This is another approach to cursor pagination by moving the cursor logic from the crud endpoint to a separate file and created the CursorPagination class
This PR adds a few new options for range-headers. This allows the api to send data about current pages and total number of records back to the client along with the data, which can help avoid excessive calls. I was a little unsure how to deal with filtering parameters, but I think the correct for a content-range header is to always return the total number of records as the "total" regardless of any filtering applied to the current query.
adding this will make it easier to use piccolo-api as a backend for django-admin (https://marmelab.com/react-admin).
I haven't added documentation yet, waiting to get maintaners' feedback before I do so.
At version 0.29.0 there seems to be no support for ARRAY types in the CRUD generation. Code is generated, but an ARRAY of VARCHAR comes out as a single Varchar, and the field cannot be properly used.
In the Piccolo Admin the Arrays of Varchar are handled ok. Are there already plans to support Array types in CRUD?
bug@dantownsend I hope you meant something similar to this. Once you've checked and merged this, I'll make the changes in Piccolo Admin. Related to this issue.
It would be useful to show an app which has all of the session auth components working together (session_login, session_logout and SessionsAuthBackend).
Here's an example:
import datetime
from fastapi import FastAPI
from piccolo_api.csrf.middleware import CSRFMiddleware
from piccolo_api.openapi.endpoints import swagger_ui
from piccolo_api.session_auth.endpoints import session_login, session_logout
from piccolo_api.session_auth.middleware import SessionsAuthBackend
from starlette.middleware import Middleware
from starlette.middleware.authentication import AuthenticationMiddleware
from starlette.routing import Route
app = FastAPI()
app.mount(
"/login/",
session_login(),
)
private_app = FastAPI(
routes=[
Route("/logout/", session_logout()),
],
middleware=[
Middleware(
AuthenticationMiddleware,
backend=SessionsAuthBackend(
increase_expiry=datetime.timedelta(minutes=30)
),
),
Middleware(CSRFMiddleware, allow_form_param=True),
],
docs_url=None,
redoc_url=None,
)
# The Swagger docs which come with FastAPI don't support CSRF middleware, so we mount
# a custom one which Piccolo provides (accessible at /private/docs):
private_app.mount("/docs/", swagger_ui(schema_url="/private/openapi.json"))
@private_app.get('/my-secret-endpoint/')
def my_endpoint():
# This is just a normal FastAPI endpoint, and is protected by Session Auth
pass
app.mount("/private/", private_app)
if __name__ == "__main__":
import uvicorn
uvicorn.run(app)
As an alternative to adding hooks/signals to piccolo-orm itself, I wanted to explore if such functionality could be more easily added to piccolo-api instead. My goal is to have extensibility points in piccolo-api (and maybe thereby also in piccolo-admin) that expand on the existing crud operations.
My propsal is that PiccoloCRUD taks an optional hooks parameter, which is a list of coroutines and when to trigger them. So far I've only added pre_save as a proof of concept. This lets me create a test app looking like this (i've just snipped the relevant parts of the app:
class Customer(Table):
email: str = Varchar(null=True, default=None)
first_name: str = Varchar(null=True, default=None)
last_name: str = Varchar(null=True, default=None)
class NiceCustomer(BaseModel):
email: str = None
async def awesome_hook(row: Customer):
dict_row = row.to_dict()
model_thing = NiceCustomer(**dict_row)
async with httpx.AsyncClient() as client:
r = await client.post(
"https://good-url.example.com",
json=model_thing.dict()
)
FastAPIWrapper(
root_url="/api/v2/customer/",
fastapi_app=app,
piccolo_crud=PiccoloCRUD(
page_size=50,
table=Customer,
read_only=False,
hooks=[
Hook(
hook_type=HookType.pre_save,
coro=awesome_hook
)
]
)
)
I'd be happy to continue building on this, but I want to get maintainer's initial feedback first.
Based on https://github.com/piccolo-orm/piccolo_api/pull/171
I made two modifications. The main thing is there's now a single argument called upload_metadata for passing in the various S3 options. S3 has so many options available:
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/customizations/s3.html#boto3.s3.transfer.S3Transfer
If we just let the user pass in a dictionary instead, we cover all future use cases.
The other modification was adding a sign_urls argument. So if it's being used with a public bucket we're not wasting resources generating signed URLs when they're not required.
@dantownsend I've just upgraded my infrastructure to the latest version of FastAPI and I'm now getting a strange error when trying to view the Swagger UI. In the first instance FastAPI is giving me a "failed to load API definition" which is a problem with retrieving the OpenAPI JSON spec. Digging a bit more into the problem however reveals that something is going on when creating the Pydantic response models.
