## Flask – Overview
---
### What is a Web Framework
---
* Web Application Framework or simply Web Framework represents a collection of libraries and modules that enables a web application developer to write applications without having to bother about low-level details such as protocols, thread management etc.

### What is Flask?
----

* Flask is a web application framework written in Python. 
* It is developed by Armin Ronacher, who leads an international group of Python enthusiasts named Pocco. 
* Flask is based on the Werkzeug WSGI toolkit and Jinja2 template engine. Both are Pocco projects

### WSGI
----
* Web Server Gateway Interface (WSGI) has been adopted as a standard for Python web application development. WSGI is a specification for a universal interface between the web server and the web applications.

### Werkzeug
---
* It is a WSGI toolkit, which implements requests, response objects, and other utility functions. This enables building a web framework on top of it. The Flask framework uses Werkzeug as one of its bases.



### Jinja2
----
* Jinja2 is a popular templating engine for Python. A web templating system combines a template with a certain data source to render dynamic web pages.

* Flask is often referred to as a micro framework. It aims to keep the core of an application simple yet extensible. 
* Flask does not have built-in abstraction layer for database handling, nor does it have form a validation support. 
    * Instead, Flask supports the extensions to add such functionality to the application.

## Environment Setup
----
* Python 2.6 or higher is usually required for installation of Flask. 
    * Although Flask and its dependencies work well with Python 3 (Python 3.3 onwards), many Flask extensions do not support it properly. 
    
#### Install virtualenv for development environment
----
`virtualenv` is a virtual Python environment builder. It helps a user to create multiple Python environments side-by-side. 

`pip install virtualenv`

* Once installed, new virtual environment is created in a folder.
```bash
mkdir newproj
cd newproj
virtualenv venv
```
* To activate corresponding environment

`venv/bin/activate`

* Install Flask with

`pip install Flask`

#### We're going to use `pipenv` for this

### Writing the Application
----
`hello.py`
```python
from flask import Flask
app = Flask(__name__)

@app.route('/')
def hello_world():
   return 'Hello World’

if __name__ == '__main__':
   app.run()
```

* Importing `flask` module in the project is mandatory.
* An object of Flask class is our WSGI application.

* Flask constructor takes the name of current module (`__name__`) as argument




* The `route()` function of the Flask class is a decorator, which tells the application which URL should call the associated function.

`app.route(rule, options)`

  * The `rule` parameter represents URL binding with the function.

  * The `options` is a list of parameters to be forwarded to the underlying Rule object.

* `/` URL is bound with `hello_world()` function.

* the `run()` method of Flask class runs the application on the local development server.

```python
app.run(host, port, debug, options)
```



|Sr.No. |	Parameters & Description|
| ------------- |:-------------:|
|host| Hostname to listen on. Defaults to 127.0.0.1 (localhost). Set to ‘0.0.0.0’ to have server available externally |
|port| Defaults to 5000|
|debug| Defaults to false. If set to true, provides a debug information |
|options|To be forwarded to underlying Werkzeug server.|

## Security Warning: Debug mode

* A Flask application is started by calling the `run()` method. 
    * However, while the application is under development, it should be restarted manually for each change in the code. 
    * To avoid this inconvenience, enable `debug` support. 
    * The server will then reload itself if the code changes. It will also provide a useful debugger to track the errors if any, in the application.

* Enabled by setting the debug property of the application object to `True` before running or passing the debug parameter to the `run()` method.
```python
app.debug = True
app.run()
app.run(debug = True)
```

### Routing
----
* Modern web frameworks use the routing technique to help a user remember application URLs. 
* It is useful to access the desired page directly without having to navigate from the home page.
* The `route()` decorator in Flask is used to bind URLs to functions
```python
@app.route('/hello')
def hello_world():
    return 'hello world'
```

* URL `/hello` rule is bound to the `hello_world()` function. 
    * If a user visits `http://localhost:5000/hello` URL, the output of the `hello_world()` function will be rendered in the browser.


* The `add_url_rule()` function of an application object is also available to bind a URL with a function as in the above example, `route()` is used.

* A decorator’s purpose is also served by the following representation −
```python
def hello_world():
   return ‘hello world’
app.add_url_rule(‘/’, ‘hello’, hello_world)
```

### Variable Rules
----
* It is possible to build a URL dynamically, by adding variable parts to the rule parameter. 
* This variable part is marked as `<variable-name>`. 
    * It is passed as a keyword argument to the function with which the rule is associated.

* the rule parameter of `route()` decorator contains `<name>` variable part attached to URL `/hello`. 
    * `http://localhost:5000/hello/advancedPython` is entered as a URL in the browser, `advancedPython` will be supplied to `hello()` function as argument.
    
```python
from flask import Flask
app = Flask(__name__)

@app.route('/hello/<name>')
def hello_name(name):
   return 'Hello %s!' % name

if __name__ == '__main__':
   app.run(debug = True)
```


* rules can be constructed using the following converters 
* In addition to the default string variable part

|Sr.No. |Converters & Description|
| ------------- |:-------------:|
|int| accepts integer|
|float|For floating point value|
|path|accepts slashes used as directory separator character|


```python
from flask import Flask
app = Flask(__name__)

@app.route('/blog/<int:postID>')
def show_blog(postID):
   return 'Blog Number %d' % postID

@app.route('/rev/<float:revNo>')
def revision(revNo):
   return 'Revision Number %f' % revNo

if __name__ == '__main__':
   app.run()
```
* Run the above code from Python Shell. Visit the URL `http://localhost:5000/blog/11`

    * The given number is used as argument to the `show_blog()` function. 

* Enter this URL in the browser − `http://localhost:5000/rev/1.1`

    * The `revision()` function takes up the floating point number as argument. 
    
* The URL rules of Flask are based on **Werkzeug**’s routing module. 
* This ensures that the URLs formed are unique and based on precedents laid down by Apache.


* Consider the rules defined in the following script 

```python
from flask import Flask
app = Flask(__name__)

@app.route('/flask')
def hello_flask():
   return 'Hello Flask'

@app.route('/python/')
def hello_python():
   return 'Hello Python'

if __name__ == '__main__':
   app.run()
```

* Both the rules appear similar but in the second rule, trailing slash (`/`) is used.  As a result, it becomes a canonical URL. 
* Using `/python` or `/python/` returns the same output.
    * However, in case of the first rule, /flask/ URL results in 404 Not Found page.

