip=skip, limit=limit)
    return pagination

# Create specialized pagination dependencies
small_pagination = pagination_factory(max_limit=50)
large_pagination = pagination_factory(max_limit=500)

@app.get("/small-list/")
def small_list(pagination: Pagination = Depends(small_pagination)):
    """Endpoint dengan small pagination limit"""
    return {"skip": pagination.skip, "limit": pagination.limit, "max": 50}

@app.get("/large-list/")
def large_list(pagination: Pagination = Depends(large_pagination)):
    """Endpoint dengan large pagination limit"""
    return {"skip": pagination.skip, "limit": pagination.limit, "max": 500}

# ==================== Global Dependencies ====================

# Bisa apply dependency ke semua routes di app
# app = FastAPI(dependencies=[Depends(verify_token)])

# Atau ke router
from fastapi import APIRouter

router = APIRouter(
    prefix="/api",
    dependencies=[Depends(verify_token)]  # Semua routes di router ini protected
)

@router.get("/data/")
def get_data():
    """All routes in this router require token"""
    return {"data": "protected data"}

app.include_router(router)

# ==================== Caching Dependencies ====================

from functools import lru_cache

@lru_cache()
def get_settings():
    """
    Dependency yang di-cache
    Hanya akan execute sekali, hasil di-cache
    """
    # Simulate expensive operation
    print("Loading settings...")
    return {
        "app_name": "FastAPI App",
        "api_version": "1.0.0",
        "environment": "production"
    }

@app.get("/settings/")
def read_settings(settings: dict = Depends(get_settings)):
    """
    Settings akan di-load hanya sekali
    """
    return settings

print("‚úÖ Dependencies and Dependency Injection examples created!")
print("\nDependency Injection Features:")
print("- Simple function dependencies")
print("- Class-based dependencies")
print("- Nested/sub-dependencies")
print("- Authentication dependencies")
print("- Database connection management")
print("- Pagination and filtering")
print("- Global dependencies")
print("- Cached dependencies")
print("\nüí° Benefits:")
print("- Code reusability")
print("- Easy testing (mock dependencies)")
print("- Clean separation of concerns")
print("- Automatic cleanup (with yield)")
print("- Type safety dan autocompletion")

## 14. ‚öôÔ∏è Middleware

Middleware adalah function yang process setiap request sebelum dihandle oleh endpoint, dan setiap response sebelum dikembalikan ke client.

### Use Cases:
- üìä Logging dan monitoring
- ‚è±Ô∏è Request timing
- üîí Security headers
- üîÑ Request/Response modification
- üö´ IP filtering
- üìà Metrics collection

### Cara Membuat Middleware:

In [None]:
from fastapi import FastAPI, Request, Response
from fastapi.responses import JSONResponse
import time
from datetime import datetime
import logging

app = FastAPI()

# Setup logging
logging.basicConfig(level=logging.INFO)
logger = logging.getLogger(__name__)

# ==================== Simple Middleware ====================

@app.middleware("http")
async def add_process_time_header(request: Request, call_next):
    """
    Middleware sederhana untuk menambahkan header process time
    """
    start_time = time.time()
    
    # Process request
    response = await call_next(request)
    
    # Calculate process time
    process_time = time.time() - start_time
    
    # Add custom header
    response.headers["X-Process-Time"] = str(process_time)
    
    return response

# ==================== Logging Middleware ====================

@app.middleware("http")
async def log_requests(request: Request, call_next):
    """
    Middleware untuk logging setiap request
    """
    # Log request
    logger.info(f"Request: {request.method} {request.url}")
    logger.info(f"Client: {request.client.host}")
    logger.info(f"User-Agent: {request.headers.get('user-agent')}")
    
    # Process request
    start_time = time.time()
    response = await call_next(request)
    process_time = time.time() - start_time
    
    # Log response
    logger.info(f"Status: {response.status_code}")
    logger.info(f"Process time: {process_time:.4f}s")
    logger.info("-" * 50)
    
    return response

# ==================== Security Headers Middleware ====================

@app.middleware("http")
async def add_security_headers(request: Request, call_next):
    """
    Middleware untuk menambahkan security headers
    """
    response = await call_next(request)
    
    # Add security headers
    response.headers["X-Content-Type-Options"] = "nosniff"
    response.headers["X-Frame-Options"] = "DENY"
    response.headers["X-XSS-Protection"] = "1; mode=block"
    response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains"
    
    return response

# ==================== CORS Middleware (Manual) ====================

@app.middleware("http")
async def cors_middleware(request: Request, call_next):
    """
    Manual CORS middleware
    (Lebih baik pakai CORSMiddleware built-in, ini hanya contoh)
    """
    response = await call_next(request)
    
    # Add CORS headers
    response.headers["Access-Control-Allow-Origin"] = "*"
    response.headers["Access-Control-Allow-Methods"] = "GET, POST, PUT, DELETE, OPTIONS"
    response.headers["Access-Control-Allow-Headers"] = "Content-Type, Authorization"
    
    return response

# ==================== Rate Limiting Middleware ====================

# Simple in-memory rate limiter
from collections import defaultdict

request_counts = defaultdict(lambda: {"count": 0, "reset_time": time.time()})

@app.middleware("http")
async def rate_limit_middleware(request: Request, call_next):
    """
    Simple rate limiting middleware
    """
    client_ip = request.client.host
    current_time = time.time()
    
    # Reset counter setiap 60 detik
    if current_time - request_counts[client_ip]["reset_time"] > 60:
        request_counts[client_ip] = {"count": 0, "reset_time": current_time}
    
    # Check rate limit
    request_counts[client_ip]["count"] += 1
    
    if request_counts[client_ip]["count"] > 100:  # Max 100 requests per minute
        return JSONResponse(
            status_code=429,
            content={
                "error": "Too many requests",
                "retry_after": 60 - (current_time - request_counts[client_ip]["reset_time"])
            }
        )
    
    response = await call_next(request)
    response.headers["X-RateLimit-Limit"] = "100"
    response.headers["X-RateLimit-Remaining"] = str(100 - request_counts[client_ip]["count"])
    
    return response

# ==================== Authentication Middleware ====================

EXEMPT_PATHS = ["/", "/docs", "/redoc", "/openapi.json", "/public"]

@app.middleware("http")
async def authentication_middleware(request: Request, call_next):
    """
    Middleware untuk check authentication
    Exempt certain paths
    """
    # Check if path is exempt
    if any(request.url.path.startswith(path) for path in EXEMPT_PATHS):
        return await call_next(request)
    
    # Check authorization header
    auth_header = request.headers.get("authorization")
    
    if not auth_header or not auth_header.startswith("Bearer "):
        return JSONResponse(
            status_code=401,
            content={"error": "Unauthorized", "detail": "Missing or invalid authorization header"}
        )
    
    # Verify token (simplified)
    token = auth_header.replace("Bearer ", "")
    if token != "valid-token":
        return JSONResponse(
            status_code=401,
            content={"error": "Unauthorized", "detail": "Invalid token"}
        )
    
    return await call_next(request)

# ==================== Request ID Middleware ====================

import uuid

@app.middleware("http")
async def request_id_middleware(request: Request, call_next):
    """
    Add unique request ID to each request
    """
    # Generate or get request ID
    request_id = request.headers.get("X-Request-ID", str(uuid.uuid4()))
    
    # Add to request state (accessible in endpoints)
    request.state.request_id = request_id
    
    # Process request
    response = await call_next(request)
    
    # Add request ID to response
    response.headers["X-Request-ID"] = request_id
    
    return response

# ==================== Error Handling Middleware ====================

@app.middleware("http")
async def error_handling_middleware(request: Request, call_next):
    """
    Global error handler middleware
    """
    try:
        return await call_next(request)
    except Exception as e:
        logger.error(f"Unhandled error: {str(e)}")
        return JSONResponse(
            status_code=500,
            content={
                "error": "Internal Server Error",
                "message": "An unexpected error occurred",
                "request_id": getattr(request.state, "request_id", None)
            }
        )

# ==================== Request Body Logging Middleware ====================

@app.middleware("http")
async def log_request_body(request: Request, call_next):
    """
    Log request body (untuk debugging)
    Hati-hati dengan sensitive data!
    """
    if request.method in ["POST", "PUT", "PATCH"]:
        # Read body
        body = await request.body()
        
        # Log body (dalam production, jangan log sensitive data!)
        logger.debug(f"Request body: {body.decode()}")
        
        # Penting: Create new request dengan body yang sama
        # Karena body sudah di-read, kita perlu recreate request
        async def receive():
            return {"type": "http.request", "body": body}
        
        request = Request(request.scope, receive)
    
    return await call_next(request)

# ==================== Compression Middleware ====================

from fastapi.middleware.gzip import GZipMiddleware

# Add GZip compression middleware
app.add_middleware(GZipMiddleware, minimum_size=1000)  # Compress responses > 1000 bytes

