108640 Views
83860 Views
59555 Views
48723 Views
48311 Views
47806 Views
Build a laser-cut robot
Robots and Lasers
Arduino Plug and Make Kit Review
Pi to Pico W Bluetooth Communication
Two-Way Bluetooth Communication Between Raspberry Pi Picos
Gamepad 2
Introduction to the Linux Command Line on Raspberry Pi OS
How to install MicroPython
Wall Drawing Robot Tutorial
BrachioGraph Tutorial
Intermediate level MicroPython
Introduction to FreeCAD for Beginners
KevsRobots Learning Platform
66% Percent Complete
By Kevin McAleer, 3 Minutes
With our user models in place, we can now implement the registration and login functionalities. This process involves securely handling passwords, verifying user credentials, and generating authentication tokens.
Before saving a user’s password to the database, we must hash it. Using a library like passlib, we can securely hash passwords.
passlib
from passlib.context import CryptContext pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto") def get_password_hash(password): return pwd_context.hash(password)
Our registration endpoint will accept username, email, and password, validate the data, hash the password, and then save the new user to the database.
from fastapi import FastAPI, HTTPException, Depends from sqlalchemy.orm import Session from . import models, schemas from .database import SessionLocal, engine app = FastAPI() # Dependency def get_db(): db = SessionLocal() try: yield db finally: db.close() @app.post("/register/") def register_user(user: schemas.UserCreate, db: Session = Depends(get_db)): db_user = db.query(models.User).filter(models.User.email == user.email).first() if db_user: raise HTTPException(status_code=400, detail="Email already registered") hashed_password = get_password_hash(user.password) db_user = models.User(username=user.username, email=user.email, hashed_password=hashed_password) db.add(db_user) db.commit() db.refresh(db_user) return {"username": db_user.username, "email": db_user.email}
To log in a user, we need to verify their email and password. This involves fetching the user from the database and checking the password hash.
def verify_password(plain_password, hashed_password): return pwd_context.verify(plain_password, hashed_password) def authenticate_user(email: str, password: str, db: Session = Depends(get_db)): user = db.query(models.User).filter(models.User.email == email).first() if not user or not verify_password(password, user.hashed_password): return False return user
After verifying the user, we generate a JWT token for session management. This token is sent back to the user and used in subsequent requests.
from datetime import datetime, timedelta import jwt SECRET_KEY = "your_secret_key" ALGORITHM = "HS256" def create_access_token(data: dict, expires_delta: timedelta = None): to_encode = data.copy() if expires_delta: expire = datetime.utcnow() + expires_delta else: expire = datetime.utcnow() + timedelta(minutes=15) to_encode.update({"exp": expire}) encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM) return encoded_jwt
You’ve now implemented the registration and login functionalities, including secure password handling and JWT token generation. These are key components of our user authentication system. In the next lessons, we’ll explore how to use these tokens for authenticating API requests and managing user sessions.
Implement an endpoint for logging out users. Consider how you would invalidate the JWT token and what impact this has on the server and client side of your application.
< Previous Next >