# Python Advanced<img src="python-logo.png" width="150" align="right">
### Toolset 2 - Flask foundation

# 1 About Flask

Flask is a lightweight "microframework" from the Pallets Projects for facilitating the work of Python web developers.
It is quite easy to learn.   

It is called a "microframework", because the base Flask installation is not overwhelmed by a full feature set. However, many extensions exist to "strengthen" Flask, so it can grow really performant and capable, but it requires the developer to add these components separately.   
(While a complete framework contains everything that might be necessary, even those items that are not used.)
<style>
img {    
    width: 400px;
    margin: 20px auto;    
    padding: 0.2em;
    border: 3px white solid;
    display: block;
    }
 </style>
## 1.1 Webapp components

<img src="palletsprojects.png">


 ## 1.2 Team

 The pallest projects team is quite small, but the tools they provide are really good.   
<style>
img {    
    width: 400px;
    margin: 20px auto;    
    padding: 0.2em;
    border: 3px white solid;
    display: block;
    }
 </style>


<img src="palletspeople.png">


## 1.3 [WSGI](https://www.appdynamics.com/blog/engineering/an-introduction-to-python-wsgi-servers-part-1/) (ASGI)
Many web development frameworks had the definition of how the different components should communicate. Python's own interface protocol is the Webserver Gateway Interface (WSGI - weezghee), originally defined over 20 years ago!.   
<style>
img {    
    width: 400px;
    margin: 20px auto;    
    padding: 0.2em;
    border: 3px white solid;
    display: block;
    }
 </style>
<img src="wsgi.png">


## 1.4 [WSGI compliant frameworks, components](https://docs.python-guide.org/scenarios/web/)

Frameworks
- Django
- Flask
- Falcon
- Pyramid
- Tornado
- Masonite
- FastAPI

Webservers
- nginx
- Gunicorn
- Waitress
- uWSGI
- Apache httpd w/ mod-wsgi

Templating
- Jinja2
- Chameleon
- Mako




# 2 Installation

Install Flask in a virtual environment. Later on, you will likely install extra components, too.   

--- DO IT NOW ---
```python
mkdir flask
cd flask
python -m venv venv
.\venv\Scripts\activate
python -m pip install flask
python
>>> import flask
>>> exit()
```

# 2.1 Dependencies + options
As you can see from the Pallets Projects page, Flask has a lot of "acquaintances" aroud it, and this is not by chance.   
Those components are cooperating. Therefore, Flask installs its dependencies automatically, as can be seen here.   
<style>
img {    
    width: 400px;
    margin: 20px auto;    
    padding: 0.2em;
    border: 3px white solid;
    display: block;
    }
 </style>
<img src="depend.png">


Some other options, that you will need for the examples are:
- flask-session
- flask-wtforms
- sqlite3 (sqlite.org - download) CLI toolset (utility)

## 2.2 manage the FLASK_APP environment variable

Flask is able to find the application if it has a default name. Otherwise, you can specify the application name in the FLASK_APP environmetn variable.   

MacOSX és Linux:
```bash
$ export FLASK_APP=...
$ flask run
```

Windows CMD:
```bash
> set FLASK_APP=...
> flask run
```

Windows PowerShell, abból a könyvtárból, amelyen belül a pushups_logger mappa van:   
```PowerShell
> $env:FLASK_APP = "..."
> flask run
```

# 3 Theory

To understand the role of the components we define or specify, let's put together what is needed for a working web application.   
We have several populare API (Application Programming Interface) definitions that are in use today. These define the exact components needed to invoke some work. At either end of it we have some reponsibilities and rights. :-)   
These 6 API protocols are quite widespread.   
Today, we talk only about RESTful APIs. For web applications, that use web technologies and the HTTP protocol, this is the most important one.      

## 3.1 [APIs](https://www.youtube.com/watch?v=4vLxWqE94l4)
<style>
img {    
    width: 600px;
    margin: 20px auto;    
    padding: 0.2em;
    border: 3px white solid;
    display: block;
    }
 </style>
<img src="APIs.png">

## 3.2 REST(ful) API

RESTFul APIs are arguably the most widespread.   
REST API specification is the basis of HTTP, the foundation of the web.    
So if you have experience using the web, this may be quite familiar to you.   
What you see here, is how the REST API is used to submit a request from the client to the server,    
and how the server provides a response.   

