From 8c94e97c89f617ad808d8ca24da6e52a238bcee9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Mar 2025 13:18:57 +0100 Subject: [PATCH 01/10] =?UTF-8?q?=E2=AC=86=20Bump=20ruff=20to=200.9.4=20(#?= =?UTF-8?q?13299)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * ⬆ Bump ruff from 0.6.4 to 0.9.4 Bumps [ruff](https://github.com/astral-sh/ruff) from 0.6.4 to 0.9.4. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/0.6.4...0.9.4) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] * update pre-commit accordingly and make formatting changes * 🎨 [pre-commit.ci] Auto format from pre-commit.com hooks --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alejandra <90076947+alejsdev@users.noreply.github.com> Co-authored-by: svlandeg Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- .pre-commit-config.yaml | 2 +- fastapi/dependencies/utils.py | 42 +++++++-------- fastapi/openapi/utils.py | 12 ++--- fastapi/routing.py | 24 ++++----- requirements-docs-tests.txt | 2 +- scripts/translate.py | 12 ++--- tests/test_enforce_once_required_parameter.py | 6 +-- tests/test_generic_parameterless_depends.py | 4 +- tests/test_repeated_dependency_schema.py | 6 +-- .../test_tutorial001.py | 48 ++++++++--------- .../test_tutorial002.py | 54 +++++++++---------- .../test_tutorial003.py | 54 +++++++++---------- .../test_sql_databases/test_tutorial002.py | 6 +-- 13 files changed, 136 insertions(+), 136 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 767ef8d9e..05c33a608 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -14,7 +14,7 @@ repos: - id: end-of-file-fixer - id: trailing-whitespace - repo: https://github.com/astral-sh/ruff-pre-commit - rev: v0.7.4 + rev: v0.9.4 hooks: - id: ruff args: diff --git a/fastapi/dependencies/utils.py b/fastapi/dependencies/utils.py index e2866b488..d205d17fa 100644 --- a/fastapi/dependencies/utils.py +++ b/fastapi/dependencies/utils.py @@ -133,9 +133,9 @@ def get_param_sub_dependant( def get_parameterless_sub_dependant(*, depends: params.Depends, path: str) -> Dependant: - assert callable( - depends.dependency - ), "A parameter-less dependency must have a callable dependency" + assert callable(depends.dependency), ( + "A parameter-less dependency must have a callable dependency" + ) return get_sub_dependant(depends=depends, dependency=depends.dependency, path=path) @@ -302,9 +302,9 @@ def get_dependant( type_annotation=param_details.type_annotation, dependant=dependant, ): - assert ( - param_details.field is None - ), f"Cannot specify multiple FastAPI annotations for {param_name!r}" + assert param_details.field is None, ( + f"Cannot specify multiple FastAPI annotations for {param_name!r}" + ) continue assert param_details.field is not None if isinstance(param_details.field.field_info, params.Body): @@ -439,9 +439,9 @@ def analyze_param( ), ): assert depends is None, f"Cannot specify `Depends` for type {type_annotation!r}" - assert ( - field_info is None - ), f"Cannot specify FastAPI annotation for type {type_annotation!r}" + assert field_info is None, ( + f"Cannot specify FastAPI annotation for type {type_annotation!r}" + ) # Handle default assignations, neither field_info nor depends was not found in Annotated nor default value elif field_info is None and depends is None: default_value = value if value is not inspect.Signature.empty else RequiredParam @@ -494,9 +494,9 @@ def analyze_param( field_info=field_info, ) if is_path_param: - assert is_scalar_field( - field=field - ), "Path params must be of one of the supported types" + assert is_scalar_field(field=field), ( + "Path params must be of one of the supported types" + ) elif isinstance(field_info, params.Query): assert ( is_scalar_field(field) @@ -521,9 +521,9 @@ def add_param_to_fields(*, field: ModelField, dependant: Dependant) -> None: elif field_info_in == params.ParamTypes.header: dependant.header_params.append(field) else: - assert ( - field_info_in == params.ParamTypes.cookie - ), f"non-body parameters must be in path, query, header or cookie: {field.name}" + assert field_info_in == params.ParamTypes.cookie, ( + f"non-body parameters must be in path, query, header or cookie: {field.name}" + ) dependant.cookie_params.append(field) @@ -782,9 +782,9 @@ def request_params_to_args( if single_not_embedded_field: field_info = first_field.field_info - assert isinstance( - field_info, params.Param - ), "Params must be subclasses of Param" + assert isinstance(field_info, params.Param), ( + "Params must be subclasses of Param" + ) loc: Tuple[str, ...] = (field_info.in_.value,) v_, errors_ = _validate_value_with_model_field( field=first_field, value=params_to_process, values=values, loc=loc @@ -794,9 +794,9 @@ def request_params_to_args( for field in fields: value = _get_multidict_value(field, received_params) field_info = field.field_info - assert isinstance( - field_info, params.Param - ), "Params must be subclasses of Param" + assert isinstance(field_info, params.Param), ( + "Params must be subclasses of Param" + ) loc = (field_info.in_.value, field.alias) v_, errors_ = _validate_value_with_model_field( field=field, value=value, values=values, loc=loc diff --git a/fastapi/openapi/utils.py b/fastapi/openapi/utils.py index 947eca948..bd8f3c106 100644 --- a/fastapi/openapi/utils.py +++ b/fastapi/openapi/utils.py @@ -364,9 +364,9 @@ def get_openapi_path( openapi_response = operation_responses.setdefault( status_code_key, {} ) - assert isinstance( - process_response, dict - ), "An additional response must be a dict" + assert isinstance(process_response, dict), ( + "An additional response must be a dict" + ) field = route.response_fields.get(additional_status_code) additional_field_schema: Optional[Dict[str, Any]] = None if field: @@ -434,9 +434,9 @@ def get_fields_from_routes( route, routing.APIRoute ): if route.body_field: - assert isinstance( - route.body_field, ModelField - ), "A request body must be a Pydantic Field" + assert isinstance(route.body_field, ModelField), ( + "A request body must be a Pydantic Field" + ) body_fields_from_routes.append(route.body_field) if route.response_field: responses_from_routes.append(route.response_field) diff --git a/fastapi/routing.py b/fastapi/routing.py index 8ea4bb219..457481e32 100644 --- a/fastapi/routing.py +++ b/fastapi/routing.py @@ -504,9 +504,9 @@ class APIRoute(routing.Route): status_code = int(status_code) self.status_code = status_code if self.response_model: - assert is_body_allowed_for_status_code( - status_code - ), f"Status code {status_code} must not have a response body" + assert is_body_allowed_for_status_code(status_code), ( + f"Status code {status_code} must not have a response body" + ) response_name = "Response_" + self.unique_id self.response_field = create_model_field( name=response_name, @@ -537,9 +537,9 @@ class APIRoute(routing.Route): assert isinstance(response, dict), "An additional response must be a dict" model = response.get("model") if model: - assert is_body_allowed_for_status_code( - additional_status_code - ), f"Status code {additional_status_code} must not have a response body" + assert is_body_allowed_for_status_code(additional_status_code), ( + f"Status code {additional_status_code} must not have a response body" + ) response_name = f"Response_{additional_status_code}_{self.unique_id}" response_field = create_model_field( name=response_name, type_=model, mode="serialization" @@ -844,9 +844,9 @@ class APIRouter(routing.Router): ) if prefix: assert prefix.startswith("/"), "A path prefix must start with '/'" - assert not prefix.endswith( - "/" - ), "A path prefix must not end with '/', as the routes will start with '/'" + assert not prefix.endswith("/"), ( + "A path prefix must not end with '/', as the routes will start with '/'" + ) self.prefix = prefix self.tags: List[Union[str, Enum]] = tags or [] self.dependencies = list(dependencies or []) @@ -1256,9 +1256,9 @@ class APIRouter(routing.Router): """ if prefix: assert prefix.startswith("/"), "A path prefix must start with '/'" - assert not prefix.endswith( - "/" - ), "A path prefix must not end with '/', as the routes will start with '/'" + assert not prefix.endswith("/"), ( + "A path prefix must not end with '/', as the routes will start with '/'" + ) else: for r in router.routes: path = getattr(r, "path") # noqa: B009 diff --git a/requirements-docs-tests.txt b/requirements-docs-tests.txt index 331d2a5b3..e7718e61d 100644 --- a/requirements-docs-tests.txt +++ b/requirements-docs-tests.txt @@ -1,4 +1,4 @@ # For mkdocstrings and tests httpx >=0.23.0,<0.28.0 # For linting and generating docs versions -ruff ==0.6.4 +ruff ==0.9.4 diff --git a/scripts/translate.py b/scripts/translate.py index ce11b3877..9a2136d1b 100644 --- a/scripts/translate.py +++ b/scripts/translate.py @@ -38,9 +38,9 @@ def get_langs() -> dict[str, str]: def generate_lang_path(*, lang: str, path: Path) -> Path: en_docs_path = Path("docs/en/docs") - assert str(path).startswith( - str(en_docs_path) - ), f"Path must be inside {en_docs_path}" + assert str(path).startswith(str(en_docs_path)), ( + f"Path must be inside {en_docs_path}" + ) lang_docs_path = Path(f"docs/{lang}/docs") out_path = Path(str(path).replace(str(en_docs_path), str(lang_docs_path))) return out_path @@ -56,9 +56,9 @@ def translate_page(*, lang: str, path: Path) -> None: lang_prompt_content = lang_prompt_path.read_text() en_docs_path = Path("docs/en/docs") - assert str(path).startswith( - str(en_docs_path) - ), f"Path must be inside {en_docs_path}" + assert str(path).startswith(str(en_docs_path)), ( + f"Path must be inside {en_docs_path}" + ) out_path = generate_lang_path(lang=lang, path=path) out_path.parent.mkdir(parents=True, exist_ok=True) original_content = path.read_text() diff --git a/tests/test_enforce_once_required_parameter.py b/tests/test_enforce_once_required_parameter.py index b64f8341b..30329282f 100644 --- a/tests/test_enforce_once_required_parameter.py +++ b/tests/test_enforce_once_required_parameter.py @@ -48,7 +48,7 @@ expected_schema = { "type": "array", }, "msg": {"title": "Message", "type": "string"}, - "type": {"title": "Error " "Type", "type": "string"}, + "type": {"title": "Error Type", "type": "string"}, }, "required": ["loc", "msg", "type"], "title": "ValidationError", @@ -73,7 +73,7 @@ expected_schema = { "responses": { "200": { "content": {"application/json": {"schema": {}}}, - "description": "Successful " "Response", + "description": "Successful Response", }, "422": { "content": { @@ -83,7 +83,7 @@ expected_schema = { } } }, - "description": "Validation " "Error", + "description": "Validation Error", }, }, "summary": "Foo Handler", diff --git a/tests/test_generic_parameterless_depends.py b/tests/test_generic_parameterless_depends.py index fe13ff89b..5aa35320c 100644 --- a/tests/test_generic_parameterless_depends.py +++ b/tests/test_generic_parameterless_depends.py @@ -55,7 +55,7 @@ def test_openapi_schema(): "responses": { "200": { "content": {"application/json": {"schema": {}}}, - "description": "Successful " "Response", + "description": "Successful Response", } }, "summary": "A", @@ -67,7 +67,7 @@ def test_openapi_schema(): "responses": { "200": { "content": {"application/json": {"schema": {}}}, - "description": "Successful " "Response", + "description": "Successful Response", } }, "summary": "B", diff --git a/tests/test_repeated_dependency_schema.py b/tests/test_repeated_dependency_schema.py index d7d0dfa05..c21829bd9 100644 --- a/tests/test_repeated_dependency_schema.py +++ b/tests/test_repeated_dependency_schema.py @@ -41,7 +41,7 @@ schema = { "type": "array", }, "msg": {"title": "Message", "type": "string"}, - "type": {"title": "Error " "Type", "type": "string"}, + "type": {"title": "Error Type", "type": "string"}, }, "required": ["loc", "msg", "type"], "title": "ValidationError", @@ -66,7 +66,7 @@ schema = { "responses": { "200": { "content": {"application/json": {"schema": {}}}, - "description": "Successful " "Response", + "description": "Successful Response", }, "422": { "content": { @@ -76,7 +76,7 @@ schema = { } } }, - "description": "Validation " "Error", + "description": "Validation Error", }, }, "summary": "Get Deps", diff --git a/tests/test_tutorial/test_configure_swagger_ui/test_tutorial001.py b/tests/test_tutorial/test_configure_swagger_ui/test_tutorial001.py index 72db54bd2..a04dba219 100644 --- a/tests/test_tutorial/test_configure_swagger_ui/test_tutorial001.py +++ b/tests/test_tutorial/test_configure_swagger_ui/test_tutorial001.py @@ -8,31 +8,31 @@ client = TestClient(app) def test_swagger_ui(): response = client.get("/docs") assert response.status_code == 200, response.text - assert ( - '"syntaxHighlight": false' in response.text - ), "syntaxHighlight should be included and converted to JSON" - assert ( - '"dom_id": "#swagger-ui"' in response.text - ), "default configs should be preserved" + assert '"syntaxHighlight": false' in response.text, ( + "syntaxHighlight should be included and converted to JSON" + ) + assert '"dom_id": "#swagger-ui"' in response.text, ( + "default configs should be preserved" + ) assert "presets: [" in response.text, "default configs should be preserved" - assert ( - "SwaggerUIBundle.presets.apis," in response.text - ), "default configs should be preserved" - assert ( - "SwaggerUIBundle.SwaggerUIStandalonePreset" in response.text - ), "default configs should be preserved" - assert ( - '"layout": "BaseLayout",' in response.text - ), "default configs should be preserved" - assert ( - '"deepLinking": true,' in response.text - ), "default configs should be preserved" - assert ( - '"showExtensions": true,' in response.text - ), "default configs should be preserved" - assert ( - '"showCommonExtensions": true,' in response.text - ), "default configs should be preserved" + assert "SwaggerUIBundle.presets.apis," in response.text, ( + "default configs should be preserved" + ) + assert "SwaggerUIBundle.SwaggerUIStandalonePreset" in response.text, ( + "default configs should be preserved" + ) + assert '"layout": "BaseLayout",' in response.text, ( + "default configs should be preserved" + ) + assert '"deepLinking": true,' in response.text, ( + "default configs should be preserved" + ) + assert '"showExtensions": true,' in response.text, ( + "default configs should be preserved" + ) + assert '"showCommonExtensions": true,' in response.text, ( + "default configs should be preserved" + ) def test_get_users(): diff --git a/tests/test_tutorial/test_configure_swagger_ui/test_tutorial002.py b/tests/test_tutorial/test_configure_swagger_ui/test_tutorial002.py index d06a385b5..ea56b6f21 100644 --- a/tests/test_tutorial/test_configure_swagger_ui/test_tutorial002.py +++ b/tests/test_tutorial/test_configure_swagger_ui/test_tutorial002.py @@ -8,34 +8,34 @@ client = TestClient(app) def test_swagger_ui(): response = client.get("/docs") assert response.status_code == 200, response.text - assert ( - '"syntaxHighlight": false' not in response.text - ), "not used parameters should not be included" - assert ( - '"syntaxHighlight": {"theme": "obsidian"}' in response.text - ), "parameters