# FLASK

Flask is a microframework for Python

* built-in development server and debugger
* integrated unit testing support
* RESTful request dispatching
* uses Jinja2 templating
* support for secure cookies (client side sessions)
* 100% WSGI 1.0 compliant
* Unicode based
* extensively documented

1. Open a terminal in the directory where you would like your project to be located.
2. Create a virtual environment: 
    + Without Conda:
        + pip install virtualenv
        + virtualenv flask
        + source venv/bin/activate
        + pip install flask
    + With Conda:
        + conda create --name flask flask
        + source activate flask
3. Verify whether Flask is installed with a simple smoke test,

    python -m flask.config

Nothing will be displayed if Flask is installed.

### Documentation
* Flask docs available at: flask.pocoo.org/docs/.

* Werkzeug docs available at: werkzeug.pocoo.org/docs/. Werkzeug is Flask's underlying web service implementation.

* Jinja docs available at: jinja.pocoo.org/docs/. Jinja is Flask's default template engine.


    

### First web aplication

* Put this code into a file named `hello.py` :

``` python
from flask import Flask
app = Flask(__name__)

@app.route('/')
def hello():
    return 'Hello, world!'

if __name__ == '__main__':
    app.run()
```

In [4]:

from flask import Flask
app = Flask(__name__)

@app.route('/')
def hello():
    return 'Hello, world!'

if __name__ == '__main__':
    app.run()

 * Serving Flask app "__main__" (lazy loading)
 * Environment: production
   Use a production WSGI server instead.
 * Debug mode: off


 * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
127.0.0.1 - - [25/Oct/2020 12:08:47] "[37mGET / HTTP/1.1[0m" 200 -
127.0.0.1 - - [25/Oct/2020 12:08:47] "[33mGET /favicon.ico HTTP/1.1[0m" 404 -


* Run this application from the console:

    `$ python hello.py`


* If this runs correctly, you will see:

    \* Running on http://127.0.0.1:5000/

This is a URL, which you can visit in your browser. When you do, your browser will display a plain page which says "Hello, world!" (without quotes).

Note that the address 127.0.0.1 refers to localhost, such that Flask will only respond to requests from the host running the code.

### Step by step:

In [5]:
from flask import Flask
app = Flask(__name__)

This creates a Python object app, which is a WSGI application. WSGI stands for Web Service Gateway Interface, and is the Python community's standard interface for hosting web projects. 

The next block sets up a function to handle web requests to the '/' URL:

In [2]:
@app.route('/')
def hello():
    return 'Hello, world!'


Every time Flask gets a request to the '/' URL, it will call the hello function. The Python web community calls these routed functions view functions. In general, view functions in Flask return strings for web responses, and here we provide a simple "Hello, world!" response for all the requests, to prove that things are working.

The final block tells Python to run a development web server, but to only do so if the current .py file is being called directly, (not imported):

**Alert:** stop the server before run it again, elsewhere it will raise an *"Address Already in Use"* error. 

**Press stop button** for finish *run* process


In [3]:
if __name__ == '__main__':
    app.run()

### Development server


If you need to access your Flask application from another machine on the network, use:

In [9]:
app.run('0.0.0.0',debug=True)

 * Serving Flask app "__main__" (lazy loading)
 * Environment: production
   Use a production WSGI server instead.
 * Debug mode: on


 * Restarting with windowsapi reloader


SystemExit: 1

The default port for Flask's development server is 5000, and we will use localhost on port 5000 throughout this book. If this is already in use, or you would like to use a different port, you can set it via the second argument to the run method, as follows.

In [9]:
app.run('0.0.0.0', 8080)

The development server given by app.run is for development only. When you are ready to publish your application, use a industrial web server.  Because we are using app.run for development only, let's turn on the debug mode, which will provide an interactive debugger in the web browser when uncaught exceptions occur and will reload code on changes to existing Python files in your project. You should only use '0.0.0.0' and/or debug mode on a trusted network. Add debug=True to the run line, keeping any other arguments you already added:

In [8]:
app.run()  

 * Serving Flask app "__main__" (lazy loading)
 * Environment: production
   Use a production WSGI server instead.
 * Debug mode: on


 * Restarting with windowsapi reloader


SystemExit: 1

### Creating a web application

Let's move our one-file application into a directory setup for a larger application. Create the following file layout in your project:

```
manage.py
requirements.txt
fooApp/
  app.py
  config.py
  filters.py
  forms.py
  __init__.py
  models.py
  static/
  templates/
```

Move hello.py to app.py inside the fooApp directory. The \__init__.py file is an empty file telling Python that fooApp is a package containing Python files. The config.py, filters.py, forms.py, and models.py files are currently empty files.

