This is another approach to cursor pagination by moving the cursor logic from the crud endpoint to a separate file and created the CursorPagination class
This PR adds a few new options for range-headers. This allows the api to send data about current pages and total number of records back to the client along with the data, which can help avoid excessive calls. I was a little unsure how to deal with filtering parameters, but I think the correct for a content-range header is to always return the total number of records as the "total" regardless of any filtering applied to the current query.
adding this will make it easier to use piccolo-api as a backend for django-admin (https://marmelab.com/react-admin).
I haven't added documentation yet, waiting to get maintaners' feedback before I do so.
At version 0.29.0 there seems to be no support for ARRAY types in the CRUD generation. Code is generated, but an ARRAY of VARCHAR comes out as a single Varchar, and the field cannot be properly used.
In the Piccolo Admin the Arrays of Varchar are handled ok. Are there already plans to support Array types in CRUD?
bug@dantownsend I hope you meant something similar to this. Once you've checked and merged this, I'll make the changes in Piccolo Admin. Related to this issue.
It would be useful to show an app which has all of the session auth components working together (session_login, session_logout and SessionsAuthBackend).
Here's an example:
import datetime
from fastapi import FastAPI
from piccolo_api.csrf.middleware import CSRFMiddleware
from piccolo_api.openapi.endpoints import swagger_ui
from piccolo_api.session_auth.endpoints import session_login, session_logout
from piccolo_api.session_auth.middleware import SessionsAuthBackend
from starlette.middleware import Middleware
from starlette.middleware.authentication import AuthenticationMiddleware
from starlette.routing import Route
app = FastAPI()
app.mount(
"/login/",
session_login(),
)
private_app = FastAPI(
routes=[
Route("/logout/", session_logout()),
],
middleware=[
Middleware(
AuthenticationMiddleware,
backend=SessionsAuthBackend(
increase_expiry=datetime.timedelta(minutes=30)
),
),
Middleware(CSRFMiddleware, allow_form_param=True),
],
docs_url=None,
redoc_url=None,
)
# The Swagger docs which come with FastAPI don't support CSRF middleware, so we mount
# a custom one which Piccolo provides (accessible at /private/docs):
private_app.mount("/docs/", swagger_ui(schema_url="/private/openapi.json"))
@private_app.get('/my-secret-endpoint/')
def my_endpoint():
# This is just a normal FastAPI endpoint, and is protected by Session Auth
pass
app.mount("/private/", private_app)
if __name__ == "__main__":
import uvicorn
uvicorn.run(app)
As an alternative to adding hooks/signals to piccolo-orm itself, I wanted to explore if such functionality could be more easily added to piccolo-api instead. My goal is to have extensibility points in piccolo-api (and maybe thereby also in piccolo-admin) that expand on the existing crud operations.
My propsal is that PiccoloCRUD taks an optional hooks parameter, which is a list of coroutines and when to trigger them. So far I've only added pre_save as a proof of concept. This lets me create a test app looking like this (i've just snipped the relevant parts of the app:
class Customer(Table):
email: str = Varchar(null=True, default=None)
first_name: str = Varchar(null=True, default=None)
last_name: str = Varchar(null=True, default=None)
class NiceCustomer(BaseModel):
email: str = None
async def awesome_hook(row: Customer):
dict_row = row.to_dict()
model_thing = NiceCustomer(**dict_row)
async with httpx.AsyncClient() as client:
r = await client.post(
"https://good-url.example.com",
json=model_thing.dict()
)
FastAPIWrapper(
root_url="/api/v2/customer/",
fastapi_app=app,
piccolo_crud=PiccoloCRUD(
page_size=50,
table=Customer,
read_only=False,
hooks=[
Hook(
hook_type=HookType.pre_save,
coro=awesome_hook
)
]
)
)
I'd be happy to continue building on this, but I want to get maintainer's initial feedback first.
Based on https://github.com/piccolo-orm/piccolo_api/pull/171
I made two modifications. The main thing is there's now a single argument called upload_metadata for passing in the various S3 options. S3 has so many options available:
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/customizations/s3.html#boto3.s3.transfer.S3Transfer
If we just let the user pass in a dictionary instead, we cover all future use cases.
The other modification was adding a sign_urls argument. So if it's being used with a public bucket we're not wasting resources generating signed URLs when they're not required.
@dantownsend I've just upgraded my infrastructure to the latest version of FastAPI and I'm now getting a strange error when trying to view the Swagger UI. In the first instance FastAPI is giving me a "failed to load API definition" which is a problem with retrieving the OpenAPI JSON spec. Digging a bit more into the problem however reveals that something is going on when creating the Pydantic response models.
