---
comments: True
layout: post
toc: True
title: Flask Api Methods and Models Team Teach
description: Flask Api Methods and Models Team Teach
type: hacks
courses: { "compsci": { "week": 19 } }
---

# Flask API Methods and Model Updates

This is an explanation on how to connect the frontend to the backend api to make a login and sign up page

### JWTs
JWT (JSON Web Token) is a way to share information securely between different parts of a web application. It's like a message with three parts: a header (information about how the message is secured), a payload (actual data), and a signature (to make sure the message hasn't been tampered with).

- JWTs are secure due to their use of a signature for data integrity and authentication, ensuring that only authorized parties with the correct secret key can generate and verify the tokens. Additionally, their compact and stateless nature, along with standardized practices, contribute to their security in various web application scenarios.

- Watch Payload: Be careful about what you put in the payload. It's like a postcard - anyone can read it. Don't put super-secret stuff there unless the whole message is encrypted.

### Frontend Methods:

- GET: Asks for data(useful for displaying the users)
- POST: Sends data to be saved which is primarily what we use for logins and sign ups
- PUT: Updates existing data(useful for updating passwords)
- Delete: Deletes data(Useful for deleting accounts)

These methods help the frontend (what you see on a website) talk to the backend (where data is stored). They're like different actions – asking for info, saving new info, changing existing info, or deleting something.




# Login Page
This is some python code that we can put into the user.py api to add a login feature


In [None]:
class Login(Resource):
        def post(self):
            data = request.get_json()

            uid = data.get('uid')
            password = data.get('password')

            if not uid or not password:
                response = {'message': 'Invalid creds'}
                return make_response(jsonify(response), 401)

            user = User.query.filter_by(_uid=uid).first()

            if user and user.is_password(password):
         
                response = {
                    'message': 'Logged in successfully',
                    'user': {
                        'name': user.name,  
                        'id': user.id
                    }
                }
                return make_response(jsonify(response), 200)

            response = {'message': 'Invalid id or pass'}
            return make_response(jsonify(response), 401)
            
api.add_resource(Login, '/login')

### Now lets make a login form with HTML and Javascript
- You can style this with Saas
- The username toby with the password 123toby should be an account already

In [3]:
%%HTML
<div id="login">
    <p><label>
        User ID:
        <input type="text" name="uid" id="uid" required>
    </label></p>
    <p><label>
        Password:
        <input type="password" name="password" id="password" required>
    </label></p>
    <p>
        <button class="button" type="submit">Log in</button>
    </p>
</div>
<script>
    document.getElementById('login').addEventListener('submit', function(event) {
             event.preventDefault(); 
             const uid = document.getElementById('uid').value;
             const password = document.getElementById('password').value;
             const loginData = {
                 uid: uid,
                 password: password
             };
             fetch('http://127.0.0.1:8086/api/users/login', { // use your own port please
                 method: 'POST',
                 headers: {
                     'Content-Type': 'application/json'
                 },
                 body: JSON.stringify(loginData)
             })
             .then(response => {
                 if (response.ok) {
                     return response.json();
                 } else {
                     if (response.status === 401) {
                         throw new Error('Wrong username or password. Please retype.');
                     } else if (response.status === 404) {
                         throw new Error('Username or password not found. Please register first.');
                     } else {
                         throw new Error('Login failed');
                     }
                 }
             })
             .then(data => {
                 console.log('it worked!');
             })
             .catch(error => {
                 console.error('Error:', error.message);
                 alert(error.message);
             });
         });
     </script>