Simple integration of Cross-Site Request Forgery (XSRF) Protection by using either Cookies or Context combined with Headers
Project description
FastAPI CSRF Protect
Features
FastAPI extension that provides Cross-Site Request Forgery (XSRF) Protection support (easy to use and lightweight).
If you were familiar with flask-wtf
library this extension suitable for you.
This extension inspired by fastapi-jwt-auth
😀
- Storing
fastapi-csrf-token
in cookies or serve it in template's context
Installation
The easiest way to start working with this extension with pip
pip install fastapi-csrf-protect
Usage
With Context and Headers
from fastapi import FastAPI, Request, Depends
from fastapi.responses import JSONResponse
from fastapi.templating import Jinja2Templates
from fastapi_csrf_protect import CsrfProtect
from fastapi_csrf_protect.exceptions import CsrfProtectError
from pydantic import BaseModel
app = FastAPI()
templates = Jinja2Templates(directory='templates')
class CsrfSettings(BaseModel):
secret_key:str = 'asecrettoeverybody'
@CsrfProtect.load_config
def get_csrf_config():
return CsrfSettings()
@app.get('/form')
def form(request: Request, csrf_protect:CsrfProtect = Depends()):
'''
Returns form template.
'''
csrf_token = csrf_protect.generate_csrf()
response = templates.TemplateResponse('form.html', {
'request': request, 'csrf_token': csrf_token
})
return response
@app.post('/posts', response_class=JSONResponse)
def create_post(request: Request, csrf_protect:CsrfProtect = Depends()):
'''
Creates a new Post
'''
csrf_token = csrf_protect.get_csrf_from_headers(request.headers)
csrf_protect.validate_csrf(csrf_token)
# Do stuff
@app.exception_handler(CsrfProtectError)
def csrf_protect_exception_handler(request: Request, exc: CsrfProtectError):
return JSONResponse(
status_code=exc.status_code,
content={ 'detail': exc.message
}
)
With Cookies
from fastapi import FastAPI, Request, Depends
from fastapi.responses import JSONResponse
from fastapi.templating import Jinja2Templates
from fastapi_csrf_protect import CsrfProtect
from fastapi_csrf_protect.exceptions import CsrfProtectError
from pydantic import BaseModel
app = FastAPI()
templates = Jinja2Templates(directory='templates')
class CsrfSettings(BaseModel):
secret_key:str = 'asecrettoeverybody'
@CsrfProtect.load_config
def get_csrf_config():
return CsrfSettings()
@app.get('/form')
def form(request: Request, csrf_protect:CsrfProtect = Depends()):
'''
Returns form template.
'''
response = templates.TemplateResponse('form.html', { 'request': request })
csrf_protect.set_csrf_cookie(response)
return response
@app.post('/posts', response_class=JSONResponse)
def create_post(request: Request, csrf_protect:CsrfProtect = Depends()):
'''
Creates a new Post
'''
csrf_protect.validate_csrf_in_cookies(request)
# Do stuff
@app.exception_handler(CsrfProtectError)
def csrf_protect_exception_handler(request: Request, exc: CsrfProtectError):
return JSONResponse(status_code=exc.status_code, content={ 'detail': exc.message })
License
This project is licensed under the terms of the MIT license.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Close
Hashes for fastapi-csrf-protect-0.1.6.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | bb6d288fdd5293a6c331bf34e3f1408d935274c293316e796ed4d32c2cf9ff59 |
|
MD5 | f43e486bcffe1425ecfb23191fa6e714 |
|
BLAKE2b-256 | e098b2dbeb30727e17c09814b902843451e682b411f1c7d6b20a385912f4c14c |
Close
Hashes for fastapi_csrf_protect-0.1.6-py3.7.egg
Algorithm | Hash digest | |
---|---|---|
SHA256 | 18b7a200d88885edad8222c8042e017f330bb7262c06e4e3de8686216e941436 |
|
MD5 | 5f1ff15c9d643f1084fe189518006da8 |
|
BLAKE2b-256 | 94ea5d46cd34025ebb55ae34989bb1436825aad84a3cc63f7b3a419765ad53a1 |
Close
Hashes for fastapi_csrf_protect-0.1.6-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | f3709e02746f21cb44adfc86f100f741147083bb5dc8391e055ee192f90d3427 |
|
MD5 | f717a9dc7b127bea83ff0c55c86909ee |
|
BLAKE2b-256 | ea1217ad161c352fb1be05d3008e668c5fa8852d37123c393d9debf67c3a7ae1 |