DEV Community: Rishi Sharma

Exploring New Features in PostgreSQL 17 with Python

Rishi Sharma — Sat, 24 Aug 2024 11:14:20 +0000

PostgreSQL 17 brings a host of exciting new features and enhancements that cater to developers, data scientists, and database administrators. This article will explore some of the most significant additions and improvements in PostgreSQL 17 and demonstrate how to use these features with Python.

Improved Query Performance with Incremental Sort One of the standout features of PostgreSQL 17 is the enhancement of the incremental sort algorithm, which now supports a wider range of use cases. Incremental sort can significantly reduce the time taken to execute queries that involve large datasets, especially when dealing with sorted data.

Python Example: Incremental Sort with PostgreSQL 17

To use this feature, let's first set up a PostgreSQL connection using Python's psycopg2 library:

`import psycopg2

Connect to PostgreSQL database

conn = psycopg2.connect(
host="localhost",
database="test_db",
user="postgres",
password="your_password"
)

Create a cursor object

cur = conn.cursor()

Create a table and insert data

cur.execute("""
CREATE TABLE IF NOT EXISTS large_dataset (
id SERIAL PRIMARY KEY,
category VARCHAR(50),
value INT
);
""")

Insert sample data

cur.execute("""
INSERT INTO large_dataset (category, value)
SELECT
'Category ' || (i % 10),
random() * 1000
FROM generate_series(1, 1000000) i;
""")

conn.commit()

Using Incremental Sort

cur.execute("""
EXPLAIN ANALYZE
SELECT * FROM large_dataset
ORDER BY category, value;
""")

Fetch and print the query plan

query_plan = cur.fetchall()
for line in query_plan:
print(line)

Close the cursor and connection

cur.close()
conn.close()
`

In this example, PostgreSQL 17's improved incremental sort efficiently handles the ORDER BY clause, sorting data incrementally and reducing overall query execution time.

JSON Path Enhancements PostgreSQL 17 introduces enhancements to JSONPath, making it easier to query and manipulate JSON data. This is particularly useful for applications that heavily rely on JSON for data interchange.

Python Example: Using JSONPath Enhancements
`## Reconnect to the database
conn = psycopg2.connect(
host="localhost",
database="test_db",
user="postgres",
password="your_password"
)
cur = conn.cursor()

Create a table with JSON data

cur.execute("""
CREATE TABLE IF NOT EXISTS json_data (
id SERIAL PRIMARY KEY,
data JSONB
);
""")

Insert sample JSON data

cur.execute("""
INSERT INTO json_data (data)
VALUES
('{"name": "Alice", "age": 30, "skills": ["Python", "SQL"]}'),
('{"name": "Bob", "age": 25, "skills": ["Java", "C++"]}');
""")

conn.commit()

Query JSON data using JSONPath

cur.execute("""
SELECT data ->> 'name' AS name, data ->> 'age' AS age
FROM json_data
WHERE data @? '$.skills ? (@ == "Python")';
""")

Fetch and print the results

results = cur.fetchall()
for row in results:
print(row)

Close the cursor and connection

cur.close()
conn.close()
`

This code demonstrates how PostgreSQL 17’s enhanced JSONPath capabilities simplify extracting data from JSON fields based on complex conditions.

Enhanced Parallelism for Index Creation Index creation in PostgreSQL 17 is now more efficient due to improved parallelism, allowing for faster indexing on large datasets.

Python Example: Parallel Index Creation
`## Reconnect to the database
conn = psycopg2.connect(
host="localhost",
database="test_db",
user="postgres",
password="your_password"
)
cur = conn.cursor()

Create a large table

cur.execute("""
CREATE TABLE IF NOT EXISTS large_table (
id SERIAL PRIMARY KEY,
data VARCHAR(255)
);
""")

Insert a large number of rows

cur.execute("""
INSERT INTO large_table (data)
SELECT
md5(random()::text)
FROM generate_series(1, 5000000);
""")

conn.commit()

Create an index with parallelism

cur.execute("""
CREATE INDEX CONCURRENTLY large_table_data_idx ON large_table (data);
""")

conn.commit()

Close the cursor and connection

cur.close()
conn.close()
`

This example showcases PostgreSQL 17's improved ability to create indexes concurrently using multiple CPU cores, which is highly beneficial when working with massive tables.

