from fastapi import FastAPI
from pydantic import BaseModel, EmailStr

app = FastAPI()


class UserIn(BaseModel):
    username: str
    password: str
    email: EmailStr
    full_name: str | None = None


# Don't do this in production!
@app.post("/user/")
async def create_user(user: UserIn) -> UserIn:

			lookupRes, groupDistNames, err := globalIAMSys.LDAPConfig.Bind(username, password)
			if err != nil {
				return false, err
			}
			ldapPolicies, _ := globalIAMSys.PolicyDBGet(lookupRes.NormDN, groupDistNames...)
			return len(ldapPolicies) > 0, nil
		}
		return subtle.ConstantTimeCompare([]byte(sa.Credentials.SecretKey), []byte(password)) == 1, nil
	}

	ui, ok := globalIAMSys.GetUser(context.Background(), username)

[ "${MVNW_VERBOSE-}" != true ] || __MVNW_QUIET_WGET='' __MVNW_QUIET_CURL='' __MVNW_QUIET_UNZIP='' __MVNW_QUIET_TAR=v

# normalize http auth
case "${MVNW_PASSWORD:+has-password}" in
'') MVNW_USERNAME='' MVNW_PASSWORD='' ;;
has-password) [ -n "${MVNW_USERNAME-}" ] || MVNW_USERNAME='' MVNW_PASSWORD='' ;;
esac

if [ -z "${MVNW_USERNAME-}" ] && command -v wget >/dev/null; then
  verbose "Found wget ... using wget"

                        throw new RuntimeException("Plain text passwords are disabled");
                    } else {
                        // plain text
                        final String password = a.getPassword();
                        this.lmHash = new byte[(password.length() + 1) * 2];
                        this.ntHash = new byte[0];
                        writeString(password, this.lmHash, 0);
                    }
                }

      },
      "port": {
        "type": "integer"
      },
      "protocolScheme": {
        "type": "keyword"
      },
      "username": {
        "type": "keyword"
      },
      "password": {
        "type": "keyword"
      },
      "parameters": {
        "type": "keyword"
      },
      "fileConfigId": {
        "type": "keyword"
      },
      "createdBy": {
        "type": "keyword"

      },
      "authRealm": {
        "type": "keyword"
      },
      "protocolScheme": {
        "type": "keyword"
      },
      "username": {
        "type": "keyword"
      },
      "password": {
        "type": "keyword"
      },
      "parameters": {
        "type": "keyword"
      },
      "webConfigId": {
        "type": "keyword"
      },
      "createdBy": {
        "type": "keyword"

	}

	// Encode result and send response.

	data, err := json.Marshal(res)
	if err != nil {
		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
		return
	}
	password := cred.SecretKey
	econfigData, err := madmin.EncryptData(password, data)
	if err != nil {
		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
		return
	}
	writeSuccessResponseJSON(w, econfigData)
}

为了解决这个问题，我们首先将 `username` 和 `password` 转换为使用 UTF-8 编码的 `bytes` 。

然后我们可以使用 `secrets.compare_digest()` 来确保 `credentials.username` 是 `"stanleyjobson"`，且 `credentials.password` 是`"swordfish"`。

{* ../../docs_src/security/tutorial007_an_py310.py hl[1,12:24] *}

这类似于：

```Python
if not (credentials.username == "stanleyjobson") or not (credentials.password == "swordfish"):
    # Return some error
    ...
```

* utilize (resources): использовать
* сontent: содержимое (or `контент`)
* raise exception: вызвать исключение (also possible to use `сгенерировать исключение` or `выбросить исключение`)
* password flow: password flow (clarify as `аутентификация по паролю` if needed)
* tutorial: руководство (or `учебник`)
* too long; didn't read: слишком длинно; не читал
* proxy with a stripped path prefix: прокси с функцией удаления префикса пути

     */
    String[] DOS_ERROR_MESSAGES = { "The operation completed successfully.", "Incorrect function.", "Incorrect function.",
            "The system cannot find the file specified.", "Bad password.", "The system cannot find the path specified.", "reserved",
            "The client does not have the necessary access rights to perform the requested function.", "Access is denied.",