The latest articles on DEV Community by Aslı KARABULUT (@aslikrblt). https://dev.to/aslikrblt https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3626732%2F0465bbae-67f1-4315-ab46-2a0e3bb76a76.png https://dev.to/aslikrblt en Aslı KARABULUT Mon, 24 Nov 2025 11:15:38 +0000 https://dev.to/aslikrblt/beyond-basic-crud-building-a-scalable-music-api-with-fastapi-clean-architecture-53d6 https://dev.to/aslikrblt/beyond-basic-crud-building-a-scalable-music-api-with-fastapi-clean-architecture-53d6 <h2> <strong>🚀 Introduction</strong> </h2> <p>When I started building <strong>TAM Music</strong>, a platform for managing comprehensive music libraries, I knew <code>main.py</code> wouldn't be enough. Real-world applications need structure. They need to handle complex relationships—like Artists having Albums, and Albums having Songs—without crashing into circular dependency errors.</p> <p>In this post, I’ll walk you through how I refactored a monolithic script into a robust, <strong>Service-Oriented REST API</strong> using <strong>FastAPI</strong>. We will dive deep into the architecture, specifically focusing on <strong>Dependency Injection</strong>, <strong>Pydantic v2</strong>, and handling <strong>Asynchronous I/O</strong> with strict validation.</p> <h2> <strong>🛠️ The Tech Stack</strong> </h2> <p>I chose a modern Python stack to ensure performance, type safety, and cryptographic agility.</p> <ul> <li> <strong>FastAPI:</strong> Chosen for its high performance (Starlette-based) and native support for asynchronous programming.</li> <li> <strong>Pydantic V2:</strong> Used for strict schema validation. We leverage advanced features like <code>model_rebuild()</code> to resolve forward references in the schema graph.</li> <li> <strong>Dependency Injection (DI):</strong> FastAPI's native DI system implements the Inversion of Control (IoC) principle, managing our service lifecycles.</li> <li> <strong>Pandas &amp; OpenPyXL:</strong> Used for strict content validation of uploaded Excel files.</li> <li> <strong>Aiofiles:</strong> For non-blocking asynchronous file writes to the disk.</li> <li> <strong>Passlib (Argon2) &amp; Python-Jose:</strong> State-of-the-art security using generic hashing and stateless JWT authentication.</li> </ul> <h2> <strong>🏗️ Architecture: The Service-Repository Pattern</strong> </h2> <p>To keep the code maintainable, I strictly separated concerns. The API is not just a collection of endpoints; it's a layered system.</p> <p><strong>Folder Structure</strong><br> Here is the actual structure. Notice how <code>db_store.py</code> acts as our persistence layer, decoupled from the router logic.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>TAM_Music/ ├── models/ # Pydantic Models (Data Layer) │ ├── instrument_model.py │ ├── artist_model.py │ └── ... ├── routers/ # API Controllers (Presentation Layer) │ ├── instrument_router.py │ ├── db_store.py # In-Memory Database (O(1) access) │ └── ... ├── services/ # Business Logic (Service Layer) │ ├── instrument_service.py │ └── ... └── main.py # Application Entry Point </code></pre> </div> <h3> <strong>1. The Data Layer: Defining the Models</strong> </h3> <p>Before we can store anything, we need to define our data structure. I use <strong>Pydantic</strong> inheritance to keep things clean. Notice the <code>InstrumentFilter</code> model—I use this specifically for handling search query parameters cleanly!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># models/instrument_model.py </span><span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">List</span><span class="p">,</span> <span class="n">Optional</span> <span class="kn">from</span> <span class="n">pydantic</span> <span class="kn">import</span> <span class="n">BaseModel</span><span class="p">,</span> <span class="n">Field</span> <span class="k">class</span> <span class="nc">InstrumentBase</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">neck_type</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="nc">Field</span><span class="p">(...,</span> <span class="n">min_length</span><span class="o">=</span><span class="mi">1</span><span class="p">)</span> <span class="n">top_back_body</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="nc">Field</span><span class="p">(...,</span> <span class="n">min_length</span><span class="o">=</span><span class="mi">1</span><span class="p">)</span> <span class="c1"># ... other fields </span> <span class="k">class</span> <span class="nc">InstrumentCreate</span><span class="p">(</span><span class="n">InstrumentBase</span><span class="p">):</span> <span class="k">pass</span> <span class="k">class</span> <span class="nc">InstrumentModel</span><span class="p">(</span><span class="n">InstrumentBase</span><span class="p">):</span> <span class="n">instrument_id</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="nc">Field</span><span class="p">(...,</span> <span class="n">description</span><span class="o">=</span><span class="sh">"</span><span class="s">Instrument PK</span><span class="sh">"</span><span class="p">)</span> <span class="n">images</span><span class="p">:</span> <span class="n">List</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nc">Field</span><span