<a href="https://colab.research.google.com/github/MJMortensonWarwick/AI-DL/blob/main/web_development_with_flask_p2.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# Web Development with Flask: Part two

In our last tutorial we put together a basic Flask app and served content to the world. However, we didn't really reach our goal of making a truly dynamic and interactive. We can start to get there here by serving HTML templates with dynamic content, and by allowing our users to make selections and choices. 

First we need to install our packages again and add our Ngrok token. We also will install a new package, _flask-wtf_, as this will allow us to create a user form:

In [1]:
!pip install flask-ngrok
!pip install pyngrok
!pip install flask-wtf

!ngrok authtoken "AUTHTOKEN"

Collecting flask-ngrok
  Downloading flask_ngrok-0.0.25-py3-none-any.whl (3.1 kB)
Installing collected packages: flask-ngrok
Successfully installed flask-ngrok-0.0.25
Collecting pyngrok
  Downloading pyngrok-5.1.0.tar.gz (745 kB)
[K     |████████████████████████████████| 745 kB 9.2 MB/s 
Building wheels for collected packages: pyngrok
  Building wheel for pyngrok (setup.py) ... [?25l[?25hdone
  Created wheel for pyngrok: filename=pyngrok-5.1.0-py3-none-any.whl size=19007 sha256=5ddd708fda09c36bcf571dbabc344cc799b078da30ede20bcc48ebe36f59e9c3
  Stored in directory: /root/.cache/pip/wheels/bf/e6/af/ccf6598ecefecd44104069371795cb9b3afbcd16987f6ccfb3
Successfully built pyngrok
Installing collected packages: pyngrok
Successfully installed pyngrok-5.1.0
Collecting flask-wtf
  Downloading Flask_WTF-1.0.0-py3-none-any.whl (12 kB)
Collecting WTForms
  Downloading WTForms-3.0.1-py3-none-any.whl (136 kB)
[K     |████████████████████████████████| 136 kB 13.0 MB/s 
Installing collected packages

We want our website to make our web app look good, so obviously the best thing to do is get some templates/themes from someone who knows how to do such things (and make them look pretty). I have forked a basic flask template from [here](https://github.com/petersimeth/basic-flask-template) ... and kept the author credit on the main page. I have also added some extra content on the sub pages.

We can clone this repo from my Github and load it into the Colab session:

In [2]:
!git clone "https://github.com/MJMortensonWarwick/basic-flask-template"

Cloning into 'basic-flask-template'...
remote: Enumerating objects: 78, done.[K
remote: Counting objects: 100% (47/47), done.[K
remote: Compressing objects: 100% (42/42), done.[K
remote: Total 78 (delta 19), reused 9 (delta 2), pack-reused 31[K
Unpacking objects: 100% (78/78), done.


We now need to navigate to this folder so we have access to the templates from our session. We can use the basic _os_ function of Python like normal:

In [3]:
import os
os.chdir("/content/basic-flask-template")

We can look at the basic structure of the repo if we visit the cloned [URL](https://github.com/MJMortensonWarwick/basic-flask-template) above. We will see there is a folder called "templates" which has the HTML code will run (and links in the CSS/JS from the standard Bootstrap URLs). In fact this is the only bit we are using from the repo.

The templates folder is structured as follows:
<br><br>templates<br>
&nbsp;&nbsp;|--&nbsp;includes<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |--&nbsp;_navbar.html<br>
&nbsp;&nbsp;|--&nbsp;formpage.html<br>
&nbsp;&nbsp;|--&nbsp;index.html<br>
&nbsp;&nbsp;|--&nbsp;layout.html<br>
&nbsp;&nbsp;|--&nbsp;list.html<br>
&nbsp;&nbsp;|--&nbsp;table.html<br><br>

Most of these should be fairly clear from our previous work on HTML. We should note that we are following a standard practice of extending a base template so we don't need to include all of the HTML template code in every file. E.g. if we look at the "index.html" file it starts with _{% extends 'layout.html' %}_. This means all of the code in "layout.html" is also included.

