Forem: Michael Bukachi The latest articles on Forem by Michael Bukachi (@michaelbukachi). https://forem.com/michaelbukachi https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F159000%2F8d69bc6d-ad52-4730-8662-9d053d39a1b3.jpeg Forem: Michael Bukachi https://forem.com/michaelbukachi en Random 1: Traefik blocks CORS by Default Michael Bukachi Wed, 18 Oct 2023 11:55:03 +0000 https://forem.com/michaelbukachi/random-1-traefik-blocks-cors-by-default-2l6e https://forem.com/michaelbukachi/random-1-traefik-blocks-cors-by-default-2l6e <p>This is the first of a new series of <strong>really short</strong> blog posts that will touch on random things. Things I discover during my day-to-day activities.</p> <p>I recently discovered that traefik (<code>v2.9</code> at the time of this writing), blocks CORS requests by default. This issue can quickly be resolved by adding the right labels:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=*"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.middlewares.testheader.headers.accesscontrolallowheaders=*"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">traefik.http.middlewares.testheader.headers.accesscontrolalloworiginlist=*"</span> </code></pre> </div> <p>You can checkout more configurations options <a href="https://doc.traefik.io/traefik/middlewares/http/headers/#cors-headers">here</a></p> traefik devops docker random An "Easier" way to test Flask authentication? Michael Bukachi Thu, 01 Oct 2020 12:35:19 +0000 https://forem.com/michaelbukachi/an-easier-way-to-test-flask-authentication-18ei https://forem.com/michaelbukachi/an-easier-way-to-test-flask-authentication-18ei <h1> An "Easier" way to test Flask authentication? </h1> <p>Recently, I was on the testing train (for millionth time), walking towards the last carriages, trying to add and improve tests for one of my work projects when I stumbled upon this:<br> </p> <div class="highlight"><pre class="highlight python"><code><span class="c1"># def test_create_application(client: FlaskClient, mocker): # user = User.create(email='test@gmail.com', password=hash_password('test')) # with client: # client.post('/login', data=dict(email=user.email, password='test')) # # res = client.post('/create_application', data=dict(name='test', identifier='http://test.com'), # follow_redirects=True) # assert res.ok # assert b'Application added successfully' in res.data # # # Test duplicate identifiers # res = client.post('/create_application', data=dict(name='test', identifier='http://test.com'), # follow_redirects=True) # assert b'Identifier must be unique' in res.data </span></code></pre></div> <p>Let me say that I was bothered. Not by the commented out tests (yes, plural; the entire file actually πŸ™†β€β™‚οΈ ). Not by the fact that there were multiple assertions in a single test function. But by the sudden surge of memories of figuring out how to test flask views which are protected by authentication.</p> <p>Heh! The stories I can tell!<br> <a href="https://i.giphy.com/media/y0qXNySJ0IfpS/giphy.gif" class="article-body-image-wrapper"><img src="https://i.giphy.com/media/y0qXNySJ0IfpS/giphy.gif" alt="Reminisce"></a></p> <p>Anyway, back to the code. One might say it's quite straight forward.</p> <ol> <li>A user is created</li> <li>We use the created user to login</li> <li>We make some calls to specific views and do assertions with responses</li> </ol> <p>Now, using the above mentioned steps should work for most (if not all) protected views.</p> <p><strong>Note</strong>: By views, we are referring to non-API routes i.e pages a user would interact within a browser.</p> <p>But, there's more to this than meets the eye, especially in step 2.</p> <p>For this web app, users would log in using an email and password. Under the hood, this would involve validating the user's credentials then modifying the current session by saving user information such as a unique user identifier or email. In a different web app, it might involve some form of external authentication. For instance, using an Oauth provider such as Google or Facebook or some kind of Lightweight Directory Access Protocol (LDAP) authentication.</p> <p>Thinking about all this, one begins to realize that step 2 might not be a one-liner. For instance, in one of our apps, a user logs in using OpenID. We are planning to make this the default way of authentication for all our users.</p> <p>Is there a "simple" way to approach this? A better way to tell your app "Hey, for the next number of x route calls, assume that the user is y".</p> <p><a href="https://i.giphy.com/media/777Aby0ZetYE8/giphy.gif" class="article-body-image-wrapper"><img src="https://i.giphy.com/media/777Aby0ZetYE8/giphy.gif" alt="Think"></a></p> <p>This scenario, made me think about testing in <strong>Django</strong>. Yes, yes, I know that word is a taboo in the flask world πŸ˜†. Anyway, in "the name that must not be mentioned" test suite, there's a <code>login</code> method that allows you to log in a user without calling any URLs.</p> <p>What if? Hear me out. What if we could "borrow" that functionality 🌚 . Take a look at the following sample web app:<br> </p> <div class="highlight"><pre class="highlight python"><code><span class="kn">from</span> <span class="nn">flask</span> <span class="kn">import</span> <span class="n">Flask</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="n">redirect</span><span class="p">,</span> <span class="n">url_for</span> <span class="kn">from</span> <span class="nn">flask_login</span> <span class="kn">import</span> <span class="n">LoginManager</span><span class="p">,</span> <span class="n">UserMixin</span><span class="p">,</span> <span class="n">login_required</span><span class="p">,</span> <span class="n">login_user</span><span class="p">,</span> <span class="n">logout_user</span> <span class="kn">from</span> <span class="nn">werkzeug.exceptions</span> <span class="kn">import</span> <span class="n">MethodNotAllowed</span><span class="p">,</span> <span class="n">Unauthorized</span> <span class="k">class</span> <span class="nc">Config</span><span class="p">:</span> <span class="n">SECRET_KEY</span> <span class="o">=</span> <span class="s">'Some very long secret key'</span> <span class="k">class</span> <span class="nc">User</span><span class="p">(</span><span class="n">UserMixin</span><span class="p">):</span> <span class="k">pass</span> <span class="n">login_manager</span> <span class="o">=</span> <span class="n">LoginManager</span><span class="p">()</span> <span class="o">@</span><span class="n">login_manager</span><span class="p">.</span><span class="n">user_loader</span> <span class="k">def</span> <span class="nf">user_loader</span><span class="p">(</span><span class="n">email</span><span class="p">):</span> <span class="k">print</span><span class="p">(</span><span class="s">'[['</span><span class="p">)</span> <span class="k">if</span> <span class="n">email</span> <span class="o">!=</span> <span class="s">'test@gmail.com'</span><span class="p">:</span> <span class="k">return</span> <span class="n">user</span> <span class="o">=</span> <span class="n">User</span><span class="p">()</span> <span class="n">user</span><span class="p">.</span><span class="nb">id</span> <span class="o">=</span> <span class="n">email</span> <span class="k">return</span> <span class="n">user</span> <span class="o">@</span><span class="n">login_manager</span><span class="p">.