with middle dots should be included in a JSON compatible way" - assert ( - '"dom_id": "#swagger-ui"' in response.text - ), "default configs should be preserved" + assert '"syntaxHighlight": false' not in response.text, ( + "not used parameters should not be included" + ) + assert '"syntaxHighlight": {"theme": "obsidian"}' in response.text, ( + "parameters with middle dots should be included in a JSON compatible way" + ) + assert '"dom_id": "#swagger-ui"' in response.text, ( + "default configs should be preserved" + ) assert "presets: [" in response.text, "default configs should be preserved" - assert ( - "SwaggerUIBundle.presets.apis," in response.text - ), "default configs should be preserved" - assert ( - "SwaggerUIBundle.SwaggerUIStandalonePreset" in response.text - ), "default configs should be preserved" - assert ( - '"layout": "BaseLayout",' in response.text - ), "default configs should be preserved" - assert ( - '"deepLinking": true,' in response.text - ), "default configs should be preserved" - assert ( - '"showExtensions": true,' in response.text - ), "default configs should be preserved" - assert ( - '"showCommonExtensions": true,' in response.text - ), "default configs should be preserved" + assert "SwaggerUIBundle.presets.apis," in response.text, ( + "default configs should be preserved" + ) + assert "SwaggerUIBundle.SwaggerUIStandalonePreset" in response.text, ( + "default configs should be preserved" + ) + assert '"layout": "BaseLayout",' in response.text, ( + "default configs should be preserved" + ) + assert '"deepLinking": true,' in response.text, ( + "default configs should be preserved" + ) + assert '"showExtensions": true,' in response.text, ( + "default configs should be preserved" + ) + assert '"showCommonExtensions": true,' in response.text, ( + "default configs should be preserved" + ) def test_get_users(): diff --git a/tests/test_tutorial/test_configure_swagger_ui/test_tutorial003.py b/tests/test_tutorial/test_configure_swagger_ui/test_tutorial003.py index 187e89ace..926bbb14f 100644 --- a/tests/test_tutorial/test_configure_swagger_ui/test_tutorial003.py +++ b/tests/test_tutorial/test_configure_swagger_ui/test_tutorial003.py @@ -8,34 +8,34 @@ client = TestClient(app) def test_swagger_ui(): response = client.get("/docs") assert response.status_code == 200, response.text - assert ( - '"deepLinking": false,' in response.text - ), "overridden configs should be preserved" - assert ( - '"deepLinking": true' not in response.text - ), "overridden configs should not include the old value" - assert ( - '"syntaxHighlight": false' not in response.text - ), "not used parameters should not be included" - assert ( - '"dom_id": "#swagger-ui"' in response.text - ), "default configs should be preserved" + assert '"deepLinking": false,' in response.text, ( + "overridden configs should be preserved" + ) + assert '"deepLinking": true' not in response.text, ( + "overridden configs should not include the old value" + ) + assert '"syntaxHighlight": false' not in response.text, ( + "not used parameters should not be included" + ) + assert '"dom_id": "#swagger-ui"' in response.text, ( + "default configs should be preserved" + ) assert "presets: [" in response.text, "default configs should be preserved" - assert ( - "SwaggerUIBundle.presets.apis," in response.text - ), "default configs should be preserved" - assert ( - "SwaggerUIBundle.SwaggerUIStandalonePreset" in response.text - ), "default configs should be preserved" - assert ( - '"layout": "BaseLayout",' in response.text - ), "default configs should be preserved" - assert ( - '"showExtensions": true,' in response.text - ), "default configs should be preserved" - assert ( - '"showCommonExtensions": true,' in response.text - ), "default configs should be preserved" + assert "SwaggerUIBundle.presets.apis," in response.text, ( + "default configs should be preserved" + ) + assert "SwaggerUIBundle.SwaggerUIStandalonePreset" in response.text, ( + "default configs should be preserved" + ) + assert '"layout": "BaseLayout",' in response.text, ( + "default configs should be preserved" + ) + assert '"showExtensions": true,' in response.text, ( + "default configs should be preserved" + ) + assert '"showCommonExtensions": true,' in response.text, ( + "default configs should be preserved" + ) def test_get_users(): diff --git a/tests/test_tutorial/test_sql_databases/test_tutorial002.py b/tests/test_tutorial/test_sql_databases/test_tutorial002.py index 68c1966f5..79e48c1c3 100644 --- a/tests/test_tutorial/test_sql_databases/test_tutorial002.py +++ b/tests/test_tutorial/test_sql_databases/test_tutorial002.py @@ -71,9 +71,9 @@ def test_crud_app(client: TestClient): assert response.json() == snapshot( {"age": 30, "id": IsInt(), "name": "Dead Pond"} ) - assert ( - response.json()["id"] != 9000 - ), "The ID should be generated by the database" + assert response.json()["id"] != 9000, ( + "The ID should be generated by the database" + ) # Read a hero hero_id = response.json()["id"] From daf6820307816571433824617f69f9ac51621193 Mon Sep 17 00:00:00 2001 From: github-actions Date: Thu, 6 Mar 2025 12:19:24 +0000 Subject: [PATCH 02/10] =?UTF-8?q?