Python后端API开发的完全指南
作者:闲人编程
在现代Web开发中,API(Application Programming Interface)已成为不同应用程序之间通信的核心方式,本文将全面介绍使用Python进行后端API开发的全过程,需要的朋友可以参考下
概述
在现代Web开发中,API(Application Programming Interface)已成为不同应用程序之间通信的核心方式。Python凭借其简洁的语法、丰富的生态系统和强大的框架,成为了后端API开发的首选语言之一。本文将全面介绍使用Python进行后端API开发的全过程,涵盖框架选择、路由设计、数据库集成、认证授权、性能优化到部署上线的各个方面。
本文将使用FastAPI框架作为示例,因为它具有高性能、易用性和自动生成API文档等突出优点。同时我们也会介绍Flask和Django REST framework的对比,帮助读者根据项目需求做出合适的技术选型。
1. 后端API开发基础
1.1 什么是RESTful API
REST(Representational State Transfer)是一种软件架构风格,RESTful API则是遵循REST原则设计的API。它的核心特征包括:
- 无状态性:每个请求包含处理所需的所有信息
- 统一接口:资源标识、资源操作、自描述消息和超媒体作为应用状态引擎
- 资源导向:使用URI标识资源
- 表述性:资源与它们的表述分离
一个典型的RESTful API使用HTTP方法对应CRUD操作:
| HTTP方法 | CRUD操作 | 描述 |
|---|---|---|
| GET | Read | 获取资源 |
| POST | Create | 创建资源 |
| PUT | Update | 更新资源 |
| DELETE | Delete | 删除资源 |
1.2 Python API框架对比
Python生态系统中有多个优秀的API开发框架:
1.2.1 Flask
轻量级微框架,灵活性强,扩展通过插件实现。
from flask import Flask
app = Flask(__name__)
@app.route('/')
def hello():
return {'message': 'Hello World!'}
1.2.2 Django REST framework
功能强大的框架,内置许多开箱即用的功能,适合复杂项目。
from rest_framework import serializers, viewsets
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = ['email', 'username']
class UserViewSet(viewsets.ModelViewSet):
queryset = User.objects.all()
serializer_class = UserSerializer
1.2.3 FastAPI
现代高性能框架,支持异步,自动生成API文档。
from fastapi import FastAPI
from pydantic import BaseModel
app = FastAPI()
class Item(BaseModel):
name: str
price: float
@app.post("/items/")
async def create_item(item: Item):
return item
框架选择建议:
- 小型项目或微服务:FastAPI或Flask
- 大型企业级应用:Django REST framework
- 需要高性能和异步支持:FastAPI
2. 环境设置与项目结构
2.1 创建虚拟环境
使用虚拟环境是Python开发的最佳实践,可以隔离项目依赖。
# 创建虚拟环境 python -m venv myapi-env # 激活虚拟环境 (Linux/macOS) source myapi-env/bin/activate # 激活虚拟环境 (Windows) myapi-env\Scripts\activate # 安装核心依赖 pip install fastapi uvicorn sqlalchemy psycopg2-binary python-jose[cryptography] passlib[bcrypt]
2.2 项目结构规划
良好的项目结构有助于代码维护和团队协作。
myapi-project/ ├── app/ │ ├── __init__.py │ ├── main.py # 应用入口点 │ ├── core/ # 核心配置 │ │ ├── __init__.py │ │ ├── config.py # 配置文件 │ │ └── security.py # 安全相关 │ ├── models/ # 数据模型 │ │ ├── __init__.py │ │ └── user.py # 用户模型 │ ├── schemas/ # Pydantic模型 │ │ ├── __init__.py │ │ └── user.py # 用户Schema │ ├── api/ # 路由端点 │ │ ├── __init__.py │ │ ├── endpoints/ # 各个端点 │ │ │ ├── __init__.py │ │ │ ├── auth.py # 认证端点 │ │ │ └── users.py # 用户端点 │ │ └── deps.py # 依赖项 │ ├── crud/ # 数据库操作 │ │ ├── __init__.py │ │ └── user.py # 用户CRUD操作 │ ├── db/ # 数据库相关 │ │ ├── __init__.py │ │ └── session.py # 数据库会话 │ └── utils/ # 工具函数 │ ├── __init__.py │ └── send_email.py # 邮件发送工具 ├── tests/ # 测试代码 │ ├── __init__.py │ ├── conftest.py │ └── test_users.py ├── alembic/ # 数据库迁移 │ ├── versions/ │ ├── env.py │ └── script.py.mako ├── requirements.txt # 项目依赖 └── Dockerfile # Docker配置
3. FastAPI核心概念与实现
3.1 创建FastAPI应用
首先创建主应用文件,配置基本设置。
# app/main.py
from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware
from app.core.config import settings
from app.api import api_router
# 创建FastAPI应用实例
app = FastAPI(
title=settings.PROJECT_NAME,
version=settings.VERSION,
description=settings.DESCRIPTION,
openapi_url=f"{settings.API_V1_STR}/openapi.json"
)
# 设置CORS中间件
app.add_middleware(
CORSMiddleware,
allow_origins=settings.BACKEND_CORS_ORIGINS,
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)
# 包含API路由
app.include_router(api_router, prefix=settings.API_V1_STR)
@app.get("/")
async def root():
return {"message": "Welcome to MyAPI"}
3.2 配置管理
使用Pydantic的BaseSettings管理配置,支持环境变量。
# app/core/config.py
from pydantic import BaseSettings
from typing import List, Optional
import secrets
class Settings(BaseSettings):
# 项目配置
PROJECT_NAME: str = "MyAPI"
VERSION: str = "1.0.0"
