# Flask Project Structure:

Structure<pre>
_**your_app/**
_    app.py     : the **app main** file.
_    **templates/** : containts **Templates files** (eg:HTML).
_    **static/**    : containts **Styling files** (eg:PNG).
_       **css/** : contains **CSS files**.
_       **img/** : contains **Images**.
_       **js/** : contains **Javascript files**.

## Set Enviroment Variables:
#### **In Comand Prompt:**
we use **set** command.<pre>
- **FLASK_APP**:which directs to our python files.
- **FLASK_RUN_PORT**:to change the **port**,default is 5000.
- **FLASK_DEBUG**: to turn on(1) or off(0) debug mode which is used in development only.

# Communication Protocols
used to enable communication between clients and servers.

<table border="1" cellpadding="10" cellspacing="0">
  <thead>
    <tr>
      <th>Feature</th>
      <th>RESTful API</th>
      <th>gRPC</th>
      <th>Socket.IO</th>
      <th>AJAX</th>
    </tr>
  </thead>
  <tbody>
    <tr>
      <td>Communication Model</td>
      <td>Request-Response</td>
      <td>Remote Procedure Call (RPC)</td>
      <td>Real-time, Bidirectional Communication</td>
      <td>Request-Response (Asynchronous)</td>
    </tr>
    <tr>
      <td>Data Format</td>
      <td>JSON or XML</td>
      <td>Protocol Buffers (Protobuf) (Binary)</td>
      <td>JSON</td>
      <td>JSON, XML, or plain text</td>
    </tr>
    <tr>
      <td>Protocol</td>
      <td>HTTP/HTTPS</td>
      <td>HTTP/2</td>
      <td>WebSockets or Long Polling</td>
      <td>HTTP</td>
    </tr>
    <tr>
      <td>Statefulness</td>
      <td>Stateless</td>
      <td>Stateless</td>
      <td>Persistent Connection (Stateful)</td>
      <td>Stateless (per request)</td>
    </tr>
    <tr>
      <td>Performance</td>
      <td>Lower due to text-based format (JSON)</td>
      <td>Higher, optimized for low-latency, high-throughput</td>
      <td>Moderate (real-time, but not as fast as gRPC)</td>
      <td>Depends on request size and server response speed</td>
    </tr>
    <tr>
      <td>Use Case</td>
      <td>CRUD operations, public APIs, server-to-client</td>
      <td>High-performance service-to-service, microservices</td>
      <td>Real-time applications (chat, notifications, games)</td>
      <td>Dynamic page updates without reloading, client-side interactions</td>
    </tr>
    <tr>
      <td>Support for Streaming</td>
      <td>Limited (HTTP request/response)</td>
      <td>Bidirectional streaming (client-server)</td>
      <td>Real-time, continuous streaming</td>
      <td>Not inherently, but can be done with polling</td>
    </tr>
    <tr>
      <td>Best for</td>
      <td>Public APIs, Web services</td>
      <td>Internal APIs, microservices, AI model deployments</td>
      <td>Real-time interaction, live apps</td>
      <td>Asynchronous data loading for a smooth user experience</td>
    </tr>
    <tr>
      <td>Client-Side Use</td>
      <td>Browser, mobile apps, external clients</td>
      <td>Primarily server-to-server, but can be used in mobile apps</td>
      <td>Browser for real-time communication (chat, notifications)</td>
      <td>Browser (via JavaScript)</td>
    </tr>
  </tbody>
</table>


# Flask Tutorial

## Create Flask App:
you can **run it in terminal** using **flask run** command.

In [None]:
from flask import Flask
app = Flask(__name__,template_folder='html_files',static_folder='static')


- You can specify the templates folder and static folder.
- **\_\_name\_\_**  is magical variable which points to our local file.

#### Configuration:
**app.config** is a dictionary in Flask where you can store configuration variables for the app.<br>
Flask extenstions like SQLAlchemy look for specific keys in this dictionary to configure themselves.

We can save configuration in separated file :

In [None]:
# config.py
SECRET_KEY = 'as48#%^8~+~09d8as8@)#@d4asd56@#^&*as45d)_#%49)((a'
SQLALCHEMY_DATABASE_URI = 'sqlite:///./usersdb.db'
RECAPTCHA_PUBLIC_KEY = '6LevelUqAAAAACcUUls4-j2BYltwNj6O06N41NUH'
RECAPTCHA_PRIVATE_KEY = '6LevelUqAAAAAATW589QQhU8V4cGzUV4zPWiZhN5'

In [None]:
import config
app = Flask(__name__)
# Load configurations from config.py
app.config.from_object(config)

## Routes & URLs:

### Routes:
are the pages in the webapp.<br>
We specify the **url** of page using the decorator **app.route** for a **function** which it will handle the all requests that are ariving to that url.
#### **Notes:**<pre>
- All URLs must start with **/**.
- Home URL is **/**.

In [None]:
# Add the Home Page
@app.route("/")
def home():
    return 'Welcome To Our Simple Webapp'

### Dynamic Routes:
for example in facebook, each user profile has its unique page<br>
so the developers of facebook ,when a new user sign up, they create new route ? of course no.<br>
The dynamic route is used, which **takes input** using **\<type:input\>** and new page is directly used for it.<br>
-**Default Type** is string.
#### **Note**:<pre>
- if the input value type is not same as specific type, no url will appear.

In [None]:
# Add Dynamic About Page
@app.route("/about/<username>")
def about(username):
    return f"<h1>Hello {username}<h1>"

### URL Parameters:
in some websites in the url we see for example: **?username=dsa&password=dasda**,which is insecure and used for only unimportant data.<br>
here username & password are called **url parameters**<br>
-We handle them using **flask request package**

In [None]:
from flask import request
@app.route("/login")
def login():
    # Get the parameters
    username = request.args.get('username')
    password = request.args['password']
    
    # Just priting parameters
    return f"<h1>username = {username}\npassword = {password}<h1>"

The parameters are saved in dictionary.<br>
In last example the dict should be:
**{"username":"dsa","password":"dasda"}**

If you miss or ignore a param you face **BadRequestKeyError**.

### Key Attributes and Methods in request:

#### request.method
The HTTP method used for the request (e.g., 'GET', 'POST').

#### request.args
The query string arguments (in the URL) as a dictionary.

#### request.form
Data from an HTML form (sent with `POST` or `PUT` requests).

#### request.json
JSON data sent in the request body (for `POST` or `PUT` requests with JSON content).

#### request.headers
The headers sent in the HTTP request as a dictionary.

#### request.cookies
Access to cookies sent by the client.

#### request.files
Access to uploaded files.

#### request.endpoint
The name of the view function that is handling the current request.

#### request.url
The full URL that was requested (including the query string).

#### request.path
The URL path of the request (excluding the query string).

#### request.remote_addr
The IP address of the client making the request.

#### request.referrer (or request.referer)
The referring URL (the URL that linked to the current request).

#### request.user_agent
The user-agent string (information about the browser/client).

#### request.blueprint
The name of the blueprint that is handling the request (if using blueprints).

#### request.scheme
The URL scheme (http or https).

#### request.is_json
Returns `True` if the request's content-type is JSON.

#### request.full_path
The full path of the request (including the query string).

#### request.get_data()
Returns the raw data sent in the request (useful for custom handling).

#### request.get_json()
Parses the request body as JSON and returns it (similar to `request.json` but can be used with more options).

#### request.host
The host of the request (e.g., localhost:5000 or example.com).


#### Request.methods:
Flask supports several **HTTP request methods**, allowing you to handle **different types** of request:<br><pre>
- **GET**: 
    - **Purpose**: Retreives data from the server.
    - **Usage**: The most common request often used for fetching data(eg:visiting a web page).
- **POST**:
    - **Purpose**: Sends data to the server,often used for creating or updating resources.
    - **Usage**: Common for submitting forms or uploading files.
- **PUT**:
    - **Purpose**: Updates an existing resource on the server.
    - **Usage**: Used for updating data, often with APIs.
- **DELETE**:
    - **Purpose**: Delete a resource from the server.
    - **Usage**: Used to delete records or resources.
- **PATCH**:
    - **Purpose**: Partially updates a resource.
    - **Usage**: Useful for making small changes without replacing the entire resource.

We specify the methods in the **methods** argument of the **@app.route** decorator.<br>
The default method is **GET**.

In [None]:
@app.route('hello',methods=['GET','POST'])
def hello():
    if request.method == 'GET':
        # Do something
        pass
    else: # Which is here POST method
        # Do something
        pass

### Status Codes:
HTTP status code indicate the **result of HTTP request**. Flask allows you to set custom status codes to indicate the success, failure, or type of response.
</pre>
#### **Summary**:<pre>
- **1xx**: Informational.
- **2xx**: Success.
- **3xx**: Redirection required.
- **4xx**: Client-side error.
- **5xx**: Server-side error.
##### **Custom Status Codes:**<pre>
- **200 OK**: Request was succeful(default for GET).
- **201 Created**: The request was succeful, and a new resource was created.
- **400 Bad Request**: The request was invalid or cannot be processed.
- **401 Unauthorized**: Authenticatoin is required ir has failed.
- **404 Not Found**: The requested resource could not be found.
- **500 Internal Server Error**: A generic server error occured.

In [None]:
@app.route('/success')
def success():
    return 'Success',200 # Custom Status Code for OK

### Custome Responses:
We can create custom responses by returning more than just a **string or JSON**. You can return a **response object** that includes a **custom status code**, **headers** , or other details.<br>
This allows you to customize how the server responds to specific requests.

**jsonify** is a Flask Utility that converts **Python data structure** into **valid JSON response**.

In [None]:
from flask import jsonify,make_response

@app.route('/custom')
def custom():
    # Creating a Custom JSON response with 201 (Created) Status Code
    response = make_response(jsonify('Hello','What\'s up'))
    response.status_code = 201
    # Custom Headers
    response.headers['Custom-Header'] = 'CustomValue'
    return response

### Custom Response Structure:<pre>
- **Response Body:** You can return custom content (like JSON or HTML).
- **Custom Headers:** Add custom headers to the response.
- **Custom Status Code:** Set an appropriate HTTP status code.

## App Decorators

These decorators modify or enhance the behavior of the Flask application itself, such as handling requests, responses, errors, and context.

### before_request
Runs code before each request.

In [None]:
# Check if the user is logged in before processing any request (e.g., for pages that require authentication).

@app.before_request
def check_authentication():
    if not session.get('logged_in') and request.endpoint != 'login':
        return redirect(url_for('login'))

### after_request
Runs code after each request (to modify the response).

In [None]:
# Add custom headers or perform logging after each request.

@app.after_request
def add_security_headers(response):
    response.headers['X-Content-Type-Options'] = 'nosniff'
    response.headers['X-Frame-Options'] = 'DENY'
    return response

### teardown_request
Cleans up resources after a request is finished.

In [None]:
# Close database connections after each request.

@app.teardown_request
def close_db_connection(exception=None):
    db_session.remove() 

### errorhandler
Handles specific HTTP errors.

In [None]:
# Handle 404 errors gracefully in an e-commerce website by showing a custom error page.

@app.errorhandler(404)
def page_not_found(e):
    return render_template('404.html', error=e), 404

### context_processor
Injects variables into the template context.

In [None]:
# Inject commonly used data into all templates, such as the current year for a footer in a web app.

@app.context_processor
def inject_current_year():
    return {'current_year': datetime.utcnow().year}

### template_global 
Registers global template variables or functions.

In [None]:
# Create a global function to format user names across different templates.