The index.html page is unchanged from the original repo. Let's start by running just this:

In [4]:
from flask import *
from flask_ngrok import run_with_ngrok

app = Flask(__name__)

app_data = {
    "name":         "Peter's Starter Template for a Flask Web App",
    "description":  "A basic Flask app using bootstrap for layout",
    "author":       "Peter Simeth",
    "html_title":   "Peter's Starter Template for a Flask Web App",
    "project_name": "Starter Template",
    "keywords":     "flask, webapp, template, basic"
}


@app.route('/')
def index():
    return render_template('index.html', app_data=app_data)

run_with_ngrok(app)
app.run()

 * Serving Flask app "__main__" (lazy loading)
 * Environment: production
[2m   Use a production WSGI server instead.[0m
 * Debug mode: off


 * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
Exception in thread _colab_inspector_thread:
Traceback (most recent call last):
  File "/usr/lib/python3.7/threading.py", line 926, in _bootstrap_inner
    self.run()
  File "/usr/lib/python3.7/threading.py", line 870, in run
    self._target(*self._args, **self._kwargs)
  File "/usr/local/lib/python3.7/dist-packages/google/colab/_debugpy.py", line 64, in inspector_thread
    _variable_inspector.run(shell, time)
  File "/usr/local/lib/python3.7/dist-packages/google/colab/_variable_inspector.py", line 27, in run
    globals().clear()
TypeError: 'module' object is not callable



 * Running on http://9d34-34-90-41-234.ngrok.io
 * Traffic stats available on http://127.0.0.1:4040


127.0.0.1 - - [08/Mar/2022 13:00:06] "[37mGET / HTTP/1.1[0m" 200 -
127.0.0.1 - - [08/Mar/2022 13:00:10] "[33mGET /favicon.ico HTTP/1.1[0m" 404 -


Clicking on the second URL listed ("http://{IP}.ngrok.io") our web app should open and we can see a much more attractive web page than we have so far (thanks Peter Simeth!).

The actual Python/controller code is fairly similar to the code we've seen before with two exceptions.

Firstly, we have an app_data dictionary which includes all the meta data for the app. We can go ahead and change any of this should we want to. When we call the web page we pass this dictionary to the web page via the command _app_data=app_data_ in our _render\_template()_ function (more on this below).

Have a look in the "layout.html" file in Github and we can see the following on line 6:<br><br>
\<meta name="description" content="{{ app_data['description'] }}">
<br><br>
The two curly brackets ("{{ }}") allow us to contain Python code in our HTML page ... in this case the value associated with the key 'description' in our 'app_data' dictionary.

The second difference from our previous work is that rather than just returning the HTML code we want to display, instead we pass the "index.html" template from the folder by using Flask's _render\_template()_ function. Using this function also allows us to pass the "app_data" dictionary.

Let's carry on in this vein by adding some web pages that have been further customised to include Python dynamism. However, we first nee to stop the above process by clicking on the stop button.

In [5]:
from flask import *
from flask_ngrok import run_with_ngrok
import pandas as pd

app = Flask(__name__)

app_data = {
    "name":         "Peter's Starter Template for a Flask Web App",
    "description":  "A basic Flask app using bootstrap for layout",
    "author":       "Peter Simeth",
    "html_title":   "Peter's Starter Template for a Flask Web App",
    "project_name": "Starter Template",
    "keywords":     "flask, webapp, template, basic"
}


@app.route('/')
def index():
    return render_template('index.html', app_data=app_data)


@app.route("/list")
def list():
	df = pd.read_csv("NamesTwo.csv")
	return render_template('list.html', df=df, app_data=app_data)

@app.route("/table")
def table():
	df = pd.read_csv("NamesTwo.csv")
	return render_template('table.html', df=df, app_data=app_data)

run_with_ngrok(app)
app.run()