class="p">(</span><span class="n">default_factory</span><span class="o">=</span><span class="nb">list</span><span class="p">,</span> <span class="n">description</span><span class="o">=</span><span class="sh">"</span><span class="s">Images</span><span class="sh">'</span><span class="s"> Url or Paths</span><span class="sh">"</span><span class="p">)</span> <span class="k">class</span> <span class="nc">Config</span><span class="p">:</span> <span class="n">from_attributes</span> <span class="o">=</span> <span class="bp">True</span> <span class="k">class</span> <span class="nc">InstrumentFilter</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">neck_type</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="bp">None</span> <span class="n">number_of_frets_min</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="nc">Field</span><span class="p">(</span><span class="bp">None</span><span class="p">,</span> <span class="n">ge</span><span class="o">=</span><span class="mi">1</span><span class="p">)</span> <span class="n">number_of_frets_max</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="nc">Field</span><span class="p">(</span><span class="bp">None</span><span class="p">,</span> <span class="n">le</span><span class="o">=</span><span class="mi">50</span><span class="p">)</span> <span class="c1"># ... filters used for query params </span></code></pre> </div> <h3> <strong>2. The Persistence Layer</strong> </h3> <p>Before diving into logic, we need a place to store this data. For this project, I used an <strong>In-Memory Strategy</strong> using Python Dictionaries.</p> <p><strong>Why?</strong></p> <ol> <li> <strong>Speed:</strong> $O(1)$ Time Complexity for lookups, inserts, and deletions.</li> <li> <strong>Focus:</strong> It allowed me to focus on the Architecture (Services/Routers) without setting up a heavy DB initially.</li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># routers/db_store.py </span><span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Dict</span> <span class="c1"># Simulating database tables with Dicts </span><span class="n">instruments_db</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">int</span><span class="p">,</span> <span class="sh">'</span><span class="s">InstrumentModel</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="p">{}</span> <span class="n">songs_db</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">int</span><span class="p">,</span> <span class="sh">'</span><span class="s">SongModel</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="p">{}</span> <span class="c1"># ... other dbs </span> <span class="k">def</span> <span class="nf">get_next_id</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">Dict</span><span class="p">):</span> <span class="k">return</span> <span class="nf">max</span><span class="p">(</span><span class="n">db</span><span class="p">.</span><span class="nf">keys</span><span class="p">(),</span> <span class="n">default</span><span class="o">=</span><span class="mi">0</span><span class="p">)</span> <span class="o">+</span> <span class="mi">1</span> </code></pre> </div> <h2> <strong>🧠 Deep Dive: Solving Technical Challenges</strong> </h2> <h3> <strong>1. Handling Circular Dependencies in Pydantic V2</strong> </h3> <p>In a relational domain, objects reference each other. An <strong>Artist</strong> model needs a list of <strong>Albums</strong>, but an <strong>Album</strong> model needs the <strong>Artist</strong> info. In Python, this causes immediate <code>ImportError</code> or recursion issues.</p> <p><strong>The Solution:</strong> I used <strong>Forward References</strong> (string-based type hints) and Pydantic's <code>model_rebuild()</code> method. This forces Pydantic to defer the evaluation of the type until the entire module is loaded.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># models/song_model.py </span><span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Optional</span> <span class="kn">from</span> <span class="n">pydantic</span> <span class="kn">import</span> <span class="n">BaseModel</span><span class="p">,</span> <span class="n">Field</span> <span class="c1"># ... imports </span> <span class="k">class</span> <span class="nc">SongModel</span><span class="p">(</span><span class="n">SongBase</span><span class="p">):</span> <span class="n">song_id</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="nc">Field</span><span class="p">(...,</span> <span class="n">description</span><span class="o">=</span><span class="sh">"</span><span class="s">Song PK</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Using string forward reference to avoid circular import at runtime </span> <span class="n">genre</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="sh">'</span><span class="s">GenreSimplified</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="nc">Field</span><span class="p">(</span><span class="bp">None</span><span class="p">,</span> <span class="n">description</span><span class="o">=</span><span class="sh">"</span><span class="s">Related genre</span><span class="sh">"</span><span class="p">)</span> <span class="k">class</span> <span class="nc">Config</span><span class="p">:</span> <span class="n">from_attributes</span> <span class="o">=</span> <span class="bp">True</span> <span class="c1"># Rebuild the model at the end of the file </span><span class="kn">from</span> <span class="n">.genre_model</span> <span class="kn">import</span> <span class="n">GenreSimplified</span> <span class="n">SongModel</span><span class="p">.