SQL/JSON Standard Compliant Functions PostgreSQL 17 has added support for more SQL/JSON standard-compliant functions, enhancing its ability to handle JSON data with more SQL-standard syntax.

Python Example: SQL/JSON Standard Functions
`## Reconnect to the database
conn = psycopg2.connect(
host="localhost",
database="test_db",
user="postgres",
password="your_password"
)
cur = conn.cursor()

Create a table with JSON data

cur.execute("""
CREATE TABLE IF NOT EXISTS employee_data (
id SERIAL PRIMARY KEY,
info JSONB
);
""")

Insert sample JSON data

cur.execute("""
INSERT INTO employee_data (info)
VALUES
('{"name": "John", "department": "Sales", "salary": 5000}'),
('{"name": "Jane", "department": "IT", "salary": 7000}');
""")

conn.commit()

Query using SQL/JSON functions

cur.execute("""
SELECT jsonb_path_query_first(info, '$.department') AS department
FROM employee_data
WHERE jsonb_path_exists(info, '$.salary ? (@ > 6000)');
""")

Fetch and print the results

results = cur.fetchall()
for row in results:
print(row)

Close the cursor and connection

cur.close()
conn.close()
`

In this example, we demonstrate how to use SQL/JSON standard functions to query JSON data, showcasing PostgreSQL 17's compliance with new SQL standards.

For more information on PostgreSQL 17 and its new features, refer to the official documentation.

Introduction to Scrum: A Framework for Agile Project Management

Rishi Sharma — Wed, 14 Aug 2024 12:16:32 +0000

Overview of Scrum
Scrum is a widely-adopted framework for agile project management, particularly popular in software development but increasingly used in other industries like marketing, finance, and human resources. Originating in the early 1990s, Scrum facilitates iterative development, allowing teams to deliver small increments of work over short time periods called Sprints. This article will explore the fundamentals of Scrum, its core components, and best practices for implementation within organizations.
The Philosophy and Principles of Scrum
At the heart of Scrum lies the principle of empiricism, which emphasizes making decisions based on observation, experience, and experimentation rather than extensive upfront planning. This approach is underpinned by three key pillars: transparency, inspection, and adaptation. These pillars guide the team in monitoring progress, identifying challenges, and adapting the plan as necessary to achieve the desired outcome.

Scrum’s lightweight framework is designed to be adaptable, providing a structure within which teams can develop their workflow based on real-world conditions and feedback. The framework’s flexibility makes it suitable for various industries beyond its traditional use in software development.

3 Core Components of Scrum

3.1 Scrum Team Roles
The Scrum Team is a self-managing, cross-functional team consisting of the following roles:

Product Owner: The Product Owner represents the customer and is responsible for maximizing the value of the product by managing the Product Backlog and ensuring the team understands the work required to achieve the Product Goal.

Scrum Master: Acting as a coach and facilitator, the Scrum Master ensures that the team adheres to Scrum practices and principles, helping to remove obstacles that might impede progress.

Developers (Development Team): This group includes all the professionals required to deliver a potentially releasable Increment of the product at the end of each Sprint. Developers work collaboratively, often across different specializations, to achieve the Sprint Goal.

3.2 Scrum Artifacts

Scrum uses specific artifacts to help manage work and ensure transparency:

Product Backlog: A dynamic list of tasks, features, and requirements needed to deliver a product. Managed by the Product Owner, it is regularly updated based on the project's progress and any new insights.

Sprint Backlog: A subset of the Product Backlog, this list includes tasks to be completed during the current Sprint. The Development Team takes ownership of this artifact and updates it as they progress.

Increment: The sum of all completed work items that meet the Definition of Done, representing a step toward the final product.

4 Scrum Events

Scrum structures its work around a set of recurring events that provide opportunities for planning, inspection, and adaptation:

Sprint: The core unit of Scrum, a Sprint is a time-boxed period (usually 1-4 weeks) during which the team works on completing a set of tasks. Sprints ensure regular delivery of product increments and provide a rhythm for the team’s activities.

Sprint Planning: At the beginning of each Sprint, the Scrum Team meets to plan the work to be completed. The Product Owner discusses the Product Backlog items, and the team selects the tasks they will work on during the Sprint.

Daily Scrum: A short, daily meeting (15 minutes) where the Development Team reviews progress and plans the day’s activities. This meeting is crucial for maintaining alignment and quickly addressing any issues.