 * Serving Flask app "__main__" (lazy loading)
 * Environment: production
[2m   Use a production WSGI server instead.[0m
 * Debug mode: off


 * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)


 * Running on http://5c97-34-90-41-234.ngrok.io
 * Traffic stats available on http://127.0.0.1:4040


127.0.0.1 - - [08/Mar/2022 13:00:28] "[37mGET / HTTP/1.1[0m" 200 -
127.0.0.1 - - [08/Mar/2022 13:00:28] "[33mGET /favicon.ico HTTP/1.1[0m" 404 -
127.0.0.1 - - [08/Mar/2022 13:00:30] "[37mGET /table HTTP/1.1[0m" 200 -
127.0.0.1 - - [08/Mar/2022 13:00:33] "[37mGET /list HTTP/1.1[0m" 200 -


In order to avoid some of the potential challenges of integrating our code to a real database, the above code uses a bit of a cheat by reading in a CSV data file ("NamesTwo.csv"). You can read the file on the Github if you wish but it will also now be visible on the web pages we are building. 

We are now serving two additional pages "/list.html" and "/table.html". In both of these pages we are passing our data table and using these on the page. You can look at the pages either by clicking through on the link to the homepage an then using the navbar, or otherwise by directly accessing the URLs ("http://{IP_ADDRESS.ngrok.io/list" and "http://{IP_ADDRESS.ngrok.io/table".


If we look at the template file for each in the Github we can see how our HTML code is modified to include this Python functionality. Let's start with "templates/list.html". The section in question is lines 7 to 15:
<br><br>
\{% for key,value in df.iterrows() %}<br>
        &nbsp;&nbsp;&nbsp;\<ul><br>
            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \<li>\<b>Name: {{ value['Name'] }}\</b>\</li><br>
            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\<li>ID: {{ value['ID'] }}\</li><br>
            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\<li>Email: {{ value['Email'] }}\</li><br>
            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\<li>Age: {{ value['Age'] }}\</li><br>
            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\<li>Specialism: {{ value['Specialism'] }}\</li><br>
        &nbsp;&nbsp;&nbsp;\</ul><br>
        {% endfor %}
<br><br>
The code is a mixture of HTML as we covered on Tuesday, and more general programming/Python elements. Our code beings with a for loop using the Pandas' function _iterrows()_ (i.e. __iterate__ through the dataframe __rows__). In each row we want the key and the value for that record. Note we again use curly brackets, this time followed by a percent (%) to denote that this is "foreign" code (not native HTML/CSS).

We then create a unordered list using the standard HTML "\<ul>". For each listed item ("\<li>") we get the data associated with each as a simple dictionary lookup. Note we also end the for loop (again with curly brackets and percents). This is not something we need to do in native Python but it makes it easier to recognise that we are now going back to normal HTML code.

You can also look at "templates/table.html", although we gon't through it in full here. Again it uses the same _iterrows()_ function but adds everything into table cells ("\<td>" in HTML).

We have one last task to complete - our most difficult one yet - which will be adding in a user form which can add data to our pseudo-database (the Pandas dataframe):

In [6]:
import pandas as pd
from flask_wtf import FlaskForm
from wtforms import StringField, DateTimeField, SubmitField, EmailField
from wtforms.validators import DataRequired
from wtforms import validators

app = Flask(__name__)
app.config['SECRET_KEY'] = 'you-will-never-guess' # don't do this in production

from flask_wtf.csrf import CSRFProtect
csrf = CSRFProtect(app)

class UserForm(FlaskForm):
	name = StringField('Name', validators=[DataRequired()])
	email = EmailField('Email', validators=[DataRequired()])
	dob = DateTimeField('Date of Birth', format='%d/%m/%Y', validators=[DataRequired()])
	specialism = StringField('Specialism', validators=[DataRequired()])

@app.route('/')
def index():
    return render_template('index.html', app_data=app_data)

@app.route("/list")
def list():
	df = pd.read_csv("NamesTwo.csv")
	return render_template('list.html', df=df, app_data=app_data)