We will use **manage.py** to manage our application using Flask-Script, with these contents:

``` python 
from flask_script import Manager
from fooApp.app import app

manager = Manager(app)
app.config['DEBUG'] = True # Ensure debugger will load.

if __name__ == '__main__':
  manager.run()
```

The `requirements.txt` file is a conventional way to track all third-party Python packages.
Set the file with the following listing, which is one package name per line. 

    Flask
    Flask-Script

Run ``pip install -r requirements.txt``
with your virtualenv active and a working internet connection to install these dependencies. (source activate flask)




Now you can run your application with :

`python manage.py runserver`

Use `python manage.py runserver -?` for see options

For example if you want to make your site available to everybody on port 80:


``sudo python manage.py runserver -h 0.0.0.0 -p 80```


## Routing URL's and accepting requests

The Flask app object includes a route decorator to specify URL rules to use for a view function conveniently, which provides a declarative style for routing requests to Python callables. For now, we simply return a string describing what the handler is going to do, which we'll implement later, so that you can see the URL routing in action from your browser. Place into app.py:


```python
@app.route('/products/')
def products_list():
  return 'Listing of all products we have.'

@app.route('/products/<product_id>/')
def product_detail(product_id):
  return 'Detail of product     #{}.'.format(product_id)

@app.route( 
  '/products/<product_id>/edit/',
  methods=['GET', 'POST'])
def product_edit(product_id):
  return 'Form to edit product #.'.format(product_id)

@app.route( '/products/create/', methods=['GET', 'POST'])
def product():
  return 'Form to create a new product.'

@app.route('/products/<product_id>/delete/', methods=['DELETE'])
def product_delete(product_id):
    raise NotImplementedError('DELETE')
```

Using python manage.py runserver, you can visit these URLs at:

http://localhost:5000/products/

http://localhost:5000/products/1/

http://localhost:5000/products/1/edit/

http://localhost:5000/products/create/

http://localhost:5000/products/1/delete/

The main argument to app.route is the string URL rule. Items listed in angle brackets `<argument>` are parsed as named arguments to pass into the view function. Flask uses a convention of `<converter:argument>`
 in the URL rule to parse the argument value before passing it to your view function, and only routing the URL if a value is correctly parsed. By default, Flask treats the argument as a string. The additional built-in converters are:

+ `int`: The value of this converter is an integer

+ `float`: The value of this converter is a floating point number

+ `path`: The value of this converter is a string such as the default, but also accepts slashes



By default, if a URL rule ends in a trailing slash /, Flask will redirect requests without the trailing slash to the handler which includes it.

## Handling HTTP methods


The most common keyword argument to app.route is methods. Valid values are **GET**, **POST**, **PUT**, **DELETE**, **HEAD**, and **OPTIONS**. Default method is **GET**  Briefly, they are:

+ **GET**: This option is used to reply with information on resource, most common

+ **POST**: This option is used to receive from browser/client updated information for resource

+ **PUT**: This option is like POST, but repeat PUT calls on a resource should have no effect

+ **DELETE**: Using this option removes the resource

+ **HEAD**: This option is like GET, but replies only with HTTP headers and not content

+ **OPTIONS**: This option is used to determine which methods are available for resource

### Route collisions

When Flask routes your requests to unexpected places, look for collisions in your app.route calls. That is, if you have routes  `/<path:foopath>` and `/foo/bar/baz/`, both will match on /foo/bar/baz/. The solution is to be as specific as possible in your route parameters, and avoid overly generic parameters.





## Handling requests and responses

Flask provide request and response objects to represent incoming and outgoing data for your web application.

Add this code in the example app.py:

``` python
from flask import Flask, make_response,request 


@app.route('/string/')
def return_string():
  dump = dump_request_detail(request)
  return 'Hello, world!'

@app.route('/object/')
def return_object():
  dump = dump_request_detail(request)
  headers = {'Content-Type': 'text/plain'}
  return make_response(Response('Hello, world! \n' + dump, status=200,
    headers=headers))

@app.route('/tuple/<path:resource>')
def return_tuple(resource):
  dump = dump_request_detail(request)
  return 'Hello, world! \n' + dump, 200, {'Content-Type':
    'text/plain'}


def dump_request_detail(request):
  request_detail = """
## Request INFO ##
request.endpoint: {request.endpoint}
request.method: {request.method}
request.view_args: {request.view_args}
request.args: {request.args}
request.form: {request.form}
request.user_agent: {request.user_agent}
request.files: {request.files}
request.is_xhr: {request.is_xhr}

## request.headers ##
{request.headers}
  """.format(request=request).strip()
  return request_detail
```

