FastAPI Blog: A Developer’s Guide to Building with Python

Hey guys! Ever thought about building your own blog from scratch? If you’re a Python enthusiast, FastAPI is the way to go! It’s fast (duh!), easy to learn, and perfect for creating robust web applications. In this guide, we’ll walk you through the process of creating a fully functional blog using FastAPI. Let’s dive in!

Setting Up Your FastAPI Project

Okay, first things first, let’s get our environment set up. This involves creating a new project directory, setting up a virtual environment, and installing FastAPI along with other necessary dependencies. Trust me, a clean environment is crucial for managing dependencies and avoiding conflicts down the road.

Creating a Project Directory

Start by opening your terminal and navigating to where you want to store your project. Then, create a new directory for your blog. For example:

mkdir fastapi-blog
cd fastapi-blog

This creates a directory named fastapi-blog and moves you into it. Simple enough, right?

Setting Up a Virtual Environment

Next, we’ll set up a virtual environment. This isolates your project’s dependencies from the global Python installation, preventing version conflicts. You can create a virtual environment using venv :

python3 -m venv venv

To activate the virtual environment, use the following command:

source venv/bin/activate  # On Linux/macOS
.\venv\Scripts\activate  # On Windows

Once activated, you’ll see the virtual environment’s name (venv) in parentheses before your command prompt. This indicates that the virtual environment is active.

Installing FastAPI and Dependencies

Now that our virtual environment is active, we can install FastAPI and other necessary packages. We’ll need fastapi for the framework itself, uvicorn as an ASGI server to run our application, and python-multipart to handle form data (which will be useful for things like image uploads). Let’s install them using pip:

pip install fastapi uvicorn python-multipart

FastAPI itself is the star of the show, providing all the tools and utilities we need to build our blog. Uvicorn is our trusty server, responsible for running the FastAPI application and handling incoming requests. python-multipart is essential for handling multipart form data, which is commonly used when dealing with file uploads.

With these steps completed, you’ve successfully set up your FastAPI project. You’re now ready to start building the core components of your blog. This includes defining your data models, creating API endpoints, and implementing the necessary business logic. Keep following along, and you’ll have a functioning blog in no time!

Defining Data Models with Pydantic

Alright, let’s talk about data! In our blog, we’ll need to define models for posts, users, and maybe even comments. Pydantic is perfect for this. It allows us to define data structures with type hints and provides validation, making our code more robust and easier to maintain.

Creating a Post Model

Let’s start with the Post model. A typical blog post might include fields like title , content , author , and publication_date . Here’s how you can define it using Pydantic:

from pydantic import BaseModel
from datetime import datetime

class Post(BaseModel):
    title: str
    content: str
    author: str
    publication_date: datetime = datetime.now()

In this example, we’re importing BaseModel from pydantic and datetime from the datetime module. Our Post class inherits from BaseModel , which gives it all the Pydantic magic. We define the title and content as strings ( str ), the author as a string, and the publication_date as a datetime object. The publication_date defaults to the current date and time using datetime.now() .

Creating a User Model

Next, let’s define a User model. This might include fields like username , email , and password . For simplicity, we’ll skip the password hashing and salting for now (but remember, in a real-world application, you’d definitely want to do that!).

class User(BaseModel):
    username: str
    email: str
    password: str

Here, we define the username , email , and password fields as strings. Again, this is a basic example, and you’d likely want to add more fields and validation rules in a production environment. For instance, you might want to ensure that the email field contains a valid email address.

Benefits of Using Pydantic

Using Pydantic models offers several advantages. First, it provides automatic data validation. If the data doesn’t match the expected type, Pydantic will raise an error, preventing invalid data from entering your application. Second, it makes your code more readable and maintainable by clearly defining the structure of your data. Third, it integrates seamlessly with FastAPI, making it easy to define API request and response models.

For example, if you try to create a Post object with an invalid title , Pydantic will catch it:

from datetime import datetime

from pydantic import ValidationError


try:
    Post(title=123, content="Hello", author="John")
except ValidationError as e:
    print(e)

This will output a validation error because the title field is expected to be a string, not an integer. Pydantic’s validation helps catch these errors early, making your application more robust.

By defining data models with Pydantic, you ensure that your application handles data consistently and correctly. This is crucial for building a reliable and maintainable blog.

Building API Endpoints with FastAPI

Now, let’s get to the fun part: building API endpoints! FastAPI makes this incredibly straightforward. We’ll create endpoints for creating, reading, updating, and deleting (CRUD) blog posts. This is where our blog starts to come to life!

Creating a FastAPI Instance

First, we need to create an instance of the FastAPI class. This is the entry point for our application.

from fastapi import FastAPI

app = FastAPI()

Here, we’re importing the FastAPI class and creating an instance of it called app . This app object will be used to define our API endpoints.