Fetch error Response status is 500 /api/openapi.json
Digging a bit more into the problem however reveals that something is going on when creating the Pydantic response models. I assume this is soemthing to do with create_pydantic_model. I'm getting an error like the one here, which is the closest I can find to any explanation of the issue:
https://github.com/tiangolo/fastapi/issues/1505
The relevant bit in my case is:
File "/usr/local/lib/python3.7/site-packages/fastapi/openapi/utils.py", line 364, in get_openapi flat_models=flat_models, model_name_map=model_name_map File "/usr/local/lib/python3.7/site-packages/fastapi/utils.py", line 28, in get_model_definitions model_name = model_name_map[model] KeyError: <class 'pydantic.main.Lemma'>
I'm stumped, as nothing has changed at all in my model / table definitions since the update. Is this likely something due to the interaction of Piccolo - Pydantic - FastAPI or out of Piccolo's scope?
I am struggling a bit with Piccolo's authentication systems. I have a FastAPI app and am wrapping it with Starlette's AuthenticationMiddleware, as hinted in the docs, with the joint SessionAuth and SecretTokenAuth providers. The secret token seems to be working alright; my API client won't get results without the correct header-cum-token. However whatever I do on the browser gives me "Auth failed for all backends". I can't get to the login endpoint, though this appears properly configured according to the docs. I tried 'allow unauthenticated' to see if this would loosen up the permissions, but even the FastAPI docs give me this error. Is there any robust example app with SessionAuth to see how everything should be organized?
Added the ability to move in different directions (forward and backward) from next_cursor.
Example:
http://localhost:8000/posts/?__page_size=3&__order=id&__cursor=NA== (ASC forward)
http://localhost:8000/posts/?__page_size=3&__order=id&__cursor=NA==&__previous=yes (ASC backward)
http://localhost:8000/posts/?__page_size=3&__order=-id&__cursor=OQ== (DESC forward)
http://localhost:8000/posts/?__page_size=3&__order=-id&__cursor=OQ==&__previous=yes (DESC backward)
This is quite tricky with a lot of edge cases. I don't know exactly how to use cursor pagination in piccolo_admin. LimitOffset pagination works good (up to 200,000 rows), and is quite convinient. We may use cursor pagination above that number (maybe millions of rows, but I’m have never encountered such large data sets), but then we lose the ability to sort by all columns except by id, because the cursor must be unique. You probably know much better than I how to implement that. Cheers.
Currently, the __page and __page_size query params aren't documented.
Also, PiccoloCRUD should have a max_page_size argument, to limit abuse of an endpoint.
If the max_page_size is exceeded, an error should be returned. A 403 feels most appropriate, with a body such as The page size limit has been exceeded.
See: https://www.cockroachlabs.com/docs/stable/timestamp.html
Cockroach always uses Timestamptz (set to +00:00) when Timestamp is specified. This is confusing to piccolo migrations.
gnat@gnat:~/Desktop/piccolo_examples-master/headless_blog_fastapi$ piccolo migrations forwards all
BLOG
----------------------------------------------------------------
👍 1 migration already complete
🏁 No migrations need to be run
SESSION_AUTH
----------------------------------------------------------------
👍 1 migration already complete
⏩ 1 migration not yet run
🚀 Running 1 migration:
- 2019-11-12T20:47:17 [forwards]... The command failed.
expected DEFAULT expression to have type timestamp, but 'current_timestamp() + '01:00:00'' has type timestamptz
For a full stack trace, use --trace
Suggestions? Too new to Piccolo to know what course of action to take in order to make this work smoothly.
Otherwise Cockroach seems to work fairly flawlessly with Piccolo, because of asyncpg.
It would be good if we modified PiccoloCRUD, so it could accept a media_storage argument (like create_admin does in Piccolo Admin).
PiccoloCRUD(
Movie,
media_columns=[
LocalMediaStorage(Movie.poster, media_path='/srv/media/movie_posters/')
]
)
We could then add a new GET parameter called something like __media_urls, which then auto adds the URL to the response for accessing the media.
GET /1/?__media_urls
{
'id': 1,
'name': 'Star Wars',
'poster': 'some-file-abc-123.jpg',
'poster_url': '/media/some-file-abc-123.jpg',
}
Once this is in place, we can refactor Piccolo Admin slightly, so it passes the media_storage argument to PiccoloCRUD, and lets PiccoloCRUD do all of the heavy lifting.
I want to create blockchain backend app, based on piccolo. So I need custom User model (generally, without password field). As suggested in docs, I must implement custom user app. But I also want to use session mechanism. How can I achieve that case?
BTW, Great project! I've struggled with fastapi-sqlalchemy stack and it's back and forth model transitions. I've looked other ORMs, compatible with pydantic and FastAPI (Tortoise, SQLModel, Databases, GINO), but those projects looks too young or unmaintained. And only piccolo had my heart from first look). Thank you and keep doing your great work!
PiccoloCRUD currently has hooks like pre_save, which is used to modify the data before insertion into the database. We should add a post_save too, which is run after insertion into the database. It can be used for logging, sending an email etc.
