From blythe.sheldon at gmail.com Mon Apr 3 17:22:36 2017 From: blythe.sheldon at gmail.com (Blythe Sheldon) Date: Mon, 3 Apr 2017 14:22:36 -0700 Subject: [Flask] Issue with Daemonization, Flask, and Elastic Beanstalk Message-ID: Hello, I'm new to the list, so apologies if a question like mine has been asked and answered before. I've created a Flask app that accepts text input via a form, which then gets saved to the server and processed by another script, which I've daemonized per my own scrappy daemon.py. After deploying the app to AWS Elastic Beanstalk, I see that my text processing script does not run. I don't have enough background with mod_wsgi to know how to resolve this issue, and given the simplicity of what I'm trying to accomplish, I want to use the most appropriate daemonizing tool. I've attached the the error log output. If anyone has any advice on how to fix this error, I'd appreciate it! Thanks, Blythe -------------- next part -------------- A non-text attachment was scrubbed... Name: error_log.png Type: image/png Size: 222966 bytes Desc: not available URL: From tamasiaina at gmail.com Mon Apr 3 17:45:59 2017 From: tamasiaina at gmail.com (Jonathan Chen) Date: Mon, 3 Apr 2017 14:45:59 -0700 Subject: [Flask] Issue with Daemonization, Flask, and Elastic Beanstalk In-Reply-To: References: Message-ID: Is it possible to see application.py or daemon.py? ~Jonathan C. On Mon, Apr 3, 2017 at 2:22 PM, Blythe Sheldon wrote: > Hello, > > I'm new to the list, so apologies if a question like mine has been > asked and answered before. I've created a Flask app that accepts text > input via a form, which then gets saved to the server and processed by > another script, which I've daemonized per my own scrappy daemon.py. > After deploying the app to AWS Elastic Beanstalk, I see that my text > processing script does not run. I don't have enough background with > mod_wsgi to know how to resolve this issue, and given the simplicity > of what I'm trying to accomplish, I want to use the most appropriate > daemonizing tool. I've attached the the error log output. If anyone > has any advice on how to fix this error, I'd appreciate it! > > Thanks, > Blythe > > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From blythe.sheldon at gmail.com Mon Apr 3 18:19:01 2017 From: blythe.sheldon at gmail.com (Blythe Sheldon) Date: Mon, 3 Apr 2017 15:19:01 -0700 Subject: [Flask] Issue with Daemonization, Flask, and Elastic Beanstalk In-Reply-To: References:

Message-ID: Hello? Here you go. https://gist.github.com/blythest/4b8afa1c73dd98457f0c8ef68e29bc6c/32ed1547f636abccafdf003d107b6f33fba5fba8 https://gist.github.com/blythest/6cd30bc5fc5953739b6d763801d94e97 Thanks, Blythe On Mon, Apr 3, 2017 at 2:59 PM, Blythe Sheldon wrote: > Here you go. > > Thanks, > B > > On Mon, Apr 3, 2017 at 2:45 PM, Jonathan Chen wrote: >> Is it possible to see application.py or daemon.py? >> >> >> ~Jonathan C. >> >> On Mon, Apr 3, 2017 at 2:22 PM, Blythe Sheldon >> wrote: >>> >>> Hello, >>> >>> I'm new to the list, so apologies if a question like mine has been >>> asked and answered before. I've created a Flask app that accepts text >>> input via a form, which then gets saved to the server and processed by >>> another script, which I've daemonized per my own scrappy daemon.py. >>> After deploying the app to AWS Elastic Beanstalk, I see that my text >>> processing script does not run. I don't have enough background with >>> mod_wsgi to know how to resolve this issue, and given the simplicity >>> of what I'm trying to accomplish, I want to use the most appropriate >>> daemonizing tool. I've attached the the error log output. If anyone >>> has any advice on how to fix this error, I'd appreciate it! >>> >>> Thanks, >>> Blythe >>> >>> _______________________________________________ >>> Flask mailing list >>> Flask at python.org >>> https://mail.python.org/mailman/listinfo/flask >>> >> >> >> _______________________________________________ >> Flask mailing list >> Flask at python.org >> https://mail.python.org/mailman/listinfo/flask >> From thomas.david.vaughan at gmail.com Mon Apr 3 20:02:04 2017 From: thomas.david.vaughan at gmail.com (Tom Vaughan) Date: Mon, 3 Apr 2017 21:02:04 -0300 Subject: [Flask] Issue with Daemonization, Flask, and Elastic Beanstalk In-Reply-To: References:

Message-ID: The problem, as shown in the stacktrace in your original email, is that you call exit in daemon.py in the child process. If you want to keep this approach, you should use subprocess.Popen instead of daemon.py to invoke process_text.py. Like: subprocess.Popen(["python", "process_text.py"]) See also: https://docs.python.org/3/library/subprocess.html#replacing-the-os-spawn-family However, this has two problems. 