DESCRIPTION: str = "A powerful API built with FastAPI"
API_V1_STR: str = "/api/v1"
# 安全配置
SECRET_KEY: str = secrets.token_urlsafe(32)
ALGORITHM: str = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES: int = 60 * 24 * 8 # 60 minutes * 24 hours * 8 days = 8 days
# 数据库配置
DATABASE_URL: str = "sqlite:///./test.db"
# CORS配置
BACKEND_CORS_ORIGINS: List[str] = ["http://localhost:3000"] # 前端地址
class Config:
case_sensitive = True
env_file = ".env"
settings = Settings()
3.3 数据库模型与迁移
使用SQLAlchemy定义数据模型,Alembic处理数据库迁移。
# app/models/user.py
from sqlalchemy import Boolean, Column, Integer, String, DateTime
from sqlalchemy.sql import func
from app.db.session import Base
class User(Base):
__tablename__ = "users"
id = Column(Integer, primary_key=True, index=True)
email = Column(String, unique=True, index=True, nullable=False)
hashed_password = Column(String, nullable=False)
full_name = Column(String, index=True)
is_active = Column(Boolean, default=True)
is_superuser = Column(Boolean, default=False)
created_at = Column(DateTime(timezone=True), server_default=func.now())
updated_at = Column(DateTime(timezone=True), onupdate=func.now())
def __repr__(self):
return f"<User {self.email}>"
3.4 Pydantic模式(Schemas)
使用Pydantic模型进行数据验证和序列化。
# app/schemas/user.py
from pydantic import BaseModel, EmailStr
from datetime import datetime
from typing import Optional
# 用户基础属性
class UserBase(BaseModel):
email: Optional[EmailStr] = None
full_name: Optional[str] = None
is_active: Optional[bool] = True
is_superuser: Optional[bool] = False
# 创建用户时的属性
class UserCreate(UserBase):
email: EmailStr
password: str
# 更新用户时的属性
class UserUpdate(UserBase):
password: Optional[str] = None
# 数据库中的用户模型
class UserInDBBase(UserBase):
id: int
created_at: datetime
updated_at: Optional[datetime] = None
class Config:
orm_mode = True
# 返回给客户端的用户信息
class User(UserInDBBase):
pass
# 存储在数据库中的用户信息
class UserInDB(UserInDBBase):
hashed_password: str
3.5 CRUD操作
实现与数据库交互的CRUD操作。
# app/crud/user.py
from sqlalchemy.orm import Session
from app.models.user import User
from app.schemas.user import UserCreate, UserUpdate
from app.core.security import get_password_hash
def get_user(db: Session, user_id: int):
return db.query(User).filter(User.id == user_id).first()
def get_user_by_email(db: Session, email: str):
return db.query(User).filter(User.email == email).first()
def get_users(db: Session, skip: int = 0, limit: int = 100):
return db.query(User).offset(skip).limit(limit).all()
def create_user(db: Session, user: UserCreate):
hashed_password = get_password_hash(user.password)
db_user = User(
email=user.email,
hashed_password=hashed_password,
full_name=user.full_name,
is_active=user.is_active,
is_superuser=user.is_superuser
)
db.add(db_user)
db.commit()
db.refresh(db_user)
return db_user
def update_user(db: Session, user_id: int, user: UserUpdate):
db_user = db.query(User).filter(User.id == user_id).first()
if not db_user:
return None
update_data = user.dict(exclude_unset=True)
if "password" in update_data:
hashed_password = get_password_hash(update_data["password"])
del update_data["password"]
update_data["hashed_password"] = hashed_password
for field in update_data:
setattr(db_user, field, update_data[field])
db.add(db_user)
db.commit()
db.refresh(db_user)
return db_user
def delete_user(db: Session, user_id: int):
db_user = db.query(User).filter(User.id == user_id).first()
if not db_user:
return None
db.delete(db_user)
db.commit()
return db_user
3.6 安全与认证
实现JWT认证和密码哈希。
# app/core/security.py
from datetime import datetime, timedelta
from typing import Optional
from jose import JWTError, jwt
from passlib.context import CryptContext
from app.core.config import settings