# ==================== Trusted Host Middleware ====================

from fastapi.middleware.trustedhost import TrustedHostMiddleware

# Only allow specific hosts
app.add_middleware(
    TrustedHostMiddleware,
    allowed_hosts=["localhost", "127.0.0.1", "*.example.com"]
)

# ==================== Custom Response Modification ====================

@app.middleware("http")
async def modify_response(request: Request, call_next):
    """
    Modify response before sending to client
    """
    response = await call_next(request)
    
    # Add custom headers
    response.headers["X-Custom-Header"] = "Custom Value"
    response.headers["X-Powered-By"] = "FastAPI"
    response.headers["X-Timestamp"] = str(int(time.time()))
    
    return response

# ==================== Middleware dengan State ====================

class MetricsMiddleware:
    """
    Class-based middleware dengan state
    """
    def __init__(self, app):
        self.app = app
        self.request_count = 0
        self.total_time = 0.0
    
    async def __call__(self, scope, receive, send):
        if scope["type"] != "http":
            await self.app(scope, receive, send)
            return
        
        start_time = time.time()
        self.request_count += 1
        
        await self.app(scope, receive, send)
        
        process_time = time.time() - start_time
        self.total_time += process_time
        
        # Log metrics
        avg_time = self.total_time / self.request_count
        logger.info(f"Metrics - Total requests: {self.request_count}, Avg time: {avg_time:.4f}s")

# Add class-based middleware
# app.add_middleware(MetricsMiddleware)

# ==================== Test Endpoints ====================

@app.get("/")
def root():
    """Public endpoint"""
    return {"message": "Hello World"}

@app.get("/public")
def public_endpoint():
    """Public endpoint"""
    return {"message": "This is public"}

@app.get("/protected")
def protected_endpoint(request: Request):
    """
    Protected endpoint
    Can access request.state values from middleware
    """
    request_id = getattr(request.state, "request_id", None)
    return {
        "message": "Protected data",
        "request_id": request_id
    }

@app.post("/data")
def post_data(data: dict):
    """Test POST endpoint"""
    return {"received": data}

print("‚úÖ Middleware examples created!")
print("\nMiddleware Features:")
print("- Process time tracking")
print("- Request/response logging")
print("- Security headers")
print("- Rate limiting")
print("- Authentication")
print("- Request ID generation")
print("- Error handling")
print("- Compression (GZip)")
print("- Response modification")
print("\n‚ö†Ô∏è Catatan:")
print("- Middleware dieksekusi dalam urutan didefinisikan")
print("- Middleware dapat modify request dan response")
print("- Gunakan async def untuk middleware")
print("- Hati-hati dengan performance impact")

## 15. üåê CORS (Cross-Origin Resource Sharing)

CORS adalah mechanism yang mengizinkan request dari domain yang berbeda. Ini penting untuk:
- Frontend app di domain berbeda
- API yang diakses dari browser
- Mobile apps
- Third-party integrations

### Tanpa CORS:
Browser akan block request dari origin berbeda

### Dengan CORS:
Server explicitly allow certain origins untuk mengakses API

In [None]:
from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware

app = FastAPI()

# ==================== Basic CORS Configuration ====================

# Allow all origins (untuk development, tidak disarankan untuk production)
app.add_middleware(
    CORSMiddleware,
    allow_origins=["*"],  # Allow semua origins
    allow_credentials=True,
    allow_methods=["*"],  # Allow semua HTTP methods
    allow_headers=["*"],  # Allow semua headers
)

# ==================== Specific Origins ====================

app2 = FastAPI()

# Allow specific origins only (recommended untuk production)
origins = [
    "http://localhost",
    "http://localhost:3000",  # React dev server
    "http://localhost:8080",  # Vue dev server
    "https://example.com",
    "https://www.example.com",
]

app2.add_middleware(
    CORSMiddleware,
    allow_origins=origins,  # List of allowed origins
    allow_credentials=True,  # Allow cookies/auth headers
    allow_methods=["GET", "POST", "PUT", "DELETE"],  # Specific methods
    allow_headers=["Content-Type", "Authorization"],  # Specific headers
)

# ==================== Wildcard Subdomain ====================

app3 = FastAPI()

# Allow all subdomains
app3.add_middleware(
    CORSMiddleware,
    allow_origin_regex=r"https://.*\.example\.com",  # All *.example.com subdomains
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
)

# ==================== Multiple Origin Patterns ====================

app4 = FastAPI()

app4.add_middleware(
    CORSMiddleware,
    allow_origin_regex=r"https://(www\.)?example\.com|https://.*\.test\.com",
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
)

# ==================== Exposed Headers ====================

app5 = FastAPI()

app5.add_middleware(
    CORSMiddleware,
    allow_origins=["*"],
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
    expose_headers=["X-Custom-Header", "X-Request-ID"],  # Headers yang bisa diakses client
)

# ==================== Max Age ====================

app6 = FastAPI()

app6.add_middleware(
    CORSMiddleware,
    allow_origins=["*"],
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
    max_age=3600,  # Preflight request di-cache selama 1 jam
)

# ==================== Production-Ready Configuration ====================

app_production = FastAPI()

# Configuration untuk production
production_origins = [
    "https://example.com",
    "https://www.example.com",
    "https://app.example.com",
]

app_production.add_middleware(
    CORSMiddleware,
    allow_origins=production_origins,  # Specific origins only
    allow_credentials=True,  # Jika perlu cookies/auth
    allow_methods=["GET", "POST", "PUT", "DELETE", "PATCH"],  # Specific methods
    allow_headers=[
        "Content-Type",
        "Authorization",
        "Accept",
        "Origin",
        "User-Agent",
        "DNT",
        "Cache-Control",
        "X-Requested-With",
    ],
    expose_headers=["X-Request-ID", "X-Process-Time"],
    max_age=600,  # Cache preflight for 10 minutes
)

# ==================== Conditional CORS ====================

import os

app_conditional = FastAPI()

# Different configuration based on environment
if os.getenv("ENVIRONMENT") == "development":
    # Development: Allow all
    app_conditional.add_middleware(
        CORSMiddleware,
        allow_origins=["*"],
        allow_credentials=True,
        allow_methods=["*"],
        allow_headers=["*"],
    )
else:
    # Production: Strict
    app_conditional.add_middleware(
        CORSMiddleware,
        allow_origins=production_origins,
        allow_credentials=True,
        allow_methods=["GET", "POST", "PUT", "DELETE"],
        allow_headers=["Content-Type", "Authorization"],
    )

# ==================== Test Endpoints ====================

@app.get("/")
def root():
    return {"message": "CORS enabled"}

@app.post("/data")
def post_data(data: dict):
    return {"received": data}

@app.get("/protected")
def protected():
    return {"message": "Protected endpoint with CORS"}

print("‚úÖ CORS Configuration examples created!")
print("\nCORS Parameters:")
print("- allow_origins: List of allowed origins atau ['*'] untuk semua")
print("- allow_credentials: Allow cookies/authorization headers")
print("- allow_methods: List of allowed HTTP methods")
print("- allow_headers: List of allowed request headers")
print("- expose_headers: Headers yang bisa diakses client dari response")
print("- max_age: Berapa lama preflight request di-cache")
print("- allow_origin_regex: Regex pattern untuk origins")
print("\nüîí Security Tips:")
print("- Jangan gunakan allow_origins=['*'] dengan allow_credentials=True")
print("- Specify exact origins di production")
print("- Only allow necessary methods dan headers")
print("- Use HTTPS di production")
print("\nüìù Common Scenarios:")
print("- React app (localhost:3000) -> API (localhost:8000): Add 'http://localhost:3000'")
print("- Frontend di domain berbeda: Add exact domain")
print("- Mobile app: Biasanya tidak perlu CORS (CORS hanya untuk browsers)")

## 16. üóÑÔ∏è Database Integration dengan SQLAlchemy

SQLAlchemy adalah ORM (Object-Relational Mapping) paling populer untuk Python. FastAPI bekerja sempurna dengan SQLAlchemy.

