# Flask
---

Flask is a web framework for python, also termed as "microframework" because it doesnot provide any extra modules other than required for handling http request/response.

## Starting new project

- Idea/Analysis/Design
- Name of project
- Create a project workspace
- Start working on project

### Idea/Analysis/Design

*Shows visualisation of weather of Nepal in web application*

**Mindmap about what are crude parts of our project**

![](../../images/jalbayu/jalbayu_mindmap.png)

### Name

**jalbayu**

### Create a project workspace

*first create a project directory inside samples directory*

    mkdir -p ../Samples/jalbayu

*we have blank directory*

    ls ../Samples/jalbayu/

*create a new file inside jalbayu named __environment.yml__ with following content*


```yaml
name: jalbayu
dependencies:
    - python
    - flask
```

**Create new environment for project**

```sh
# change into project directory
$ cd jalbayu

# create a new environment using environment.yml file
$ conda env create

# activate environment
$ source activate jalbayu

# list all installed packages
$ conda list
```

**Start using git from start**

```sh
# initialize git repository
$ git init

# check status
$ git status

# add environment.yml file to repository
$ git add environment.yml

# commit the changes
$ git commit -m "initial commit"

# make sure, what we want are committed properly
$ git status
$ git log
```

**Create a new spyder project**

![](../../images/jalbayu/spyder_project.png)

**gitignore**

```sh

# vim is commandline editor for linux
# you can use notepad/notepadd++ or spyder
# If using vim then
#      press "i" to start editing and press "colon" ie ":" and then "wq" and enter to save and exit
$ vim .gitignore
```

*content of __.gitignore__*

```gitignore
.spyderproject
```


*Now*
```sh

# add .gitignore file
$ git add .gitignore

# commit the changes
$ git commit -m "added gitignore file"
```

**Create a simple hello world app**

*create a file named __app.py__ with following contents*

```python
# -*- coding: utf-8 -*-

# import Flask from module "flask"
from flask import Flask


# create a new web application object
application = Flask(__name__)


# add a new route 
# http://localhost:5000/
@application.route('/')
def index():
    # we are returning a html string
    return "<h1>Hello World</h1>"


if __name__ == '__main__':
    # run the application
    application.run()
```

**Run the application**

```sh

$ python app.py
* Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)

```

*Open browser with http://localhost:5000*

**Templates**

*using templates for html page instead of just passing them as html string*

__app.py__

```python
# -*- coding: utf-8 -*-

# import Flask from module "flask"
from flask import Flask, render_template


# create a new web application object
application = Flask(__name__)


# add a new route 
# http://localhost:5000/
@application.route('/')
def index():
    # render templates searches given template file inside templates/ directory
    # and renders that template as html
    return render_template('hello.html')


if __name__ == '__main__':
    application.run()
```

**Create a templates directory**

    $ mkdir -p templates

*Create a file named __hello.html__ inside __templates__ with contents as*
```html
<html>
    <head>
        <title>Hello World</title>
    </head>
    
    <body>
        <h1>Hello World</h1>
    </body>
</html>
```

**Restarting the server**

*Hit Ctrl+C on terminal/prompt where our application is running, and rerun the server as*

```sh
$ python app.py
* Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
```

**Reloading the server without restarting it manually**

*Enable debug mode, __app.py__*

```python
...
if __name__ == '__main__':
    # enable debug mode
    # with this enabled we can view errors on browser
    #  and server will automatically reload on every changes on python code
    application.run(debug=True)
```

*Restart the server again, this time it will be on debug mode*

**templates/login.html**
```html

    <!-- form starts here -->
    <h1>Login</h1>
    <hr/>
    <form method="post" action="">
  <div>
    <label for="email">Email</label>
    <input type="email" id="email" placeholder="Email" name="email">
  </div>
  <div>
    <label for="password">Password</label>
    <input type="password" id="password" placeholder="Password" name="password">
  </div>
  <button type="submit">Login</button>
</form>

<!-- form ends here -->

```

__app.py__

```python
...

# methods=['GET', 'POST'] means we are accepting both Request types
@application.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        # if we get POST data, ie someone submitted the login form
        # just print what we obtained from browser
        print("Posted data", request.form)
    # after everything is done show login form, or show form if this is GET request
    return render_template('login.html')
...
```

![](../../images/jalbayu/login_plain_html.png)