</span><span class="n">request_loader</span> <span class="k">def</span> <span class="nf">request_loader</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="n">email</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">form</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">'email'</span><span class="p">)</span> <span class="k">if</span> <span class="n">email</span> <span class="o">!=</span> <span class="s">'test@gmail.com'</span><span class="p">:</span> <span class="k">return</span> <span class="n">user</span> <span class="o">=</span> <span class="n">User</span><span class="p">()</span> <span class="n">user</span><span class="p">.</span><span class="nb">id</span> <span class="o">=</span> <span class="n">email</span> <span class="n">user</span><span class="p">.</span><span class="n">is_authenticated</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">form</span><span class="p">[</span><span class="s">'password'</span><span class="p">]</span> <span class="o">==</span> <span class="s">'test'</span> <span class="k">return</span> <span class="n">user</span> <span class="o">@</span><span class="n">login_manager</span><span class="p">.</span><span class="n">unauthorized_handler</span> <span class="k">def</span> <span class="nf">unauthorized_handler</span><span class="p">():</span> <span class="k">raise</span> <span class="n">Unauthorized</span><span class="p">()</span> <span class="k">def</span> <span class="nf">create_app</span><span class="p">():</span> <span class="n">app</span> <span class="o">=</span> <span class="n">Flask</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span> <span class="n">app</span><span class="p">.</span><span class="n">config</span><span class="p">.</span><span class="n">from_object</span><span class="p">(</span><span class="n">Config</span><span class="p">)</span> <span class="n">login_manager</span><span class="p">.</span><span class="n">init_app</span><span class="p">(</span><span class="n">app</span><span class="p">)</span> <span class="o">@</span><span class="n">app</span><span class="p">.</span><span class="n">route</span><span class="p">(</span><span class="s">'/'</span><span class="p">)</span> <span class="o">@</span><span class="n">login_required</span> <span class="k">def</span> <span class="nf">index</span><span class="p">():</span> <span class="k">return</span> <span class="s">'Ok'</span> <span class="o">@</span><span class="n">app</span><span class="p">.</span><span class="n">route</span><span class="p">(</span><span class="s">'/login'</span><span class="p">,</span> <span class="n">methods</span><span class="o">=</span><span class="p">[</span><span class="s">'GET'</span><span class="p">,</span> <span class="s">'POST'</span><span class="p">])</span> <span class="k">def</span> <span class="nf">login</span><span class="p">():</span> <span class="k">if</span> <span class="n">request</span><span class="p">.</span><span class="n">method</span> <span class="o">!=</span> <span class="s">'POST'</span><span class="p">:</span> <span class="k">raise</span> <span class="n">MethodNotAllowed</span><span class="p">()</span> <span class="k">if</span> <span class="n">request</span><span class="p">.</span><span class="n">form</span><span class="p">[</span><span class="s">'email'</span><span class="p">]</span> <span class="o">==</span> <span class="s">'test@gmail.com'</span> <span class="ow">and</span> <span class="n">request</span><span class="p">.</span><span class="n">form</span><span class="p">[</span><span class="s">'password'</span><span class="p">]</span> <span class="o">==</span> <span class="s">'test'</span><span class="p">:</span> <span class="n">user</span> <span class="o">=</span> <span class="n">User</span><span class="p">()</span> <span class="n">user</span><span class="p">.</span><span class="nb">id</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">form</span><span class="p">[</span><span class="s">'email'</span><span class="p">]</span> <span class="n">login_user</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="k">return</span> <span class="n">redirect</span><span class="p">(</span><span class="n">url_for</span><span class="p">(</span><span class="s">'.index'</span><span class="p">))</span> <span class="k">raise</span> <span class="n">Unauthorized</span><span class="p">()</span> <span class="o">@</span><span class="n">app</span><span class="p">.</span><span class="n">route</span><span class="p">(</span><span class="s">'/logout'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">logout</span><span class="p">():</span> <span class="n">logout_user</span><span class="p">()</span> <span class="k">return</span> <span class="s">'Logged out'</span> <span class="k">return</span> <span class="n">app</span> </code></pre></div> <p>We have a basic flask application with three routes:</p> <ul> <li>One to log in</li> <li>The root page, which is protected</li> <li>And one for logging out</li> </ul> <p>For the sake of this article, we are making the app as basic as possible. There are a lot of "best practices " violations 😨, bear with me. πŸ˜…</p> <p>Here are the tests for the app:<br> </p> <div class="highlight"><pre class="highlight python"><code><span class="kn">import</span> <span class="nn">pytest</span> <span class="kn">from</span> <span class="nn">flask.testing</span> <span class="kn">import</span> <span class="n">FlaskClient</span> <span class="kn">from</span> <span class="nn">app</span> <span class="kn">import</span> <span class="n">create_app</span> <span class="o">@</span><span class="n">pytest</span><span class="p">.</span><span class="n">fixture</span><span class="p">(</span><span class="n">scope</span><span class="o">=</span><span class="s">'module'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">flask_app</span><span class="p">():</span> <span class="n">app</span> <span class="o">=</span> <span class="n">create_app</span><span class="p">()</span> <span class="k">with</span> <span class="n">app</span><span class="p">.</span><span class="n">app_context</span><span class="p">():</span> <span class="k">yield</span> <span class="n">app</span> <span class="o">@</span><span class="n">pytest</span><span class="p">.</span><span class="n">fixture</span><span class="p">(</span><span class="n">scope</span><span class="o">=</span><span class="s">'module'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">client</span><span class="p">(</span><span class="n">flask_app</span><span class="p">):</span> <span class="n">app</span> <span class="o">=</span> <span class="n">flask_app</span> <span class="n">ctx</span> <span class="o">=</span> <span class="n">flask_app</span><span class="p">.</span><span class="n">test_request_context</span><span class="p">()</span> <span class="n">ctx</span><span class="p">.</span><span class="n">push</span><span class="p">()</span> <span class="n">app</span><span class="p">.</span><span class="n">test_client_class</span> <span class="o">=</span> <span class="n">FlaskClient</span> <span class="k">return</span> <span class="n">app</span><span class="p">.</span><span class="n">test_client</span><span class="p">()</span> <span class="k">def</span> <span class="nf">test_index_page__not_logged_in</span><span class="p">(</span><span class="n">client</span><span class="p">):</span> <span class="n">res</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">'/'</span><span class="p">)</span> <span class="k">assert</span> <span class="n">res</span><span class="p">.