#### Response:

Flask provides three different patterns for return values from your view functions:

* **string**, which can optionally use a template engine

* **a response instance**, an object with attributes representing HTTP response details

* **tuple of (string, status) or (string, status, http_headers)**, for convenience, such that you do not have to create a response instance

#### Request:

See the Flask docs for the full list of incoming request data. To provide an example, each description includes an example value for a request hitting http://localhost:5000/tuple/abc?foo=bar&foo=baz

* **endpoint**:  specifies the name of the request endpoint routed, for example, return_string.

* **method**: specifies the HTTP method of the current request, for example, GET.

* **view_args**:  specifies the dict of arguments parsed from URL route rule, for example,{'resource': u'abc'}.

* **args**:  specifies the dict of arguments parsed from the URL query string, for example, request.args['foo'] is 'bar' and request.args.getlist('foo') is ['bar', 'baz'].

* **form**: This feature of the request object specifies the dict of form data from POST or PUT requests, for example, {}.

* **user_agent**: This feature of the request object specifies the version identification provided by the browser.

* **files**: This feature of the request object specifies the dict of file uploads from POST or PUT requests, which go here instead of request.form, for example, {}. Each value in the dict is a FileStorage object which behaves like a Python file object, but also includes a save(filepath) method to store uploaded files (after you validate the destination path).

* **is_xhr**: True: This feature of the request object specifies when the incoming request is a JavaScript XMLHttpRequest, and False otherwise. This works with JavaScript libraries that provide the X-Requested-With HTTP header, set to XMLHttpRequest

Flask uses a custom dict type ImmutableMultiDict which supports multiple values per key (accessed by the getlist method), in cases where HTTP allows multiple values for a given argument, such as the query string in the URL, for example, ?foo=bar&foo=baz.

#### Before-request and after-request callbacks

As Flask prepares to call your view function and accepts its return value, it walks through each of the **before-request** and **after-request** callbacks you provide.

```python
@app.before_request
def callme_before_every_request():
  # Demo only: the before_request hook.
  app.logger.debug(dump_request_detail(request))

@app.after_request
def callme_after_every_response(response):
  # Demo only: the after_request hook.
  app.logger.debug('# After Request #\n' + repr(response))
  return response
```









## Handling static files 

Flask is ready to serve files on your disk from the moment you serve your first request.

Put the files inside the `static` folder, inside your app directory

`$> cd fooApp`

`$> mkdir static`

Put some image into the folder, p.ex log.jpeg:


http://localhost:5000/static/log.jpeg


Flask does not list the contents of the files in a static directory for user browsing; you have to link to the static files directly.

 http://localhost:5000/static/


Build URLs for them using:

        import flask
        flask.url_for('static', filename='path/to/filename')
    
    '/static/path/to/filename'

where `path/to/filename` is the file path inside the static folder, using / regardless of the operating system you are using.




## Dealing with forms

Let's get data from the user. Before we begin, remember to NEVER trust user input because sooner or later someone (or someone's script) with malicious intent will try to break your application.

En case to present a form to the user we have to validate user input. You can validate incoming data using any tools you like. We will use WTForms in our project.


Update `requirements.txt`:

    Flask
    Flask-Script
    WTForms

`$ pip install -r requirements.txt`

WTForms provides HTML form generation and validation of form data. In Flask, you will find submitted form data in `request.form` on the **POST** and **PUT** requests.


Create a new file `forms.py` inside the fooApp directory of our project and put this code:

```python
from wtforms import Form 
from wtforms import TextAreaField, TextField, FloatField
from wtforms.validators import Length, NumberRange,required

class ProductForm(Form):
  name = TextField('Name', [Length(max=255)])
  description = TextAreaField('Description')
  price = FloatField('price',[NumberRange(0.00),required()] )
 
```


Each attribute takes a label and a set of validators. The Length(max=255) validator ensures an input of maximum of 255 characters, and the required() validator rejects an empty input. NumberRange checks that the number is between the range expressed, if max is not defined it will no be checked.

The purpose of ProductForm class is two-fold: render an input form in HTML and validate submitted data. This form class represents how to display a form in HTML and accept or reject the results.


## Templates

Flask ships with the Jinja templating engine to render any text format you need. Our scheduler will present HTML5 pages rendered by Jinja with a little style and a bit of JavaScript.

