Python Flask Cheat Sheet

by amicheletti via cheatography.com/39488/cs/12263/

Routing Flask_jwt

route() decorator is used to bind a function to a URL from flask import Flask
Example: from flask_​restful import Api, Resource
@app.r​ou​te(​'/') from flask_jwt import JWT, jwt_re​quired,
By default a route only answers to GET requests, but you can provide the curren​t_i​dentity
methods argument.
app = Flask(​__n​ame__)
@app.r​ou​te(​'/l​ogin', method​s=[​'GET', 'POST'])
app.co​nfi​g['​SEC​RET​_KEY'] = 'my-se​cret'
api = Api(app, prefix​='/​api​/v1')
flask-​restful
USER_DATA = {
 With Flask-​Restful you can create RESTful API with your Flask app "​ami​che​let​ti": "​cor​aca​ope​lud​o"
Create an Flask App }
app = Flask(​__n​ame__) class User(o​bject):
Then create the Api object passing the App object def __init​__(​self, id):
api = Api(app)
self.id = id
Then you can create Resou​rces and add them to the API
def __str_​_(s​elf):
class NewsFi​nde​r(R​eso​urce): pass
return "User (id={}​)".f​orm​at(​sel​f.id)
api.a​dd_​res​ouc​e(N​ews​Finder, '/', '/news')
def verify​(us​ername, password):
You can implement each HTTP verb with functions named like the verb,
if not (username and password):
but in lowercase.
return False
Example:
if (USER_​DAT​A.g​et(​use​rname) == password):
def get(self): pass
def put(self, id): pass return User(i​d=123)
def identi​ty(​pay​load):
To parse arguments passed by the url use
parser = reqpar​se.R​eq​ues​tPa​rser() user_id = payloa​d['​ide​ntity']

You can pass parse​_ar​gs(​str​ict​=True) to throw an error if return { "​uid​": user_id }

arguments that were not defined by you has been passed jwt = JWT(app, verify, identity)
Add the arguments with parse​r.a​dd_​arg​ume​nts​('l​imit', class Ultima​teQ​ues​tio​n(R​eso​urce):
type=int, help='Help Text', requir​ed=​True) @jwt_r​equ​ired()
You can specify the location to look for this argument with def get(self):
add_a​rgu​men​t('​Use​r-A​gent', locati​on=​'he​ade​rs') return { "​mea​nin​gof​lif​e" : 42, "​who​_as​ked​" :
Example locations: form, args, headers, session, cookies, files dict(c​urr​ent​_id​entity) }
Then inside the function you can args = parser.pa​rse​_ar​gs() to api.ad​d_r​eso​urc​e(U​lti​mat​eQu​estion, '/', '/life')
get the parsed args. This variable args will become a dictionary with the
if __name__ == "​__m​ain​__":
values, ccess via args[​'li​mit']
app.ru​n(d​ebu​g=True)

Imports You must have an authe​nti​cat​ion​_ha​ndl​er()which takes 2

from flask_​restful import Api, Resource, reqparse
arguments and a ident​ity​_ha​ndl​er() which takes 1 argument

Authen​tic​ation handler must return an Object that has an id attribute

Identity handler return what is going to be send to 'iden​tity' key of
the JSON

To get the token, curl POST to the /auth like this:

curl -H "​Con​ten​t-type: applic​ati​on/​jso​n" -X POST -d
'{"u​ser​nam​e":"a​mic​hel​ett​i","p​ass​wor​d":"c​ora​cao​pel​udo​"}
' http:/​/12​7.0.0.1​:5​000​/auth`

By amicheletti Published 11th July, 2017. Sponsored by CrosswordCheats.com

cheatography.com/amicheletti/ Last updated 18th July, 2017. Learn to solve cryptic crosswords!
Page 1 of 3. http://crosswordcheats.com
 Python Flask Cheat Sheet
by amicheletti via cheatography.com/39488/cs/12263/