### Instalasi:
```bash
pip install sqlalchemy
pip install databases  # Untuk async support
```

### Untuk PostgreSQL:
```bash
pip install psycopg2-binary  # atau psycopg2
```

### Untuk MySQL:
```bash
pip install pymysql
```

### Untuk SQLite:
Sudah included di Python

In [None]:
# Database Integration dengan SQLAlchemy
# Install: pip install sqlalchemy

from fastapi import FastAPI, Depends, HTTPException
from sqlalchemy import create_engine, Column, Integer, String, Boolean, ForeignKey, DateTime
from sqlalchemy.ext.declarative import declarative_base
from sqlalchemy.orm import sessionmaker, Session, relationship
from pydantic import BaseModel
from typing import List, Optional
from datetime import datetime

# ==================== Database Setup ====================

# SQLite database (untuk demo, ganti dengan PostgreSQL/MySQL di production)
SQLALCHEMY_DATABASE_URL = "sqlite:///./test.db"
# Untuk PostgreSQL: "postgresql://user:password@localhost/dbname"
# Untuk MySQL: "mysql+pymysql://user:password@localhost/dbname"

engine = create_engine(
    SQLALCHEMY_DATABASE_URL,
    connect_args={"check_same_thread": False}  # Hanya untuk SQLite
)

SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)

Base = declarative_base()

# ==================== Database Models (Tables) ====================

class User(Base):
    """User model"""
    __tablename__ = "users"
    
    id = Column(Integer, primary_key=True, index=True)
    email = Column(String, unique=True, index=True, nullable=False)
    username = Column(String, unique=True, index=True, nullable=False)
    hashed_password = Column(String, nullable=False)
    is_active = Column(Boolean, default=True)
    created_at = Column(DateTime, default=datetime.utcnow)
    
    # Relationship
    posts = relationship("Post", back_populates="author")

class Post(Base):
    """Post model"""
    __tablename__ = "posts"
    
    id = Column(Integer, primary_key=True, index=True)
    title = Column(String, nullable=False)
    content = Column(String, nullable=False)
    published = Column(Boolean, default=False)
    created_at = Column(DateTime, default=datetime.utcnow)
    author_id = Column(Integer, ForeignKey("users.id"))
    
    # Relationship
    author = relationship("User", back_populates="posts")

# Create tables
Base.metadata.create_all(bind=engine)

# ==================== Pydantic Schemas ====================

# User schemas
class UserBase(BaseModel):
    email: str
    username: str

class UserCreate(UserBase):
    password: str

class UserResponse(UserBase):
    id: int
    is_active: bool
    created_at: datetime
    
    class Config:
        orm_mode = True  # Allow reading data from ORM models

# Post schemas
class PostBase(BaseModel):
    title: str
    content: str
    published: bool = False

class PostCreate(PostBase):
    pass

class PostResponse(PostBase):
    id: int
    created_at: datetime
    author_id: int
    
    class Config:
        orm_mode = True

class PostWithAuthor(PostResponse):
    author: UserResponse
    
    class Config:
        orm_mode = True

# ==================== Database Dependency ====================

def get_db():
    """
    Dependency untuk get database session
    """
    db = SessionLocal()
    try:
        yield db
    finally:
        db.close()

# ==================== FastAPI App ====================

app = FastAPI(title="FastAPI with SQLAlchemy")

# ==================== CRUD Operations - Users ====================

@app.post("/users/", response_model=UserResponse, status_code=201)
def create_user(user: UserCreate, db: Session = Depends(get_db)):
    """
    Create new user
    """
    # Check if user already exists
    db_user = db.query(User).filter(
        (User.email == user.email) | (User.username == user.username)
    ).first()
    
    if db_user:
        raise HTTPException(status_code=400, detail="Email or username already registered")
    
    # Hash password (dalam praktik nyata, gunakan bcrypt)
    fake_hashed_password = user.password + "_hashed"
    
    # Create user
    db_user = User(
        email=user.email,
        username=user.username,
        hashed_password=fake_hashed_password
    )
    
    db.add(db_user)
    db.commit()
    db.refresh(db_user)  # Refresh untuk get generated ID
    
    return db_user

@app.get("/users/", response_model=List[UserResponse])
def read_users(skip: int = 0, limit: int = 100, db: Session = Depends(get_db)):
    """
    Get all users with pagination
    """
    users = db.query(User).offset(skip).limit(limit).all()
    return users

@app.get("/users/{user_id}", response_model=UserResponse)
def read_user(user_id: int, db: Session = Depends(get_db)):
    """
    Get user by ID
    """
    user = db.query(User).filter(User.id == user_id).first()
    
    if user is None:
        raise HTTPException(status_code=404, detail="User not found")
    
    return user

@app.put("/users/{user_id}", response_model=UserResponse)
def update_user(user_id: int, user: UserBase, db: Session = Depends(get_db)):
    """
    Update user
    """
    db_user = db.query(User).filter(User.id == user_id).first()
    
    if db_user is None:
        raise HTTPException(status_code=404, detail="User not found")
    
    # Update fields
    db_user.email = user.email
    db_user.username = user.username
    
    db.commit()
    db.refresh(db_user)
    
    return db_user

@app.delete("/users/{user_id}")
def delete_user(user_id: int, db: Session = Depends(get_db)):
    """
    Delete user
    """
    db_user = db.query(User).filter(User.id == user_id).first()
    
    if db_user is None:
        raise HTTPException(status_code=404, detail="User not found")
    
    db.delete(db_user)
    db.commit()
    
    return {"message": "User deleted successfully"}

# ==================== CRUD Operations - Posts ====================

@app.post("/users/{user_id}/posts/", response_model=PostResponse, status_code=201)
def create_post(user_id: int, post: PostCreate, db: Session = Depends(get_db)):
    """
    Create post for user
    """
    # Check if user exists
    user = db.query(User).filter(User.id == user_id).first()
    if user is None:
        raise HTTPException(status_code=404, detail="User not found")
    
    # Create post
    db_post = Post(**post.dict(), author_id=user_id)
    
    db.add(db_post)
    db.commit()
    db.refresh(db_post)
    
    return db_post

@app.get("/posts/", response_model=List[PostWithAuthor])
def read_posts(
    skip: int = 0,
    limit: int = 100,
    published_only: bool = False,
    db: Session = Depends(get_db)
):
    """
    Get all posts with author info
    """
    query = db.query(Post)
    
    if published_only:
        query = query.filter(Post.published == True)
    
    posts = query.offset(skip).limit(limit).all()
    return posts

@app.get("/posts/{post_id}", response_model=PostWithAuthor)
def read_post(post_id: int, db: Session = Depends(get_db)):
    """
    Get post by ID with author info
    """
    post = db.query(Post).filter(Post.id == post_id).first()
    
    if post is None:
        raise HTTPException(status_code=404, detail="Post not found")
    
    return post

@app.get("/users/{user_id}/posts/", response_model=List[PostResponse])
def read_user_posts(user_id: int, db: Session = Depends(get_db)):
    """
    Get all posts by user
    """
    posts = db.query(Post).filter(Post.author_id == user_id).all()
    return posts

@app.put("/posts/{post_id}", response_model=PostResponse)
def update_post(post_id: int, post: PostCreate, db: Session = Depends(get_db)):
    """
    Update post
    """
    db_post = db.query(Post).filter(Post.id == post_id).first()
    
    if db_post is None:
        raise HTTPException(status_code=404, detail="Post not found")
    
    # Update fields
    for key, value in post.dict().items():
        setattr(db_post, key, value)
    
    db.commit()
    db.refresh(db_post)
    
    return db_post

@app.delete("/posts/{post_id}")
def delete_post(post_id: int, db: Session = Depends(get_db)):
    """
    Delete post
    """
    db_post = db.query(Post).filter(Post.id == post_id).first()
    
    if db_post is None:
        raise HTTPException(status_code=404, detail="Post not found")
    
    db.delete(db_post)
    db.commit()
    
    return {"message": "Post deleted successfully"}

# ==================== Advanced Queries ====================

@app.get("/search/posts/")
def search_posts(
    keyword: str,
    skip: int = 0,
    limit: int = 100,
    db: Session = Depends(get_db)
):
    """
    Search posts by keyword in title or content
    """
    posts = db.query(Post).filter(
        (Post.title.contains(keyword)) | (Post.content.contains(keyword))
    ).offset(skip).limit(limit).all()
    
    return posts

@app.get("/stats/users/{user_id}")
def get_user_stats(user_id: int, db: Session = Depends(get_db)):
    """
    Get user statistics
    """
    user = db.query(User).filter(User.id == user_id).first()
    
    if user is None:
        raise HTTPException(status_code=404, detail="User not found")
    
    total_posts = db.query(Post).filter(Post.author_id == user_id).count()
    published_posts = db.query(Post).filter(
        Post.author_id == user_id,
        Post.published == True
    ).count()
    
    return {
        "user": user,
        "total_posts": total_posts,
        "published_posts": published_posts,
        "draft_posts": total_posts - published_posts
    }

print("‚úÖ Database Integration with SQLAlchemy examples created!")
print("\nDatabase Features:")
print("- SQLAlchemy ORM models")
print("- Pydantic schemas untuk validation")
print("- CRUD operations (Create, Read, Update, Delete)")
print("- Relationships (One-to-Many)")
print("- Database session management dengan Depends")
print("- Pagination")
print("- Filtering dan searching")
print("\nüìù Database URLs:")
print("- SQLite: sqlite:///./database.db")
print("- PostgreSQL: postgresql://user:pass@localhost/dbname")
print("- MySQL: mysql+pymysql://user:pass@localhost/dbname")
print("\nüí° Tips:")
print("- Gunakan orm_mode=True di Pydantic Config untuk ORM models")
print("- Always close database sessions (handled by dependency)")
print("- Use indexes untuk kolom yang sering di-query")
print("- Gunakan bcrypt untuk hash passwords (bukan just + '_hashed')")

## 17. üîê Authentication dan Security (JWT)

JWT (JSON Web Tokens) adalah standard untuk secure authentication. FastAPI menyediakan tools untuk implement OAuth2 dengan JWT.