@app.template_global()
def format_username(user):
    return f"{user.first_name} {user.last_name[0]}."

## Templates:

We **save** templates in folder usually called **templates** or specify the directory:

In [None]:
app = Flask(__name__,template_folder='html_files')

### Rendering HTML Templates:


using **render_template**<br>
##### Params:<pre>
- **Template Name**: the name of  HTML or JSON file.
- **Context**: the Dynamic Variables to make avaible in template.

In [None]:
from flask import render_template
# Add the Home Page
@app.route("/")
def home():
    name = 'JOHN'
    ages = [10,5,40,31,26,12]
    return render_template('home.html',name=name,ages=ages)

We use jinja2 engine in the template file to accept inputs.

### Jinja2 Templating Language:<pre>

#### Syntax:
- **Expressing Statement**: {{ variable_name }}
- **Control Structures(if,for,while,..)**: {% for item in my_list %} --> do something --> {% endfor %}
- **Block**: {% block 'block_name' %} default value {% endblock %}.
- **Extends**: {% extends "base.html" %}
- **Filters**: {{ variable_name|filter1|filter2|... }}.
- **Define Temporarily Variable**: {% with %}
</pre>

**Example:**<br>
the HTML code for last python code:<pre>

In [None]:
<body\>
    <ul\>
        {% for age in ages %}
         <li\>{{ age }}</li\>
        {\% endfor %}
    </ul\>
 </body\>

#### Extending(Inhereting) Templates:
for example all the templates in the app have the same navigation or same head section, we dont wanna rewrite it everytime.<br>
So we **keep only** the **unique content** and **everything else is same** as other files.<br>


##### **Steps:**
1- We first **create** the **base template** which other files inherent from it.<br>
2- Write in it the **constant content**.<br>
3- Specify int it the **dynamic parts** using **block statement**.<br>
4- In other files which will inheret from the base file,use **extends statement**.<br>
5- Then use **block statement** to specify the values of the **blocks** are specific in base template. 

##### **Example:**

<h5>Base Template:</h5>

In [None]:
<html>
    <head>
        <title>{% block title %}Home{% endblock %}</title>
    </head>
    <body>
        <h1> This is ALWAYS HERE</h1>
        {% block content%}{% endblock%} 
    </body>
</html>

<h5>Other Template:</h5>

In [None]:
{% extends "base_template.html" %}
{% block content %}
        <h1>Hello {{ name }}</h1>
        <ul>
            {% for item in my_list %}
            <li>{{item}}</li>
            {% endfor %}
        </ul>
{% endblock %}

In this Example,other files have inheret everything in the base temp except <title\>, <body\>.

#### Filters:
are used to **modify** the output of variables or expressions.<br>
They are applied using the **pipe** (|) symbol.<br>
**Some Common Filters:**<br>
- lower.<br>
- length.<br>
- replace('old','new')<br>
...

We can create custom filters to apply custom operators.

In [None]:
@app.template_filter('reverse_string')
def reverse_string(s):
    return s[::-1]

### Dynamic URLs:
**url_for** utility is used to **dynamically generate URLs** for routes defined in your application.It helps **avoid hardcoding URLs**,making the app more flexible and maintainable.

In [None]:
from flask import url_for
@app.route('/user/<username>')
def show_user(username):
    return f"{username}"

print(url_for('show_user',username='john'))

In Jinja2:

In [None]:
{{ url_for('show_user') }}

### Redirect:
**redirect** utility is used to redirect a client to a **different URL**.

In [None]:
from flask import redirect
@app.route('login',methods=['GET','POST'])
def login():
    if request.method == 'GET':
        return render_template('login.html')
    else: # POST method
        return redirect(url_for('welcome'))

## Forms & Json:

### Handling Forms:
**Two Methods:**<br>
- Plain Html Forms.
- Flask-WTF/WTForms.<br>

**When to Use Them:** <br>
<table>
    <tr>
        <th></th>
        <th>Plain HTML Forms</th>
        <th>Flask-WTF/WTForms</th>
    </tr>
    <tr>
        <th>Simplicity</th>
        <td>Form is extremely simple.</td>
        <td>Need more complex form handling.</td>
    </tr>
    <tr>
        <th>Validation</th>
        <td>Rely solely on client-side validation.</td>
        <td>Forms require server-side validation.</td>
    </tr>
    <tr>
        <th>Security</th>
        <td>Not dealing with sensitive data and security isn’t a concern.</td>
        <td>Reverse.</td>
    </tr>
    <tr>
        <th>Maintainess</th>
        <td>Reverse.</td>
        <td>Want to keep your codebase clean, modular, and easy to maintain as your application grows.</td>
    </tr>
</table>

**Conclusion:**
Flask-WTF and WTForms provide a higher level of convenience, security, and maintainability than plain HTML forms.

#### **First Method(Plain HTML Forms):**
we use **request.form** to accept inputs to server.<br>
HTML Code (Example):

In [None]:
<form method="POST" action = '{{ url_for("about") }}'>
    <label for="username">Username</label>
    <input type="text" name="username"><br>
    <label for="password">Password</label>
    <input required type="password" name="password"><br>
    <input type="submit" value='login'>
</form>

in **input tags**, the **name argument** specifys the key name in the request form args.

In [None]:
@app.route('/login',method = ['GET','POST'])
def login():
    if request.method == 'GET':
        return render_template('login.html')
    elif request.method == 'POST':
        # For optional inputs
        if 'username' in request.form.keys():
            username = request.form.get('username')
        # For required inputs
        password = request.form.get('password')

Or ,you can separate the process.<br>
Page for **GET** method and has the form inside it but **action argument** directed to the other page which only uses **POST** method to accept args.<br>


#### **Second Method(Flask-WTF/WTForms):**
required packages:
<pre>
- Flask-WTF</pre>
We use new python file we call it **forms.py** for handling forms only.<br><br>
Flask-WTF needs a **secret key** for **CSRF** protection

##### **Common Fields**:
##### Basic Fields:<pre>
- **StringField**: For text input.
- **TextAreaField**: For multi-line text input.
- **PasswordField**: For password input (masked).
- **IntegerField**: For integer input.
- **FloatField**: For floating-point input.
- **DecimalField**: For decimal numbers with a fixed precision.
- **BooleanField**: For a checkbox (True/False).
- **SelectField**: For dropdown selection.
- **SelectMultipleField**: For multiple selections from a dropdown.
- **FileField**: For file uploads.
- **DateField**: For date input.
- **TimeField**: For time input.
- **DateTimeField**: For date and time input.</pre>
##### Special Fields:<pre>
- **EmailField**: For email input.
- **URLField**: For URLs.
- **TelField**: For telephone numbers.
- **ColorField**: For color input.
- **HiddenField**: For hidden inputs.</pre><br>

##### **Common Validators:**
##### Data Validators:<pre>
- **DataRequired**: Ensures the field is not empty.
- **Length**: Validates the length of the input (min and max).
- **Email**: Validates that the input is a valid email address.
- **URL**: Validates that the input is a valid URL.
- **NumberRange**: Validates that the input is within a specified range.
- **Optional**: Marks the field as optional.</pre>
##### Type Validators:<pre>
- **AnyOf**: Validates that the input matches one of the specified values.
- **NoneOf**: Validates that the input does not match any of the specified values.
- **EqualTo**: Validates that the input matches another field's value (commonly used for password confirmation).</pre>
##### Custom Validators:
You can create custom validators by defining a **function** and raising **ValidationError** for invalid input.

**1-Create a Form Class:**<br> In **forms.py**, define your forms using WTForms. Each **form class** corresponds to a form on the frontend, and each **form field** corresponds to an input in the HTML form.

In [None]:
from flask_wtf import FlaskForm
from wtforms import StringField, PasswordField, SubmitField
from wtforms.validators import DataRequired, Length, Email, EqualTo

class RegistrationForm(FlaskForm):
    username = StringField('Username', validators=[DataRequired(), Length(min=2, max=20)])
    email = StringField('Email', validators=[DataRequired(), Email()])
    password = PasswordField('Password', validators=[DataRequired()])
    confirm_password = PasswordField('Confirm Password', validators=[DataRequired(), EqualTo('password')])
    submit = SubmitField('Sign Up')


**2-Render the Form in HTML:**<br> Now, create the **HTML template** that will **render the form**.

In [None]:
<form method="POST" action="">
    {{ form.hidden_tag() }}
    
    <p>
        {{ form.username.label }}<br>
        {{ form.username(size=20) }}<br>
        {% for error in form.username.errors %}
            <span style="color: red;">[{{ error }}]</span>
        {% endfor %}
    </p>

    <p>
        {{ form.email.label }}<br>
        {{ form.email(size=20) }}<br>
        {% for error in form.email.errors %}
            <span style="color: red;">[{{ error }}]</span>
        {% endfor %}
    </p>

    <p>
        {{ form.password.label }}<br>
        {{ form.password(size=20) }}<br>
        {% for error in form.password.errors %}
            <span style="color: red;">[{{ error }}]</span>
        {% endfor %}
    </p>

    <p>
        {{ form.confirm_password.label }}<br>
        {{ form.confirm_password(size=20) }}<br>
        {% for error in form.confirm_password.errors %}
            <span style="color: red;">[{{ error }}]</span>
        {% endfor %}
    </p>

    <p>{{ form.submit() }}</p>
</form>


**size** parameter specifies the width of the input field.

**3-Handling Form Submission and Validation**<br>
In **app.py**, update your route to handle both **GET** (to show the form) and **POST** (to handle the form submission) requests.

In [None]:
from forms import RegistrationForm

@app.route('/register', methods=['GET', 'POST'])
def register():
    form = RegistrationForm()
    if form.validate_on_submit():
        flash(f'Account created for {form.username.data}!', 'success')
        return redirect(url_for('index'))
    return render_template('form.html', form=form)

**form.validate_on_submit()**: This will check if the form was submitted (**POST request**) and **validate** the input fields based on the validators specified in the **form class**.

### Handling Files:

#### File Upload:
There are three methods

##### HTML Forms 
we use **request.files** to accept files to server.
HTML Code (Example):

In [None]:
<form method='POST' action="{{ url_for('upload') }}" enctype='multipart/form-data'>
    <input type='file' name='file' accept='text/plain'>
    <input type='submit' value='upload file'>
</form>

-the **enctype arg** in form tag specifys that we need only files.<br>
-to accept only specific file types use **accept arg** in input tag, in this example it acceps only plain text files. 

In [None]:
@app.route('/upload',methods=['POST'])
def upload():
    file = request.files['file']
    # Show content of this txt file
    return jsonify(file.read().decode())

##### FlaskWTF Forms
for better security and flexibility.

In [None]:
from flask_wtf.file import FileField,FileAllowed
from wtforms.validators import Optional

class ProfileForm(FlaskForm):
    picture = FileField(label='profile_picture',validators=[Optional(),FileAllowed(['png','jpg','jpeg','gif'],message='Only PNG,JPG,JPEG,GIF supported')])

in endpoints handle it like any flaskwtf form.

