---
layout: post
title: Profile
description: Full Stack Development with Flask explained by terms and examples.
permalink: /flask-code-full-stack
author: Isabel Marilla
menu: nav/flask.html
toc: true
---

 # Introduction
In a web application, the **profile page** plays a crucial role in providing users with a personalized experience. It allows users to view and manage their personal information, update their credentials, and customize their account settings. In this tutorial, we'll explore how to create a dynamic and user-friendly profile page using Flask, a lightweight and versatile Python web framework.

### What You'll Learn

In this step-by-step guide, you'll learn how to:
- Create and use a Flask application.
- Design and implement a user profile page.
- Integrate a profile picture upload feature.
- Allow users to update their personal information and credentials.
- Connect the front-end profile form to the back-end Flask application using API calls.

### Building the Profile Page

We'll begin by setting up the basic UI layout for the profile page. Next, we'll dive into creating editable fields for user information, including a profile picture upload feature. We'll then integrate these components with the back-end, specifically focusing on handling API calls and data validation. Finally, we'll ensure the page is responsive and user-friendly, providing a seamless experience for users managing their profiles.


For our frontend,  we need a basic outline for our UI. For example, here is the  basic html profile code I created for this site. 

As I mentioned in the Ideation page, users have these attributes:

- Name of Student
- Github ID of Student 
- Classes Student
- KASM Server 
- uid (Github ID)
- password
- pfp

In the profile, users should be able to change and update ALL of their information. So I includes all of these attributes as fields in the form.


In [None]:
<div class="profile-container">
 <div class="card">
   <form>
     <div>
       <label for="newUid">Enter New UID:</label>
       <input type="text" id="newUid" placeholder="New UID">
     </div>
     <div>
       <label for="newName">Enter New Name:</label>
       <input type="text" id="newName" placeholder="New Name">
     </div>
      <div>
       <label for="newPassword">Enter New Password:</label>
       <input type="text" id="newPassword" placeholder="New Password">
     </div>
     <br>
     <div>
       <label for="kasmServerNeeded">Kasm Server Needed:
       <input type="checkbox" id="kasmServerNeeded" onclick="toggleKasmServerNeeded()">
       </label>
     </div>
     <br>
     <div>
       <label for="sectionDropdown">Select and Add Section:</label>
       <div class="icon-container">
         <select id="sectionDropdown">
           <!-- Options will be dynamically populated -->
         </select>
         <i class="fas fa-plus" onclick="addSection()"></i>
       </div>
     </div>
     <table>
       <thead>
         <tr>
           <th>Abbreviation</th>
           <th>Name</th>
           <th>Year</th>
         </tr>
       </thead>
       <tbody id="profileResult">
         <!-- Table rows will be dynamically populated -->
       </tbody>
     </table>
     <label for="profilePicture" class="file-icon"> Upload Profile Picture <i class="fas fa-upload"></i> <!-- Replace this with your desired icon -->
     </label>
     <input type="file" id="profilePicture" accept="image/*" onchange="saveProfilePicture()">
     <div class="image-container" id="profileImageBox">
         <!-- Profile picture will be displayed here -->
     </div>
     <p id="profile-message" style="color: red;"></p>
   </form>
 </div>
</div>

Since users are updating MANY fields, we need to make MANY HTTP requests.
The methods we will be using are: 

- PUT (update uid, name, password)
- POST (update sections, update profile picture)
- DELETE (delete sections,  log out (delete JWT) after updating uid/password)


Making multiple requests with the same method for different field is a lot of redundant code! 