=F0=9F=93=9D=20Update=20release=20notes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [skip ci] --- docs/en/docs/release-notes.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/en/docs/release-notes.md b/docs/en/docs/release-notes.md index 72c47d4fb..52edd7773 100644 --- a/docs/en/docs/release-notes.md +++ b/docs/en/docs/release-notes.md @@ -9,6 +9,7 @@ hide: ### Internal +* ⬆ Bump ruff to 0.9.4. PR [#13299](https://github.com/fastapi/fastapi/pull/13299) by [@dependabot[bot]](https://github.com/apps/dependabot). * πŸ”§ Update sponsors: pause TestDriven. PR [#13446](https://github.com/fastapi/fastapi/pull/13446) by [@tiangolo](https://github.com/tiangolo). ## 0.115.11 From a592e8ad4dba1941a3619bd270ccb0f026ec5ba2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ph=C6=B0=C6=A1ng=20T=E1=BA=A5n=20Th=C3=A0nh?= <51350651+ptt3199@users.noreply.github.com> Date: Fri, 7 Mar 2025 10:24:13 +0700 Subject: [PATCH 03/10] =?UTF-8?q?=F0=9F=8C=90=20Add=20Vietnamese=20transla?= =?UTF-8?q?tion=20for=20`docs/vi/docs/deployment/cloud.md`=20(#13407)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Sofie Van Landeghem Co-authored-by: Dinh Van Luc <39489075+MrL8199@users.noreply.github.com> --- docs/vi/docs/deployment/cloud.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 docs/vi/docs/deployment/cloud.md diff --git a/docs/vi/docs/deployment/cloud.md b/docs/vi/docs/deployment/cloud.md new file mode 100644 index 000000000..9ab72769d --- /dev/null +++ b/docs/vi/docs/deployment/cloud.md @@ -0,0 +1,17 @@ +# Triển khai FastAPI trΓͺn cΓ‘c Dα»‹ch vα»₯ Cloud + +BαΊ‘n cΓ³ thể sα»­ dα»₯ng **bαΊ₯t kα»³ nhΓ  cung cαΊ₯p dα»‹ch vα»₯ cloud** nΓ o để triển khai α»©ng dα»₯ng FastAPI của mΓ¬nh. + +Trong hαΊ§u hαΊΏt cΓ‘c trường hợp, cΓ‘c nhΓ  cung cαΊ₯p dα»‹ch vα»₯ cloud lα»›n đều cΓ³ hΖ°α»›ng dαΊ«n triển khai FastAPI vα»›i họ. + +## NhΓ  cung cαΊ₯p dα»‹ch vα»₯ Cloud - NhΓ  tΓ i trợ +Mα»™t vΓ i nhΓ  cung cαΊ₯p dα»‹ch vα»₯ cloud ✨ [**tΓ i trợ cho FastAPI**](../help-fastapi.md#sponsor-the-author){.internal-link target=_blank} ✨, Δ‘iều nΓ y giΓΊp Δ‘αΊ£m bαΊ£o sα»± phΓ‘t triển liΓͺn tα»₯c vΓ  khỏe mαΊ‘nh của FastAPI vΓ  hệ sinh thΓ‘i của nΓ³. + +ThΓͺm nα»―a, Δ‘iều nΓ y cΕ©ng thể hiện cam kαΊΏt thα»±c sα»± của họ Δ‘α»‘i vα»›i FastAPI vΓ  **cα»™ng Δ‘α»“ng người dΓΉng** (bαΊ‘n), vΓ¬ họ khΓ΄ng chỉ muα»‘n cung cαΊ₯p cho bαΊ‘n mα»™t **dα»‹ch vα»₯ tα»‘t** mΓ  cΓ²n muα»‘n Δ‘αΊ£m bαΊ£o rαΊ±ng bαΊ‘n cΓ³ mα»™t **framework tα»‘t vΓ  bền vα»―ng**, Δ‘Γ³ chΓ­nh lΓ  FastAPI. πŸ™‡ + +BαΊ‘n cΓ³ thể thα»­ cΓ‘c dα»‹ch vα»₯ của họ vΓ  lΓ m theo hΖ°α»›ng dαΊ«n của họ: + +* Platform.sh +* Porter +* Coherence +* Render From 0c36a7ac0587c05e3f8d6b54e65565190f68e580 Mon Sep 17 00:00:00 2001 From: github-actions Date: Fri, 7 Mar 2025 03:24:33 +0000 Subject: [PATCH 04/10] =?UTF-8?q?=F0=9F=93=9D=20Update=20release=20notes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [skip ci] --- docs/en/docs/release-notes.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/en/docs/release-notes.md b/docs/en/docs/release-notes.md index 52edd7773..e9bccf0fb 100644 --- a/docs/en/docs/release-notes.md +++ b/docs/en/docs/release-notes.md @@ -7,6 +7,10 @@ hide: ## Latest Changes +### Translations + +* 🌐 Add Vietnamese translation for `docs/vi/docs/deployment/cloud.md`. PR [#13407](https://github.com/fastapi/fastapi/pull/13407) by [@ptt3199](https://github.com/ptt3199). + ### Internal * ⬆ Bump ruff to 0.9.4. PR [#13299](https://github.com/fastapi/fastapi/pull/13299) by [@dependabot[bot]](https://github.com/apps/dependabot). From a88a6050a6423630ac141a862742fca79333d516 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Mar 2025 04:24:42 +0100 Subject: [PATCH 05/10] =?UTF-8?q?=E2=AC=86=20Bump=20black=20from=2024.10.0?= =?UTF-8?q?=20to=2025.1.0=20(#13436)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [black](https://github.com/psf/black) from 24.10.0 to 25.1.0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/24.10.0...25.1.0) --- updated-dependencies: - dependency-name: black dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements-docs.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-docs.txt b/requirements-docs.txt index cd2e4e58e..8812e27f9 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -14,6 +14,6 @@ cairosvg==2.7.1 mkdocstrings[python]==0.26.1 griffe-typingdoc==0.2.7 # For griffe, it formats with black -black==24.10.0 +black==25.1.0 mkdocs-macros-plugin==1.3.7 markdown-include-variants==0.0.4 From 79bc28fab4b33c7822a5a30408ec0fec69d6630c Mon Sep 17 00:00:00 2001 From: github-actions Date: Fri, 7 Mar 2025 03:25:02 +0000 Subject: [PATCH 06/10] =?UTF-8?q?=F0=9F=93=9D=20Update=20release=20notes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [skip ci] --- docs/en/docs/release-notes.