1) process_text.py is passed data via testfile.txt which is created in application.py. testfile.txt will be overwritten each time the Flask app is called. When more than one request is made at the same time testfile.txt will be overwritten at the same time it is being processed by another request. At a minimum each request should use a unique temporary file name. 2) If the Apache worker process quits (most likely because it has served its limit of requests) while there are still running jobs of process_text.py these jobs will be killed. I suggest you take a look at using at task queue like Celery instead. http://www.celeryproject.org/ Redis could probably be made to work too. -Tom On Mon, Apr 3, 2017 at 7:19 PM, Blythe Sheldon wrote: > Hello? Here you go. > > https://gist.github.com/blythest/4b8afa1c73dd98457f0c8ef68e29bc6c/32ed1547f636abccafdf003d107b6f33fba5fba8 > https://gist.github.com/blythest/6cd30bc5fc5953739b6d763801d94e97 > > Thanks, > Blythe > > On Mon, Apr 3, 2017 at 2:59 PM, Blythe Sheldon wrote: >> Here you go. >> >> Thanks, >> B >> >> On Mon, Apr 3, 2017 at 2:45 PM, Jonathan Chen wrote: >>> Is it possible to see application.py or daemon.py? >>> >>> >>> ~Jonathan C. >>> >>> On Mon, Apr 3, 2017 at 2:22 PM, Blythe Sheldon >>> wrote: >>>> >>>> Hello, >>>> >>>> I'm new to the list, so apologies if a question like mine has been >>>> asked and answered before. I've created a Flask app that accepts text >>>> input via a form, which then gets saved to the server and processed by >>>> another script, which I've daemonized per my own scrappy daemon.py. >>>> After deploying the app to AWS Elastic Beanstalk, I see that my text >>>> processing script does not run. I don't have enough background with >>>> mod_wsgi to know how to resolve this issue, and given the simplicity >>>> of what I'm trying to accomplish, I want to use the most appropriate >>>> daemonizing tool. I've attached the the error log output. If anyone >>>> has any advice on how to fix this error, I'd appreciate it! >>>> >>>> Thanks, >>>> Blythe >>>> >>>> _______________________________________________ >>>> Flask mailing list >>>> Flask at python.org >>>> https://mail.python.org/mailman/listinfo/flask >>>> >>> >>> >>> _______________________________________________ >>> Flask mailing list >>> Flask at python.org >>> https://mail.python.org/mailman/listinfo/flask >>> > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask From gergely at polonkai.eu Thu Apr 6 16:36:29 2017 From: gergely at polonkai.eu (Gergely Polonkai) Date: Thu, 06 Apr 2017 20:36:29 +0000 Subject: [Flask] Subclassing flask.Flask? In-Reply-To: References: Message-ID: Hello, I don't see anything wrong with that; in fact, Python is a language where you can do the same thing in many different ways. I don't really see the advantages of application factories and module globals; if you don't have a Flask instance, you can't use them anyway. If you have a Flask instance, why would you use them instead of class properties? Right now I'm trying to transition a relatively big Flask app from app factory to Flask subclass. There are a lot of measurements to do, but so far it looks cleaner (to me). Best, Gergely On Fri, Mar 31, 2017, 14:49 Skip Montanaro wrote: > I'm getting to the point with a smallish Flask application that I > really don't want a bunch of module-level global variables sitting > around. My initial inclination would be to subclass flask.Flask, but > picking through the documentation and the prominent examples > (minitwit, etc), I didn't see any examples of this. This leads me to > believe that maybe that's not the correct route for corralling my > data. > > I'll give you one small example. My database is actually constructed > from a set of files which are updated outside of my control. I'd like > to run a separate thread to incrementally update the relevant bits of > my database as individual files change. The straightforward (to me) > way to do this is to have a separate thread which keeps things > up-to-date. As I'm currently using sqlite3, that suggests I need to > lock access. Storing the necessary threading.{RLock,Lock} object at > the module level seems iffy. I'd prefer to keep it as an instance > attribute. Once I've got a subclass, why not put all the > implementation in instance methods with the necessary @app.route > decorators? > > So, am I off-base in thinking I should subclass the Flask class? Is > there a more prevalent pattern? > > Thx, > > Skip Montanaro > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask > -------------- next part -------------- An HTML attachment was scrubbed... URL: From davidism at gmail.com Thu Apr 6 16:55:52 2017 From: davidism at gmail.com (David Lord) Date: Thu, 6 Apr 2017 13:55:52 -0700 Subject: [Flask] Subclassing flask.Flask? In-Reply-To: References:

Message-ID: A class is an instance factory, so you're not really doing anything except moving the pattern around by doing that refactor. The point of the proxy globals is that the don't have to be passed around to each function that needs them. Either way it's a style choice, doesn't really matter. On Apr 6, 2017 13:43, "Gergely Polonkai" wrote: > Hello, > > I don't see anything wrong with that; in fact, Python is a language where > you can do the same thing in many different ways. > > I don't really see the advantages of application factories and module > globals; if you don't have a Flask instance, you can't use them anyway. If > you have a Flask instance, why would you use them instead of class > properties? > > Right now I'm trying to transition a relatively big Flask app from app > factory to Flask subclass. There are a lot of measurements to do, but so > far it looks cleaner (to me). > > Best, > Gergely > > On Fri, Mar 31, 2017, 14:49 Skip Montanaro > wrote: > >> I'm getting to the point with a