Let's take a look at the original code for profile:


```js 
  import { pythonURI, fetchOptions } from '{{site.baseurl}}/assets/js/api/config.js';




  // Global variable to hold predefined sections
  let predefinedSections = [];




  // Function to fetch  sections from kasm2_backend
  async function fetchPredefinedSections() {
      const URL = pythonURI + "/api/section";




      try {
          const response = await fetch(URL, fetchOptions);
          if (!response.ok) {
              throw new Error(`Failed to fetch predefined sections: ${response.status}`);
          }




          return await response.json();
      } catch (error) {
          console.error('Error fetching predefined sections:', error.message);
          return []; // Return empty array on error
      }
  }




  // Function to populate section dropdown menu
  function populateSectionDropdown(predefinedSections) {
      const sectionDropdown = document.getElementById('sectionDropdown');
      sectionDropdown.innerHTML = ''; // Clear existing options




      predefinedSections.forEach(section => {
          const option = document.createElement('option');
          option.value = section.abbreviation;
          option.textContent = `${section.abbreviation} - ${section.name}`;
          sectionDropdown.appendChild(option);
      });




      // Display sections in the table
      displayProfileSections();
  }




  // Global variable to hold user sections
  let userSections = [];




  // Function to add a section
  window.addSection = async function () {
      const dropdown = document.getElementById('sectionDropdown');
      const selectedOption = dropdown.options[dropdown.selectedIndex];
      const abbreviation = selectedOption.value;
      const name = selectedOption.textContent.split(' ').slice(1).join(' ');




      if (!abbreviation || !name) {
          document.getElementById('profile-message').textContent = 'Please select a section from the dropdown.';
          return;
      }




      // Clear error message
      document.getElementById('profile-message').textContent = '';




      // Add section to userSections array if not already added
      const sectionExists = userSections.some(section => section.abbreviation === abbreviation && section.name === name);
      if (!sectionExists) {
          userSections.push({ abbreviation, name });




          // Display added section in the table
          displayProfileSections();




          // Save sections immediately
          await saveSections();
      }
  }




  // Function to display added sections in the table
  function displayProfileSections() {
      const tableBody = document.getElementById('profileResult');
      tableBody.innerHTML = ''; // Clear existing rows




      userSections.forEach(section => {
          const tr = document.createElement('tr');
          const abbreviationCell = document.createElement('td');
          const nameCell = document.createElement('td');




          abbreviationCell.textContent = section.abbreviation;
          nameCell.textContent = section.name;




          tr.appendChild(abbreviationCell);
          tr.appendChild(nameCell);




          tableBody.appendChild(tr);
      });
  }




  // Function to save sections in the specified format
  async function saveSections() {
      const sectionAbbreviations = userSections.map(section => section.abbreviation);




      const sectionsData = {
          sections: sectionAbbreviations
      };




      const URL = pythonURI + "/api/user/section"; // Adjusted endpoint




      const options = {
          ...fetchOptions,
          method: 'POST',
          body: JSON.stringify(sectionsData)
      };




      try {
          const response = await fetch(URL, options);
          if (!response.ok) {
              throw new Error(`Failed to save sections: ${response.status}`);
          }
          console.log('Sections saved successfully!');




          // Fetch updated data and update table immediately after saving
          await fetchDataAndPopulateTable();
      } catch (error) {
          console.error('Error saving sections:', error.message);
          // Handle error display or fallback mechanism
      }
  }




  // Function to fetch data from the backend and populate the table
  async function fetchDataAndPopulateTable() {
      const URL = pythonURI + "/api/user/section"; // Endpoint to fetch sections data




      try {
          const response = await fetch(URL, fetchOptions);
          if (!response.ok) {
              throw new Error(`Failed to fetch sections: ${response.status}`);
          }




          const sectionsData = await response.json();
          updateTableWithData(sectionsData); // Call function to update table with fetched data
      } catch (error) {
          console.error('Error fetching sections:', error.message);
          // Handle error display or fallback mechanism
      }
  }




  // Function to update table with fetched data
  function updateTableWithData(data) {
      const tableBody = document.getElementById('profileResult');
      tableBody.innerHTML = ''; // Clear existing rows




      data.sections.forEach(section => {
          const tr = document.createElement('tr');
          const abbreviationCell = document.createElement('td');
          const nameCell = document.createElement('td');




          abbreviationCell.textContent = section.abbreviation;
          nameCell.textContent = section.name;




          tr.appendChild(abbreviationCell);
          tr.appendChild(nameCell);




          tableBody.appendChild(tr);
      });
