andredias / cookiecutter-fastapi Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
Instead of returning all available records at once, functions such as get_all
must receive additional parameters like limit
and offset
to control how many records to return.
Removing administrators from an application simplifies REST API validation a lot since there is no special access or right to execute some actions.
Privileged access for executing some action or for retrieving some information must be done directly through the database or through another application specially designed for that.
Use the CI from Codebox as reference.
Currently, the CSRF
token is being transmitted to the frontend via a cookie after a successful login
. Although it is not really a security issue since the CSRF
token must be sent back later using a custom header x-csrf-token
, the same token is also sent along inside a cookie.
It is possible to prevent this if the original CSRF
token is sent via a custom header instead because it won't be sent again later automatically.
Secure.py s a lightweight package that adds optional security headers for Python web frameworks.
Also, take a look at OWASP Secure Headers Project
Slow API looks interesting for this and works with FastAPI.
Obtaining a valid session isn't related to CSRF
validation. The latter might be necessary for user authentication though.
Instead of trying to handle uncaught exceptions locally, a better approach is to create middleware or something else to handle exceptions globally.
Loguru's way to exceptions might also be useful.
Setting a user as admin should not be done directly via the user's REST API because that requires a different level of authorization that isn't checked or implemented yet.
KSUID is a K sorted UID. In other words, a KSUID also stores a date component, so that ksuids can be approximately sorted based on the time they were created.
Create a password reset procedure. See OWASP Forgot Password Cheat Sheet
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.