</span><span class="n">status_code</span> <span class="o">==</span> <span class="mi">401</span> <span class="k">def</span> <span class="nf">test_index_page__logged_in</span><span class="p">(</span><span class="n">client</span><span class="p">):</span> <span class="k">with</span> <span class="n">client</span><span class="p">:</span> <span class="n">client</span><span class="p">.</span><span class="n">post</span><span class="p">(</span><span class="s">'/login'</span><span class="p">,</span> <span class="n">data</span><span class="o">=</span><span class="nb">dict</span><span class="p">(</span><span class="n">email</span><span class="o">=</span><span class="s">'test@gmail.com'</span><span class="p">,</span> <span class="n">password</span><span class="o">=</span><span class="s">'test'</span><span class="p">))</span> <span class="n">res</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">'/'</span><span class="p">)</span> <span class="k">assert</span> <span class="n">res</span><span class="p">.</span><span class="n">status_code</span> <span class="o">==</span> <span class="mi">200</span> </code></pre></div> <p>We have two tests:</p> <ul> <li>One verifies that an unauthenticated user cannot access the root page.</li> <li>The other verifies that an authenticated can access the root page.</li> </ul> <p>We are more interested in the second test.</p> <p>What if we can make the second test something like:<br> </p> <div class="highlight"><pre class="highlight python"><code><span class="k">def</span> <span class="nf">test_index_page__logged_in</span><span class="p">(</span><span class="n">client</span><span class="p">):</span> <span class="n">res</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">'/'</span><span class="p">)</span> <span class="k">assert</span> <span class="n">res</span><span class="p">.</span><span class="n">status_code</span> <span class="o">==</span> <span class="mi">200</span> </code></pre></div> <p>Where we do not have any of the login logic inside the test.</p> <p>Well, good news, we have <strong>decorators</strong> in python.<br> <a href="https://i.giphy.com/media/KYElw07kzDspaBOwf9/giphy.gif" class="article-body-image-wrapper"><img src="https://i.giphy.com/media/KYElw07kzDspaBOwf9/giphy.gif" alt="Celebrate"></a></p> <p>If you are not familiar with decorators in python, feel free to take a look at the following <a href="https://realpython.com/primer-on-python-decorators/">article</a>.</p> <p>Let's introduce a decorator called <code>force_login</code>. Take a look at the following snippet:<br> </p> <div class="highlight"><pre class="highlight python"><code><span class="k">def</span> <span class="nf">force_login</span><span class="p">(</span><span class="n">email</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span> <span class="k">def</span> <span class="nf">inner</span><span class="p">(</span><span class="n">f</span><span class="p">):</span> <span class="o">@</span><span class="n">functools</span><span class="p">.</span><span class="n">wraps</span><span class="p">(</span><span class="n">f</span><span class="p">)</span> <span class="k">def</span> <span class="nf">wrapper</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">if</span> <span class="n">email</span><span class="p">:</span> <span class="k">for</span> <span class="n">key</span><span class="p">,</span> <span class="n">val</span> <span class="ow">in</span> <span class="n">kwargs</span><span class="p">.</span><span class="n">items</span><span class="p">():</span> <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">val</span><span class="p">,</span> <span class="n">FlaskClient</span><span class="p">):</span> <span class="k">with</span> <span class="n">val</span><span class="p">:</span> <span class="k">with</span> <span class="n">val</span><span class="p">.</span><span class="n">session_transaction</span><span class="p">()</span> <span class="k">as</span> <span class="n">sess</span><span class="p">:</span> <span class="n">sess</span><span class="p">[</span><span class="s">'_user_id'</span><span class="p">]</span> <span class="o">=</span> <span class="n">email</span> <span class="k">return</span> <span class="n">f</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="k">return</span> <span class="n">f</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="k">return</span> <span class="n">wrapper</span> <span class="k">return</span> <span class="n">inner</span> </code></pre></div> <p>We are interested in the following lines:<br> </p> <div class="highlight"><pre class="highlight python"><code><span class="k">with</span> <span class="n">val</span><span class="p">:</span> <span class="k">with</span> <span class="n">val</span><span class="p">.</span><span class="n">session_transaction</span><span class="p">()</span> <span class="k">as</span> <span class="n">sess</span><span class="p">:</span> <span class="n">sess</span><span class="p">[</span><span class="s">'_user_id'</span><span class="p">]</span> <span class="o">=</span> <span class="n">email</span> </code></pre></div> <p>Since we are using the <code>Flask-login</code> extension, we need to know how it tracks logged in users. Taking a look at the source code of the <code>login_user</code> we can see that it stores a couple of variables in the session:<br> </p> <div class="highlight"><pre class="highlight python"><code><span class="k">def</span> <span class="nf">login_user</span><span class="p">(</span><span class="n">user</span><span class="p">,</span> <span class="n">remember</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">duration</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">force</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">fresh</span><span class="o">=</span><span class="bp">True</span><span class="p">):</span> <span class="p">...</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">force</span> <span class="ow">and</span> <span class="ow">not</span> <span class="n">user</span><span class="p">.</span><span class="n">is_active</span><span class="p">:</span> <span class="k">return</span> <span class="bp">False</span> <span class="n">user_id</span> <span class="o">=</span> <span class="nb">getattr</span><span class="p">(</span><span class="n">user</span><span class="p">,</span> <span class="n">current_app</span><span class="p">.</span><span class="n">login_manager</span><span class="p">.</span><span class="n">id_attribute</span><span class="p">)()</span> <span class="n">session</span><span class="p">[</span><span class="s">'_user_id'</span><span class="p">]</span> <span class="o">=</span> <span class="n">user_id</span> <span class="c1"># This is what we need </span> <span class="n">session</span><span class="p">[</span><span class="s">'_fresh'</span><span class="p">]</span> <span class="o">=</span> <span class="n">fresh</span> <span class="n">session</span><span class="p">[</span><span class="s">'_id'</span><span class="p">]</span> <span class="o">=</span> <span class="n">current_app</span><span class="p">.</span><span class="n">login_manager</span><span class="p">.</span><span class="n">_session_identifier_generator</span><span class="p">()</span> </code></pre></div> <p>Thus the use of <code>sess['_user_id'] = email</code> in our decorator. If we were to use a different approach, such as a custom implementation or a different extension, we would have to adapt our decorator accordingly. Remember, we are not interested in where the user info is coming from. We just want to move our flask app to an authenticated state and do some assertions based on that state.