<style>
    img {    
    width: 600px;
    margin: 20px auto;    
    padding: 0.2em;
    border: 3px white solid;
    display: block;
    }
 </style>
<img src="rest_api_works.png">

A REST request usually combines the following (color coded an the image):   
- method definition
- endpoint definition
- header (many fields)
- body
- 
The [response](https://www.studytonight.com/rest-web-service/understanding-the-response) contains:
- a status code (like 200: OK, 404: Not found etc.)
- other header fields, like Content Type, that will inform the client how to represent the body
- the body, which is usually a JSON file, sometime an XML file or HTML.   

<img src="rest_request.png"><style>

## 3.3 [Routing](https://www.youtube.com/watch?v=8lN4TSslz-0)

When the backend (server) gets a request, the endpoint is part of it (refer to the previous section: request components).   
The backend should know, how to react, namely where to route the request.    
This "where" is defined as a route; in abstract terms: a path the request would follow. In concrete terms: what code to execute; in Python terms: what function to call; in Flask terms: a route should be assigned to a view function.   
 
Flask provides a special decorator (@route) to make this assignment.   
The chart below shows, that when defining the functionality of a backend (Description column), you also define the name of the route, the URL and the REST method it would listen to.   
<style>
img {    
    width: 600px;
    margin: 20px auto;    
    padding: 0.2em;
    border: 3px white solid;
    display: block;
    }
 </style>
 <img src="rest_routes.png">

## 3.4. The two roles of the backend
It is important to note, that the backend can serve two different client needs:
- the client is a browser, expecting HTML
- the client is not a browser, expecting JSON/XML

In the first case, the browser will request resources that it can handle, web pages (HTML), stylesheets, javascript code, media files etc.   
The backend should fill the explicit role of a webserver. (Although it can also perform some business logic in the background)

In the second case, the client would need some data that is not meant for broser/human consumption. XML and JSON are completely fine here. The backend here is just performing ordinary business logic.

These two requirements are usually served by the same versatile backend, that have utility functions to format the response body accurately.  
You may find functions like `render_template()`, `jsonify()` or `TemplateResponse` that offer such functionality.   

# 4 Creating Flask applications

How can we put together the required items in Flask?
First, some properties of the framework:

## 4.1 Structural elements
- Flask is slightly "opinionated" (~= "This is how it should be done"). It has several expectations but those can be overridden.
  - The application is expected to be in a package folder. If your application is called **flasky**, under the **flasky** folder you should have an `__init__.py` file. This makes ot a package. This will also be the first file Flask executes, so initialization steps are typically part of the script.   
  - `from flask import Flask, ...` - it is usually the first line in a scipt that executes Flask code.   
  - `app = Flask(__name__)` - FLASK_APP = (package). The `app` variable is a convention to store the Flask application object. The `__name__` init argument assigns the script nem to the app; Flask processes it correctly. You have a couple of options to specify which app to run, but one of the easiest is to use the FLASK_APP environment variable, and use the package name.   
  - `@app.route()` - this decorator is provided to connect a URL route to a view function.   
  - `flask run` - this is the default way to start the app. It will find the script if it is called `app.py`, `wsgi.py` or if you used FLASK_APP, otherwise you can start it with the --app switch: `flask --app appname run`   
  - templates can be used to assemble HTML content, if your backend sends back an HTML response. The template engine used by Flask is Jinja2. It can do some variable interpolation, some python code evaluation etc, some template combination, so the end result is quite flexibly handled by the backend.   
  - the templates are expected to be stored in the package at the /templates folder.    
  - the /static folder is expected to store static elements. (css, images, js, ...).     
- extensions are available from the community to expand the capabilities of Flask. Some are:   
  - SQLAlchemy (ORM), flask-login, flask-wtforms

During development time, we run Flask on our development machine.   
Flask provides a simple web application server, the development server. It is not so secure and not so robust, so it is not meant to run the production code.   
However, it is very useful. Sometimes you will run it in debug mode with the --debug switch. If anything changes in the source file, a watchdog will restart the server in debug mode.   