Just like we've done with other endpoints. There are many potential use cases:
Catching more database errors in PiccoloCRUD, and returning useful API responses instead of 500 errors.
Implemented GitHub's CodeQL suggestions - this now means LocalMediaStorage uses 600 instead of 640 as the default file permissions for uploaded files (thanks to @sinisaos for this).
PiccoloCRUD validators can now be async.0.87.0. The reason for this is Starlette made a fairly large change in version 0.21.0, which meant we had to refactor a lot of our tests, which makes it challenging to support older versions.Improving type annotations:
id: Serial for SessionsBase and TokenAuth.If BaseUser is used with PiccoloCRUD, passwords are now handled properly.
Thanks to @sinisaos for making this change.
Source code(tar.gz)PiccoloCRUD now handles database exceptions better. If a query fails due to a unique constraint, a 422 response code is returned, along with information about the error.
This means Piccolo Admin will show more useful debugging information when a query fails.
Thanks to @ethagnawl for reporting this issue, and @sinisaos for help prototyping a solution.
Source code(tar.gz)Fixed a bug with Email columns and PiccoloCRUD.get_new.
Thanks to @Tar8117 for reporting this bug.
Source code(tar.gz)Previously you had to provide folder_name as an argument to S3MediaStorage.
It's now optional, as some users may choose to store their files in a bucket without a folder.
Source code(tar.gz)When uploading files to S3, we try and correctly set the content type. This now works correctly for .jpg files (previously only .jpeg worked for JPEGs). Thanks to @sumitsharansatsangi for adding this.
Fixed a bug with MediaStorage.delete_unused_files - it was raising an exception when used with Array columns. Thanks to @sumitsharansatsangi for reporting this issue.
When using S3MediaStorage you can now specify additional arguments when files are uploaded (using the upload_metadata argument), for example, setting the cache settings, and much more. Thanks to @sumitsharansatsangi, and @sinisaos for help reviewing.
S3MediaStorage(
...,
# Cache the file for 24 hours:
upload_metadata={'CacheControl': 'max-age=86400'}
)
Added dependency injection to PiccoloCRUD hooks - the Starlette request object will now be passed in if requested. For example:
def my_hook(row_id, request):
...
Thanks to @AnthonyArmour and @destos for this.
Source code(tar.gz)Added support for file storage in a local folder and in S3. This was added for Piccolo Admin, but is useful for all Piccolo apps.
Thanks to @sinisaos for assisting with this.
Source code(tar.gz)Make Piccolo API work with Piccolo >= 0.82.0. Table used to accept a parameter called ignore_missing. This was renamed to _ignore_missing. Thanks to @sinisaos for this fix.
Improved the HTTP status codes returned by the change_password, register and session_login endpoints. They now return a 422 status code if a validation error occurs. This is required by Piccolo Admin, to better determine why a request failed.
Added read_only option to change_password and register endpoints.
This is for Piccolo Admin's read_only mode.
Changed a parameter name used in the change_password endpoint to be less ambiguous (old_password -> current_password).
Changed a parameter name used in the change_password endpoint to be less ambiguous (confirm_password -> confirm_new_password).
Added a change_password endpoint (courtesy @sinisaos).
See the demo project for a full example.
Source code(tar.gz)The session_login, session_logout, and register endpoints can now have their CSS styles easily customised, to make them match the rest of the application.
from fastapi import FastAPI
from piccolo_api.session_auth.endpoints import register
from piccolo_api.shared.auth.styles import Styles
app = FastAPI()
app.mount(
'/register/',
register(
styles=Styles(background_color='black')
)
)
It is now trivially easy to add CAPTCHA support to the register and session_login endpoints, to provide protection against bots. Just sign up for an account with hCaptcha or reCAPTCHA, and do the following:
from fastapi import FastAPI
from piccolo_api.session_auth.endpoints import register
from piccolo_api.shared.auth.captcha import hcaptcha
app = FastAPI()
# To use hCaptcha:
app.mount(
'/register/',
register(
captcha=hcaptcha(
site_key='my-site-key',
secret_key='my-secret-key',
)
)
)
Added a register endpoint, which is great for quickly prototyping a sign up process (courtesy @sinisaos).
Added hooks to the session_login endpoint, allowing additional logic to be triggered before and after login.
Fixing the ids endpoint of PiccoloCRUD when a custom primary key column is used with a name other than id.
The schema endpoint of PiccoloCRUD now returns the primary key name. This means we'll be able to support tables with a custom primary key name in Piccolo Admin.
Make sure tables with a custom primary key column work with PiccoloCRUD.
Fixed a bug with PiccoloCRUD, where a PATCH request returned a string instead of a JSON object. Thanks to @trondhindenes for discovering and fixing this issue.
