Flask is a lightweight web framework written in Python built for rapid development. It is a popular, extensible web microframework that lets you develop web applications easily.
Activate the environment: . venv/bin/activate (macOs/Linux) / venv\Scripts\activate.
Install Flask: python3 -m pip install Flask.
Creating the Hello World Application
Let’s edit hello.py:
fromflaskimportFlask# First, we import the Flask class.app=Flask(__name__)
Next, we create a Flask application instance with the name app. Its argument is the name of the application’s module or package. You will use the Flask application instance “app” to handle incoming web requests and send responses to the user.
@app.route("/")
We then use the route() decorator to tell Flask what URL should trigger our function, e.g. “/” signifies that this function will respond to web requests for the URL /, which is the main URL.
It converts the function’s return value into an HTTP response to be displayed by an HTTP client (web browser).
defhello_world():# It returns the message we want to display in the user’s browser. The default content type is HTML.return"Hello Flask!"``Toruntheapplication,```bash$exportFLASK_APP=hello.py(bash)/setFLASK_APP=hello.py(CMD)# We define the FLASK_APP environment variable to tell Flask where to find the application $exportFLASK_ENV=development/setFLASK_ENV=development# We want to run it in development mode $flaskrun# Run the application *ServingFlaskapp'hello'(lazyloading)*Environment:development*Debugmode:on*Runningonhttp://127.0.0.1:5000/(PressCTRL+Ctoquit)*Restartingwithstat*Debuggerisactive!*DebuggerPIN:356-293-861
Open your favorite web browser and type in the URL http://127.0.0.1:5000/ and you will receive the string Hello, World! as a response.
Creating the Hello World ++ Application
The application is going to live in a package. A package in Python is a directory with all the modules combined and a special file named init.py. This file can be empty or can contain some code used to do some initializations before accessing modules under that package. Let’s create a package called app (mkdir app) and edit the init.py for the app package:
fromflaskimportFlask# First, we import the Flask class.app=Flask(__name__)
Next, we create a Flask application instance with the name app. Its argument is the name of the application’s module or package. You will use the Flask application instance “app” to handle incoming web requests and send responses to the user.
fromappimportroutes# Our application instance "app" imports the routes module.
Now, we are going to edit the module app/routes.py:
We then use the route() decorator to tell Flask what URL should trigger our function, e.g. “/” signifies that this function will respond to web requests for the URL /, which is the main URL. It converts the function’s return value into an HTTP response to be displayed by an HTTP client (web browser).
@app.route('/index')# In other words, when a web browser requests / or index, Flask is going to invoke this function and pass the return value of it back to the browser.defindex():now=datetime.now()dt_string=now.strftime("%d/%m/%Y %H:%M:%S")return"Hello Flask! Today is "+dt_string
Python-dotenv reads key-value pairs from a .env file and can set them as environment variables. It helps in the development of applications. Installation: python3 -m pip install python-dotenv. To configure the development environment, add a .flaskenv in the root directory of your project: FLASK_APP=hello.py FLASK_ENV=development
Finally, we need to have a Python source file at the top-level that imports the Flask application instance, hello.py.
#!flask/bin/pythonfromappimportapp# It imports the "app" variable that is a member of the "app" package.if__name__=="__main__":app.run()
Templates
Generating HTML from within Python is not cool. Python configures the Jinja2 template engine for you automatically. The idea is simple, it is about keeping separated the logic of the application from the design. Templates are written as files stored in a templates folder that is inside our application package.
We then use the route() decorator to tell Flask what URL should trigger our function, e.g. “/” signifies that this function will respond to web requests for the URL /, which is the main URL. It converts the function’s return value into an HTTP response to be displayed by an HTTP client (web browser).
@app.route('/hello/')defindex(name=None):now=datetime.now()dt_string="Today is "+now.strftime("%d/%m/%Y %H:%M:%S")returnrender_template('hello.html',name=name,body=dt_string)# To render a template you can use the render_template() method. Then, you need to provide the name of the template ('hello.html') and the variables (name, body) you want to pass to the template engine as keywords arguments.
