Diesen Code können Sie tatsächlich in Ihrer Anwendung verwenden, die Passwort-Hashes in Ihrer Datenbank speichern, usw.

Wir bauen auf dem vorherigen Kapitel auf.

## Über JWT { #about-jwt }

JWT bedeutet „JSON Web Tokens“.

Es ist ein Standard, um ein JSON-Objekt in einem langen, kompakten String ohne Leerzeichen zu kodieren. Das sieht so aus:

```

Este código es algo que puedes usar realmente en tu aplicación, guardar los hashes de las contraseñas en tu base de datos, etc.

Vamos a empezar desde donde lo dejamos en el capítulo anterior e incrementarlo.

## Acerca de JWT { #about-jwt }

JWT significa "JSON Web Tokens".

Es un estándar para codificar un objeto JSON en un string largo y denso sin espacios. Se ve así:

```

如果你的資料庫被竊取，攻擊者拿到的不是使用者的純文字密碼，而只是雜湊值。

因此攻擊者無法嘗試把那些密碼用在其他系統上（因為很多使用者在各處都用同一組密碼，這會很危險）。

{* ../../docs_src/security/tutorial003_an_py310.py hl[82:85] *}

#### 關於 `**user_dict**` { #about-user-dict }

`UserInDB(**user_dict)` 的意思是：

把 `user_dict` 的鍵和值直接當作具名參數傳入，等同於：

```Python
UserInDB(
    username = user_dict["username"],
    email = user_dict["email"],

It doesn't matter. **FastAPI** will know what to do.

/// note

If you don't know, check the [Async: *"In a hurry?"*](../../async.md#in-a-hurry) section about `async` and `await` in the docs.

///

## Integrated with OpenAPI { #integrated-with-openapi }

## Order matters { #order-matters }

When creating *path operations*, you can find situations where you have a fixed path.

Like `/users/me`, let's say that it's to get data about the current user.

And then you can also have a path `/users/{user_id}` to get data about a specific user by some user ID.

Because *path operations* are evaluated in order, you need to make sure that the path for `/users/me` is declared before the one for `/users/{user_id}`:

# in compliance with, at your election, the Elastic License 2.0 or the Server
# Side Public License, v 1.

# Checks that we run against bytecode of third-party dependencies
#
# Be judicious about what is denied here: MANY classes will be subject
# to these rules, so please try to keep the false positive rate low!
#
# Each third party .class failing checks will need to be explicitly

```Python
from .routers import items, users
```

The second version is an "absolute import":

```Python
from app.routers import items, users
```

To learn more about Python Packages and Modules, read [the official Python documentation about Modules](https://docs.python.org/3/tutorial/modules.html).

///

### Avoid name collisions { #avoid-name-collisions }

 *       under all environments. We could fight this by fully qualifying the annotation, but the
 *       result will be verbose and attention-grabbing.
 *   <li>We need to be careful about how we suppress {@code suite()} methods in {@code common.io}.
 *       The generated suite for {@code FooTest} ends up containing {@code FooTest} itself plus some

           *
           * ...when we build with JDK 22 and run under JDK 8.
           */
          || info.getName().contains("MultimapsTest")
      /*
       * Luckily, we don't care about analyzing tests at all. We'd skip them all if we could do so
       * trivially, but it's enough to skip these ones.
       */
      ) {
        continue;
      }
      Class<?> clazz = info.load();
      try {

   * the entry was returned by the iterator, except through the setValue operation on the map entry"
   * As such, this field must be cleared before every map mutation.
   *
   * Note about volatile: volatile doesn't make it safe to read from a mutable graph in one thread
   * while writing to it in another. All it does is help with _reading_ from multiple threads