### Instalasi:
```bash
pip install python-jose[cryptography]
pip install passlib[bcrypt]
pip install python-multipart
```

### Komponen:
- **Password Hashing**: Bcrypt untuk hash password
- **JWT**: Token untuk authentication
- **OAuth2**: Standard authentication flow

In [None]:
# Authentication dengan JWT
# Install: pip install python-jose[cryptography] passlib[bcrypt] python-multipart

from fastapi import FastAPI, Depends, HTTPException, status
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from jose import JWTError, jwt
from passlib.context import CryptContext
from pydantic import BaseModel
from datetime import datetime, timedelta
from typing import Optional

# ==================== Configuration ====================

# Secret key untuk encode JWT (dalam production, simpan di environment variable)
SECRET_KEY = "your-secret-key-keep-it-secret-and-change-it"  # Change this!
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30

# Password hashing context
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")

# OAuth2 scheme
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")

app = FastAPI()

# ==================== Models ====================

class User(BaseModel):
    username: str
    email: Optional[str] = None
    full_name: Optional[str] = None
    disabled: Optional[bool] = None

class UserInDB(User):
    hashed_password: str

class Token(BaseModel):
    access_token: str
    token_type: str

class TokenData(BaseModel):
    username: Optional[str] = None

# ==================== Fake Database ====================

# Dalam praktik nyata, gunakan database sesungguhnya
fake_users_db = {
    "johndoe": {
        "username": "johndoe",
        "full_name": "John Doe",
        "email": "johndoe@example.com",
        "hashed_password": "$2b$12$EixZaYVK1fsbw1ZfbX3OXePaWxn96p36WQoeG6Lruj3vjPGga31lW",  # "secret"
        "disabled": False,
    },
    "alice": {
        "username": "alice",
        "full_name": "Alice Smith",
        "email": "alice@example.com",
        "hashed_password": "$2b$12$EixZaYVK1fsbw1ZfbX3OXePaWxn96p36WQoeG6Lruj3vjPGga31lW",  # "secret"
        "disabled": False,
    }
}

# ==================== Utility Functions ====================

def verify_password(plain_password: str, hashed_password: str) -> bool:
    """Verify password against hash"""
    return pwd_context.verify(plain_password, hashed_password)

def get_password_hash(password: str) -> str:
    """Hash password"""
    return pwd_context.hash(password)

def get_user(db, username: str):
    """Get user from database"""
    if username in db:
        user_dict = db[username]
        return UserInDB(**user_dict)

def authenticate_user(fake_db, username: str, password: str):
    """Authenticate user with username and password"""
    user = get_user(fake_db, username)
    if not user:
        return False
    if not verify_password(password, user.hashed_password):
        return False
    return user

def create_access_token(data: dict, expires_delta: Optional[timedelta] = None):
    """Create JWT access token"""
    to_encode = data.copy()
    
    if expires_delta:
        expire = datetime.utcnow() + expires_delta
    else:
        expire = datetime.utcnow() + timedelta(minutes=15)
    
    to_encode.update({"exp": expire})
    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
    
    return encoded_jwt

# ==================== Dependencies ====================

async def get_current_user(token: str = Depends(oauth2_scheme)):
    """
    Dependency untuk get current user dari token
    """
    credentials_exception = HTTPException(
        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Could not validate credentials",
        headers={"WWW-Authenticate": "Bearer"},
    )
    
    try:
        # Decode JWT token
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        username: str = payload.get("sub")
        
        if username is None:
            raise credentials_exception
        
        token_data = TokenData(username=username)
    except JWTError:
        raise credentials_exception
    
    # Get user from database
    user = get_user(fake_users_db, username=token_data.username)
    
    if user is None:
        raise credentials_exception
    
    return user

async def get_current_active_user(current_user: User = Depends(get_current_user)):
    """
    Dependency untuk ensure user is active
    """
    if current_user.disabled:
        raise HTTPException(status_code=400, detail="Inactive user")
    return current_user

# ==================== Endpoints ====================

@app.post("/token", response_model=Token)
async def login(form_data: OAuth2PasswordRequestForm = Depends()):
    """
    OAuth2 compatible token login endpoint
    
    Send POST request dengan form data:
    - username: your username
    - password: your password
    """
    # Authenticate user
    user = authenticate_user(fake_users_db, form_data.username, form_data.password)
    
    if not user:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Incorrect username or password",
            headers={"WWW-Authenticate": "Bearer"},
        )
    
    # Create access token
    access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
    access_token = create_access_token(
        data={"sub": user.username},
        expires_delta=access_token_expires
    )
    
    return {"access_token": access_token, "token_type": "bearer"}

@app.get("/users/me", response_model=User)
async def read_users_me(current_user: User = Depends(get_current_active_user)):
    """
    Get current user info
    Requires authentication (Bearer token in Authorization header)
    """
    return current_user

@app.get("/users/me/items")
async def read_own_items(current_user: User = Depends(get_current_active_user)):
    """
    Get current user's items
    Protected endpoint
    """
    return [
        {"item_id": "1", "owner": current_user.username},
        {"item_id": "2", "owner": current_user.username},
    ]

@app.post("/register")
async def register(username: str, password: str, email: str, full_name: Optional[str] = None):
    """
    Register new user
    """
    # Check if user exists
    if username in fake_users_db:
        raise HTTPException(status_code=400, detail="Username already registered")
    
    # Hash password
    hashed_password = get_password_hash(password)
    
    # Create user
    user_dict = {
        "username": username,
        "email": email,
        "full_name": full_name,
        "hashed_password": hashed_password,
        "disabled": False
    }
    
    # Save to database (in real app, save to actual database)
    fake_users_db[username] = user_dict
    
    return {"message": "User created successfully", "username": username}

# ==================== Protected Endpoints ====================

@app.get("/protected")
async def protected_route(current_user: User = Depends(get_current_active_user)):
    """
    Protected endpoint - requires authentication
    """
    return {
        "message": f"Hello {current_user.username}, you have access!",
        "user": current_user
    }

@app.get("/admin")
async def admin_route(current_user: User = Depends(get_current_active_user)):
    """
    Admin only endpoint (simplified - dalam praktik nyata, check role)
    """
    # Dalam praktik nyata, check user role dari database
    if current_user.username != "admin":
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail="Not enough permissions"
        )
    
    return {"message": "Welcome admin!"}

# ==================== Password Utilities ====================

@app.post("/hash-password")
def hash_password(password: str):
    """
    Utility endpoint untuk hash password
    (Hapus di production!)
    """
    hashed = get_password_hash(password)
    return {"hashed_password": hashed}

@app.post("/verify-password")
def check_password(password: str, hashed_password: str):
    """
    Utility endpoint untuk verify password
    (Hapus di production!)
    """
    is_valid = verify_password(password, hashed_password)
    return {"is_valid": is_valid}

# ==================== How to Use ====================

print("‚úÖ JWT Authentication examples created!")
print("\nüîê How to Use:")
print("\n1. Register a user:")
print("   POST /register")
print('   Body: {"username": "testuser", "password": "testpass", "email": "test@example.com"}')
print("\n2. Login to get token:")
print("   POST /token")
print("   Form data: username=johndoe&password=secret")
print("   Response: {\"access_token\": \"eyJ...\", \"token_type\": \"bearer\"}")
print("\n3. Access protected endpoint:")
print("   GET /users/me")
print("   Header: Authorization: Bearer eyJ...")
print("\n4. Test with built-in docs:")
print("   - Go to /docs")
print("   - Click 'Authorize' button")
print("   - Login with username/password")
print("   - Try protected endpoints")
print("\nüìù Default users:")
print("   username: johndoe, password: secret")
print("   username: alice, password: secret")
print("\nüîí Security Notes:")
print("- Change SECRET_KEY di production!")
print("- Simpan SECRET_KEY di environment variable")
print("- Gunakan HTTPS di production")
print("- Set appropriate token expiration time")
print("- Never log or expose tokens")
print("- Implement refresh tokens untuk long-lived sessions")

## 18. ‚ö° Background Tasks

Background tasks memungkinkan Anda menjalankan operasi di background setelah mengembalikan response. Berguna untuk:
- üìß Sending emails
- üñºÔ∏è Image processing
- üìä Logging dan analytics
- üîÑ Data synchronization
- üóëÔ∏è Cleanup operations