Fixed bug with __range_header=false.
Added support for the Content-Range HTTP header in the GET endpoint of PiccoloCRUD. This means the API client can fetch the number of available rows, without doing a separate API call to the count endpoint.
GET /?__range_header=true
If the page size is 10, then the response header looks something like:
Content-Range: movie 0-9/100
The feature was created to make Piccolo APIs work better with front ends like React Admin.
Thanks to @trondhindenes for adding this feature, and @sinisaos for help reviewing.
Source code(tar.gz)Added hooks to PiccoloCRUD. This allows the user to add their own logic before a save / patch / delete (courtesy @trondhindenes).
For example:
# Normal functions and async functions are supported:
def pre_save_hook(movie):
movie.rating = 90
return movie
PiccoloCRUD(
table=Movie,
read_only=False,
hooks=[
Hook(hook_type=HookType.pre_save, callable=pre_save_hook)
]
)
CSRFMiddleware code, and added missing type annotations.__visible_fields parameter with PiccoloCRUD, and the field name is unrecognised, the error response will list the correct field names.We recently added the __visible_fields GET parameter to PiccoloCRUD, which allows the user to determine which fields are returned by the API.
GET /?__visible_fields=id,name
However, there was no way of the user knowing which fields were supported. This is now possible by visiting the /schema endpoint, which has a visible_fields_options field which lists the columns available on the table and related tables (courtesy @sinisaos).
Fixed a bug with the OpenAPI docs when using Array columns. Thanks to @gmos for reporting this issue, and @sinisaos for fixing it.
You now get a nice UI for Array columns:
Source code(tar.gz)Developing and Testing an API with FastAPI and Pytest Syncronous Example Want to use this project? Build the images and run the containers: $ docker-c
SlowApi A rate limiting library for Starlette and FastAPI adapted from flask-limiter. Note: this is alpha quality code still, the API may change, and
FastAPI and Tortoise ORM. Powerful but simple template for web APIs w/ FastAPI (as web framework) and Tortoise-ORM (for working via database without h
Introduction Apiestas is a project composed of a backend powered by the awesome framework FastAPI and a crawler powered by Scrapy. This project has fo
FastAPI with Celery Minimal example utilizing FastAPI and Celery with RabbitMQ for task queue, Redis for Celery backend and flower for monitoring the
Smart Social Distancing Smart Social Distancing Introduction Getting Started Prerequisites Usage Processor Optional Parameters Configuring AWS credent
This open source project serves two purposes. Collection and evaluation of a Question Answering dataset to improve existing QA/search methods - COVID-
About What's Dispatch? Put simply, Dispatch is: All of the ad-hoc things you’re doing to manage incidents today, done for you, and a bunch of other th
FastAPI-Auth Example app using FastAPI and JWT virtualenv -p python3 venv source venv/bin/activate pip3 install -r requirements.txt mv config.yaml.exa
WitnessMe WitnessMe is primarily a Web Inventory tool inspired by Eyewitness, its also written to be extensible allowing you to create custom function
Backend API Skeleton Based on @tiangolo's full stack postgres template, with some things added, some things removed, and some things changed. This is
FastAPI ADMIN 中文文档 Introduction FastAPI-Admin is a admin dashboard based on fastapi and tortoise-orm. FastAPI-Admin provide crud feature out-of-the-bo
fastapi - celery - rabbitmq - redis -> Docker A simple docker-compose app for orchestrating a fastapi application, a celery queue with rabbitmq(broker
FastAPI Users Ready-to-use and customizable users management for FastAPI Documentation: https://frankie567.github.io/fastapi-users/ Source Code: https
iter8-analytics iter8 enables statistically robust continuous experimentation of microservices in your CI/CD pipelines. For in-depth information about
FastAPI Todolist Description Todolist aplication made with Python's FastAPI framework and Hexagonal Architecture. This is a test repository for the pu
signal-cli-rest-api signal-cli-rest-api is a wrapper around signal-cli and allows you to interact with it through http requests. Features register/ver
Fickling Fickling is a decompiler, static analyzer, and bytecode rewriter for Python pickle object serializations. Pickled Python objects are in fact
r2env This repository contains the tool available via pip to install and manage multiple versions of radare2 and its plugins. r2-tools doesn't conflic
59 Dec 11, 2022
565 Jan 2, 2023
95 Jan 8, 2023
54 Dec 13, 2022
371 Jan 1, 2023
129 Dec 12, 2022
329 Nov 10, 2022
3.7k Jan 5, 2023
28 Oct 25, 2022
648 Jan 5, 2023
18 Oct 31, 2022
1.6k Dec 31, 2022
83 Dec 19, 2022
2.4k Jan 1, 2023
16 Oct 14, 2021
91 Dec 31, 2022
31 Dec 9, 2022
162 Dec 13, 2022
18 Oct 11, 2022