  }




  // Function to fetch user profile data
  async function fetchUserProfile() {
      const URL = pythonURI + "/api/id/pfp"; // Endpoint to fetch user profile data




      try {
          const response = await fetch(URL, fetchOptions);
          if (!response.ok) {
              throw new Error(`Failed to fetch user profile: ${response.status}`);
          }




          const profileData = await response.json();
          displayUserProfile(profileData);
      } catch (error) {
          console.error('Error fetching user profile:', error.message);
          // Handle error display or fallback mechanism
      }
  }




  // Function to display user profile data
  function displayUserProfile(profileData) {
      const profileImageBox = document.getElementById('profileImageBox');
      if (profileData.pfp) {
          const img = document.createElement('img');
          img.src = `data:image/jpeg;base64,${profileData.pfp}`;
          img.alt = 'Profile Picture';
          profileImageBox.innerHTML = ''; // Clear existing content
          profileImageBox.appendChild(img); // Append new image element
      } else {
          profileImageBox.innerHTML = '<p>No profile picture available.</p>';
      }




      // Display other profile information as needed
      // Example: Update HTML elements with profileData.username, profileData.email
  }




  // Function to save profile picture
  window.saveProfilePicture = async function () {
      const fileInput = document.getElementById('profilePicture');
      const file = fileInput.files[0];
      if (!file) return;
      try {
          const base64String = await convertToBase64(file);
          await sendProfilePicture(base64String);
          console.log('Profile picture uploaded successfully!');
      } catch (error) {
          console.error('Error uploading profile picture:', error.message);
          // Handle error display or fallback mechanism
      }
  }




  // Function to fetch profile picture data
  async function fetchProfilePictureData() {
      try {
          const response = await fetch('/api/id/pfp', {
              method: 'GET',
          });
          if (!response.ok) {
              throw new Error('Failed to fetch profile picture data');
          }
          const imageData = await response.json();
          return imageData; // Assuming the backend returns JSON data
      } catch (error) {
          console.error('Error fetching profile picture data:', error.message);
          throw error;
      }
  }




  // Function to convert file to base64
  async function convertToBase64(file) {
      return new Promise((resolve, reject) => {
          const reader = new FileReader();
          reader.onload = () => resolve(reader.result.split(',')[1]); // Remove the prefix part of the result
          reader.onerror = error => reject(error);
          reader.readAsDataURL(file);
      });
  }




  // Function to send profile picture to server
  async function sendProfilePicture(base64String) {
      const URL = pythonURI + "/api/id/pfp"; // Adjust endpoint as needed
      const options = {
          ...fetchOptions,
          method: 'PUT',
          body: JSON.stringify({ pfp: base64String })
      };




      try {
          const response = await fetch(URL, options);
          if (!response.ok) {
              throw new Error(`Failed to upload profile picture: ${response.status}`);
          }
          console.log('Profile picture uploaded successfully!');
          // Handle success response as needed
      } catch (error) {
          console.error('Error uploading profile picture:', error.message);
          // Handle error display or fallback mechanism
      }
  }




  // Function to preview profile picture
  window.previewProfilePicture = function(input) {
      const file = input.files[0];
      if (file) {
          const reader = new FileReader();
          reader.onload = function() {
              const profileImageBox = document.getElementById('profileImageBox');
              profileImageBox.innerHTML = `<img src="${reader.result}" alt="Profile Picture">`;
          };
          reader.readAsDataURL(file);
      }
  }


    window.changeName = async function() {
    const newName = document.getElementById('newName').value.trim();
    const URL = pythonURI + "/api/user"; // Adjusted endpoint




    if (!newName) {
        alert('Please enter a new name.');
        return;
    }




    const data = { name : newName };




    const options = {
        ...fetchOptions,
        method: 'PUT',
        body: JSON.stringify(data)
    };




    try {
        const response = await fetch(URL, options);
        if (!response.ok) {
            throw new Error(`Failed to change UID: ${response.status}`);
        }
        console.log('Name changed successfully!');




        // Optionally, refresh data or UI after UID change
    } catch (error) {
        console.error('Error changing UID:', error.message);
        // Handle error display or fallback mechanism
    }
};


  window.changeUid = async function() {
    const newUid = document.getElementById('newUid').value.trim();
    const URL = pythonURI + "/api/user"; // Adjusted endpoint




    if (!newUid) {
        alert('Please enter a new UID.');
        return;
    }




    const data = { uid: newUid };




    const options = {
        ...fetchOptions,
        method: 'PUT',
        body: JSON.stringify(data)
    };




    try {
        const response = await fetch(URL, options);
        if (!response.ok) {
            throw new Error(`Failed to change UID: ${response.status}`);