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/en/docs/release-notes.md b/docs/en/docs/release-notes.md index e9bccf0fb..86f9ab0cb 100644 --- a/docs/en/docs/release-notes.md +++ b/docs/en/docs/release-notes.md @@ -13,6 +13,7 @@ hide: ### Internal +* ⬆ Bump black from 24.10.0 to 25.1.0. PR [#13436](https://github.com/fastapi/fastapi/pull/13436) by [@dependabot[bot]](https://github.com/apps/dependabot). * ⬆ Bump ruff to 0.9.4. PR [#13299](https://github.com/fastapi/fastapi/pull/13299) by [@dependabot[bot]](https://github.com/apps/dependabot). * πŸ”§ Update sponsors: pause TestDriven. PR [#13446](https://github.com/fastapi/fastapi/pull/13446) by [@tiangolo](https://github.com/tiangolo). From c46e4a1b1424cef38349627a32b4419d0a2a1612 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Mar 2025 04:25:10 +0100 Subject: [PATCH 07/10] =?UTF-8?q?=E2=AC=86=20Bump=20sqlmodel=20from=200.0.?= =?UTF-8?q?22=20to=200.0.23=20(#13437)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [sqlmodel](https://github.com/fastapi/sqlmodel) from 0.0.22 to 0.0.23. - [Release notes](https://github.com/fastapi/sqlmodel/releases) - [Changelog](https://github.com/fastapi/sqlmodel/blob/main/docs/release-notes.md) - [Commits](https://github.com/fastapi/sqlmodel/compare/0.0.22...0.0.23) --- updated-dependencies: - dependency-name: sqlmodel dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements-tests.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-tests.txt b/requirements-tests.txt index 4a15844e4..6a870add6 100644 --- a/requirements-tests.txt +++ b/requirements-tests.txt @@ -4,7 +4,7 @@ pytest >=7.1.3,<9.0.0 coverage[toml] >= 6.5.0,< 8.0 mypy ==1.8.0 dirty-equals ==0.8.0 -sqlmodel==0.0.22 +sqlmodel==0.0.23 flask >=1.1.2,<4.0.0 anyio[trio] >=3.2.1,<5.0.0 PyJWT==2.8.0 From 643d2845de09a437b955a163ab25eb0887bfd0e1 Mon Sep 17 00:00:00 2001 From: github-actions Date: Fri, 7 Mar 2025 03:25:46 +0000 Subject: [PATCH 08/10] =?UTF-8?q?=F0=9F=93=9D=20Update=20release=20notes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [skip ci] --- docs/en/docs/release-notes.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/en/docs/release-notes.md b/docs/en/docs/release-notes.md index 86f9ab0cb..ee987b544 100644 --- a/docs/en/docs/release-notes.md +++ b/docs/en/docs/release-notes.md @@ -13,6 +13,7 @@ hide: ### Internal +* ⬆ Bump sqlmodel from 0.0.22 to 0.0.23. PR [#13437](https://github.com/fastapi/fastapi/pull/13437) by [@dependabot[bot]](https://github.com/apps/dependabot). * ⬆ Bump black from 24.10.0 to 25.1.0. PR [#13436](https://github.com/fastapi/fastapi/pull/13436) by [@dependabot[bot]](https://github.com/apps/dependabot). * ⬆ Bump ruff to 0.9.4. PR [#13299](https://github.com/fastapi/fastapi/pull/13299) by [@dependabot[bot]](https://github.com/apps/dependabot). * πŸ”§ Update sponsors: pause TestDriven. PR [#13446](https://github.com/fastapi/fastapi/pull/13446) by [@tiangolo](https://github.com/tiangolo). From 3565ea00b6a3193743dddb98bdd47f878374ae64 Mon Sep 17 00:00:00 2001 From: Lee Yesong Date: Mon, 10 Mar 2025 21:29:03 +0900 Subject: [PATCH 09/10] =?UTF-8?q?=F0=9F=8C=90=20Add=20Korean=20translation?= =?UTF-8?q?=20for=20`docs/ko/docs/tutorial/security/oauth2-jwt.md`=20(#133?= =?UTF-8?q?33)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/ko/docs/tutorial/security/oauth2-jwt.md | 273 +++++++++++++++++++ 1 file changed, 273 insertions(+) create mode 100644 docs/ko/docs/tutorial/security/oauth2-jwt.md diff --git a/docs/ko/docs/tutorial/security/oauth2-jwt.md b/docs/ko/docs/tutorial/security/oauth2-jwt.md new file mode 100644 index 000000000..d8bac8346 --- /dev/null +++ b/docs/ko/docs/tutorial/security/oauth2-jwt.md @@ -0,0 +1,273 @@ +# νŒ¨μŠ€μ›Œλ“œ 해싱을 μ΄μš©ν•œ OAuth2, JWT 토큰을 μ‚¬μš©ν•˜λŠ” Bearer 인증 + +λͺ¨λ“  λ³΄μ•ˆ 흐름을 κ΅¬μ„±ν–ˆμœΌλ―€λ‘œ, 이제 JWT 토큰과 νŒ¨μŠ€μ›Œλ“œ 해싱을 μ‚¬μš©ν•΄ μ• ν”Œλ¦¬μΌ€μ΄μ…˜μ„ μ•ˆμ „ν•˜κ²Œ λ§Œλ“€ κ²ƒμž…λ‹ˆλ‹€. + +이 μ½”λ“œλŠ” μ‹€μ œλ‘œ μ• ν”Œλ¦¬μΌ€μ΄μ…˜μ—μ„œ νŒ¨μŠ€μ›Œλ“œλ₯Ό ν•΄μ‹±ν•˜μ—¬ DB에 μ €μž₯ν•˜λŠ” λ“±μ˜ μž‘μ—…μ— ν™œμš©ν•  수 μžˆμŠ΅λ‹ˆλ‹€. + +이전 μž₯에 μ΄μ–΄μ„œ μ‹œμž‘ν•΄ λ΄…μ‹œλ‹€. + +## JWT + +JWT λŠ” "JSON Web Tokens" 을 μ˜λ―Έν•©λ‹ˆλ‹€. + +JSON 객체λ₯Ό 곡백이 μ—†λŠ” κΈ΄ λ¬Έμžμ—΄λ‘œ μΈμ½”λ”©ν•˜λŠ” ν‘œμ€€μ΄λ©°, λ‹€μŒκ³Ό 같은 ν˜•νƒœμž…λ‹ˆλ‹€: + +``` +eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c +``` + +JWTλŠ” μ•”ν˜Έν™”λ˜μ§€ μ•Šμ•„ λˆ„κ΅¬λ“ μ§€ ν† ν°μ—μ„œ 정보λ₯Ό 볡원할 수 μžˆμŠ΅λ‹ˆλ‹€. + +ν•˜μ§€λ§Œ JWTλŠ” μ„œλͺ…λ˜μ–΄ μžˆμŠ΅λ‹ˆλ‹€. κ·Έλž˜μ„œ μžμ‹ μ΄ λ°œκΈ‰ν•œ 토큰을 λ°›μ•˜μ„ λ•Œ, μ‹€μ œλ‘œ μžμ‹ μ΄ λ°œκΈ‰ν•œκ²Œ λ§žλŠ”μ§€ 검증할 수 μžˆμŠ΅λ‹ˆλ‹€. + +만료 기간이 일주일인 토큰을 λ°œν–‰ν–ˆλ‹€κ³  κ°€μ •ν•΄ λ΄…μ‹œλ‹€. λ‹€μŒ λ‚  μ‚¬μš©μžκ°€ 토큰을 가져왔을 λ•Œ, κ·Έ μ‚¬μš©μžκ°€ μ‹œμŠ€ν…œμ— μ—¬μ „νžˆ λ‘œκ·ΈμΈλ˜μ–΄ μžˆλ‹€λŠ” 것을 μ•Œ 수 μžˆμŠ΅λ‹ˆλ‹€. + +일주일 λ’€μ—λŠ” 토큰이 만료될 것이고, μ‚¬μš©μžλŠ” μΈκ°€λ˜μ§€ μ•Šμ•„ μƒˆ 토큰을 λ°›κΈ° μœ„ν•΄ λ‹€μ‹œ λ‘œκ·ΈμΈν•΄μ•Ό ν•  κ²ƒμž…λ‹ˆλ‹€. λ§Œμ•½ μ‚¬μš©μž(λ˜λŠ” 제3자)κ°€ 토큰을 μˆ˜μ •ν•˜κ±°λ‚˜ λ§Œλ£ŒμΌμ„ λ³€κ²½ν•˜λ©΄, μ„œλͺ…이 μΌμΉ˜ν•˜μ§€ μ•ŠκΈ° λ•Œλ¬Έμ— μ•Œμ•„μ±Œ 수 μžˆμ„ κ²ƒμž…λ‹ˆλ‹€. + +λ§Œμ•½ JWT 토큰을 닀뀄보고, μž‘λ™ 방식도 μ•Œμ•„λ³΄κ³  μ‹Άλ‹€λ©΄ https://jwt.io 을 ν™•μΈν•˜μ‹­μ‹œμ˜€. + +## `PyJWT` μ„€μΉ˜ + +파이썬으둜 JWT 토큰을 μƒμ„±ν•˜κ³  κ²€μ¦ν•˜λ €λ©΄ `PyJWT` λ₯Ό μ„€μΉ˜ν•΄μ•Ό ν•©λ‹ˆλ‹€. + +[κ°€μƒν™˜κ²½](../../virtual-environments.md){.internal-link target=_blank} 을 λ§Œλ“€κ³  ν™œμ„±ν™”ν•œ λ‹€μŒ `pyjwt` λ₯Ό μ„€μΉ˜ν•˜μ‹­μ‹œμ˜€: + +