### URL Binding
----
* The `url_for()` function is very useful for dynamically building a URL for a specific function. 
    * The function accepts the name of a function as first argument, and one or more keyword arguments, each corresponding to the variable part of URL.

```python
from flask import Flask, redirect, url_for
app = Flask(__name__)

@app.route('/admin')
def hello_admin():
   return 'Hello Admin'

@app.route('/guest/<guest>')
def hello_guest(guest):
   return 'Hello %s as Guest' % guest

@app.route('/user/<name>')
def hello_user(name):
    # this functions checks if an argument received matches a value or not
    # and conditionally renders based on that
   if name =='admin':
      return redirect(url_for('hello_admin'))
   else:
      return redirect(url_for('hello_guest',guest = name))

if __name__ == '__main__':
   app.run(debug = True)
```

## HTTP Methods
-----
* HTTP Protocol is the foundation of data communication around the world wide web.
* Different methods get different data from URLs defined by the protocol


|Sr.No. |Method & Description|
| ------------- |:-------------:|
|GET | Sends data in unencrypted form to the server. Most common method.|
|HEAD|Same as GET, but without response body|
|POST|Used to send HTML form data to server. Data received by POST method is not cached by server.|
|PUT|Replaces all current representations of the target resource with the uploaded content.|
|DELETE|Removes all current representations of the target resource given by a URL| 

* The Flask route responds to the `GET` requests. However, this preference can be altered by providing methods argument to `route()` decorator.

In order to demonstrate the use of `POST` method in URL routing

login.html
```html
<html>
   <body>
      <form action = "http://localhost:5000/login" method = "post">
         <p>Enter Name:</p>
         <p><input type = "text" name = "nm" /></p>
         <p><input type = "submit" value = "submit" /></p>
      </form>
   </body>
</html>

```

login.py
```python
from flask import Flask, redirect, url_for, request
app = Flask(__name__)

@app.route('/success/<name>')
def success(name):
   return 'welcome %s' % name

@app.route('/login',methods = ['POST', 'GET'])
def login():
   if request.method == 'POST':
    # this maps the value we pass into the login function
    # for the argument 'nm'
      user = request.form['nm']
      return redirect(url_for('success',name = user))
   else:
       # This gets the argument value for us
       # and passes it in for the name parameter with the user var
      user = request.args.get('nm')
      return redirect(url_for('success',name = user))

if __name__ == '__main__':
   app.run(debug = True)
```

### Templates
----
* It is possible to return the output of a function bound to a certain URL in the form of HTML. 
    * `hello()` function will render `Hello World` with `<h1>` tag attached to it.

```python
from flask import Flask
app = Flask(__name__)

@app.route('/')
def index`():
   return '<html><body><h1>Hello World</h1></body></html>'

if __name__ == '__main__':
   app.run(debug = True)
```

* Generating HTML content from Python code is cumbersome, especially when variable data and Python language elements like conditionals or loops need to be put. 
    * This would require frequent escaping from HTML.

* Enter the  `Jinja2` template engine, on which Flask is based. 
    * Instead of returning hardcode HTML from the function, a HTML file can be rendered by the `render_template()` function.

```python
from flask import Flask
app = Flask(__name__)

@app.route('/')
def index():
   return render_template(‘hello.html’)

if __name__ == '__main__':
   app.run(debug = True)
```


* Flask will try to find the HTML file in the templates folder, in the same folder in which this script is present.

```bash
    Application folder
        Hello.py
        templates
            hello.html
```

* The term **web templating system** refers to designing an HTML script in which the variable data can be inserted dynamically.
    * A **web template system** comprises of a **template engine**, some kind of **data source** and a **template processor**.


* Flask uses **jinga2** template engine. 
* A web template contains HTML syntax interspersed placeholders for variables and expressions (in these case Python expressions) which are replaced values when the template is rendered.

`hello.html` in a `templates` folder

```html
<!doctype html>
<html>
   <body>
   
      <h1>Hello {{ name }}!</h1>
      
   </body>
</html>
```

```python
from flask import Flask, render_template
app = Flask(__name__)

@app.route('/hello/<user>')
def hello_name(user):
   return render_template('hello.html', name = user)

if __name__ == '__main__':
   app.run(debug = True)
```
* `http://localhost:5000/hello/tom`
* As the development server starts running, open the browser and enter URL the variable part of URL is inserted at `{{ name }}` place holder.

##### Web Templating System Example

* The `Jinga2` template engine uses the following delimiters for escaping from HTML.

```text
    {% ... %} for Statements
    {{ ... }} for Expressions to print to the template output
    {# ... #} for Comments not included in the template output
    # ... ## for Line Statements
```


* Example: use of conditional statement in a template
    * The URL rule to the `hello()` function accepts the integer parameter. 
    * It is passed to the `hello.html` template. 
        * Inside it, the value of number received `(marks)` is compared (greater or less than 50) and accordingly HTML is conditionally rendered.

```python
from flask import Flask, render_template
app = Flask(__name__)

@app.route('/hello/<int:score>')
def hello_name(score):
   return render_template('hello.html', marks = score)

if __name__ == '__main__':
   app.run(debug = True)
```

* `hello.html`
```html
<!doctype html>
<html>
   <body>
      {% if marks>50 %}
         <h1> Your result is pass!</h1>
      {% else %}
         <h1>Your result is fail</h1>
      {% endif %}
   </body>
</html>
```
* The conditional statements `if-else` and `endif` are enclosed in delimiter `{%..%}`

* visit URL `http://localhost/hello/60` and then `http://localhost/hello/30` 


#### Loops in Statements
---
* The Python loop constructs can also be employed inside the template. 
* In the following script, the `result()` function sends a dictionary object to template `results.html` when URL `http://localhost:5000/result` is opened

* The Template part of `result.html` employs a for loop to render key and value pairs of dictionary object `result{}` as cells of an HTML table.