# 密码哈希上下文
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
# JWT令牌创建函数
def create_access_token(data: dict, expires_delta: Optional[timedelta] = None):
to_encode = data.copy()
if expires_delta:
expire = datetime.utcnow() + expires_delta
else:
expire = datetime.utcnow() + timedelta(minutes=15)
to_encode.update({"exp": expire})
encoded_jwt = jwt.encode(to_encode, settings.SECRET_KEY, algorithm=settings.ALGORITHM)
return encoded_jwt
# 密码验证函数
def verify_password(plain_password, hashed_password):
return pwd_context.verify(plain_password, hashed_password)
# 密码哈希函数
def get_password_hash(password):
return pwd_context.hash(password)
# 从JWT令牌获取用户信息
def decode_access_token(token: str):
try:
payload = jwt.decode(token, settings.SECRET_KEY, algorithms=[settings.ALGORITHM])
return payload
except JWTError:
return None
4. API端点实现
4.1 用户认证端点
实现用户注册、登录和令牌刷新功能。
# app/api/endpoints/auth.py
from fastapi import APIRouter, Depends, HTTPException, status
from fastapi.security import OAuth2PasswordRequestForm
from sqlalchemy.orm import Session
from datetime import timedelta
from app.db.session import get_db
from app.core.security import create_access_token, verify_password, decode_access_token
from app.core.config import settings
from app.crud.user import get_user_by_email
from app.schemas.token import Token, TokenPayload
from app.schemas.user import User, UserCreate
from app.api.deps import get_current_user
router = APIRouter()
@router.post("/login", response_model=Token)
def login(
db: Session = Depends(get_db),
form_data: OAuth2PasswordRequestForm = Depends()
):
# 验证用户
user = get_user_by_email(db, email=form_data.username)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect email or password",
headers={"WWW-Authenticate": "Bearer"},
)
if not verify_password(form_data.password, user.hashed_password):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect email or password",
headers={"WWW-Authenticate": "Bearer"},
)
if not user.is_active:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Inactive user",
headers={"WWW-Authenticate": "Bearer"},
)
# 创建访问令牌
access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(
data={"sub": user.email}, expires_delta=access_token_expires
)
return {
"access_token": access_token,
"token_type": "bearer",
"user": User.from_orm(user)
}
@router.post("/register", response_model=Token)
def register(
*,
db: Session = Depends(get_db),
user_in: UserCreate,
):
# 检查邮箱是否已存在
user = get_user_by_email(db, email=user_in.email)
if user:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="The user with this email already exists in the system.",
)
# 创建用户
from app.crud.user import create_user
user = create_user(db=db, user=user_in)
# 创建访问令牌
access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(
data={"sub": user.email}, expires_delta=access_token_expires
)
return {
"access_token": access_token,
"token_type": "bearer",
"user": User.from_orm(user)
}
@router.get("/me", response_model=User)
def read_users_me(current_user: User = Depends(get_current_user)):
return current_user
4.2 用户管理端点
实现用户的增删改查功能。
# app/api/endpoints/users.py
from fastapi import APIRouter, Depends, HTTPException
from sqlalchemy.orm import Session
from typing import List
from app.db.session import get_db
from app.crud.user import get_user, get_users, create_user, update_user, delete_user
from app.schemas.user import User, UserCreate, UserUpdate
from app.api.deps import get_current_active_superuser
router = APIRouter()
@router.get("/", response_model=List[User])
def read_users(
db: Session = Depends(get_db),
skip: int = 0,
limit: int = 100,
current_user: User = Depends(get_current_active_superuser),
):