### Keuntungan:
- Response cepat ke client
- Heavy operations tidak block request
- Simple API (tidak perlu Celery untuk kasus sederhana)

In [None]:
from fastapi import FastAPI, BackgroundTasks, HTTPException
from pydantic import BaseModel, EmailStr
import time
from typing import List
import logging

app = FastAPI()

# Setup logging
logging.basicConfig(level=logging.INFO)
logger = logging.getLogger(__name__)

# ==================== Simple Background Task ====================

def write_log(message: str):
    """
    Simple background task untuk write log
    """
    time.sleep(2)  # Simulate slow operation
    logger.info(f"Background task: {message}")
    # Dalam praktik nyata, write ke file atau database

@app.post("/send-notification/")
async def send_notification(email: str, background_tasks: BackgroundTasks):
    """
    Endpoint yang menggunakan background task
    Response langsung dikembalikan, task jalan di background
    """
    # Add task to background
    background_tasks.add_task(write_log, f"Notification sent to {email}")
    
    return {"message": "Notification will be sent in background"}

# ==================== Email Sending (Simulated) ====================

def send_email(email: str, subject: str, body: str):
    """
    Simulate sending email (slow operation)
    """
    logger.info(f"Sending email to {email}")
    time.sleep(3)  # Simulate email sending delay
    logger.info(f"Email sent to {email} - Subject: {subject}")
    # Dalam praktik nyata, gunakan SMTP atau email service

@app.post("/register-and-send-email/")
async def register_user(
    email: str,
    username: str,
    background_tasks: BackgroundTasks
):
    """
    Register user dan send welcome email di background
    """
    # Register user (fast)
    user_data = {"email": email, "username": username}
    
    # Send welcome email in background
    background_tasks.add_task(
        send_email,
        email,
        "Welcome!",
        f"Hello {username}, welcome to our platform!"
    )
    
    return {
        "message": "User registered successfully",
        "user": user_data,
        "info": "Welcome email will be sent shortly"
    }

# ==================== Multiple Background Tasks ====================

def task_one(name: str):
    time.sleep(1)
    logger.info(f"Task 1 completed for {name}")

def task_two(name: str):
    time.sleep(2)
    logger.info(f"Task 2 completed for {name}")

def task_three(name: str):
    time.sleep(1)
    logger.info(f"Task 3 completed for {name}")

@app.post("/multiple-tasks/")
async def multiple_tasks(name: str, background_tasks: BackgroundTasks):
    """
    Add multiple background tasks
    Tasks akan dijalankan secara sequential
    """
    background_tasks.add_task(task_one, name)
    background_tasks.add_task(task_two, name)
    background_tasks.add_task(task_three, name)
    
    return {"message": f"Processing {name} with multiple tasks"}

# ==================== Image Processing ====================

def process_image(filename: str):
    """
    Simulate image processing
    """
    logger.info(f"Processing image: {filename}")
    time.sleep(5)  # Simulate heavy processing
    logger.info(f"Image processed: {filename}")
    # Dalam praktik nyata:
    # - Resize image
    # - Compress
    # - Generate thumbnails
    # - Extract metadata

@app.post("/upload-image/")
async def upload_image(filename: str, background_tasks: BackgroundTasks):
    """
    Upload image dan process di background
    """
    # Save file (fast)
    logger.info(f"Image saved: {filename}")
    
    # Process in background (slow)
    background_tasks.add_task(process_image, filename)
    
    return {
        "message": "Image uploaded successfully",
        "filename": filename,
        "info": "Processing will complete shortly"
    }

# ==================== Data Analytics ====================

def log_analytics(user_id: int, action: str, metadata: dict):
    """
    Log analytics data
    """
    time.sleep(1)
    analytics_data = {
        "user_id": user_id,
        "action": action,
        "metadata": metadata,
        "timestamp": time.time()
    }
    logger.info(f"Analytics logged: {analytics_data}")
    # Dalam praktik nyata, save ke analytics database atau service

@app.post("/action/")
async def perform_action(
    user_id: int,
    action: str,
    background_tasks: BackgroundTasks
):
    """
    Perform action dan log analytics di background
    """
    # Perform action (fast)
    result = {"status": "completed", "action": action}
    
    # Log analytics in background
    background_tasks.add_task(
        log_analytics,
        user_id,
        action,
        {"result": result}
    )
    
    return result

# ==================== Cleanup Operations ====================

def cleanup_temp_files(directory: str):
    """
    Cleanup temporary files
    """
    logger.info(f"Cleaning up {directory}")
    time.sleep(2)
    logger.info(f"Cleanup completed for {directory}")
    # Dalam praktik nyata, delete old temp files

@app.post("/process-data/")
async def process_data(data: dict, background_tasks: BackgroundTasks):
    """
    Process data dan cleanup di background
    """
    # Process data
    result = {"processed": True, "data": data}
    
    # Cleanup temp files in background
    background_tasks.add_task(cleanup_temp_files, "/tmp/data")
    
    return result

# ==================== Notification System ====================

class Notification(BaseModel):
    user_id: int
    message: str
    type: str

def send_notification_to_user(notification: Notification):
    """
    Send notification to user
    """
    logger.info(f"Sending notification to user {notification.user_id}")
    time.sleep(2)
    logger.info(f"Notification sent: {notification.message}")
    # Dalam praktik nyata:
    # - Send push notification
    # - Send SMS
    # - Send in-app notification

@app.post("/notify/")
async def notify_user(
    notification: Notification,
    background_tasks: BackgroundTasks
):
    """
    Create notification and send di background
    """
    # Save notification to database (fast)
    notification_id = 123  # Generated ID
    
    # Send notification in background
    background_tasks.add_task(send_notification_to_user, notification)
    
    return {
        "notification_id": notification_id,
        "status": "queued",
        "message": "Notification will be sent shortly"
    }

# ==================== Batch Operations ====================

def process_batch(items: List[str]):
    """
    Process batch of items
    """
    logger.info(f"Processing batch of {len(items)} items")
    
    for item in items:
        time.sleep(0.5)  # Simulate processing each item
        logger.info(f"Processed: {item}")
    
    logger.info("Batch processing completed")

@app.post("/batch-process/")
async def batch_process(items: List[str], background_tasks: BackgroundTasks):
    """
    Submit batch for processing
    """
    if not items:
        raise HTTPException(status_code=400, detail="No items to process")
    
    # Process in background
    background_tasks.add_task(process_batch, items)
    
    return {
        "message": f"Batch of {len(items)} items submitted",
        "status": "processing",
        "items_count": len(items)
    }

# ==================== Report Generation ====================

def generate_report(user_id: int, report_type: str):
    """
    Generate report (slow operation)
    """
    logger.info(f"Generating {report_type} report for user {user_id}")
    time.sleep(5)  # Simulate report generation
    logger.info(f"Report generated: {report_type}")
    # Dalam praktik nyata:
    # - Query database
    # - Process data
    # - Generate PDF
    # - Save to storage
    # - Send email with link

@app.post("/generate-report/")
async def request_report(
    user_id: int,
    report_type: str,
    background_tasks: BackgroundTasks
):
    """
    Request report generation
    """
    # Generate report in background
    background_tasks.add_task(generate_report, user_id, report_type)
    
    return {
        "message": "Report generation started",
        "report_type": report_type,
        "status": "processing",
        "info": "You will receive an email when report is ready"
    }

# ==================== Database Cleanup ====================

def cleanup_old_records(days: int = 30):
    """
    Cleanup records older than specified days
    """
    logger.info(f"Cleaning up records older than {days} days")
    time.sleep(3)
    logger.info("Cleanup completed")
    # Dalam praktik nyata:
    # - Connect to database
    # - Delete old records
    # - Optimize tables

@app.post("/cleanup/")
async def trigger_cleanup(days: int = 30, background_tasks: BackgroundTasks):
    """
    Trigger database cleanup
    """
    background_tasks.add_task(cleanup_old_records, days)
    
    return {
        "message": "Cleanup started",
        "days": days,
        "status": "processing"
    }

# ==================== Background Task dengan Error Handling ====================

def risky_task(value: int):
    """
    Task yang mungkin error
    """
    try:
        logger.info(f"Running risky task with value: {value}")
        time.sleep(2)
        
        if value < 0:
            raise ValueError("Value must be positive")
        
        logger.info("Risky task completed successfully")
    except Exception as e:
        logger.error(f"Error in background task: {str(e)}")
        # Dalam praktik nyata:
        # - Log to error tracking service
        # - Send alert
        # - Retry logic

@app.post("/risky-operation/")
async def risky_operation(value: int, background_tasks: BackgroundTasks):
    """
    Endpoint dengan background task yang might fail
    """
    background_tasks.add_task(risky_task, value)
    
    return {"message": "Operation started", "value": value}

print("‚úÖ Background Tasks examples created!")
print("\nBackground Tasks Features:")
print("- Simple task execution")
print("- Email sending")
print("- Image processing")
print("- Analytics logging")
print("- Cleanup operations")
print("- Batch processing")
print("- Report generation")
print("- Multiple tasks per request")
print("\nüí° Important Notes:")
print("- Tasks run after response is sent")
print("- Tasks run sequentially (not parallel)")
print("- Good for simple async operations")
print("- For complex workflows, consider Celery atau RQ")
print("- Add error handling in task functions")
print("- Tasks don't have access to request context")
print("\nüîÑ When to Use:")
print("- ‚úÖ Sending emails")
print("- ‚úÖ Logging")
print("- ‚úÖ Simple file processing")
print("- ‚úÖ Cleanup operations")
print("- ‚ùå Long-running tasks (use task queue instead)")
print("- ‚ùå Tasks that need retry logic")
print("- ‚ùå Complex workflows")

## 19. üß™ Testing FastAPI Applications

Testing adalah crucial untuk aplikasi production. FastAPI makes testing easy dengan `TestClient`.