* run this script inside the terminal or save it as `flask-conditional-loop.py` and run it

```python
from flask import Flask, render_template
app = Flask(__name__)

@app.route('/result')
def result():
   dict = {'phy':50,'che':60,'maths':70}
   return render_template('result.html', result = dict)

if __name__ == '__main__':
   app.run(debug = True)
````

* `result.html` in the `templates` folder.

```html
<!doctype html>
<html>
   <body>
      <table border = 1>
         {% for key, value in result.iteritems() %}
            <tr>
               <th> {{ key }} </th>
               <td> {{ value }} </td>
            </tr>
         {% endfor %}
      </table>
   </body>
</html>
```
* The Python statements corresponding to the For loop are enclosed in `{%..%}` whereas, the expressions key and value are put inside `{{ }}`.

* open `http://localhost:5000/result`

### Static Files
----
* A web application often requires a static file such as a javascript file or a CSS file supporting the display of a web page. 
    * Usually, the web server is configured to serve them for you
    * During the development, these files are served from **static folder** in your package or next to your module and it will be available at `/static` on the application.
    * A special endpoint ‘static’ is used to generate URL for static files.

* Javascript function defined in `hello.js` is called on `OnClick` event of HTML button in `index.html`, which is rendered on `/` URL of the Flask application.


* Our python App server:

```python
from flask import Flask, render_template
app = Flask(__name__)

@app.route("/")
def index():
   return render_template("index.html")

if __name__ == '__main__':
   app.run(debug = True)
```

* `index.html`

```html
<html>
   <head>
      <script type = "text/javascript" 
         src = "{{ url_for('static', filename = 'hello.js') }}" ></script>
   </head>
   
   <body>
      <input type = "button" onclick = "sayHello()" value = "Say Hello" />
   </body>
</html>
```

* `hello.js`

```javascript
function sayHello() {
    alert("Hello World")
}
```

### Request Object
----
* The data from a client’s web page is sent to the server as a global request object. 
* In order to process the request data, it should be imported from the Flask module.

* Important attributes of request object are listed below −

   * **Form** − It is a dictionary object containing key and value pairs of form parameters and their values.

  * **args** − parsed contents of query string which is part of URL after question mark (?).

  * **Cookies** − dictionary object holding Cookie names and values.

  * **files** − data pertaining to uploaded file.

  * **method** − current request method.


### Sending Form Data to a Template
-----
* Have already seen that the http method can be specified in URL rule.
* The Form data received by the triggered function can collect it in the form of a dictionary object and forward it to a template to render it on a corresponding web page. 
* The next examples shoes this using `/` to render a web page `student.html`, with a form
* The data is filled in and posted to the `/result` url to trigger `result()`
* `results()` function collects form data persent in `request.form` in the dictionary object and send it off to the be rendered in `result.html`

* Our python App Server

```python
from flask import Flask, render_template, request
app = Flask(__name__)

@app.route('/')
def student():
   return render_template('student.html')

@app.route('/result',methods = ['POST', 'GET'])
def result():
   if request.method == 'POST':
      result = request.form
      return render_template("result.html",result = result)

if __name__ == '__main__':
   app.run(debug = True)
```

* `student.html`
```html
<html>
   <body>
      <form action = "http://localhost:5000/result" method = "POST">
         <p>Name <input type = "text" name = "Name" /></p>
         <p>Physics <input type = "text" name = "Physics" /></p>
         <p>Chemistry <input type = "text" name = "chemistry" /></p>
         <p>Maths <input type ="text" name = "Mathematics" /></p>
         <p><input type = "submit" value = "submit" /></p>
      </form>
   </body>
</html>
```

* `result.html`

```html
<!doctype html>
<html>
   <body>
      <table border = 1>
         {% for key, value in result.items() %}
            <tr>
               <th> {{ key }} </th>
               <td> {{ value }} </td>
            </tr>
         {% endfor %}
      </table>
   </body>
</html>
```

* Run the code and submit some data into the template to see it work

### Cookies
----
* A **cookie** is stored on a client’s computer in the form of a text file. 
    * Its purpose is to remember and track data pertaining to a client’s usage for better visitor experience and site statistics.

* A Request object contains a cookie’s attribute. 
    * It is a dictionary object of all the cookie variables and their corresponding values, a client has transmitted. 
    * In addition to it, a cookie also stores its expiry time, path and domain name of the site.

* Flask: cookies are set on response object. 
    * Use `make_response()` function to get response object from return value of a view function. 
    * After that, use the `set_cookie()` function of response object to store a cookie.

* Reading back a cookie is easy. The `get()` method of `request.cookies` attribute is used to read a cookie.


* In the following Flask application, a simple form opens up as you visit `/` URL.

```python
from flask import Flask, render_template, request
app = Flask(__name__)

@app.route('/')
def index():
   return render_template('index.html')

# The Form is posted to ‘/setcookie’ URL. 
# The view function sets a Cookie name userID and renders another page.

@app.route('/setcookie', methods = ['POST', 'GET'])
def setcookie():
   if request.method == 'POST':
   user = request.form['nm']
   
   resp = make_response(render_template('readcookie.html'))
   resp.set_cookie('userID', user)
   
   return resp

# ‘readcookie.html’ contains a hyperlink to another view function 
# getcookie(), which reads back and displays the cookie value in browser.

@app.route('/getcookie')
def getcookie():
   name = request.cookies.get('userID')
   return '<h1>welcome '+name+'</h1>'


if __name__ == '__main__':
   app.run(debug = True)
```

* the html context for `cookie.html`

```html
<html>
   <body>
      <form action = "/setcookie" method = "POST">
         <p><h3>Enter userID</h3></p>
         <p><input type = 'text' name = 'nm'/></p>
         <p><input type = 'submit' value = 'Login'/></p>
      </form>
   </body>
</html>
```



Run the application and visit http://localhost:5000/

enter some information and go to `setcookie` and `getcookie`

### Sessions:
----
* Unlike a Cookie, **Session** data is stored on server. 
* Session is the time interval when a client logs into a server and logs out of it. 
* The data, which is needed to be held across this session, is stored in a temporary directory on the server.

* A session with each client is assigned a Session ID. 
* The Session data is stored on top of cookies and the server signs them cryptographically. 
    * For this encryption, a Flask application needs a defined `SECRET_KEY`.

* Session object is also a dictionary object containing key-value pairs of session variables and associated values.


* To set a ‘username’ session variable use the statement −

`Session[‘username’] = ’admin’`

To release a session variable use `pop()` method.

`session.pop('username', None)`

The following is a simple demonstration of session works in Flask. 
URL `/` simply prompts user to log in, as session variable ‘username’ is not set.


```python
@app.route('/')
def index():
   if 'username' in session:
      username = session['username']
         return 'Logged in as ' + username + '<br>' + \
         "<b><a href = '/logout'>click here to log out</a></b>"
   return "You are not logged in <br><a href = '/login'></b>" + \
      "click here to log in</b></a>"
```
* As user browses to `/login` the `login()` view function, because it is called through `GET` method, opens up a login form.


* A Form is posted back to `/login` and now session variable is set.
* Application is redirected to `/`. This time session variable ‘username’ is found.

```python
@app.route('/login', methods = ['GET', 'POST'])
def login():
   if request.method == 'POST':
      session['username'] = request.form['username']
      return redirect(url_for('index'))
   return '''
	
   <form action = "" method = "post">
      <p><input type = text name = username/></p>
      <p<<input type = submit value = Login/></p>
   </form>
	
   '''
```


* The application also contains a `logout()` view function, which pops out ‘username’ session variable. Hence, ‘/’ URL again shows the opening page.
```python
@app.route('/logout')
def logout():
   # remove the username from the session if it is there
   session.pop('username', None)
   return redirect(url_for('index'))
```
* Run the application and visit the homepage. (Ensure to set secret_key of the application)
```python
from flask import Flask, session, redirect, url_for, escape, request
app = Flask(__name__)
app.secret_key = 'any random string’
```

* `sessions.py`
```text
from flask import Flask, session, redirect, url_for, escape, request
app = Flask(__name__)
app.secret_key = 'any random string’
```

```text
@app.route('/')
def index():
   if 'username' in session:
      username = session['username']
         return 'Logged in as ' + username + '<br>' + \
         "<b><a href = '/logout'>click here to log out</a></b>"
   return "You are not logged in <br><a href = '/login'></b>" + \
      "click here to log in</b></a>"
```

```text
@app.route('/login', methods = ['GET', 'POST'])
def login():
   if request.method == 'POST':
      session['username'] = request.form['username']
      return redirect(url_for('index'))
   return '''
	
   <form action = "" method = "post">
      <p><input type = text name = username/></p>
      <p<<input type = submit value = Login/></p>
   </form>
	
   '''
```

```text
@app.route('/logout')
def logout():
   # remove the username from the session if it is there
   session.pop('username', None)
   return redirect(url_for('index'))

if __name__ == '__main__':
   app.run(debug = True)
```
* Click the link “click here to log in”.
* The link will be directed to another screen. Type ‘admin’.
* The screen will show you the message, ‘Logged in as admin’.


### Redirect & Error Forms
-----
* Flask class has a `redirect()` function. 
* When called, it returns a response object and redirects the user to another target location with specified status code.

* Prototype of `redirect()` function i:

`Flask.redirect(location, statuscode, response)`

* In the above function −

  * **location** parameter is the URL where response should be redirected.

  * **statuscode** sent to browser’s header, defaults to 302.

  * **response** parameter is used to instantiate response.

The following status codes are standardized −

* `    HTTP_300_MULTIPLE_CHOICES`
* `    HTTP_301_MOVED_PERMANENTLY`
* `    HTTP_302_FOUND`
* `    HTTP_303_SEE_OTHER`
* `    HTTP_304_NOT_MODIFIED`
* `    HTTP_305_USE_PROXY`
* `    HTTP_306_RESERVED`
* `    HTTP_307_TEMPORARY_REDIRECT`

* In the following example, the `redirect()` function is used to display the login page again when a login attempt fails.

```python 
from flask import Flask, redirect, url_for, render_template, request
# Initialize the Flask application
app = Flask(__name__)

@app.route('/')
def index():
   return render_template('log_in.html')

@app.route('/login',methods = ['POST', 'GET'])
def login():
   if request.method == 'POST' and
   request.form['username'] == 'admin' :
   return redirect(url_for('success'))
   return redirect(url_for('index'))

@app.route('/success')
def success():
   return 'logged in successfully'
	
if __name__ == '__main__':
   app.run(debug = True)
```

* Flask class has `abort()` function with an error code.

`Flask.abort(code)`

* The Code parameter takes one of following:

  * `400 − for Bad Request`

  * `401 − for Unauthenticated`

  * `403 − for Forbidden`

  * `404 − for Not Found`

  * `406 − for Not Acceptable`

  * `415 − for Unsupported Media Type`

  * `429 − Too Many Requests`

* Change in the `login()` function in the above code. 
    * Instead of re-displaying the login page, if ‘Unauthourized’ page is to be displayed, replace it with call to `abort(401)`


```python

from flask import Flask, redirect, url_for, render_template, request, abort
app = Flask(__name__)

@app.route('/')
def index():
   return render_template('log_in.html')

@app.route('/login',methods = ['POST', 'GET'])
def login():
   if request.method == 'POST':
      if request.form['username'] == 'admin' :
         return redirect(url_for('success'))
      else:
         abort(401)
   else:
      return redirect(url_for('index'))

@app.route('/success')
def success():
   return 'logged in successfully'

if __name__ == '__main__':
   app.run(debug = True)

```

### Message Flashing
----
* A good GUI based application provides feedback to a user about the interaction. 
* Generating such informative messages is easy in Flask web application. 
* Flashing system of Flask framework makes it possible to create a message in one view and render it in a view function called `next`.

* A Flask module contains `flash()` method. 
    * It passes a message to the next request, which generally is a template.

* `flash(message, category)`

 *  **message** parameter is the actual message to be flashed.

 *  **category** parameter is optional. It can be either ‘error’, ‘info’ or ‘warning’.



* In order to remove message from session, template calls `get_flashed_messages()`

`get_flashed_messages(with_categories, category_filter)`

* Both parameters are optional. 
    * The first parameter is a tuple if received messages are having category. 
    * The second parameter is useful to display only specific messages.


* Following falses received messages in a template

```python
{% with messages = get_flashed_messages() %}
   {% if messages %}
      {% for message in messages %}
         {{ message }}
      {% endfor %}
   {% endif %}
{% endwith %}

```


* simple example, demonstrating the flashing mechanism in Flask.
* In the following code, a `/` URL displays link to the login page, with no message to flash

* `flash.py`

```python
@app.route('/')
def index():
   return render_template('index.html')

@app.route('/login', methods = ['GET', 'POST'])
def login():
   error = None
   
   if request.method == 'POST':
      if request.form['username'] != 'admin' or \
         request.form['password'] != 'admin':
         error = 'Invalid username or password. Please try again!'
      else:
         flash('You were successfully logged in')
         return redirect(url_for('index'))
   return render_template('login.html', error = error)
```
* The link leads a user to `/login` URL which displays a login form.
* When submitted, the `login()` view function verifies a username and password and accordingly flashes a ‘success’ message or creates ‘error’ variable.

* `login.html`

```html
<!doctype html>
<html>
   <body>
      <h1>Login</h1>

      {% if error %}
         <p><strong>Error:</strong> {{ error }}
      {% endif %}
      
      <form action = "" method = post>
         <dl>
            <dt>Username:</dt>
            <dd>
               <input type = text name = username 
                  value = "{{request.form.username }}">
            </dd>
            <dt>Password:</dt>
            <dd><input type = password name = password></dd>
         </dl>
         <p><input type = submit value = Login></p>
      </form>
   </body>
</html>

```

* If `login` is successful, a success message is flashed on the index template.
`index.html`

```index.html
<!doctype html>
<html>
   <head>
      <title>Flask Message flashing</title>
   </head>
   <body>
      {% with messages = get_flashed_messages() %}
         {% if messages %}
            <ul>
               {% for message in messages %}
               <li<{{ message }}</li>
               {% endfor %}
            </ul>
         {% endif %}
      {% endwith %}
		
      <h1>Flask Message Flashing Example</h1>
      <p>Do you want to <a href = "{{ url_for('login') }}">
         <b>log in?</b></a></p>
   </body>
</html>
```

* Added in `secret_key` to the `flash.py` example

```python

from flask import Flask, flash, redirect, render_template, request, url_for
app = Flask(__name__)
app.secret_key = 'random string'

@app.route('/')
def index():
   return render_template('index.html')

@app.route('/login', methods = ['GET', 'POST'])
def login():
   error = None
   
   if request.method == 'POST':
      if request.form['username'] != 'admin' or \
         request.form['password'] != 'admin':
         error = 'Invalid username or password. Please try again!'
      else:
         flash('You were successfully logged in')
         return redirect(url_for('index'))
			
   return render_template('login.html', error = error)

if __name__ == "__main__":
   app.run(debug = True)
```

### FIle Uploading
----
* Handling file upload in Flask is very easy. 
* It needs an HTML form with its `enctype` attribute set to `multipart/form-data`, posting the file to a URL. 
    * The URL handler fetches file from `request.files` object and saves it to the desired location.

* Each uploaded file is first saved in a temporary location on the server, before it is actually saved to its ultimate location.
    * Name of destination file can be hard-coded or can be obtained from filename property of `request.files[file]` object. 
    * It is recommended to obtain a secure version of it using the `secure_filename()` function.

Can also define maximums:

| | |
| ---:|---:|
|`app.cinfig['UPLOAD_FOLDER']`| defines a path for a folder|
|`app.config['MAX_CONTENT_PATH']`| specifies the maximum file in bytes|

* `upload.html`
```html
<html>
   <body>
      <form action = "http://localhost:5000/uploader" method = "POST" 
         enctype = "multipart/form-data">
         <input type = "file" name = "file" />
         <input type = "submit"/>
      </form>
   </body>
</html>
```

* Click `Submit` after choosing file. 
    * Form’s post method invokes `/upload_file` URL. 
    * The underlying function `uploader()` does the save operation.
    
```python
from flask import Flask, render_template, request
from werkzeug import secure_filename
app = Flask(__name__)

@app.route('/upload')
def upload_file():
   return render_template('upload.html')
	
@app.route('/uploader', methods = ['GET', 'POST'])
def upload_file():
   if request.method == 'POST':
      f = request.files['file']
      f.save(secure_filename(f.filename))
      return 'file uploaded successfully'
		
if __name__ == '__main__':
   app.run(debug = True)
```

### Extensions
----
* Flask is often referred to as a micro framework, because a core functionality includes WSGI and routing based on Werkzeug and template engine based on Jinja2. 
* Flask framework has support for cookie and sessions as well as web helpers like JSON, static files etc.
* Flask extensions give extensibility to Flask framework.

* A Flask extension is a Python module, which adds specific type of support to the Flask application. 
* Flask Extension Registry is a directory of extensions available. The required extension can be downloaded by `pip` utility.

  * **Flask Mail** − provides SMTP interface to Flask application

  * **Flask WTF** − adds rendering and validation of WTForms

  * **Flask SQLAlchemy** − adds SQLAlchemy support to Flask application

  * **Flask Sijax** − Interface for Sijax - Python/jQuery library that makes AJAX easy to use in web applications



* Since an extension is a Python module, it needs to be imported for it to be used. Flask extensions are generally named as `flask-foo`. To import,

`from flask_foo import [class, function]`

For versions of Flask later than 0.7, you can also use the syntax −

`from flask.ext import foo`

For this usage, a compatibility module needs to be activated. It can be installed by running `flaskext_compat.py`
```python
import flaskext_compat
flaskext_compat.activate()
from flask.ext import foo
```

### Flask-WTF
----
* One of the essential aspects of a web application is to present a user interface for the user.
* HTML provides a `<form>` tag, which is used to design an interface. 
* A Form’s elements such as text input, radio, select etc. can be used appropriately.

* Data entered by a user is submitted in the form of Http request message to the server side script by either GET or POST method.

  * The Server side script has to recreate the form elements from http request data. So in effect, form elements have to be defined twice – once in HTML and again in the server side script.

  * Another disadvantage of using HTML form is that it is difficult (if not impossible) to render the form elements dynamically. HTML itself provides no way to validate a user’s input.

* `WTForms`, a flexible form, rendering and validation library comes handy. Flask-WTF extension provides a simple interface with this WTForms library.

* Using `Flask-WTF`, we can define the form fields in our Python script and render them using an HTML template. 
* It is also possible to apply validation to the WTF field.


* Flask-WTF extension needs to be installed.

`pip install flask-WTF`
or
`pipenv install flask-WTF`

The installed package contains a `Form` class, which has to be used as a parent for user- defined form.

