Full Example¶
Let’s combine all of previous examples into a complete app.
FastAPI¶
from datetime import timedelta
from fastapi import FastAPI, Request
from home.tables import Movie # An example Table
from piccolo_admin.endpoints import create_admin
from piccolo_api.crud.endpoints import PiccoloCRUD
from piccolo_api.fastapi.endpoints import FastAPIKwargs, FastAPIWrapper
from piccolo_api.jwt_auth.endpoints import jwt_login
from piccolo_api.jwt_auth.middleware import JWTBlacklist, JWTMiddleware
from starlette.routing import Mount, Route
public_app = FastAPI(
routes=[
Mount(
"/admin/",
create_admin(tables=[Movie]),
),
Route(
path="/login/",
endpoint=jwt_login(
secret="mysecret123",
expiry=timedelta(minutes=60), # default is 1 day
),
),
],
)
BLACKLISTED_TOKENS = []
class MyBlacklist(JWTBlacklist):
async def in_blacklist(self, token: str) -> bool:
return token in BLACKLISTED_TOKENS
private_app = FastAPI()
protected_app = JWTMiddleware(
private_app,
auth_table=BaseUser,
secret="mysecret123",
blacklist=MyBlacklist(),
)
FastAPIWrapper(
"/movies/",
fastapi_app=private_app,
piccolo_crud=PiccoloCRUD(Movie, read_only=False),
fastapi_kwargs=FastAPIKwargs(
all_routes={"tags": ["Movies"]},
),
)
public_app.mount("/private", protected_app)
# This is optional if you want to provide a logout endpoint
# in your application. By adding a token to the token blacklist,
# you are invalidating the token and need to login again to get
# new valid token
@private_app.get("/logout/")
async def logout(request: Request) -> None:
BLACKLISTED_TOKENS.append(
request.headers.get("authorization").split(" ")[-1]
)
Starlette¶
Is almost identical to the FastAPI example - just replace FastAPI
with
Starlette
, and use Starlette’s HTTPEndpoint
for your endpoints.
You also need to write your own crud endpoints because Starlette
can’t use FastAPIWrapper
. An example is in SessionAuth.