### Instalasi:
```bash
pip install pytest
pip install httpx  # Required for TestClient
```

### Benefits:
- ‚úÖ Automatic dependency override
- ‚úÖ Easy to mock
- ‚úÖ Fast execution
- ‚úÖ No need to run server

In [None]:
# Testing FastAPI Applications
# Install: pip install pytest httpx

from fastapi import FastAPI, Depends, HTTPException, status
from fastapi.testclient import TestClient
from pydantic import BaseModel
from typing import Optional, List

# ==================== Application to Test ====================

app = FastAPI()

# Models
class Item(BaseModel):
    name: str
    price: float
    description: Optional[str] = None

# Fake database
items_db = {}

# Dependency
def get_db():
    return items_db

# Endpoints
@app.get("/")
def read_root():
    return {"message": "Hello World"}

@app.get("/items/", response_model=List[Item])
def get_items(db: dict = Depends(get_db)):
    return list(db.values())

@app.get("/items/{item_id}", response_model=Item)
def get_item(item_id: int, db: dict = Depends(get_db)):
    if item_id not in db:
        raise HTTPException(status_code=404, detail="Item not found")
    return db[item_id]

@app.post("/items/", response_model=Item, status_code=201)
def create_item(item: Item, db: dict = Depends(get_db)):
    item_id = len(db) + 1
    db[item_id] = item
    return item

@app.put("/items/{item_id}", response_model=Item)
def update_item(item_id: int, item: Item, db: dict = Depends(get_db)):
    if item_id not in db:
        raise HTTPException(status_code=404, detail="Item not found")
    db[item_id] = item
    return item

@app.delete("/items/{item_id}")
def delete_item(item_id: int, db: dict = Depends(get_db)):
    if item_id not in db:
        raise HTTPException(status_code=404, detail="Item not found")
    del db[item_id]
    return {"message": "Item deleted"}

# ==================== Test Client ====================

client = TestClient(app)

# ==================== Basic Tests ====================

def test_read_root():
    """Test root endpoint"""
    response = client.get("/")
    assert response.status_code == 200
    assert response.json() == {"message": "Hello World"}

def test_create_item():
    """Test creating item"""
    item_data = {
        "name": "Test Item",
        "price": 10.5,
        "description": "A test item"
    }
    
    response = client.post("/items/", json=item_data)
    
    assert response.status_code == 201
    data = response.json()
    assert data["name"] == item_data["name"]
    assert data["price"] == item_data["price"]
    assert data["description"] == item_data["description"]

def test_get_items():
    """Test getting all items"""
    response = client.get("/items/")
    assert response.status_code == 200
    assert isinstance(response.json(), list)

def test_get_item():
    """Test getting specific item"""
    # First create an item
    item_data = {"name": "Test", "price": 20}
    create_response = client.post("/items/", json=item_data)
    
    # Then get it
    response = client.get("/items/1")
    assert response.status_code == 200
    data = response.json()
    assert data["name"] == item_data["name"]

def test_get_nonexistent_item():
    """Test getting item that doesn't exist"""
    response = client.get("/items/999")
    assert response.status_code == 404
    assert response.json() == {"detail": "Item not found"}

def test_update_item():
    """Test updating item"""
    # Create item
    create_response = client.post("/items/", json={"name": "Old", "price": 10})
    
    # Update it
    update_data = {"name": "New", "price": 20}
    response = client.put("/items/1", json=update_data)
    
    assert response.status_code == 200
    data = response.json()
    assert data["name"] == "New"
    assert data["price"] == 20

def test_delete_item():
    """Test deleting item"""
    # Create item
    client.post("/items/", json={"name": "To Delete", "price": 5})
    
    # Delete it
    response = client.delete("/items/1")
    assert response.status_code == 200
    assert response.json() == {"message": "Item deleted"}
    
    # Verify it's deleted
    get_response = client.get("/items/1")
    assert get_response.status_code == 404

# ==================== Validation Tests ====================

def test_create_item_invalid_data():
    """Test creating item with invalid data"""
    # Missing required field
    invalid_data = {"name": "Test"}  # Missing price
    
    response = client.post("/items/", json=invalid_data)
    assert response.status_code == 422  # Validation error

def test_create_item_wrong_type():
    """Test creating item with wrong data type"""
    invalid_data = {"name": "Test", "price": "not_a_number"}
    
    response = client.post("/items/", json=invalid_data)
    assert response.status_code == 422

# ==================== Testing with Fixtures ====================

# Contoh pytest fixtures (simpan di conftest.py dalam praktik nyata)
"""
import pytest
from fastapi.testclient import TestClient
from main import app

@pytest.fixture
def client():
    '''Fixture untuk test client'''
    return TestClient(app)

@pytest.fixture
def sample_item():
    '''Fixture untuk sample item'''
    return {
        "name": "Sample Item",
        "price": 15.99,
        "description": "A sample item for testing"
    }

def test_with_fixtures(client, sample_item):
    '''Test menggunakan fixtures'''
    response = client.post("/items/", json=sample_item)
    assert response.status_code == 201
"""

# ==================== Dependency Override ====================

def test_dependency_override():
    """Test dengan override dependency"""
    
    # Create mock database
    mock_db = {
        1: Item(name="Mock Item", price=100)
    }
    
    # Override dependency
    app.dependency_overrides[get_db] = lambda: mock_db
    
    # Test
    response = client.get("/items/1")
    assert response.status_code == 200
    assert response.json()["name"] == "Mock Item"
    
    # Clear override
    app.dependency_overrides = {}

# ==================== Testing Headers ====================

def test_with_headers():
    """Test request with custom headers"""
    headers = {
        "X-Token": "test-token",
        "User-Agent": "test-agent"
    }
    
    response = client.get("/", headers=headers)
    assert response.status_code == 200

# ==================== Testing Query Parameters ====================

def test_query_parameters():
    """Test endpoint dengan query parameters"""
    # Jika ada endpoint dengan query params
    # response = client.get("/search/?q=test&limit=10")
    pass

# ==================== Async Tests ====================

"""
# Untuk async tests, gunakan pytest-asyncio

import pytest
from httpx import AsyncClient

@pytest.mark.asyncio
async def test_async_endpoint():
    async with AsyncClient(app=app, base_url="http://test") as ac:
        response = await ac.get("/")
    assert response.status_code == 200
"""

# ==================== Run Tests ====================

print("‚úÖ Testing examples created!")
print("\nüß™ How to Run Tests:")
print("\n1. Save test code in file: test_main.py")
print("2. Run all tests:")
print("   pytest")
print("\n3. Run specific test:")
print("   pytest test_main.py::test_read_root")
print("\n4. Run with verbose output:")
print("   pytest -v")
print("\n5. Run with coverage:")
print("   pytest --cov=main --cov-report=html")
print("\n6. Run and show print statements:")
print("   pytest -s")
print("\nüìÅ Project Structure:")
print("project/")
print("‚îú‚îÄ‚îÄ main.py              # Your FastAPI app")
print("‚îú‚îÄ‚îÄ test_main.py         # Tests")
print("‚îú‚îÄ‚îÄ conftest.py          # Pytest fixtures")
print("‚îî‚îÄ‚îÄ requirements.txt")
print("\nüí° Testing Best Practices:")
print("- Test all endpoints (GET, POST, PUT, DELETE)")
print("- Test validation (invalid data)")
print("- Test error cases (404, 422, etc)")
print("- Test authentication and authorization")
print("- Use fixtures untuk reusable test data")
print("- Mock external dependencies (database, APIs)")
print("- Test edge cases")
print("- Aim for high code coverage (>80%)")
print("\nüéØ What to Test:")
print("- ‚úÖ All endpoints")
print("- ‚úÖ Request/response models")
print("- ‚úÖ Validation logic")
print("- ‚úÖ Authentication")
print("- ‚úÖ Error handling")
print("- ‚úÖ Business logic")
print("- ‚úÖ Database operations")
print("- ‚úÖ Dependencies")

