Pre-Processor Function

[LucasQR]

Solves:
This pr solves #242

Description

This PR introduces CreateConfig and UpdateConfig classes that enable automatic server-side field injection during create
and update operations. This feature allows developers to automatically inject fields (like user_id from authentication
context, timestamps, audit fields) before writing to the database, while optionally hiding these fields from the API
request schema.

Changes

New Classes and Functions

• CreateConfig class (fastcrud/endpoint/helper.py): Configuration for create operations with auto_fields and
  exclude_from_schema attributes
• UpdateConfig class (fastcrud/endpoint/helper.py): Configuration for update operations with the same attributes
• _create_auto_field_injector() helper (fastcrud/endpoint/helper.py): Creates dynamic dependency functions following the
  FilterConfig pattern, using inspect.Signature for proper FastAPI dependency injection
• _create_modified_schema() helper (fastcrud/endpoint/helper.py): Dynamically creates Pydantic schemas with specified
  fields excluded using pydantic.create_model()

Modified Files

• fastcrud/init.py: Added CreateConfig and UpdateConfig to exports
• fastcrud/endpoint/crud_router.py: Added create_config and update_config parameters
• fastcrud/endpoint/endpoint_creator.py:
  • Added create_config and update_config parameters to init
  • Modified _create_item() to inject auto_fields and apply schema modifications
  • Modified _update_item() to inject auto_fields and apply schema modifications
  • Proper handling of decorator order for type safety with _apply_model_pk

API Usage Example

  from fastcrud import crud_router, CreateConfig, UpdateConfig
  from datetime import datetime

  async def get_current_user_id(session_token: str = Cookie(None)):
      user = await verify_token(session_token)
      return user.id

  def get_current_timestamp():
      return datetime.utcnow()

  create_config = CreateConfig(
      auto_fields={
          "user_id": get_current_user_id,      # Injected from cookie via Depends
          "created_at": get_current_timestamp,  # Computed value
      },
      exclude_from_schema=["user_id", "created_at"]  # Hidden from API docs
  )

  router = crud_router(
      session=get_db,
      model=Item,
      create_schema=CreateItemSchema,
      update_schema=UpdateItemSchema,
      create_config=create_config,
  )

Tests

Added comprehensive test coverage in tests/sqlalchemy/endpoint/test_create_update_config.py:

• ✅ test_create_with_auto_fields - Verifies that auto_fields are properly injected during create operations
• ✅ test_update_with_auto_fields - Verifies that auto_fields are properly injected during update operations
• ✅ test_create_without_config_still_works - Ensures backwards compatibility when configs are not provided
• ✅ test_create_config_multiple_auto_fields - Tests injection of multiple fields simultaneously
• ✅ test_create_with_exclude_from_schema - Verifies that fields are excluded from the request schema while still being injected server-side
• ✅ test_update_with_exclude_from_schema - Verifies schema exclusion works for update operations

All tests pass successfully. The implementation also passes:

• ✅ uv run ruff check fastcrud - All checks passed
• ✅ uv run mypy fastcrud --config-file mypy.ini - Success: no issues found (without using type: ignore comments)

Additional Notes

Key Features

• Adding user_id from HTTP-only cookies without allowing frontend to set it
• Setting timestamps (created_at, updated_at) automatically
• Adding audit fields (created_by, updated_by) from authentication context
• Preventing clients from modifying sensitive or computed fields

Checklist

• [ ✓] I have read the CONTRIBUTING document.
• [ ✓] My code follows the code style of this project.
• [ ✓] I have added necessary documentation (if appropriate).
• [ ✓] I have added tests that cover my changes (if applicable).
• [ ✓] All new and existing tests passed.

[LucasQR]

Do you want to review this pr @Slluxx? since you were the one who asked for this functionality, you should say if it does what you need it to do

[Slluxx]

Yeah, this is exactly what i wished for! Im sure this will help a lot of people. I wonder if a DeleteConfig would make sense?

[Slluxx]

@LucasQR quick reminder

[LucasQR]

I just need you to tell me how it would work so i can tell you if it makes sense and add it to the code if it does

[Slluxx]

Well, lets assume a user has a list of items, linked via userid. A user is able to create, modify and delete items. Then i need to get the user token via http cookie, use the pre-processor to get the user-id and then delete the entries.

Same as with create and update, just for deleting - making sure a user valid and not injecting some id to delete other users entries.

[igorbenav]

I talked about UpdateConfig here, @LucasQR

[Slluxx]

@LucasQR @igorbenav

Just to avoid any confusion, we should make clear what needs to be done and who is working on it. I am not quite sure what @igorbenav last message means.

• Do you want to work on this (as opposed to @LucasQR)?
• Did @LucasQR miss anything?
• Where do you want conversations to happen? Here or in the issue?

[igorbenav]

@LucasQR is the one working on it, I review his work (and you review it as well). Conversation related to the PR should happen here

[LucasQR]

@Slluxx i made the delete, do you want to take a look?

[Slluxx]

Looks good to me!

[AlphaO612]

Is It planning to merge?

Cuz i so waiting this!🙏 looks so great for my locals projects! It'll so helps me!

[LucasQR]

I'll check with @igorbenav about it and get back to you

[igorbenav]

Hey guys, merging it (and some other stuff) and creating a new release tomorrow

[igorbenav]

Didn't have the time, sorry. I'll try to do it tomorrow (Monday)

[igorbenav]

@LucasQR it's just missing the docs update so I can merge it

[AlphaO612]

I didn't find any commits or text in release's doc that it's already released...

I will be in next release version or i missed something? Am i right?

[igorbenav]

@AlphaO612 you'll see here as server-side field injection. It's also in the docs.