Sprint Review: Held at the end of the Sprint, this meeting involves stakeholders and the Scrum Team. The team presents the Increment and discusses what was accomplished, while stakeholders provide feedback.

Sprint Retrospective: After the Sprint Review, the Scrum Team holds a retrospective to reflect on the Sprint and identify areas for improvement. This continuous feedback loop is essential for fostering a culture of learning and adaptation.

5 Implementing Scrum in Organizations
While Scrum is a powerful framework, implementing it effectively requires careful consideration of the organization’s structure and culture. Key factors include:

Role of the Scrum Master: A critical role in successful Scrum implementation, the Scrum Master must guide the team through the transition, ensuring adherence to Scrum principles while addressing any resistance or challenges that arise.

Team Composition: Building an effective Scrum Team requires careful selection of members with complementary skills and the ability to work collaboratively. In many cases, existing organizational structures may need to be adjusted to accommodate the interdisciplinary nature of Scrum Teams.

Maintaining Focus: One common challenge during implementation is ensuring that the Scrum Team remains focused on their Sprint Goals without being distracted by external demands. Establishing clear boundaries and protecting the team from unnecessary interruptions is essential.

Conclusion
Scrum has proven to be an effective framework for managing complex projects across various industries. Its focus on collaboration, continuous improvement, and adaptability aligns well with the needs of modern organizations seeking to thrive in an ever-changing environment. However, successful implementation requires commitment from both leadership and the Scrum Team, along with a willingness to embrace the agile mindset fully.

Building a Decentralized Finance (DeFi) Application using Python Ecosystem

Rishi Sharma — Mon, 15 Jul 2024 14:17:12 +0000

Decentralized Finance (DeFi) is revolutionizing the financial industry by providing open, transparent, and permissionless financial services using blockchain technology. In this article, we will explore how to build a simple DeFi application using the Python ecosystem. We will cover the following topics:

Introduction to DeFi
Setting Up the Development Environment
Interacting with Blockchain
Creating Smart Contracts
Building a Backend with FastAPI
Integrating Frontend with Web3.py
Deploying the Application
Testing the DeFi Application
Security Considerations
Conclusion and Future Directions

Introduction to DeFi

DeFi leverages blockchain technology to provide financial services such as lending, borrowing, trading, and earning interest without relying on traditional financial intermediaries like banks. The key components of DeFi include smart contracts, decentralized applications (dApps), and blockchain platforms like Ethereum.

Setting Up the Development Environment

Before we begin, ensure you have Python installed. We will use several Python libraries including Web3.py, FastAPI, and Brownie. Create a virtual environment and install the required packages:

python -m venv venv source venv/bin/activate # On Windows, usevenv\Scripts\activatepip install web3 fastapi uvicorn pydantic brownie

Interacting with Blockchain

We will use Web3.py to interact with the Ethereum blockchain. Let's start by connecting to a blockchain network (we will use the Ropsten testnet) and checking the balance of an address.

blockchain.py

from web3 import Web3

# Connect to the Ropsten testnet
infura_url = 'https://ropsten.infura.io/v3/YOUR_INFURA_PROJECT_ID'
web3 = Web3(Web3.HTTPProvider(infura_url))

def check_balance(address):
    balance = web3.eth.get_balance(address)
    return web3.fromWei(balance, 'ether')

Creating Smart Contracts

Smart contracts are self-executing contracts with the terms of the agreement directly written into code. We will use Solidity to write a simple smart contract for a token.

contracts/Token.sol

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract Token {
    string public name = "MyToken";
    string public symbol = "MTK";
    uint8 public decimals = 18;
    uint256 public totalSupply = 1000000 * (10 ** uint256(decimals));
    mapping(address => uint256) public balanceOf;
    mapping(address => mapping(address => uint256)) public allowance;

    event Transfer(address indexed from, address indexed to, uint256 value);
    event Approval(address indexed owner, address indexed spender, uint256 value);

    constructor() {
        balanceOf[msg.sender] = totalSupply;
    }

    function transfer(address _to, uint256 _value) public returns (bool success) {
        require(_to != address(0));
        require(balanceOf[msg.sender] >= _value);

        balanceOf[msg.sender] -= _value;
        balanceOf[_to] += _value;