Flask will look for templates in the /app/templates folder. Let’s create the directory where templates will be stored (mkdir app/templates) and edit a page template (gedit app/templates/hello.html):
<!doctype HTML><title>Hello from Flask</title><body> {% if name %}
{# There are two kinds of delimiters. {% ... %} and {{ ... }}.
The first one is used to execute control statements (if, for) or assign values, the latter prints the result of the expression to the template. #}
<h1>Hello {{ name }}!</h1> {% else %}
<h1>Hello, World!</h1> {% endif %}
<body><p>Today is {{ body }}</p></body>
Flask web development
Flask-Bootstrap and Dominate
A blueprint defines a collection of views, templates, static files, and other elements that can be applied to an application so you can organize it into distinct components. Flask-Bootstrap packages Bootstrap into an extension that mostly consists of a blueprint named ‘bootstrap’. Installation: pip install Flask-Bootstrap.
Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development.
The first step is to import and load the extension, gedit app/init.py:
fromflaskimportFlaskfromflask_bootstrapimportBootstrapapp=Flask(__name__)_Bootstrap(app)_fromappimportroutesgeditapp/routes.pyfromappimportappfrommyExecuteCommandimportsaludo# We are going to create a more elaborated example where we are going to greet our visitors with a cute cow.fromflaskimportrender_template@app.route('/')defindex():returnrender_template('index.html',body=saludo())
Next, we are going to create a new Bootstrap-based template. gedit app/templates/index.html
{% extends 'bootstrap/base.html' %}
“The most powerful part of Jinja is template inheritance. Template inheritance allows you to build a base “skeleton” template that contains all the common elements of your site and defines blocks that child templates can override. The {% extends %} tag is the key here. It tells the template engine that this template “extends” another template,” Flask, Template Inheritance.
{% block title %}Hello from Flask{% endblock %}
{% block head %}
<ink rel="stylesheet" href="{{ url_for('.static', filename='css/bootstrap.min.css') }}">
Dynamic web applications also use static files, such as .css, .js, etc. These files have to be stored on the directory /static, e.g., /static/css/bootstrap.min.css is where Bootstrap’s compiled CSS has been placed. We build a URL using the url_for() function. To generate URLs for static files, we use the special ‘static’ endpoint name.
Containers are the most basic layout element in Bootstrap. The default .container class is a responsive, fixed-width container.
{{ body | safe }}
When generating HTML from templates, there’s always a risk that a variable will include characters that affect the resulting HTML. We use the filter safe to mark content as safe, and therefore not in need of escaping.
Child templates are a useful way to reuse common design elements for more complicated layouts. They are based on blocks. We are using four blocks: title, head, content, and scripts. title and head contain the complete content of the and tag respectively, and content is just a convenience block inside the body. We are using the “scripts” block to house bootstrap.bundle.min.js and jquery.min.js. These JavaScript libraries are necessary for Bootstrap to work.
Dominate is a Python library for creating and manipulating HTML documents. It allows you to write HTML pages in pure Python very easily.
fromdominate.tagsimport*# You need to import the entire tag set.fromasciiArtimportcowtalk""" Display a greeting """defsaludo():miDiv=div(__pretty=False)miDiv.set_attribute('class','row')#
withmiDiv:miDiv1=div()miDiv1.set_attribute('class','col')# We are going to create a one row and two equal-width columns layout.withmiDiv1:cowtalk("Have you mooed today?")miDiv2=div()miDiv2.set_attribute('class','col')withmiDiv2:p("""Beautiful is better than ugly. Explicit is better than implicit. Simple is better than complex [...]
Errors should never pass silently.""")returnmiDiv.render()# It returns the HTML representation.
Python has a simple algorithm for finding a module, e.g., my_module. It just looks for a file called my_module in the directories listed in the variable sys.path. To make sure a directory is on the Python sys.path list, put the directory on your PYTHONPATH environment variable. PYTHONPATH=$PYTHONPATH:’/home/myUser/myAppPath’ export PYTHONPATH
Web applications use different HTTP methods when accessing URLs. By default, a route only answers to GET requests. GET is used to request data from a specified resource.
Observe that the query string (key/value pairs) is sent in the URL of a GET request, e.g, http://justtothepoint.com?arg1=value1&arg2=value2. It begins after the question mark character (?) and has key-value pairs separated by an ampersand character (&).