We will build templates using HTML, CSS, and JavaScript. You will need some familiarity with these to understand the responses we build in Flask. We will use Twitter's Bootstrap (getbootstrap.com/2.3.2/) framework for CSS and the jQuery (jquery.com) library for JavaScript. Both include online documentation. Bootstrap also includes icons, which we can use in our application, provided by Glyphicons (glyphicons.com). We will use a free theme for Bootstrap from Bootswatch (bootswatch.com).

Create a directory called `templates` inside fooApp:

     mkdir templates

Jinja supports template inheritance, where template files can extend an existing template. We will use this feature to layout our base structure, using the block template tag to indicate sections which child templates will fill. We provide a block to set the page title, add any additional content to the page head (which is useful for additional style and scripting), and fill the main content of the page. Jinja uses template tags {% ... %} to indicate Jinja-specific markup and directives. Add the following code in `templates/base.html`:

```xml
<!DOCTYPE html>
<html lang="en">
<head>
  <title>{% block title %}{% endblock title %}</title>
  <link rel="shortcut icon" type="image/x-icon"
    href="{{ url_for('static', filename='img/favicon.ico') }}"/>
  <link href="https://netdna.bootstrapcdn.com/bootswatch/2.3.2/united/bootstrap.min.css" rel="stylesheet">
  <link href="https://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.2/css/bootstrap-responsive.min.css" rel="stylesheet">
  <script src="https://code.jquery.com/jquery-1.9.1.min.js"></script>
  <script src="https://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.2/js/bootstrap.min.js"></script>
  {# Link any other .css or .js found in app static folder. #}
  <style>
    {# Add simple CSS style tweaks here. #}
  </style>
  <script>
    $(function() {
      {# Add page-load JavaScript here. #}
    });
  </script>
  {% block extra_head %}{% endblock extra_head %}
</head>
<body>
  <div class="navbar navbar-static-top">
    <div class="navbar-inner">
    <div class="container">
      <a href="{{ url_for('products_list') }}" class="brand">Products</a>
      <ul class="nav">
              <li><a href="{{ url_for('product_create') }}">Create a new Product</a></li>
            </ul>
    </div>
   </div>
  </div>
  <div class="content container">
    {% block main %}{% endblock main %}
  </div>
  </div>
</body>
</html>

```


This base template allows us to write focused pages which share a common structure and style. Any template you create in the templates directory can inherit the base:

``` html
{% extends 'base.html' %}
{% block title %}Page Title{% endblock title %}
{% block main %}
  <h2>This is a child template.</h2>
{% endblock main %}
```

Render it with the flask.render_template function. If the file is named index.html inside the templates directory, you can render that template into a string with:


``` python
from flask import render_template

@app.route('/')
def index():
  return render_template('index.html')
```


## Models

Our  application needs data, and we want to store that data properly so that we can stop and start our application without losing any data.

You can use any database you want, either SQL or NotSQL. We will use MongoDB:

First, update requirements.txt:

    Flask
    Flask-Script
    WTForms
    Flask-PyMongo
    
Then reaply requirements.txt

    $ pip install -r requirements.txt

Next, add a PyMongo to your code:

```python
from flask import Flask
from flask_pymongo import PyMongo

app = Flask(__name__)

app.config['MONGO_DBNAME'] = 'foodb'
app.config['MONGO_URI'] = 'mongodb://localhost:27017/foodb'

mongo = PyMongo(app)

```

PyMongo connects to the MongoDB server running on port 27017 on localhost, and assumes a default database name of app.name (i.e. whatever name you pass to Flask). This database is exposed as the db attribute.

You can use the database directly in views using the **db** atribute:

    mongo.db


# Puting all together: Creating a new product

Now we will update the app.py file from fooApp and the html templates in the template directory.

```python

from flask import abort, jsonify, redirect, render_template
from flask import request, url_for
from forms import ProductForm

import json

#... skipping ahead. Keep previous code from app.py here.

@app.route('/products/create/', methods=['GET', 'POST'])
def product_create():
  """Provide HTML form to create a new product."""
  form = ProductForm(request.form)
  if request.method == 'POST' and form.validate():
    mongo.db.products.insert_one(form.data)
    # Success. Send user back to full product list.
    return redirect(url_for('products_list'))
  # Either first load or validation error at this point.
  return render_template('product/edit.html', form=form)
```


Before we build out the input fields, we can create a utility for ourselves which will display all of the WTForms features for a given field: label, input, and errors. Jinja has macros, which are similar to Python functions. We will create a macro to render an edit field from ProductForm.