#### File Download:
we use **send_file** & **send_from_directory** utilities for downloading files.<br>
##### **Comparison**:
<table>
    <tr>
        <th></th>
        <th>send_file</th>
        <th>send_from_directory</th>
    </tr>
    <tr>
        <th>Purpose</th>
        <td>Sends a specific file to the client from a givent file path</td>
        <td>Sends a file from a specified directory on the server.</td>
    </tr>
    <tr>
        <th>Use</th>
        <td>Used when you want to send a single file, such as an image,PDF,...</td>
        <td>Useful when serving files from a fixed directory</td>
    </tr>
    <tr>
        <th>Key Differences</th>
        <td>Used to send a specific file that you provide via its full path</td>
        <td>Used to serve files from within a directory and is generally safer for serving multiple files by just specifying the file name (without hardcoding paths)</td>
    </tr>
<table>


In [None]:
# Using send_file
from flask import send_file

@app.route('/download')
def download_link():
    file_path = 'path/to/file.txt'
    return send_file(file_path,as_attachment=True)

**as_attachment=True** tells the browser to prompt the user to download the file rather than display it inline.

In [None]:
# Using send_from_directory
from flask import send_from_directory

@app.route('/download/<filename>')
def download(filename):
    dir_path = 'path/to/directory'
    return send_from_directory(dir_path,filename)

### JavaScript JSON Requests:
using **request.json**.

## Static Files:


We **save** static file in folder usually called **static** or specify the directory & its url path:

In [None]:
app = Flask(__name__,static_folder='s_files',static_url_path='/')

You can also Integrate Bootstrap easily the same way.

## Sessions & Cookies:
<table>
    <tr>
        <th></th>
        <th>Cookies</th>
        <th>Sessions</th>
    </tr>
    <tr>
        <th>Storage</th>
        <td>Stored on the client's browser.</td>
        <td>Stored on the server(session ID in a cookie)</td>
    </tr>
    <tr>
        <th>Security</th>
        <td>Less Secure (data is client-side).</td>
        <td>More Secure (data is server-side).</td>
    </tr>
    <tr>
        <th>Size</th>
        <td>Limited by browser cookie size (~4KB).</td>
        <td>Can store more data, as it's stored on the server side.</td>
    </tr>
    <tr>
        <th>Usage</th>
        <td>Typically used for simple data (eg:preferences).</td>
        <td>Used for more complex user state management (eg:login sessions).</td>
    </tr>
    <tr>
        <th>Expiration</th>
        <td>Can be set manually using expiration time.</td>
        <td>Can be configured to expire after a period of inactivity.</td>
    </tr>
</table>

In [None]:
# Sessions
from flask import session

@app.route('/sessions')
def sessions():
    # Set Session
    session['username'] = 'JohnDoe'
    session['age'] = 10
    # Get Session
    if 'username' in session.keys(): # Cause the session ID is a cookie which can be deleted, so we need to handle it to avoid error
        username = session['username']
    # Pop Session
    session.pop('age')
    # Clear Session
    session.clear()
    
    return 'Handling Sessions -Done'


In [None]:
# Cookies
@app.route('/cookies')
def cookies():
    # Set Cookie
    response = make_response('Handling Cookies -Done')
    response.set_cookie('username','JognDoe')
    
    # Get Cookie
    cookie = request.cookies['username']
    
    # Remove Cookie
    response = make_response('Handling Cookies -Done')
    response.set_cookie('username',expires=0)
    
    return response

### Message Flashing:
is a way to **send one-time messages** from the server to the client, usually used for **notifications** such as "successfully logged in".<br>
We use **flash** to flash messages and **get_flashed_messages** to retrieve those messages in your templates.


In [None]:
from flask import flash
@app.route('/login')
def login():
    flash("Successfully logged in")
    return redirect('/')

#### Displaying the message in a template with jinja2:

In [None]:
{% with messages = get_flashed_messages() %}
    {% if messages %}
        <ul>
        {% for message in messages %}
            <li>{{ message }}</li>
        {% endfor %}   
        </ul>
    {% endif %}
{% endwith %}

**with categories=True** arg tells **get_flashed_messages** to return the messages as pairs of (category,messages) to **distinguish** between messages for example for styling.

## Databases:

**install**  two new packages:
- flask-sqlalchemy.
- flask-migrate.

To avoid **Circular Imports**,we use **Factory Patter**:<pre>
- app.py : Contains the **application factory function**.Which is responsible for creating and configuring the flask app instance.
- routes.py : This has the routes inside register_routes func, and then imported in app.py
- run.py : This is the entry point of the application, where the Flask app is actually run. 

- models.py : Contains the **database models**, typically using an ORM like SQLALchemy. The models represent the structure of the database tables, and any relationship between them.

In [None]:
from flask_sqlalchemy import SQLAlchemy
from flask_migrate import flask_migrate

### SQLAlchemy Initialization
**db = SQLAlchemy(app)** creates a **database object** (an Object Relational Mapper 'ORM') that will manage all the interactions with the database, including:<pre>
- Defining **models** (database tables),
- Executing **queries**,
- Managing **sessions**(transactions),
- Handling **relationships** between tables(foreign keys,one-to-many,...)</pre>
This object is a central point that **connects** the **database** with your Flask **app**.

#### Lazy Initialization:
- At the time of writing **db = SQLAlchemy()**, no Flask app instance is passed to it.This is imporant for the **Factory Pattern** because the app may not yet exist at this point.
- Later,inside the **create_app()** function, the database object is bound to the actual Flask app using **db.init_app(app)**.

#### Configuration:
**SQLALCHEMY_DATABASE_URI** is the specific key that SQLAlchemy uses to determine the **location** and **type** of the **database** to connect to. This key tells SQLAlchemy which database engine to use(e.g:SQLite,MySQL,PostgreSQL) and where the database is located.

In [None]:
# Example: Using SQLite and In Current Directory
engine = 'sqlite'
location = './db_name.db'
app.config['SQLALCHEMY_DATABASE_URI'] = f'{engine}:///{location}'

### Migrate:
**migrate** a tool that helps manage database schema changes overtime.<br>
##### Key Features:<pre>
- Automatically generate migration scripts based on changes in your SQLAlchemy Models.
- Apply Migrations to your database,keeping the schema in sync with your models.
- Rollback changes if something goes wrong during a migration.

#### Common Commands:

**1.Initialize migrations:** This sets up a directory for migration files.  

In [None]:
!flask db init

**2.Generate a new migration script:** This creates a migration script based on the changes in your models.

In [None]:
!flask db migrate -m "Megration Message"

message is optional

**3.Apply migrations:** This applies the generated migrations to the database.

In [None]:
!flask db upgrade

**3.Rollback migrations:** This rolls back the last migration.

In [None]:
!flask db downgrade

#### How Migrate Works:
- Migrate keeps track of changes in your **SQLAlchemy** models and compares them with the current database schema.
- When a migration is generated using **flask db migrate**, it creates a Python script in the **migrations/** folder. This script contains SQL commands to alter the database schema.
- The **flask db upgrade** command applies these changes to the database.

### Putting all together:

**In app.py**

In [None]:
# Putting all together

from flask import Flask
from flask_sqlalchemy import SQLAlchemy
from flask_migrate import Migrate

db = SQLAlchemy()

def create_app():
    app = Flask(__name__,template_folder='html_files',static_folder='static')
    app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///./testdb.db'
    
    db.init_app(app)
    
    from routes import register_routes
    register_routes(app,db)
    
    # Integrating Flask-Migrate with the app and db  
    migrate = Migrate(app,db)
    
    return app

**In routes.py**

In [None]:
from flask import render_template,jsonify,request,flash,url_for,redirect
from models import Person

def register_routes(app,db):
    
    @app.route('/')
    def home():
        if request.method == 'GET':
            people = Person.query.all()
            return render_template('home.html',people=people)


**In run.py**

In [None]:
from app import create_app

flask_app = create_app()

### Models & ORM Functionality:
- Once the db object is created and initialized with the app, it can be used to define models, which are python classes that represent tables in the database.

**In models.py**

In [None]:
from app import db

class Person(db.model):
    # Table Name
    __tablename__ = 'people'
    
    # Fields (Columns)
    pid = db.Column(db.Interger,primary_key=True)
    name = db.Column(db.Text,nullable=False)
    age = db.Column(db.Float)

### Database Operations:
Assume **User** is a model in your database.

- **1-Creating Records  (Insert):** you can add new rows to your database using SQLAlchemy's ORM by creating instances of your model and adding them to the session.

In [None]:
# Creating a new user
new_user = User(username='Ameur',email='hello@gmail.com')

# Add the new user to the session
db.session.add(new_user)

# Commit the session to write the changes to the database
db.session.commit()

- **2-Reading Records (Select):** you can query the database to retrieve records using the db.session.query()

In [None]:
# Query all users
users = User.query.all()

# Query by filter
user = User.query.filter_by(username='Agmed').first()

# Query by Primary Key
user = User.query.get(1)

- **3-Updating Records (Update):** you can update records by retrieving them from the database, modifying their fields, and then committing the session

In [None]:
# Get a user
user = User.query.filter_by(username='Agmed').first()

# Update the user's email
user.username = 'Ahmed'

# Commit the changes to the database
db.session.commit()

- **4-Deleting Records (Delete):** you can delete records by retreiving them and then calling session.delete()

In [None]:
# Get a user
user = User.query.filter_by(username='Ahmed').first()

# Delete the user
db.session.delete(user)

# Commit the changes ...
db.session.commit()

- **5-Querying with Filters and Conditions:**

In [None]:
# Get users where the username contains 'agmed' and email ends with 'example.com'
users = User.query.filter(
    User.username.like('%agmed%'),
    User.email.endswith('example.com')
)

- **6-Querying with Limit and Offset:**

In [None]:
# Get the first 10 users
users = User.query.limit(10).all()

# Get 10 users, starting from the 5th user
users = User.query.offset(5).limit(10).all()

- **7-Ordering Results:**

In [None]:
# Get users ordered bu username in ascending order
users = User.query.order_by(User.username).all()

# In Descending
users = User.query.order_by(User.username.desc()).all()

- **8-Counting Records:**

In [None]:
# Count the number of users
user_count = User.query.count()

- **9-Joins (Multiple Table Queries):**
Assume you have two models, User and Post, where a User has manu Posts.

In [None]:
# Query users along with thier posts
results = db.session.query(User,Post).join(Post,User.id == Post.user_id).all()

# Accessing data
for user, post in results:
    print(f"{user.username} wrote {post.title}")

- **10-Relationships (One-to-Many, Many-to-One, Many-to-Many):**

In [None]:
########

- **11-Transactions and Rollbacks:**

In [None]:
try:
    # Add a new user
    new_user = User(username='Gamdi',email='gamdi@example.com')
    db.session.add(new_user)
    
    # Commit the transaction
    db.session.commit()
except Exception as e:
    # If something goes wrong, roll back the transaction
    db.session.rollback()

- **12-Querying with Aggregates(SUM,AVG,MAX,MIN):**

In [None]:
from sqlalchemy import func

# Get the Total number of Posts
post_count = db.session.query(func.count(Post.id))
scalar()

# Get the average lenght of post titles
avg_title_length = db.session.query(func.avg(func.length(Post.title))).scalar()


- **13-Executing Raw SQL:**

In [None]:
query = 'SELECT * FROM user'
result = db.session.execute(query)

## User Authentication:
login,signin,...

see **UserAuthen Project**

## BluePrints:
Blueprints allow you to **organize** your **application** into reusable components, making it **easier to manage** large projects

### Project Structure:
flask_app<br>
- run.py
-    blueprintapp/<br>
-    │<br>
-    ├── app.py<br>
-    ├── __init__.py<br>
-    └── core/<br>
-    -    ├── __init__.py<br>
-    -    ├── templates<br>
-    -    ├── static<br>
-    -    └── routes.py<br>
-    └── blueprint1/<br>
-    -    ├── __init__.py<br>
-    -    ├── templates/blueprint1<br>
-    -    ├── static/blueprint1<br>
-    -    ├── forms.py<br>
-    -    ├── models.py<br>
-    -    └── routes.py<br>

each blue print has its own forms,models,routes,templates and static files,then we register them in app.py

### Create Blueprint:
inside **blueprint1/routes.py**

In [None]:
from flask import Blueprint

# For example Todos Section in the app
todos = Blueprint('totods',__name__)

@todos.route('/')
def index():
    render_template('blueprint1/index.html')

We handle calling route like that, 
Example:<br>
**url_for('blueprint1.index')**

### Register Blueprint:
inside the **app.py**

In [None]:
from blueprintapp.blueprint1.routes import todos
app.register_blueprint(todos,url_prefix='/todos')

**url_prefix** is the main path for this blueprint.<br>
so to go to index of this blueprint,the url must be **/todos** not just **/**,and for routes in it(eg:create) the url should be **/todos/create**.

see **BluePrint Project**.

