https://github.com/ax-va/flask-based-web-applications-farrell-2023

https://github.com/ax-va/flask-based-web-applications-farrell-2023

Last synced: about 18 hours ago
JSON representation

• Host: GitHub
• URL: https://github.com/ax-va/flask-based-web-applications-farrell-2023
• Owner: ax-va
• Created: 2024-05-20T16:19:23.000Z (6 months ago)
• Default Branch: main
• Last Pushed: 2024-07-13T22:09:07.000Z (4 months ago)
• Last Synced: 2024-07-13T23:23:23.167Z (4 months ago)
• Language: HTML
• Size: 5.64 MB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# Flask-Web-Application-Farrell-2023

## WSGI = Web Server Gateway Interface

Two of the most common production-ready high-performance WSGI servers are uWSGI and Gunicorn (short for Green Unicorn).

To run a Flask application using Gunicorn, you need to install it in the Python virtual environment with Flask:

```unix

(venv) ... $ pip install gunicorn

```

Run the webserver with four worker instances in a directory with 'xyz.py'

```unix

$ gunicorn -w 4 xyz:app

```

The first part, `xyz`, corresponds to the name of some 'xyz.py' script that is an entry point to the Flask application. Here, `xyz` is either `blog` or `app` depending on which example you have opened. The second part, `:app`, refers to the Flask application instance `app` created in the 'xyz.py' entry point:

```python

app: Flask = ...

```

Stop Gunicorn by pressing `Ctrl+C` or by writing in the terminal

```unix

$ pkill gunicorn

```

The recommended number of workers for an application running on a single production server is 

`number_of_CPU_cores * 2 + 1`.

The different workers have the different backend instances. 

This results in that the page visit counters in the Python code can alternate between each other.

## TOML = Tom's Obvious, Minimal Language

```unix

(venv) ... $ pip install dynaconf

```

The configuration information is stored in TOML files.

## Flask Debug Toolbar

That shows internal information right in the browser window.

https://github.com/pallets-eco/flask-debugtoolbar

```unix

(venv) ... $ pip install flask-debugtoolbar

```

## Flask settings

The Flask `app` must usually store a `SECRET_KEY` value.

That can be generated using Python and must be **not publicly** available:

```python-console

$ python

>>> import secrets

>>> secrets.token_hex(24)

```

Copy the value into `.secrets.toml` as

```tolm

[default]

secret_key="..."

```

Add `.secrets.toml` to `.gitignore`.

The Flask setting can be written in `settings.toml`. Only the information under `[default]` and the set environment will be read from `settings.toml` at run time.

In the settings, logging levels typically used are `DEBUG` (=10) for development and `INFO` (=20) for production.

## Flask sessions

Flask uses the `SECRET_KEY` to sign the session cookie.

The `SECRET_KEY` must be cryptographically strong and kept private on the server side.

That cookie is saved in the client's browser and cannot be modified by the client.

By default, session cookies exist until the client browser is closed but that livetime can be changed. 

The user information can be stored on the server side and retrieved using the session cookie's unique user identifier.

## Bootstrap (CSS framework)

https://getbootstrap.com/

## JSDELIVR 

A free CDN for open source projects

https://www.jsdelivr.com/

## Flask-Login

A Flask extension to provide application session management abilities and tools to log users in and out and handle the "remember me" functionality.

https://pypi.org/project/Flask-Login/

https://flask-login.readthedocs.io/en/latest/

## Flask-WTF

Simple integration of Flask and WTForms, including cross-site request forgery (CSRF) protection, file upload, and reCAPTCHA.

https://pypi.org/project/Flask-WTF/

## Flask-Bcrypt

A Flask extension to hash the passwords stored on the server. 

Plain-text passwords should never be stored in a database and should always be cryptographically hashed first.

https://pypi.org/project/Flask-Bcrypt/

https://snyk.io/advisor/python/flask-bcrypt

https://pypi.org/project/bcrypt/

## Test users

| Fake email                | Password |

|---------------------------|----------|

| `[email protected]`         | `secret` |

| `[email protected]`   | `123456` |

| `[email protected]`     | `123456` |

To see all the users, use an SQL command, for example, in DbVisualizer:

```unix

SELECT * FROM users;

```



  



## Conformation by email with Brevo (earlier SendInBlue)

https://www.brevo.com/de/pricing/

Server-side API client:

https://developers.brevo.com/docs/api-clients

https://github.com/sendinblue/APIv3-python-library

```unix

(venv) ... $ pip install sib-api-v3-sdk

```

Generate an API key

https://app.brevo.com/settings/keys/api

and add it to `.secrets.tolm`

```tolm

sib_api_key = 'xkeysib-...'

```

In `emailer.py` in `send_email`, replace `` with your sender email validated on Brevo.

Follow sent emails, even if they are classified as spam and rejected (Soft Bounce)

https://app-smtp.brevo.com/statistics

## PyJWT

JSON Web Token implementation in Python

https://pypi.org/project/PyJWT/

https://snyk.io/advisor/python/pyjwt