        }
        console.log('UID changed successfully!');




        // Optionally, refresh data or UI after UID change
    } catch (error) {
        console.error('Error changing UID:', error.message);
        // Handle error display or fallback mechanism
    }
};

window.changePassword = async function() {
    const newPassword = document.getElementById('newPassword').value.trim();
    const URL = pythonURI + "/api/user"; // Adjusted endpoint




    if (!newUid) {
        alert('Please enter a new UID.');
        return;
    }




    const data = { password: newPassword };




    const options = {
        ...fetchOptions,
        method: 'PUT',
        body: JSON.stringify(data)
    };




    try {
        const response = await fetch(URL, options);
        if (!response.ok) {
            throw new Error(`Failed to change UID: ${response.status}`);
        }
        console.log('UID changed successfully!');




        // Optionally, refresh data or UI after UID change
    } catch (error) {
        console.error('Error changing UID:', error.message);
        // Handle error display or fallback mechanism
    }
};


window.fetchKasmServerNeeded = async function() {
   const URL = pythonURI + "/api/id"; // Adjusted endpoint


   try {
       const response = await fetch(URL, fetchOptions);
       if (!response.ok) {
           throw new Error(`Failed to fetch kasm_server_needed: ${response.status}`);
       }


       const userData = await response.json();
       const kasmServerNeeded = userData.kasm_server_needed


       // Update checkbox state based on fetched value
       const checkbox = document.getElementById('kasmServerNeeded');
       checkbox.checked = kasmServerNeeded;
   } catch (error) {
       console.error('Error fetching kasm_server_needed:', error.message);
       // Handle error display or fallback mechanism
   }
};


// Function to toggle kasm_server_needed attribute on checkbox change
window.toggleKasmServerNeeded = async function() {
   const checkbox = document.getElementById('kasmServerNeeded');
   const newKasmServerNeeded = checkbox.checked;


   const URL = pythonURI + "/api/user"; // Adjusted endpoint


   const data = {
       kasm_server_needed: newKasmServerNeeded
   };


   const options = {
       ...fetchOptions,
       method: 'PUT',
       body: JSON.stringify(data)
   };


   try {
       const response = await fetch(URL, options);
       if (!response.ok) {
           throw new Error(`Failed to update kasm_server_needed: ${response.status}`);
       }
       console.log('Kasm Server Needed updated successfully!');
   } catch (error) {
       console.error('Error updating kasm_server_needed:', error.message);
       // Handle error display or fallback mechanism
   }
};
     window.fetchUid = async function() {
      const URL = pythonURI + "/api/id"; // Adjusted endpoint


      try {
          const response = await fetch(URL, fetchOptions);
          if (!response.ok) {
              throw new Error(`Failed to fetch UID: ${response.status}`);
          }


          const data = await response.json();
          return data.uid;
      } catch (error) {
          console.error('Error fetching UID:', error.message);
          return null;
      }
  };


  // Function to fetch Name from backend
  window.fetchName = async function() {
      const URL = pythonURI + "/api/id"; // Adjusted endpoint


      try {
          const response = await fetch(URL, fetchOptions);
          if (!response.ok) {
              throw new Error(`Failed to fetch Name: ${response.status}`);
          }


          const data = await response.json();
          return data.name;
      } catch (error) {
          console.error('Error fetching Name:', error.message);
          return null;
      }
  };


  // Function to set placeholders for UID and Name
  window.setPlaceholders = async function() {
      const uidInput = document.getElementById('newUid');
      const nameInput = document.getElementById('newName');


      try {
          const uid = await window.fetchUid();
          const name = await window.fetchName();


          if (uid !== null) {
              uidInput.placeholder = uid;
          }
          if (name !== null) {
              nameInput.placeholder = name;
          }
      } catch (error) {
          console.error('Error setting placeholders:', error.message);
      }
  };




  // Call fetchPredefinedSections and initializeProfileSetup when DOM content is loaded
  document.addEventListener('DOMContentLoaded', async function () {
      try {
          predefinedSections = await fetchPredefinedSections();
          console.log('Predefined Sections:', predefinedSections);
          populateSectionDropdown(predefinedSections); // Populate dropdown with fetched sections
          await fetchUserProfile(); // Fetch user profile data
          await fetchDataAndPopulateTable(); // Fetch and populate table with user sections
          await fetchKasmServerNeeded();
          await setPlaceholders();
      } catch (error) {
          console.error('Initialization error:', error.message);
          // Handle initialization error gracefully
      }
  }); ```






It's a lot of repeating code, isn't it? We need to <strong> optimize </strong> our code. But....how?

Remember config.js from the Login tab? We exported a function called login that set up a request template for us, so all we had to do was fill in the appropriate parameters. 

We can do the same thing here by creating a new javascript file, called profile.js, write functions with different methods that can be exported. 