`flask --app appname run --debug`   

## 4.2 Hello World! - hello/app.py

Our first Flask app looks like this. You can test if all installation steps were successful.   
Just use the URL provided in the status info in the console, ynd you should see "Hello, World" in your browser.   

```python
from flask import Flask

app = Flask(__name__)

@app.route('/')
def index():
    print("Hello, World!")
    return "Hello, world!"
```

### Is it HTML?
Checking the Page Source in your browser reveals how much HTML is provided. Only the bare minimum!

## 4.3 Hello, ...! - hellouser/app.py

We want to add paramteres to the URL in the form `http://127.0.0.1:5050/?name=Joe`   
We add some code to our application.   
The folder structure shows that the app.py script is at the folder level, and within the folder you should have the templates folder that contains the index.html file.

Folder structure
```bash
app.py   
templates/   
  |__index.html 
```  

Your index.html looks like this - with some template placeholder (Jinja), and the default HTML5 headers.   
`{{name}}` is used by Jinja; it renders the name variable into the HTML file.
```html
<body>
  Hello {{ name }}
</body>
```

Your app.py script is improved like this. reuqest is used because we want to access items in the request object.   
The request object is versatile - we can query the endpoint, the method used, and many other items from the body. It will be handy!   

render_template asks Jinja to put together a well-formed HTML that we return as the response body:
```python
from flask import Flask, render_template, request
...
@app.route('/')
def index():
  name = request.args["name"]
  return render_template(index.html, name=name)
```

All the necessary components can be found under the `hellouser` folder. From now on, the example code is referred to in the subchapter title.

> 1. Check the page source     
> 2. What happens if there is no name provided?    
> The exception can be prevented by using the dictionary "get" method:   
> ---> name = request.args.get("name", "world")   

## 4.4 Hello, who are you? - hellowhoru/app.py

(See the chapter title: All the necessary components can be found under the `hellowhoru` folder.) 

We do not want to use the address bar, instead, use a form to specify the name. 

We also rename the original index.html to greet.html 

We should create a new `index.html`:   
```html
<form method="get" action="/greet">
    <input autofocus autocomplete="off" name="name" placeholder="Name" type="text">
    <button type="submit">Greet</button>
</form>
```

And specify another route ('greet') in `app.py`:   
```python
@app.route("/greet")
def greet():
    name=request.args.get("name", "world")   
    return render_template("greet.html", name=name)
```

## 4.5 Jinja blocks, layout techniques - hellowhorulayout/app.py

It is quite bad practice to write the same code many times (greet.html and index.html contain the same boilerplate code for HTML conformity).   

The base template ("base.html" or "layout.html" by convention) contains the common elements that need not be repeated. This template file will be considered the parent or base "class".   
Jinja as a template engine can help us combine html file chunks into a final result.   
 
Descendants can refer to the base and extend it with unique content. This is lsimilar to "inheritance" in OOP terms, where children refer to the parents and specify the additions/differences.  

The Jinja base template specifies placeholders. `{% block name %} ... {% endblock %}`.    
The descendant refers to the base: `{% extends "base.html" %}` and also defines the block content: `{% block name %} html or jinja code {% endblock %}`. The below image is an illustration (the code syntax is not correct)


<style>
img {    
    width: 400px;
    margin: 20px auto;    
    padding: 0.2em;
    
    border: 3px white solid;
    display: block;
    }
 </style>


<img src="template-inheritance.svg">


Code:

app.py
```python
from flask import Flask, request, render_template

app = Flask(__name__)

@app.route("/")
def index():
    return render_template("index.html")

@app.route("/greet")
def greet():
    name=request.args.get("name", "world")   
    return render_template("greet.html", name=name)
```
Base template: layout.html
```html
<!DOCTYPE html>
...
{% block body %} { %endblock %}

```

index.html, greet.html:
```html
{% extends "layout.html" %}
{% block body %}
<form ...>
Hello {{ name }} ...
{% endblock %}
```

## 4.6. Variable rules for flexible routes

Flask enables variable rules in route definitions.   
The `@app.route` decorator accepts a string for the first positional parameter.   
It may contain the `routedef/<converter:content>` format, where:   
- routedef bceomes the endpoint   
- content becomes a parameter of the assigned view function, with the optional converter used for type conversion (int, string, float, uuid, path)   
- the provided part of the URL will be the argument used in the call. 