# Flask Extentions:
there are more useful tools and utilities. 

## Flask-CORS:
Enables **Cross-Origin Resource Sharing**, which allows your **Flask App** to be accessed by web applications hosted on **different domains**.

In [None]:
!pip install flask-cors

In [None]:
from flask import Flask
from flask_cors import CORS

app = Flask(__name__)
CORS(app) # Enables CORS for all routes


## Flask-Admin:
extension that adds admin interface generation capabilities to Flask applications. It automatically creates a user interface for managing your data models, while allowing extensive customization when needed.

In [None]:
!pip install flask-admin

### Project Structure

flask-admin-app/<br>
├── app/<br>
│   ├── __init__.py<br>
│   ├── admin/<br>
│   │   ├── __init__.py<br>
│   │   ├── views.py<br>
│   │   ├── forms.py<br>
│   │   └── models.py<br>
│   ├── templates/<br>
│   │   ├── admin/<br>
│   │   │   ├── master.html<br>
│   │   │   ├── index.html<br>
│   │   │   ├── custom/<br>
│   │   │   │   ├── dashboard.html<br>
│   │   │   │   └── analytics.html<br>
│   │   │   └── models/<br>
│   │   │       ├── user.html<br>
│   │   │       └── product.html<br>
│   │   └── security/<br>
│   ├── static/<br>
│   │   ├── admin/<br>
│   │   │   ├── css/<br>
│   │   │   └── js/<br>
│   │   └── img/<br>
│   └── models/<br>
├── config.py<br>
└── requirements.txt<br>

### Types of Admin Interfaces


#### 1. Model-based Admin
- Automatic CRUD operations
- Database model management
- File management

#### 2. Custom Admin Views
- Dashboard analytics
- User management
- Content moderation

#### 3. Multi-tenant Admin
- Organization-specific views
- Role-based access
- Resource isolation

### Basic Admin Setup

In [None]:
# app/__init__.py
from flask import Flask
from flask_sqlalchemy import SQLAlchemy
from flask_admin import Admin
from flask_admin.contrib.sqla import ModelView
from flask_security import Security, SQLAlchemyUserDatastore,current_user

db = SQLAlchemy()
admin = Admin(template_mode='bootstrap4')

def create_app():
    app = Flask(__name__)
    app.config.from_object('config.Config')
    
    db.init_app(app)
    admin.init_app(app)
    
    class UserModelView(ModelView):
        # Specify Access permissions
        def is_accessible(self):
            return current_user.is_admin

    
    class ProductModelView(ModelView):
        # Specify Access permissions
        def is_accessible(self):
            return current_user.is_admin
        
    # Add model views
    from .models import User, Product
    admin.add_view(UserModelView(User, db.session))
    admin.add_view(ProductModelView(Product, db.session))
    
    return app

### Custom Admin Views

In [None]:
# app/admin/views.py
from flask_admin import BaseView, expose
from flask_security import current_user, roles_required

class DashboardView(BaseView):
    @expose('/')
    @roles_required('admin')
    def index(self):
        stats = self.get_dashboard_stats()
        return self.render('admin/custom/dashboard.html', stats=stats)
    
    def get_dashboard_stats(self):
        return {
            'total_users': User.query.count(),
            'active_users': User.query.filter_by(active=True).count(),
            'revenue': self.calculate_revenue()
        }

# Register custom view
admin.add_view(DashboardView(name='Dashboard', endpoint='admin_dashboard'))

### Model Views with Custom Actions

In [None]:
# app/admin/models.py
class UserAdmin(ModelView):
    # Display foreign keys or no 
    column_display_fk = True
    
    # Which columns will be displayed in the list view of the admin interface for users.
    column_list = ('email', 'name', 'active', 'roles')
    
    # Which columns are searchable in the admin interface. In this case, you can search for users by their email or name.
    column_searchable_list = ('email', 'name')
    
    # Which columns can be used to filter results in the list view. Admins can filter users based on their active status and their roles.
    column_filters = ('active', 'roles')
    
    #  Excludes specific fields from the form used to create or edit users.
    form_excluded_columns = ('password_hash',)
    
    # control whether the admin panel allows users to be created, edited, or deleted.
    can_create = True
    can_edit = True
    can_delete = True
    
    # Custom Templates for List and Edit Views
    list_template = 'admin/custom_list.html'
    edit_template = 'admin/custom_edit.html'
        
    # Specify Access permissions
    def is_accessible(self):
        return current_user.has_role('admin')
    
    # Process to do if its not accessible
    def inaccessible_callback(self, name, **kwargs):
        return redirect(url_for('/admin'))
     
    @action('activate', 'Activate Users', 'Are you sure?')
    def action_activate(self, ids):
        try:
            query = User.query.filter(User.id.in_(ids))
            count = 0
            for user in query.all():
                user.active = True
                count += 1
            db.session.commit()
            flash(f'Successfully activated {count} users.')
        except Exception as ex:
            flash(f'Failed to activate users: {str(ex)}', 'error')

- **Custom Action**: This section defines a custom action in the admin panel that allows the admin to activate multiple users at once. The @action decorator defines the action:
    - **activate**: The name of the action.
    - **Activate Users**: The label shown in the admin panel.
    - **Are you sure?**: A confirmation message that appears before the action is executed.

- **Function Logic**:
- The action receives a list of user IDs (ids) selected in the admin panel.
- A query is made to find all users with IDs in the provided list.
- For each user found, the active status is set to True.
- After modifying the users, changes are committed to the database, and a success message is shown using Flask's flash function.
- If there’s an error (e.g., database issue), an error message is shown.


### Custom Forms and Validation

In [None]:
# app/admin/forms.py
from flask_wtf import FlaskForm
from wtforms import StringField, SelectField, BooleanField
from wtforms.validators import DataRequired, Email

class UserForm(FlaskForm):
    name = StringField('Name', validators=[DataRequired()])
    email = StringField('Email', validators=[DataRequired(), Email()])
    role = SelectField('Role', choices=[
        ('user', 'User'),
        ('admin', 'Admin'),
        ('moderator', 'Moderator')
    ])
    active = BooleanField('Active')

# Using custom form in ModelView
class CustomUserAdmin(ModelView):
    form = UserForm
    
    def on_model_change(self, form, model, is_created):
        if is_created:
            model.set_password(form.password.data)
        super().on_model_change(form, model, is_created)

- **form = UserForm**: By setting the form attribute to UserForm, the CustomUserAdmin class tells Flask-Admin to use the custom UserForm when creating or editing a user. This means when you view the admin interface for users, you'll see the form fields (name, email, role, and active) that were defined in the UserForm.

- **on_model_change**: This method is part of Flask-Admin's ModelView. It gets called every time a model (user) is created or updated via the admin interface.
    - **Parameters**:
        - **form**: The form object that is submitted by the user in the admin interface.
        - **model**: The database model being edited or created.
        - **is_created**: A boolean indicating whether the model is being created (True) or updated (False).
    - **Custom Logic**:
        If the model is being created (is_created == True), this method will set the user's password. It assumes that the password field is part of the form (even though it's not shown in the current form definition, it could be added). The password would be retrieved from the form (form.password.data), and then the model's set_password method would hash and store it.

## Flask-Mail:
extension that simplifies sending emails from your Flask web application. It integrates well with Flask and provides the ability to send both plain text and HTML emails, handle attachments, and configure different mail servers.

In [None]:
!pip install flask-mail

In [None]:
# app.py
from flask import Flask
from flask_mail import Mail, Message

app = Flask(__name__)

# Flask-Mail Configuration
app.config['MAIL_SERVER'] = 'smtp.gmail.com'  # Use Gmail's SMTP server
app.config['MAIL_PORT'] = 587  # For TLS encryption
app.config['MAIL_USE_TLS'] = True  # Enable TLS encryption
app.config['MAIL_USE_SSL'] = False  # Disable SSL (use either TLS or SSL, not both)
app.config['MAIL_USERNAME'] = 'your_email@gmail.com'  # Your email address
app.config['MAIL_PASSWORD'] = 'your_email_password'  # Your email password
app.config['MAIL_DEFAULT_SENDER'] = 'your_email@gmail.com'  # Default sender email address

# Initialize Flask-Mail
mail = Mail(app)

This sets up your Flask app to send emails via Gmail’s SMTP server, using **TLS encryption**. Make sure you replace the **MAIL_USERNAME** and **MAIL_PASSWORD** with your actual credentials. If you're using another email provider, update the **MAIL_SERVER** and **MAIL_PORT** accordingly.

### Sending Simple Emails

In [None]:
# app.py (continued)

@app.route('/send_email')
def send_email():
    # Create a new email message
    msg = Message('Hello from Flask', 
                  recipients=['recipient@example.com'])
    msg.body = 'This is a plain text email sent from Flask using Flask-Mail.'

    # Send the email
    mail.send(msg)
    return 'Email has been sent successfully!'

- **Message**: Represents an email message.
- **recipients**: A list of recipients to send the email to.
- **msg.body**: The plain text body of the email.

When you visit the **/send_email route**, Flask-Mail will send an email to the specified recipient.

#### Dynamic Email Sender

In [None]:
# Create the email message
sender_email = 'admin0@admin.com'
msg = Message('Dynamic Sender Email',
                recipients=[recipient],
                sender=sender_email)  # Dynamic sender

### Sending HTML Emails
You can also send HTML emails, which is useful for more styled or formatted emails, such as newsletters or password reset instructions.

In [None]:
@app.route('/send_html_email')
def send_html_email():
    msg = Message('HTML Email Example',
                  recipients=['recipient@example.com'])
    
    # HTML email body
    msg.html = '''
        <h1>Hello from Flask-Mail</h1>
        <p>This is a <b>HTML email</b> sent from Flask.</p>
        <p>Best regards,<br>Flask Team</p>
    '''
    
    mail.send(msg)
    return 'HTML Email has been sent successfully!'


- **msg.html**: This is the HTML body of the email. You can include any valid HTML content, including inline CSS for basic styling.

### Sending Emails with Attachments
Flask-Mail also supports sending email attachments, such as images, PDFs, or other files.

In [None]:
@app.route('/send_email_with_attachment')
def send_email_with_attachment():
    msg = Message('Email with Attachment',
                  recipients=['recipient@example.com'])
    msg.body = 'Please find the attachment below.'

    # Attach a file (e.g., a PDF file)
    with app.open_resource("example.pdf") as pdf:
        msg.attach("example.pdf", "application/pdf", pdf.read())

    mail.send(msg)
    return 'Email with attachment has been sent successfully!'

- **msg.attach()**: This method allows you to attach a file to the email. You need to specify the file name, MIME type (e.g., application/pdf for PDFs), and the file content.