```js

import {fetchOptions, pythonURI } from './config.js';



// Update User Data with "Put"
export function putUpdate(options) {
    // Modify the options to use the PUT method and include the request body.
    const requestOptions = {
        ...fetchOptions, // This will copy all properties from options
        method: 'PUT', // Override the method property
        cache: options.cache, // Set the cache property
        body: JSON.stringify(options.body)
    };

    // Clear the message area

    // Send PUT request
    fetch(options.URL, requestOptions)
        .then(response => {
            // Trap error response from Web API
            if (!response.ok) {
                const errorMsg = 'Error: ' + response.status;
                console.log(errorMsg);
                return;
            }
            // Success!!!
            // Call the callback function
            options.callback();
        })
        .catch(error => {
            // Handle network errors
            console.log('Possible CORS or Service Down error: ' + error);
           
        });
}
// Update User Data with "POST" 
export function postUpdate(options) {
    // Modify the options to use the POST method and include the request body.
    const requestOptions = {
        ...fetchOptions, // This will copy all properties from options
        method: 'POST', // Override the method property
        cache: options.cache, // Set the cache property
        body: JSON.stringify(options.body)
    };

    // Clear the message area
    document.getElementById(options.message).textContent = "";

    // Send POST request
    fetch(options.URL, requestOptions)
        .then(response => {
            // Trap error response from Web API
            if (!response.ok) {
                const errorMsg = 'Error: ' + response.status;
                console.log(errorMsg);
                document.getElementById(options.message).textContent = errorMsg;
                return;
            }
            // Success!!!
            // Call the callback function
            options.callback();
        })
        .catch(error => {
            // Handle network errors
            console.log('Possible CORS or Service Down error: ' + error);
           
        });
}

export function deleteData(options)  {
    // Modify the options to use the DELETE method and include the request body.
    const requestOptions = {
        ...fetchOptions, // This will copy all properties from options
        method: 'DELETE', // Override the method property
        cache: options.cache, // Set the cache property
        body: JSON.stringify(options.body) // Include the request body
    };

    // Clear the message area

    // Send DELETE request
    fetch(options.URL, requestOptions)
        .then(response => {
            // Trap error response from Web API
            if (!response.ok) {
                const errorMsg = 'Error: ' + response.status;
                console.log(errorMsg);
                return;
            }
            // Success!!!
            // Call the callback function
            options.callback();
        })
        .catch(error => {
            // Handle network errors
            console.log('Possible CORS or Service Down error: ' + error);
            
        });