Defining API Endpoints

Let’s start with the endpoint for creating a new blog post. We’ll use the @app.post decorator to define a POST endpoint at the /posts/ path. This endpoint will accept a Post object as input and return the created post.

from fastapi import FastAPI
from pydantic import BaseModel
from datetime import datetime

app = FastAPI()

class Post(BaseModel):
    title: str
    content: str
    author: str
    publication_date: datetime = datetime.now()


@app.post("/posts/")
async def create_post(post: Post):
    # In a real application, you would save the post to a database here
    print(f"Creating post: {post}")
    return post

In this example, the @app.post("/posts/") decorator tells FastAPI that this function should be called when a POST request is made to the /posts/ path. The post: Post parameter tells FastAPI to expect a Post object in the request body. FastAPI automatically validates the incoming data against the Post model and raises an error if the data is invalid. Inside the function, we simply print the post and return it. In a real application, you would save the post to a database here.

Next, let’s define an endpoint for reading a blog post by its ID. We’ll use the @app.get decorator to define a GET endpoint at the /posts/{post_id} path. This endpoint will accept a post_id as a path parameter and return the corresponding post.

from fastapi import FastAPI
from pydantic import BaseModel
from datetime import datetime

app = FastAPI()

class Post(BaseModel):
    title: str
    content: str
    author: str
    publication_date: datetime = datetime.now()


@app.get("/posts/{post_id}")
async def read_post(post_id: int):
    # In a real application, you would retrieve the post from a database here
    print(f"Reading post with ID: {post_id}")
    return {"id": post_id, "title": "Example Post", "content": "This is an example post.", "author": "John Doe", "publication_date": datetime.now()}

In this example, the @app.get("/posts/{post_id}") decorator tells FastAPI that this function should be called when a GET request is made to the /posts/{post_id} path. The {post_id} part of the path is a path parameter, which is passed to the function as the post_id argument. Inside the function, we simply print the post_id and return a dummy post. In a real application, you would retrieve the post from a database here.

Running the FastAPI Application

To run the FastAPI application, we’ll use Uvicorn. Save your code in a file named main.py and run the following command:

uvicorn main:app --reload

This command tells Uvicorn to run the app object in the main.py file. The --reload flag tells Uvicorn to automatically reload the application whenever you make changes to the code. Now, open your browser and navigate to http://127.0.0.1:8000/docs . You should see the FastAPI documentation, which automatically generates interactive API documentation based on your code.

FastAPI simplifies the process of building API endpoints, providing automatic data validation, serialization, and documentation. This makes it easy to create robust and well-documented APIs for your blog. By defining endpoints for creating, reading, updating, and deleting blog posts, you lay the foundation for a fully functional blog application.

Connecting to a Database

To make our blog truly functional, we need to connect it to a database. SQLAlchemy is a powerful and flexible Python SQL toolkit and Object-Relational Mapper (ORM) that we can use to interact with databases. It supports various database backends, including PostgreSQL, MySQL, and SQLite.

Installing SQLAlchemy and a Database Driver

First, we need to install SQLAlchemy and a database driver. For this example, we’ll use SQLite, which is a lightweight and easy-to-use database that doesn’t require a separate server process. To install SQLAlchemy and the SQLite driver, run the following command:

pip install sqlalchemy

Configuring the Database Connection

Next, we need to configure the database connection. We’ll create a database.py file to handle the database connection and session management.

from sqlalchemy import create_engine
from sqlalchemy.orm import sessionmaker
from sqlalchemy.ext.declarative import declarative_base

DATABASE_URL = "sqlite:///./blog.db"

engine = create_engine(
    DATABASE_URL, connect_args={"check_same_thread": False}
)

SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)

Base = declarative_base()

In this example, we’re importing create_engine , sessionmaker , and declarative_base from SQLAlchemy. We define the database URL as sqlite:///./blog.db , which tells SQLAlchemy to use SQLite and store the database in a file named blog.db in the current directory. We then create an engine using create_engine , passing the database URL and a dictionary of connection arguments. The connect_args dictionary is specific to SQLite and is used to disable thread safety checks. We create a SessionLocal class using sessionmaker , which will be used to create database sessions. Finally, we create a Base class using declarative_base , which will be used to define our database models.

Defining Database Models

Now, let’s define our database models. We’ll create a Post model that corresponds to the Post data model we defined earlier. This model will be used to store blog posts in the database.

from sqlalchemy import Column, Integer, String, DateTime
from sqlalchemy.sql import func

from .database import Base


class Post(Base):
    __tablename__ = "posts"

    id = Column(Integer, primary_key=True, index=True)
    title = Column(String)
    content = Column(String)
    author = Column(String)
    publication_date = Column(DateTime(timezone=True), server_default=func.now())

In this example, we’re importing Column , Integer , String , and DateTime from SQLAlchemy. We define the Post class, which inherits from the Base class we created earlier. We define the __tablename__ attribute to specify the name of the table in the database. We define the id , title , content , author , and publication_date columns using the Column class. The id column is an integer that serves as the primary key and index. The title , content , and author columns are strings. The publication_date column is a datetime object that defaults to the current date and time using func.now() .

Creating Database Tables

Before we can start using the database, we need to create the database tables. We can do this by calling the Base.metadata.create_all method.

from .database import engine, Base

Base.metadata.create_all(bind=engine)

In this example, we’re importing the engine and Base objects from our database.py file. We then call the Base.metadata.create_all method, passing the engine as an argument. This will create all the tables defined in our database models.