+ +```console +$ pip install pyjwt + +---> 100% +``` + +
+ +/// info | μ°Έκ³  + +RSAλ‚˜ ECDSA 같은 μ „μž μ„œλͺ… μ•Œκ³ λ¦¬μ¦˜μ„ μ‚¬μš©ν•˜λ €λ©΄, `pyjwt[crypto]`λΌλŠ” μ•”ν˜Έν™” 라이브러리 μ˜μ‘΄μ„±μ„ μ„€μΉ˜ν•΄μ•Ό ν•©λ‹ˆλ‹€. + +더 μžμ„Έν•œ λ‚΄μš©μ€ PyJWT μ„€μΉ˜ μ—μ„œ 확인할 수 μžˆμŠ΅λ‹ˆλ‹€. + +/// + +## νŒ¨μŠ€μ›Œλ“œ ν•΄μ‹± + +"ν•΄μ‹±(Hashing)"은 μ–΄λ–€ λ‚΄μš©(μ—¬κΈ°μ„œλŠ” νŒ¨μŠ€μ›Œλ“œ)을 해석할 수 μ—†λŠ” 일련의 λ°”μ΄νŠΈ 집합(λ‹¨μˆœ λ¬Έμžμ—΄)으둜 λ³€ν™˜ν•˜λŠ” 것을 μ˜λ―Έν•©λ‹ˆλ‹€. + +λ™μΌν•œ λ‚΄μš©(λ˜‘κ°™μ€ νŒ¨μŠ€μ›Œλ“œ)을 ν•΄μ‹±ν•˜λ©΄ λ™μΌν•œ λ¬Έμžμ—΄μ„ μ–»μŠ΅λ‹ˆλ‹€. + +ν•˜μ§€λ§Œ κ·Έ λ¬Έμžμ—΄μ„ λ‹€μ‹œ νŒ¨μŠ€μ›Œλ“œλ‘œ 되돌릴 μˆ˜λŠ” μ—†μŠ΅λ‹ˆλ‹€. + +### νŒ¨μŠ€μ›Œλ“œλ₯Ό ν•΄μ‹±ν•˜λŠ” 이유 + +λ°μ΄ν„°λ² μ΄μŠ€λ₯Ό νƒˆμ·¨λ‹Ήν•˜λ”λΌλ„, μΉ¨μž…μžλŠ” μ‚¬μš©μžμ˜ 평문 νŒ¨μŠ€μ›Œλ“œ λŒ€μ‹  ν•΄μ‹œ κ°’λ§Œ 얻을 수 μžˆμŠ΅λ‹ˆλ‹€. + +λ”°λΌμ„œ μΉ¨μž…μžλŠ” ν›”μΉœ μ‚¬μš©μž νŒ¨μŠ€μ›Œλ“œλ₯Ό λ‹€λ₯Έ μ‹œμŠ€ν…œμ—μ„œ ν™œμš©ν•  수 μ—†μŠ΅λ‹ˆλ‹€. (λŒ€λ‹€μˆ˜ μ‚¬μš©μžκ°€ μ—¬λŸ¬ μ‹œμŠ€ν…œμ—μ„œ λ™μΌν•œ νŒ¨μŠ€μ›Œλ“œλ₯Ό μ‚¬μš©ν•˜κΈ° λ•Œλ¬Έμ— 평문 νŒ¨μŠ€μ›Œλ“œκ°€ 유좜되면 μœ„ν—˜ν•©λ‹ˆλ‹€.) + +## `passlib` μ„€μΉ˜ + +PassLibλŠ” νŒ¨μŠ€μ›Œλ“œ ν•΄μ‹œλ₯Ό λ‹€λ£¨λŠ” ν›Œλ₯­ν•œ 파이썬 νŒ¨ν‚€μ§€μž…λ‹ˆλ‹€. + +λ§Žμ€ μ•ˆμ „ν•œ ν•΄μ‹œ μ•Œκ³ λ¦¬μ¦˜κ³Ό 도ꡬ듀을 μ§€μ›ν•©λ‹ˆλ‹€. + +μΆ”μ²œν•˜λŠ” μ•Œκ³ λ¦¬μ¦˜μ€ "Bcrypt"μž…λ‹ˆλ‹€. + +[κ°€μƒν™˜κ²½](../../virtual-environments.md){.internal-link target=_blank} 을 λ§Œλ“€κ³  ν™œμ„±ν™”ν•œ λ‹€μŒ PassLib와 Bcryptλ₯Ό μ„€μΉ˜ν•˜μ‹­μ‹œμ˜€: + +
+ +```console +$ pip install "passlib[bcrypt]" + +---> 100% +``` + +
+ +/// tip | 팁 + +`passlib`λ₯Ό μ‚¬μš©ν•˜μ—¬, **Django**, **Flask** 의 λ³΄μ•ˆ ν”ŒλŸ¬κ·ΈμΈμ΄λ‚˜ λ‹€λ₯Έ λ„κ΅¬λ‘œ μƒμ„±ν•œ νŒ¨μŠ€μ›Œλ“œλ₯Ό 읽을 수 μžˆλ„λ‘ μ„€μ •ν•  μˆ˜λ„ μžˆμŠ΅λ‹ˆλ‹€. + +예λ₯Ό λ“€μžλ©΄, FastAPI μ• ν”Œλ¦¬μΌ€μ΄μ…˜κ³Ό Django μ• ν”Œλ¦¬μΌ€μ΄μ…˜μ΄ 같은 λ°μ΄ν„°λ² μ΄μŠ€μ—μ„œ 데이터λ₯Ό κ³΅μœ ν•  수 μžˆμŠ΅λ‹ˆλ‹€. λ˜λŠ” 같은 λ°μ΄ν„°λ² μ΄μŠ€λ₯Ό μ‚¬μš©ν•˜μ—¬ Django μ• ν”Œλ¦¬μΌ€μ΄μ…˜μ„ μ μ§„μ μœΌλ‘œ λ§ˆμ΄κ·Έλ ˆμ΄μ…˜ ν•  μˆ˜λ„ μžˆμŠ΅λ‹ˆλ‹€. + +그리고 μ‚¬μš©μžλŠ” FastAPI μ• ν”Œλ¦¬μΌ€μ΄μ…˜κ³Ό Django μ• ν”Œλ¦¬μΌ€μ΄μ…˜μ— λ™μ‹œμ— λ‘œκ·ΈμΈν•  수 μžˆμŠ΅λ‹ˆλ‹€. + +/// + +## νŒ¨μŠ€μ›Œλ“œμ˜ ν•΄μ‹œμ™€ 검증 + +ν•„μš”ν•œ 도ꡬλ₯Ό `passlib`μ—μ„œ μž„ν¬νŠΈν•©λ‹ˆλ‹€. + +PassLib "μ»¨ν…μŠ€νŠΈ(context)"λ₯Ό μƒμ„±ν•©λ‹ˆλ‹€. 이것은 νŒ¨μŠ€μ›Œλ“œλ₯Ό ν•΄μ‹±ν•˜κ³  κ²€μ¦ν•˜λŠ”λ° μ‚¬μš©ν•©λ‹ˆλ‹€. + +/// tip | 팁 + +PassLib μ»¨ν…μŠ€νŠΈλŠ” λ‹€μ–‘ν•œ ν•΄μ‹± μ•Œκ³ λ¦¬μ¦˜μ„ μ‚¬μš©ν•  수 μžˆλŠ” κΈ°λŠ₯을 μ œκ³΅ν•˜λ©°, 더 이상 μ‚¬μš©μ΄ ꢌμž₯λ˜μ§€ μ•ŠλŠ” 였래된 ν•΄μ‹± μ•Œκ³ λ¦¬μ¦˜μ„ κ²€μ¦ν•˜λŠ” κΈ°λŠ₯도 ν¬ν•¨λ˜μ–΄ μžˆμŠ΅λ‹ˆλ‹€. + +예λ₯Ό λ“€μ–΄, λ‹€λ₯Έ μ‹œμŠ€ν…œ(Django 같은)μ—μ„œ μƒμ„±ν•œ νŒ¨μŠ€μ›Œλ“œλ₯Ό 읽고 검증할 수 있으며, μƒˆλ‘œμš΄ νŒ¨μŠ€μ›Œλ“œλ₯Ό Bcrypt 같은 λ‹€λ₯Έ μ•Œκ³ λ¦¬μ¦˜μœΌλ‘œ ν•΄μ‹±ν•  μˆ˜λ„ μžˆμŠ΅λ‹ˆλ‹€. + +그리고 λ™μ‹œμ— 그런 λͺ¨λ“  μ•Œκ³ λ¦¬μ¦˜κ³Ό ν˜Έν™˜μ„±μ„ μœ μ§€ν•©λ‹ˆλ‹€. + +/// + +μ‚¬μš©μžλ‘œλΆ€ν„° 받은 νŒ¨μŠ€μ›Œλ“œλ₯Ό ν•΄μ‹±ν•˜λŠ” μœ ν‹Έλ¦¬ν‹° ν•¨μˆ˜λ₯Ό μƒμ„±ν•©λ‹ˆλ‹€. + +그리고 받은 νŒ¨μŠ€μ›Œλ“œκ°€ μ €μž₯된 ν•΄μ‹œμ™€ μΌμΉ˜ν•˜λŠ”μ§€ κ²€μ¦ν•˜λŠ” 또 λ‹€λ₯Έ μœ ν‹Έλ¦¬ν‹° ν•¨μˆ˜λ„ μƒμ„±ν•©λ‹ˆλ‹€. + +그리고 μ‚¬μš©μžλ₯Ό μΈμ¦ν•˜κ³  λ°˜ν™˜ν•˜λŠ” 또 λ‹€λ₯Έ ν•¨μˆ˜λ„ μƒμ„±ν•©λ‹ˆλ‹€. + +{* ../../docs_src/security/tutorial004_an_py310.py hl[8,49,56:57,60:61,70:76] *} + +/// note + +μƒˆλ‘œμš΄ (κ°€μ§œ) λ°μ΄ν„°λ² μ΄μŠ€ `fake_users_db`λ₯Ό ν™•μΈν•˜λ©΄, ν•΄μ‹œ 처리된 νŒ¨μŠ€μ›Œλ“œκ°€ μ–΄λ–»κ²Œ μƒκ²ΌλŠ”μ§€ λ³Ό 수 μžˆμŠ΅λ‹ˆλ‹€: `"$2b$12$EixZaYVK1fsbw1ZfbX3OXePaWxn96p36WQoeG6Lruj3vjPGga31lW"`. + +/// + +## JWT 토큰 처리 + +μ„€μΉ˜λœ λͺ¨λ“ˆμ„ μž„ν¬νŠΈ ν•©λ‹ˆλ‹€. + +JWT 토큰 μ„œλͺ…에 μ‚¬μš©λ  μž„μ˜μ˜ λΉ„λ°€ν‚€λ₯Ό μƒμ„±ν•©λ‹ˆλ‹€. + +μ•ˆμ „ν•œ μž„μ˜μ˜ λΉ„λ°€ν‚€λ₯Ό μƒμ„±ν•˜λ €λ©΄ λ‹€μŒ λͺ…λ Ήμ–΄λ₯Ό μ‚¬μš©ν•˜μ‹­μ‹œμ˜€: + +
+ +```console +$ openssl rand -hex 32 + +09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7 +``` + +
+ +그리고 μƒμ„±ν•œ λΉ„λ°€ν‚€λ₯Ό 볡사해 λ³€μˆ˜ `SECRET_KEY`에 λŒ€μž…ν•©λ‹ˆλ‹€. (이 예제의 λ³€μˆ˜ 값을 κ·ΈλŒ€λ‘œ μ‚¬μš©ν•˜μ§€ λ§ˆμ‹­μ‹œμ˜€.) + +JWT 토큰을 μ„œλͺ…ν•˜λŠ” 데 μ‚¬μš©λ  μ•Œκ³ λ¦¬μ¦˜μ„ μœ„ν•œ λ³€μˆ˜ `ALGORITHM` 을 μƒμ„±ν•˜κ³  `"HS256"` 으둜 μ„€μ •ν•©λ‹ˆλ‹€. + +토큰 만료 기간을 μœ„ν•œ λ³€μˆ˜λ₯Ό μƒμ„±ν•©λ‹ˆλ‹€. + +응닡을 μœ„ν•œ 토큰 μ—”λ“œν¬μΈνŠΈμ— μ‚¬μš©λ  Pydantic λͺ¨λΈμ„ μ •μ˜ν•©λ‹ˆλ‹€. + +μƒˆ μ•‘μ„ΈμŠ€ 토큰을 μƒμ„±ν•˜κΈ° μœ„ν•œ μœ ν‹Έλ¦¬ν‹° ν•¨μˆ˜λ₯Ό μƒμ„±ν•©λ‹ˆλ‹€. + +{* ../../docs_src/security/tutorial004_an_py310.py hl[4,7,13:15,29:31,79:87] *} + +## μ˜μ‘΄μ„± μˆ˜μ • + +`get_current_user` ν•¨μˆ˜λ₯Ό 이전과 λ™μΌν•œ 토큰을 받도둝 μˆ˜μ •ν•˜λ˜, μ΄λ²ˆμ—λŠ” JWT 토큰을 μ‚¬μš©ν•˜λ„λ‘ ν•©λ‹ˆλ‹€. + +받은 토큰을 λ””μ½”λ”©ν•˜μ—¬ κ²€μ¦ν•œ ν›„ ν˜„μž¬ μ‚¬μš©μžλ₯Ό λ°˜ν™˜ν•©λ‹ˆλ‹€. + +토큰이 μœ νš¨ν•˜μ§€ μ•Šλ‹€λ©΄ HTTP 였λ₯˜λ₯Ό λ°˜ν™˜ν•©λ‹ˆλ‹€. + +{* ../../docs_src/security/tutorial004_an_py310.py hl[90:107] *} + +## `/token` 경둜 μž‘μ—… μˆ˜μ • + +ν† ν°μ˜ 만료 μ‹œκ°μ„ μ„€μ •ν•˜κΈ° μœ„ν•΄ `timedelta` λ₯Ό μƒμ„±ν•©λ‹ˆλ‹€. + +μ‹€μ œ JWT μ•‘μ„ΈμŠ€ 토큰을 μƒμ„±ν•˜μ—¬ λ°˜ν™˜ν•©λ‹ˆλ‹€. + +{* ../../docs_src/security/tutorial004_an_py310.py hl[118:133] *} + +### JWT "주체(subject)" `sub`에 λŒ€ν•œ 기술 μ„ΈλΆ€ 사항 + +JWT λͺ…세에 λ”°λ₯΄λ©΄ ν† ν°μ˜ 주체λ₯Ό ν¬ν•¨ν•˜λŠ” `sub`λΌλŠ” ν‚€κ°€ μžˆμŠ΅λ‹ˆλ‹€. + +μ‚¬μš© μ—¬λΆ€λŠ” μ„ νƒμ‚¬ν•­μ΄μ§€λ§Œ, μ‚¬μš©μžμ˜ 식별 