# Hashing passwords via FastAPI

The FastAPI documentation already has a good article on this topic: [Click here!](https://fastapi.tiangolo.com/tutorial/security/oauth2-jwt/)

* First thing we have to do is install <mark style="color:orange;">`passlib`</mark> to use<mark style="color:orange;">`bcrypt`</mark>

```bash
pip install passlib[bcrypt]

# If the above does not work use:
pip install passlib
pip install bcrypt
```

* We will have to import the <mark style="color:orange;">`CryptContext`</mark> and tell <mark style="color:orange;">`passlib`</mark> what is the default hashing algorithm&#x20;

```python
from passlib.context import CryptContext

pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
```

* We also have to update the operation path

```python
@app.post("/users", status_code=status.HTTP_201_CREATED, response_model=schemas.UserOut)
def create_user(user: schemas.UserCreate, db: Session = Depends(get_db), ):

    # Hash the Password - user.password
    hashed_password = pwd_context.hash(user.password)
    user.password = hashed_password

    new_user = models.User(**user.dict())

    db.add(new_user)
    db.commit()
    db.refresh(new_user)

    return new_user
```

* Before creating the user, we are getting the password hashed via <mark style="color:orange;">`pwd_context.hash`</mark>&#x20;
* After which we are replacing <mark style="color:orange;">`user.password`</mark> in the schema with the hashed password
* As this is updated it should store the hashed password in the database

#### A better approach would be to create an additional file where we would store useful code

* We will call this file <mark style="color:green;">`utils.py`</mark>
* In this file we can import all the logic and define a function to hash our password

```python
from passlib.context import CryptContext

pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")

def hash(password: str):
    return pwd_context.hash(password)
```

* The thing that changes in our `main.py` file is the import and the variable passed in the operation path

```python
from . import models, schemas, utils

@app.post("/users", status_code=status.HTTP_201_CREATED, response_model=schemas.UserOut)
def create_user(user: schemas.UserCreate, db: Session = Depends(get_db), ):

    # Hash the Password - user.password
    hashed_password = utils.hash(user.password) # Here
    user.password = hashed_password

    new_user = models.User(**user.dict())

    db.add(new_user)
    db.commit()
    db.refresh(new_user)

    return new_user
```