Authentication from cli tools can be a bit of a bear, and I have to look it up
every time. This is my reference guide for future me to remember how to easily
do it.
I set up a fastapi [1] server running on port 8000, it uses a basic auth with
waylonwalker as the username and asdf as the password. The server follows
along with what comes out of the docs. I have it setup to take basic auth,
form username and password, or a bearer token for authentication.
curl # [2]
The og [3] of command line url tools.
# basic auth
curl -u 'waylonwalker:asdf' -X POST localhost:8000/token
# basic auth with password prompt
curl -u 'waylonwalker' -X POST localhost:8000/token
# token
curl -H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ3YXlsb253YWxrZXIiLCJleHAiOjE3MDI5NTI2MDJ9.GeYNt7DNal6LTiPoavJnqypaMt4vYeriXdq5lqu1ILg' -X POST localhost:8000/token
wget # [4]
My go to if I want the result to go into a file.
# basic auth
wget -q -O - --auth-no-challenge --http-user=waylonwalker --http-password=asdf --post-data '' localhost:8000/token
# token
wget -q -O - --header="Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ3YXlsb253YWxrZXIiLCJleHAiOjE3MDI5NT...
Today I Learned
Short TIL posts
1852 posts
latest post 2026-05-13
Publishing rhythm
External Link
stackoverflow.com [1]
After struggling to get dependencies inside of middleware I learned that you can make global dependencies at the app level. I used this to set the user on every single route of the application without needing Depend on getting the user on each route.
from fastapi import Depends, FastAPI, Request
def get_db_session():
print("Calling 'get_db_session(...)'")
return "Some Value"
def get_current_user(session=Depends(get_db_session)):
print("Calling 'get_current_user(...)'")
return session
def recalculate_resources(request: Request, current_user=Depends(get_current_user)):
print("calling 'recalculate_resources(...)'")
request.state.foo = current_user
app = FastAPI(dependencies=[Depends(recalculate_resources)])
@app.get("/")
async def root(request: Request):
return {"foo_from_dependency": request.state.foo}
Note
This post is a thought [2]. It’s a short note that I make
about someone else’s content online #thoughts
References:
[1]: https://stackoverflow.com/questions/72243379/fastapi-dependency-inside-middleware#answer-72480781
[2]: /thoughts/
Handling Errors - FastAPI
FastAPI framework, high performance, easy to learn, fast to code, ready for production
fastapi.tiangolo.com [1]
This page shows how to customize your fastapi [2] errors. I found this very useful to setup common templates so that I can return the same 404’s both programatically and by default, so it all looks the same to the end user.
from fastapi import FastAPI, Request
from fastapi.responses import JSONResponse
class UnicornException(Exception):
def __init__(self, name: str):
self.name = name
app = FastAPI()
@app.exception_handler(UnicornException)
async def unicorn_exception_handler(request: Request, exc: UnicornException):
return JSONResponse(
status_code=418,
content={"message": f"Oops! {exc.name} did something. There goes a rainbow..."},
)
@app.get("/unicorns/{name}")
async def read_unicorn(name: str):
if name == "yolo":
raise UnicornException(name=name)
return {"unicorn_name": name}
Note
This post is a thought [3]. It’s a short note that I make
about someone else’s content online #thoughts
References:
[1]: https://fastapi.tiangolo.com/tutorial/handling-errors/
[2]: /fastapi/
[3]: /thoughts/
External Link
github.com [1]
Setting an additional log handler to the uvicorn logger for access logs in fastapi [2] was not straightforward, but This post was very helpful.
@app.on_event("startup")
async def startup_event():
logger = logging.getLogger("uvicorn.access")
handler = logging.StreamHandler()
handler.setFormatter(logging.Formatter("%(asctime)s - %(levelname)s - %(message)s"))
logger.addHandler(handler)
Note
This post is a thought [3]. It’s a short note that I make
about someone else’s content online #thoughts
References:
[1]: https://github.com/tiangolo/fastapi/issues/1508
[2]: /fastapi/
[3]: /thoughts/
External Link
stackoverflow.com [1]
Setting tags in your fastapi endpoints will group them in the docs. You can also set some metadata around the tags to get nice descriptions.
Here is a full example from the post.
from fastapi import FastAPI
tags_metadata = [
{"name": "Get Methods", "description": "One other way around"},
{"name": "Post Methods", "description": "Keep doing this"},
{"name": "Delete Methods", "description": "KILL 'EM ALL"},
{"name": "Put Methods", "description": "Boring"},
]
app = FastAPI(openapi_tags=tags_metadata)
@app.delete("/items", tags=["Delete Methods"])
@app.put("/items", tags=["Put Methods"])
@app.post("/items", tags=["Post Methods"])
@app.get("/items", tags=["Get Methods"])
async def handle_items():
return
Note
This post is a thought [2]. It’s a short note that I make
about someone else’s content online #thoughts
References:
[1]: https://stackoverflow.com/questions/63762387/how-to-group-fastapi-endpoints-in-swagger-ui#answer-63762765
[2]: /thoughts/
External Link
X (formerly Twitter) · twitter.com [1]
Most bloggers on my twitter blog right into a file that goes on git [2]. I kinda expected to have more database folk. I have my blog in markdown on git and the editing experience is top notch. I can just find files edit them in MY EDITOR, push them and I got a post. I am running thoughts in a sqlite database with a fastapi [3] backend, and holy crap the instant nature of posting feels so much better. Both sides have good points.