We are going to add a query string to the get-example route: http://127.0.0.1:5000/get-example?string=hola. Let’s edit our app/routes.py file:
When the Flask application handles a request, it creates a Request object. The Request object holds all incoming data from the request which includes IP address, HTTP method, headers, etc. Request.args is a MultiDict with the parsed contents of the query string.
mystring=request.args.get('string')# If the key doesn't exist, it returns Nonereturn'''<h1>The string is: {}.</h1><p>Its length is: {}.<br>The reversed string is {}.</p>'''.format(mystring,len(mystring),reverse(mystring))
The string is: hola. Its length is: 4. The reversed string is aloh.
A POST request is used to send data to the server using HTML forms. So instead of seeing the data in the URL, the form data will be passed to the app behind the scenes. Let’s edit our app/routes.py file again.
fromflaskimportFlask,render_template,request,redirect@app.route('/form-example',methods=['GET','POST'])# We will navigate to the URL: http://127.0.0.1:5000/form-example.defform_example():ifrequest.method=='POST':# The request.method is the method the request was made with, such as POST or GET. If the request method is POST, we will process the incoming data (base, height) and display the area of the given triangle. base=request.form.get('base')height=request.form.get('height')return'''
<h1>The area of the triangle with base {} and height {} is: {}</h1>'''.format(base,height,0.5*float(base)*float(height))# Otherwise, we need to handle the GET requestreturnrender_template('form.html')# We will redirect the user to the form.html page so he can introduce the triangle's base and height.
Edit app/templates/form.html
<h1>Calculate the area of a triangle</h1><form method="POST"><div><label>Base: <input type="text" name="base"></label></div><br><div><label>Height: <input type="text" name="height"></label></div><br><input type="submit" value="Submit"></form>
Web Development with Flask
The result is: The area of the triangle with base 4 and height 3 is: 6.0
User Authentication
We will use Flask-Login. It “provides user session management for Flask. It handles the common tasks of logging in, logging out, and remembering your users’ sessions over extended periods of time.” Installation: pip install flask-login.
First, we will create a file, app/models.py to store user credentials. It will use SQLite database, Flask_SQLAlchemy, and Flask_Login. SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. Flask-SQLAlchemy is an extension for Flask that adds support for SQLAlchemy to our application: pip install flask-sqlalchemy.
There are two base classes for our data model: db.Model and UserMixin.
db.Model is stored on the SQLAlchemy instance that we need to create (*).
A second base class is UserMixin from the Flask_Login library. Our user class needs to implement these properties and methods: is_authenticated (it should return True if the user is authenticated), is_active (it should return True if this is an active user -in addition to being authenticated), is_anonymous (it should return True if this is an anonymous user), and get_id() (it returns a Unicode that uniquely identifies this user). UserMixin provides default implementations for all of these properties and methods.
fromflask_sqlalchemyimportSQLAlchemyfromflask_loginimportUserMixin,LoginManagerfromwerkzeug.securityimportgenerate_password_hash,check_password_hashlogin=LoginManager()# The most important part of an application that uses Flask-Login is the LoginManager class. It contains the code that lets your application and Flask-Login work together, such as how to load a user from an ID, where to send users when they need to log in, and the like. We create a LoginManager instance.db=SQLAlchemy()# We create a SQLAlchemy instance (*)classUser(UserMixin,db.Model):__tablename__='myUsers'# We define the table's name id=db.Column(db.Integer,primary_key=True,autoincrement=True)# The table myUsers has four columns: id (primary key, it forces the id column to behave as a completely unique index for the table; autoincrement=True means that each successive insert into the table will automatically assign a value greater than any previous row of the table), email, username, and password.email=db.Column(db.String(80),unique=True)username=db.Column(db.String(50))password=db.Column(db.String(255))def__init__(self,name,email,password):self.username=nameself.password=generate_password_hash(password)
It takes plaintext password, hashing method=‘pbkdf2:sha256’ and salt_length=16 as an input to produce hashed password. The output string contains hashing method, salt, and hashed password concatenated with the $: method$salt$hash, e.g., $pbkdf2:sha256:260000$ffXwWiHydD8S7EVT$00055d5b08b96a78a2ad4dcd7e860cb35a5cd2b823da642ab373d24b829b1fc9
self.email=emaildefset_password(self,password):self.password=generate_password_hash(password)defcheck_password(self,password):returncheck_password_hash(self.password,password)def__repr__(self):return''.format(self.username)# We need to provide a user_loader callback. It is used to reload the user object from the user ID stored in the session. It should take the ID of a (logged-in) user and return the corresponding user object. User.query.get retrieves a user by its primary key. @login.user_loaderdefload_user(id):returnUser.query.get(int(id))
gedit app/ini.py
fromflaskimportFlaskfromflask_bootstrapimportBootstrapfrommodelsimportdb,loginapp=Flask(__name__)# We create the Flask applicationapp.config['SECRET_KEY']='7e1dd8c0022ea022cf53ff140b58b964a492e6f6'
In order to use sessions (it allows you to store information specific to a user from one request to the next) you have to set a secret key (signing cookies is a preventive measure against cookie tempering and the secret key is used in a way similar to how a “salt” would be used to muddle a password before hashing it).