### Additional Configuration Options
Flask-Mail offers several additional configuration options that you can use to fine-tune how emails are sent from your application. Some commonly used options include:

- **MAIL_MAX_EMAILS**: Limits the number of emails that can be sent during a single connection to the mail server.
- **MAIL_SUPPRESS_SEND**: If set to True, Flask-Mail will suppress sending emails (useful for testing).
- **MAIL_ASCII_ATTACHMENTS**: If set to True, attachments will use ASCII encoding.

## Flask-Caching:
tool to enhance your Flask application's **performance** by reducing load times and **improving** response rates

<table>
    <thead>
        <tr>
            <th>When to Use</th>
            <th>When Not to Use</th>
        </tr>
    </thead>
    <tbody>
        <tr>
            <td>Expensive Computations: Caching results of costly calculations can save time.</td>
            <td>Highly Dynamic Content: Frequent updates may lead to stale data.</td>
        </tr>
        <tr>
            <td>Frequent Database Queries: Caching common queries reduces database load.</td>
            <td>Small Applications: Overhead of caching may not be worth it for low traffic.</td>
        </tr>
        <tr>
            <td>Static Content: Caching rarely changing content like HTML pages or images.</td>
            <td>Session Management: Not suitable for managing user sessions or sensitive data.</td>
        </tr>
        <tr>
            <td>API Responses: Caching responses for APIs serving similar requests.</td>
            <td>Real-Time Data: Caching may interfere with real-time data updates.</td>
        </tr>
        <tr>
            <td>Rate Limiting: Manage user request limits by caching counts.</td>
            <td>Complex Cache Invalidation: Difficult cache invalidation logic may lead to errors.</td>
        </tr>
    </tbody>
</table>

In [None]:
# Installation
!pip install flask-caching

### Caching Decorators

<table border="1" cellpadding="10" cellspacing="0">
  <thead>
    <tr>
      <th>Feature</th>
      <th>@cache.cached</th>
      <th>@cache.memoize</th>
      <th>@cache.cache</th>
      <th>@cache.cached(timeout=0)</th>
      <th>@cache.cached(unless=&lt;condition&gt;)</th>
    </tr>
  </thead>
  <tbody>
    <tr>
      <td>Caches the entire view?</td>
      <td>Yes</td>
      <td>No</td>
      <td>No</td>
      <td>Yes, without expiration</td>
      <td>Yes, unless the condition is met</td>
    </tr>
    <tr>
      <td>Caches function result?</td>
      <td>No</td>
      <td>Yes</td>
      <td>Yes</td>
      <td>No</td>
      <td>No</td>
    </tr>
    <tr>
      <td>Caches based on</td>
      <td>URL, route, query params, headers</td>
      <td>Function arguments</td>
      <td>Function arguments</td>
      <td>URL, route, query params, headers</td>
      <td>URL and query params, unless condition applies</td>
    </tr>
    <tr>
      <td>Common use case</td>
      <td>Caching full pages or API responses</td>
      <td>Caching results of specific computations</td>
      <td>Manual caching of specific function calls</td>
      <td>Caching full pages without expiration</td>
      <td>Conditionally skipping cache based on logic</td>
    </tr>
    <tr>
      <td>Cache key</td>
      <td>Generated from URL and query parameters</td>
      <td>Generated from function arguments</td>
      <td>Custom key (if defined)</td>
      <td>Generated from URL and query parameters</td>
      <td>Generated from URL and query parameters, unless condition met</td>
    </tr>
    <tr>
      <td>Use for multiple routes</td>
      <td>No, tied to one route</td>
      <td>Yes, reusable in multiple routes</td>
      <td>Yes, can be used for multiple functions</td>
      <td>No, tied to one route</td>
      <td>No, tied to one route</td>
    </tr>
  </tbody>
</table>


### Explicit Caching Functions

#### cache.set(key, value, timeout=None):
Manually sets a value in the cache under a specific key. Useful when you want to control when data is cached or what the key is.

In [None]:
cache.set('my_key', 'my_value', timeout=60)

#### cache.get(key):
Retrieves a value from the cache by key.

In [None]:
value = cache.get('my_key')

#### cache.delete(key):
Removes a specific key from the cache.

In [None]:
cache.delete('my_key')

#### cache.clear():
Clears the entire cache. This will delete all cached data.

In [None]:
cache.clear()

### Configuration Options
Flask-Caching allows configuring various backends and settings. Here are some important configuration options:

#### CACHE_TYPE:
Determines which backend is used for caching. Some common options:
- **null**: Disables caching.
- **simple**: Simple in-memory caching for development.
- **redis**: Use Redis for caching.
- **memcached**: Use Memcached for caching.

In [None]:
app.config['CACHE_TYPE'] = 'RedisCache'

#### CACHE_DEFAULT_TIMEOUT:
Sets the default timeout for cached items (in seconds).

In [None]:
app.config['CACHE_DEFAULT_TIMEOUT'] = 300  # 5 minutes

#### CACHE_KEY_PREFIX:
Adds a prefix to all cache keys, which is useful if you are running multiple Flask apps using the same cache backend.

In [None]:
app.config['CACHE_KEY_PREFIX'] = 'myapp_'

#### CACHE_THRESHOLD:
Sets the maximum number of items to store in the cache (used in memory backends like SimpleCache).

In [None]:
app.config['CACHE_THRESHOLD'] = 500

### Cache Backends Supported
Flask-Caching supports a wide range of caching backends:

- **SimpleCache**: In-memory cache for development and testing.
- **RedisCache**: Redis-based caching.
- **MemcachedCache**: Memcached-based caching.
- **FilesystemCache**: Caches data on the filesystem.
- **NullCache**: A no-op cache that can be used to disable caching.
- **SASLMemcachedCache**, **GAEMemcachedCache**, and others depending on **the hosting environment**.

### Key Concepts in Flask-Caching
- **items** refer to the individual pieces of data or objects that are stored in the cache. Each item typically consists of:
    - **Key**: A unique identifier used to retrieve the cached data. For example, a URL, function name, or custom identifier.
    - **Value**: The actual data or result being stored. For instance, this could be a computation result, database query output, or HTML response.
    - **Expiration/Timeout**: The time duration for which the cached item remains valid before it expires and needs to be refreshed.
    
- **Cache Timeout**: Defines how long a cached result remains valid. If the timeout is set, once it expires, the next call will regenerate the cache.
- **Cache Keys**: These uniquely identify cached data. For view functions, cache keys are typically generated from the URL and query parameters, while for functions, cache keys are based on function arguments.
- **Manual Cache Control**: While the @cached and @memoize decorators automate caching, you can manually set, get, delete, and clear cache entries using the cache instance.

### Example

In [None]:
from flask import Flask
from flask_caching import Cache

app = Flask(_name_)
app.config['CACHE_TYPE'] = 'simple'  # In-memory cache
cache = Cache(app)

@app.route('/cached')
@cache.cached(timeout=60)
def cached_view():
    return 'This view is cached for 60 seconds'

#### **Summary**:
Use Flask-Caching to optimize performance when appropriate, but be cautious of its drawbacks, especially in applications with dynamic content or real-time requirements. I

## Flask-Limiter:
extension for Flask that provides rate-limiting capabilities. Rate limiting is an essential feature to prevent abuse of your application by limiting the number of requests a user can make to certain endpoints in a given period of time.

In [None]:
# Installation
!pip install flask-limiter

In [None]:
from flask_limiter import Limiter

limiter = Limiter(app)

### Fixed Vs Sliding Window

<table border="1" cellpadding="10" cellspacing="0">
  <thead>
    <tr>
      <th>Feature</th>
      <th>Fixed Window</th>
      <th>Sliding Window</th>
    </tr>
  </thead>
  <tbody>
    <tr>
      <td>Definition</td>
      <td>Rate limit resets after a fixed time interval (e.g., every minute, hour).</td>
      <td>Rate limit is based on a rolling window of time, checking the most recent requests over the last X seconds or minutes.</td>
    </tr>
    <tr>
      <td>Time Window</td>
      <td>Fixed period (e.g., every 1 minute or 1 hour).</td>
      <td>Rolling period based on recent requests (e.g., last 60 seconds, last 5 minutes).</td>
    </tr>
    <tr>
      <td>Request Tracking</td>
      <td>Requests are tracked for a specific time period and reset at the end of that period.</td>
      <td>Requests are tracked based on the timestamp of each request, with the window moving forward as time progresses.</td>
    </tr>
    <tr>
      <td>Rate Limit Reset</td>
      <td>Resets after the fixed period ends, regardless of when the requests were made.</td>
      <td>The window continuously slides forward, adjusting the rate limit dynamically based on the most recent requests.</td>
    </tr>
    <tr>
      <td>Use Case</td>
      <td>Simple rate limiting where the user can make a fixed number of requests within a specific time period.</td>
      <td>More dynamic rate limiting, providing smoother and fairer limits for users by considering recent activity.</td>
    </tr>
    <tr>
      <td>Edge Cases</td>
      <td>A user who hits the limit just before the window resets may be at a disadvantage, needing to wait for the reset.</td>
      <td>More fair in cases where users are close to the limit but still within a rolling window.</td>
    </tr>
  </tbody>
</table>


#### Sliding Window Example
- **Limit**: The @limiter.limit("5 per minute", ...) decorator indicates that the user is allowed to make up to 5 requests within a 1-minute sliding window.
- **Sliding Window**: If a user makes 5 requests within the last 60 seconds, further requests will be blocked until the time of one of the requests moves past the 60-second window.

### The @limiter.limit Decorator
allows you to restrict the number of requests that a specific route can receive within a given time window.

In [None]:
@limiter.limit("X per Y")

- **X**: Maximum number of requests allowed.
- **Y**: Time window (e.g., per minute, per hour).

#### Time Units you can use:
##### **Seconds**:
Example: "5 per second" or "10 per 30 seconds"

##### **Minutes**:
Example: "2 per minute" or "1 per 5 minutes"

##### **Hours**:
Example: "100 per hour" or "10 per 30 minutes" (combined with minutes)

##### **Days**:
Example: "1 per day" or "7 per week" (using the day as a reference)

### Flask-Limiter Configuration

- **DEFAULT_LIMITS**: Global default rate limits for all routes in the application.
- **STORAGE_URI**: The URI for the rate limit storage backend (e.g., Redis, Memcached).
- **KEY_FUNC**: Custom function to define how rate limit keys are generated.


In [None]:
app.config['LIMITS'] = ["10 per hour"]
app.config['STORAGE_URI'] = "redis://localhost:6379"
limiter = Limiter(app)

### Global Rate Limits
You can set a global rate limit that applies to all routes in the application.

In [None]:
app.config['LIMITS'] = ["10 per hour"]  # 10 requests per hour for all routes
limiter = Limiter(app)

### Dynamic Rate Limits
You can apply dynamic rate limits based on request data, such as the user ID, IP address, or any custom logic.

In [None]:
from flask import g

@app.route("/dynamic_limited")
@limiter.limit(lambda: "10 per hour" if g.user.is_authenticated else "3 per hour")
def dynamic_limited_view():
    return "This view has a dynamic rate limit based on authentication status."

In this example:
- Authenticated users are limited to 10 requests per hour.
- Non-authenticated users are limited to 3 requests per hour.

### Rate Limit Exemption (@limiter.exempt)
some routes that should not be subject to rate limiting, such as health check routes or special API endpoints. You can use the @limiter.exempt decorator to exclude specific routes from rate limiting.