</span><span class="nf">model_rebuild</span><span class="p">()</span> </code></pre> </div> <h3> <strong>2. Service-to-Service Communication</strong> </h3> <p>This is where the architecture shines. Instead of instantiating classes manually inside routers, I inject services into other services. This adheres to the <strong>Single Responsibility Principle (SRP)</strong>.</p> <p>For example, the <code>ArtistService</code> doesn't query the Album database directly. It asks the <code>AlbumService</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># services/artist_service.py </span><span class="kn">from</span> <span class="n">services.album_service</span> <span class="kn">import</span> <span class="n">AlbumService</span> <span class="k">class</span> <span class="nc">ArtistService</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span> <span class="n">self</span><span class="p">,</span> <span class="n">artists_db</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">int</span><span class="p">,</span> <span class="n">ArtistModel</span><span class="p">]</span> <span class="o">=</span> <span class="n">artists_db</span><span class="p">,</span> <span class="c1"># DIP: Injecting AlbumService instead of direct DB access </span> <span class="n">album_service</span><span class="p">:</span> <span class="n">AlbumService</span> <span class="o">=</span> <span class="nc">AlbumService</span><span class="p">()</span> <span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">artists_db</span> <span class="o">=</span> <span class="n">artists_db</span> <span class="n">self</span><span class="p">.</span><span class="n">album_service</span> <span class="o">=</span> <span class="n">album_service</span> <span class="k">def</span> <span class="nf">get_artist_with_relations</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">artist_id</span><span class="p">:</span> <span class="nb">int</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">Optional</span><span class="p">[</span><span class="n">ArtistModel</span><span class="p">]:</span> <span class="n">artist</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">artists_db</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">artist_id</span><span class="p">)</span> <span class="k">if</span> <span class="n">artist</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span> <span class="k">return</span> <span class="bp">None</span> <span class="c1"># Solving relations using the injected service </span> <span class="n">albums</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">album_service</span><span class="p">.</span><span class="nf">get_simplified_albums_by_artist</span><span class="p">(</span><span class="n">artist_id</span><span class="p">)</span> <span class="c1"># ... logic to merge data ... </span> <span class="k">return</span> <span class="nc">ArtistModel</span><span class="p">(</span><span class="o">**</span><span class="n">artist_dict</span><span class="p">)</span> </code></pre> </div> <h3> <strong>3. Async I/O vs. Strict Validation Trade-off</strong> </h3> <p>For the <strong>Instrument</strong> module, I needed to validate bulk uploads via Excel. Here, I had to make an engineering trade-off:</p> <ul> <li> <strong>Pandas</strong> is great for validation but is synchronous (CPU-bound).</li> <li> <strong>Aiofiles</strong> is great for saving files asynchronously (I/O-bound).</li> </ul> <p>I combined them to ensure the API remains responsive while ensuring data integrity.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># services/instrument_service.py </span><span class="kn">import</span> <span class="n">aiofiles</span> <span class="kn">import</span> <span class="n">pandas</span> <span class="k">as</span> <span class="n">pd</span> <span class="k">class</span> <span class="nc">InstrumentService</span><span class="p">:</span> <span class="c1"># ... </span> <span class="k">async</span> <span class="k">def</span> <span class="nf">_process_and_save_images</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">images</span><span class="p">:</span> <span class="n">List</span><span class="p">[</span><span class="n">UploadFile</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="n">List</span><span class="p">[</span><span class="nb">str</span><span class="p">]:</span> <span class="n">image_paths</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="nb">file</span> <span class="ow">in</span> <span class="n">images</span><span class="p">:</span> <span class="c1"># 1. Validation (Synchronous but fast for metadata) </span> <span class="k">if</span> <span class="nb">file</span><span class="p">.