Fetch error Response status is 500 /api/openapi.json
Digging a bit more into the problem however reveals that something is going on when creating the Pydantic response models. I assume this is soemthing to do with create_pydantic_model. I'm getting an error like the one here, which is the closest I can find to any explanation of the issue:
https://github.com/tiangolo/fastapi/issues/1505
The relevant bit in my case is:
File "/usr/local/lib/python3.7/site-packages/fastapi/openapi/utils.py", line 364, in get_openapi flat_models=flat_models, model_name_map=model_name_map File "/usr/local/lib/python3.7/site-packages/fastapi/utils.py", line 28, in get_model_definitions model_name = model_name_map[model] KeyError: <class 'pydantic.main.Lemma'>
I'm stumped, as nothing has changed at all in my model / table definitions since the update. Is this likely something due to the interaction of Piccolo - Pydantic - FastAPI or out of Piccolo's scope?
I am struggling a bit with Piccolo's authentication systems. I have a FastAPI app and am wrapping it with Starlette's AuthenticationMiddleware, as hinted in the docs, with the joint SessionAuth and SecretTokenAuth providers. The secret token seems to be working alright; my API client won't get results without the correct header-cum-token. However whatever I do on the browser gives me "Auth failed for all backends". I can't get to the login endpoint, though this appears properly configured according to the docs. I tried 'allow unauthenticated' to see if this would loosen up the permissions, but even the FastAPI docs give me this error. Is there any robust example app with SessionAuth to see how everything should be organized?
Added the ability to move in different directions (forward and backward) from next_cursor.
Example:
http://localhost:8000/posts/?__page_size=3&__order=id&__cursor=NA== (ASC forward)
http://localhost:8000/posts/?__page_size=3&__order=id&__cursor=NA==&__previous=yes (ASC backward)
http://localhost:8000/posts/?__page_size=3&__order=-id&__cursor=OQ== (DESC forward)
http://localhost:8000/posts/?__page_size=3&__order=-id&__cursor=OQ==&__previous=yes (DESC backward)
This is quite tricky with a lot of edge cases. I don't know exactly how to use cursor pagination in piccolo_admin. LimitOffset pagination works good (up to 200,000 rows), and is quite convinient. We may use cursor pagination above that number (maybe millions of rows, but I’m have never encountered such large data sets), but then we lose the ability to sort by all columns except by id, because the cursor must be unique. You probably know much better than I how to implement that. Cheers.
Currently, the __page and __page_size query params aren't documented.
Also, PiccoloCRUD should have a max_page_size argument, to limit abuse of an endpoint.
If the max_page_size is exceeded, an error should be returned. A 403 feels most appropriate, with a body such as The page size limit has been exceeded.
See: https://www.cockroachlabs.com/docs/stable/timestamp.html
Cockroach always uses Timestamptz (set to +00:00) when Timestamp is specified. This is confusing to piccolo migrations.
[email protected]:~/Desktop/piccolo_examples-master/headless_blog_fastapi$ piccolo migrations forwards all
BLOG
----------------------------------------------------------------
👍 1 migration already complete
🏁 No migrations need to be run
SESSION_AUTH
----------------------------------------------------------------
👍 1 migration already complete
⏩ 1 migration not yet run
🚀 Running 1 migration:
- 2019-11-12T20:47:17 [forwards]... The command failed.
expected DEFAULT expression to have type timestamp, but 'current_timestamp() + '01:00:00'' has type timestamptz
For a full stack trace, use --trace
Suggestions? Too new to Piccolo to know what course of action to take in order to make this work smoothly.
Otherwise Cockroach seems to work fairly flawlessly with Piccolo, because of asyncpg.
It would be good if we modified PiccoloCRUD, so it could accept a media_storage argument (like create_admin does in Piccolo Admin).
PiccoloCRUD(
Movie,
media_columns=[
LocalMediaStorage(Movie.poster, media_path='/srv/media/movie_posters/')
]
)
We could then add a new GET parameter called something like __media_urls, which then auto adds the URL to the response for accessing the media.
GET /1/?__media_urls
{
'id': 1,
'name': 'Star Wars',
'poster': 'some-file-abc-123.jpg',
'poster_url': '/media/some-file-abc-123.jpg',
}
Once this is in place, we can refactor Piccolo Admin slightly, so it passes the media_storage argument to PiccoloCRUD, and lets PiccoloCRUD do all of the heavy lifting.
I want to create blockchain backend app, based on piccolo. So I need custom User model (generally, without password field). As suggested in docs, I must implement custom user app. But I also want to use session mechanism. How can I achieve that case?
BTW, Great project! I've struggled with fastapi-sqlalchemy stack and it's back and forth model transitions. I've looked other ORMs, compatible with pydantic and FastAPI (Tortoise, SQLModel, Databases, GINO), but those projects looks too young or unmaintained. And only piccolo had my heart from first look). Thank you and keep doing your great work!