    }
export async function logoutUser() {
        const URL = pythonURI + '/api/authenticate'; // Adjusted endpoint for logout
        
         const options = {
                ...fetchOptions,
                method: 'DELETE',
            };
         
         
            console.log('Logout clicked');
         
         
        try {
                const response = await fetch(URL, options);
                if (response.ok) {
                    window.location.href = "/portfolio_2025/login"; // Redirect to login page
                } else {
                    const errorMessage = await response.text();
                    console.error('Logout failed:', errorMessage);
                    // Optionally display an error message to the user
                }
            } catch (error) {
                console.error('Error during logout:', error.message);
                // Optionally display an error message to the user
            }
         }


```

What we did is called <strong> modularization </strong>. Modularization is a practice of organizing a codebase into loosely coupled and self contained parts. Each part is a module. Each module is independent and serves a clear purpose.


For example, the putUpdate is a module! Every time we use a put request to update a field, we can use putUpdate!






<strong> We can include code from profile.js and config.js in our profile.md file using these import statements. This is so we can use the variables and functions provided in config.js and profile.js! </strong>

```js


// Import fetchOptions from config.js
import {pythonURI, fetchOptions } from '{{site.baseurl}}/assets/js/api/config.js';
// Import functions from config.js
import { putUpdate, postUpdate, deleteData, logoutUser } from "{{site.baseurl}}/assets/js/api/profile.js";



```

# **Name, UID, Password, Kasm Server**

# UPDATE

Let's talk about the backend code for  updating the name, uid, password, and kasm_server_needed field first. Since the user updates fields one a time, we need to make similar HTTP requests multiple times, with different request payloads.

## Backend Code

This code is from user.py file under the api directory , which processes the HTTP request and updates the name, uid, password, and kasm_server_needed fields in the database using functions imported by the model. This code is under the CRUD class.

```python
 @token_required()
        def put(self):
            ''' Retrieve the current user from the token_required authentication check '''
            current_user = g.current_user

            ''' Read data for json body '''
            body = request.get_json()

            ''' Error checking '''
            section_data = body.get('section')
            if not section_data:
                return {'message': 'Section data is required'}, 400
            
            if not section_data.get('abbreviation'):
                return {'message': 'Section abbreviation is required'}, 400
            
            if not section_data.get('year'):
                return {'message': 'Section year is required'}, 400

            ''' Update section year '''
            if not current_user.update_section(section_data):
                return {'message': f'Section {section_data.get("abbreviation")} not found or update failed'}, 404

            return jsonify(current_user.read_sections())

```

The following code is from the user.py file under model, which helps update name, uid, password, and kasm_server_needed in the database. PFP/Sections are covered in other parts of the model code.

```python
    def update(self, name="", uid="", password="", pfp=None, kasm_server_needed=None):
        """only updates values with length"""
        if len(name) > 0:
            self.name = name
        if len(uid) > 0:
            self.uid = uid
        if len(password) > 0:
            self.set_password(password)
        if pfp is not None:  # here we explicitly check for None to allow setting pfp to None. PFP will always be NONE in this case. We use 'POST' to update pfp.
            self.pfp = pfp
        if kasm_server_needed is not None:
            self.kasm_server_needed = kasm_server_needed
        db.session.commit()
        return self

```

###  Updating Name in Frontend API Service Layer


Since the backend code is done for us, all we need is the frontend API layer to send the request to the backend to update the name. We don't have buttons to click for 'Change Name' so we have to check whether the input field is filled using event listeners to know when to update name.


- Checks if Name Field is filled
```js

// Event listener to trigger updateName function when Name field is changed
document.getElementById('newName').addEventListener('change', function() {
    const name = this.value;
    window.changeName(name);


});
```

- Changes Name
```js

window.changeName = async function(name) {
   if (name) {
       const URL = pythonURI + "/api/user";
       const options = {
           URL,
           body: { name },
           message: 'name-message',
           callback: () => {
               console.log('Name updated successfully!');
               window.updateNameField(name);
           }
       };
       try {
           await putUpdate(options);
       } catch (error) {
           console.error('Error updating Name:', error.message);
           document.getElementById('name-message').textContent = 'Error updating Name: ' + error.message;
       }
   }
}

```





###  Updating UID in Frontend API Service Layer

We make a similar request for the uid. We don't have buttons to click for 'Change UID' so we have to check whether the input field is filled using event listeners to know when to update  uid. 