</span><span class="n">content_type</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">ALLOWED_MIME_TYPES</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span><span class="n">status_code</span><span class="o">=</span><span class="mi">415</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="sh">"</span><span class="s">Invalid file type</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># 2. Content Check (CPU Bound - Pandas) </span> <span class="n">file_content</span> <span class="o">=</span> <span class="k">await</span> <span class="nb">file</span><span class="p">.</span><span class="nf">read</span><span class="p">()</span> <span class="k">if</span> <span class="sh">"</span><span class="s">spreadsheet</span><span class="sh">"</span> <span class="ow">in</span> <span class="nb">file</span><span class="p">.</span><span class="n">content_type</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="nf">_check_excel_content</span><span class="p">(</span><span class="n">file_content</span><span class="p">,</span> <span class="nb">file</span><span class="p">.</span><span class="n">filename</span><span class="p">)</span> <span class="c1"># 3. Saving File (I/O Bound - Asynchronous) </span> <span class="c1"># This prevents blocking the event loop during disk writes </span> <span class="n">saved_path</span> <span class="o">=</span> <span class="k">await</span> <span class="n">self</span><span class="p">.</span><span class="nf">_save_upload_file</span><span class="p">(</span><span class="n">file_content</span><span class="p">,</span> <span class="nb">file</span><span class="p">.</span><span class="n">filename</span><span class="p">)</span> <span class="n">image_paths</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">saved_path</span><span class="p">)</span> <span class="k">return</span> <span class="n">image_paths</span> </code></pre> </div> <h2> <strong>🔐 Security: Stateless Authentication</strong> </h2> <p>Security isn't an afterthought. In this architecture, I strictly separated the security logic (hashing, JWT creation) from the HTTP interface.</p> <p>Since listing the entire codebase would be overwhelming, <strong>I will focus on the core logic</strong> used for authentication.</p> <h3> <strong>1. The Security Engine (UserService)</strong> </h3> <p>The <code>UserService</code> handles the raw logic. Below, you can see how <strong>Argon2</strong> is used for password verification and how <strong>JWTs</strong> are generated. I've omitted standard CRUD methods (like <code>get_user_by_id</code>) to keep it focused.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># services/user_service.py </span><span class="kn">from</span> <span class="n">datetime</span> <span class="kn">import</span> <span class="n">datetime</span><span class="p">,</span> <span class="n">timedelta</span><span class="p">,</span> <span class="n">timezone</span> <span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Optional</span> <span class="kn">from</span> <span class="n">jose</span> <span class="kn">import</span> <span class="n">jwt</span> <span class="kn">from</span> <span class="n">passlib.context</span> <span class="kn">import</span> <span class="n">CryptContext</span> <span class="kn">from</span> <span class="n">models.user_model</span> <span class="kn">import</span> <span class="n">UserLogin</span><span class="p">,</span> <span class="n">UserModel</span> <span class="c1"># Configuration </span><span class="n">pwd_context</span> <span class="o">=</span> <span class="nc">CryptContext</span><span class="p">(</span><span class="n">schemes</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">argon2</span><span class="sh">"</span><span class="p">],</span> <span class="n">deprecated</span><span class="o">=</span><span class="sh">"</span><span class="s">auto</span><span class="sh">"</span><span class="p">)</span> <span class="n">SECRET_KEY</span> <span class="o">=</span> <span class="sh">"</span><span class="s">tam-music-super-secret-key</span><span class="sh">"</span> <span class="n">ALGORITHM</span> <span class="o">=</span> <span class="sh">"</span><span class="s">HS256</span><span class="sh">"</span> <span class="n">ACCESS_TOKEN_EXPIRE_MINUTES</span> <span class="o">=</span> <span class="mi">30</span> <span class="k">class</span> <span class="nc">UserService</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">db</span> <span class="o">=</span> <span class="n">db</span> <span class="ow">or</span> <span class="p">{}</span> <span class="c1"># --- Core Security Logic --- </span> <span class="k">def</span> <span class="nf">verify_password</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">plain_password</span><span class="p">,</span> <span class="n">hashed_password</span><span class="p">):</span> <span class="k">return</span> <span class="n">pwd_context</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="n">plain_password</span><span class="p">,</span> <span class="n">hashed_password</span><span class="p">)</span> <span class="k">def</span> <span class="nf">create_access_token</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">data</span><span class="p">:</span> <span class="nb">dict</span><span class="p">):</span> <span class="n">to_encode</span> <span class="o">=</span> <span class="n">data</span><span class="p">.</span><span class="nf">copy</span><span class="p">()</span> <span class="n">expire</span> <span class="o">=</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">now</span><span class="p">(</span><span class="n">timezone</span><span class="p">.