The following example explains all these:
```python
@app.route("/user/<username>")
def user(username):
    return render_template("greet.html", user=username)
```

# 5 Methods

What about the HTTP verbs?   

## 5.1 GET - so far so good (except for some sensitive data in the URL)

GET is enabled by default, it is meant to read something or get some data from the server. The downside is, if we send details, it will always be part of the URL (we can bookmark it at least), hence it is visible to everyone. There are items we would not disclose. Can we do something better?   

## 5.2 POST - nothing seen in the URL

POST requests are meant to write to the server, and the data is hidden/embedded in the request body.   
For a request to be "POST", we need to specify it in the form method, and also enable it in the route specification.

index.html   
```html
<form method="post">...
```

app.py    
```python
@app.route(route, methods=["POST"])
def index():
    name = request.form.get("name")
```

> some issues & fixes:
> 1. empty name --> make it a `required` attribute, or use Jinja {% if %} 
> 2. two templates --> use one template, one route, use request.method to decide if it is form submission

# 6 Fraternity/sorority registration (PhiKappaTheta, DeltaPhi, AlphaKappaAlpha)

In our next example we would like to improve how the user interacts with the webapp. We create a registration/application solution.   

As a university student, one may want to be part of a social organization (fraternity/sorority).   
We create a Flask application for this purpose.   
Functions:   
- the user can view the page
- the user can register for a fraternity/sorority
- the user can query the registered users

We also need to specify how to store the data.


## 6.1 Use a dictionary as a data structure - fraternity1/app.py

First we will use a simple Python dictionary to store the registrants.

Users register with their names to one selected fraternity, if the registration is ok, the result is displayed.
Plan of Attack:   