Note
This post is a thought [4]. It’s a short note that I make
about someone else’s content online #thoughts
References:
[1]: https://twitter.com/_WaylonWalker/status/1734387536716308693
[2]: /glossary/git/
[3]: /fastapi/
[4]: /thoughts/
Show some equivalent list comprehensions in filter examples · Issue #1068 · pallets/jinja
I'm willing to write a pull-request for this, but I just want to see what people think before I write it. So the issue is this. I'm very familiar with python. I'm new to Jinja2. Often I find myself...
GitHub · github.com [1]
I often want to reach for non existing list comprehensions in jinja 2, Here are a few nice equivalents.
a: {{ data | selectattr('x', 'gt', 5) | list }}
b: {{ data | map(attribute='c') | list }}
c: {{ data | selectattr('x', 'gt', 5) | map(attribute='c') | list }}
Note
This post is a thought [2]. It’s a short note that I make
about someone else’s content online #thoughts
References:
[1]: https://github.com/pallets/jinja/issues/1068
[2]: /thoughts/
External Link
vi.stackexchange.com [1]
I fixed my missing macro recording indicator that I lost and was never quite sure why. (because I forgot that I set cmdheight=0).
vim.cmd [[ autocmd RecordingEnter * set cmdheight=1 ]]
vim.cmd [[ autocmd RecordingLeave * set cmdheight=0 ]]
Note
This post is a thought [2]. It’s a short note that I make
about someone else’s content online #thoughts
References:
[1]: https://vi.stackexchange.com/questions/39947/nvim-vim-o-cmdheight-0-looses-the-recording-a-macro-messages
[2]: /thoughts/
I am working on fokais.com’s signup page, and I want to hide the form input during
an htmx [1] request. I was seeing some issues where I was able to prevent spamming
the submit button, but was still able to get one extra hit on it.
It also felt like nothing was happening while sending the email to the user for
verification. Now I get the form to disappear and a spinner to show during the
request.
HTML # [3]
Let’s start off with the form. It uses htmx to submit a post request to the
post_request route. Note that there is a spinner in the post_request with the
htmx-indicator class.
The intent is to hide the spinner until the request is running, and hide all of
the form input during the request.
<form
id="signup-form"
hx-swap-oob="outerHTML"
class="m-4 mx-auto mb-6 flex w-80 flex-col rounded-lg b p-4 shadow-xlc shadow-cyan-500/10"
method="POST"
action="{{ url_for('post_signup') }}"
hx-post="{{ url_for('post_signup') }}"
>
<input
class="mx-8 mt-6 mb-4 border border-black bg-zinc-900 p-1 text-center focus:bg-zinc-800"
type="text"
value="{{ full_name }}"
name="full_name"
placeholder="Full Name"
/>
{% if full_name_error %}
<label class="-mt-6 mb-6 mx-8 text-red-500 ...
GitHub - DataDog/ddqa: Datadog's QA manager for releases of GitHub repositories
Datadog's QA manager for releases of GitHub repositories - DataDog/ddqa
GitHub · github.com [1]
DataDog ddqa is building out a textual app and deploying it with pyapp. They have CI setup to fully build and cross compile their textual tui into github releases that you can just download from their releases page. This is something I am looking at for markata. This would be pretty sweet to be able to make it just work on places like windows. It would also be interesting to try to build a full desktop app with pyapp.
Note
This post is a thought [2]. It’s a short note that I make
about someone else’s content online #thoughts
References:
[1]: https://github.com/DataDog/ddqa
[2]: /thoughts/
Check out ddqa [1] by DataDog [2]. It’s a well-crafted project with great potential.
Datadog’s QA manager for releases of GitHub repositories
References:
[1]: https://github.com/DataDog/ddqa
[2]: https://github.com/DataDog
I like cross-rs’s [1] project cross [2].
“Zero setup” cross compilation and “cross testing” of Rust crates
References:
[1]: https://github.com/cross-rs
[2]: https://github.com/cross-rs/cross
If you’re into interesting projects, don’t miss out on pyapp [1], created by ofek [2].
Runtime installer for Python applications
References:
[1]: https://github.com/ofek/pyapp
[2]: https://github.com/ofek
[1]
Full list of imagemagick color names.
Note
This post is a thought [2]. It’s a short note that I make
about someone else’s content online #thoughts
References:
[1]: /static/https://imagemagick.org/script/color.php
[2]: /thoughts/
External Link
X (formerly Twitter) · twitter.com [1]
I’m going to give this trick a shot on my sites, and see how I like it.