</span><span class="n">utc</span><span class="p">)</span> <span class="o">+</span> <span class="nf">timedelta</span><span class="p">(</span><span class="n">minutes</span><span class="o">=</span><span class="n">ACCESS_TOKEN_EXPIRE_MINUTES</span><span class="p">)</span> <span class="n">to_encode</span><span class="p">.</span><span class="nf">update</span><span class="p">({</span><span class="sh">"</span><span class="s">exp</span><span class="sh">"</span><span class="p">:</span> <span class="n">expire</span><span class="p">.</span><span class="nf">timestamp</span><span class="p">()})</span> <span class="k">return</span> <span class="n">jwt</span><span class="p">.</span><span class="nf">encode</span><span class="p">(</span><span class="n">to_encode</span><span class="p">,</span> <span class="n">SECRET_KEY</span><span class="p">,</span> <span class="n">algorithm</span><span class="o">=</span><span class="n">ALGORITHM</span><span class="p">)</span> <span class="k">def</span> <span class="nf">authenticate_user</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">user_data</span><span class="p">:</span> <span class="n">UserLogin</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">Optional</span><span class="p">[</span><span class="n">UserModel</span><span class="p">]:</span> <span class="c1"># Flexible login: Check by username first, then email </span> <span class="n">user</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="nf">get_user_by_username</span><span class="p">(</span><span class="n">user_data</span><span class="p">.</span><span class="n">username</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">user</span><span class="p">:</span> <span class="n">user</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="nf">get_user_by_email</span><span class="p">(</span><span class="n">user_data</span><span class="p">.</span><span class="n">username</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">user</span> <span class="ow">or</span> <span class="ow">not</span> <span class="n">self</span><span class="p">.</span><span class="nf">verify_password</span><span class="p">(</span><span class="n">user_data</span><span class="p">.</span><span class="n">password</span><span class="p">,</span> <span class="n">user</span><span class="p">.</span><span class="n">hashed_password</span><span class="p">):</span> <span class="k">return</span> <span class="bp">None</span> <span class="k">return</span> <span class="n">user</span> <span class="c1"># ... Helper methods like get_user_by_username follow here ... </span></code></pre> </div> <h3> <strong>2. The Interface (UserRouter)</strong> </h3> <p>The Router acts purely as an interface. Notice how I inject the <code>UserService</code> into the endpoint. This allows us to keep the router clean and testable.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># routers/user_router.py </span><span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">APIRouter</span><span class="p">,</span> <span class="n">Depends</span><span class="p">,</span> <span class="n">HTTPException</span><span class="p">,</span> <span class="n">status</span> <span class="kn">from</span> <span class="n">fastapi.security</span> <span class="kn">import</span> <span class="n">OAuth2PasswordRequestForm</span> <span class="kn">from</span> <span class="n">services.user_service</span> <span class="kn">import</span> <span class="n">UserService</span> <span class="kn">from</span> <span class="n">models.user_model</span> <span class="kn">import</span> <span class="n">Token</span><span class="p">,</span> <span class="n">UserLogin</span> <span class="n">router</span> <span class="o">=</span> <span class="nc">APIRouter</span><span class="p">(</span><span class="n">prefix</span><span class="o">=</span><span class="sh">"</span><span class="s">/auth</span><span class="sh">"</span><span class="p">,</span> <span class="n">tags</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">auth</span><span class="sh">"</span><span class="p">])</span> <span class="c1"># Dependency Injection </span><span class="k">def</span> <span class="nf">get_user_service</span><span class="p">()</span> <span class="o">-&gt;</span> <span class="n">UserService</span><span class="p">:</span> <span class="k">return</span> <span class="nc">UserService</span><span class="p">()</span> <span class="nd">@router.post</span><span class="p">(</span><span class="sh">"</span><span class="s">/token</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_model</span><span class="o">=</span><span class="n">Token</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">login_for_access_token</span><span class="p">(</span> <span class="n">form_data</span><span class="p">:</span> <span class="n">OAuth2PasswordRequestForm</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(),</span> <span class="n">service</span><span class="p">:</span> <span class="n">UserService</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_user_service</span><span class="p">)</span> <span class="p">):</span> <span class="sh">"""</span><span class="s"> Standard OAuth2 compatible token login. </span><span class="sh">"""</span> <span class="k">try</span><span class="p">:</span> <span class="c1"># 1. Map form data to internal model </span> <span class="n">login_data</span> <span class="o">=</span> <span class="nc">UserLogin</span><span class="p">(</span><span class="n">username</span><span class="o">=</span><span class="n">form_data</span><span class="p">.