users = get_users(db, skip=skip, limit=limit)
return users
@router.post("/", response_model=User)
def create_user_endpoint(
*,
db: Session = Depends(get_db),
user_in: UserCreate,
current_user: User = Depends(get_current_active_superuser),
):
user = get_user_by_email(db, email=user_in.email)
if user:
raise HTTPException(
status_code=400,
detail="The user with this email already exists in the system.",
)
user = create_user(db=db, user=user_in)
return user
@router.get("/{user_id}", response_model=User)
def read_user(
user_id: int,
db: Session = Depends(get_db),
current_user: User = Depends(get_current_active_superuser),
):
user = get_user(db, user_id=user_id)
if not user:
raise HTTPException(
status_code=404,
detail="User not found",
)
return user
@router.put("/{user_id}", response_model=User)
def update_user_endpoint(
*,
user_id: int,
user_in: UserUpdate,
db: Session = Depends(get_db),
current_user: User = Depends(get_current_active_superuser),
):
user = get_user(db, user_id=user_id)
if not user:
raise HTTPException(
status_code=404,
detail="User not found",
)
user = update_user(db=db, user_id=user_id, user=user_in)
return user
@router.delete("/{user_id}")
def delete_user_endpoint(
user_id: int,
db: Session = Depends(get_db),
current_user: User = Depends(get_current_active_superuser),
):
user = get_user(db, user_id=user_id)
if not user:
raise HTTPException(
status_code=404,
detail="User not found",
)
delete_user(db=db, user_id=user_id)
return {"message": "User deleted successfully"}
4.3 依赖项管理
集中管理API端点依赖项。
# app/api/deps.py
from fastapi import Depends, HTTPException, status
from fastapi.security import OAuth2PasswordBearer
from jose import JWTError
from sqlalchemy.orm import Session
from app.db.session import get_db
from app.core.security import decode_access_token
from app.crud.user import get_user_by_email
from app.schemas.user import User
oauth2_scheme = OAuth2PasswordBearer(tokenUrl=f"/api/v1/auth/login")
def get_current_user(
db: Session = Depends(get_db),
token: str = Depends(oauth2_scheme)
):
credentials_exception = HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Could not validate credentials",
headers={"WWW-Authenticate": "Bearer"},
)
try:
payload = decode_access_token(token)
if payload is None:
raise credentials_exception
email: str = payload.get("sub")
if email is None:
raise credentials_exception
except JWTError:
raise credentials_exception
user = get_user_by_email(db, email=email)
if user is None:
raise credentials_exception
return user
def get_current_active_user(current_user: User = Depends(get_current_user)):
if not current_user.is_active:
raise HTTPException(status_code=400, detail="Inactive user")
return current_user
def get_current_active_superuser(current_user: User = Depends(get_current_active_user)):
if not current_user.is_superuser:
raise HTTPException(
status_code=400,
detail="The user doesn't have enough privileges"
)
return current_user
5. 数据库设置与迁移
5.1 数据库会话管理
# app/db/session.py
from sqlalchemy import create_engine
from sqlalchemy.orm import sessionmaker, declarative_base
from app.core.config import settings
# 创建数据库引擎
engine = create_engine(
settings.DATABASE_URL,
connect_args={"check_same_thread": False} # 仅SQLite需要
)
# 创建会话本地类
SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
# 声明基类
Base = declarative_base()
# 依赖项:获取数据库会话
def get_db():
db = SessionLocal()
try:
yield db
finally:
db.close()
5.2 数据库迁移配置
使用Alembic进行数据库迁移管理。
# alembic/env.py
from logging.config import fileConfig
from sqlalchemy import engine_from_config
from sqlalchemy import pool
from alembic import context
from app.core.config import settings
from app.models.user import Base # 导入所有模型
