# Building websites with Flask

## What is Flask?

Flask is a **micro web application framework**.

You can use Flask to:
* Build a static website (blog, private homepage)
* Build dynamic websites
* Build an API server

Some Flask features:
* Development server and debugger
* Integrated support for unit testing
* Open-source
* No database abstraction layer, no form validation or similar advanced features 



### Documentation

http://flask.pocoo.org/docs

### Installation

```bash
conda install flask
```


### Alternatives
* Django (https://www.djangoproject.com)
* Tornado (http://www.tornadoweb.org/en/stable/)
* Ruby on Rails (http://rubyonrails.org) 

## Hello world in Flask

In [8]:
# File: hello_world.py
from flask import Flask
app = Flask(__name__)

@app.route("/")
def hello():
    return "Hello World!"

if __name__ == "__main__":
    app.run()

Run the flask server with:
```bash
python my_webserver.py
   * Running on http://localhost:5000/
```            

Then open http://localhost:5000/ in your web browser. To stop the server, hit `Control-C`.


## What happened?

```python
from flask import Flask
app = Flask(__name__)
```
The instance of the `Flask` class is our web application.

The first argument is needed so that Flask knows where to look for templates, static files, and so on.  If you are using a single module simply use `__name__`. 

```python
@app.route("/")
def hello():
    return "Hello World!"
```

We then use the route() decorator to tell Flask what URL should trigger our function. By default, Flask answers to GET requests, and the return value of the function is the answer of the `GET` request.

```python
if __name__ == "__main__":
    app.run()
```

Finally we use the `run()` function to run the local server with our application. 

**Note**: You need to restart the sever when changing your code.

## Debug mode
You can use 
```python
app.run(debug=True)
``` 
to see more detailed error output. 

In debug mode the server will reload itself on code changes. 


## Making the server available in your network

If you want your server to be accessible from your entire network, you need to launch the server with:
```python
app.run(host='0.0.0.0')
```

**Important**: This allows *anyone* in your network to access your webbrowser, which might be a severe security riks!

## Adding more URLs

We can serve additional URLs by adding new functions with the route decorator:

In [9]:
users = {"richard": "Richard Lee",
         "john": "John Smith"}

@app.route('/user')
def show_user_overview():
    users_str = "<br>".join(users.values())
    return '<h1>Our users</h1><br>{}'.format(users_str)
app.run()

127.0.0.1 - - [08/Nov/2016 21:39:32] "GET /user HTTP/1.1" 200 -
127.0.0.1 - - [08/Nov/2016 21:39:32] "GET /favicon.ico HTTP/1.1" 404 -


Matches only http://localhost:5000/user

In [3]:
@app.route('/user/<username>')
def show_user_profile(username):
    # show the user profile for that user
    return 'User %s' % username

Matches http://localhost:5000/user/NAME for any `NAME`

## Templates

So far our webserver only served simple textstrings, but no HTML documents. 

One solution would be to define the entire HTML string in the URL handler, e.g.:

```python
@app.route('/login')
def login():
    return '''
<html>
<header><title>The title</title></header>
<body>
Hello world
</body>
</html>    
    '''
```

However, Flask comes with a templating system that makes our life a lot easier:

In [10]:
from flask import render_template

@app.route('/post/')
@app.route('/post/<name>')
def post(name=None):
    return render_template('post.html', name=name)

Flask will look for templates in the `templates` folder.

```html
<!-- ./templates/post.html -->

<!doctype html>
<title>Hello from Flask</title>
{% if name %}
  <h1>Displaying blog post {{ name }}!</h1>
{% else %}
  <h1>No post name given!</h1>
{% endif %}
```

In [11]:
app.run()

127.0.0.1 - - [08/Nov/2016 21:40:41] "GET /user HTTP/1.1" 200 -
127.0.0.1 - - [08/Nov/2016 21:40:48] "GET /post HTTP/1.1" 301 -
127.0.0.1 - - [08/Nov/2016 21:40:48] "GET /post/ HTTP/1.1" 200 -
127.0.0.1 - - [08/Nov/2016 21:40:55] "GET /post/Simon HTTP/1.1" 200 -


## HTML form

Using the template, we can now create a HTML form with a `POST` requets

```html
<!-- ./templates/login.html -->

<!doctype html>
<title>Login</title>

{% if error %}
<p style="color:red">{{ error }}</p>
{% endif %}

<form action="handle_login" method="POST">
    Username:
    <br>
    <input type="text" name="username">
    <br>
    Password:
    <br>
    <input type="password" name="password">
    <br>
    <input type="submit" value="Submit">
</form>
```


In [14]:
@app.route('/login')
def login():
    return render_template('login.html')

AssertionError: View function mapping is overwriting an existing endpoint function: login

In [8]:
app.run()

## Handling the `POST` request.

The form above sends a `POST` request to the `handle_login` URL. 

We can use 
```python
@app.route('/handle_login', methods=['POST'])     
```
to create a new Flask handler that accepts `POST` requests.

We can then use the 
```python
flask.request
```
module to access the data in the `POST` request (here the username and password that the user provided in the form).

In [9]:
from flask import request
                                                                                                                                                                                                                                               
@app.route('/handle_login', methods=['POST'])                                                                                                                                                                                                  
def handle_login():           
    
    assert request.method == 'POST'   # Check that we are really in a POST request
    
    # Acces the form data:
    username = request.form["username"]
    password = request.form["password"]
    
    if username == "simon" and password == "safe":                                                                                                                                                             
        return "You are logged in Simon"                                                                                                                                                                                                       
    else:                                                                                                                                                                                                                                      
        error = "Invalid credentials"                                                                                                                                                                                                          
        return render_template("login.html", error=error)     

In [None]:
app.run()