</p> <p>With the above decorator we can make changes to our second test:<br> </p> <div class="highlight"><pre class="highlight python"><code><span class="o">@</span><span class="n">force_login</span><span class="p">(</span><span class="n">email</span><span class="o">=</span><span class="s">'test@gmail.com'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">test_index_page__logged_in</span><span class="p">(</span><span class="n">client</span><span class="p">):</span> <span class="n">res</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">'/'</span><span class="p">)</span> <span class="k">assert</span> <span class="n">res</span><span class="p">.</span><span class="n">status_code</span> <span class="o">==</span> <span class="mi">200</span> </code></pre></div> <p><em>Noice</em>! Definitely, looks cleaner.</p> <p>We have moved our login logic out of test into the <code>force_login</code> decorator so that we can focus on the test.</p> <p>We can make use of the <a href="https://pypi.org/project/decorator/">decorator</a> package to cleanup our decorator:<br> </p> <div class="highlight"><pre class="highlight python"><code><span class="o">@</span><span class="n">decorator</span> <span class="k">def</span> <span class="nf">force_login</span><span class="p">(</span><span class="n">func</span><span class="p">,</span> <span class="n">email</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">for</span> <span class="n">arg</span> <span class="ow">in</span> <span class="n">args</span><span class="p">:</span> <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">arg</span><span class="p">,</span> <span class="n">FlaskClient</span><span class="p">):</span> <span class="k">with</span> <span class="n">arg</span><span class="p">:</span> <span class="k">with</span> <span class="n">arg</span><span class="p">.</span><span class="n">session_transaction</span><span class="p">()</span> <span class="k">as</span> <span class="n">sess</span><span class="p">:</span> <span class="n">sess</span><span class="p">[</span><span class="s">'_user_id'</span><span class="p">]</span> <span class="o">=</span> <span class="n">email</span> <span class="k">return</span> <span class="n">func</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="k">return</span> <span class="n">func</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre></div> <p>Let's see if we can make our decorator a bit more generic. We can pull out the logic for modifying the session. Let's make the following changes:<br> </p> <div class="highlight"><pre class="highlight python"><code><span class="k">def</span> <span class="nf">login_user</span><span class="p">(</span><span class="n">sess</span><span class="p">,</span> <span class="n">email</span><span class="p">):</span> <span class="n">sess</span><span class="p">[</span><span class="s">'_user_id'</span><span class="p">]</span> <span class="o">=</span> <span class="n">email</span> <span class="o">@</span><span class="n">decorator</span> <span class="k">def</span> <span class="nf">force_login</span><span class="p">(</span><span class="n">func</span><span class="p">,</span> <span class="n">cb</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">for</span> <span class="n">arg</span> <span class="ow">in</span> <span class="n">args</span><span class="p">:</span> <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">arg</span><span class="p">,</span> <span class="n">FlaskClient</span><span class="p">):</span> <span class="k">with</span> <span class="n">arg</span><span class="p">:</span> <span class="k">with</span> <span class="n">arg</span><span class="p">.</span><span class="n">session_transaction</span><span class="p">()</span> <span class="k">as</span> <span class="n">sess</span><span class="p">:</span> <span class="n">cb</span><span class="p">(</span><span class="n">sess</span><span class="p">)</span> <span class="k">return</span> <span class="n">func</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="k">return</span> <span class="n">func</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre></div> <p>Then we can change the decorator call as follows:<br> </p> <div class="highlight"><pre class="highlight python"><code><span class="o">@</span><span class="n">force_login</span><span class="p">(</span><span class="n">cb</span><span class="o">=</span><span class="k">lambda</span> <span class="n">s</span><span class="p">:</span> <span class="n">login_user</span><span class="p">(</span><span class="n">s</span><span class="p">,</span> <span class="s">'test@gmail.com'</span><span class="p">))</span> <span class="k">def</span> <span class="nf">test_index_page__logged_in</span><span class="p">(</span><span class="n">client</span><span class="p">):</span> <span class="n">res</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">'/'</span><span class="p">)</span> <span class="k">assert</span> <span class="n">res</span><span class="p">.</span><span class="n">status_code</span> <span class="o">==</span> <span class="mi">200</span> </code></pre></div> <p>We are wrapping the function responsible for modifying the session in a lambda because we want to be able to change the <code>email</code> parameter per test.</p> <p>The decorator approach isn't limited to authentication. We can use also use it for data insertions into a DB and other use cases I have no idea about 🀯 .</p> <p>With the above approach, we gain two things:</p> <ol> <li>Cleaner code - Our tests look cleaner since they do not have login logic.</li> <li>Abstraction - Since we have moved all login logic to a decorator, we are able to use the decorator in multiple tests without worrying about the implementation details of authenticating a user.</li> </ol> <p><a href="https://i.giphy.com/media/5IT69msgpaOcg/giphy.gif" class="article-body-image-wrapper"><img src="https://i.giphy.com/media/5IT69msgpaOcg/giphy.gif" alt="Finished"></a></p> <p>Repo:<br> <a href="https://github.com/michaelbukachi/flask_auth_testing">https://github.com/michaelbukachi/flask_auth_testing</a></p> python flask testing Flask-Authlib-Client Michael Bukachi Tue, 31 Dec 2019 12:41:16 +0000 https://forem.com/michaelbukachi/flask-authlib-client-42bm https://forem.com/michaelbukachi/flask-authlib-client-42bm <p>I present to you <code>Flask-Authlib-Client</code>, a flask extension for authlib that answers the question "How do I validate tokens from a different resource server?". I haven't managed to publish it on Pypi because I'm having issues with my pypi account. Hoping to get it sorted soon.</p> <p>Check it out on <a href="https://github.com/michaelbukachi/flask-authlib-client">Github</a>.</p> <p>Happy New Year!</p> <h3> Edit </h3> <p>Finally got my pypi account back (yeepie!). You can now install the extension with:<br> </p> <div class="highlight"><pre class="highlight plaintext"><code>pip install Flask-Authlib-Client </code></pre></div> python flask authlib Making Safe API Calls With Python Michael Bukachi Wed, 28 Aug 2019 18:23:04 +0000 https://forem.com/michaelbukachi/making-safe-api-calls-with-python-2nbk https://forem.com/michaelbukachi/making-safe-api-calls-with-python-2nbk <p>Making REST API calls in python is quite common and easy especially due to existince of libraries such as <a href="http://docs.python-requests.org/en/master/">requests</a>.</p> <p>Take the following example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">get_user</span><span class="p">(</span><span class="n">user_id</span><span class="p">):</span> <span class="n">res</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="sa">f</span><span class="s">'https://jsonplaceholder.typicode.com/users/</span><span class="si">{</span><span class="n">user_id</span><span class="si">}</span><span class="s">'</span><span class="p">)</span> <span class="k">if</span> <span class="n">res</span><span class="p">.</span><span class="n">ok</span><span class="p">:</span> <span class="k">return</span> <span class="n">res</span><span class="p">.</span><span class="n">json</span><span class="p">()</span> <span class="k">else</span><span class="p">:</span> <span class="k">print</span><span class="p">(</span><span class="sa">f</span><span class="s">'</span><span class="si">{</span><span class="n">res</span><span class="p">.</span><span class="n">status_code</span><span class="si">}</span><span class="s">: </span><span class="si">{</span><span class="n">res</span><span class="p">.</span><span class="n">text</span><span class="si">}</span><span class="s">'</span><span class="p">)</span> <span class="k">return</span> <span class="p">{}</span> </code></pre> </div> <p>The code is pretty straightforward. We are defining a function to fetch a user's details from an <a href="https://jsonplaceholder.typicode.com">API</a> (A very handy web app for testing out web apps).</p> <p>Simple. Right?</p> <p>However, what happens when there is no connectivity? Exceptions are raised. <br> This can easily be wrapped in a <code>try...except</code> clause but it makes our code messy, especially when we have multiple endpoints to call.</p> <p>Enter <a href="https://returns.readthedocs.io/en/latest/index.html">returns</a>.</p> <p><a href="https://i.giphy.com/media/3oFzmpW5fjL3P45CXC/giphy.gif" class="article-body-image-wrapper"><img src="https://i.giphy.com/media/3oFzmpW5fjL3P45CXC/giphy.gif" alt="Grand entrance" width="480" height="264"></a></p> <p>Returns is a library written with safety in mind. It's quite powerful and has a lot to offer. Now let's quickly fix our <em>unsafe</em> code.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">GetUser</span><span class="p">(</span><span class="nb">object</span><span class="p">):</span> <span class="o">@</span><span class="n">pipeline</span> <span class="k">def</span> <span class="nf">__call__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">user_id</span><span class="p">:</span> <span class="nb">int</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">Result</span><span class="p">[</span><span class="nb">dict</span><span class="p">,</span> <span class="nb">Exception</span><span class="p">]:</span> <span class="n">res</span> <span class="o">=</span> <span class="bp">self</span><span class="p">.</span><span class="n">_make_request</span><span class="p">(</span><span class="n">user_id</span><span class="p">).</span><span class="n">unwrap</span><span class="p">()</span> <span class="k">return</span> <span class="bp">self</span><span class="p">.</span><span class="n">_parse_json</span><span class="p">(</span><span class="n">res</span><span class="p">)</span> <span class="o">@</span><span class="n">safe</span> <span class="k">def</span> <span class="nf">_make_request</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">user_id</span><span class="p">:</span> <span class="nb">int</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">requests</span><span class="p">.</span><span class="n">Response</span><span class="p">:</span> <span class="n">res</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="sa">f</span><span class="s">'https://jsonplaceholder.typicode.com/users/</span><span class="si">{</span><span class="n">user_id</span><span class="si">}</span><span class="s">'</span><span class="p">)</span> <span class="n">res</span><span class="p">.</span><span class="n">raise_for_status</span><span class="p">()</span> <span class="k">return</span> <span class="n">res</span> <span class="o">@</span><span class="n">safe</span> <span class="k">def</span> <span class="nf">_parse_json</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">res</span><span class="p">:</span> <span class="n">requests</span><span class="p">.</span><span class="n">Response</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">dict</span><span class="p">:</span> <span class="n">user</span> <span class="o">=</span> <span class="n">res</span><span class="p">.</span><span class="n">json</span><span class="p">()</span> <span class="k">return</span> <span class="n">user</span> <span class="n">get_user</span> <span class="o">=</span> <span class="n">GetUser</span><span class="p">()</span> </code></pre> </div> <p>We have defined a class which can be invoked as a function once instantiated. We need to take note of the <code>@safe</code> decorator, a very handy decorator which wraps any exception raised into a <code>Failure</code> object.<br> The <code>Failure</code>class is a subclass of the <code>Result</code> type which is basically a simple container.<br> Now, our code changes from:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">try</span><span class="p">:</span> <span class="n">user</span> <span class="o">=</span> <span class="n">get_user</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="k">except</span> <span class="nb">Exception</span><span class="p">:</span> <span class="k">print</span><span class="p">(</span><span class="s">'An error occurred'</span><span class="p">)</span> </code></pre> </div> <p>to:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">user</span> <span class="o">=</span> <span class="n">get_user</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="c1"># returns Success(dict) or Failure(Exception) </span><span class="n">user</span> <span class="o">=</span> <span class="n">user</span><span class="p">.</span><span class="n">value_or</span><span class="p">({})</span> </code></pre> </div> <p>Isn't that just elegant?</p> <p>I know what you are thinking. It's too much code! <br> That's the same thing I thought at first. But after playing around with the library and a bit of customization, I started to notice that my code looked cleaner. I could quickly scan through a file and get the gist of what is going without have to follow references. This is just the surface. Returns has way more to offer. Check it <a href="https://returns.readthedocs.io/en/latest/index.html">out</a>.</p> <p>Here's a decorator I came up with to automatically unwrap <code>Result</code> inner values or provide a default value instead:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">unwrap</span><span class="p">(</span><span class="n">success</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">failure</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span> <span class="k">def</span> <span class="nf">outer_wrapper</span><span class="p">(</span><span class="n">func</span><span class="p">):</span> <span class="o">@</span><span class="n">functools</span><span class="p">.</span><span class="n">wraps</span><span class="p">(</span><span class="n">func</span><span class="p">)</span> <span class="k">def</span> <span class="nf">wrapper</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="n">result</span> <span class="o">=</span> <span class="n">func</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="k">if</span> <span class="n">is_successful</span><span class="p">(</span><span class="n">result</span><span class="p">):</span> <span class="k">if</span> <span class="n">success</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="k">return</span> <span class="n">success</span> <span class="k">else</span><span class="p">:</span> <span class="k">if</span> <span class="n">failure</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="k">return</span> <span class="n">failure</span> <span class="k">return</span> <span class="n">result</span><span class="p">.