@app.route("/table")
def table():
	df = pd.read_csv("NamesTwo.csv")
	return render_template('table.html', df=df, app_data=app_data)

@app.route("/formpage", methods=('GET', 'POST'))
def formpage():
	df = pd.read_csv("NamesTwo.csv")
	form = UserForm()
	return render_template('formpage.html', df=df, form=form, app_data=app_data)
 
run_with_ngrok(app)
app.run()

 * Serving Flask app "__main__" (lazy loading)
 * Environment: production
[2m   Use a production WSGI server instead.[0m
 * Debug mode: off


 * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)


 * Running on http://5e21-34-90-41-234.ngrok.io
 * Traffic stats available on http://127.0.0.1:4040


127.0.0.1 - - [08/Mar/2022 13:00:50] "[37mGET / HTTP/1.1[0m" 200 -
127.0.0.1 - - [08/Mar/2022 13:00:51] "[33mGET /favicon.ico HTTP/1.1[0m" 404 -
127.0.0.1 - - [08/Mar/2022 13:00:52] "[37mGET /formpage HTTP/1.1[0m" 200 -
127.0.0.1 - - [08/Mar/2022 13:01:00] "[33mPOST /submit HTTP/1.1[0m" 404 -


There are a few new bits in this code. First of all we add a rubbish 'SECRET_KEY' (basically a password for the app config security. This is done to allow us to create CSRF protection to our form ... which we implement via the _CSFRProtect(app)_ function. CSFR stands for Cross-Site Forgery Request. You can read more about CSRF [here](https://owasp.org/www-community/attacks/csrf), but the TL;DR version is that they are cyber attacks that trick users into changing things on their account via forms. CSFR protects any POST request being corrupted by a hacker.

Secondly we create our form as a class "UserForm" which inherits (i.e. follows the blueprint of) the built-in class _FlaskForm_. In otherwords, "UserForm" is a custom class we have built, but it is a sub-class of the standard _FlaskForm_ solution. Our form contains a bunch of form fields we want the user to fill in of various types ... similar to datatypes in databases. The full list is:
* name: a string/text field
* email: an email address field
* dob: a datetime field
* specialism: also a string/text field

In each of these we use "Validators" ... specifically _DataRequired()_ which means the user must add this data to complete the form. There are bunch of validators we can use and we can also create custom ones, but let's keep it simple for now.

Finally we have a new route/function to our final page ("/form" which leads to the "templates/formpage.html" file. Unlike in our previous examples here we specify two HTTP request methods - "GET" and "POST". The other pages have skipped this, which means defaulting to GET as the basic mechanism. On our form page we will want the user to be able to see the content of the page (a GET request) but we will also want users to fill in the form and send the data (a POST request).

Other than this (so far) it is much the same, with the only difference being we specify we want the "UserForm" and we pass that to the page. Let's again see how this looks on the HTML templae (from the Github). The key lines are 7 to 26:
<br><br>
\<form method="POST" action="submit" novalidate><br>
            &nbsp;&nbsp;&nbsp;{{ form.csrf_token }}<br>
            &nbsp;&nbsp;&nbsp;{{ form.name.label }} {{ form.name(size=20) }}<br>
            &nbsp;&nbsp;&nbsp;{% for error in form.name.errors %}<br>
            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;    \<span style="color: red;">[{{ error }}]\</span><br>
            &nbsp;&nbsp;&nbsp;{% endfor %}</br>
            &nbsp;&nbsp;&nbsp;{{ form.email.label }} {{ form.email(size=60) }}<br>
            &nbsp;&nbsp;&nbsp;{% for error in form.email.errors %}<br>
            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;    \<span style="color: red;">[{{ error }}]\</span><br>
            &nbsp;&nbsp;&nbsp;{% endfor %}</br>
            &nbsp;&nbsp;&nbsp;{{ form.dob.label }} {{ form.dob(size=20) }}<br>
            &nbsp;&nbsp;&nbsp;{% for error in form.dob.errors %}<br>
            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;    \<span style="color: red;">[{{ error }}]<\/span><br>
            &nbsp;&nbsp;&nbsp;{% endfor %}</br>
            &nbsp;&nbsp;&nbsp;{{ form.specialism.label }} {{ form.specialism(size=40) }}<br>
            &nbsp;&nbsp;&nbsp;{% for error in form.specialism.errors %}<br>
            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;    \<span style="color: red;">[{{ error }}]\</span><br>
            &nbsp;&nbsp;&nbsp;{% endfor %}</br>
            &nbsp;&nbsp;&nbsp;\<input type="submit" value="submit"><br>
        \</form>
<br><br>

