Guards — Aquilia Documentation
Comprehensive guide and documentation for Guards in the Aquilia framework. View API reference, examples, and implementation patterns.
Security & Auth Guards & Decorators Aquilia provides two separate guard modules: **Controller Decorators & Guards** (aquilia/auth/decorators.py) for route handler validations, and **Flow Pipeline Guards** (aquilia/auth/guards.py) for graph-based pipelines. Controller Decorators & Guards These decorators and guards run inside controller endpoints, resolving identities and session structures from active request scopes. Built-in Decorators @authenticated Blocks requests lacking active authenticated identities. Can redirect browser clients if a login URL is configured. @require_identity Asserts specific roles, scope capabilities, or custom attributes on the identity before executing the handler. from aquilia.auth.decorators import authenticated, require_identity @authenticated async def get_profile(ctx, user: Identity): # Principal is automatically resolved and injected return @authenticated(login_url="/login", redirect_if_html=True) async def dashboard(ctx, session: Session): # Web browsers get redirected to /login?next=/dashboard return @require_identity(roles=["admin"], scopes=["users:write"]) async def delete_user(ctx, identity: Identity): ... Controller Class Guards Class-based checks implementing a check(identity, session) method. Multiple guards can be composed using the `@requires` wrapper. , , , , ].map((g, i) => ( ))} from aquilia.auth.decorators import requires, AdminGuard, VerifiedEmailGuard @requires(AdminGuard(), VerifiedEmailGuard()) async def sensitive_panel(ctx): ... Flow Pipeline Guards Flow guards are graph-node instances executing constraints on pipeline context inputs, dynamically resolving stores from DI containers. , , , , , ].map((fg, i) => ( ))} Flow Shorthands Shorthand decorators that run the flow-based token parsing pipeline: from aquilia.auth.guards import require_auth, require_scopes, require_roles @require_auth(auth_manager) @require_scopes("orders.read") async def get_orders(request, identity: Identity): return ← Credentials Authorization → )
Go to Homepage