</span><span class="n">_inner_value</span> <span class="k">return</span> <span class="n">wrapper</span> <span class="k">return</span> <span class="n">outer_wrapper</span> </code></pre> </div> <p>Usage:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="o">@</span><span class="n">unwrap</span><span class="p">(</span><span class="n">failure</span><span class="o">=</span><span class="p">{})</span> <span class="c1"># If a failure occurs an empty dict is returnd </span> <span class="o">@</span><span class="n">pipeline</span> <span class="k">def</span> <span class="nf">__call__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">user_id</span><span class="p">:</span> <span class="nb">int</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">Result</span><span class="p">[</span><span class="nb">dict</span><span class="p">,</span> <span class="nb">Exception</span><span class="p">]:</span> <span class="p">...</span> <span class="n">user</span> <span class="o">=</span> <span class="n">get_user</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="c1"># returns dict or empty dict </span></code></pre> </div> <p>Cheers!</p> python returns api A Flask Anti-Js Movement Michael Bukachi Fri, 02 Aug 2019 20:15:11 +0000 https://forem.com/michaelbukachi/a-flask-anti-js-movement-h1 https://forem.com/michaelbukachi/a-flask-anti-js-movement-h1 <p>For the past couple of months I have been developing APIs using Flask. During this time, I noticed one thing in common. API consumers (at least the ones I've worked with) never fully go through the documentation provided to familiarize themselves with what is needed. Now, I'm not sure whether this is intentional or accidental (need feedback πŸ˜„).<br> The results of trial and error by developers consuming your API can be quite annoying especially if you have setup error-reporting services like <a href="https://sentry.io/welcome/">sentry</a>.</p> <p>Imagine waking up to a tonne of emails from your error-reporting service only to find out that it's a result of bad inputπŸ˜₯. Using Flask extensions such as <a href="https://flask-restplus.readthedocs.io/en/stable/">Flask-Restplus</a> can help you manage bad input easily. Also, <strong>Bad Requests</strong> exceptions can easily be ignored on error-reporting services so that they don't trigger alerts all the time. However, there are path variables which introduce a different kind of problem. <br> Take a look at the following snippet:<br> </p> <div class="highlight"><pre class="highlight python"><code><span class="o">@</span><span class="n">app</span><span class="p">.</span><span class="n">route</span><span class="p">(</span><span class="s">'/&lt;string:user_id&gt;'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">get_details</span><span class="p">(</span><span class="n">user_id</span><span class="p">):</span> <span class="p">....</span> <span class="c1"># Do something with user_id </span></code></pre></div> <p>You have created an endpoint which fetches users details from a database somewhere and returns the necessary details. You have provided proper documentation about usage of that endpoint and you are quite satisfied with your work. You decide to go for an early lunch break only to come back quite early due to the fact that you started receiving error alerts as soon as you were about to have your lunch😩.</p> <p>You quickly check the logs and stacktraces to see what is going on.<br> All the errors are coming from your newly created endpoint.</p> <p>How?<br> <a href="https://i.giphy.com/media/3o7btPCcdNniyf0ArS/giphy.gif" class="article-body-image-wrapper"><img src="https://i.giphy.com/media/3o7btPCcdNniyf0ArS/giphy.gif" alt="How?"></a></p> <p>You are pretty sure you added all the necessary checks. You even added a type check to the path variable to prevent invalid types.</p> <p>On looking closer at the stack traces, you notice that the user_id passed was a value of <strong>undefined</strong>. The developer consuming your API was probably in the dreaded <strong>trial and error</strong> phase, trying to wire things up on the frontend. </p> <p>Now, a good API is supposed to be protected from misuse. And yes, this includes trial and error actions by devs consuming your API.</p> <p>To deal with "undefined" variables you could probably add a conditional check and return an appropriate response.<br> </p> <div class="highlight"><pre class="highlight python"><code><span class="o">@</span><span class="n">app</span><span class="p">.</span><span class="n">route</span><span class="p">(</span><span class="s">'/&lt;string:user_id&gt;'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">get_details</span><span class="p">(</span><span class="n">user_id</span><span class="p">):</span> <span class="k">if</span> <span class="n">user_id</span> <span class="o">==</span> <span class="s">'undefined'</span><span class="p">:</span> <span class="k">raise</span> <span class="n">BadRequest</span><span class="p">(</span><span class="s">'Invalid user id'</span><span class="p">)</span> <span class="c1"># Do something with user_id </span><span class="p">....</span> </code></pre></div> <p>However, this solution does not scale well. What if you have hundreds of endpoints with path variables? What then?</p> <p>A better solution would be to make use of Flask's <code>before_request</code> decorator like so:<br> </p> <div class="highlight"><pre class="highlight python"><code><span class="o">@</span><span class="n">app</span><span class="p">.</span><span class="n">before_request</span> <span class="k">def</span> <span class="nf">check_undefined_values</span><span class="p">():</span> <span class="k">for</span> <span class="n">variable</span> <span class="ow">in</span> <span class="n">request</span><span class="p">.</span><span class="n">view_args</span><span class="p">.</span><span class="n">values</span><span class="p">():</span> <span class="k">if</span> <span class="n">variable</span> <span class="o">==</span> <span class="s">'undefined'</span><span class="p">:</span> <span class="k">raise</span> <span class="n">BadRequest</span><span class="p">(</span><span class="s">'</span><span class="se">\'</span><span class="s">undefined</span><span class="se">\'</span><span class="s"> value found.'</span><span class="p">)</span> </code></pre></div> <p>This approach works best since the <code>check_undefined_values</code> function is always called before a request is forwarded to you endpoint.</p> <p>I have created a Flask extension called <a href="https://github.com/michaelbukachi/flask-antijs">Flask-AntiJs</a> that uses the above. It has extra functionalities such as the ability to check for undefined values in request payloads and query parameters. It's actually my first Flask extension so check it out😁.</p> <p>That's all for today.</p> <p><a href="https://i.giphy.com/media/lD76yTC5zxZPG/giphy.gif" class="article-body-image-wrapper"><img src="https://i.giphy.com/media/lD76yTC5zxZPG/giphy.gif" alt="Done"></a></p> python flask Flask Vue.js Integration Tutorial Michael Bukachi Fri, 24 May 2019 19:59:56 +0000 https://forem.com/michaelbukachi/flask-vue-js-integration-tutorial-2g90 https://forem.com/michaelbukachi/flask-vue-js-integration-tutorial-2g90 <p>This tutorial answers the question, <em>"How do I integrate Vue.js with Flask?"