# Alembic配置
config = context.config
config.set_main_option("sqlalchemy.url", settings.DATABASE_URL)
# 设置目标元数据
target_metadata = Base.metadata
def run_migrations_offline():
"""在离线模式下运行迁移"""
url = config.get_main_option("sqlalchemy.url")
context.configure(
url=url,
target_metadata=target_metadata,
literal_binds=True,
dialect_opts={"paramstyle": "named"},
)
with context.begin_transaction():
context.run_migrations()
def run_migrations_online():
"""在在线模式下运行迁移"""
connectable = engine_from_config(
config.get_section(config.config_ini_section),
prefix="sqlalchemy.",
poolclass=pool.NullPool,
)
with connectable.connect() as connection:
context.configure(
connection=connection, target_metadata=target_metadata
)
with context.begin_transaction():
context.run_migrations()
if context.is_offline_mode():
run_migrations_offline()
else:
run_migrations_online()
6. 测试与调试
6.1 编写单元测试
使用pytest编写API端点测试。
# tests/test_users.py
import pytest
from fastapi.testclient import TestClient
from sqlalchemy import create_engine
from sqlalchemy.orm import sessionmaker
from app.main import app
from app.db.session import Base, get_db
from app.core.security import get_password_hash
from app.models.user import User
# 测试数据库
SQLALCHEMY_DATABASE_URL = "sqlite:///./test.db"
engine = create_engine(
SQLALCHEMY_DATABASE_URL, connect_args={"check_same_thread": False}
)
TestingSessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
# 创建测试数据库表
Base.metadata.create_all(bind=engine)
# 重写get_db依赖
def override_get_db():
try:
db = TestingSessionLocal()
yield db
finally:
db.close()
app.dependency_overrides[get_db] = override_get_db
client = TestClient(app)
def test_create_user():
response = client.post(
"/api/v1/auth/register",
json={
"email": "test@example.com",
"password": "password",
"full_name": "Test User"
},
)
assert response.status_code == 200
data = response.json()
assert data["user"]["email"] == "test@example.com"
assert "access_token" in data
assert data["token_type"] == "bearer"
def test_login_user():
# 首先创建用户
client.post(
"/api/v1/auth/register",
json={
"email": "login@example.com",
"password": "password",
"full_name": "Login User"
},
)
# 测试登录
response = client.post(
"/api/v1/auth/login",
data={
"username": "login@example.com",
"password": "password"
},
)
assert response.status_code == 200
data = response.json()
assert data["user"]["email"] == "login@example.com"
assert "access_token" in data
def test_get_users_without_auth():
response = client.get("/api/v1/users/")
assert response.status_code == 401 # 未授权
@pytest.fixture(autouse=True)
def cleanup_db():
# 在每个测试运行前清理数据库
db = TestingSessionLocal()
db.query(User).delete()
db.commit()
db.close()
6.2 使用FastAPI自动文档
FastAPI自动生成交互式API文档:
- Swagger UI: http://localhost:8000/docs
- ReDoc: http://localhost:8000/redoc
7. 部署与性能优化
7.1 使用Gunicorn和Uvicorn部署
创建生产环境部署配置。
# gunicorn_conf.py import multiprocessing # 服务器socket bind = "0.0.0.0:8000" # 工作进程数 workers = multiprocessing.cpu_count() * 2 + 1 # 工作进程类型 worker_class = "uvicorn.workers.UvicornWorker" # 日志配置 loglevel = "info" accesslog = "-" # 标准输出 errorlog = "-" # 标准错误输出 # 超时设置 timeout = 120 keepalive = 5
7.2 Docker容器化
创建Dockerfile和docker-compose配置。
# Dockerfile
FROM python:3.9-slim
# 设置工作目录
WORKDIR /app
# 设置环境变量
ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONUNBUFFERED 1
# 安装系统依赖
RUN apt-get update && apt-get install -y \
gcc \
&& rm -rf /var/lib/apt/lists/*
# 安装Python依赖
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
# 复制项目文件
COPY . .
# 创建非root用户
RUN adduser --disabled-password --gecos '' myuser
USER myuser
# 暴露端口
EXPOSE 8000
# 启动命令
CMD ["gunicorn", "-c", "gunicorn_conf.py", "app.main:app"]
# docker-compose.yml
version: '3.8'
services:
web:
build: .
