How to add a header field to the request in a middleware?

[deeplook]

I'm still very new to FastAPI, but I start with a tricky issue. I start a FastAPI server programmatically in a separate process and want to add a token value in the request header in some middleware. I have found various snippets that show how to add a field to the response header of a middlewhere, but I need it in the request header because in the route there will be another request made using requests.get() using that token in the header. I see that the request headers are immutable so I've tried to create a replacement request object, but I keep getting 500 when running this. Any help would be greatly appreciated.

Example

import multiprocessing
import fastapi
import requests
import uvicorn
from starlette.datastructures import Headers

app = fastapi.FastAPI()

@app.get("/ping")
async def ping() -> fastapi.Response:
    """
    GET httpbin.org/headers with added token in header.
    Return text body with token copied from result.
    """
    from flask import request
    j = requests.get(
        "https://httpbin.org/headers",
        headers={
            "token": "some_token",  # works
            # "token": request.headers.get('token')  # -> 500
        }
    ).json()
    return fastapi.Response(
        content="pong",
        media_type="text/plain",
        headers={
            "access-control-allow-origin": "*",
            "x-token": j["headers"]["Token"]
        }
    )

def start(port, token):
    """Run the FastAPI app from a Uvicorn server.
    """
    @app.middleware("http")
    async def add_token_header(request: fastapi.Request, call_next):

        # this likely contains some very erroneous thinking:
        scope = {k: request.scope[k] for k in request.scope.keys() if k != "headers"}
        headers = dict(request.headers)
        headers.update({"Authorization": f"Bearer {token}"})
        scope["headers"] = Headers(headers)
        request = fastapi.Request(scope=scope)  # -> 500

        response = await call_next(request)
        # this works, but is for the response, not the request:
        response.headers["Authorization"] = f"Bearer {token}"
        return response
    
    uvicorn.run(app, host="0.0.0.0", port=port)

def start_server(port, token) -> int:
    """Start a local server/proxy on some port.
    """
    p = multiprocessing.Process(target=start, args=(port, token))
    p.start()
    return port

Environment

• macOS 10.14.6
• FastAPI 0.63.0
• Python 3.8

[Dustyposa]

Where do you use the request header and do you have a code snippet?

[deeplook]

@Dustyposa I've expanded the "ping" endpoint above to call httpbin.org/headers. Adding a hardwired token there works (without manipulating the middleware request), but trying to access the flask header gives a 500. The client code is simple:

import requests
import myserver  # the code above

token = "foo"
myserver.start_server(port=8899, token=token)  # testing middleware
requests.get("http://localhost:8899/ping", headers={"token": token})  # testing explicitly

[Dustyposa]

@deeplook Got it.
You can try this way. Use the BaseHTTPMiddleware:

import fastapi
import requests
import uvicorn
from starlette.middleware.base import BaseHTTPMiddleware, RequestResponseEndpoint
from starlette.requests import Request
from starlette.responses import Response
from starlette.types import Scope, Receive, Send

app = fastapi.FastAPI()
token = "token"


@app.get("/ping")
async def ping(request: Request) -> fastapi.Response:
    """
    GET httpbin.org/headers with added token in header.
    Return text body with token copied from result.
    """
    j = requests.get(
        "https://httpbin.org/headers",
        headers={
            # "token": "some_token",  # works
            "token": request.headers.get('token')  # -> 500
        }
    ).json()
    return fastapi.Response(
        content="pong",
        media_type="text/plain",
        headers={
            "access-control-allow-origin": "*",
            "x-token": j["headers"]["Token"]
        }
    )


class CustomHttpMiddleware(BaseHTTPMiddleware):
    async def __call__(self, scope: Scope, receive: Receive, send: Send):
        if scope["type"] != "http":
            await self.app(scope, receive, send)
            return
        self._add_custom_headers(scope=scope)
        request = Request(scope, receive=receive)
        response = await self.dispatch_func(request, self.call_next)
        await response(scope, receive, send)

    async def dispatch(self, request: Request, call_next: RequestResponseEndpoint) -> Response:
        return await call_next(request)

    @classmethod
    def _add_custom_headers(cls, scope: Scope):
        scope["headers"].append((b"token", b"my_token"))


if __name__ == '__main__':
    app.add_middleware(CustomHttpMiddleware)
    uvicorn.run(app)

But I think this is not a good way to do. You changed the request.
If you only want to used it in path function. You can try this lib starlette_context. Like used in flask by context

[goingHan]