</em> Since you are reading this tutorial, I assume that you know that <strong>Flask</strong> is a Python microframework built for rapid web development. If you are not familiar with flask or probably think that I am going to talk about a thermos 😜, then I suggest reading about it <a href="http://flask.pocoo.org/" rel="noopener noreferrer">here</a> before proceeding with this tutorial.</p> <p><strong>Vue.js</strong> is a progressive framework for building user interfaces. If you are not familiar with it, you can read about it <a href="https://vuejs.org/v2/guide/" rel="noopener noreferrer">here</a>.</p> <p>Now that you are familiar with both Flask and Vue.js, we can begin. </p> <h2> Flask Setup </h2> <p>Let's install a couple of dependencies first:</p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="n">pip</span> <span class="n">install</span> <span class="o">--</span><span class="n">user</span> <span class="n">cookiecutter</span> </code></pre> </div> <p><a href="https://cookiecutter.readthedocs.io/en/latest/readme.html" rel="noopener noreferrer">Cookiecutter</a> is an awesome command-line utility for quickly bootstraping project templates. We are using cookiecutter so that we don't spend too much time setting up the project. Remember, flask is not <strong>batteries included</strong> like <a href="https://www.djangoproject.com/" rel="noopener noreferrer">Django</a>, so quite a bit of work has to be put into the initial setup of a project.</p> <p>Now that you have installed Cookiecutter, we need grab a project template. For this tutorial, we just need a simple flask API. Run the following commands:</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> cookiecutter gh:mobidevke/cookiecutter-flask-api-starter </code></pre> </div> <p>You should get the following output:</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> repo_name [api-starter]: flask-vuejs-tutorial api_name [Api]: api version [1.0.0]: 1.0.0 </code></pre> </div> <p>A folder called <strong>flask-vuejs-tutorial</strong> should be created. Navigate into that folder and you should see the following structure:</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> β”œβ”€β”€ app β”‚Β Β  β”œβ”€β”€ config.py β”‚Β Β  β”œβ”€β”€ factory.py β”‚Β Β  β”œβ”€β”€ __init__.py β”‚Β Β  β”œβ”€β”€ models β”‚Β Β  β”‚Β Β  β”œβ”€β”€ base.py β”‚Β Β  β”‚Β Β  β”œβ”€β”€ database.py β”‚Β Β  β”‚Β Β  β”œβ”€β”€ datastore.py β”‚Β Β  β”‚Β Β  └── __init__.py β”‚Β Β  β”œβ”€β”€ resources β”‚Β Β  β”‚Β Β  β”œβ”€β”€ example.py β”‚Β Β  β”‚Β Β  └── __init__.py β”‚Β Β  └── utils.py β”œβ”€β”€ pytest.ini β”œβ”€β”€ README.md β”œβ”€β”€ requirements.txt β”œβ”€β”€ settings.py β”œβ”€β”€ tests β”‚Β Β  β”œβ”€β”€ conftest.py β”‚Β Β  β”œβ”€β”€ __init__.py β”‚Β Β  β”œβ”€β”€ test_app.py β”‚Β Β  β”œβ”€β”€ test_models.py β”‚Β Β  β”œβ”€β”€ test_resources.py β”‚Β Β  └── utils.py β”œβ”€β”€ unit-tests.sh └── wsgi.py </code></pre> </div> <p>Beautiful, isn't it πŸ˜ƒ? </p> <p>Before we proceed we need to setup a virtual environment. Run:</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> python -m venv venv </code></pre> </div> <p>You can now open the project folder using your favourite IDE/Text Editor. Remember to activate the virtual environment before proceeding to the next step. <br> Now we can install our dependencies. Run:</p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="n">pip</span> <span class="n">install</span> <span class="o">-</span><span class="n">r</span> <span class="n">requirements</span><span class="p">.</span><span class="n">txt</span> </code></pre> </div> <p>Once done open <code>app/config.py</code>. You'll notice that this API template uses a postgres database connection. You can setup a postgres db with the necessary credentials, if you don't mind. Otherwise, replace the contents of that folder with the following lines of code:</p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="kn">import</span> <span class="n">os</span> <span class="k">class</span> <span class="nc">Config</span><span class="p">:</span> <span class="n">ERROR_404_HELP</span> <span class="o">=</span> <span class="bp">False</span> <span class="n">SECRET_KEY</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">'</span><span class="s">APP_SECRET</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">secret key</span><span class="sh">'</span><span class="p">)</span> <span class="n">SQLALCHEMY_DATABASE_URI</span> <span class="o">=</span> <span class="sh">'</span><span class="s">sqlite:///tutorial.db</span><span class="sh">'</span> <span class="n">SQLALCHEMY_TRACK_MODIFICATIONS</span> <span class="o">=</span> <span class="bp">False</span> <span class="n">DOC_USERNAME</span> <span class="o">=</span> <span class="sh">'</span><span class="s">api</span><span class="sh">'</span> <span class="n">DOC_PASSWORD</span> <span class="o">=</span> <span class="sh">'</span><span class="s">password</span><span class="sh">'</span> <span class="k">class</span> <span class="nc">DevConfig</span><span class="p">(</span><span class="n">Config</span><span class="p">):</span> <span class="n">DEBUG</span> <span class="o">=</span> <span class="bp">True</span> <span class="k">class</span> <span class="nc">TestConfig</span><span class="p">(</span><span class="n">Config</span><span class="p">):</span> <span class="n">SQLALCHEMY_DATABASE_URI</span> <span class="o">=</span> <span class="sh">'</span><span class="s">sqlite://</span><span class="sh">'</span> <span class="n">TESTING</span> <span class="o">=</span> <span class="bp">True</span> <span class="n">DEBUG</span> <span class="o">=</span> <span class="bp">True</span> <span class="k">class</span> <span class="nc">ProdConfig</span><span class="p">(</span><span class="n">Config</span><span class="p">):</span> <span class="n">DEBUG</span> <span class="o">=</span> <span class="bp">False</span> <span class="n">config</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">development</span><span class="sh">'</span><span class="p">:</span> <span class="n">DevConfig</span><span class="p">,</span> <span class="sh">'</span><span class="s">testing</span><span class="sh">'</span><span class="p">:</span> <span class="n">TestConfig</span><span class="p">,</span> <span class="sh">'</span><span class="s">production</span><span class="sh">'</span><span class="p">:</span> <span class="n">ProdConfig</span> <span class="p">}</span> </code></pre> </div> <p>We have removed all postgres configurations in favour of sqlite ones. If you want to use postgres, leave the <code>conf.py</code> file untouched.<br> We now need to export our flask application. Run:</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> export FLASK_APP=wsgi:app </code></pre> </div> <p>Now that we have finished setting up our flask API, run:</p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="n">flask</span> <span class="n">run</span> </code></pre> </div> <p>then open <a href="http://127.0.0.1:5000/example" rel="noopener noreferrer">http://127.0.0.1:5000/example</a>. You should see the following:</p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="p">{</span><span class="nl">"message"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Success"</span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Vue.js setup </h2> <p>Now that our API is ready, we can proceed to bootstrap the vue application.