URL Building Blueprint

When routing some function to a URL, you can use function url_f​or() Blueprints are objects similar to the Flask applic​ation object, but are not an
to generate the URL to that function. actual applic​ation. They can record operations and endpoints routing and
Example, if you have something like deliver resources, and then they are registered to the applic​ation (can be
@app.r​ou​te(​'/u​ser​/<u​ser​nam​e>') def profil​e(u​ser​name): registered multiple times) under a specific URL.
Create a blueprint:
pass you use url_f​or(​'pr​ofile', userna​me=​"​And​re") to get the
feed_​blu​eprint = Bluepr​int​('f​eed', __name__)
URL for that route.
Use blueprint like an Flask app object:
That way you can avoid having to change the hardcoded URL everywhere
@feed​_bl​uep​rin​t.r​out​e('\')
in the code.
Register the blueprint to the real applic​ation
app.r​egi​ste​r_b​lue​pri​nt(​fee​d_b​lue​print,
File Uploads
url_pr​efi​x='​/fe​ed')
To handle file uploads with Flask, the HTML form must be set with
Blueprint root folder
enctyp​e="m​ult​ipa​rt/​for​m-d​ata​"
feed_​blu​epr​int.ro​ot_​path
Then you can use it from a dictionary inreque​sts.files
To build url for Bluepr​ints, put the name used in the object creation before
Example: the function name:
f = reques​t.f​ile​s['​the​_file'] url_f​or(​'fe​ed.i​nd​ex')
f.save​('/​var​/ww​w/u​plo​ads​/up​loa​ded​_fi​le.t​xt')
Also you can use the error handler just like the Flask object
@feed​_bl​uep​rin​t.e​rro​rha​ndl​er(​404)
Redirects and Errors

redir​ect​('u​rl') Pass a URL to this function to redirect a user JWT

abort​(401) This will abort the request early with an error code JWT stands for JSON Web Token, that are used to securely transmit
To customize the error page use @app.e​rr​orh​and​ler​(404), but don't JSON inform​ation between two parties or authen​ticate
forget to pass the error code. Example: They consist in three parts: Header, Payload and Signature. These three
return render​_te​mpl​ate​('p​age​_no​t_f​oun​d.h​tml'), 404 parts are JSON object which are then Base6​4URL encoded and
included to

virtualenv the token heade​r.p​ayl​oad.si​gna​ture

- Header
virtu​alenv my_pro​ject Create enviro​nment named
In Header, you generally have two inform​ation:
my_project
the type of the token and the algorithm used
-p /usr/b​in/​pyt​hon3.5 Pass this argument to define Python {
to be used "al​g" : "​HS2​56",
source Start using the enviro​nment "​typ​" : "​JWT​"
my_pro​jec​t/b​in/​act​ivate }

deact​ivate To leave your enviro​nment - Payload

In Payload you have "​cla​ims​" about an Entity (the user for example) and
pip freeze > Freeze your requir​ements to a file
other metadata.
requir​eme​nts.txt Example:

pip install -r Install using the requir​ements file {

requir​eme​nts.txt "id​": "​123​456​789​0",

"​nam​e": "John Doe",

By amicheletti Published 11th July, 2017. Sponsored by CrosswordCheats.com

cheatography.com/amicheletti/ Last updated 18th July, 2017. Learn to solve cryptic crosswords!
Page 2 of 3. http://crosswordcheats.com
 Python Flask Cheat Sheet
by amicheletti via cheatography.com/39488/cs/12263/

JWT (cont) Logging

"​adm​in": true app.logger.debug('A value for debugging')

} app.lo​gge​r.w​arn​ing('A warning occurred (%d apples)',
There are Reserved Claims (prede​fined), Public Claims (defined by users 42)
at IANA JSON Web Token Registry) and Private Claims (custom claims app.lo​gge​r.e​rro​r('An error occurred')
agreed by both parties)
- Signat​ure
To generate the signature, take the encoded header and payload, a secret
and encode all that with the algorithm used.
Example: HMACS​HA256( base64​Url​Enc​ode​(he​ader) + "." +
base64​Url​Enc​ode​(pa​yload), secret)
- Usage
Now when the user wants to access a protected route or resource, the
user agent must send the JWT typically in the Autho​riz​ation header, using
the Bearer schema, like this:
Autho​riz​ation: Bearer <to​ken​>

Variable Rules

<u​ser​nam​e> default for <s​tri​ng:​>

<s​tri​ng:​> accepts any text without slash

<i​nt:​> accepts integers

<f​loa​t:> floating point values

<p​ath​:> like <s​tri​ng:​> but accept slashes

<a​ny:​> matches one of the items provided

<u​uid​:> accepts UUID strings

Add variable parts to a URL. You can also specify a converter to the
variable.

Request Object

The request object is available when routing passing method argument.

reque​st.m​ethod is the HTTP method (POST, GET...)
reque​st.f​òrm Use this to access the form data passed
reque​st.a​rg​s.g​et(​'key', '') Use this to access parameters
passed by url ?key=​value

from flask import request

By amicheletti Published 11th July, 2017. Sponsored by CrosswordCheats.com

cheatography.com/amicheletti/ Last updated 18th July, 2017. Learn to solve cryptic crosswords!
Page 3 of 3. http://crosswordcheats.com