Phew! A lot of code. However, when we start to dig into it there is not too much which should be too scary. Firstly we start by using the HTML method of "POST" to say this is a form that can be used to add data to our app. Secondly, we link up our CSFR protection by adding a token ... "{{ form.csfr.token }}".

After this we'll see the same approach multiple times for each of the items in our form. Each item will have a label (an internal name) which will be the variable name from the "UserForm". E.g. our first element is the person's name, and our "UserForm" has this stored with the label "name". We also then have the form element, and in each case we have allocated a pixel size for that form.

We also have a bit of code to deal with errors. Each form item could be incorrectly completed by the user in multiple ways (based on the validators we use) and Flask will generate an appropriate error message for each. Because of this we run another for loop to go through each error associated with this label. In most cases (we hope) there will be no errors - so the for loop returns nothing. If there is one error, then the for loop returns just that one. If there are multiple we loop through each on a separate line.

Finally, at the bottom of our form, we have a submit button as pure HTML ("\<input type="submit" value="submit">").

We can view the page as before by running this code (remember to stop the last one!) and navigating to forms on the navbar or directly typing the URL ("http://{IP_ADDRESS}.ngrok.io/formpage"). However, if we fill in the form and click submit ...<br><br>
nothing happens. We haven't told Flask what to do if it receives a POST. We can create a function to fix this:

In [7]:
@app.route('/submit', methods=('GET', 'POST'))
def submit():
	form = UserForm()
	df = pd.read_csv("NamesTwo.csv")
	if request.method == "POST":
		if form.validate_on_submit():
			max_id = df['ID'].max()
			new_id = max_id + 1
			df2 = pd.DataFrame({'ID':[new_id], 
				'Name':[request.form.get("name")],
				'Email':[request.form.get("email")],
				'Age':[request.form.get("dob")],
				'Specialism':[request.form.get("specialism")]
			})
			df2['Age'] = pd.to_datetime(df2['Age'], dayfirst=True)
			now = pd.Timestamp('now')
			df2['Age'] = (now - df2['Age']).astype('<m8[Y]')
			df = pd.concat([df, df2], ignore_index=True)
			df.to_csv("NamesTwo.csv", index=False)
			return render_template('table.html', df=df, app_data=app_data)

	return render_template('formpage.html', df=df, form=form, app_data=app_data)

Again, a lot of code, but if we break it down we can see what it does. In fact much of it is just there to put data in our pseudo-database (and so we wouldn't follow many of these exactly in the real world).

We start with a route as usual ... "/submit" ... but rather than this being a page URL the "submit" label is the value passed by our submit button (check the above HTML code). Again we specify the form and the dataset as before.

After this we have two if conditionals - checking the request equals "POST" (i.e. that we submitted the form) and checking the form was correctly completed ... _form.validate_on_submit()_. If both these equal True then we do the following steps:
* get the maximum (highest) ID value;
* add one to this (i.e. autoincrement the ID value);
* add the form values to a new dataframe;
* convert the "dob" input to a date object;
* calculate the person's age by subtracting the date today from their "dob" and storing this as a year value;
* concatenating the main dataframe with the new row we have inputed (concatenating means adding this new record to the bottom of the old records);
* saving the dataframe as a CV (overwriting the old one)
* redirecting the user to the /table route ("/templates/table.html") where they can see the updated table with their new record included.

