# FastAPI Endpoint Missing Authentication

- ID: fastapi-missing-authentication
- Severity: HIGH
- CWE: CWE-306 (CWE-306)
- Languages: Python
- Frameworks: fastapi

## Description

Detects FastAPI endpoints that perform sensitive operations without
authentication via Depends() dependency injection.

## Detection Message

Endpoint performs sensitive operations without Depends(get_current_user) or similar auth

## Remediation

Add authentication via dependency injection:

```python
from fastapi import Depends, FastAPI
from fastapi.security import OAuth2PasswordBearer

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")

async def get_current_user(token: str = Depends(oauth2_scheme)):
    # Verify token and return user
    return user

@app.delete("/users/{user_id}")
async def delete_user(
    user_id: int,
    current_user: User = Depends(get_current_user)  # Required auth
):
    # Only authenticated users can delete
    pass
```

## Documentation

[object Object]

## Related Rules

- **Django View Missing Authentication** [HIGH]: 
- **Echo Missing JWT Middleware** [HIGH]: 
- **Fiber Missing JWT Middleware** [HIGH]: 
- **Gin Missing JWT Middleware** [HIGH]: 
- **NestJS Endpoint Missing Authentication Guard** [HIGH]: