In [None]:

# Notes from Flask Web Development book



# js code to load data from jinja, which can then be used in D3 as usual
# var graphData = {{ data_from_flask_via_jinja | safe }} 

# example of applying D3 func to dynamic data from flask:
# https://branetheory.org/2014/12/18/data-visualization-using-d3-js-and-flask/





In [1]:
# outing, debugging, and Web Server Gateway Interface (WSGI) subsystems come from Werkzeug
# template support from jinja
## apart from the two lines above, you chose what package does things


from flask import Flask 
app = Flask(__name__)  # the __name__ is used to determine root path of app


# browsers send 'requests' to the server, which sends them to a flask app instance
# and the URL is mapped to a py func, eg: 


@app.route('/')   # using decorator to register index() func as a handler for event (in this case, going to a URL)
def index():
    """Funcs like this are called View Functons, and return a response (eg HTML)"""
    return '<h1>Hello World!</h1>'


# ensures server is only launched when this script called directly
if __name__ == '__main__': 
    app.run(debug=True)

In [7]:
## embed text: two methods
name = 'Jess' 
print('<h1>Hello, %s!</h1>' % name)
print(f'<h1>Hello, {name}!</h1>' )

<h1>Hello, Jess!</h1>
<h1>Hello, Jess!</h1>


In [None]:
### 'name' is passed to function as an input
@app.route('/user/<name>') 
def user(name):
	return '<h1>Hello, %s!</h1>' % name 


In [1]:
# defines a thread as the smallest sequence of instructions that can be handled independently
# and a process can have multiple active threads
# 
# 
# a request object captures contents of an HTTP request sent by the client
# 
# g = common obj name for temp storage during handling of a request. Ensure if important
# 
# 
# 


In [None]:
# HTTP
#
#

### Http methods
Get = only retrieves data\
Head = same as get, but without response data (just metadata I think)\
post = submits data\
put = replace all data in target with sent data\
delete = deltes something\
there are a few others: https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods

In [19]:
from flask import request, Flask, current_app
app = Flask(__name__)
@app.route('/')
def index():
    return '<p>Your browser is %s</p>' % 'aaa'

print(app.url_map)  # shows URL options, and 'static' route (shows you flask is ready to read from 'static' folder)
        # also shows you request methods accepted by each route
    

# after making app (generally in separate script), can get it's context 
app_context = app.app_context()
app_context.push()
print(current_app.name)
print(current_app)
app_context.pop()
print(current_app.name)  # get error now context is 'popped'

Map([<Rule '/' (HEAD, GET, OPTIONS) -> index>,
 <Rule '/static/<filename>' (HEAD, GET, OPTIONS) -> static>])
__main__
<Flask '__main__'>
__main__


In [None]:
# 'request hooks'  = decorators that can be applied to @app funcs. Good for things that cut across lots
# of pages like user login credential tests

# can use flask.make_response() to make a response object (inc http response status code of your choice). So
# could be good for making error handling more official if making an API

# 

In [None]:
# to redirect to another site
@app.route('/') 
def index():
    return redirect('http://www.example.com')

In [24]:
from flask import abort
print(abort(403))  # returns abort message with relevant status code

Forbidden: 403 Forbidden: You don't have the permission to access the requested resource. It is either read-protected or not readable by the server.

In [27]:
# if you want to add CLI commands to py script, CLICK package looks like a good
# way to do it (esp with nice automatic help-page generation formatting)
# https://click.palletsprojects.com/en/8.0.x/

In [29]:
# para from jinja in html: <p>A value from a dictionary: {{ mydict['key'] }}.</p>

# {{ name|capitalize }}     # capitalize 'filter' makes first char from jinja caps and rest lowercase

# 'escaping' = jinja ignores some of the input 

# Jinja can generate any text-based format (HTML, XML, CSV, LaTeX, etc.)

## never use 'safe' filter for webforms or other things which someone other than you might have completed

## 'Macros' in Jinja are like functions, eg 'render_comment' macro below
#{% macro render_comment(comment) %} 
#    <li>{{ comment }}</li>
#{% endmacro %}

# can store macros in standalone html files and source them:
# {% import 'macros.html' as macros %}
#<ul>
#    {% for comment in comments %}
#        {{ macros.render_comment(comment) }}
#    {% endfor %}
#</ul>

In [None]:
# to inherit jinja templates from other html file: {% extends "base.html" %}

# this 'title' block of a templte: <title>{% block title %}{% endblock %} - My Application</title>
# could be called and edited within the child page: 
#{% extends "base.html" %}
#{% block title %}Some new title{% endblock %}

# if want to retain parent contents of a block while editing other blocks, think you need to call
# {{ super() }} in that block in the child code, eg (tho not sure the style rows are important here):

# {% block head %}
#{{ super() }}
#<style>
#</style>
#{% endblock %}

# search for 'child templates' here for more: https://jinja.palletsprojects.com/en/3.0.x/templates/

In [32]:
from flask_bootstrap import Bootstrap  # do this, not from flask.ext.Bootstrap (old way that doesn't work)


# Once Flask-Bootstrap is initialized, a base template that includes all 
# the Bootstrap files is available to the application, which can be
# inherited by (bootstrap includes all bootstrap css and js templates, and 
# 'base' is just one option):
# {% extends "bootstrap/base.html" %}






In [None]:
# can make pages which load on error codes. 500 is a good one as 'unhandled exception', so should
# catch all else (500 aka 'internal server error' so quite general)
@app.errorhandler(404) 
def page_not_found(e):
    return render_template('404.html'), 404

@app.errorhandler(500)
def internal_server_error(e):
    return render_template('500.html'), 500

# suggests that for the templates of these you inherit the navbar or base.html pages you use, so users
# can still get around

In [None]:
# url_for('index', page=2) would return /?page=2.