For inputs, we can follow Bootstrap conventions with control-group and controls page elements, which will let us completely control the form flow from CSS. We want to start a new template with our macro, so that we can reuse it in other templates we create. In `templates/product/common.html`:

```xml
{% macro edit_field(field, catch_kwargs=true) %}
  <div class="control-group{% if field.errors %} error{% endif %}">
    {{ field.label(class="control-label") }}
  <div class="controls">
    {{ field(**kwargs) }}
    {% for error in field.errors %}
     <span class="help-inline">{{ error }}</span>
    {% endfor %}
  </div>
  </div>
{% endmacro %}
```

Now we can build a form using our new macro. Starting a new template, we can extend the base and import the macro. When extending the base, we provide blocks title and main, using the same syntax as the base template. You can set variables within a template, for use within that template, using {% set ... %}

In templates/product/edit.html:

```xml
{% extends 'base.html' %}

{% from 'product/common.html' import edit_field %}

{% set title = 'Add Product' %}

{% block title %}{{ title }}{% endblock title %}

{% block main %}
<div class="row">
  <div class="product-edit well offset2 span8">
  <form method="post" class="form-horizontal">
    <legend>{{ name }}</legend>
    {{ edit_field(form.name, maxlength=255, class="span3",
      placeholder="Product name") }}
    {{ edit_field(form.description, rows="5", class="span5",
      placeholder="Product description.") }}
    {{ edit_field(form.price, class="span3",
      placeholder="0.01") }}
    <div class="form-actions">
    <button type="submit" class="btn">Save</button>
    or <a href="{{ url_for('products_list') }}">Cancel</a>
    </div>
  </form>
  </div>
</div>
{% endblock main %}
```


On GET, the form is rendered with an action to POST the data to the same URL. On POST, the view function validates the data and adds it to the database. If the validation fails, the POST renders the template again, but this time the form object has errors.

Jinja uses template syntax {{ ... }} to print a Python object in context to the template's output. We use a simple if statement to add the error class if the field has errors, which will highlight the input when errors exist (thanks to Bootstrap style). We use a for loop to lay down a help span for each error on the field. The use of \**kwargs will catch all arguments which are given beyond the macro's call signature; this lets us pass in all WTForm field options through the macro. The kwargs feature only works in Jinja macros when catch_kwargs=true.

CSS classes form-horizontal, span3, and span5 tell Bootstrap how to layout the form on its grid system. The placeholder attribute is a feature in HTML5 to show a watermarkin the input when there is no content.



# Puting all together: Displaying a record

Add this code to `app.py` 

```python
from bson.objectid import ObjectId

@app.route('/products/<product_id>/')
def product_detail(product_id):
  """Provide HTML page with a given product."""
  # Query: get Product object by ID.
  product = mongo.db.products.find_one({ "_id": ObjectId(product_id) })
  print product
  if product is None:
    # Abort with Not Found.
    abort(404)
  return render_template('product/detail.html',
    product=product)
```


Create a new macro for displaying the record in `templates/product/common.html`

```xml
{% macro detail(product,
      link_title=false,show_edit=true,
      show_description=true) %}
    <div class="product-detail">
      {% if link_title %}
        <p>
        <h3>
          <a href="{{ url_for('product_detail',
            product_id=product._id|string()) }}">
            {{ product.name }}</a>
        </h3>
      </p>
      {% else %}
      <p>
        <h3>{{ product.name }}</h3>
      </p>
      {% endif %}
      <p> Price: {{ product.price }} €</p>

      {% if show_description and product.description %}
      <div class="row">
        <p class="span5">{{ product.description }}</p>
      </div>
      {% endif %}
      {% if show_edit %}
      <div class="edit-controls">
        <i class="icon-pencil"></i>
        <a href="{{ url_for('product_edit', product_id=product._id|string()) }}">Edit</a>
        <span class="inline-pad"></span>
        <i class="icon-trash"></i>
        <a class="product-delete-link" href="#" data-delete-url="{{ url_for('product_delete', product_id=product._id|string()) }}">Delete</a>
      </div>
    {% endif %}

    </div>
    {% endmacro %}
```

And create a `detail.html` inside `templates/product` folder:
```xml
{% extends 'base.html' %}

{% from 'product/common.html' import detail %}

{% block title %}
  {{ product.name }}
{% endblock title %}

{% block main %}
<div class="row">
  <div class="span12">
    {{ detail(product) }}
  </div>
</div>
{% endblock main %}
```


# Puting all together: Displaying all products

Add this code to `app.py` 
```python
@app.route('/products/')
def products_list():
  """Provide HTML listing of all Products."""
  # Query: Get all Products objects, sorted by date.
  products = mongo.db.products.find()[:]
  return render_template('product/index.html',
    products=products)
```