## 20. üöÄ Best Practices dan Tips

### üìÇ Project Structure

Struktur project yang baik sangat penting untuk maintainability:

```
my_fastapi_project/
‚îú‚îÄ‚îÄ app/
‚îÇ   ‚îú‚îÄ‚îÄ __init__.py
‚îÇ   ‚îú‚îÄ‚îÄ main.py              # FastAPI app instance
‚îÇ   ‚îú‚îÄ‚îÄ config.py            # Configuration settings
‚îÇ   ‚îú‚îÄ‚îÄ database.py          # Database connection
‚îÇ   ‚îú‚îÄ‚îÄ models/              # SQLAlchemy models
‚îÇ   ‚îÇ   ‚îú‚îÄ‚îÄ __init__.py
‚îÇ   ‚îÇ   ‚îú‚îÄ‚îÄ user.py
‚îÇ   ‚îÇ   ‚îî‚îÄ‚îÄ post.py
‚îÇ   ‚îú‚îÄ‚îÄ schemas/             # Pydantic schemas
‚îÇ   ‚îÇ   ‚îú‚îÄ‚îÄ __init__.py
‚îÇ   ‚îÇ   ‚îú‚îÄ‚îÄ user.py
‚îÇ   ‚îÇ   ‚îî‚îÄ‚îÄ post.py
‚îÇ   ‚îú‚îÄ‚îÄ routers/             # API routes
‚îÇ   ‚îÇ   ‚îú‚îÄ‚îÄ __init__.py
‚îÇ   ‚îÇ   ‚îú‚îÄ‚îÄ users.py
‚îÇ   ‚îÇ   ‚îî‚îÄ‚îÄ posts.py
‚îÇ   ‚îú‚îÄ‚îÄ dependencies/        # Shared dependencies
‚îÇ   ‚îÇ   ‚îú‚îÄ‚îÄ __init__.py
‚îÇ   ‚îÇ   ‚îî‚îÄ‚îÄ auth.py
‚îÇ   ‚îú‚îÄ‚îÄ utils/               # Utility functions
‚îÇ   ‚îÇ   ‚îú‚îÄ‚îÄ __init__.py
‚îÇ   ‚îÇ   ‚îî‚îÄ‚îÄ helpers.py
‚îÇ   ‚îî‚îÄ‚îÄ tests/               # Tests
‚îÇ       ‚îú‚îÄ‚îÄ __init__.py
‚îÇ       ‚îú‚îÄ‚îÄ test_users.py
‚îÇ       ‚îî‚îÄ‚îÄ test_posts.py
‚îú‚îÄ‚îÄ alembic/                 # Database migrations
‚îú‚îÄ‚îÄ .env                     # Environment variables
‚îú‚îÄ‚îÄ .gitignore
‚îú‚îÄ‚îÄ requirements.txt
‚îî‚îÄ‚îÄ README.md
```

In [None]:
# Best Practices dan Tips untuk FastAPI

print("=" * 60)
print("üéØ BEST PRACTICES FASTAPI")
print("=" * 60)

# ==================== 1. Configuration Management ====================

print("\n1. üìù Configuration Management")
print("-" * 60)

"""
Gunakan pydantic BaseSettings untuk manage configuration

# config.py
from pydantic import BaseSettings

class Settings(BaseSettings):
    app_name: str = "FastAPI App"
    database_url: str
    secret_key: str
    debug: bool = False
    
    class Config:
        env_file = ".env"

settings = Settings()

# .env file
DATABASE_URL=postgresql://user:pass@localhost/dbname
SECRET_KEY=your-secret-key
DEBUG=True
"""

print("‚úÖ Use pydantic BaseSettings")
print("‚úÖ Store secrets in environment variables")
print("‚úÖ Never commit .env to git")
print("‚úÖ Use different configs for dev/staging/prod")

# ==================== 2. Router Organization ====================

print("\n2. üìÅ Router Organization")
print("-" * 60)

"""
Pisahkan routes berdasarkan resource

# app/routers/users.py
from fastapi import APIRouter

router = APIRouter(
    prefix="/users",
    tags=["users"],
    responses={404: {"description": "Not found"}}
)

@router.get("/")
async def get_users():
    return []

@router.get("/{user_id}")
async def get_user(user_id: int):
    return {}

# app/main.py
from fastapi import FastAPI
from app.routers import users, posts

app = FastAPI()

app.include_router(users.router)
app.include_router(posts.router)
"""

print("‚úÖ Use APIRouter untuk group routes")
print("‚úÖ Prefix dan tags untuk organization")
print("‚úÖ One router per resource")

# ==================== 3. Dependency Injection ====================

print("\n3. üîå Dependency Injection")
print("-" * 60)

print("‚úÖ Use dependencies untuk:")
print("   - Database sessions")
print("   - Authentication")
print("   - Pagination")
print("   - Common query parameters")
print("‚úÖ Dependencies bisa have dependencies (nested)")
print("‚úÖ Use yield untuk cleanup (close database, etc)")

# ==================== 4. Error Handling ====================

print("\n4. ‚ö†Ô∏è Error Handling")
print("-" * 60)

"""
Custom exception handlers

from fastapi import FastAPI, Request, HTTPException
from fastapi.responses import JSONResponse

app = FastAPI()

class CustomException(Exception):
    def __init__(self, name: str):
        self.name = name

@app.exception_handler(CustomException)
async def custom_exception_handler(request: Request, exc: CustomException):
    return JSONResponse(
        status_code=418,
        content={"message": f"Oops! {exc.name} did something wrong."}
    )

@app.exception_handler(HTTPException)
async def http_exception_handler(request: Request, exc: HTTPException):
    return JSONResponse(
        status_code=exc.status_code,
        content={"detail": exc.detail}
    )
"""

print("‚úÖ Use HTTPException untuk standard errors")
print("‚úÖ Create custom exceptions untuk business logic")
print("‚úÖ Implement global exception handlers")
print("‚úÖ Return consistent error format")

# ==================== 5. Validation ====================

print("\n5. ‚úîÔ∏è Validation")
print("-" * 60)

print("‚úÖ Use Pydantic Field untuk validation")
print("‚úÖ Custom validators dengan @validator")
print("‚úÖ Use regex untuk string patterns")
print("‚úÖ Use Enum untuk limited choices")
print("‚úÖ Validate at endpoint level, not in business logic")

# ==================== 6. Security ====================

print("\n6. üîí Security")
print("-" * 60)

print("‚úÖ Always use HTTPS in production")
print("‚úÖ Hash passwords dengan bcrypt")
print("‚úÖ Use JWT untuk authentication")
print("‚úÖ Implement rate limiting")
print("‚úÖ Validate all user input")
print("‚úÖ Use CORS properly (not allow_origins=['*'] in prod)")
print("‚úÖ Set security headers")
print("‚úÖ Never log sensitive data")
print("‚úÖ Use parameterized queries (SQLAlchemy ORM)")
print("‚úÖ Keep dependencies updated")

# ==================== 7. Performance ====================

print("\n7. ‚ö° Performance")
print("-" * 60)

print("‚úÖ Use async/await untuk I/O operations")
print("‚úÖ Use connection pooling untuk database")
print("‚úÖ Implement caching (Redis, memcached)")
print("‚úÖ Use pagination untuk large datasets")
print("‚úÖ Add database indexes")
print("‚úÖ Use background tasks untuk heavy operations")
print("‚úÖ Optimize database queries (avoid N+1)")
print("‚úÖ Use CDN untuk static files")
print("‚úÖ Enable GZip compression")
print("‚úÖ Monitor performance dengan APM tools")

# ==================== 8. Documentation ====================

print("\n8. üìö Documentation")
print("-" * 60)

print("‚úÖ Write clear docstrings untuk endpoints")
print("‚úÖ Use tags untuk group endpoints")
print("‚úÖ Provide examples dalam schemas")
print("‚úÖ Document response models")
print("‚úÖ Add descriptions untuk parameters")
print("‚úÖ Customize OpenAPI schema")
print("‚úÖ Keep README updated")

# ==================== 9. Testing ====================

print("\n9. üß™ Testing")
print("-" * 60)

print("‚úÖ Write tests untuk all endpoints")
print("‚úÖ Test happy path dan error cases")
print("‚úÖ Use pytest fixtures")
print("‚úÖ Mock external dependencies")
print("‚úÖ Test authentication dan authorization")
print("‚úÖ Aim for >80% code coverage")
print("‚úÖ Use TestClient")
print("‚úÖ Run tests in CI/CD")

# ==================== 10. Deployment ====================

print("\n10. üöÄ Deployment")
print("-" * 60)

print("‚úÖ Use Docker untuk containerization")
print("‚úÖ Use gunicorn atau uvicorn workers")
print("‚úÖ Set up proper logging")
print("‚úÖ Use environment variables")
print("‚úÖ Implement health checks")
print("‚úÖ Use reverse proxy (Nginx, Traefik)")
print("‚úÖ Set up monitoring (Prometheus, Grafana)")
print("‚úÖ Implement CI/CD pipeline")
print("‚úÖ Use database migrations (Alembic)")
print("‚úÖ Have backup strategy")

