name: OSV-Scanner Scheduled Scan

on:
  schedule:
    - cron: 0 4 * * 1

permissions:
  # Require writing security events to upload SARIF file to security tab
  security-events: write
  # Only need to read contents
  contents: read

jobs:
  scan-scheduled:
    if: github.repository == 'tensorflow/tensorflow'

**FastAPI** weiß, dass es die Klasse `OAuth2PasswordBearer` (deklariert in einer Abhängigkeit) verwenden kann, um das Sicherheitsschema in OpenAPI zu definieren, da es von `fastapi.security.oauth2.OAuth2` erbt, das wiederum von `fastapi.security.base.SecurityBase` erbt.

# 進階安全性 { #advanced-security }

## 額外功能 { #additional-features }

除了[教學 - 使用者指南：安全性](../../tutorial/security/index.md)中涵蓋的內容外，還有一些用來處理安全性的額外功能。

/// tip

以下各節**不一定是「進階」**內容。

而且你的情境很可能可以在其中找到解決方案。

///

## 請先閱讀教學 { #read-the-tutorial-first }

以下各節假設你已閱讀主要的[教學 - 使用者指南：安全性](../../tutorial/security/index.md)。

    }

    @Test
    void testGetSecurityWithValidSecurityDescriptor() throws Exception {
        // Setup mock ShareInfo502 with a minimal valid security descriptor
        srvsvc.ShareInfo502 info502 = new srvsvc.ShareInfo502();
        // Create a minimal valid security descriptor binary
        // Format: revision(1) + sbz1(1) + control(2) + ownerOffset(4) + groupOffset(4) + saclOffset(4) + daclOffset(4) = 20 bytes minimum

# Test security scheme at the top level, including OpenAPI
# Ref: https://github.com/fastapi/fastapi/discussions/14263
# Ref: https://github.com/fastapi/fastapi/issues/14271
from fastapi import Depends, FastAPI
from fastapi.security import HTTPBearer
from fastapi.testclient import TestClient
from inline_snapshot import snapshot

app = FastAPI()

bearer_scheme = HTTPBearer()


@app.get("/", dependencies=[Depends(bearer_scheme)])

from datetime import datetime, timedelta, timezone
from typing import Annotated

import jwt
from fastapi import Depends, FastAPI, HTTPException, Security, status
from fastapi.security import (
    OAuth2PasswordBearer,
    OAuth2PasswordRequestForm,
    SecurityScopes,
)
from jwt.exceptions import InvalidTokenError
from pwdlib import PasswordHash
from pydantic import BaseModel, ValidationError

# to get a string like this run:

* Importa `HTTPBasic` y `HTTPBasicCredentials`.
* Crea un "esquema de `security`" usando `HTTPBasic`.
* Usa ese `security` con una dependencia en tu *path operation*.
* Devuelve un objeto de tipo `HTTPBasicCredentials`:
  * Contiene el `username` y `password` enviados.

{* ../../docs_src/security/tutorial006_an_py310.py hl[4,8,12] *}

{* ../../docs_src/security/tutorial002_an_py310.py hl[25] *}

## 获取用户 { #get-the-user }

`get_current_user` 使用创建的（伪）工具函数，该函数接收 `str` 类型的令牌，并返回 Pydantic 的 `User` 模型：

{* ../../docs_src/security/tutorial002_an_py310.py hl[19:22,26:27] *}

## 注入当前用户 { #inject-the-current-user }

在*路径操作* 的 `Depends` 中使用 `get_current_user`：

{* ../../docs_src/security/tutorial002_an_py310.py hl[31] *}

blank_issues_enabled: false
contact_links:
  - name: Security Contact
    about: Please report security vulnerabilities to security@tiangolo.com
  - name: Question or Problem
    about: Ask a question or ask about a problem in GitHub Discussions.
    url: https://github.com/fastapi/fastapi/discussions/categories/questions
  - name: Feature Request

# 고급 보안 { #advanced-security }

## 추가 기능 { #additional-features }

[튜토리얼 - 사용자 가이드: 보안](../../tutorial/security/index.md)에서 다룬 내용 외에도, 보안을 처리하기 위한 몇 가지 추가 기능이 있습니다.

/// tip | 팁

다음 섹션들은 **반드시 "고급"이라고 할 수는 없습니다**.

그리고 사용 사례에 따라, 그중 하나에 해결책이 있을 수도 있습니다.

///

## 먼저 튜토리얼 읽기 { #read-the-tutorial-first }

다음 섹션은 주요 [튜토리얼 - 사용자 가이드: 보안](../../tutorial/security/index.md)을 이미 읽었다고 가정합니다.