And create the `templates/product/index.html` template, inside the product folder:

```html
{% extends 'base.html' %}

{% from 'product/common.html' import detail %}

{% block title %}Products{% endblock title %}

{% block main %}
<div class="row">
  {% for product in products %}
    <div class="span12">
    {{ detail(product,
      show_edit=false,
      link_title=true,
      show_description=false) }}
    </div>
  {% else %}
    <h3 class="span12">No Products.</h3>
  {% endfor %}
</div>
{% endblock main %}
```

And changes the main root of the web to point to `index.html` :

``` python
from flask import render_template

@app.route('/')
def index():
  return redirect(url_for('products_list'))
```




## TODO EDIT a product:

* EDIT a product: The edit workflow is a mix of add and detail views. We get a product, and if it exists, we display a form to edit it. 

## DELETE a product

How do you get a browser to send a DELETE request? With JavaScript. The jQuery library makes Ajax calls a lot simpler than JavaScript alone. We add a jQuery hook which will take all delete links and submit an ajax call when they are clicked. The on-click callback grabs the deletion URL from the delete link, and sends it as a DELETE request. On success, it redirects the current browser window to the product list. By placing this script into the `template/base.html`, it will make all delete links functional on the product list and detail pages:

```xml
<script>
  $(function() {
    $(".product-delete-link").on("click", function() {
      var delete_url = $(this).attr('data-delete-url');
      $.ajax({
        url: delete_url,
        type: 'DELETE',
        success: function(response) {
          if (response.status == 'OK') {
            window.location = {{ url_for('products_list') }};
          } else {
            alert('Delete failed.')
          }
        }
      });
      return false;
    });
  });
</script>

```




Now we can setup the producte_delet method in app.py in order to delete the product.

```python 
@app.route('/products/<product_id>/delete/', methods=['DELETE'])
def product_delete(product_id):
  """Delete record using HTTP DELETE, respond with JSON."""
  result = mongo.db.products.delete_one({ "_id": ObjectId(product_id) })
  if result.deleted_count == 0:
    # Abort with Not Found, but with simple JSON response.
    response = jsonify({'status': 'Not Found'})
    response.status = 404
    return response
  return jsonify({'status': 'OK'})
```


# Handling Errors

You can tell Flask how to render responses for error cases, typically for HTTP error codes. 
Flask provides `app.errorhandler` to tell Flask how to handle certain kinds of errors, taking either 4xx or 5xx HTTP status codes or Python exception classes. Decorate a function which accepts an Exception instance and returns a response. Be sure to include the HTTP status code in the Flask response, by providing 404 in a tuple response with the rendered template string. In the following code, we render a not-found template, which provides a link back to the products list. In `app.py`

```python
import bson

@app.errorhandler(404)
def error_not_found(error):
  return render_template('error/not_found.html'), 404

@app.errorhandler(bson.errors.InvalidId)
def error_not_found(error):
  return render_template('error/not_found.html'), 404  
```

Create a new error template in `templates/error/not_found.html`:

```xml
{% extends 'base.html' %}

{% block title %}Not Found{% endblock title %}

{% block main %}
<h2>Not Found</h2>
{% endblock main %}
```

The app.errorhandler decorator accepts exception classes or HTTP status codes as integers. Following are some HTTP status codes to get you started. You can use these with flask.abort(status_code) in your view functions to jump directly to an error response, and define a custom app.errorhandler to provide a styled response.

+ 400 Bad Request
+ 401 Unauthorized
+ 403 Forbidden
+ 404 Not Found
+ 405 Method Not Allowed (you may have forgotten methods in your route)
+ 410 Gone (and not coming back)
+ 500 Internal Server Error

See www.w3.org/Protocols/rfc2616/rfc2616-sec10.html for the full list.


# Login and sessions

Flask provides a session object, which behaves like a Python dictionary, and persists automatically across requests. `Flask-Login` provides a simple means to track a user in Flask's session. Update `requirements.txt`:

    Flask
    Flask-Login
    Flask-Script
    Flask-PyMongo
    WTForms
        
In order to login into our aplication to edit and delete products, we need to create a collection of users in our Mongo Database:

Enter to mongo client:
    
    > mongo
   
   
Or use your database configuration DataBase when connecting to mlab remote DataBase:
    
    >  mongo ds______.mlab.com:___/ads -u <dbuser> -p <dbpassword>
switch to foodb database:  
    
    use foodb
create a new user/password: 
    
    db.users.insert( {username:"test", password:"1234"} )

