///

<img src="/img/tutorial/security/image08.png">

Chame o endpoint `/users/me/`, você receberá o retorno como:

```JSON
{
  "username": "johndoe",
  "email": "******@****.***",
  "full_name": "John Doe",
  "disabled": false
}
```

<img src="/img/tutorial/security/image09.png">

* 校验大部分（甚至所有？）的 Python **数据类型**，包括：
    * JSON 对象 (`dict`).
    * JSON 数组 (`list`) 定义成员类型。
    * 字符串 (`str`) 字段, 定义最小或最大长度。
    * 数字 (`int`, `float`) 有最大值和最小值， 等等。

* 校验外来类型， 比如:
    * URL.
    * Email.
    * UUID.
    * ...及其他.

所有的校验都由完善且强大的 **Pydantic** 处理。

### 安全性及身份验证

集成了安全性和身份认证。杜绝数据库或者数据模型的渗透风险。

OpenAPI 中定义的安全模式，包括：

* HTTP 基本认证。

    * Campos de cadena de caracteres (`str`), definiendo longitudes mínimas y máximas.
    * Números (`int`, `float`) con valores mínimos y máximos, etc.

* Validación para tipos más exóticos, como:
    * URL.
    * Email.
    * UUID.
    * ...y otros.

Toda la validación es manejada por **Pydantic**, una herramienta bien establecida y robusta.

### Seguridad y autenticación { #security-and-authentication }

* 驗證大部分（甚至所有？）的 Python **資料型別**，包括：
    * JSON 物件 (`dict`)。
    * JSON 陣列 (`list`) 定義項目型別。
    * 字串 (`str`) 欄位，定義最小或最大長度。
    * 數字 (`int`, `float`) 與其最大值和最小值等。

* 驗證外來的型別，比如:
    * URL
    * Email
    * UUID


### 安全性及身份驗證

FastAPI 已經整合了安全性和身份驗證的功能，但不會強制與特定的資料庫或資料模型進行綁定。

OpenAPI 中定義的安全模式，包括：

* HTTP 基本認證。

///

<img src="/img/tutorial/security/image08.png">

Call the endpoint `/users/me/`, you will get the response as:

```JSON
{
  "username": "johndoe",
  "email": "******@****.***",
  "full_name": "John Doe",
  "disabled": false
}
```

<img src="/img/tutorial/security/image09.png">

# Settings and Environment Variables { #settings-and-environment-variables }

In many cases your application could need some external settings or configurations, for example secret keys, database credentials, credentials for email services, etc.

Most of these settings are variable (can change), like database URLs. And many could be sensitive, like secrets.

For this reason it's common to provide them in environment variables that are read by the application.

/// tip

  existingClientSecretName: ""
  existingClientIdKey: ""
  existingClientSecretKey: ""
  claimName: "policy"
  scopes: "openid,profile,email"
  redirectUri: "https://console-endpoint-url/oauth_callback"
  # Can leave empty
  claimPrefix: ""
  comment: ""
  displayName: ""

networkPolicy:
  enabled: false

注意，代码中没有明文密码**`secret`**，只保存了它的哈希值。

///

<img src="https://fastapi.tiangolo.com/img/tutorial/security/image08.png">

调用 `/users/me/` 端点，收到下面的响应：

```JSON
{
  "username": "johndoe",
  "email": "******@****.***",
  "full_name": "John Doe",
  "disabled": false
}
```

<img src="https://fastapi.tiangolo.com/img/tutorial/security/image09.png">

코드 어디에도 평문 패스워드 "`secret`" 이 없다는 점에 유의하십시오. 해시된 버전만 있습니다.

///

<img src="/img/tutorial/security/image08.png">

`/users/me/` 를 호출하면 다음과 같은 응답을 얻을 수 있습니다:

```JSON
{
  "username": "johndoe",
  "email": "******@****.***",
  "full_name": "John Doe",
  "disabled": false
}
```

<img src="/img/tutorial/security/image09.png">

Lá você pode selecionar “Apenas lançamentos” (Releases only).

Fazendo isso, você receberá notificações (no seu email) sempre que houver um novo lançamento (uma nova versão) do **FastAPI** com correções de bugs e novas funcionalidades.

## Conecte-se com o autor { #connect-with-the-author }