        emit Transfer(msg.sender, _to, _value);
        return true;
    }

    function approve(address _spender, uint256 _value) public returns (bool success) {
        allowance[msg.sender][_spender] = _value;
        emit Approval(msg.sender, _spender, _value);
        return true;
    }

    function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {
        require(_to != address(0));
        require(balanceOf[_from] >= _value);
        require(allowance[_from][msg.sender] >= _value);

        balanceOf[_from] -= _value;
        balanceOf[_to] += _value;
        allowance[_from][msg.sender] -= _value;

        emit Transfer(_from, _to, _value);
        return true;
    }
}

Compile and deploy the contract using Brownie:

brownie init brownie compile brownie accounts new deployer brownie run scripts/deploy.py
scripts/deploy.py

from brownie import Token, accounts

def main():
    deployer = accounts.load('deployer')
    token = Token.deploy({'from': deployer})

Building a Backend with FastAPI

We will create a FastAPI backend to interact with our smart contract. The backend will provide endpoints for checking balances and transferring tokens.

app.py

from fastapi import FastAPI, HTTPException
from pydantic import BaseModel
from web3 import Web3
import json

app = FastAPI()

infura_url = 'https://ropsten.infura.io/v3/YOUR_INFURA_PROJECT_ID'
web3 = Web3(Web3.HTTPProvider(infura_url))
contract_address = 'YOUR_CONTRACT_ADDRESS'
abi = json.loads('[YOUR_CONTRACT_ABI]')

contract = web3.eth.contract(address=contract_address, abi=abi)
deployer = web3.eth.account.privateKeyToAccount('YOUR_PRIVATE_KEY')

class TransferRequest(BaseModel):
    to: str
    amount: float

@app.get("/balance/{address}")
async def get_balance(address: str):
    try:
        balance = contract.functions.balanceOf(address).call()
        return {"balance": web3.fromWei(balance, 'ether')}
    except Exception as e:
        raise HTTPException(status_code=400, detail=str(e))

@app.post("/transfer")
async def transfer_tokens(transfer_request: TransferRequest):
    try:
        to_address = transfer_request.to
        amount = web3.toWei(transfer_request.amount, 'ether')
        nonce = web3.eth.getTransactionCount(deployer.address)
        txn = contract.functions.transfer(to_address, amount).buildTransaction({
            'chainId': 3,
            'gas': 70000,
            'gasPrice': web3.toWei('1', 'gwei'),
            'nonce': nonce,
        })
        signed_txn = web3.eth.account.signTransaction(txn, private_key=deployer.key)
        tx_hash = web3.eth.sendRawTransaction(signed_txn.rawTransaction)
        return {"transaction_hash": web3.toHex(tx_hash)}
    except Exception as e:
        raise HTTPException(status_code=400, detail=str(e))

Integrating Frontend with Web3.py

We can build a simple frontend to interact with our FastAPI backend and display token balances and facilitate transfers. Here, we'll use a minimal HTML and JavaScript setup to demonstrate this interaction.

index.html

<!DOCTYPE html>
<html>
<head>
    <title>DeFi Application</title>
</head>
<body>
    <h1>DeFi Application</h1>
    <div>
        <h2>Check Balance</h2>
        <input type="text" id="address" placeholder="Enter address">
        <button onclick="checkBalance()">Check Balance</button>
        <p id="balance"></p>
    </div>
    <div>
        <h2>Transfer Tokens</h2>
        <input type="text" id="to" placeholder="To address">
        <input type="text" id="amount" placeholder="Amount">
        <button onclick="transferTokens()">Transfer</button>
        <p id="transaction"></p>
    </div>
    <script>
        async function checkBalance() {
            const address = document.getElementById('address').value;
            const response = await fetch(`http://localhost:8000/balance/${address}`);
            const data = await response.json();
            document.getElementById('balance').innerText = `Balance: ${data.balance} MTK`;
        }

        async function transferTokens() {
            const to = document.getElementById('to').value;
            const amount = document.getElementById('amount').value;
            const response = await fetch('http://localhost:8000/transfer', {
                method: 'POST',
                headers: {
                    'Content-Type': 'application/json',
                },
                body: JSON.stringify({ to, amount })
            });
            const data = await response.json();
            document.getElementById('transaction').innerText = `Transaction Hash: ${data.transaction_hash}`;
        }
    </script>
</body>
</html>

Deploying the Application

To deploy the FastAPI application, we can use Uvicorn. Run the following command to start the server:

uvicorn app:app --reload

Testing the DeFi Application

To test our DeFi application, open the index.html file in a web browser and use the provided interface to check balances and transfer tokens.