Next we need to create a User class letting Flask-login to handle the autentification process. This user class have to implement four methods: `is_authenticated`, `is_active`, `is_anonymous` and `get_id`. Create a `model.py` file inside `fooApp` folder and build the next class:

```python
class User():

    def __init__(self, username):
        self.username = username

    def is_authenticated(self):
        return True

    def is_active(self):
        return True

    def is_anonymous(self):
        return False

    def get_id(self):
        return self.username
        
    @staticmethod
    def validate_login(password_form, password):
        return password_form == password
```

We add the methods and configuration for use flask_login in `app.py`:

```python
from flask_login import LoginManager, current_user
from flask_login import login_user, logout_user

from forms import LoginForm
from models import User

app.config['SECRET_KEY'] = 'enydM2ANhdcoKwdVa0jWvEsbPFuQpMjf' # Create your own.
app.config['SESSION_PROTECTION'] = 'strong'


# Use Flask-Login to track current user in Flask's session.
login_manager = LoginManager()
login_manager.setup_app(app)
login_manager.login_view = 'login'



@login_manager.user_loader
def load_user(user_id):
  """Flask-Login hook to load a User instance from ID."""
  u = mongo.db.users.find_one({"username": user_id})
  if not u:
        return None
    return User(u['username'])
```
Now we can add the login view in `app.py`

```python
@app.route('/login/', methods=['GET', 'POST'])
def login():
  if current_user.is_authenticated:
    return redirect(url_for('products_list'))
  form = LoginForm(request.form)
  error = None
  if request.method == 'POST' and form.validate():
    username = form.username.data.lower().strip()
    password = form.password.data.lower().strip()
    user = mongo.db.users.find_one({"username": form.username.data})
    if user and User.validate_login(user['password'], form.password.data):  
      user_obj = User(user['username'])
      login_user(user_obj)
      return redirect(url_for('products_list'))
    else:
      error = 'Incorrect username or password.'
  return render_template('user/login.html',
      form=form, error=error)

@app.route('/logout/')
def logout():
  logout_user()
  return redirect(url_for('products_list'))
```
Next we need to put a new login form in `forms.py`:

```python
from wtforms import PasswordField

class LoginForm(Form):
    """Render HTML input for user login form.

    Authentication (i.e. password verification) happens in the view function.
    """
    username = TextField('Username', [required()])
    password = PasswordField('Password', [required()])
```

Finally we decorate every view function that requires a valid user, in `app.py`

```python
from flask_login import login_required

@app.route('/products/<product_id>/delete/', methods=['DELETE'])
@login_required
def product_delete(product_id):
  # 

@app.route('/products/create/', methods=['GET', 'POST'])
@login_required
def product_create():
  #
  
@app.route(
  '/products/<product_id>/edit/',
  methods=['GET', 'POST'])
@login_required
def product_edit(product_id):
#
```

Use this template as login page, in `templates/user/login.html':

```xml
{% extends 'base.html' %}

{% block title %}Login{% endblock title %}

{% block main %}
<div class="row">
  <div class="login well offset2 span8">
    <form method="post" class="form-horizontal">
      <legend>Login</legend>
      {% if error %}<p class="alert alert-error">{{ error }}</p>{% endif %}
      <div class="control-group{% if form.username.errors %} error{% endif%}">
        {{ form.username.label(class="control-label") }}
        <div class="controls">
          {{ form.username }}
          {% for error in form.username.errors %}<span class="help-inline">{{ error }}</span>{% endfor %}
        </div>
      </div>
      <div class="control-group{% if form.password.errors %} error{% endif%}">
        {{ form.password.label(class="control-label") }}
        <div class="controls">
          {{ form.password }}
          {% for error in form.password.errors %}<span class="help-inline">{{ error }}</span>{% endfor %}
        </div>
      </div>
      <div class="form-actions">
        <button type="submit" class="btn">Log In</button>
      </div>
    </form>
  </div>
</div>
{% endblock main %}

```

Add the login box, changing in the navigation bar, in `base.html`:

```xml
<body>
  <div class="navbar navbar-static-top">
    <div class="navbar-inner">
    <div class="container">
      <a href="{{ url_for('products_list') }}" class="brand">Products</a>
      {% if current_user.is_authenticated %}
      <ul class="nav">
              <li><a href="{{ url_for('product_create') }}">Create a new Product</a></li>
            </ul>
       <ul class="nav pull-right">
              <li class="dropdown">
                <a href="#" class="dropdown-toggle" data-toggle="dropdown">{{ current_user.username }} <b class="caret"></b></a>
                <ul class="dropdown-menu">
                  <li><a href="{{ url_for('logout') }}">Logout</a></li>
                </ul>
              </li>
            </ul>
            {% else %}
            <ul class="nav pull-right">
              <li><a href="{{ url_for('login') }}">Login</a></li>
            </ul>
            {% endif %}

    </div>
   </div>
  </div>
  <div class="content container">
    {% block main %}{% endblock main %}
  </div>
  </div>
</body>
```