# ==================== 11. Code Quality ====================

print("\n11. üìä Code Quality")
print("-" * 60)

print("‚úÖ Follow PEP 8 style guide")
print("‚úÖ Use type hints everywhere")
print("‚úÖ Use linters (pylint, flake8)")
print("‚úÖ Use formatters (black, autopep8)")
print("‚úÖ Keep functions small dan focused")
print("‚úÖ Avoid code duplication")
print("‚úÖ Write readable code")
print("‚úÖ Use meaningful variable names")

# ==================== 12. API Design ====================

print("\n12. üé® API Design")
print("-" * 60)

print("‚úÖ Follow RESTful conventions")
print("‚úÖ Use proper HTTP methods (GET, POST, PUT, DELETE)")
print("‚úÖ Use proper status codes")
print("‚úÖ Version your API (/api/v1/)")
print("‚úÖ Use plural nouns untuk resources (/users, not /user)")
print("‚úÖ Use kebab-case atau snake_case consistently")
print("‚úÖ Return consistent response format")
print("‚úÖ Implement pagination")
print("‚úÖ Implement filtering dan sorting")
print("‚úÖ Document breaking changes")

# ==================== Resources ====================

print("\n" + "=" * 60)
print("üìö LEARNING RESOURCES")
print("=" * 60)

resources = {
    "Official Documentation": "https://fastapi.tiangolo.com/",
    "FastAPI GitHub": "https://github.com/tiangolo/fastapi",
    "Tutorial": "https://fastapi.tiangolo.com/tutorial/",
    "Advanced User Guide": "https://fastapi.tiangolo.com/advanced/",
    "Awesome FastAPI": "https://github.com/mjhea0/awesome-fastapi",
    "FastAPI Best Practices": "https://github.com/zhanymkanov/fastapi-best-practices",
}

for name, url in resources.items():
    print(f"‚Ä¢ {name}: {url}")

# ==================== Common Mistakes ====================

print("\n" + "=" * 60)
print("‚ùå COMMON MISTAKES TO AVOID")
print("=" * 60)

mistakes = [
    "Using sync database drivers dengan async endpoints",
    "Not using connection pooling",
    "Exposing internal errors to clients",
    "Not validating user input",
    "Hardcoding sensitive data",
    "Not using dependencies untuk shared logic",
    "Creating god classes/functions",
    "Not handling exceptions properly",
    "Using allow_origins=['*'] dengan allow_credentials=True",
    "Not testing edge cases",
    "Committing .env file",
    "Not using response models",
    "Blocking I/O operations in async functions",
    "Not implementing pagination",
    "Poor error messages",
]

for i, mistake in enumerate(mistakes, 1):
    print(f"{i}. {mistake}")

# ==================== Quick Tips ====================

print("\n" + "=" * 60)
print("üí° QUICK TIPS")
print("=" * 60)

tips = [
    "Use response_model untuk automatic filtering",
    "Use ... untuk required fields di Body/Query/Path",
    "Use status.HTTP_* constants instead of numbers",
    "Background tasks good untuk simple async, use Celery untuk complex",
    "Use orm_mode=True dalam Pydantic Config untuk SQLAlchemy",
    "Dependency injection makes testing easier",
    "Use @lru_cache untuk cache expensive operations",
    "Interactive docs di /docs dan /redoc",
    "Use async def hanya jika truly async (I/O operations)",
    "TestClient tidak perlu run server",
]

for tip in tips:
    print(f"üí° {tip}")

print("\n" + "=" * 60)
print("‚ú® SELAMAT BELAJAR FASTAPI! ‚ú®")
print("=" * 60)
print("\nJika ada pertanyaan atau butuh bantuan:")
print("- Baca dokumentasi official: https://fastapi.tiangolo.com")
print("- Join Discord FastAPI community")
print("- Stack Overflow dengan tag [fastapi]")
print("- GitHub discussions")
print("\nüöÄ Happy Coding! üöÄ")

## üéì Kesimpulan dan Langkah Selanjutnya

Selamat! Anda telah mempelajari FastAPI dari dasar hingga advanced! üéâ

### üìù Apa yang Sudah Dipelajari:

1. ‚úÖ **Instalasi dan Setup** - FastAPI dan Uvicorn
2. ‚úÖ **Aplikasi Pertama** - Hello World dan routing dasar
3. ‚úÖ **Path Parameters** - Dynamic URL parameters
4. ‚úÖ **Query Parameters** - Filtering dan pagination
5. ‚úÖ **Request Body** - Pydantic models dan validation
6. ‚úÖ **Response Models** - Output validation dan filtering
7. ‚úÖ **HTTP Methods** - CRUD operations lengkap
8. ‚úÖ **Status Codes** - Proper HTTP status codes
9. ‚úÖ **Form Data** - HTML form handling
10. ‚úÖ **File Uploads** - Single dan multiple file uploads
11. ‚úÖ **Headers** - Custom dan standard headers
12. ‚úÖ **Cookies** - Session management
13. ‚úÖ **Dependencies** - Dependency injection pattern
14. ‚úÖ **Middleware** - Request/response processing
15. ‚úÖ **CORS** - Cross-origin resource sharing
16. ‚úÖ **Database** - SQLAlchemy integration
17. ‚úÖ **Authentication** - JWT-based security
18. ‚úÖ **Background Tasks** - Async operations
19. ‚úÖ **Testing** - Unit dan integration tests
20. ‚úÖ **Best Practices** - Production-ready code

### üéØ Langkah Selanjutnya:

#### 1. **Build a Real Project**
   - Todo App dengan database
   - Blog atau CMS
   - E-commerce API
   - Social media backend
   - Analytics dashboard API

#### 2. **Advanced Topics**
   - WebSockets untuk real-time communication
   - GraphQL dengan Strawberry
   - Microservices architecture
   - Message queues (RabbitMQ, Kafka)
   - Caching dengan Redis
   - Full-text search dengan Elasticsearch

#### 3. **DevOps dan Deployment**
   - Docker dan Docker Compose
   - Kubernetes deployment
   - CI/CD dengan GitHub Actions
   - Monitoring dengan Prometheus/Grafana
   - Logging dengan ELK stack
   - AWS/GCP/Azure deployment

#### 4. **Performance Optimization**
   - Database query optimization
   - Caching strategies
   - Load balancing
   - Horizontal scaling
   - CDN integration

#### 5. **Security Deep Dive**
   - OAuth2 flows
   - Role-based access control (RBAC)
   - API rate limiting
   - SQL injection prevention
   - XSS and CSRF protection

### üìö Recommended Next Steps:

```python
# 1. Build a complete CRUD API with database
# 2. Add authentication dan authorization
# 3. Write comprehensive tests
# 4. Deploy ke production
# 5. Monitor dan optimize
```

### üîó Useful Links:

- **Official Docs**: https://fastapi.tiangolo.com/
- **GitHub**: https://github.com/tiangolo/fastapi
- **Discord Community**: https://discord.com/invite/VQjSZaeJmf
- **Stack Overflow**: Tag `[fastapi]`
- **Twitter**: @fastapi @tiangolo

### üí™ Challenge Yourself:

Coba buat project berikut untuk practice:

1. **Blog API**
   - User registration & authentication
   - CRUD articles
   - Comments
   - Categories & tags
   - Search functionality

2. **E-commerce API**
   - Product catalog
   - Shopping cart
   - Order management
   - Payment integration
   - Inventory tracking

3. **Task Management API**
   - Projects & tasks
   - Team collaboration
   - File attachments
   - Notifications
   - Activity logs

### üåü Remember:

> "The best way to learn is by doing. Build something, break it, fix it, and repeat!"

Terus berlatih, baca dokumentasi, dan jangan takut untuk bereksperimen!

### üôè Thank You!

Terima kasih telah mengikuti tutorial FastAPI yang lengkap ini. Semoga bermanfaat untuk perjalanan programming Anda!

**Happy Coding! üöÄ**

---

*Notebook ini dibuat sebagai comprehensive guide untuk belajar FastAPI. Silakan dimodifikasi dan dikembangkan sesuai kebutuhan Anda.*

## 19. üß™ Testing FastAPI Applications

Testing adalah bagian penting dari development. FastAPI mempermudah testing dengan `TestClient` dari Starlette.

### Instalasi:
```bash
pip install pytest
pip install httpx  # Required untuk TestClient
```

### Testing Tools:
- **TestClient**: Client untuk test API tanpa perlu run server
- **pytest**: Framework testing
- **pytest fixtures**: Untuk setup dan teardown
- **Coverage**: Untuk measure test coverage