Check Balance: Enter an Ethereum address and click "Check Balance" to see the token balance.
Transfer Tokens: Enter a recipient address and the amount of tokens to transfer, then click "Transfer" to initiate the transaction.

Security Considerations

When building DeFi applications, security is of paramount importance. Consider the following best practices:

Smart Contract Audits: Have your smart contracts audited by a professional security firm.
Private Key Management: Never hardcode private keys in your application. Use secure key management systems.
Input Validation: Validate and sanitize all user inputs to prevent common vulnerabilities such as reentrancy attacks and overflows.
Rate Limiting: Implement rate limiting on your endpoints to prevent abuse.
Regular Updates: Keep your libraries and dependencies up to date to mitigate known vulnerabilities.

Conclusion and Future Directions

In this article, we've built a simple DeFi application using the Python ecosystem. We covered the basics of DeFi, interacted with the Ethereum blockchain using Web3.py, created a smart contract, built a backend with FastAPI, and integrated a frontend.

DeFi is a rapidly evolving field with immense potential. Future directions for your project could include:

Integrating More DeFi Protocols: Explore integrating other DeFi protocols like lending platforms (e.g., Aave) or decentralized exchanges (e.g., Uniswap).
Enhancing the Frontend: Build a more sophisticated frontend using frameworks like React.js or Vue.js.
Adding User Authentication: Implement user authentication and authorization to create a more personalized experience.
Expanding Smart Contract Functionality: Add more features to your smart contract, such as staking, governance, or yield farming.

Feel free to expand upon this system and experiment with new features and protocols. Happy coding!

Building JWT Auth Chaining with FastAPI and Python

Rishi Sharma — Sun, 14 Jul 2024 09:09:24 +0000

In this article, we'll explore how to implement JWT (JSON Web Token) authentication in a FastAPI application. We'll cover everything from setting up the project to securing endpoints with JWT. By the end, you'll have a fully functional authentication system with chained JWT verification.

JSON Web Token
Setting Up FastAPI Project
Creating User Models and Database
Implementing JWT Authentication
Securing Endpoints
Testing the Authentication System

JSON Web Token ( JWT )

JWT is a compact, URL-safe token format that is commonly used for securely transmitting information between parties. JWT tokens are often used for authentication and authorization purposes in web applications.

Setting Up FastAPI Project

First, let's set up a new FastAPI project. Ensure you have Python installed and then create a virtual environment:

python -m venv venv source venv/bin/activate # On Windows, usevenv\Scripts\activate

Next, install FastAPI and Uvicorn (an ASGI server):

pip install fastapi uvicorn[standard] python-jose passlib[bcrypt] pydantic sqlalchemy

Create a new directory for your project and add the following files:

my_fastapi_app/ │ ├── main.py ├── models.py ├── database.py ├── schemas.py └── auth.py

Creating User Models and Database

Let's start by defining our database models and setting up the database connection. We'll use SQLAlchemy for ORM.

database.py

from sqlalchemy import create_engine
from sqlalchemy.ext.declarative import declarative_base
from sqlalchemy.orm import sessionmaker

SQLALCHEMY_DATABASE_URL = "sqlite:///./test.db"

engine = create_engine(SQLALCHEMY_DATABASE_URL, connect_args={"check_same_thread": False})
SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
Base = declarative_base()

def get_db():
    db = SessionLocal()
    try:
        yield db
    finally:
        db.close()

models.py

from sqlalchemy import Column, Integer, String, Boolean
from .database import Base

class User(Base):
    __tablename__ = "users"

    id = Column(Integer, primary_key=True, index=True)
    username = Column(String, unique=True, index=True)
    email = Column(String, unique=True, index=True)
    hashed_password = Column(String)
    is_active = Column(Boolean, default=True)

schemas.py

from pydantic import BaseModel
from typing import Optional

class UserBase(BaseModel):
    username: str
    email: str

class UserCreate(UserBase):
    password: str

class User(UserBase):
    id: int
    is_active: bool

    class Config:
        orm_mode = True

Implementing JWT

We need to implement JWT token creation and verification. We'll use the python-jose library for handling JWTs.