A error happen when the code arrives response = await self.dispatch_func(request, self.call_next) , because self does not have call_next function.
so, i use following code to achieve the same effect:
`
header_key_name = b'x-trans-id'
class CustomHttpMiddleware(BaseHTTPMiddleware):

async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
    have_trans_id = False
    for part in scope["headers"]:
        if part[0] == header_key_name:
            logger.debug(f"The request include X-TRANS-ID, {[part]}, break")
            have_trans_id = True
            break
    if not have_trans_id:
        trans_id = ScTool.get_trans_id()
        scope["headers"].append((header_key_name, trans_id.encode('utf-8')))
        logger.debug(f"Add X-TRANS-ID to Header, {trans_id}")

    await super().__call__(scope, receive, send)

async def dispatch(self, request: Request, call_next: RequestResponseEndpoint) -> Response:
    return await call_next(request)`

[deeplook]

I agree it looks like a wrong thing to do. I would also expect/hope for this to be easier. And my token is dynamic and I have to create it and pass it to the server at startup time.

[Dustyposa]

I agree it looks like a wrong thing to do. I would also expect/hope for this to be easier. And my token is dynamic and I have to create it and pass it to the server at startup time.

How about to the server at startup to catch token from a place like redis?

[deeplook]

Redis is not really a better option, as this is intended to be a more or less short-lived server started from a Jupyter notebook. It has to be hidden from the user and not bother him with starting something from the command-line, or knowing a "standard port" which is why I'm running it in a different process with a free port found at runtime. All this was "minimized" away from the above description.

[deeplook]

Essentially, the goal is to have a proxy for an HTTP GET, but with a token added to the headers. It sounds like there should be some existing FastAPI proxy middleware for this already.

[Dustyposa]

I see, but the key is active catch is ok?
If is ok, above place can be replaced by others.
How about ENV or command line parameters

[Dustyposa]

Essentially, the goal is to have a proxy for an HTTP GET, but with a token added to the headers. It sounds like there should be some existing FastAPI proxy middleware for this already.

Yes, there has a list

[deeplook]

The BaseHTTPMiddleware section on https://www.starlette.io/middleware passes a header_value in the constructor of CustomHeaderMiddleware, which looks promising. Maybe I'll try that.

[deeplook]

But it also adds to the response header, not the request header, so it would not be an improvement.

[Dustyposa]

Yes, need to rewrite the __call__ function. Like the above code.

[KiraPC]

@deeplook Hi, do you have to rewrite the request header? Or can you think to another type of solution?

I was thinking you can use the starlette request 'state' property to store your token and passed it through the application stack.

That's the starlette doc: https://www.starlette.io/requests/#other-state

[eddyizm]

This seems to be what I'm looking for, specifically to add the JWT token as the Authorization header to make it work with the jinja html templates.

[eddyizm]

@deeplook did you ever get this figured out? Seems much harder than it should be to add a header via middleware.

[deeplook]

Nope.

[eddyizm]

@deeplook I found this which allowed me to grab the token from the cookies by adding a middleware. Seems to have worked but I'm still testing it.

@app.middleware("http")
async def create_auth_header(
    request: Request,
    call_next,
):
    """
    Check if there are cookies set for authorization. If so, construct the
    Authorization header and modify the request (unless the header already
    exists!)
    """
    if ("Authorization" not in request.headers 
        and "Authorization" in request.cookies
        ):
        access_token = request.cookies["Authorization"]
        
        request.headers.__dict__["_list"].append(
            (
                "authorization".encode(),
                 f"Bearer {access_token}".encode(),
            )
        )
        print(request.headers)
    
    response = await call_next(request)
    return response

[haykharut]

Well, that didn't work.

looking at starlette source for headers

    def __getitem__(self, key: str) -> str:
        get_header_key = key.lower().encode("latin-1")
        for header_key, header_value in self._list:
            if header_key == get_header_key:
                return header_value.decode("latin-1")
        raise KeyError(key)

This basically means that we can add arbitrary headers by editing the _list property e.g. request.headers._list.append(("my-header".encode("latin-1"), "test-value".encode("latin-1")))

However, one thing to note is that when you try to retrieve a key, it is first cast to lowercase. Therefore uppercase headers won't work. I am not aware of a way to make them work.

[creatorrr]

one possible solution is:

async def some_middleware(request: Request, call_next):
    mutable_headers = request.headers.mutablecopy()

    # Do something with it
    mutable_headers["lady"] = "gaga"

	request._headers = mutable_headers

	return await call_next(request)