1. We need a FORM - use a form in index.html with `select` + `options` (alternatively: radio buttons / checboxes (e.g. extracurricular programs))
2. In APP.PY - we update the route '/' (test step by step)
3. Update the form with `<option disabled selected value="">Fraternity</option>` - This technique behaves like a placeholder. The option is shown but cannot be selected.
4. Update the form with name... `required`, so that the form cannot be submitted without a name --> client-side validation is fragile, with Dev Tools it is easy to override it. Do not rely on client-side validation only (it is mostly a better UX), use server-side validation, too.
5. Update app.py with the register route
   1. Do some kind of validation:
   ```python
   if not request.form.get("name") or not request.form.get("fraternities"):
       return "failure"
   else:
       return "success"
   ```
   2. we can improve it with failure/success templates; insted of the "failure", "success" strings, we can use `render_template("failure.html", error="No username provided")` or the like,    
   3. we should use a constant list for fraternities in the app; also pass it to the html template:   
   ```python
   FRATERNITIES = ["PhiKappaTheta", "DeltaPhi", "AlphaKappaAlpha"]
    ...
   return render_template("index.html", fraternities=FRATERNITIES)
   ```
   and also use Jinja to generate the content in the html template:   
   ```html
   <select ...>
   {% for fraternity in fraternities %}
    <option value="{{fraternity}}">{{ fraternity }}</option>
   {% endfor %}
   ```
   4. the '/register' route should contain the server-side validation and the success/failure page rendering
   ```python
   if not request.form.get("name") or request.form.get("fraternity") not in FRATERNITIES:
    return render_template("failure.html")
   ```
   5. possible improvements: checkboxes + request.form.getlist() if we want to allow multiple registration/application   
   6. use a dictionary in app.py and populate it with the registration details
   ```python
   ...
    REGISTRANTS[request.form["name"]] = request.form["fraternity"]  
    return redirect("/registrants")

    @app.route("/registrants")
    def registrants():
        return render_template("registrants.html", registrants=REGISTRANTS)
    ```
    where registrants.html contains the following block:
    ```html
    {% for registrant in registrants %}
        <tr>
            <td>{{ registrant}}</td>
            <td>{{ registrants[registrant] }}</td>
        </tr>
    {% endfor %}
    ```

    This makes a complete registration solution.   
    Let's hope the app won't crash and there will be no blackouts.   
    Because our datastore is not persistent. Can we do better?   

## Model-View-Controller architecture

In the MVC architecture the View (with which the user interacts) and the Model (that stores the "modeled reality of the world", usually a database) are connected by the Controller (the program we write); it handles the input, interacts with the model, and based on what happens in the model, presents the results in the view.


<style>
img {    
    width: 600px;
    margin: 20px auto;    
    padding: 0.2em;
    border: 3px white solid;
    display: block;
    }
 </style>
<img src="mvc.jpg">

## 6.2 Persistence - SQLite (fraternity2/app.py)

For a persitent datastore we will use qn SQL database.   
The siplest option is SQLite, which is built into Python, nothing needs to be installed.   

However, for SQLite-rookies, we recommend a utility to easily manage the database:
- download the binary from https://www.sqlite.org/download.html
- unzip to a folder, add the folder to your PATH
- run sqlite3
  - for GUI options: SQLiteStudio, DBeaver, DB Browser for SQLite, ...

### 6.2.1. prepare the database:
  - SQLite in C:\Program Files\SQLite
  - start it in your current library, create the database table: 
  ```bash
  > c:\Program Files\sSQLite\sqlite3.exe
  sqlite> .open fraternity.db
  sqlite> CREATE TABLE IF NOT EXISTS registrants (id INTEGER, name TEXT NOT NULL, fraternity TEXT NOT NULL, PRIMARY KEY(id));
  sqlite> .schema
  ```


### 6.2.2. replace the user registraton and the query parts with a persistent solution:
   ```python
   conn = sqlite3.connect("fraternity.db", check_same_thread=False)
   ...
   name = request.form.get("name")
   fraternity = request.form.get("fraterniy")
   ...validation
   cursor.execute("INSERT INTO registrants (name, fraternity) VALUES(?, ?)", name, fraternity)
   ...
   registrants = cursor.execute("SELECT * FROM registrants").fetchall()
   ```

   check_same_thread is a Flask-specific thing.

### 6.2.3. update the registrants.html template
The SQL query returns a list of tuples (1 row - 1 tuple)

   ```html
   {% for registrant in registrants %}
        <tr>
            <td>{{ registrant[1] }}</td>
            <td>{{ registrant[2] }}</td>
        </tr>
   {% endfor %}
   ```

### 6.2.4. Add some robustness / UX updates:
   - consider maintainability
     - use the `url_for(route)` to let Flask automatically find the URL for the route; so if the URL changes but the route remains, the changes are automatically cared for    
   - use a static style.css file for styling
     - use the /static folder
   - add a deregistration option 
     - (hidden input with matching ID, respective route)
   - add some navigation to all pages, plus some customized title/footer blocks
     - `<nav>`, `<footer>`, `navigation.html` and `{%include%}`

# 7 Cookies and Sessions

Cookies are an identification tool (scrambled strings) that the server can use to identify the client (browser). The HTTP protocol is stateless, subsequent requests have no connection with each other by the protocol definition. However, in normal web applications, it is often good to know that the client who wants to query the inventory now, is the same who authenticated itself in the previous request.   
The more abstract mechanism for this purpose is called a Session. (Sessions utilize cookies)   
A session is valid for a sequence of interactions and make it possible to maintain a kind of state.   


## 7.1 Using sessions - session/app.py

Plan of attack for a simple login with name only: 

- install flask-session (a community-provided extension), import Session
- import the session from flask
- configure the app for session cookie (following the guidelines)
- update index.html to prepare for login
- add a route for login
- add login.html for login form
- use the session object (which is a dictionary) to store logins (if a name is in the session object, the user is logged in)

No authentication at this point...


# 8. Shopping Cart - shoppincart/app.py

For a shopping cart experience we combine sessions and persistent datastores.   
We create a bookstore with 6 books from Asimov's Foundation series.

1. Let's create a sample database store.db:
   ```bash
   sqlite3
   sqlite> .open store.db
   sqlite> CREATE TABLE books (id INTEGER, title TEXT NOT NULL, PRIMARY KEY(id));
   sqlite> INSERT INTO books (title) VALUES 
   ('Foundation'),
   ('Foundation and Empire'),
   ('Second Foundaton')
   ('Foundation`s Edge'),
   ('Before Foundation'),
   ('Foundation and Earth');
   sqlite> .q
   ```


## 8.1. Session settings

These are the required settings

