### Include the `APIRouter`s for `users` and `items` { #include-the-apirouters-for-users-and-items }

Now, let's include the `router`s from the submodules `users` and `items`:

{* ../../docs_src/bigger_applications/app_an_py39/main.py hl[10:11] title["app/main.py"] *}

/// info

`users.router` contains the `APIRouter` inside of the file `app/routers/users.py`.

				},
			},
			sql: "INNER JOIN `user` USING (`id`)",
		},
	}
	for _, result := range results {
		t.Run(result.name, func(t *testing.T) {
			user, _ := schema.Parse(&tests.User{}, &sync.Map{}, db.NamingStrategy)
			stmt := &gorm.Statement{DB: db, Table: user.Table, Schema: user, Clauses: map[string]clause.Clause{}}
			result.join.Build(stmt)
			if result.sql != stmt.SQL.String() {

		Result  string
		Vars    []interface{}
	}{
		{
			[]clause.Interface{clause.Select{}, clause.From{}},
			"SELECT * FROM `users`", nil,
		},
		{
			[]clause.Interface{clause.Select{
				Columns: []clause.Column{clause.PrimaryColumn},
			}, clause.From{}},
			"SELECT `users`.`id` FROM `users`", nil,
		},
		{
			[]clause.Interface{clause.Select{
				Columns: []clause.Column{clause.PrimaryColumn},
			}, clause.Select{

			if _, ok := cleanQ.Users[user]; !ok {
				cleanQ.Users[user] = nil
			}
		}

		// Validate and normalize groups.
		for _, group := range q.Groups {
			lookupRes, underDN, _ := sys.LDAPConfig.GetValidatedGroupDN(nil, group)
			if lookupRes != nil && underDN {
				cleanQ.Groups.Add(lookupRes.NormDN)
			}
		}
	} else {
		for _, user := range q.Users {
			info, err := sys.store.GetUserInfo(user)

# OpenAPI Webhooks { #openapi-webhooks }

There are cases where you want to tell your API **users** that your app could call *their* app (sending a request) with some data, normally to **notify** of some type of **event**.

This means that instead of the normal process of your users sending requests to your API, it's **your API** (or your app) that could **send requests to their system** (to their API, their app).

This is normally called a **webhook**.

		Result        string
	}{
		{
			SQL:           "create table users (name, age, height, actived, bytes, create_at, update_at, deleted_at, email, role, pass) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)",
			NumericRegexp: nil,
			Vars:          []interface{}{"jinzhu", 1, 999.99, true, []byte("12345"), tt, &tt, nil, "w@g.\"com", myrole, pwd},

## ユーザーの取得

`get_current_user` は作成した（偽物の）ユーティリティ関数を使って、 `str` としてトークンを受け取り、先ほどのPydanticの `User` モデルを返却します:

{* ../../docs_src/security/tutorial002.py hl[19:22,26:27] *}

## 現在のユーザーの注入

ですので、 `get_current_user` に対して同様に *path operation* の中で `Depends` を利用できます。

{* ../../docs_src/security/tutorial002.py hl[31] *}

Pydanticモデルの `User` として、 `current_user` の型を宣言することに注意してください。

その関数の中ですべての入力補完や型チェックを行う際に役に立ちます。

/// tip | 豆知識

## Obtener el usuario { #get-the-user }

`get_current_user` usará una función de utilidad (falsa) que creamos, que toma un token como un `str` y devuelve nuestro modelo de Pydantic `User`:

{* ../../docs_src/security/tutorial002_an_py310.py hl[19:22,26:27] *}

## Inyectar al usuario actual { #inject-the-current-user }

app = FastAPI()

api_key = APIKeyQuery(name="key", description="API Key Query")


class User(BaseModel):
    username: str


def get_current_user(oauth_header: str = Security(api_key)):
    user = User(username=oauth_header)
    return user


@app.get("/users/me")
def read_current_user(current_user: User = Depends(get_current_user)):
    return current_user


client = TestClient(app)

client = TestClient(app)


def test_security_http_base():
    response = client.get("/users/me", headers={"Authorization": "Other foobar"})
    assert response.status_code == 200, response.text
    assert response.json() == {"scheme": "Other", "credentials": "foobar"}


def test_security_http_base_no_credentials():
    response = client.get("/users/me")
    assert response.status_code == 200, response.text