WTforms package contains definitions of various form fields

| Sr.No        | Standard Form Fields & Description           |
| ------------- |:-------------:|
|TextField| Represents `<input type = 'text'>` HTML form element|
|BooleanField|Represents `<input type = 'checkbox'>` HTML form element|
|DecimalField|Textfield for displaying number with decimals|
|IntegerField|TextField for displaying integer|
|RadioField|Represents `<input type = 'radio'>` HTML form element|
|SelectField|Represents select form element|
|TextAreaField|Represents `<testarea>` html form element|
|PasswordField|Represents `<input type = 'password'>` HTML form element|
|SubmitField|Represents `<input type = 'submit'>` form element|


```python
from flask_wtf import Form
from wtforms import TextField

class ContactForm(Form):
   name = TextField("Name Of Student")
```
creates a simple form that when rendered will represent
```html
<input id = "csrf_token" name = "csrf_token" type = "hidden" />
<label for = "name">Name Of Student</label><br>
<input id = "name" name = "name" type = "text" value = "" />
```

A user-defined form class is used in a Flask application and the form is rendered using a template

```python
from flask import Flask, render_template
from forms import ContactForm
app = Flask(__name__)
app.secret_key = 'development key'

@app.route('/contact')
def contact():
   form = ContactForm()
   return render_template('contact.html', form = form)

if __name__ == '__main__':
   app.run(debug = True)
```

* WTForms package also contains validator class. It is useful in applying validation to form fields

| Sr.No         | Validators Class & Description | 
| ------------- |:-------------:| 
|DataRequired|Checks whether input field is empty|
|Email|Checks whether text in the field follows email ID conventions|
|IPAddress|Validates IP address in input field|
|Length|Verifies if length of string in input field is in given range|
|NumberRange|Validates a number in input field within given rang
|URL|Validates URL entered in input field

To apply the 'DataRequired' validation rule:
```python
name = TextField("Name Of Student",[validators.Required("Please enter your name.")])
```
* The `validate()` function of form object validates the form data and throws the validation errors if validation fails.
* The Error messages are sent to the template. In the HTML template, error messages are rendered dynamically.

```python
{% for message in form.name.errors %}
   {{ message }}
{% endfor %}
```

The design of Contact form is given below (`forms.py`).

```python
from flask_wtf import Form
from wtforms import TextField, IntegerField, TextAreaField, SubmitField, RadioField,
   SelectField

from wtforms import validators, ValidationError

class ContactForm(Form):
   name = TextField("Name Of Student",[validators.Required("Please enter 
      your name.")])
   Gender = RadioField('Gender', choices = [('M','Male'),('F','Female')])
   Address = TextAreaField("Address")
   
   email = TextField("Email",[validators.Required("Please enter your email address."),
      validators.Email("Please enter your email address.")])
   
   Age = IntegerField("age")
   language = SelectField('Languages', choices = [('cpp', 'C++'), 
      ('py', 'Python')])
   submit = SubmitField("Send")
```

* Validators are applied to the Name and Email fields.

Given below is the Flask application script (`formexample.py`)

```python
from flask import Flask, render_template, request, flash
from forms import ContactForm
app = Flask(__name__)
app.secret_key = 'development key'

@app.route('/contact', methods = ['GET', 'POST'])
def contact():
   form = ContactForm()
   
   if request.method == 'POST':
      if form.validate() == False:
         flash('All fields are required.')
         return render_template('contact.html', form = form)
      else:
         return render_template('success.html')
      elif request.method == 'GET':
         return render_template('contact.html', form = form)

if __name__ == '__main__':
   app.run(debug = True)
```



* The Script of the template (`contact.html`)

```html
<!doctype html>
<html>
   <body>
      <h2 style = "text-align: center;">Contact Form</h2>
		
      {% for message in form.name.errors %}
         <div>{{ message }}</div>
      {% endfor %}
      
      {% for message in form.email.errors %}
         <div>{{ message }}</div>
      {% endfor %}
      
      <form action = "http://localhost:5000/contact" method = post>
         <fieldset>
            <legend>Contact Form</legend>
            {{ form.hidden_tag() }}
            
            <div style = font-size:20px; font-weight:bold; margin-left:150px;>
               {{ form.name.label }}<br>
               {{ form.name }}
               <br>
               
               {{ form.Gender.label }} {{ form.Gender }}
               {{ form.Address.label }}<br>
               {{ form.Address }}
               <br>
               
               {{ form.email.label }}<br>
               {{ form.email }}
               <br>
               
               {{ form.Age.label }}<br>
               {{ form.Age }}
               <br>
               
               {{ form.language.label }}<br>
               {{ form.language }}
               <br>
               {{ form.submit }}
            </div>
            
         </fieldset>
      </form>
   </body>
</html>
```

* Run `formexample.py` in Python shell and visit URL `http://localhost:5000/contact`. 


### SQLIite
----
Python has an in-built support for SQlite.
SQlite3 module is shipped with Python distribution. 

* Create an SQLite database `database.db` and create a students’ table in it.

```python
import sqlite3

conn = sqlite3.connect('database.db')
print "Opened database successfully";

conn.execute('CREATE TABLE students (name TEXT, addr TEXT, city TEXT, pin TEXT)')
print "Table created successfully";
conn.close()
````



* Our Flask application has three View functions.

First `new_student()` function is bound to the URL rule (`/addnew`).
It renders an HTML file containing student information form.

```python
@app.route('/enternew')
def new_student():
   return render_template('student.html')
```


The HTML script for ‘student.html’ is as follows −
```html
<html>
   <body>
      <form action = "{{ url_for('addrec') }}" method = "POST">
         <h3>Student Information</h3>
         Name<br>
         <input type = "text" name = "nm" /></br>
         
         Address<br>
         <textarea name = "add" ></textarea><br>
         
         City<br>
         <input type = "text" name = "city" /><br>
         
         PINCODE<br>
         <input type = "text" name = "pin" /><br>
         <input type = "submit" value = "submit" /><br>
      </form>
   </body>
</html>
```

* Form data is posted to the `/addrec` URL which binds the `addrec()` function.
    * This `addrec()` function retrieves the form’s data by POST method and inserts in students table. 
    * Message corresponding to success or error in insert operation is rendered to `result.html`.

```python
@app.route('/addrec',methods = ['POST', 'GET'])
def addrec():
   if request.method == 'POST':
      try:
         nm = request.form['nm']
         addr = request.form['add']
         city = request.form['city']
         pin = request.form['pin']
         
         with sql.connect("database.db") as con:
            cur = con.cursor()
            cur.execute("INSERT INTO students (name,addr,city,pin) 
               VALUES (?,?,?,?)",(nm,addr,city,pin) )
            
            con.commit()
            msg = "Record successfully added"
      except:
         con.rollback()
         msg = "error in insert operation"
      
      finally:
         return render_template("result.html",msg = msg)
         con.close()
```



The HTML script of `result.html` contains an escaping statement `{{msg}}` that displays the result of Insert operation.

```html
<!doctype html>
<html>
   <body>
      result of addition : {{ msg }}
      <h2><a href = "\">go back to home page</a></h2>
   </body>
</html>
```

The application contains another `list()` function represented by `/list` URL. 

