dudikbender / fast-graph Goto Github PK
View Code? Open in Web Editor NEWApplication integrating FastAPI with a Neo4j graph database.
Application integrating FastAPI with a Neo4j graph database.
Currently the function that allow you to update the user doesn't check if the new username already exist, this could cause authentication issue as the username is used to differentiates between user.
My solutions :
# UPDATE User profile
@router.put('/{username}/update', response_model=User)
async def update_user(attributes: dict, username: str):
# Add check to stop call if password is being changed
for k in attributes:
if k == 'hashed_password':
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="Operation not permitted, cannot update password with this method.",
headers={"WWW-Authenticate": "Bearer"})
if k == 'username':
#print(f"\n update \n {username}\n-\n{attributes['username']}\n-\n")
query = 'MATCH (user:User) WHERE user.username = $username RETURN user'
name = attributes['username']
with neo4j_driver.session() as session:
user_in_db = session.run(query=query, parameters={'username': name})
data = user_in_db.data()
#print(f"data {data}\n")
if data:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="Username already exists.",
headers={"WWW-user-delete": "Bearer"})
if attributes:
unpacked_attributes = 'SET ' + ', '.join(f'user.{key}=\'{value}\'' for (key, value) in attributes.items())
else:
unpacked_attributes = ''
# Execute Cypher query to update the user attributes
cypher_update_user = ('MATCH (user: User) WHERE user.username = $user\n'
f'{unpacked_attributes}\n'
'RETURN user')
with neo4j_driver.session() as session:
updated_user = session.run(query=cypher_update_user,
parameters={'user': username})
user_data = updated_user.data()[0]['user']
return User(**user_data)
I suggest a rework of the query route. Currently, the cypher string is passed through a URL path variable but do to URL encoding some character are lost in the process like the '+' character. So modifying the request to make the variables pass through the body of the request like bellow would solve those problems.
# Query endpoint
@router.get('/q', response_model=Query, summary='Query the database with a custom Cypher string')
async def cypher_query(attributes: dict):
print(attributes["cypher_string"])
if attributes["cypher_string"] is not None and attributes["cypher_string"] != "":
with neo4j_driver.session() as session:
response = session.run(query=attributes["cypher_string"])
return Query(response=response.data())
else:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="Empty or null cypher string.",
headers={"WWW-Authenticate": "Bearer"})
Hello, I have been using your project as a reference to understand how neo4j works better and it has been a big help to me thus far.
I had a doubt regarding the update node
aspect in the application here.
Will the backslashes f'new_node.{key}=\'{value}\''
near the value variable help escape characters and be secure from cypher injection attacks?
I tried looking around but could not find a conclusive answer to the same.
Thank you.
https://github.com/dudikbender/fast-graph/blob/main/app/utils/db.py#L7
you are importing thisneo4j_driver
variable where it's needed but it's not recommended as it's expensive to create.
do you have any other idea how can we not create it everytime?
uvicorn may not deal good with virtual python, i cannot import jose or app.stuff .
It may caused by directory error.
Using gunicorn, seems work
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.