from fastapi import Depends, FastAPI, Security
from fastapi.security import APIKeyQuery
from fastapi.testclient import TestClient
from inline_snapshot import snapshot
from pydantic import BaseModel

app = FastAPI()

api_key = APIKeyQuery(name="key")


class User(BaseModel):
    username: str


def get_current_user(oauth_header: str = Security(api_key)):
    user = User(username=oauth_header)
    return user

{* ../../docs_src/security/tutorial001_an_py310.py hl[12] *}

이 의존성은 `str`을 제공하고, 그 값은 *경로 처리 함수*의 파라미터 `token`에 할당됩니다.

**FastAPI**는 이 의존성을 사용해 OpenAPI 스키마(및 자동 API 문서)에 "security scheme"를 정의할 수 있다는 것을 알게 됩니다.

/// info | 기술 세부사항

blank_issues_enabled: false
contact_links:
  - name: Security Contact
    about: Please report security vulnerabilities to security@tiangolo.com
  - name: Question or Problem
    about: Ask a question or ask about a problem in GitHub Discussions.
    url: https://github.com/fastapi/fastapi/discussions/categories/questions
  - name: Feature Request

# 進階安全性 { #advanced-security }

## 額外功能 { #additional-features }

除了[教學 - 使用者指南：安全性](../../tutorial/security/index.md)中涵蓋的內容外，還有一些用來處理安全性的額外功能。

/// tip

以下各節**不一定是「進階」**內容。

而且你的情境很可能可以在其中找到解決方案。

///

## 請先閱讀教學 { #read-the-tutorial-first }

以下各節假設你已閱讀主要的[教學 - 使用者指南：安全性](../../tutorial/security/index.md)。

- 匯入 `HTTPBasic` 與 `HTTPBasicCredentials`。
- 使用 `HTTPBasic` 建立一個「`security` scheme」。
- 在你的*路徑操作*中以依賴的方式使用該 `security`。
- 它會回傳一個 `HTTPBasicCredentials` 型別的物件：
    - 其中包含傳來的 `username` 與 `password`。

{* ../../docs_src/security/tutorial006_an_py310.py hl[4,8,12] *}

當你第一次嘗試開啟該 URL（或在文件中點擊 "Execute" 按鈕）時，瀏覽器會要求輸入你的使用者名稱與密碼：

<img src="/img/tutorial/security/image12.png">

## 檢查使用者名稱 { #check-the-username }

以下是一個更完整的範例。

from fastapi import Depends, FastAPI, Security
from fastapi.security import APIKeyHeader
from fastapi.testclient import TestClient
from inline_snapshot import snapshot
from pydantic import BaseModel

app = FastAPI()

api_key = APIKeyHeader(name="key", auto_error=False)


class User(BaseModel):
    username: str


def get_current_user(oauth_header: str | None = Security(api_key)):
    if oauth_header is None:
        return None

the identity of the caller is validated by using a JWT access token from the identity provider. The temporary security credentials returned by this API consists of an access key, a secret key, and a security token. Applications can use these temporary security credentials to sign calls to MinIO API operations.

By default, the temporary security credentials created by AssumeRoleWithClientGrants last for one hour. However, use the optional DurationSeconds parameter to specify the duration of the...

    }

    @Test
    void testGetSecurityWithValidSecurityDescriptor() throws Exception {
        // Setup mock ShareInfo502 with a minimal valid security descriptor
        srvsvc.ShareInfo502 info502 = new srvsvc.ShareInfo502();
        // Create a minimal valid security descriptor binary
        // Format: revision(1) + sbz1(1) + control(2) + ownerOffset(4) + groupOffset(4) + saclOffset(4) + daclOffset(4) = 20 bytes minimum

        assertTrue(true);
    }

    @Test
    public void test_securitySettings_allowBasic() throws Exception {
        // Test that ALLOW_BASIC security setting can be accessed
        // This verifies the security warnings are properly documented in code
        SpnegoAuthenticator authenticator = new SpnegoAuthenticator();
        assertNotNull(authenticator);

     */
    int DELETE = 0x00010000; // 16
    /**
     * Permission to read the security descriptor
     */
    int READ_CONTROL = 0x00020000; // 17
    /**
     * Permission to write the discretionary access control list
     */
    int WRITE_DAC = 0x00040000; // 18
    /**
     * Permission to change the owner in the security descriptor
     */
    int WRITE_OWNER = 0x00080000; // 19
    /**