A flake8 plugin that helps you avoid simple FastAPI mistakes.
First, install the package:
pip install flake8-fastapiThen, check if the plugin is installed using flake8:
$ flake8 --version
6.0.0 (flake8-fastapi: 0.7.0, mccabe: 0.7.0, pycodestyle: 2.10.0, pyflakes: 3.0.1) CPython 3.8.11 on Linux- CF001 - Route Decorator Error
- CF002 - Router Prefix Error
- CF008 - CORSMiddleware Order
- CF009 - Undocumented HTTPException
- CF011 - No Content Response
Developers that were used to flask can be persuaded or want to use the same pattern in FastAPI:
from fastapi import FastAPI
app = FastAPI()
@app.route("/", methods=["GET"])
def home():
return "Hello world!"But on FastAPI, we have a simpler way to define this (and is the most known way to create endpoints):
from fastapi import FastAPI
app = FastAPI()
@app.get("/")
def home():
return "Hello world!"On old FastAPI versions, we were able to add a prefix only on the include_router method:
from fastapi import APIRouter, FastAPI
router = APIRouter()
@router.get("/")
def home():
...
app = FastAPI()
app.include_router(router, prefix="/prefix")Now, it's possible to add in the Router initialization:
from fastapi import APIRouter, FastAPI
router = APIRouter(prefix="/prefix")
@router.get("/")
def home():
...
app = FastAPI()
app.include_router(router)There's a tricky issue about CORSMiddleware that people are usually unaware. Which is that this middleware should be the last one on the middleware stack. You can read more about it here.
Let's see an example of what doesn't work:
from fastapi import FastAPI
app = FastAPI()
app.add_middleware(
CORSMiddleware,
allow_origins=['*'],
allow_credentials=True,
allow_methods=['*'],
allow_headers=['*']
)
app.add_middleware(GZipMiddleware)As you see, the last middleware added is not CORSMiddleware, so it will not work as expected. On the other hand, if you change the order, it will:
from fastapi import FastAPI
app = FastAPI()
app.add_middleware(GZipMiddleware)
app.add_middleware(
CORSMiddleware,
allow_origins=['*'],
allow_credentials=True,
allow_methods=['*'],
allow_headers=['*']
)Currently, there's no automatic solution to document the HTTPExceptions, besides the experimental package fastapi-responses.
For that reason, it's easy to forget the documentation, and have a lot of undocumented endpoints. Let's see an example:
from fastapi import FastAPI, HTTPException
app = FastAPI()
@app.get("/")
def home():
raise HTTPException(status_code=400, detail="Bad Request")The above endpoint doesn't have a responses field, even if it's clear that the response will have a 400 status code.
Currently, if you try to send a response with no content (204), FastAPI will send a 204 status with a non-empty body. It will send a body content-length being 4 bytes.
You can verify this statement running the following code:
# main.py
from fastapi import FastAPI
app = FastAPI()
@app.get("/", status_code=204)
def home():
...Now feel free to run with your favorite server implementation:
uvicorn main:appThen use curl or any other tool to send a request:
$ curl localhost:8000
* Trying 127.0.0.1:8000...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8000 (#0)
> GET / HTTP/1.1
> Host: localhost:8000
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 204 No Content
< date: Sat, 24 Jul 2021 19:21:24 GMT
< server: uvicorn
< content-length: 4
< content-type: application/json
<
* Connection #0 to host localhost left intactThis goes against the RFC, which specifies that a 204 response should have no body.
This project is licensed under the terms of the MIT license.