PiccoloCRUD currently has hooks like pre_save, which is used to modify the data before insertion into the database. We should add a post_save too, which is run after insertion into the database. It can be used for logging, sending an email etc.
Just like we've done with other endpoints. There are many potential use cases:
Catching more database errors in PiccoloCRUD, and returning useful API responses instead of 500 errors.
Implemented GitHub's CodeQL suggestions - this now means LocalMediaStorage uses 600 instead of 640 as the default file permissions for uploaded files (thanks to @sinisaos for this).
PiccoloCRUD validators can now be async.0.87.0. The reason for this is Starlette made a fairly large change in version 0.21.0, which meant we had to refactor a lot of our tests, which makes it challenging to support older versions.Improving type annotations:
id: Serial for SessionsBase and TokenAuth.If BaseUser is used with PiccoloCRUD, passwords are now handled properly.
Thanks to @sinisaos for making this change.
Source code(tar.gz)PiccoloCRUD now handles database exceptions better. If a query fails due to a unique constraint, a 422 response code is returned, along with information about the error.
This means Piccolo Admin will show more useful debugging information when a query fails.
Thanks to @ethagnawl for reporting this issue, and @sinisaos for help prototyping a solution.
Source code(tar.gz)Fixed a bug with Email columns and PiccoloCRUD.get_new.
Thanks to @Tar8117 for reporting this bug.
Source code(tar.gz)Previously you had to provide folder_name as an argument to S3MediaStorage.
It's now optional, as some users may choose to store their files in a bucket without a folder.
Source code(tar.gz)When uploading files to S3, we try and correctly set the content type. This now works correctly for .jpg files (previously only .jpeg worked for JPEGs). Thanks to @sumitsharansatsangi for adding this.
Fixed a bug with MediaStorage.delete_unused_files - it was raising an exception when used with Array columns. Thanks to @sumitsharansatsangi for reporting this issue.
When using S3MediaStorage you can now specify additional arguments when files are uploaded (using the upload_metadata argument), for example, setting the cache settings, and much more. Thanks to @sumitsharansatsangi, and @sinisaos for help reviewing.
S3MediaStorage(
...,
# Cache the file for 24 hours:
upload_metadata={'CacheControl': 'max-age=86400'}
)
Added dependency injection to PiccoloCRUD hooks - the Starlette request object will now be passed in if requested. For example:
def my_hook(row_id, request):
...
Thanks to @AnthonyArmour and @destos for this.
Source code(tar.gz)Added support for file storage in a local folder and in S3. This was added for Piccolo Admin, but is useful for all Piccolo apps.
Thanks to @sinisaos for assisting with this.
Source code(tar.gz)Make Piccolo API work with Piccolo >= 0.82.0. Table used to accept a parameter called ignore_missing. This was renamed to _ignore_missing. Thanks to @sinisaos for this fix.
Improved the HTTP status codes returned by the change_password, register and session_login endpoints. They now return a 422 status code if a validation error occurs. This is required by Piccolo Admin, to better determine why a request failed.
Added read_only option to change_password and register endpoints.
This is for Piccolo Admin's read_only mode.
Changed a parameter name used in the change_password endpoint to be less ambiguous (old_password -> current_password).
Changed a parameter name used in the change_password endpoint to be less ambiguous (confirm_password -> confirm_new_password).
Added a change_password endpoint (courtesy @sinisaos).
See the demo project for a full example.
Source code(tar.gz)The session_login, session_logout, and register endpoints can now have their CSS styles easily customised, to make them match the rest of the application.
from fastapi import FastAPI
from piccolo_api.session_auth.endpoints import register
from piccolo_api.shared.auth.styles import Styles
app = FastAPI()
app.mount(
'/register/',
register(
styles=Styles(background_color='black')
)
)
It is now trivially easy to add CAPTCHA support to the register and session_login endpoints, to provide protection against bots. Just sign up for an account with hCaptcha or reCAPTCHA, and do the following:
from fastapi import FastAPI
from piccolo_api.session_auth.endpoints import register
from piccolo_api.shared.auth.captcha import hcaptcha
app = FastAPI()
# To use hCaptcha:
app.mount(
'/register/',
register(
captcha=hcaptcha(
site_key='my-site-key',
secret_key='my-secret-key',
)
)
)
Added a register endpoint, which is great for quickly prototyping a sign up process (courtesy @sinisaos).
Added hooks to the session_login endpoint, allowing additional logic to be triggered before and after login.
Fixing the ids endpoint of PiccoloCRUD when a custom primary key column is used with a name other than id.
The schema endpoint of PiccoloCRUD now returns the primary key name. This means we'll be able to support tables with a custom primary key name in Piccolo Admin.
Make sure tables with a custom primary key column work with PiccoloCRUD.
Fixed a bug with PiccoloCRUD, where a PATCH request returned a string instead of a JSON object. Thanks to @trondhindenes for discovering and fixing this issue.