정보λ₯Ό μ €μž₯ν•  수 μžˆμœΌλ―€λ‘œ μ—¬κΈ°μ„œλŠ” 이λ₯Ό μ‚¬μš©ν•©λ‹ˆλ‹€. + +JWTλŠ” μ‚¬μš©μžλ₯Ό μ‹λ³„ν•˜κ³  μ‚¬μš©μžκ°€ APIλ₯Ό 직접 μ‚¬μš©ν•  수 μžˆλ„λ‘ ν—ˆμš©ν•˜λŠ” 것 외에도 λ‹€λ₯Έ μš©λ„λ‘œ μ‚¬μš©λ  μˆ˜λ„ μžˆμŠ΅λ‹ˆλ‹€. + +예λ₯Ό λ“€μ–΄ "μžλ™μ°¨"λ‚˜ "λΈ”λ‘œκ·Έ κ²Œμ‹œλ¬Ό"을 μ‹λ³„ν•˜λŠ” 데 μ‚¬μš©ν•  수 μžˆμŠ΅λ‹ˆλ‹€. + +그리고 "μžλ™μ°¨λ₯Ό μš΄μ „ν•˜λ‹€"λ‚˜ "λΈ”λ‘œκ·Έ κ²Œμ‹œλ¬Όμ„ μˆ˜μ •ν•˜λ‹€"처럼 ν•΄λ‹Ή 엔터티에 λŒ€ν•œ κΆŒν•œμ„ μΆ”κ°€ν•  수 μžˆμŠ΅λ‹ˆλ‹€. + +κ·Έ ν›„ 이 JWT 토큰을 μ‚¬μš©μž(λ˜λŠ” 봇)μ—κ²Œ μ œκ³΅ν•˜λ©΄, 그듀은 계정을 λ”°λ‘œ λ§Œλ“€ ν•„μš” 없이 APIκ°€ μƒμ„±ν•œ JWT ν† ν°λ§ŒμœΌλ‘œ μž‘μ—…(μžλ™μ°¨ μš΄μ „ λ˜λŠ” λΈ”λ‘œκ·Έ κ²Œμ‹œλ¬Ό νŽΈμ§‘)을 μˆ˜ν–‰ν•  수 μžˆμŠ΅λ‹ˆλ‹€. + +μ΄λŸ¬ν•œ κ°œλ…μ„ ν™œμš©ν•˜λ©΄ JWTλŠ” 훨씬 더 λ³΅μž‘ν•œ μ‹œλ‚˜λ¦¬μ˜€μ—λ„ μ‚¬μš©ν•  수 μžˆμŠ΅λ‹ˆλ‹€. + +이 경우 μ—¬λŸ¬ μ—”ν„°ν‹°κ°€ λ™μΌν•œ IDλ₯Ό κ°€μ§ˆ 수 μžˆμŠ΅λ‹ˆλ‹€. 예λ₯Ό λ“€μ–΄ fooλΌλŠ” IDλ₯Ό 가진 μ‚¬μš©μž, μžλ™μ°¨, λΈ”λ‘œκ·Έ κ²Œμ‹œλ¬Όμ΄ μžˆμ„ 수 μžˆμŠ΅λ‹ˆλ‹€. + +κ·Έλž˜μ„œ ID μΆ©λŒμ„ λ°©μ§€ν•˜κΈ° μœ„ν•΄, μ‚¬μš©μžμ˜ JWT 토큰을 생성할 λ•Œ μ ‘λ‘μ‚¬λ‘œ `sub` ν‚€λ₯Ό μΆ”κ°€ν•  수 μžˆμŠ΅λ‹ˆλ‹€. 예λ₯Ό λ“€μ–΄ `username:` 을 λΆ™μ΄λŠ” λ°©μ‹μž…λ‹ˆλ‹€. 이 μ˜ˆμ œμ—μ„œλŠ” `sub` 값이 `username:johndoe`이 될 수 μžˆμŠ΅λ‹ˆλ‹€. + +κ°€μž₯ μ€‘μš”ν•œ 점은 `sub` ν‚€λŠ” 전체 μ• ν”Œλ¦¬μΌ€μ΄μ…˜μ—μ„œ κ³ μœ ν•œ μ‹λ³„μžκ°€ λ˜μ–΄μ•Ό ν•˜λ©° λ¬Έμžμ—΄μ΄μ–΄μ•Ό ν•œλ‹€λŠ” μ μž…λ‹ˆλ‹€. + +## ν™•μΈν•΄λ΄…μ‹œλ‹€ + +μ„œλ²„λ₯Ό μ‹€ν–‰ν•˜κ³  λ¬Έμ„œλ‘œ μ΄λ™ν•˜μ‹­μ‹œμ˜€: http://127.0.0.1:8000/docs. + +λ‹€μŒκ³Ό 같은 μ‚¬μš©μž μΈν„°νŽ˜μ΄μŠ€λ₯Ό λ³Ό 수 μžˆμŠ΅λ‹ˆλ‹€: + + + +이전과 같은 λ°©λ²•μœΌλ‘œ μ• ν”Œλ¦¬μΌ€μ΄μ…˜μ— μΈμ¦ν•˜μ‹­μ‹œμ˜€. + +λ‹€μŒ 인증 정보λ₯Ό μ‚¬μš©ν•˜μ‹­μ‹œμ˜€: + +Username: `johndoe` +Password: `secret` + +/// check + +μ½”λ“œ 어디에도 평문 νŒ¨μŠ€μ›Œλ“œ "`secret`" 이 μ—†λ‹€λŠ” 점에 μœ μ˜ν•˜μ‹­μ‹œμ˜€. ν•΄μ‹œλœ λ²„μ „λ§Œ μžˆμŠ΅λ‹ˆλ‹€. + +/// + + + +`/users/me/` λ₯Ό ν˜ΈμΆœν•˜λ©΄ λ‹€μŒκ³Ό 같은 응닡을 얻을 수 μžˆμŠ΅λ‹ˆλ‹€: + +```JSON +{ + "username": "johndoe", + "email": "johndoe@example.com", + "full_name": "John Doe", + "disabled": false +} +``` + + + +개발자 도ꡬλ₯Ό 열어보면 μ „μ†‘λœ 데이터에 ν† ν°λ§Œ ν¬ν•¨λœ 것을 확인할 수 μžˆμŠ΅λ‹ˆλ‹€. νŒ¨μŠ€μ›Œλ“œλŠ” μ‚¬μš©μžλ₯Ό μΈμ¦ν•˜κ³  μ•‘μ„ΈμŠ€ 토큰을 λ°›κΈ° μœ„ν•œ 첫 번째 μš”μ²­μ—λ§Œ μ „μ†‘λ˜λ©°, μ΄ν›„μ—λŠ” μ „μ†‘λ˜μ§€ μ•ŠμŠ΅λ‹ˆλ‹€: + + + +/// note + +`Bearer `둜 μ‹œμž‘ν•˜λŠ” `Authorization` 헀더에 μ£Όλͺ©ν•˜μ‹­μ‹œμ˜€. + +/// + +## `scopes` 의 κ³ κΈ‰ μ‚¬μš©λ²• + +OAuth2λŠ” "μŠ€μ½”ν”„(scopes)" λΌλŠ” κ°œλ…μ„ κ°–κ³  μžˆμŠ΅λ‹ˆλ‹€. + +이λ₯Ό μ‚¬μš©ν•˜μ—¬ JWT 토큰에 νŠΉμ • κΆŒν•œ 집합을 μΆ”κ°€ν•  수 μžˆμŠ΅λ‹ˆλ‹€. + +κ·Έ ν›„ 이 토큰을 μ‚¬μš©μžμ—κ²Œ 직접 μ œκ³΅ν•˜κ±°λ‚˜ 제3μžμ—κ²Œ μ œκ³΅ν•˜μ—¬, νŠΉμ • μ œν•œμ‚¬ν•­ ν•˜μ—μžˆλŠ” API와 ν†΅μ‹ ν•˜λ„λ‘ ν•  수 μžˆμŠ΅λ‹ˆλ‹€. + +**FastAPI** μ—μ„œμ˜ μ‚¬μš© 방법과 톡합 방식은 **심화 μ‚¬μš©μž μ•ˆλ‚΄μ„œ** μ—μ„œ μžμ„Ένžˆ 배울 수 μžˆμŠ΅λ‹ˆλ‹€. + +## μš”μ•½ + +μ§€κΈˆκΉŒμ§€ μ‚΄νŽ΄λ³Έ λ‚΄μš©μ„ λ°”νƒ•μœΌλ‘œ, OAuth2와 JWT 같은 ν‘œμ€€μ„ μ‚¬μš©ν•˜μ—¬ μ•ˆμ „ν•œ **FastAPI** μ• ν”Œλ¦¬μΌ€μ΄μ…˜μ„ λ§Œλ“€ 수 μžˆμŠ΅λ‹ˆλ‹€. + +거의 λͺ¨λ“  ν”„λ ˆμž„μ›Œν¬μ—μ„œ λ³΄μ•ˆ μ²˜λ¦¬λŠ” μƒλ‹Ήνžˆ λ³΅μž‘ν•œ μ£Όμ œμž…λ‹ˆλ‹€. + +이λ₯Ό λ‹¨μˆœν™”ν•˜λŠ” λ§Žμ€ νŒ¨ν‚€μ§€λŠ” 데이터 λͺ¨λΈ, λ°μ΄ν„°λ² μ΄μŠ€, μ‚¬μš© κ°€λŠ₯ν•œ κΈ°λŠ₯듀에 λŒ€ν•΄ μ—¬λŸ¬ μ œμ•½μ΄ μžˆμŠ΅λ‹ˆλ‹€. 그리고 μ§€λ‚˜μΉ˜κ²Œ λ‹¨μˆœν™”ν•˜λŠ” 일뢀 νŒ¨ν‚€μ§€λ“€μ€ μ‹¬κ°ν•œ λ³΄μ•ˆ 결함을 κ°€μ§ˆ μˆ˜λ„ μžˆμŠ΅λ‹ˆλ‹€. + +--- + +**FastAPI** λŠ” μ–΄λ–€ λ°μ΄ν„°λ² μ΄μŠ€, 데이터 λͺ¨λΈ, 도ꡬ도 κ°•μš”ν•˜μ§€ μ•ŠμŠ΅λ‹ˆλ‹€. + +ν”„λ‘œμ νŠΈμ— κ°€μž₯ μ ν•©ν•œ 것을 선택할 수 μžˆλŠ” μœ μ—°μ„±μ„ μ œκ³΅ν•©λ‹ˆλ‹€. + +그리고 `passlib` 와 `PyJWT` 처럼 잘 κ΄€λ¦¬λ˜κ³  널리 μ‚¬μš©λ˜λŠ” νŒ¨ν‚€μ§€λ“€μ„ λ°”λ‘œ μ‚¬μš©ν•  수 μžˆμŠ΅λ‹ˆλ‹€. **FastAPI** λŠ” μ™ΈλΆ€ νŒ¨ν‚€μ§€ 톡합을 μœ„ν•΄ λ³΅μž‘ν•œ λ©”μ»€λ‹ˆμ¦˜μ΄ ν•„μš”ν•˜μ§€ μ•ŠκΈ° λ•Œλ¬Έμž…λ‹ˆλ‹€. + +κ·ΈλŸ¬λ‚˜ μœ μ—°μ„±, 견고성, λ³΄μ•ˆμ„±μ„ ν•΄μΉ˜μ§€ μ•ŠμœΌλ©΄μ„œ 과정을 λ‹¨μˆœν™”ν•  수 μžˆλŠ” 도ꡬ듀을 μ œκ³΅ν•©λ‹ˆλ‹€. + +그리고 OAuth2와 같은 ν‘œμ€€ ν”„λ‘œν† μ½œμ„ 비ꡐ적 κ°„λ‹¨ν•œ λ°©λ²•μœΌλ‘œ κ΅¬ν˜„ν•˜κ³  μ‚¬μš©ν•  수 μžˆμŠ΅λ‹ˆλ‹€. + +더 μ„ΈλΆ„ν™”λœ κΆŒν•œ 체계λ₯Ό μœ„ν•΄ OAuth2의 "μŠ€μ½”ν”„"λ₯Ό μ‚¬μš©ν•˜λŠ” 방법은 **심화 μ‚¬μš©μž μ•ˆλ‚΄μ„œ**μ—μ„œ 더 μžμ„Ένžˆ 배울 수 μžˆμŠ΅λ‹ˆλ‹€. OAuth2의 μŠ€μ½”ν”„λŠ” 제3자 μ• ν”Œλ¦¬μΌ€μ΄μ…˜μ΄ μ‚¬μš©μžλ₯Ό λŒ€μ‹ ν•΄ κ·Έλ“€μ˜ API와 μƒν˜Έμž‘μš©ν•˜λ„λ‘ κΆŒν•œμ„ λΆ€μ—¬ν•˜κΈ° μœ„ν•΄, Facebook, Google, GitHub, Microsoft, Twitter λ“±μ˜ λ§Žμ€ λŒ€ν˜• 인증 μ œκ³΅μ—…μ²΄λ“€μ΄ μ‚¬μš©ν•˜λŠ” λ©”μ»€λ‹ˆμ¦˜μž…λ‹ˆλ‹€. From e988050f79b32c9444fba8d014d0c69cd7a4b6c7 Mon Sep 17 00:00:00 2001 From: github-actions Date: Mon, 10 Mar 2025 12:29:25 +0000 Subject: [PATCH 10/10] =?UTF-8?q?=F0=9F=93=9D=20Update=20release=20notes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [skip ci] --- docs/en/docs/release-notes.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/en/docs/release-notes.md b/docs/en/docs/release-notes.md index ee987b544..c900dc918 100644 --- a/docs/en/docs/release-notes.md +++ b/docs/en/docs/release-notes.md @@ -9,6 +9,7 @@ hide: ### Translations +* 🌐 Add Korean translation for `docs/ko/docs/tutorial/security/oauth2-jwt.md`. PR [#13333](https://github.com/fastapi/fastapi/pull/13333) by [@yes0ng](https://github.com/yes0ng). * 🌐 Add Vietnamese translation for `docs/vi/docs/deployment/cloud.md`. PR [#13407](https://github.com/fastapi/fastapi/pull/13407) by [@ptt3199](https://github.com/ptt3199). ### Internal