On login_user, Flask-Login gets the user object's ID from User.get_id and stores it in Flask's session. Flask-Login then sets a before_request handler to load the user instance into the current_user object, using the load_user hook we provide. The logout_user function then removes the relevant bits from the session.

If no user is logged in, then current_user will provide an anonymous user object which results in current_user.is_anonymous() returning True and current_user.is_authenticated() returning False, which allows application and template code to base logic on whether the user is valid. (Flask-Login puts current_user into all template contexts.) You can use User.is_active to make user accounts invalid without actually deleting them, by returning False as appropriate.

View functions decorated with login_required will redirect the user to the login view if the current user is not authenticated, without calling the decorated function.



# Hosting on Heroku

Heroku was one of the first platform as a service providers. It started as a hosting option for Ruby based applications, but then grew to support many other languages like Java, Node.js and our favorite, Python.

In essence, deploying a web application to Heroku requires just uploading the application using git. Heroku looks for a file called Procfile in the application's root directory for instructions on how to execute the application. For Python projects Heroku also expects a requirements.txt file that lists all the module dependencies that need to be installed.




1. Creating Heroku account
Before we can deploy to Heroku we need to have an account with them. So head over to heroku.com and create an account.
Once you are logged in you have access to a dashboard, where all your apps can be managed. 

2. Installing the Heroku client

Heroku offers a tool called the "Heroku client" that we'll use to create and manage our application. This tool is available for Windows, Mac OS X and Linux. If there is a [Heroku toolbelt](https://toolbelt.heroku.com/) download for your platform then that's the easiest way to get the Heroku client tool installed.

The first thing we should do with the client tool is to login to our account:

    $ heroku login
    
To deploy to Heroku the application must be in a local git repository. If your code is in Github, clone it first. Remember to checkout the 
branch you want for the Heroku integration.

### Creating a Heroku app

To create a new Heroku app you just use the create command from the root directory of the application:

    $ heroku apps:create flask-fooapp
    
Of course the name flask-fooapp is now taken, so make sure you use a different app name.

### Accesing MongoDB Database in MLAB

Change the App mongoDB configuration in a way that it connects to MLAB database:

    app.config['MONGO_DBNAME'] = <namedatabase>
    app.config['MONGO_URI'] = 
                "mongodb://<user>:<password>@<URLdatabase>.mlab.com:57066/<namedatabase>"



### The web server
    
Heroku does not provide a web server. Instead, it expects the application to start its own server on the port number given in environment variable $PORT.

We know the Flask web server is not good for production use because it is single process and single threaded, so we need a better server. The Heroku tutorial for Python suggests `gunicorn`, a pre-fork style web server written in Python, so that's the one we'll use.

The `gunicorn` web server needs to be added to the `requirements.txt` inside the app directory


### The Procfile
The last requirement is to tell Heroku how to run the application. For this Heroku requires a file called `Procfile` in the root folder of the application.

This file is extremely simple, it just defines process names and the commands associated with them (file Procfile):

    web: gunicorn app:app

The web label is associated with the web server. Heroku expects this task and will use it to start our application.


### Deploying the application

And now, we push the application to our Heroku hosting account. It can be done using the heroku web application. In the deployment section, connect heroku with your Github repository that holds the WebApp and select Manual Deployment. 


   
Now the application is online:

    https://flask-fooapp.herokuapp.com/products/

Heroku deploys in `https` protocol, instead of `http`. So all the links in the `base.html` have to be changed to `https` protocol in order to load the css:

```xml
<link rel="shortcut icon" type="image/x-icon"
    href="{{ url_for('static', filename='img/favicon.ico') }}"/>
<link href="https://netdna.bootstrapcdn.com/bootswatch/2.3.2/united/bootstrap.min.css" rel="stylesheet">
<link href="https://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.2/css/bootstrap-responsive.min.css" rel="stylesheet">
<script src="https://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="https://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.2/js/bootstrap.min.js"></script>
```
    



Extracted from: https://www.packtpub.com/mapt/book/Web%20Development/9781782169628

© By Ron DuPlain