```js

// Function to change UID
window.changeUid = async function(uid) {
   if (uid) {
       const URL = pythonURI + "/api/user"; // Adjusted endpoint


       const options = {
           URL,
           body: { uid },
           message: 'uid-message', // Adjust the message area as needed
           callback: () => {
               console.log('UID updated successfully!');
               window.updateUidField(uid);
               window.location.href = '/portfolio_2025/login'
           }
       };


       try {
           await putUpdate(options);
       } catch (error) {
           console.error('Error updating UID:', error.message);
           document.getElementById('uid-message').textContent = 'Error updating UID: ' + error.message;
       }
   }
}

```

###  Updating Password in Frontend API Service Layer


We make a similar request for password.

```js

window.changePassword = async function(password) {
   if (password) {
       const URL = pythonURI + "/api/user"; // Adjusted endpoint


       const options = {
           URL,
           body: { password },
           message: 'password-message', // Adjust the message area as needed
           callback: () => {
               console.log('Password updated successfully!');
               window.updatePasswordField(password);
               window.location.href = '/portfolio_2025/login'


           }
       };


       try {
           await putUpdate(options);
           await logoutUser();
       } catch (error) {
           console.error('Error updating password:', error.message);
           document.getElementById('password-message').textContent = 'Error updating password: ' + error.message;
       }
   }
}

```


###  Updating KASM  in Frontend API Service Layer

This is similar to the code blocks above, but we instead of an string in an input field, we are using a value of checkbox  for KASM server needed(check or unchecked). So, we need to approach the request in a slightly  different way.


```js

window.toggleKasmServerNeeded = async function() {
   const checkbox = document.getElementById('kasmServerNeeded');
   const newKasmServerNeeded = checkbox.checked;
   const URL = pythonURI + "/api/user"; // Adjusted endpoint
   const options = {
       URL,
       body: { kasm_server_needed: newKasmServerNeeded },
       message: 'kasm-server-message', // Adjust the message area as needed
       callback: () => {
           console.log('Kasm Server Needed updated successfully!');
       }
   };


   try {
       await putUpdate(options);
   } catch (error) {
       console.error('Error updating kasm_server_needed:', error.message);
       document.getElementById('kasm-server-message').textContent = 'Error updating kasm_server_needed: ' + error.message;
   }
} ```



# READ

Let's talk about the backend code for  reading the name, uid, and kasm_server_needed data from the backend so the user can check the  verify the attributes of their profile. This also reads the sections/pfp data! This data we get from the server is called response data!

However, we can't 'read' the password data for a user.  Why? Let's find out...


This code is from user.py file under the api directory,  which processes the HTTP request and 'reads'  the fields in the database using functions imported by the model. This function sends this data to the frontend in JSON. This code is under the _ID class, and has the `/api/id` endpoint.


```python
    class _ID(Resource):  # Individual identification API operation
        @token_required()
        def get(self):
            ''' Retrieve the current user from the token_required authentication check '''
            current_user = g.current_user
            ''' Return the current user as a json object '''
            return jsonify(current_user.read())
```

Typically, you would use GET function under the _CRUD class, which has the `api/user` endpoint. You could use this endpoint as well-I just used `api/id` for my frontend requests.

```python 
 @token_required()
        def get(self):
            # retrieve the current user from the token_required authentication check  
            current_user = g.current_user
            # current_user extracted from the token using token_required decorator
            users = User.query.all() # extract all users from the database
             
            # prepare a json list of user dictionaries
            json_ready = []  
            for user in users:
                user_data = user.read()
                if current_user.role == 'Admin' or current_user.id == user.id:
                    user_data['access'] = ['rw'] # read-write access control 
                else:
                    user_data['access'] = ['ro'] # read-only access control 
                json_ready.append(user_data)
            
            # return response, a json list of user dictionaries
            return jsonify(json_ready)
```


Here is the code for user.py file  under model that returns the data from the database. Did you notice how password isn't included in the returned data? Hence,  we can't 'fetch' the password data from the backend because it is not provided to us.

```python 
  def read(self):
        data = {
            "id": self.id,
            "name": self.name,
            "uid": self.uid,
            "role": self._role,
            "pfp": self._pfp,
            "kasm_server_needed": self.kasm_server_needed,
        }
        sections = self.read_sections()
        data.update(sections)
        return data 
```


### Reading Name/UID

With the backend API code done for us, we can start with the frontend API service layer. For name and uid, the frontend fetches the data from the backend and fills in the input fields with 'placeholders', or prefilled fields, which have the data from the database.