In [None]:
@app.route("/health_check")
@limiter.exempt
def health_check():
    return "OK"

### Custom Error Messages
allows you to customize the error message that is returned when a user exceeds the rate limit.

In [None]:
@limiter.limit("2 per minute", error_message="You have exceeded the request limit. Please try again later.")

### IP-based Rate Limiting
You can set up rate limits based on the user's IP address using the key_func parameter. This is useful for preventing abuse from a specific IP.

In [None]:
@limiter.limit("5 per minute", key_func=lambda: request.remote_addr)

### Managing Rate Limit Counters
provides a backend for storing rate limit counters. By default, it uses in-memory storage. However, you can use other backends like Redis or Memcached for production environments

In [None]:
# Redis Installation
! pip install redis

In [None]:
from flask_limiter import Limiter
from redis import Redis

app = Flask(__name__)
limiter = Limiter(app, storage_uri="redis://localhost:6379")

Rate limits are stored in a Redis database.
This is more scalable for production applications compared to using in-memory storage.

### Example

In [None]:
from flask import Flask
from flask_limiter import Limiter
from flask_limiter.util import get_remote_address

app = Flask(_name_)
limiter = Limiter(app, default_limits=["5 per minute"],key_func=get_remote_address)

@app.route('/')
@limiter.limit("2 per minute")
def index():
    return 'This route is limited to 2 requests per minute'


**get_remote_address** specifys that each ip address has this requests limit "5 per minute".

**Explanation:(suppose in index route we made 2 requests in first 10 ses)**<br>
The Limiter will track the number of requests made to that route within the specified time frame (1 minute in this case). Since you've already hit the limit of 2 requests, any further requests within that minute will be blocked.<br>
the server will respond with a 429 Too Many Requests status code.

## Flask-Socketio
extension for Flask that enables **real-time communication** between clients and the server using WebSockets. It allows you to build applications that can push updates to clients, which is useful for chat applications, notifications, and live updates.

In [None]:
!pip install flask-socketio

In [None]:
from flask import Flask,render_template
from flask_socketio import SocketIO

app = Flask(__name__)
# Initialize SocketIO with the Flask app
socketio = SocketIO(app)

### Creating SocketIO Events
Now, let’s add a SocketIO event to respond to a message sent from the client.

In [None]:
# Handle the 'message' event from the client
@socketio.on('message')
def handle_message(msg):
    # Print the received message to the console
    print('Received message: ' + msg)
    # Send a response back to the client
    socketio.send('Response from server: ' + msg)

#### Example HTML File

In [None]:
<script src="https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.0.0/socket.io.js"></script>
    <script type="text/javascript">
        // Establish a connection to the Socket.IO server
        var socket = io();

        // Event handler for successful connection
        socket.on('connect', function() {
            console.log('Connected to server'); // Log to console
        });

        // Event handler for receiving messages from the server
        socket.on('message', function(msg) {
            console.log('Received message: ' + msg); // Log the received message
        });

        // Function to send a message to the server
        function sendMessage() {
            // Get the value from the input field
            var msg = document.getElementById('message').value;
            // Send the message to the server
            socket.send(msg);
            // Clear the input field
            document.getElementById('message').value = '';
        }
    </script>
<body>
    <h1>Flask-SocketIO Chat</h1>
    <!-- Input field for the user to type messages -->
    <input type="text" id="message" placeholder="Type a message" />
    <!-- Button to send the message -->
    <button onclick="sendMessage()">Send</button>
</body>

### Namespaces
allow you to separate different communication channels in your application. They provide a way to segment your WebSocket connections and handle events related to different functionalities independently.

#### Example of Namespaces
you might have a chat application with different channels for private messages, public chat rooms, and notifications. Each of these channels can be a different namespace.

In [None]:
from flask import Flask
from flask_socketio import SocketIO, Namespace

app = Flask(__name__)
socketio = SocketIO(app)

# Create a custom namespace for chat functionality
class ChatNamespace(Namespace):
    def on_connect(self):
        print('Client connected to chat namespace.')

    def on_disconnect(self):
        print('Client disconnected from chat namespace.')

    def on_message(self, message):
        print(f'Received message: {message}')
        # Echo the message back to the client
        self.send(message)

# Register the namespace with the SocketIO server
socketio.on_namespace(ChatNamespace('/chat'))

if __name__ == '__main__':
    socketio.run(app)


##### HTML Client Code

In [None]:
<!DOCTYPE html>
<html>
<head>
    <title>Flask-SocketIO with Namespaces</title>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.0.0/socket.io.js"></script>
    <script type="text/javascript">
        // Connect to the chat namespace
        var socket = io('/chat');

        // Event handler for receiving messages from the server
        socket.on('message', function(msg) {
            console.log('Received message: ' + msg);
        });

        // Function to send a message to the server
        function sendMessage() {
            var msg = document.getElementById('message').value;
            socket.send(msg); // Send the message to the server
            document.getElementById('message').value = ''; // Clear the input field
        }
    </script>
</head>
<body>
    <h1>Chat Namespace Example</h1>
    <input type="text" id="message" placeholder="Type a message" />
    <button onclick="sendMessage()">Send</button>
</body>
</html>


In this example, when the client connects to the /chat namespace, the server prints a message indicating the connection. Messages sent through this namespace will be handled independently from any other namespaces you might create.

### Rooms
allow you to group multiple sockets together. You can think of rooms as virtual spaces where multiple clients can join and communicate with each other.

#### Example of Rooms
Let’s create an example where clients can join different chat rooms.

In [None]:
from flask import Flask, render_template
from flask_socketio import SocketIO, join_room, leave_room

app = Flask(__name__)
socketio = SocketIO(app)

@app.route('/')
def index():
    return render_template('index.html')  # Render the index page

# Handle the 'join' event to join a room
@socketio.on('join')
def on_join(data):
    room = data['room']  # Get the room name from the received data
    join_room(room)  # Join the specified room
    # Send a message to the room indicating the user has joined
    socketio.send(room, f'User has joined the room: {room}')

# Handle the 'message' event to send messages to a specific room
@socketio.on('message')
def handle_message(data):
    room = data['room']  # Get the room name from the received data
    msg = data['message']  # Get the message from the received data
    # Send the message to all clients in the specified room
    socketio.send(room, msg)

# Handle the 'leave' event to leave a room
@socketio.on('leave')
def on_leave(data):
    room = data['room']
    leave_room(room)  # Leave the specified room
    # Send a message to the room indicating the user has left
    socketio.send(room, f'User has left the room: {room}')

if __name__ == '__main__':
    socketio.run(app)


### Braodcasting Messages
You can broadcast messages to all clients in a specific room or all connected clients.

In [None]:
@socketio.on('broadcast_message')
def handle_broadcast(msg):
    # Emit the message to all connected clients
    socketio.emit('message', msg, broadcast=True)

### Handling Disconnections
You can handle disconnections using the **on_disconnect** event.

In [None]:
# Handle disconnection events
@socketio.on('disconnect')
def handle_disconnect():
    # Print a message when a client disconnects
    print('Client disconnected')

##### HTML Client Code

In [None]:
<!DOCTYPE html>
<html>
<head>
    <title>Flask-SocketIO Rooms Example</title>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.0.0/socket.io.js"></script>
    <script type="text/javascript">
        var socket = io(); // Connect to the default namespace

        // Function to join a room
        function joinRoom() {
            var room = document.getElementById('room').value; // Get the room name
            socket.emit('join', { room: room }); // Emit a join event
        }

        // Event handler for receiving messages from the server
        socket.on('message', function(msg) {
            console.log('Received message: ' + msg); // Log the message
        });

        // Function to send a message to the room
        function sendMessage() {
            var room = document.getElementById('room').value; // Get the room name
            var msg = document.getElementById('message').value; // Get the message
            socket.send({ room: room, message: msg }); // Send message to the room
            document.getElementById('message').value = ''; // Clear the input field
        }

        // Function to leave a room
        function leaveRoom() {
            var room = document.getElementById('room').value; // Get the room name
            socket.emit('leave', { room: room }); // Emit a leave event
        }
    </script>
</head>
<body>
    <h1>Chat Room Example</h1>
    <input type="text" id="room" placeholder="Room Name" />
    <button onclick="joinRoom()">Join Room</button>
    <button onclick="leaveRoom()">Leave Room</button><br><br>
    <input type="text" id="message" placeholder="Type a message" />
    <button onclick="sendMessage()">Send</button>
</body>
</html>


## Flask-Uploads
extension that helps handle file uploads in a Flask application. It supports the following features:

#### Features 
- File storage and retrieval
- Different upload sets (e.g., for photos, documents, etc.)
- Restricting file extensions
- Automatically saving files in a secure and organized way

In [None]:
# Installation
!pip install Flask-Uploads

### Setting Up Flask-Uploads in a Flask Application

In [None]:
from flask_uploads import UploadSet, configure_uploads, IMAGES, patch_request_class

app = Flask(__name__)

# Define upload folders and allowed extensions
app.config['UPLOADED_PHOTOS_DEST'] = 'uploads/photos'  # Folder where photos will be stored
app.config['UPLOADED_DOCS_DEST'] = 'uploads/docs' # Folder where docs will be stored

# Create UploadSets
photos = UploadSet('photos', IMAGES)
docs = UploadSet('docs', ('txt', 'pdf'))

# Configure Flask-Uploads to use this UploadSets
configure_uploads(app, (docs, photos))

- **UploadSet**: Flask-Uploads allows you to define multiple upload sets. The UploadSet takes two arguments, the first being a name for the upload set (like photos), and the second being the type of files allowed (**IMAGES** is a pre-configured list for image extensions such as .jpg, .png, .gif).

### UploadSet and File Types
supports different file types through UploadSets. You can specify the type of files that can be uploaded by using the built-in sets or creating custom ones.

#### a. Pre-defined File Types:
- **IMAGES**: Accepts .jpg, .jpeg, .png, .gif, .bmp, .tiff
- **TEXT**: Accepts .txt, .rtf
- **DOCUMENTS**: Accepts .pdf, .doc, .xls
- **AUDIO**: Accepts .wav, .mp3, .ogg
- **ARCHIVES**: Accepts .zip, .tar, .gz

You can define custom file types by passing a list of allowed extensions:

In [None]:
docs = UploadSet('docs', ('txt', 'md', 'pdf'))

### Upload Restrictions
You can also restrict the size of files being uploaded:

In [None]:
# Limit file size (optional)
patch_request_class(app, 16 * 1024 * 1024)  # Max size: 16MB

In [None]:
import os

# Set size limits for each UploadSet in bytes (e.g., 5 MB for photos, 10 MB for docs)
MAX_PHOTO_SIZE = 5 * 1024 * 1024  # 5 MB
MAX_DOC_SIZE = 10 * 1024 * 1024   # 10 MB

def validate_file_size(file, max_size):
    """Helper function to validate file size"""
    file.seek(0, os.SEEK_END)  # Move the cursor to the end of the file
    file_length = file.tell()  # Get the size of the file
    file.seek(0)  # Reset the file cursor to the beginning
    return file_length <= max_size

then use the function for validation in andpoints.

### Saving Files
When saving files with Flask-Uploads, the save() method is used. By default, files are saved using a secure filename generated by the extension. You can also pass a custom name:

In [None]:
filename = photos.save(form.picture, name='new_photo_name.jpg')

here we used flaskwtf for files form so i used **form.picture** to retrieve the picture from the form.

If you only want to save the file using the original name from the user dont specify the **name parameter**

### Accessing Uploaded Files
allows easy access to uploaded files by using the **url()** method:

In [None]:
file_url = photos.url(filename)

This will return the URL to the file, assuming you have set up your static folder correctly.