How do you get a good secret key? I am glad that you ask me that question:
app.config['SQLALCHEMY_DATABASE_URI']='sqlite:///mydatabase.db'# After creating the Flask application, we load the configuration. Flask-SQLAlchemy loads those values from the main Flask config. SQLALCHEMY_DATABASE_URI, the database URI that should be used for the connection.app.config['SQLALCHEMY_TRACK_MODIFICATIONS']=False# SQLALCHEMY_TRACK_MODIFICATIONS. If set to True, Flask-SQLAlchemy will track modifications of objects and emit signals.db.init_app(app)# It assigns the database of SQLAlchemy to our Flask app.@app.before_first_request# Functions decorated with @app.before_first_request will run once before the first request to the instance of the application.defcreate_table():db.create_all()# It creates the initial database# We configure our Flask app for login (login = LoginManager()) with: login.init_app(app)# In other words, we are linking the login and the db instances to our app.login.login_view='login'
By default, when a user attempts to access a login_required view without being logged in, Flask-Login will flash a message and redirect them to the login view. The name of the login view is set with LoginManager.login_view.
Bootstrap(app)
from app import routes
gedit app/routes.py
fromappimportappfrommyExecuteCommandimportsaludofromflaskimportFlask,render_template,request,redirectfromflask_loginimportlogin_required,current_user,login_user,logout_userfrommodelsimportUser,db,login@app.route('/')@app.route('/index')@login_required# Views that require their users to be logged in can be decorated with the login_required decorator.defindex():returnrender_template('index.html',body=saludo())@app.route('/login',methods=['POST','GET'])deflogin():ifcurrent_user.is_authenticated:# flask_login.current_user is a proxy for the current user. If the current user is already authenticated, we redirect it to the index.html page.returnredirect('/index')ifrequest.method=='POST':# We are going to handle a post request. A POST request is used to send HTML form data (login.html) to our app.email=request.form['email']# To access form data, we use request.form, but first we should add a conditional statement to validate we're receiving POST data (If request.method=='POST'). request.form is the key/value pairs in the body from a HTML post form. user=User.query.filter_by(email=email).first()# User.query.filter_by retrieves a user by email. ifuserisnotNoneanduser.check_password(request.form['password']):# If there was a user in the database with this email and his password is the same that the one that we are getting from the login.html form ...login_user(user)# ... we log him in with the Flask-Login's login_user functionreturnredirect('/index')# and redirect him to the index viewreturnrender_template('login.html')# The current user is not authenticated and we are going to handle a GET request. We will redirect the user to the login.html page so he can introduce his credentials.@app.route('/register',methods=['POST','GET'])defregister():ifcurrent_user.is_authenticated:# flask_login.current_user is a proxy for the current user. If the current user is already authenticated, we redirect it to the index.html page.returnredirect('/index')ifrequest.method=='POST':# We are going to handle a post request. A POST request is used to send HTML form data (register.html) to our app.email=request.form['email']# We retrieve the email, username and password values from the form.username=request.form['username']password=request.form['password']ifUser.query.filter_by(email=email).first():# User.query.filter_by retrieves a user by email.return('This email is already in our database')# We send the user a message that the email is already in useuser=User(email=email,name=username,password=password)# If the email is not in our database, we are going to insert a new row into our myUsers table. It is a three step process: 1. We create an instance or an object of our User class.db.session.add(user)# 2. We add it to the session.db.session.commit()# 3. Commit the session, and by doing so, add the user to the database.returnredirect('/login')# We redirect the user to the login view so he can log in.returnrender_template('register.html')# We are going to handle a GET request. We will redirect the user to the register.html page so he can register into the application.