ports:
- "8000:8000"
environment:
- DATABASE_URL=postgresql://user:password@db:5432/mydatabase
depends_on:
- db
volumes:
- .:/app
db:
image: postgres:13
environment:
- POSTGRES_DB=mydatabase
- POSTGRES_USER=user
- POSTGRES_PASSWORD=password
volumes:
- postgres_data:/var/lib/postgresql/data
volumes:
postgres_data:
7.3 性能优化建议
- 数据库连接池:配置合适的连接池大小
- 查询优化:使用Eager Loading避免N+1查询问题
- 缓存策略:使用Redis缓存频繁访问的数据
- 异步任务:使用Celery处理耗时任务
- CDN加速:静态资源使用CDN分发
- 索引优化:为常用查询字段添加数据库索引
8. 完整代码示例
以下是一个简化的完整示例,展示了核心功能:
# simplified_main.py
from fastapi import FastAPI, Depends, HTTPException, status
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from pydantic import BaseModel
from datetime import datetime, timedelta
from jose import JWTError, jwt
from passlib.context import CryptContext
from typing import Optional
import secrets
# 配置
SECRET_KEY = secrets.token_urlsafe(32)
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30
# 模拟数据库
fake_users_db = {}
# 密码上下文
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
# 模型定义
class User(BaseModel):
username: str
email: Optional[str] = None
full_name: Optional[str] = None
disabled: Optional[bool] = None
class UserInDB(User):
hashed_password: str
class Token(BaseModel):
access_token: str
token_type: str
class TokenData(BaseModel):
username: Optional[str] = None
# 工具函数
def verify_password(plain_password, hashed_password):
return pwd_context.verify(plain_password, hashed_password)
def get_password_hash(password):
return pwd_context.hash(password)
def get_user(db, username: str):
if username in db:
user_dict = db[username]
return UserInDB(**user_dict)
def authenticate_user(db, username: str, password: str):
user = get_user(db, username)
if not user:
return False
if not verify_password(password, user.hashed_password):
return False
return user
def create_access_token(data: dict, expires_delta: Optional[timedelta] = None):
to_encode = data.copy()
if expires_delta:
expire = datetime.utcnow() + expires_delta
else:
expire = datetime.utcnow() + timedelta(minutes=15)
to_encode.update({"exp": expire})
encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
return encoded_jwt
# FastAPI应用
app = FastAPI()
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
async def get_current_user(token: str = Depends(oauth2_scheme)):
credentials_exception = HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Could not validate credentials",
headers={"WWW-Authenticate": "Bearer"},
)
try:
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
username: str = payload.get("sub")
if username is None:
raise credentials_exception
token_data = TokenData(username=username)
except JWTError:
raise credentials_exception
user = get_user(fake_users_db, username=token_data.username)
if user is None:
raise credentials_exception
return user
@app.post("/token", response_model=Token)
async def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends()):
user = authenticate_user(fake_users_db, form_data.username, form_data.password)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
headers={"WWW-Authenticate": "Bearer"},
)
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(
data={"sub": user.username}, expires_delta=access_token_expires
)
return {"access_token": access_token, "token_type": "bearer"}
@app.get("/users/me/", response_model=User)
async def read_users_me(current_user: User = Depends(get_current_user)):
return current_user
# 初始化一个测试用户
fake_users_db["testuser"] = {
"username": "testuser",
"full_name": "Test User",
"email": "test@example.com",
"hashed_password": get_password_hash("testpassword"),
"disabled": False,
}
if __name__ == "__main__":
import uvicorn
uvicorn.run(app, host="0.0.0.0", port=8000)
9. 常见问题与解决方案
9.1 CORS问题
确保正确配置CORS中间件,允许前端域名访问API。
9.2 数据库连接池耗尽
调整数据库连接池大小,确保连接正确释放。
9.3 性能瓶颈
使用异步数据库驱动,优化查询,添加缓存层。
9.4 安全性问题
- 使用HTTPS
- 验证输入数据
- 防止SQL注入(ORM通常已处理)
- 限制请求频率
- 保护敏感信息
总结
Python后端API开发是一个综合性的工程,涉及框架选择、数据库设计、安全认证、性能优化等多个方面。FastAPI作为一个现代框架,提供了高性能、易用性和强大的功能,是开发API的优秀选择。
本文详细介绍了从项目搭建到部署上线的完整流程,提供了最佳实践和代码示例。在实际开发中,应根据项目需求选择合适的工具和架构,注重代码质量和可维护性,同时充分考虑安全性和性能要求。
通过遵循本文的指导,您可以构建出健壮、高效且易于维护的Python后端API,为您的应用程序提供强大的后端支持。
以上就是Python后端API开发的完全指南的详细内容,更多关于Python后端API开发的资料请关注脚本之家其它相关文章!