### File Validation
Flask-Uploads can also handle file validation, ensuring that only the allowed file types are uploaded.

In [None]:
if photos.file_allowed(form.picture, form.picture.filename):
    filename = photos.save(form.picture)

###  Handling File Overwrites
allows for the prevention of overwriting files with the same name by generating unique filenames automatically

In [None]:
filename = photos.save(form.picture)

Flask-Uploads will handle name collisions by appending a counter to the filename if necessary, e.g., photo_1.jpg.

## Flask-OAuthlib
extension for Flask that provides support for OAuth authentication. OAuth allows users to grant access to their data to third-party applications without sharing their passwords. This is often used for social media logins (e.g., logging in with Google or Facebook).

**OAuth 2.0** is the most commonly used version, which involves an authorization flow where a user is redirected to a third-party service (e.g., Google) to log in, and the application retrieves an access token to interact with the service on the user's behalf.

In [None]:
# Installation
!pip install Flask-OAuthlib

In [None]:
from flask import Flask, redirect, url_for, session, request
from flask_oauthlib.client import OAuth

app = Flask(__name__)
app.secret_key = 'random_secret_key'
oauth = OAuth(app)  # Creating the OAuth object that will handle OAuth 2.0 interactions.

### OAuth Providers
<table>
    <thead>
        <tr>
            <th>Provider</th>
            <th>OAuth URL</th>
        </tr>
    </thead>
    <tbody>
        <tr>
            <td>Google OAuth</td>
            <td><a href="https://developers.google.com/identity/protocols/oauth2" target="_blank">Google OAuth</a></td>
        </tr>
        <tr>
            <td>Facebook OAuth</td>
            <td><a href="https://developers.facebook.com/docs/facebook-login/" target="_blank">Facebook OAuth</a></td>
        </tr>
        <tr>
            <td>GitHub OAuth</td>
            <td><a href="https://docs.github.com/en/developers/apps/building-oauth-apps" target="_blank">GitHub OAuth</a></td>
        </tr>
        <tr>
            <td>Twitter OAuth</td>
            <td><a href="https://developer.twitter.com/en/docs/authentication/oauth-2-0" target="_blank">Twitter OAuth</a></td>
        </tr>
        <tr>
            <td>LinkedIn OAuth</td>
            <td><a href="https://www.linkedin.com/developers/docs/oauth-2-0" target="_blank">LinkedIn OAuth</a></td>
        </tr>
        <tr>
            <td>Microsoft OAuth</td>
            <td><a href="https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow" target="_blank">Microsoft OAuth</a></td>
        </tr>
        <tr>
            <td>GitLab OAuth</td>
            <td><a href="https://docs.gitlab.com/ee/administration/oauth.html" target="_blank">GitLab OAuth</a></td>
        </tr>
        <tr>
            <td>Slack OAuth</td>
            <td><a href="https://api.slack.com/authentication/oauth-v2" target="_blank">Slack OAuth</a></td>
        </tr>
        <tr>
            <td>Spotify OAuth</td>
            <td><a href="https://developer.spotify.com/documentation/general/guides/authorization-guide/" target="_blank">Spotify OAuth</a></td>
        </tr>
        <tr>
            <td>Twitch OAuth</td>
            <td><a href="https://dev.twitch.tv/docs/authentication/getting-tokens-oauth" target="_blank">Twitch OAuth</a></td>
        </tr>
        <tr>
            <td>Yahoo OAuth</td>
            <td><a href="https://developer.yahoo.com/oauth/" target="_blank">Yahoo OAuth</a></td>
        </tr>
        <tr>
            <td>Amazon OAuth</td>
            <td><a href="https://developer.amazon.com/docs/login-with-amazon/overview.html" target="_blank">Amazon OAuth</a></td>
        </tr>
        <tr>
            <td>Reddit OAuth</td>
            <td><a href="https://www.reddit.com/dev/api/" target="_blank">Reddit OAuth</a></td>
        </tr>
        <tr>
            <td>Instagram OAuth</td>
            <td><a href="https://developers.facebook.com/docs/instagram-basic-display-api" target="_blank">Instagram OAuth</a></td>
        </tr>
    </tbody>
</table>

### Setting Up OAuth with Google

In [None]:
google = oauth.remote_app(
    'google',
    consumer_key='GOOGLE_CONSUMER_KEY',  # Replace this with your Google API client ID.
    consumer_secret='GOOGLE_CONSUMER_SECRET',  # Replace with your Google API client secret.
    request_token_params={
        'scope': 'email',  # This defines what access we want to request, in this case, email.
    },
    base_url='https://www.googleapis.com/oauth2/v1/',
    request_token_url=None,  # Not needed for OAuth 2.0.
    access_token_method='POST',  # OAuth 2.0 uses POST method for token exchange.
    access_token_url='https://accounts.google.com/o/oauth2/token',
    authorize_url='https://accounts.google.com/o/oauth2/auth',  # The URL to which users are redirected to authorize access.
)

### Setting Up Template

In [None]:
<body>
    <h1>Login with Google</h1>
    <a href="{{ url_for('login') }}">Login with Google</a>
</body>

### Setting Up Routes for OAuth Flow

- **Login Route**: When the user accesses /login, they will be redirected to Google’s OAuth authorization page. If the user successfully logs in, Google will redirect them back to our callback route.

In [None]:
@app.route('/login')
def login():
    # Redirects the user to Google’s OAuth authorization page
    return google.authorize(callback=url_for('authorized', _external=True))

- **Callback Route**: After the user logs in on Google’s OAuth page, they will be redirected back to our /login/authorized route, which handles receiving the authorization code from Google and exchanging it for an access token.

In [None]:
@app.route('/login/authorized')
def authorized():
    # Google sends the response containing the authorization code
    response = google.authorized_response()  # This will contain the access token.
    
    # If authorization failed (no access token is returned), show an error message.
    if response is None or response.get('access_token') is None:
        return 'Access denied: reason={} error={}'.format(
            request.args['error_reason'],
            request.args['error_description']
        )

    # Store the access token in the session
    session['google_token'] = (response['access_token'], '')  # You can store this token in a database for long-term use.
    
    # Use the access token to fetch user data (e.g., email)
    user_info = google.get('userinfo')
    return 'Logged in as ' + user_info.data['email']


- **Token Getter**: This function will be used to retrieve the access token from the session when making future API calls on behalf of the user.

In [None]:
@google.tokengetter
def get_google_oauth_token():
    return session.get('google_token')

### How It Works:
- The user visits the **/login** route, which triggers a redirection to Google’s OAuth authorization page.
- Once the user logs in and grants access, they are redirected back to your app, where the authorization code is exchanged for an access token.
- The access token is stored in the session and can be used to make requests to Google’s API on the user’s behalf (e.g., getting their email).

## Flask-WebAuthn
extension that enables WebAuthn support for passwordless authentication in Flask applications. WebAuthn is a standard that allows users to authenticate using biometrics (like fingerprints) or hardware security keys (like YubiKey) instead of traditional passwords.

#### WebAuthn Workflow:
- **Credential Registration**: The user registers a new credential (e.g., a fingerprint or security key) that will be used for authentication.
- **Authentication**: When logging in, the user proves they own the credential (e.g., by pressing a button on their hardware key or using their fingerprint).

In [None]:
# Installation 
!pip install Flask-WebAuthn

In [None]:
from flask import Flask, jsonify, request
from flask_webauthn import WebAuthn

app = Flask(__name__)
app.secret_key = 'another_random_secret_key'

# Initialize WebAuthn with the Flask app
web_authn = WebAuthn(app)

### Define WebAuthn Options
The following options specify the details for credential creation, like the relying party (RP) ID, which typically matches your domain.

In [None]:
web_authn_options = {
    "rp_id": "localhost",  # The domain or host serving the app
    "rp_name": "WebAuthn Example",  # The name of your app
    "user_id": "user@example.com",  # Unique user ID in your system
    "user_name": "User",  # The display name for the user
    "challenge": "some_random_challenge_string"  # A challenge string to prevent replay attacks
}

### Setting Template

WebAuthn registration is triggered after the form is submitted. The WebAuthn API is then used to generate options for creating a WebAuthn credential.

### Handling Registration

- **Handling Registration**
This route prepares the WebAuthn creation options and sends them to the client.

In [None]:
@app.route('/register', methods=['POST'])
def register():
    # Extract user details (user_id and username) from the request data.
    user_id = request.json.get('user_id')
    username = request.json.get('username')

    # Update WebAuthn options with the user details.
    web_authn_options["user_id"] = user_id
    web_authn_options["user_name"] = username

    # Prepare the options for creating a new WebAuthn credential
    options = web_authn.prepare_create(user_id=user_id, username=username)
    
    # Send these options to the frontend to initiate the registration process
    return jsonify(options)

- **Verify Credential Creation**
After the user registers a new credential (e.g., by using their fingerprint or security key), the client sends the credential data back to the server. The server verifies it.

In [None]:
@app.route('/register/verify', methods=['POST'])
def verify_register():
    # Receive the user's credential creation data from the frontend
    credential = request.json.get('credential')

    # Verify the credential (checks the public key, signature, etc.)
    success = web_authn.verify_create(credential)
    if success:
        return 'Credential successfully created!'  # Confirmation message
    else:
        return 'Error creating credential.'


### Handling Authentication

- **Create Authentication Route**: This route prepares the challenge to authenticate the user. It sends a challenge to the frontend, where the user will authenticate using their previously registered credential.

In [None]:
@app.route('/login', methods=['POST'])
def login():
    user_id = request.json.get('user_id')
    
    # Prepare the authentication challenge for the user
    options = web_authn.prepare_assert(user_id=user_id)
    
    return jsonify(options)  # Send challenge to frontend to start authentication

- **Verify Authentication**: After the user responds to the challenge (by pressing their hardware key or using biometrics), the credential is sent back to the server for verification.

In [None]:
@app.route('/login/verify', methods=['POST'])
def verify_login():
    # Receive the authentication data from the frontend
    credential = request.json.get('credential')

    # Verify the assertion (check the user's response to the authentication challenge)
    success = web_authn.verify_assert(credential)
    if success:
        return 'Authentication successful!'  # Success message
    else:
        return 'Authentication failed.'  # Failure message

## Flask-Security
powerful extension that allows you to implement common security features like authentication, user registration, role management, and more. This tutorial will guide you through each of the listed features:

- Authentication (via session, Basic HTTP, or token)
- User registration (optional)
- Role and Permission management
- Account activation (via email confirmation) (optional)
- Password management (recovery and resetting) (optional)
- Two-factor authentication (optional)
- WebAuthn Support (optional)
- Use ‘social’/Oauth for authentication (e.g. google, github, ..) (optional)
- Change email (optional)
- Login tracking (optional)
- JSON/Ajax Support

### Prerequisites
Before starting, ensure you have the following installed:

- Flask
- Flask-SQLAlchemy
- Flask-Security
- Flask-Bcrypt
- Flask-Migrate
- Flask-Mail (for email support)

In [None]:
# Installation Prerequisites
!pip install Flask-SQLAlchemy Flask-WTF Flask-Bcrypt Flask-Migrate Flask-Mail Flask-OAuthlib

In [None]:
# Installation
!pip install Flask-Security

In [None]:
from flask import Flask
from flask_sqlalchemy import SQLAlchemy
from flask_migrate import Migrate
from flask_security import Security, SQLAlchemyUserDatastore
from flask_bcrypt import Bcrypt
from flask_mail import Mail

# Initialize extensions
db = SQLAlchemy()
migrate = Migrate()
bcrypt = Bcrypt()
mail = Mail()

# Flask-Security setup
security = Security()

def create_app(config_class='config.Config'):
    app = Flask(__name__)
    app.config.from_object(config_class)

    # Initialize extensions
    db.init_app(app)
    migrate.init_app(app, db)
    bcrypt.init_app(app)
    mail.init_app(app)
    
    from models import User,Role
    
    security.init_app(app, SQLAlchemyUserDatastore(db, User, Role))

    from . import routes
    app.register_blueprint(routes.bp)

    return app


### Role and Permission Management
makes it easy to manage roles and permissions within your application. This allows you to create different user roles (e.g., Admin, User) and restrict access to certain parts of the application based on the user's role.