```python
app.config["SESSION_PERMANENT"] = False
app.config["SESSION_TYPE"] = "filesystem"
Session(app)
```

## 8.2. The bookstore

The basic behaviour is to show a bookstore to the user.   
The relevant part of the `app.py` is:
```python
@app.route("/")
def index():
    books = cursor.execute("SELECT * FROM books;").fetchall()
    print(session)  # how does a session look like?
    return render_template("books.html", books=books)
```

and the template:
```html
{% extends "layout.html" %}
{% block body %}
    <h1>Books</h1>
    {% for book in books %}
    <h2> {{ book[1] }} </h2>
    <form action="/cart" method="post">
        <input name="id" type="hidden" value="{{ book[0] }}">
        <button type="submit">Add to Cart</button>
    </form>
    {% endfor %}
{% endblock %}
```

There is a useful practice in the form: 
- The button is visible next to each book for 'Adding to Cart'.
- Next to the book there is a form with a hidden, invisible input, with the name "id" and the value of the book ID taken from the database. 
- When the button is pressed, the form is sent, and it carries the book ID in the variable called "id". 
- We can query it from the app, and process it transparently, as can be read in the following section, The Cart.   

## 8.3. The cart

The cart is implemented as part of the session object. This is a dictionary, that is persistent throughout the session. We want the cart to store the books we selected (selection is sending a POST request from the form with the book ID).   
The cart can be checked individually (that will be a "read"-like thing, so we use a GET request for that), but it is also the endpoint that serves the "while browsing the store, i selected this book and put it in the cart" event (which is a "write"-like, i.e. POST request.)   

So the cart endpoint should be conenctedd with the cart view fuction like this:
```python
@app.route("/cart", methods=["GET", "POST"])
def cart():
    if "cart" not in session:
        session["cart"] = []
```
Both methods are enabled.   
The 'cart' key is provided for the session dictionary if this is the first cart access. The value will be a list.

What happens, when we add a book to our cart?
```python
    # POST
    if request.method == "POST":
        book_id = request.form.get("id")
        if book_id:
            session["cart"].append(book_id)
        return redirect("/cart")
```
The above code works if the request was a POST-request. The book ID is read, and if it is not empty, it is appended to the list in the cart. Then, the processing is redirected to the cart endpoint (a redirect is always a POST-request).   

What happens when we just check the cart or get redirected?
We read the books from our book database by ID, and the result will be rendered by Jinja in a respective html template.   
```python
    # GET
    cart_list = session["cart"]

    if len(cart_list) > 0:
        qm = '?' + ',?' * (len(cart_list) - 1)
    books_c = cursor.execute(f"SELECT * FROM books WHERE id IN ({qm});", cart_list)
    books = books_c.fetchall()
    return render_template("cart.html", books=books)
```


# 9. Wrap Up and Next Steps

During this tutorial series, we made a shallow dive into Flask.
We learned about webapps, REST APIs, routes, view functions, Jinja templates rendering, how to handle the request object, how to return the response, POST and GET requests, database handling and the session. It was just a few concepts and techniques.   
However, as the first step in webapp development, it was really significant!

I hope you enjoyed it.    

For next steps, here is my recommendation:   
1. Read the subchapters in [Flask Quickstart](https://flask.palletsprojects.com/en/3.0.x/quickstart/) that we skipped (and review what we touched): Message Flashing, About Responses, APIs with JSON, Redirects and Errors, File Uploads.
2. Complete the Flask [Tutorials](https://flask.palletsprojects.com/en/3.0.x/tutorial/). The most important new concepts here are Blueprints and Views, handling Authenticated Logins, Updates and Deletes, Making the project installable, Testing, Production deployment.
3. Follow other tutorials that help you consolidate what you learned. Here are two of my favourites:
   1. [Python Flask Tutorial - Full course](https://www.youtube.com/watch?v=2YOBmELm_v0) 
   2. The [Flask Mega-Tutorial](https://blog.miguelgrinberg.com/post/announcing-the-flask-mega-tutorial-2024-edition) by Miguel Grinberg