Using the Database in API Endpoints

Now that we’ve connected to the database and defined our database models, we can start using the database in our API endpoints. We’ll modify our create_post endpoint to save the new post to the database.

from fastapi import Depends, FastAPI
from sqlalchemy.orm import Session

from . import models, schemas
from .database import SessionLocal, engine

models.Base.metadata.create_all(bind=engine)

app = FastAPI()

# Dependency
def get_db():
    db = SessionLocal()
    try:
        yield db
    finally:
        db.close()


@app.post("/posts/", response_model=schemas.Post)
async def create_post(post: schemas.PostCreate, db: Session = Depends(get_db)):
    db_post = models.Post(**post.dict())
    db.add(db_post)
    db.commit()
    db.refresh(db_post)
    return db_post

In this example, we’re importing Depends from FastAPI and Session from SQLAlchemy. We’re also importing our database models and schemas. We define a get_db function that creates a database session and yields it to the endpoint. This function is used as a dependency in the create_post endpoint. Inside the create_post endpoint, we create a new Post object using the data from the request body. We then add the post to the database session, commit the changes, and refresh the post to get the ID that was assigned by the database. Finally, we return the newly created post.

SQLAlchemy provides a powerful and flexible way to interact with databases in our FastAPI application. By configuring the database connection, defining database models, and using the database in our API endpoints, we can create a fully functional blog that stores and retrieves data from a database.

Adding Authentication

Security is paramount, right? Let’s add authentication to our blog using JWT (JSON Web Tokens) . This will allow us to protect our API endpoints and ensure that only authorized users can create, update, or delete blog posts.

Installing Dependencies for Authentication

First, we need to install the necessary dependencies for authentication. We’ll need passlib for password hashing and python-jose for working with JWTs.

pip install passlib python-jose

Creating a User Authentication Model

Next, we’ll create a User model that includes fields for authentication, such as a hashed password. We’ll also add methods for verifying passwords.

from sqlalchemy import Boolean, Column, Integer, String
from sqlalchemy.orm import relationship

from .database import Base
from passlib.context import CryptContext


pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")


class User(Base):
    __tablename__ = "users"

    id = Column(Integer, primary_key=True, index=True)
    username = Column(String, unique=True, index=True)
    email = Column(String, unique=True, index=True)
    hashed_password = Column(String)
    is_active = Column(Boolean, default=True)

    items = relationship("Item", back_populates="owner")


    def verify_password(self, password: str) -> bool:
        return pwd_context.verify(password, self.hashed_password)


    def hash_password(self, password: str) -> str:
        return pwd_context.hash(password)

Generating JWT Tokens

Now, let’s create a function to generate JWT tokens when a user logs in.

from datetime import datetime, timedelta
from typing import Optional

from jose import JWTError, jwt
from passlib.context import CryptContext

from . import schemas


SECRET_KEY = "YOUR_SECRET_KEY"  # Change this in production!
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30


def create_access_token(data: dict, expires_delta: Optional[timedelta] = None):
    to_encode = data.copy()
    if expires_delta:
        expire = datetime.utcnow() + expires_delta
    else:
        expire = datetime.utcnow() + timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
    to_encode.update({"exp": expire})
    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
    return encoded_jwt

Protecting API Endpoints

Finally, let’s protect our API endpoints by requiring a valid JWT token in the Authorization header. We’ll use the JWTBearer authentication scheme from FastAPI.

from fastapi import Depends, FastAPI, HTTPException, status
from fastapi.security import OAuth2PasswordBearer
from jose import JWTError, jwt
from pydantic import BaseModel

from . import crud, models, schemas
from .database import SessionLocal, engine

models.Base.metadata.create_all(bind=engine)

app = FastAPI()


# OAuth2 Password Bearer
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")


async def get_current_user(token: str = Depends(oauth2_scheme)):
    credentials_exception = HTTPException(
        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Could not validate credentials",
        headers={"WWW-Authenticate": "Bearer"},
    )
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        username: str = payload.get("sub")
        if username is None:
            raise credentials_exception
        token_data = schemas.TokenData(username=username)
    except JWTError:
        raise credentials_exception
    user = crud.get_user(db, username=token_data.username)
    if user is None:
        raise credentials_exception
    return user


async def get_current_active_user(current_user: schemas.User = Depends(get_current_user)):
    if not current_user.is_active:
        raise HTTPException(status_code=400, detail="Inactive user")
    return current_user

JWT authentication adds a layer of security to our blog, ensuring that only authenticated users can access protected API endpoints. By implementing user authentication and authorization, we protect our blog from unauthorized access and data manipulation.

Conclusion

And there you have it! You’ve just walked through the process of building a blog using FastAPI. From setting up your project to defining data models, building API endpoints, connecting to a database, and adding authentication, you’ve covered a lot of ground. Remember, this is just a starting point. There’s so much more you can do to enhance your blog, such as adding features for comments, categories, tags, and more. Keep experimenting, keep learning, and most importantly, have fun! Happy coding, guys!