You should install SQLite (Ubuntu, Debian, and derivates: sudo apt install sqlite). Then, connect to myDatabase.db: sqlite3 myDatabase.db. After that, you can list all databases (sqlite> .databases) and tables (sqlite> .tables). Finally, you can query the users table: sqlite> select * from users;
@app.route('/logout')# The logout view simply log users out.deflogout():logout_user()# we log him out with the Flask-Login's logout_user() function and any cookies for his session will be cleaned upreturnredirect('/index')# and redirect him to the index view
{% extends "bootstrap/base.html" %}
{% block title %}Hello from Flask{% endblock %}
{% block head %}
<link rel="stylesheet" href="{{ url_for('.static', filename='css/bootstrap.min.css') }}">{% endblock %}
{% block content %}
<form action="" method = "POST"><div class="container-fluid"><!–– We use .container-fluid for a full width container, spanning the entire width of the viewport.––><div class="row"><div class="offset-md-4 col-md-4"><!–– We move columns to the right using .offset-md-* classes. ––><h2>Login</h2><hr><div class="form-group"><label for="exampleInputEmail1">Email address</label><input type = "email" name = "email" class="form-control" id="exampleInputEmail1" aria-describedby="emailHelp" placeholder="Enter email" /><small id="emailHelp" class="form-text text-muted">We'll never share your email with anyone else.</small></div><div class="form-group"><label for="exampleInputPassword1">Password</label><input type="password" name = "password" class="form-control" id="exampleInputPassword1" placeholder="Password"v/></div><br><input class="btn btn-primary" type = "submit" value = "Submit" /><br> If you don't have an account... <a href = "{{url_for('register') }}">Register Here</a></div></div></div></form>{% endblock %}
{% block scripts %}
<script src="{{url_for('.static', filename='js/bootstrap.bundle.min.js')}}"></script><script src="{{url_for('.static', filename='js/jquery.min.js')}}"></script>{% endblock %}
Web Development with Flask
gedit app/templates/register.html
{% extends "bootstrap/base.html" %}
{% block title %}Hello from Flask{% endblock %}
{% block head %}
<link rel="stylesheet" href="{{ url_for('.static', filename='css/bootstrap.min.css') }}">{% endblock %}
{% block content %}
<form action="" method = "POST"><div class="container-fluid"><div class="row"><div class="offset-md-4 col-md-4"><h2>Register</h2><hr><div class="form-group"><label for="exampleInputEmail">Email address</label><input type = "email" name = "email" class="form-control" id="exampleInputEmail1" aria-describedby="emailHelp" placeholder="Enter email" /><small id="emailHelp" class="form-text text-muted">We'll never share your email with anyone else.</small></div><div class="form-group"><label for="exampleInputUsername">Username</label><input type = "text" name = "username" class="form-control" id="exampleInputEmail1" aria-describedby="emailHelp" placeholder="Enter email" /></div><div class="form-group"><label for="exampleInputPassword1">Password</label><input type="password" name = "password" class="form-control" id="exampleInputPassword1" placeholder="Password"v/></div><br><input class="btn btn-primary" type = "submit" value = "Submit" /><br></div></div></div></form>{% endblock %}
{% block scripts %}
<script src="{{url_for('.static', filename='js/bootstrap.bundle.min.js')}}"></script><script src="{{url_for('.static', filename='js/jquery.min.js')}}"></script>{% endblock %}
Bibliography: A. AskPython, Python Tutorials and examples. Flask User Authentication. B. J2logo, el blog de Python, Tutorial Flask. C. Digital Oceans Tutorials, How To Make a Web Application Using Flask. D. miguelgrinberg.com, The Flask Mega-Tutorial.
This website uses cookies to improve your navigation experience. By continuing, you are consenting to our use of cookies, in accordance with our Cookies Policy and Website Terms and Conditions of use.
