I was trying to run the sample code in the Readme. I got an error

Traceback (most recent call last):
  File "pdfkitv2.py", line 8, in <module>
    from fastapi_simple_security import api_key_router, api_key_security
  File "D:\enviorments\pdfkit\lib\site-packages\fastapi_simple_security\__init__.py", line 1, in <module>
    from fastapi_simple_security.endpoints import api_key_router
  File "D:\enviorments\pdfkit\lib\site-packages\fastapi_simple_security\endpoints.py", line 7, in <module>
    from fastapi_simple_security._security_secret import secret_based_security
  File "<fstring>", line 1
    (SECRET=)

I think there is an error in the file _security_secret.py Line 18.

pip install -r requirements.txt fails to resolve dependencies, because fastapi_simple_security is trying to force an older version of fastapi.

I Momentarily solved it by manually installing an older fastapi version in my application, but I see no reason why this should be the way to go (new versions don't introduce breaking changes).

Thanks!

Also reported in #1 here

Running the script like described in the readme results in a

 File "/home/kai/PycharmProjects/fdm-api/app/main.py", line 5, in <module>
    from fastapi_simple_security import api_key_router, api_key_security
  File "/home/kai/PycharmProjects/fdm-api/venv/lib/python3.9/site-packages/fastapi_simple_security/__init__.py", line 1, in <module>
    from fastapi_simple_security.endpoints import api_key_router
  File "/home/kai/PycharmProjects/fdm-api/venv/lib/python3.9/site-packages/fastapi_simple_security/endpoints.py", line 8, in <module>
    from fastapi_simple_security._sqlite_access import sqlite_access
  File "/home/kai/PycharmProjects/fdm-api/venv/lib/python3.9/site-packages/fastapi_simple_security/_sqlite_access.py", line 218, in <module>
    sqlite_access = SQLiteAccess()
  File "/home/kai/PycharmProjects/fdm-api/venv/lib/python3.9/site-packages/fastapi_simple_security/_sqlite_access.py", line 21, in __init__
    self.init_db()
  File "/home/kai/PycharmProjects/fdm-api/venv/lib/python3.9/site-packages/fastapi_simple_security/_sqlite_access.py", line 24, in init_db
    with sqlite3.connect(self.db_location) as connection:
sqlite3.OperationalError: unable to open database file

Tried with Python 3.6 as well as 3.9

Thank you for this great library. I have a question. Is there a way to access the API key that was used to request a secure endpoint when the dependency is used globally? For example:

app.include_router(myrouter, prefix='/myrouter', dependencies=[Depends(api_key_security)])

@myrouter.get('/secured-endpoint/')
async def secured_endpoint():
    return {'key': 'api-key'}

Does the request state contain the API key or it isn't passed anywhere? If the key isn't available in any context, we will have to use the dependency in each function like this:

from fastapi.security.api_key import APIKey


@app.get('/secured-endpoint/')
async def secured_endpoint(api_key: APIKey = Depends(api_key_security)):
    return {'key': api_key}

Please let me know if there's a possibility to use the dependency globally on a router and still get the API key value in all sub-routes.

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | coverage | ^6.5.0 -> ^7.0.0 | | | | |

Release Notes

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

• [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

This PR contains the following updates:

| Package | Type | Update | Change | |---|---|---|---| | abatilo/actions-poetry | action | minor | v2.1.6 -> v2.2.0 |

Release Notes

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

• [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

This PR contains the following updates:

| Package | Type | Update | Change | |---|---|---|---| | actions/setup-python | action | major | v2 -> v4 |

Release Notes

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

• [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

when using pip (and not poetry...) the error is

The conflict is caused by:

• The user requested fastapi==0.75.2
• fastapi-simple-security 1.0.1 depends on fastapi<0.71 and >=0.70

From the package on pypi

fastapi_simple_security-1.0.1.dist-info/METADATA:Requires-Dist: fastapi (>=0.70,<0.71) The only other ref to fastapi in your repo is

[[package]] name = "fastapi" version = "0.70.0" description = "FastAPI framework, high performance, easy to learn, fast to code, ready for production" category = "main" optional = false python-versions = ">=3.6.1"

 warnings.warn(
     f"ENVIRONMENT VARIABLE 'FASTAPI_SIMPLE_SECURITY_SECRET' NOT FOUND\n"
     f"\tGenerated a single-use secret key for this session:\n"
     f"\t{SECRET=}"

)

Using: fastapi==0.68.0

After setup, setting the FASTAPI_SIMPLE_SECURITY_DB_LOCATION does not change the path from the default of /app/sqlite.db as expected. Instead getting hit with this error sqlite3.OperationalError: unable to open database file Looking at the _sqlite_access.py definition doing this instead: def __init__(self): try: self.db_location = os.environ["FASTAPI_SIMPLE_SECURITY_DB_LOCATION"] except KeyError: self.db_location = ""

seems to work.

Because nginx by default drops headers with underscores.

Missing (disappearing) HTTP Headers

If you do not explicitly set underscores_in_headers on;, NGINX will silently drop HTTP headers with underscores (which are perfectly valid according to the HTTP standard). This is done in order to prevent ambiguities when mapping headers to CGI variables as both dashes and underscores are mapped to underscores during that process. https://www.nginx.com/nginx-wiki/build/dirhtml/start/topics/tutorials/config_pitfalls/

While it seems possible to reconfigure nginx to accept underscored headers, just getting to the bottom of the issue could take some time (it did for me) and it might be desirable to avoid jumping through hoops by simply replacing the underscore with a hyphen in the SECRET_KEY_NAME, to be secret-key.

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

• [ ] Update dependency coverage to v7

Detected dependencies

• [ ] Check this box to trigger a request for Renovate to run again on this repository