## üìå **Topic: Routes and Controllers in Web Applications**

### üéØ **Learning Outcomes**

* Understand how **controllers** are implemented using **routes**
* Introduction to **Python decorators**
* Learn basic **Flask routing** with examples
* Understand how **HTTP methods** (GET, POST, etc.) map to controller functions

---

### üîÅ **Client-Server Model & Stateless Nature**

* Web applications follow a **stateless** client-server model.
* The server doesn‚Äôt remember the client‚Äôs previous state.
* All client interactions are through **HTTP requests**, and the server must respond based only on the **incoming request**, without assumptions about prior state.

---

### üåê **HTTP Requests Overview**

* Requests include:

  * **Verb** (e.g., GET, POST)
  * **URL** (context/path)
* Example:

  * `GET /course/assessment` ‚Äì Fetch an assessment page
  * `POST /quiz/submit` ‚Äì Submit quiz responses

---

### üîÑ **Routing: Mapping URL to Actions**

* The application needs to **map URLs to corresponding actions**.
* Flask handles this using **route decorators**.

---

### üß© **Python Decorators**

* A **decorator** adds additional behavior to a function without modifying it.
* Syntax: `@decorator_name`
* In Flask: `@app.route("/")` maps a URL to a specific controller function.

---

### üîß **Basic Flask Example**

```python
from flask import Flask
app = Flask(__name__)

@app.route("/")
def home():
    return "Hello World"
```

* When `GET /` is called, Flask routes the request to `home()` and returns the response.

---

### üß† **Important Concepts**

* Flask builds a **routing table** using decorators like `@app.route`.
* Flask does **strict routing**:

  * If you define `@app.route("/")` for `GET`, it won‚Äôt respond to `POST /`.
  * If a wrong method is used, Flask throws an error (safe against malicious usage).

---

### üîê **HTTP Verbs & Controller Functions**

* **GET**: Retrieve resources
* **POST**: Create or update resources
* **DELETE**: Remove resources
* **PUT/PATCH**: Modify existing resources

---

### üì• **Dynamic Routes with Parameters**

```python
@app.route("/<int:user_id>", methods=["GET"])
def show(user_id):
    # Logic to fetch and return user details
```

* Flask extracts `user_id` and passes it to `show()`.
* For `/42`, Flask would call `show(42)`.

---

### üóÉÔ∏è **Examples of RESTful Mappings**

| Route Pattern         | Method | Function    | Purpose            |
| --------------------- | ------ | ----------- | ------------------ |
| `/`                   | GET    | `index()`   | Show home page     |
| `/create`             | POST   | `store()`   | Store new entry    |
| `/<int:user_id>`      | GET    | `show()`    | Show specific user |
| `/<int:user_id>/edit` | POST   | `update()`  | Update user info   |
| `/<int:user_id>`      | DELETE | `destroy()` | Delete user        |

---

### üîí **Security Considerations**

* Destructive operations (like `DELETE`) must be protected with:

  * **Authentication**
  * **Tokens / CSRF Protection**
* Prevents attackers from invoking destructive routes via crafted URLs.

---

### üß± **Flask & MVC**

* Flask is **not inherently MVC**, but it supports MVC **style** design.
* MVC in Flask is a **design philosophy**, not a rigid framework.

  * **Model**: Data structures (e.g., SQLAlchemy ORM)
  * **View**: Templates (HTML/Jinja)
  * **Controller**: Flask route functions

---

### ‚úÖ **Key Takeaways**

* **Routing** connects client requests (URLs + HTTP verbs) to **controller functions**.
* Flask uses **decorators** like `@app.route()` to manage these routes.
* MVC is a **mental model** for separating concerns, not enforced by Flask.
* Flask is **lightweight** and flexible‚Äîlets you adopt MVC without enforcing it.
* Always **design with security and statelessness** in mind.

---