It populates ‘rows’ as a MultiDict object containing all records in the students table. This object is passed to the `list.html` template.

```python
@app.route('/list')
def list():
   con = sql.connect("database.db")
   con.row_factory = sql.Row
   
   cur = con.cursor()
   cur.execute("select * from students")
   
   rows = cur.fetchall(); 
   return render_template("list.html",rows = rows)
```

* `list.html` is a template, which iterates over the row set and renders the data in an HTML table.
```html
<!doctype html>
<html>
   <body>
      <table border = 1>
         <thead>
            <td>Name</td>
            <td>Address>/td<
            <td>city</td>
            <td>Pincode</td>
         </thead>
         
         {% for row in rows %}
            <tr>
               <td>{{row["name"]}}</td>
               <td>{{row["addr"]}}</td>
               <td> {{ row["city"]}}</td>
               <td>{{row['pin']}}</td>	
            </tr>
         {% endfor %}
      </table>
      
      <a href = "/">Go back to home page</a>
   </body>
</html>
```


* Finally, the ‘/’ URL rule renders a ‘home.html’ which acts as the entry point of the application.

```python
@app.route('/')
def home():
   return render_template('home.html')
```

```python
from flask import Flask, render_template, request
import sqlite3 as sql
app = Flask(__name__)

@app.route('/')
def home():
   return render_template('home.html')

@app.route('/enternew')
def new_student():
   return render_template('student.html')

@app.route('/addrec',methods = ['POST', 'GET'])
def addrec():
   if request.method == 'POST':
      try:
         nm = request.form['nm']
         addr = request.form['add']
         city = request.form['city']
         pin = request.form['pin']
         
         with sql.connect("database.db") as con:
            cur = con.cursor()
            
            cur.execute("INSERT INTO students (name,addr,city,pin) 
               VALUES (?,?,?,?)",(nm,addr,city,pin) )
            
            con.commit()
            msg = "Record successfully added"
      except:
         con.rollback()
         msg = "error in insert operation"
      
      finally:
         return render_template("result.html",msg = msg)
         con.close()

@app.route('/list')
def list():
   con = sql.connect("database.db")
   con.row_factory = sql.Row
   
   cur = con.cursor()
   cur.execute("select * from students")
   
   rows = cur.fetchall();
   return render_template("list.html",rows = rows)

if __name__ == '__main__':
   app.run(debug = True)
```

### SQLAlchemy
-----
* Using raw SQL in Flask web applications to perform CRUD operations on database can be tedious. 
* Instead, `SQLAlchemy`, a Python toolkit is a powerful OR Mapper that gives application developers the full power and flexibility of SQL. 
* `Flask-SQLAlchemy` is the Flask extension that adds support for SQLAlchemy to your Flask application.

#### 

## What is ORM (Object Relation Mapping)?
---

* Most programming language platforms are object oriented. Data in RDBMS servers on the other hand is stored as tables. 

* **Object relation mapping** is a technique of mapping object parameters to the underlying RDBMS table structure. 

* An ORM API provides methods to perform CRUD operations without having to write raw SQL statements.

### Steps
----
* **Step 1** − Install Flask-SQLAlchemy extension.

`pipenv install flask-sqlalchemy`

* **Step 2** − You need to import SQLAlchemy class from this module.

`from flask_sqlalchemy import SQLAlchemy`

* **Step 3** − Now create a Flask application object and set URI for the database to be used.
```python
app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///students.sqlite3'
```

* **Step 4** − Then create an object of SQLAlchemy class with application object as the parameter. 
    * This object contains helper functions for ORM operations. 
    * It also provides a parent Model class using which user defined models are declared. In the snippet below, a students model is created.

```python
db = SQLAlchemy(app)
class students(db.Model):
   id = db.Column('student_id', db.Integer, primary_key = True)
   name = db.Column(db.String(100))
   city = db.Column(db.String(50))  
   addr = db.Column(db.String(200))
   pin = db.Column(db.String(10))

def __init__(self, name, city, addr,pin):
   self.name = name
   self.city = city
   self.addr = addr
   self.pin = pin
```

* **Step 5** − To create / use database mentioned in URI, run the create_all() method.

`db.create_all()`


* The Session object of SQLAlchemy manages all persistence operations of ORM object.

The following session methods perform CRUD operations −

*   `db.session.add(model object)` − inserts a record into mapped table

*   `db.session.delete(model object)` − deletes record from table

*   `model.query.all()` − retrieves all records from table (corresponding to SELECT query).


* You can apply a filter to the retrieved record set by using the filter attribute.
    * For instance, in order to retrieve records with city = ’Staten Island’ in students table, use following statement −

`Students.query.filter_by(city = ’Staten Island’).all()`

* The entry point of the application is `show_all()` function bound to `/` URL.
* The Record set of students table is sent as parameter to the HTML template.
* The Server side code in the template renders the records in HTML table form.

```python
@app.route('/')
def show_all():
   return render_template('show_all.html', students = students.query.all() )
```

* `show_all.html`

```html
<!DOCTYPE html>
<html lang = "en">
   <head></head>
   <body>
      <h3>
         <a href = "{{ url_for('show_all') }}">Comments - Flask 
            SQLAlchemy example</a>
      </h3>
      
      <hr/>
      {%- for message in get_flashed_messages() %}
         {{ message }}
      {%- endfor %}
		
      <h3>Students (<a href = "{{ url_for('new') }}">Add Student
         </a>)</h3>
      
      <table>
         <thead>
            <tr>
               <th>Name</th>
               <th>City</th>
               <th>Address</th>
               <th>Pin</th>
            </tr>
         </thead>

         <tbody>
            {% for student in students %}
               <tr>
                  <td>{{ student.name }}</td>
                  <td>{{ student.city }}</td>
                  <td>{{ student.addr }}</td>
                  <td>{{ student.pin }}</td>
               </tr>
            {% endfor %}
         </tbody>
      </table>
   </body>
</html>

```

* The above page contains a hyperlink to `/new` URL mapping `new()` function.
    * When clicked, it opens a Student Information form. The data is posted to the same URL in POST method.