**templates/login.html**

```html
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
    <title>JalBayu - Login Page</title>

    <!-- Bootstrap -->
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">

    <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
    <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
    <!--[if lt IE 9]>
      <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
      <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
  </head>
  <body>
    
    <div class="container">
        <div class="row">
            <div class="col-md-3"></div>
            <div class="col-md-6">
    <!-- form starts here -->
    <h1>Login</h1>
    <hr/>
    <form method="post" action="">
  <div class="form-group">
    <label for="email">Email</label>
    <input type="email" class="form-control" id="email" placeholder="Email" name="email">
  </div>
  <div class="form-group">
    <label for="password">Password</label>
    <input type="password" class="form-control" id="password" placeholder="Password" name="password">
  </div>
  <button type="submit" class="btn btn-default">Login</button>
</form>

<!-- form ends here -->
            </div>
        </div>
    </div>

    <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
    <!-- <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script> -->
    <!-- Include all compiled plugins (below), or include individual files as needed -->
  </body>
</html>
```

*- Note that we have also used [bootstrap](http://getbootstrap.com), a css framework. Infact this whole base template is copied from bootstrap template example snippet.*

### Jinja2

Jinja2 is template language used with Flask and other python frameworks

```html

{{ some_variable }} prints the value of <b>some_variable</b>

{{ 2 + 5 }} is evaluated and prints the result.

{% block section %}{% endblock %}

{% for i in some_list %}
<li>{{ i }}</li>
{% endfor %}

{% if some_value %}
<span>This is inside if</span>
{% else %}
<span>This is inside else</span>
{% endif %}
```

**Template Inheritence**

We will create a single template for every repeated block of html code, for eg. headers, footers etc.

__base.html__
```html
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
    <title>JalBayu - {% block title %}{% endblock %}</title>

    <!-- Bootstrap -->
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">

    <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
    <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
    <!--[if lt IE 9]>
      <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
      <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
  </head>
  <body>
    <div class="container">
        {% block main %}{% endblock %}
    </div>

    <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
    <!-- <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script> -->
    <!-- Include all compiled plugins (below), or include individual files as needed -->
  </body>
</html>
```

*Lets update our __hello.html__ to use this base template, with contents as*

```html
{% extends 'base.html' %}

{% block title %}Hello {{ name }}{% endblock %}

{% block main %}<h1>Hello {{ name }}</h1>{% endblock %}
```

In Above
- __extends__ means we are using __base.html__ template as our parent template
- whatever we write inside __{% block title %}__ and __{% endblock %}__ in __hello.py__ template will be overwritten inside blocks of same name of parent ( in this case __base.html__ file).

- i.e
    - When we load __hello.html__ file from view, it will first load __base.html__, apply every block from __hello.html__ in this case, __{% block title %}__ and __{% block main %}__ and return whole result

**Let's update login page**

__templates/login.html__
```html
{% extends "base.html" %}

{% block title %}Login Page{% endblock %}
    

{% block main %}
<div class="row">
    <div class="col-md-3"></div>
    <div class="col-md-6">
    <!-- form starts here -->
        <h1>Login</h1>
        <hr/>
        <form method="post" action="">
            <div class="form-group">
                <label for="email">Email</label>
                <input type="email" class="form-control" id="email" placeholder="Email" name="email">
            </div>
            <div class="form-group">
                <label for="password">Password</label>
                <input type="password" class="form-control" id="password" placeholder="Password" name="password">
            </div>
          
            <button type="submit" class="btn btn-default">Login</button>
        </form>
    
    <!-- form ends here -->
    </div>
</div>
{% endblock %}
```

*Restart the app, and visit http://localhost:5000/login in your browser*

![login page](../../images/jalbayu/screenshot_login.png)

### Authentication and Authorization

we will use __flask_login__ module for authentication and basic authorization.

- __Authentication__ means checking if user is known to us or not, unknown user are _guests_ who visits our public pages, while known users are those who are registered to our application and are logged in and may has profile page.

- __Authorization__ means finding out if any user are allowed to do a certain task. For eg. _guest_ user are only allowed to view public pages, _authenticated_ ( logged in ) users are allowed to make some changes on their page and _admin_ user are allowed to do everything including deleting other users. 

