ericmiguel
missil
Python

Simple FastAPI declarative endpoint-level access control.

Last updated Apr 9, 2026
96
Stars
0
Forks
0
Issues
0
Stars/day
Attention Score
27
Language breakdown
Python 100.0%
โ–ธ Files click to expand
README

Missil

Simple FastAPI declarative endpoint-level access control, somewhat inspired by Pyramid.

[DOCS] [SOURCE]

Package version Supported Python versions


Installation

Requirements: Python 3.10+ ยท FastAPI 0.135.3+ ยท PyJWT 2.12.1+

pip install missil

Why use Missil?

Permission checks tend to look the same across every protected endpoint: extract the token, verify it, find the area, check the level. Missil moves all of that out of your route functions and into a single declarative line per endpoint โ€” keeping your business logic clean and your access rules explicit and auditable at a glance.

Because permissions are stored as numeric levels per business area, a single token can express fine-grained access across multiple areas of your application without requiring separate tokens or custom middleware.

Quick example

import missil
from fastapi import FastAPI, Response

app = FastAPI() SECRET_KEY = "..."

1. Declare a bearer โ€” reads token from cookie or Authorization header

bearer = missil.TokenBearer("Authorization", SECRET_KEY, permissi)

2. Declare business areas as typed attributes

class AppAreas(missil.AreasBase): finances: missil.Area it: missil.Area

areas = AppAreas(bearer)

3. Protect endpoints โ€” one dependency, no boilerplate

@app.get("/finances/report", dependencies=[areas.finances.READ]) def finances_report(): ...

@app.get("/finances/edit", dependencies=[areas.finances.WRITE]) def finances_edit(): ...

@app.get("/it/admin", dependencies=[areas.it.ADMIN]) def it_admin(): ...

4. Issue a token at login

@app.post("/login") def login(response: Response): claims = { "sub": "user123", "permissions": {"finances": missil.WRITE, "it": missil.READ}, } token = missil.encodejwttoken(claims, SECRETKEY, expirationhours=8) response.set_cookie("Authorization", f"Bearer {token}", httponly=True) return {"msg": "logged in"}

Permission hierarchy

| Level | Constant | Satisfies | |---|---|---| | 0 | READ | READ | | 1 | WRITE | READ, WRITE | | 2 | ADMIN | READ, WRITE, ADMIN |

Higher levels automatically satisfy lower requirements โ€” a user with ADMIN access can reach READ and WRITE protected endpoints without extra entries.

Bearers

Choose the bearer that matches how your client sends the token:

| Bearer | Token source | |---|---| | TokenBearer | Cookie โ†’ falls back to Authorization header | | CookieTokenBearer | Cookie only | | HeaderTokenBearer | Authorization header only |

License

This project is licensed under the terms of the MIT license.

ยฉ 2026 GitRepoTrend ยท ericmiguel/missil ยท Updated daily from GitHub