In [None]:
# in url_for(), set _external=True to return full URL rather than internal redirection only (eg:
# http::/localhost.... which could be good if referencing external websites)

In [None]:
# to include 'favicon.ico' for browsers to show in address bar, sourcing it from 'static' folder
{% block head %}
<link rel="shortcut icon" href="{{ url_for('static', filename = 'favicon.ico') }}" type="image/x-icon">
<link rel="icon" href="{{ url_for('static', filename = 'favicon.ico') }}" type="image/x-icon">
{% endblock %}

In [34]:
from flask_moment import Moment  # for working with dates and times

# Moment uses jquery (included in flask's bootstrap module) and moment.js (needs sourcing from CDN)

In [None]:
# to p54


In [37]:
# pass jsonified things to output of API on flask
from flask import jsonify
print(type(jsonify(1, 2, 3, 4, 5, 6)))   # jsonify converts 1+ objs to json and to 
                                        # a format one can use for a request response
jsonify(1, 2, 3, 4, 5, 6)

<class 'flask.wrappers.Response'>


<Response 14 bytes [200 OK]>

In [None]:
# API follows 'blueprint' structure, with py script for each response type
-flasky 
   |-app/
    |-api_1_0 
        |-__init__.py 
        |-user.py 
        |-post.py 
        |-comment.py 
        |-authentication.py 
        |-errors.py 
        |-decorators.py

In [None]:
# RESTful APIs are stateless (they dont remember anything about clients between updates)

# flask-httpauth lets you verify by email and password, hiding the API until auth'd
# should only use this on https, as people will be sending secure credentials

# session = one per client (using cookies)
# g = one per request (shorter term)

# can use to make new encrypted token:
# s = Serializer(current_app.config['SECRET_KEY'], expires_in=seconds_till_it_expires)  # makes new serialid 
# s.dumps({'id': self.id})  # gives json of id:key 

# to decrypt token:
# s = Serializer(current_app.config['SECRET_KEY'])
# data = s.loads(token)


## Notes on APIs in Flask

Notes from https://www.youtube.com/watch?v=WxGBoY5iNXY&ab_channel=PrettyPrinted on making a flask API with Auth:
To ‘login’ need to make GET request of type ‘Basic Auth’, putting in username and password. Can set this query up in a curl request or with the help of a service like https://web.postman.co/

Could hack if in a hurry and ask for password (or key) as part of incoming json request, and return error if they aren’t on the system

Can output an array from an API as they’re Json serialisable

To test APIs quickly (not tried):
https://web.postman.co/

To POST json to API:
https://reqbin.com/req/c-dwjszac0/curl-post-json-example

PATCH - like PUT in that it changes things, but can change subsets of data rather than updating an entire record

curl -v {URL}   …means "verbose mode please" and will make curl show its request, the response headers and additional informational details about the transfer performed. Tells you content type (eg: html/json/etc),  and other info

curl -H “Content-Type: application/json” -X POST -d “{\“aa\”: \“bb\”}” http://127.0.0.1:5000/

Every resource (page, thing, piece of information) should have a unique URL
Flask redirects from non-trailing slash urls to trailing slash URLs if it can’t find anything at non-trailing URL, but not vice versa
GET = get info (aka the Resource)
POST = post new info (Resource) to the server. Good for internal system I expect
PUT = modify existing resource
DELETE = delete Resource (or a collection of resources)
XML and JSON are most common API formats (json seems more suited to me)
In a well-designed RESTful API, the client just knows a short list of top-level resource URLs and then discovers the rest from links included in responses, similar to how you can discover new web pages while browsing the Web by clicking on links that appear in pages that you know. 

You might include a number in the API url representing it’s version, in case any processing protocols change over time and the new version isn’t backwards compatitible, eg /api/v1.0/posts/ 

Example api structure (each resource is it’s own module):
|-flasky 
|-app/ 
|-api_1_0 |
-__init__.py |-user.py |-post.py |-comment.py |-authentication.py |-errors.py |-decorators.py 

Can make error handlers for specific HTTP status codes which call specific templates (eg: 404.html)

‘Anonymous’ access allows a user to access a website’s public space without providing a user id and password.

API should very much be HTTPS only as secure keys are being sent

Denormalisation = increasing redundancy

‘Regressions’ in code = new code affecting the way old code works




## More on APIs

REST API contains: resourcep path (URL), HTTP verb (get/post/put/delete), json body (PUT/POST only), header (metadata)

#### Use -H to add a header to a request in Curl
curl https://reqbin.com/echo/get/json
   -H "X-Custom-Header: value"


#### ways of including body in Curl request
'-d' meaning 'send data', another way of saying POST
curl -d 'id=9&name=baeldung' http://localhost:8082/spring-rest/foos/new

curl -d '{"id":9,"name":"baeldung"}' -H 'Content-Type: application/json' 
  http://localhost:8082/spring-rest/foos/new


#### Sending json from file to API
curl -d @request.json -H "Content-Type: application/json" 
  http://localhost:8082/spring-rest/foos/new



#### More on Curl APIs
https://www.baeldung.com/curl-rest