*change __environment.yml__ and update system*

__environment.yml__
```yaml
name: jalbayu
dependencies:
    - python
    - flask
    - pip:
        - flask_login
```

*Note that we have put __flask_login__ inside __pip__, this means __pip__ ( the package manager that comes with python ) will be used to install the package since it is not available with __conda__*

Now run following command
```sh
$ conda env update
```

*This will update current environment, ie looks into yaml file, install/update everything that was add/changed recently*

__app.py__

```python
...
from flask_login import LoginManager, login_user, login_required, logout_user

...
login_manager = LoginManager()
login_manager.init_app(application)

...

class User:
    """
    This is main user class used by login manager to identify users
    """
    
    # this will be list of all users who are allowed to login to our application
    users = ({
        'username': 'test@example.net',
        'password': 'pass1'          
    },)
    authenticated = False
    
    # this attribute will be populated when user will be authenticated
    user = {}
    
    def is_authenticated(self):
        """
        if user is authenticated or not
        """
        return self.authenticated
    
    def is_active(self):
        """
        if user is active or not
        being active means, user has not be disabled/deactivated/blocked by us or by him/herself
        """
        return True
    
    def is_anonymous(self):
        return False
    
    def get_id(self):
        """
        return identifier for the user, identifier should be unique to each user
        here we are using username of user
        """
        if self.is_authenticated():
            return self.user['username']
        return None
    
    @staticmethod
    def user_exists(email, password):
        """
        check if user exists in our list of users with given username and password
        """
        user_dct = [dct for dct in User.users if dct['username'] == email 
                    and dct['password'] == password]
        print("found user", user_dct)
        if user_dct:
            user.user = user_dct[0]
            user.authenticated = True
            return user
        return None

@login_manager.user_loader
def load_user(user_id):
    """
    this is used by login manager object to load user object from user_id
    user_id is obtained from session on consecutive requests
    """
    user_dct = [dct for dct in User.users if dct['username'] == user_id]
    user.user = user_dct[0]
    return user

...
@application.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        # save this data to db or do something
        print("Posted data", request.form)
        # check if requested user is in our database
        # the email and password keys are values of "name" attributes in html form see: login.html 
        user = User.user_exists(request.form['email'], request.form['password'])
        if user:
            # mark this user as loggedin
            login_user(user)
            print("logged in")
        else:
            print("Unable to login")
    return render_template('login.html')


@application.route('/logout')
def logout():
    # unmark this user as loggedin
    logout_user()
    # redirect to index page
    return redirect('/')


# this page will be accessible as http://localhost:5000/data/add
# login_required makes sure that this page is accessible to those who have login credentials and logs in
@application.route('/data/add', methods=['GET', 'POST'])
@login_required
def add_data():
    if request.method == 'POST':
        # we wont do anything here now
        pass
        
    return render_template('data_add.html')

...

```

__templates/data_add.html__

```html
{% extends 'base.html' %}

{% block main %}
<h1>We will show add form here</h1>
{% endblock %}
```

*Restart application*

*Visit http://localhost:5000/data/add, you should see something like this*

![unauth](../../images/jalbayu/screenshot_unauth.png)

This is because __@login_required__ part becomes active here for __/data/add__ route, we have not logged in yet so.

- Visit http://localhost:5000/login and use __test@example.net__ as username and __pass1__ as password and click login.
- Now visit http://localhost:5000/data/add, you should see something like this

![auth](../../images/jalbayu/screenshot_auth.png)

*Note: If you are still getting unauthorized page, make sure you are logged in, see terminal/cmd prompt for login message*

### Databases

Storing user data inside python dictionary is not very nice, so we will use a database.

- Database can be considered a type of datastructure/storage where we keep our data in a specific format.
- Generally they can be viewed as tabular format

**Lets create a database**

*we will be using sqlite, since we wont have to install anything to use it. Later this can be implemented using either MySQL or PostgreSQL as well with little changes.*

In [2]:
# import sqlite package
import sqlite3

In [10]:
# create a database, in case of sqlite it is a file
conn = sqlite3.connect('../Samples/jalbayu/data/db.sqlite3')

In [11]:
# create a cursor object
cur = conn.cursor()

In [12]:
# Now we will create required tables ie user table with columns id, username and password
cur.execute("""
CREATE TABLE user (
    id INTEGER NOT NULL,
    username VARCHAR(32),
    password VARCHAR(60),
    PRIMARY KEY (id),
    UNIQUE (username)
)
""")

<sqlite3.Cursor at 0x7fdd30cd9ce0>

In [13]:
# commit what we have done till now to disk
conn.commit()

*Database is similar to Excel Document (if you have used one previously), Tables are as __Sheet__ of Excel and columns are well __Columns__ of a particular Sheet.*

In [14]:
# list out all the data from user table
cur.execute("SELECT * FROM user")

<sqlite3.Cursor at 0x7fdd30cd9ce0>

In [15]:
cur.fetchall()

[]

we dont have anything added to database yet

In [16]:
# now add two users to our user table
cur.execute("INSERT INTO user(id, username, password) VALUES(1, 'test@example.net', 'pass1')")

<sqlite3.Cursor at 0x7fdd30cd9ce0>

In [18]:
cur.execute("INSERT INTO user(id, username, password) VALUES(2, 'test2@example.net', 'pass2')")

<sqlite3.Cursor at 0x7fdd30cd9ce0>

In [19]:
conn.commit()

In [20]:
# now check if our data have been actually inserted to db
cur.execute("SELECT * FROM user")
cur.fetchall()

[(1, 'test@example.net', 'pass1'), (2, 'test2@example.net', 'pass2')]

In [21]:
# let's close connection to db
# we dont want it to be open all the time
conn.close()

*We have added data to db, now we will modify our application to use sqlite database instead of dictionary*

*Complete code of __app.py__ looks like this*
```python
# -*- coding: utf-8 -*-

import os
import sqlite3

# import Flask from module "flask"
from flask import Flask, render_template, g
from flask_login import LoginManager, login_user, login_required, logout_user

# we will create a constant for BASEPATH which is current directory of our application
BASEPATH = os.path.dirname(os.path.abspath(__file__))

print(BASEPATH)

# create a new web application object
application = Flask(__name__)

login_manager = LoginManager()
login_manager.init_app(application)

DATABASE = os.path.join(BASEPATH, 'data/db.sqlite3')


def get_db():
    """
    this will return a database connection object, like "conn" we created above
      it first checks of connection object is in global scope i.e "g" if there is return that
      or create new one, put it into global scope and return that
    """
    db = getattr(g, '_database', None)
    if db is None:
        db = g._database = sqlite3.connect(DATABASE)
    return db


@application.teardown_appcontext
def close_connection(exception):
    """
    this will automatically run when we return response, this closes database for us
    """
    db = getattr(g, '_database', None)
    if db is not None:
        db.close()


class User:
    """
    This is main user class used by login manager to identify users
    """
    authenticated = False
    user = {}
    
    def is_authenticated(self):
        return self.authenticated
    
    def is_active(self):
        return True
    
    def is_anonymous(self):
        return False
    
    def get_id(self):
        if self.is_authenticated():
            return self.user['id']
        return None
    
    @staticmethod
    def user_exists(email, password):
        # get cursor object
        cur = get_db().cursor()
        # select all records with given username and password
        user_sql = "SELECT id, username FROM users WHERE username=? AND password=?"
        cur.execute(user_sql, (email, password))
        # we only need one, which proves we have given user in our database
        user_record = cur.fetchone()
        print("record found", user_record)
        if user_record:
            # we create a new user object
            user = User()
            # put details in a dictionary
            user.user = {
                'id': user_record[0],
                'username': user_record[1]
            }
            # mark this user as authenticated
            user.authenticated = True
            return user
        return None


@login_manager.user_loader
def load_user(user_id):
    """
    this is used by login manager object to load user object from user_id
    user_id is obtained from session on consecutive requests
    """
    cur = get_db().cursor()
    # get user by given user id
    user_sql = "SELECT id, username FROM users WHERE id=?"
    cur.execute(user_sql, (user_id,))
    user_record = cur.fetchone()
    user = User()
    user.user = {
        'id': user_record[0],
        'username': user_record[1]
    }
    user.authenticated = True
    return user


# add a new route 
# http://localhost:5000/
@application.route('/')
def index():
    return render_template('hello.html')


@application.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        # save this data to db or do something
        print("Posted data", request.form)
        # check if requested user is in our database
        user = User.user_exists(request.form['email'], request.form['password'])
        if user:
            login_user(user)
            print("logged in")
        else:
            print("Unable to login")
    return render_template('login.html')


@application.route('/logout')
def logout():
    logout_user()
    return redirect('/')


@application.route('/data/add', methods=['GET', 'POST'])
@login_required
def add_data():
    if request.method == 'POST':
        # we wont do anything here now
        pass

    return render_template('data_add.html')


if __name__ == '__main__':
    application.run(debug=True)

```

*Restart the server and check everything is working just as before, only thing we have changed is used database for user management*

*Note: we can use tools like [sqlitebrowser](http://sqlitebrowser.org/) to create and modify tables*

![db browser](../../images/jalbayu/dbbrowser.png)