Fixed bug with __range_header=false.
Added support for the Content-Range HTTP header in the GET endpoint of PiccoloCRUD. This means the API client can fetch the number of available rows, without doing a separate API call to the count endpoint.
GET /?__range_header=true
If the page size is 10, then the response header looks something like:
Content-Range: movie 0-9/100
The feature was created to make Piccolo APIs work better with front ends like React Admin.
Thanks to @trondhindenes for adding this feature, and @sinisaos for help reviewing.
Source code(tar.gz)Added hooks to PiccoloCRUD. This allows the user to add their own logic before a save / patch / delete (courtesy @trondhindenes).
For example:
# Normal functions and async functions are supported:
def pre_save_hook(movie):
movie.rating = 90
return movie
PiccoloCRUD(
table=Movie,
read_only=False,
hooks=[
Hook(hook_type=HookType.pre_save, callable=pre_save_hook)
]
)
CSRFMiddleware code, and added missing type annotations.__visible_fields parameter with PiccoloCRUD, and the field name is unrecognised, the error response will list the correct field names.We recently added the __visible_fields GET parameter to PiccoloCRUD, which allows the user to determine which fields are returned by the API.
GET /?__visible_fields=id,name
However, there was no way of the user knowing which fields were supported. This is now possible by visiting the /schema endpoint, which has a visible_fields_options field which lists the columns available on the table and related tables (courtesy @sinisaos).
Fixed a bug with the OpenAPI docs when using Array columns. Thanks to @gmos for reporting this issue, and @sinisaos for fixing it.
You now get a nice UI for Array columns:
Source code(tar.gz)A simple api written in python/fastapi that serves movies from a cassandra table. 1)clone the repo 2)rename sample_global_config_.py to global_config.
Template for private python service This is a cookiecutter template for an internal REST API service, written in Python, inspired by layout-golang. Th
Pyctuator Monitor Python web apps using Spring Boot Admin. Pyctuator supports Flask, FastAPI, aiohttp and Tornado. Django support is planned as well.
FastAPI Todo Application Example of using FastAPI and MangoDB database. 💡 Prerequisites Python ⚙️ Build & Run The first thing to do is to clone the r
REST API with FastAPI and SQLite3
django-fastapi-example This is an experiment to demonstrate one potential way of running FastAPI with Django. It won't be actively maintained. If you'
Backend API Skeleton Based on @tiangolo's full stack postgres template, with some things added, some things removed, and some things changed. This is
Plugins for FastAPI framework, high performance, easy to learn, fast to code, ready for production fastapi-plugins FastAPI framework plugins Cache Mem
FastAPI tutorial Code for my video tutorial FastAPI tutorial What is FastAPI? FastAPI is a high-performant REST API framework for Python. It's built o
First API using FastApi Made this Simple Api to store and Retrive Student Data of My College Ncc-Bim To View All the endpoits Visit /docs To Run Local
Backend logic implementation for realworld with awesome FastAPI
Developing and Testing an API with FastAPI and Pytest Syncronous Example Want to use this project? Build the images and run the containers: $ docker-c
Web-avatarify for image animations This is the code base for this website and its backend. This aims to bring technology closer to everyone, just by a
SPARKY Sample web application built with FastAPI & Python 3.8 shows simple Flask-like structure with a Bootstrap template index.html also has a backgr
This open source project serves two purposes. Collection and evaluation of a Question Answering dataset to improve existing QA/search methods - COVID-
gino-starlette Introduction An extension for GINO to support starlette server. Usage The common usage looks like this: from starlette.applications imp
Row Level Permissions for FastAPI While trying out the excellent FastApi framework there was one peace missing for me: an easy, declarative way to def
MLServer An open source inference server to serve your machine learning models. ⚠️ This is a Work in Progress. Overview MLServer aims to provide an ea
cookiecutter-pytorch-fastapi 基于Pytorch的 脚手架项目 按规范添加推理函数即可实现Celery+FastAPI+Gunicorn+Nginx+Supervisor+Docker的快速部署 Requirements Python = 3.6 with pip in
cloudrun-fastapi Boilerplate for running FastAPI on Google Cloud Run with Google Cloud Build for deployment. For all documentation visit the docs fold
1 Aug 26, 2021
15 Oct 02, 2022
145 Dec 28, 2022
1 Oct 29, 2021
2 Mar 14, 2022
78 Jan 03, 2023
18 Oct 31, 2022
239 Dec 28, 2022
8 Dec 16, 2022
2 Jun 21, 2022
2.2k Jan 08, 2023
59 Dec 11, 2022
66 Nov 09, 2022
21 Jan 03, 2022
329 Nov 10, 2022
75 Dec 08, 2022
315 Dec 25, 2022
341 Jan 03, 2023
17 Dec 23, 2022
139 Dec 27, 2022