# Gelişmiş Güvenlik { #advanced-security }

## Ek Özellikler { #additional-features }

[Öğretici - Kullanıcı Kılavuzu: Güvenlik](../../tutorial/security/index.md) sayfasında ele alınanların dışında güvenlikle ilgili bazı ek özellikler vardır.

/// tip | İpucu

Sonraki bölümler **mutlaka "gelişmiş" olmak zorunda değildir**.

Ve kullanım durumunuza göre, çözüm bu bölümlerden birinde olabilir.

///

from fastapi import Depends, FastAPI, Security
from fastapi.security import APIKeyQuery
from fastapi.testclient import TestClient
from inline_snapshot import snapshot
from pydantic import BaseModel

app = FastAPI()

api_key = APIKeyQuery(name="key")


class User(BaseModel):
    username: str


def get_current_user(oauth_header: str = Security(api_key)):
    user = User(username=oauth_header)
    return user

import com.google.android.gms.security.ProviderInstaller
import com.squareup.moshi.Moshi
import com.squareup.moshi.kotlin.reflect.KotlinJsonAdapterFactory
import java.io.IOException
import java.net.InetAddress
import java.net.UnknownHostException
import java.security.KeyStore
import java.security.SecureRandom
import java.security.Security
import java.security.cert.Certificate

 */
package jcifs.pac.kerberos;

import java.security.Key;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;

import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/**

## About security, APIs, and docs { #about-security-apis-and-docs }

Hiding your documentation user interfaces in production *shouldn't* be the way to protect your API.

That doesn't add any extra security to your API, the *path operations* will still be available where they are.

If there's a security flaw in your code, it will still exist.

Натисніть кнопку «Authorize».

Використайте облікові дані:

Користувач: `johndoe`

Пароль: `secret`

<img src="/img/tutorial/security/image04.png">

Після автентифікації в системі ви побачите таке:

<img src="/img/tutorial/security/image05.png">

### Отримайте власні дані користувача { #get-your-own-user-data }

Тепер використайте операцію `GET` зі шляхом `/users/me`.

If the token is invalid, return an HTTP error right away.

{* ../../docs_src/security/tutorial004_an_py310.py hl[93:110] *}

## Update the `/token` *path operation* { #update-the-token-path-operation }

Create a `timedelta` with the expiration time of the token.

Create a real JWT access token and return it.

{* ../../docs_src/security/tutorial004_an_py310.py hl[121:136] *}

from fastapi import Depends, FastAPI, Security
from fastapi.security import APIKeyHeader
from fastapi.testclient import TestClient
from inline_snapshot import snapshot
from pydantic import BaseModel

app = FastAPI()

api_key = APIKeyHeader(name="key", auto_error=False)


class User(BaseModel):
    username: str


def get_current_user(oauth_header: str | None = Security(api_key)):
    if oauth_header is None:
        return None

{* ../../docs_src/security/tutorial002_an_py310.py hl[25] *}

## Kullanıcıyı alın { #get-the-user }

`get_current_user`, oluşturduğumuz (sahte) bir yardımcı (utility) fonksiyonu kullanacak; bu fonksiyon `str` olarak bir token alır ve Pydantic `User` modelimizi döndürür:

{* ../../docs_src/security/tutorial002_an_py310.py hl[19:22,26:27] *}

          Security.insertProviderAt(BouncyCastleProvider(), 1)
          Security.insertProviderAt(BouncyCastleJsseProvider(), 2)
        } else if (platformSystemProperty == CORRETTO_PROPERTY) {
          AmazonCorrettoCryptoProvider.install()

          AmazonCorrettoCryptoProvider.INSTANCE.assertHealthy()
        }

        Platform.resetForTests()