* {
min-width: 0
}
Down in the comments @adamwathan [2] goes on to say.
Basically every layout overflow bug ever boils down to some flex or grid child needing min-width: 0 😄
Oh and @ryanflorence [3] also says in the comments.
I … do this.
Note
This post is a thought [4]. It’s a short note that I make
about someone else’s content online #thoughts
References:
[1]: https://twitter.com/adamwathan/status/1734696245015494711
[2]: https://twitter.com/adamwathan/
[3]: https://twitter.com/ryanflorence
[4]: /thoughts/
External Link
tushar.lol [1]
Nice message by @tusharsadhwani [2].
Write it down.
You had to dig deeper than face value at something.
Write it down.
You had to combine multiple pages of docs.
Write it down.
Someting was simply not obvious to you at first and it took someone else to give you that ah ha moment.
Write it down.
You had a small discovery that had a marginal impact on your day.
Write it down.
A blog does not have to be a Blog, it can be small meaningful posts. There are absolutely no rules. If you think you are going to end up with too many posts, that is a solvable problem, make a search, curate your favorite posts, make multiple feeds.
At the end of the day.
Write it down.
This post itself is a thought, the smallest component to my blogging strategy.
Write it down.
Note
This post is a thought [3]. It’s a short note that I make
about someone else’s content online #thoughts
References:
[1]: https://tushar.lol/post/write-a-blog/
[2]: https://twitter.com/sadhlife
[3]: /thoughts/
Path Operation Advanced Configuration - FastAPI
FastAPI framework, high performance, easy to learn, fast to code, ready for production
fastapi.tiangolo.com [1]
Excluding routes from fastapi docs, can be done from the route configuration using `include_in_schema`. This is handy for routes that are not really api based or duplicates.
From the Docs # [2]
from fastapi import FastAPI
app = FastAPI()
@app.get("/items/", include_in_schema=False)
async def read_items():
return [{"item_id": "Foo"}]
trailing slash # [3]
I’ve had better luck just routing both naked and trailing slash routes in fastapi [4]. I’ve had api’s deployed as a subroute to a site rather than a subdomain, and the automatic redirect betweens them tended to always get messed up. This is pretty easy fix for the pain is causes just give vim a yyp, and if you don’t want deuplicates in your docs, ignore one.
from fastapi import FastAPI
app = FastAPI()
@app.get("/items")
@app.get("/items/", include_in_schema=False)
async def read_items():
return [{"item_id": "Foo"}]
favicon.ico # [5]
Now you do not need to deploy favicons to your api in any way, it is nice to have it in your browser tab, but more importantly ...
Protect API docs behind authentication? · Issue #364 · fastapi/fastapi
Basic Question Does FastAPI provide a method for implementing authentication middleware or similar on the docs themselves (e.g. to protect access to /docs and /redoc)? Additional context My company...
GitHub · github.com [1]
You can protect your fastapi [2] docs behind auth so that not only can certain roles not run certain routes, but they cannot even see the docs at all. This way no one that shouldn’t be poking around can even discover routes they shouldn’t be using.
Here is the soluteion provided by @kennylajara [3]
from fastapi import FastAPI
from fastapi.openapi.docs import get_redoc_html, get_swagger_ui_html
from fastapi.openapi.utils import get_openapi
import secrets
from fastapi import Depends, FastAPI, HTTPException, status
from fastapi.security import HTTPBasic, HTTPBasicCredentials
app = FastAPI(
title="FastAPI",
version="0.1.0",
docs_url=None,
redoc_url=None,
openapi_url = None,
)
security = HTTPBasic()
def get_current_username(credentials: HTTPBasicCredentials = Depends(security)):
correct_username = secrets.compare_digest(credentials.username, "user")
correct_password = secrets...
Looking for inspiration? llmware [1] by llmware-ai [2].
Unified framework for building enterprise RAG pipelines with small, specialized models
References:
[1]: https://github.com/llmware-ai/llmware
[2]: https://github.com/llmware-ai
Cancel subscriptions
Cancel subscriptions immediately or at the end of the subscription period with proration options, invoice handling, and automatic cancellation after failed payment attempts.
stripe.com [1]
This is a handy guide to cancelling stripe subscriptions.
# Set your secret key. Remember to switch to your live secret key in production.
# See your keys here: https://dashboard.stripe.com/apikeys
import stripe
stripe.api_key = "sk_test_51ODvHtB26msLKqCAPBAo1qkBBuIfT5tQBX6YFWCLMsPixIExxITCRVa9tNCIqkdQS8olhR79NYXsFWBPKsM3LbGO00zEcNQfNI"
stripe.Subscription.modify(
"sub_49ty4767H20z6a",
cancel_at_period_end=True,
)
You can even inverse it by flipping True to False and re activate the subscription.
Note
This post is a thought [2]. It’s a short note that I make
about someone else’s content online #thoughts
References:
[1]: https://stripe.com/docs/billing/subscriptions/cancel#canceling
[2]: /thoughts/