Full Web Apps with FastAPI Transcripts
Chapter: async databases with SQLAlchemy
Lecture: Async login user
0:00 The final user method that talks to the database that needs to be converted to this
0:04 async API is login_user. Again, pretty straightforward. So I'll come over here,
0:09 like this, and we want to get a hold of the user by email so I'll
0:13 leave some of these tests in here.
0:14 This is gonna be different, of course. We do
0:15 a query, which is
0:18 a select of User like this.
0:21 And then the filter goes on,
0:22 but not the first, that goes to another location.
0:26 Then we say result equals session.execute(query).
0:31 Now, remember, this is the async part right there.
0:33 We're talking to the database, so we say await and then finally,
0:36 we're gonna get the user. Not by saying first,
0:39 but results.scalar_one_or_none,
0:42 that's how we did it. We check,
0:43 are they there? So we get the user back.
0:45 If there's no user with that email,
0:47 well obviously they're not logging in,
0:48 are they? But if they do come back,
0:50 we want to verify their hashed password against rehashing the password.
0:54 But if for some reason the password's wrong,
0:56 also return None. And then we return the user. As before we gotta
1:00 asyncify this and then find where it's used and push that up the stack.
1:03 This one awaits it. And because we're doing the form stuff,
1:12 those are always async the way that they work.
1:14 So that method was already good to go.
1:17 Very cool. Let's go and try.
1:20 to log this in here. Log out, close
1:23 some other tabs. Let's go try to log in.
1:25 Let's go log in as Sarah here. Perfect, we logged in as Sarah Jones2. Let's log out,
1:31 and how about Sarah Jones4?
1:35 Yep, we can log in to Sarah Jones4.
1:36 And let's try one more, log in as email@example.com,
1:42 "abc". Nope, there is no other.
1:44 And also, let's make sure,
1:46 even if we have the right email,
1:48 but the password is wrong, still can't log in. Pretty awesome,
1:52 in fact, because the way async and await works,
1:55 we have the ability to do a little bit better here. In this login
2:01 part, it is somewhat computational here,
2:04 but you'll find once you get your site on the Internet, after a while,
2:09 if it's popular, people are going to start hammering away on it for various reasons
2:12 to just cause mayhem. Try to guess passwords,
2:15 all kinds of stuff. The one thing we could actually do here is we could
2:18 go and say something kind of like time.sleep(5)
2:20 And so you know what?
2:21 I'm not gonna get back to you for another five seconds to tell you whether
2:24 or not that guess was right or wrong.
2:26 However, if you do time.sleep(5),
2:27 this is gonna be bad.
2:29 It's going to literally lock up the server on this whole thread for everyone.
2:33 Doesn't matter if you're using async and await or not.
2:36 But if you go to asyncio,
2:38 import that, there's a sleep right there and this one we can await.
2:46 So this one, it's just gonna stash it off in the queue and then pick
2:49 it back up to run in five seconds.
2:51 It won't have much overhead at all.
2:53 Let's go and try this one,
2:54 that is a little more picky
2:56 if you get the login wrong.
2:58 So let's see, are we logged in?
3:00 No, let's first see that it logs in super fast, if you get it right.
3:04 Bam! Yes, it does. Log out, log in
3:08 maybe one more time. Even quicker.
3:10 Yeah, perfect. But if for some reason we get it wrong,
3:14 put in junk for our password,
3:16 for example 1 one thousand, 2 one thousand, 3
3:19 one thousand 4 on e thousand, 5. Yeah, there you go.
3:23 No, that wasn't right. So if you want to slow people down,
3:26 if they're doing things like trying to guess at coupon codes,
3:30 access codes, other pages, accounts, its really easy
3:34 to asynchronously just put them on the chills so they can't guess nearly as quickly
3:38 which I think is kind of cool, actually.