#### Define Roles
Flask-Security expects certain models and relationships for role-based access control (**RBAC**).

- **1. Role Model**:
    - The Role model defines a role (e.g., Admin, User, Moderator, etc.).
    - Use Flask-Security's RoleMixin to automatically add role-specific behavior.

In [None]:
from flask_security import RoleMixin, UserMixin
from . import db

class Role(db.Model, RoleMixin):
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.String(80), unique=True)  # 'admin', 'user', etc.
    description = db.Column(db.String(255))  # Optional description

- **2.User Model**:
    - The User model represents the users in the system.
    - Use Flask-Security’s UserMixin to add user-specific behavior like checking if the user is authenticated, active, etc.

In [None]:
class User(db.Model, UserMixin):
    id = db.Column(db.Integer, primary_key=True)
    email = db.Column(db.String(255), unique=True)
    password = db.Column(db.String(255))
    active = db.Column(db.Boolean())
    # Define many-to-many relationship between User and Role
    roles = db.relationship('Role', secondary='user_roles')

- **3. Association Table (UserRoles)**:
    - This table links users to roles using a many-to-many relationship. It allows one user to have multiple roles.

In [None]:
class UserRoles(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    user_id = db.Column(db.Integer, db.ForeignKey('user.id', ondelete='CASCADE'))
    role_id = db.Column(db.Integer, db.ForeignKey('role.id', ondelete='CASCADE'))

This setup allows you to define different roles, assign users multiple roles, and use Flask-Security’s decorators (like **@roles_required**) to restrict access to routes based on roles.

- **Why This Model?**
    - **RoleMixin**: Automatically provides useful methods for role management.
    - **UserMixin**: Automatically provides user-related methods like is_authenticated, is_active, and more.
    - **Many-to-many relationship**: A flexible way to handle users with multiple roles, common in RBAC systems.

#### Assign Roles to Users

In [None]:
from flask_security import SQLAlchemyUserDatastore

# Initialize SQLAlchemyUserDatastore
user_datastore = SQLAlchemyUserDatastore(db, User, Role)

# Assign a role to a user (for example, Admin)
user = user_datastore.get_user(user_id)
user_datastore.add_role_to_user(user, 'admin')
db.session.commit()

#### Protect routes

In [None]:
from flask_security import roles_required

@app.route('/admin')
@roles_required('admin')  # Only accessible to users with the 'admin' role
def admin():
    return "Welcome, Admin!"

###  Account Activation (via Email Confirmation)
helps verify the user's email before allowing them to use the system. Flask-Security provides built-in support for email confirmation.

#### Enable Account Activation
by adding SECURITY_CONFIRMABLE = True in your config.py.

In [None]:
# Enable email confirmation for account activation
SECURITY_CONFIRMABLE = True  # Required for email confirmation (account activation)

# Option to send a welcome email after registration
SECURITY_SEND_REGISTER_EMAIL = False  # Set to False to prevent sending a welcome email until account is activated

#### Configure Flask-Mail
Ensure that Flask-Mail is configured to send emails. Add your mail server configuration in config.py.

In [None]:
# Flask-Mail settings (for sending emails)
MAIL_SERVER = 'smtp.gmail.com'
MAIL_PORT = 587
MAIL_USE_TLS = True
MAIL_USERNAME = 'your_email@gmail.com'
MAIL_PASSWORD = 'your_email_password'
MAIL_DEFAULT_SENDER = 'your_email@gmail.com'  # Sender email address for confirmation emails

#### Handling Registration Logic in Registration Route

In [None]:
# routes.py
from flask import render_template, redirect, url_for, flash
from flask_security.utils import hash_password, send_confirmation_instructions
from yourapp.models import User  # Import your User model
from yourapp import db  # Your SQLAlchemy instance
from yourapp.forms import RegistrationForm

@app.route('/register', methods=['GET', 'POST'])
def register():
    form = RegistrationForm()
    if form.validate_on_submit():
        # Check if the user already exists
        existing_user = User.query.filter_by(email=form.email.data).first()
        if existing_user:
            flash('A user with that email already exists', 'danger')
            return redirect(url_for('register'))
        
        # Create a new user
        new_user = User(
            email=form.email.data,
            password=hash_password(form.password.data),  # Use hash_password from Flask-Security
            active=False  # New user is not active until they confirm their email
        )
        db.session.add(new_user)
        db.session.commit()

        # Send confirmation email
        send_confirmation_instructions(new_user)  # Flask-Security utility to send the confirmation email

        flash('A confirmation email has been sent. Please check your inbox.', 'info')
        return redirect(url_for('login'))
    
    return render_template('register.html', form=form)


#### Handle Email Confirmation Link (Activation)
Flask-Security has a built-in route for handling confirmation links that users click in their email, so you don’t need to manually create a route for that. Once the user clicks the confirmation link, Flask-Security will automatically:
- Validate the token in the confirmation link.
- Activate the user by setting active=True.

#### Enforce Email Verification
In your views, you can enforce email confirmation using the @confirm_email_required decorator.

In [None]:
from flask_security import confirm_email_required

@app.route('/dashboard')
@confirm_email_required
def dashboard():
    return "Welcome to your dashboard!"

Once a user registers, they will receive a confirmation email, and their account will only be activated after they click the confirmation link.

### Password Management (Recovery and Resetting)
Flask-Security supports password recovery and resetting, allowing users to reset their password if they forget it. This feature includes sending a recovery email with a reset link.

#### Enable Password Recovery

In [None]:
SECURITY_RECOVERABLE = True

#### Configure MAIL_SERVER 
configure MAIL_SERVER settings to ensure that Flask can send recovery emails.

In [None]:
# Flask-Mail settings for sending recovery emails
MAIL_SERVER = 'smtp.gmail.com'  # Use your email provider's SMTP server
MAIL_PORT = 587  # Common port for TLS encryption
MAIL_USE_TLS = True  # Use TLS encryption
MAIL_USERNAME = 'your_email@gmail.com'  # Your email address
MAIL_PASSWORD = 'your_email_password'  # Your email password
MAIL_DEFAULT_SENDER = 'your_email@gmail.com'  # The sender address for recovery emails

####  Create the Password Recovery Form
This form will allow the user to input their email address to request a password reset link.

In [None]:
# forms.py
from flask_wtf import FlaskForm
from wtforms import StringField, SubmitField
from wtforms.validators import DataRequired, Email

class PasswordRecoveryForm(FlaskForm):
    email = StringField('Email', validators=[DataRequired(), Email()])
    submit = SubmitField('Recover Password')

In [None]:
# views.py
from flask import render_template, redirect, url_for, flash
from .forms import PasswordRecoveryForm
from flask_security import send_reset_password_instructions

@app.route('/recover', methods=['GET', 'POST'])
def recover_password():
    form = PasswordRecoveryForm()
    if form.validate_on_submit():
        email = form.email.data
        # Trigger Flask-Security's email sending
        send_reset_password_instructions(email)
        flash('A password reset email has been sent if the email exists in our system.', 'info')
        return redirect(url_for('login'))
    return render_template('recover.html', form=form)

- The view processes the form submission and triggers Flask-Security's send_reset_password_instructions to send the reset email.
- It displays a success message if the form is successfully submitted.

In [None]:
<!-- recover.html -->
<form method="POST" action="{{ url_for('recover_password') }}">
    {{ form.hidden_tag() }}  <!-- CSRF protection -->
    <div>
        {{ form.email.label }} 
        {{ form.email() }}  <!-- Email field -->
    </div>
    <div>
        {{ form.submit() }}  <!-- Submit button -->
    </div>
</form>

#### Email Confirmation for Password Recovery
Once the user submits the password recovery form, Flask-Security automatically generates a unique token and sends an email to the user. The email contains a link to the password reset page, which includes the token in the URL.<br>

- Flask-Security manages this email generation and sending based on the configuration you provided (such as MAIL_SERVER, MAIL_USERNAME, etc.).

#### Create the Password Reset Form
This form will allow users to reset their password after they click the reset link in their email.

In [None]:
# forms.py
from flask_wtf import FlaskForm
from wtforms import PasswordField, SubmitField
from wtforms.validators import DataRequired, EqualTo

class PasswordResetForm(FlaskForm):
    password = PasswordField('New Password', validators=[DataRequired()])
    password_confirm = PasswordField('Confirm New Password', validators=[DataRequired(), EqualTo('password')])
    submit = SubmitField('Reset Password')

In [None]:
# views.py
from flask import render_template, redirect, url_for, flash, request
from .forms import PasswordResetForm
from flask_security import reset_password

@app.route('/reset/<token>', methods=['GET', 'POST'])
def reset_password_view(token):
    form = PasswordResetForm()
    if form.validate_on_submit():
        new_password = form.password.data
        # Call Flask-Security's reset_password function with the token
        if reset_password(token, new_password):
            flash('Your password has been reset successfully.', 'success')
            return redirect(url_for('login'))
        else:
            flash('The reset token is invalid or expired.', 'danger')
            return redirect(url_for('recover_password'))
    return render_template('reset_password.html', form=form)


<!-- reset_password.html -->
<form method="POST" action="{{ url_for('reset_password_view', token=token) }}">
    {{ form.hidden_tag() }}  <!-- CSRF protection -->
    <div>
        {{ form.password.label }} 
        {{ form.password() }}  <!-- New password field -->
    </div>
    <div>
        {{ form.password_confirm.label }} 
        {{ form.password_confirm() }}  <!-- Confirm password field -->
    </div>
    <div>
        {{ form.submit() }}  <!-- Submit button -->
    </div>
</form>


When the form is submitted, Flask-Security:

- Verifies that the reset token is valid (it was included in the email link).
- Verifies that the new password and password confirmation match.
Hashes the new password and updates the user’s record in the database.


#### Automatic Email Notifications
Flask-Security automatically sends an email when the password is successfully reset, notifying the user that their password has been changed.

#### Additional Notes
- **Token Expiration**: Flask-Security uses tokens for password recovery that expire after a certain period for security reasons. You can control this with the **SECURITY_RESET_SALT** and **SECURITY_RESET_WITHIN** settings.

# Sources
- <a href="https://www.youtube.com/playlist?list=PL7yh-TELLS1EyAye_UMnlsTGKxg8uatkM">Flask Tutorial Series by NeuralNine</a>
- <a href="https://www.youtube.com/watch?v=Qr4QMBUPxWo&t=1581s&pp=ygUVZGF0YSBzY2llbmNlIGJvb3RjYW1w">Flask Course - Python Web Application Development by freeCodeCamp.org</a>
- <a href="https://www.youtube.com/watch?v=whEObh8waxg&ab_channel=NeuralNine">Online Web Chat in Python With Flask</a>
- <a href="https://getlazy.ai/post/flask-admin-templates">Building Professional Interfaces with Flask Admin Templates</a>