Add enable setting to options

IndominusByte / fastapi-jwt-auth

FastAPI extension that provides JWT Auth support (secure, easy to use, and lightweight)

http://indominusbyte.github.io/fastapi-jwt-auth/

MIT License

630 stars 143 forks source link

Add enable setting to options #21

Closed SelfhostedPro closed 3 years ago

SelfhostedPro commented 3 years ago

Would it be feasible to add an optional option to enable or disable authentication to the jwtSettings?

Currently I'm using Fast-API users (but I'm migrating to fastapi-jwt-auth) and one of the requests of some users is to be able to disable authentication (so that they can use their own authentication platform like authelia).

With FastAPI users I highjack a function (essentially if the DISABLE_AUTH environment variable is set to true, I import a fake function that just returns true instead of the actual get_active_user function (code here)).

I was wondering if there's a similar way to do that with this framework?

IndominusByte commented 3 years ago

for security reasons, it's not. but I give user option to use partially protecting endpoint this is docs maybe its can solve your problem

SelfhostedPro commented 3 years ago

Ah, not really what I'm going for. I'm trying to fully disable authentication. It's alright. I'll try a similar way to what I did before and post here if it works. Thanks for being super responsive!

IndominusByte commented 3 years ago

Glad to hear that. it's my pleasure 😄 🙏

SelfhostedPro commented 3 years ago

The way I'm accomplishing this is the following:

I have a function that checks for the DISABLE_AUTH environment variable being set.

auth.py

def auth_check(Authorize):
    if settings.DISABLE_AUTH == "True":
        return # If disable auth is set to true, then return nothing
    else:
        return Authorize.jwt_required() #if disable auth isn't set or is set to false, return Authorize.jwt_required()

Then I import that instead of Authorize directly:

from ..auth import auth_check

Then I build my routes as follows:

@router.get("/")
def index(Authorize: AuthJWT = Depends()): #Call Authorize the standard way
    auth_check(Authorize) #Pass it through to my auth_check function.
    return actions.get_apps()

IndominusByte commented 3 years ago

Thank you for sharing with me ❤️ , if other people ask something similar like this I will mention this issue to them, I assume this issue was solved and it will be close now. But feel free to add more comments or create new issues 🙏