<br> The first thing we need to do is install the vue cli. Run:</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> npm <span class="nb">install</span> <span class="nt">-g</span> @vue/cli <span class="c"># OR</span> yarn global add @vue/cli </code></pre> </div> <p>Once the installation finishes, you can check that you have the right version (3.x) with this command:</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> vue <span class="nt">--version</span> </code></pre> </div> <p>At the root of your project folder run:</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> vue create web </code></pre> </div> <p>I chose <strong>default (babel, eslint)</strong> as the preset and <strong>yarn</strong> as my package manager. If you are familiar with node projects you can go ahead and choose your preferred options. If not, just follow the defaults for this tutorial.<br> Now navigate into the new clearly created <strong>web</strong> folder and run:</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> yarn serve <span class="c"># OR</span> npm run serve </code></pre> </div> <p>If you navigate to <a href="http://localhost:8080/" rel="noopener noreferrer">http://localhost:8080/</a>, you should see a <strong>Welcome to Your Vue.js App</strong> text.</p> <p>Now we are ready to start the integrations. <br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fouztcohgzip5caivhsvv.gif" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fouztcohgzip5caivhsvv.gif" alt="Woohoo"></a></p> <p>In the web folder, create a file called <code>vue.config.js</code> and paste the following contents:</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> const path = require('path'); module.exports = { assetsDir: '../static', baseUrl: '', publicPath: undefined, outputDir: path.resolve(__dirname, '../app/templates'), runtimeCompiler: undefined, productionSourceMap: undefined, parallel: undefined, css: undefined }; </code></pre> </div> <p><strong>Note</strong> If you are using Vue CLI 3.3 and above use <code>publicPath</code> instead of <code>baseUrl</code>.<br> Here, are defining some configurations for the vue cli. <br> We are only interested in three fields: <strong>assetsDir, baseUrl, outputDir</strong>.<br> Let's start with the outputDir. <br> This folder holds the location of the built vue files, that is, the folder that will hold the <code>index.html</code> that wil load the vue app. If you observe the path provided, you'll notice that the folder is inside the <code>app</code> module of the flask application.<br> The <code>assetsDir</code> holds the folder for the static files (css, js etc). <strong>Note</strong> It is relative to the value provided in the <code>outputDir</code> field.<br> Finally, the <code>baseUrl</code> field will hold the path prefix for the static files in the <code>index.html</code>. You can check <a href="https://cli.vuejs.org/config/" rel="noopener noreferrer">this</a> to find out more information about other configuration options.<br> Now run:</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> yarn build <span class="c"># OR</span> npm run build </code></pre> </div> <p>If you open the <code>app</code> folder, you will notice that two new folders have been created, <code>templates</code> and <code>static</code>. They contain the built vue files.<br> Now create a <code>views.py</code> file in the <code>app</code> folder and paste the following contents:</p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="kn">from</span> <span class="n">flask</span> <span class="kn">import</span> <span class="n">Blueprint</span><span class="p">,</span> <span class="n">render_template</span><span class="p">,</span> <span class="n">abort</span> <span class="kn">from</span> <span class="n">jinja2</span> <span class="kn">import</span> <span class="n">TemplateNotFound</span> <span class="n">sample_page</span> <span class="o">=</span> <span class="nc">Blueprint</span><span class="p">(</span><span class="sh">'</span><span class="s">sample_page</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">sample_page</span><span class="sh">'</span><span class="p">,</span> <span class="n">template_folder</span><span class="o">=</span><span class="sh">'</span><span class="s">templates</span><span class="sh">'</span><span class="p">)</span> <span class="nd">@sample_page.route</span><span class="p">(</span><span class="sh">'</span><span class="s">/sample</span><span class="sh">'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">get_sample</span><span class="p">():</span> <span class="k">try</span><span class="p">:</span> <span class="k">return</span> <span class="nf">render_template</span><span class="p">(</span><span class="sh">'</span><span class="s">index.html</span><span class="sh">'</span><span class="p">)</span> <span class="k">except</span> <span class="n">TemplateNotFound</span><span class="p">:</span> <span class="nf">abort</span><span class="p">(</span><span class="mi">404</span><span class="p">)</span> </code></pre> </div> <p>Now, what's going on here? <br> Well, we are creating a flask blueprint named <code>sample_page</code> and adding a route to it. This route will render our vue app.</p> <p>Open <code>__init__.py</code> and add the following lines below <code>app = f.flask</code>:</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> ..... app = f.flask from .views import sample_page app.register_blueprint(sample_page, url_prefix='/views') </code></pre> </div> <p>Here, we are registering the blueprint we created earlier. <br> We are giving the blueprint a url prefix so that our vue app is accessible from <code>/views/sample</code>.</p> <p>The moment of truth has arrived.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqkqhwelnjk0rg92jnkyv.gif" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqkqhwelnjk0rg92jnkyv.gif" alt="Moment"></a></p> <p>Open <a href="http://127.0.0.1:5000/views/sample" rel="noopener noreferrer">http://127.0.0.1:5000/views/sample</a> you should see the following:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fi.ibb.co%2FxGzGmYG%2Fscreenshot-2019-05-24-22-13-52.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fi.ibb.co%2FxGzGmYG%2Fscreenshot-2019-05-24-22-13-52.png" alt="Image"></a></p> <p>If you check the logs, you will see the built resources were loaded correctly:</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> * Serving Flask app "wsgi:app" * Environment: production WARNING: Do not use the development server in a production environment. Use a production WSGI server instead. * Debug mode: off * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit) 127.0.0.1 - - [24/May/2019 20:45:02] "GET /views/sample HTTP/1.1" 200 - 127.0.0.1 - - [24/May/2019 20:45:02] "GET /static/css/app.e2713bb0.css HTTP/1.1" 200 - 127.0.0.1 - - [24/May/2019 20:45:02] "GET /static/js/chunk-vendors.b10d6c99.js HTTP/1.1" 200 - 127.0.0.1 - - [24/May/2019 20:45:02] "GET /static/js/app.c249faaa.js HTTP/1.1" 200 - 127.0.0.1 - - [24/May/2019 20:45:02] "GET /static/img/logo.82b9c7a5.png HTTP/1.1" 200 - 127.0.0.1 - - [24/May/2019 20:45:02] "GET /views/favicon.ico HTTP/1.1" 404 - </code></pre> </div> <p>You have successfully integrated Flask with Vuejs πŸ˜„.</p> <p>The source code for this tutorial can be found <a href="https://github.com/michaelbukachi/flask-vuejs-tutorial" rel="noopener noreferrer">here</a>.</p> python flask vue javascript