- Let's take a look at the code for fetching the name data :

```js

// Function to fetch Name from backend
window.fetchName = async function() {
    const URL = pythonURI + "/api/id"; // Adjusted endpoint


    try {
        const response = await fetch(URL, fetchOptions);
        if (!response.ok) {
            throw new Error(`Failed to fetch Name: ${response.status}`);
        }


        const data = await response.json();
        return data.name;
    } catch (error) {
        console.error('Error fetching Name:', error.message);
        return null;
    }
};


```



- Let's take a look at the code for fetching the uid data :


```js

// Function to fetch Name from backend
window.fetchName = async function() {
    const URL = pythonURI + "/api/id"; // Adjusted endpoint


    try {
        const response = await fetch(URL, fetchOptions);
        if (!response.ok) {
            throw new Error(`Failed to fetch Name: ${response.status}`);
        }


        const data = await response.json();
        return data.name;
    } catch (error) {
        console.error('Error fetching Name:', error.message);
        return null;
    }
};


```


- Let's take a look at the code that sets placeholders for both fields:

```js


// Function to set placeholders for UID and Name
window.setPlaceholders = async function() {
    const uidInput = document.getElementById('newUid');
    const nameInput = document.getElementById('newName');


    try {
        const uid = await window.fetchUid();
        const name = await window.fetchName();


        if (uid !== null) {
            uidInput.placeholder = uid;
        }
        if (name !== null) {
            nameInput.placeholder = name;
        }
    } catch (error) {
        console.error('Error setting placeholders:', error.message);
    }
};



```


### Reading KASM

This is similar to the other 'fetch' codes, but it also includes the boolean logic with the checkbox and doesn't need a separate function to handle formatting the JSON response data  into HTML. 

```js

window.fetchKasmServerNeeded = async function() {
 const URL = pythonURI + "/api/id"; // Adjusted endpoint
 try {
     const response = await fetch(URL, fetchOptions);
     if (!response.ok) {
         throw new Error(`Failed to fetch kasm_server_needed: ${response.status}`);
     }
     const userData = await response.json();
     const kasmServerNeeded = userData.kasm_server_needed
     // Update checkbox state based on fetched value
     const checkbox = document.getElementById('kasmServerNeeded');
     checkbox.checked = kasmServerNeeded;
 } catch (error) {
     console.error('Error fetching kasm_server_needed:', error.message);
     // Handle error display or fallback mechanism
 }
};




```










# **Sections**

Let's talk about the backend code for adding sections.

```
        @token_required() 
        def post(self):
            ''' Retrieve the current user from the token_required authentication check '''
            current_user = g.current_user
            
            ''' Read data for json body '''
            body = request.get_json()
            
            ''' Error checking '''
            sections = body.get('sections')
            if sections is None or len(sections) == 0:
                return {'message': f"No sections to add were provided"}, 400
            
            ''' Add sections'''
            if not current_user.add_sections(sections):
                return {'message': f'1 or more sections failed to add, current {sections} requested {current_user.read_sections()}'}, 404
            
            return jsonify(current_user.read_sections())




```

### Conclusion

In this tutorial, we walked through the process of creating a dynamic and functional profile page using Flask. We started by setting up the foundational UI elements, then implemented key features like editable fields for user information and a profile picture upload option. By connecting the front-end with the back-end using Flask APIs, we ensured that users could seamlessly update their personal information and credentials.

Through this guide, you’ve learned not only how to design a user-friendly profile page but also how to integrate it,  ensuring data validation and smooth communication between the client and server. With these skills, you're well-equipped to enhance your web applications, offering personalized and efficient user experiences.

Remember, the concepts covered here are just the beginning. You can expand on this foundation by adding more advanced features, such as multi-step forms and enhanced security measures. Keep experimenting and building, and soon you'll have a profile page that's tailored to the specific needs of your application and users.

Happy coding!