auth.py

from fastapi import Depends, HTTPException, status
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from jose import JWTError, jwt
from passlib.context import CryptContext
from sqlalchemy.orm import Session
from datetime import datetime, timedelta
from . import models, schemas, database

# Secret key to encode JWT tokens
SECRET_KEY = "your_secret_key"
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30

pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")

def verify_password(plain_password, hashed_password):
    return pwd_context.verify(plain_password, hashed_password)

def get_password_hash(password):
    return pwd_context.hash(password)

def authenticate_user(db: Session, username: str, password: str):
    user = db.query(models.User).filter(models.User.username == username).first()
    if not user or not verify_password(password, user.hashed_password):
        return False
    return user

def create_access_token(data: dict, expires_delta: Optional[timedelta] = None):
    to_encode = data.copy()
    if expires_delta:
        expire = datetime.utcnow() + expires_delta
    else:
        expire = datetime.utcnow() + timedelta(minutes=15)
    to_encode.update({"exp": expire})
    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
    return encoded_jwt

async def get_current_user(token: str = Depends(oauth2_scheme), db: Session = Depends(database.get_db)):
    credentials_exception = HTTPException(
        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Could not validate credentials",
        headers={"WWW-Authenticate": "Bearer"},
    )
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        username: str = payload.get("sub")
        if username is None:
            raise credentials_exception
        token_data = schemas.TokenData(username=username)
    except JWTError:
        raise credentials_exception
    user = db.query(models.User).filter(models.User.username == token_data.username).first()
    if user is None:
        raise credentials_exception
    return user

Securing end points

Now, let's create our FastAPI application and secure endpoints with JWT authentication.

main.py

from fastapi import FastAPI, Depends, HTTPException, status
from sqlalchemy.orm import Session
from . import models, schemas, database, auth

app = FastAPI()

models.Base.metadata.create_all(bind=database.engine)

@app.post("/users/", response_model=schemas.User)
def create_user(user: schemas.UserCreate, db: Session = Depends(database.get_db)):
    db_user = db.query(models.User).filter(models.User.email == user.email).first()
    if db_user:
        raise HTTPException(status_code=400, detail="Email already registered")
    hashed_password = auth.get_password_hash(user.password)
    db_user = models.User(username=user.username, email=user.email, hashed_password=hashed_password)
    db.add(db_user)
    db.commit()
    db.refresh(db_user)
    return db_user

@app.post("/token", response_model=schemas.Token)
def login_for_access_token(db: Session = Depends(database.get_db), form_data: OAuth2PasswordRequestForm = Depends()):
    user = auth.authenticate_user(db, form_data.username, form_data.password)
    if not user:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Incorrect username or password",
            headers={"WWW-Authenticate": "Bearer"},
        )
    access_token_expires = timedelta(minutes=auth.ACCESS_TOKEN_EXPIRE_MINUTES)
    access_token = auth.create_access_token(
        data={"sub": user.username}, expires_delta=access_token_expires
    )
    return {"access_token": access_token, "token_type": "bearer"}

@app.get("/users/me/", response_model=schemas.User)
async def read_users_me(current_user: schemas.User = Depends(auth.get_current_user)):
    return current_user

Testing the Authentication System

To test our authentication system, we need to run the FastAPI application and use an HTTP client like curl or Postman to interact with our endpoints.

Run the application:

uvicorn main:app --reload
Now, let's test our endpoints using curl:

create a new user

curl -X POST "http://127.0.0.1:8000/users/" -H "Content-Type: application/json" -d '{"username": "testuser", "email": "test@example.com", "password": "testpassword"}'

Obtain a JWT token:

curl -X POST "http://127.0.0.1:8000/token" -d "username=testuser&password=testpassword"

Access a protected endpoint:

curl -X GET "http://127.0.0.1:8000/users/me/" -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Replace YOUR_ACCESS_TOKEN with the token obtained in step 2.

Conclusion

In this article, we've built a complete JWT authentication system using FastAPI and Python. We've covered the basics of JWT, set up a FastAPI project, created user models and a database, implemented JWT authentication, secured endpoints, and tested our system. This setup provides a robust foundation for any application requiring user authentication and authorization.

Feel free to expand upon this system by adding more features such as role-based access control, refresh tokens, and more advanced user management. Happy coding!

If you found this article helpful, please leave a comment or reach out with any questions.