Finally, we have an alternative path if we fail one or both if conditions ... to return to the formpage with the errors displayed (if relevant).

Now it maybe that some of this code is challenging, but really this function could be anything and your use-cases may be completely different. However, we have seen how we can elevate "flat" HTML/CSS code into something more dynamic.

Let's put all the code together (below) and try it for yourself by running the code and filling in the form!


In [8]:
import pandas as pd
from flask_wtf import FlaskForm
from wtforms import StringField, DateTimeField, SubmitField, EmailField
from wtforms.validators import DataRequired
from wtforms import validators

app = Flask(__name__)
app.config['SECRET_KEY'] = 'you-will-never-guess' # don't do this in production

from flask_wtf.csrf import CSRFProtect
csrf = CSRFProtect(app)

class UserForm(FlaskForm):
	name = StringField('Name', validators=[DataRequired()])
	email = EmailField('Email', validators=[DataRequired()])
	dob = DateTimeField('Date of Birth', format='%d/%m/%Y', validators=[DataRequired()])
	specialism = StringField('Specialism', validators=[DataRequired()])

@app.route('/')
def index():
    return render_template('index.html', app_data=app_data)

@app.route("/list")
def list():
	df = pd.read_csv("NamesTwo.csv")
	return render_template('list.html', df=df, app_data=app_data)

@app.route("/table")
def table():
	df = pd.read_csv("NamesTwo.csv")
	return render_template('table.html', df=df, app_data=app_data)

@app.route("/formpage", methods=('GET', 'POST'))
def formpage():
	df = pd.read_csv("NamesTwo.csv")
	form = UserForm()
	return render_template('formpage.html', df=df, form=form, app_data=app_data)

@app.route('/submit', methods=('GET', 'POST'))
def submit():
	form = UserForm()
	df = pd.read_csv("NamesTwo.csv")
	if request.method == "POST":
		if form.validate_on_submit():
			max_id = df['ID'].max()
			new_id = max_id + 1
			df2 = pd.DataFrame({'ID':[new_id], 
				'Name':[request.form.get("name")],
				'Email':[request.form.get("email")],
				'Age':[request.form.get("dob")],
				'Specialism':[request.form.get("specialism")]
			})
			df2['Age'] = pd.to_datetime(df2['Age'], dayfirst=True)
			now = pd.Timestamp('now')
			df2['Age'] = (now - df2['Age']).astype('<m8[Y]')
			df = pd.concat([df, df2], ignore_index=True)
			df.to_csv("NamesTwo.csv", index=False)
			return render_template('table.html', df=df, app_data=app_data)

	return render_template('formpage.html', df=df, form=form, app_data=app_data)
 
run_with_ngrok(app)
app.run()

 * Serving Flask app "__main__" (lazy loading)
 * Environment: production
[2m   Use a production WSGI server instead.[0m
 * Debug mode: off


 * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)


 * Running on http://4816-34-90-41-234.ngrok.io
 * Traffic stats available on http://127.0.0.1:4040


127.0.0.1 - - [08/Mar/2022 13:01:25] "[37mGET / HTTP/1.1[0m" 200 -
127.0.0.1 - - [08/Mar/2022 13:01:26] "[33mGET /favicon.ico HTTP/1.1[0m" 404 -
127.0.0.1 - - [08/Mar/2022 13:01:28] "[37mGET /table HTTP/1.1[0m" 200 -
127.0.0.1 - - [08/Mar/2022 13:01:30] "[37mGET /list HTTP/1.1[0m" 200 -
127.0.0.1 - - [08/Mar/2022 13:01:33] "[37mGET /formpage HTTP/1.1[0m" 200 -
127.0.0.1 - - [08/Mar/2022 13:01:40] "[37mPOST /submit HTTP/1.1[0m" 200 -