</span><span class="n">username</span><span class="p">,</span> <span class="n">password</span><span class="o">=</span><span class="n">form_data</span><span class="p">.</span><span class="n">password</span><span class="p">)</span> <span class="c1"># 2. Delegate authentication to the service </span> <span class="n">user</span> <span class="o">=</span> <span class="n">service</span><span class="p">.</span><span class="nf">authenticate_user</span><span class="p">(</span><span class="n">login_data</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">user</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span> <span class="n">status_code</span><span class="o">=</span><span class="n">status</span><span class="p">.</span><span class="n">HTTP_401_UNAUTHORIZED</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="sh">"</span><span class="s">Incorrect username or password</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">WWW-Authenticate</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Bearer</span><span class="sh">"</span><span class="p">}</span> <span class="p">)</span> <span class="c1"># 3. Create and return the Token </span> <span class="n">access_token</span> <span class="o">=</span> <span class="n">service</span><span class="p">.</span><span class="nf">create_access_token</span><span class="p">(</span><span class="n">data</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">sub</span><span class="sh">"</span><span class="p">:</span> <span class="n">user</span><span class="p">.</span><span class="n">username</span><span class="p">})</span> <span class="k">return</span> <span class="nc">Token</span><span class="p">(</span><span class="n">access_token</span><span class="o">=</span><span class="n">access_token</span><span class="p">,</span> <span class="n">token_type</span><span class="o">=</span><span class="sh">"</span><span class="s">bearer</span><span class="sh">"</span><span class="p">)</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span> <span class="n">status_code</span><span class="o">=</span><span class="n">status</span><span class="p">.</span><span class="n">HTTP_500_INTERNAL_SERVER_ERROR</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">)</span> <span class="p">)</span> </code></pre> </div> <h2> <strong>🔌 Bringing It All Together: main.py</strong> </h2> <p>This is the entry point of our application. Because we separated our logic into Routers and Services, <code>main.py</code> remains incredibly clean. It simply wires everything up.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># main.py </span><span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">FastAPI</span> <span class="kn">from</span> <span class="n">routers</span> <span class="kn">import</span> <span class="n">album_router</span><span class="p">,</span> <span class="n">user_router</span> <span class="c1"># ... other routers </span> <span class="n">app</span> <span class="o">=</span> <span class="nc">FastAPI</span><span class="p">(</span><span class="n">title</span><span class="o">=</span><span class="sh">"</span><span class="s">TAM Music API</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Registering the routers </span><span class="n">app</span><span class="p">.</span><span class="nf">include_router</span><span class="p">(</span><span class="n">user_router</span><span class="p">.</span><span class="n">router</span><span class="p">)</span> <span class="n">app</span><span class="p">.</span><span class="nf">include_router</span><span class="p">(</span><span class="n">album_router</span><span class="p">.</span><span class="n">router</span><span class="p">)</span> <span class="c1"># ... </span> <span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="sh">"</span><span class="s">__main__</span><span class="sh">"</span><span class="p">:</span> <span class="kn">import</span> <span class="n">uvicorn</span> <span class="n">uvicorn</span><span class="p">.</span><span class="nf">run</span><span class="p">(</span><span class="n">app</span><span class="p">,</span> <span class="n">host</span><span class="o">=</span><span class="sh">"</span><span class="s">0.0.0.0</span><span class="sh">"</span><span class="p">,</span> <span class="n">port</span><span class="o">=</span><span class="mi">8000</span><span class="p">)</span> </code></pre> </div> <h2> <strong>👋 Conclusion</strong> </h2> <p>Building TAM Music was a journey in understanding how to structure scalable Python applications. By leveraging FastAPI's Dependency Injection and Pydantic's advanced validation, I created an API that is clean, testable, and ready for growth.</p> <p>I hope this breakdown helps you in structuring your own FastAPI projects! If you have any questions about the architecture or the specific implementation details, let's discuss them in the comments below.</p> <p>Happy Coding! 🎧</p> webdev fastapi python backend