* `new.html`

```html
<!DOCTYPE html>
<html>
   <body>
      <h3>Students - Flask SQLAlchemy example</h3>
      <hr/>
      
      {%- for category, message in get_flashed_messages(with_categories = true) %}
         <div class = "alert alert-danger">
            {{ message }}
         </div>
      {%- endfor %}
      
      <form action = "{{ request.path }}" method = "post">
         <label for = "name">Name</label><br>
         <input type = "text" name = "name" placeholder = "Name" /><br>
         <label for = "email">City</label><br>
         <input type = "text" name = "city" placeholder = "city" /><br>
         <label for = "addr">addr</label><br>
         <textarea name = "addr" placeholder = "addr"></textarea><br>
         <label for = "PIN">City</label><br>
         <input type = "text" name = "pin" placeholder = "pin" /><br>
         <input type = "submit" value = "Submit" />
      </form>
   </body>
</html>
```


When the http method is detected as POST, the form data is added in the students table and the application returns to homepage showing the added data.

@app.route('/new', methods = ['GET', 'POST'])
def new():
   if request.method == 'POST':
      if not request.form['name'] or not request.form['city'] or not request.form['addr']:
         flash('Please enter all the fields', 'error')
      else:
         student = students(request.form['name'], request.form['city'],
            request.form['addr'], request.form['pin'])
         
         db.session.add(student)
         db.session.commit()
         
         flash('Record was successfully added')
         return redirect(url_for('show_all'))
   return render_template('new.html')



* `app.py`

```python
from flask import Flask, request, flash, url_for, redirect, render_template
from flask_sqlalchemy import SQLAlchemy

app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///students.sqlite3'
app.config['SECRET_KEY'] = "random string"

db = SQLAlchemy(app)

class students(db.Model):
   id = db.Column('student_id', db.Integer, primary_key = True)
   name = db.Column(db.String(100))
   city = db.Column(db.String(50))
   addr = db.Column(db.String(200)) 
   pin = db.Column(db.String(10))

def __init__(self, name, city, addr,pin):
   self.name = name
   self.city = city
   self.addr = addr
   self.pin = pin
```

```python
@app.route('/')
def show_all():
   return render_template('show_all.html', students = students.query.all() )

@app.route('/new', methods = ['GET', 'POST'])
def new():
   if request.method == 'POST':
      if not request.form['name'] or not request.form['city'] or not request.form['addr']:
         flash('Please enter all the fields', 'error')
      else:
         student = students(request.form['name'], request.form['city'],
            request.form['addr'], request.form['pin'])
         
         db.session.add(student)
         db.session.commit()
         flash('Record was successfully added')
         return redirect(url_for('show_all'))
   return render_template('new.html')

if __name__ == '__main__':
   db.create_all()
   app.run(debug = True)
```

### Sijax
----
* Sijax stands for ‘Simple Ajax’ and it is a Python/jQuery library designed to help you easily bring Ajax to your application. 
* It uses `jQuery.ajax` to make AJAX requests.

* `pipenv install flask-sijax`

#### Configuration

 *  `SIJAX_STATIC_PATH` − the static path where you want the Sijax javascript files to be mirrored. The default location is static/js/sijax. In this folder, `sijax.js` and `json2.js` files are kept.

 * `SIJAX_JSON_URI` − the URI to load the `json2.js` static file from

* Sijax uses JSON to pass the data between the browser and the server. 
    * This means that the browsers need either to support JSON natively or get JSON support from the `json2.js` file.

* Functions registered that way cannot provide Sijax functionality, because they cannot be accessed using a POST method by default (and Sijax uses POST requests).

* To make a View function capable of handling Sijax requests, make it accessible via `POST` using `@app.route('/url', methods = ['GET', 'POST'])` or use the `@flask_sijax.route` helper decorator like:

```python

@flask_sijax.route(app, '/hello')
```

* Every Sijax handler function (like this one) receives at least one parameter automatically, much like Python passes ‘self’ to the object methods. 
* The ‘obj_response’ parameter is the function's way of talking back to the browser.

``` python
def say_hi(obj_response):
   obj_response.alert('Hi there!')
```
When Sijax request is detected, Sijax handles it like this −
```javascript
g.sijax.register_callback('say_hi', say_hi)
   return g.sijax.process_request()
```

### Sijax Application

* A minimal Sijax application code looks as follows −

```python
import os
from flask import Flask, g
from flask_sijax import sijax

path = os.path.join('.', os.path.dirname(__file__), 'static/js/sijax/')
app = Flask(__name__)

app.config['SIJAX_STATIC_PATH'] = path
app.config['SIJAX_JSON_URI'] = '/static/js/sijax/json2.js'
flask_sijax.Sijax(app)

``` 


```python

@app.route('/')
def index():
   return 'Index'
	
@flask_sijax.route(app, '/hello')
def hello():
   def say_hi(obj_response):
      obj_response.alert('Hi there!')
   if g.sijax.is_sijax_request:
      # Sijax request detected - let Sijax handle it
      g.sijax.register_callback('say_hi', say_hi)
      return g.sijax.process_request()
      return _render_template('sijaxexample.html')

if __name__ == '__main__':
   app.run(debug = True)
```

* When a Sijax requests (a special `jQuery.ajax()` request) to the server, this request is detected on the server by `g.sijax.is_sijax_request()`, in which case you let Sijax handle the request.

* All the functions registered using `g.sijax.register_callback()` are exposed for calling from the browser.

* Calling `g.sijax.process_request()` tells Sijax to execute the appropriate (previously registered) function and return the response to the browser.