smallish Flask application that I >> really don't want a bunch of module-level global variables sitting >> around. My initial inclination would be to subclass flask.Flask, but >> picking through the documentation and the prominent examples >> (minitwit, etc), I didn't see any examples of this. This leads me to >> believe that maybe that's not the correct route for corralling my >> data. >> >> I'll give you one small example. My database is actually constructed >> from a set of files which are updated outside of my control. I'd like >> to run a separate thread to incrementally update the relevant bits of >> my database as individual files change. The straightforward (to me) >> way to do this is to have a separate thread which keeps things >> up-to-date. As I'm currently using sqlite3, that suggests I need to >> lock access. Storing the necessary threading.{RLock,Lock} object at >> the module level seems iffy. I'd prefer to keep it as an instance >> attribute. Once I've got a subclass, why not put all the >> implementation in instance methods with the necessary @app.route >> decorators? >> >> So, am I off-base in thinking I should subclass the Flask class? Is >> there a more prevalent pattern? >> >> Thx, >> >> Skip Montanaro >> _______________________________________________ >> Flask mailing list >> Flask at python.org >> https://mail.python.org/mailman/listinfo/flask >> > > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From badrihippo at gmail.com Tue Apr 11 08:39:59 2017 From: badrihippo at gmail.com (badrihippo at gmail.com) Date: Tue, 11 Apr 2017 17:39:59 +0500 Subject: [Flask] Globally accessible variables in Flask Message-ID: <1491914399.6547.0@smtp.gmail.com> I know I figured this out sometime, but can't remember now. How does one make a variable that is automatically accessible to all views? I mean like the current_user variable provided by Flask-Admin: it automatically calculates current_user and makes it available to the view for each request, without having to manually define it each time. Basically, make it so that instead of... > @app.route('/example') > def example(): > my_var = something() > > @app.route('/example/2') > def second_example(): > my_var = something() ...it automatically calculates my_var without having to manually define it in each view. Okay, I hope that was clear. And thanks in advance! ?Badri/Hippo -------------- next part -------------- An HTML attachment was scrubbed... URL: From davidism at gmail.com Tue Apr 11 09:38:55 2017 From: davidism at gmail.com (David Lord) Date: Tue, 11 Apr 2017 06:38:55 -0700 Subject: [Flask] Globally accessible variables in Flask In-Reply-To: <1491914399.6547.0@smtp.gmail.com> References: <1491914399.6547.0@smtp.gmail.com> Message-ID: current_user is a LocalProxy. Other examples are current_app, g, request, and session. You can create your own, it's documented in Werkzeug: http://werkzeug.pocoo.org/docs/0.11/local/#werkzeug.local.LocalProxy. How you create it depends on what your data is, but in most cases you probably want to pass a callable that returns the object. On Tue, Apr 11, 2017 at 5:39 AM, wrote: > I know I figured this out sometime, but can't remember now. How does one > make a variable that is automatically accessible to all views? > > I mean like the current_user variable provided by Flask-Admin: it > automatically calculates current_user and makes it available to the view > for each request, without having to manually define it each time. > > Basically, make it so that instead of... > > @app.route('/example') > def example(): > my_var = something() > > @app.route('/example/2') > def second_example(): > my_var = something() > > > ...it automatically calculates my_var without having to manually define > it in each view. > > Okay, I hope that was clear. And thanks in advance! > > ?Badri/Hippo > > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From msn734506700 at live.com Tue Apr 11 09:40:23 2017 From: msn734506700 at live.com (song xiaowei) Date: Tue, 11 Apr 2017 13:40:23 +0000 Subject: [Flask] =?utf-8?b?5Zue5aSN77yaIEdsb2JhbGx5IGFjY2Vzc2libGUgdmFy?= =?utf-8?q?iables_in_Flask?= In-Reply-To: <1491914399.6547.0@smtp.gmail.com> References: <1491914399.6547.0@smtp.gmail.com> Message-ID: It calculated before request, used in the flask before request a decorator ???????? ?2017?04?11? 20:39?badrihippo at gmail.com ??? I know I figured this out sometime, but can't remember now. How does one make a variable that is automatically accessible to all views? I mean like the current_user variable provided by Flask-Admin: it automatically calculates current_user and makes it available to the view for each request, without having to manually define it each time. Basically, make it so that instead of... @app.route('/example') def example(): my_var = something() @app.route('/example/2') def second_example(): my_var = something() ...it automatically calculates my_var without having to manually define it in each view. Okay, I hope that was clear. And thanks in advance! ?Badri/Hippo -------------- next part -------------- An HTML attachment was scrubbed... URL: From spenceryoung at ufl.edu Tue Apr 11 09:08:00 2017 From: spenceryoung at ufl.edu (Young,Spencer P) Date: Tue, 11 Apr 2017 13:08:00 +0000 Subject: [Flask] Globally accessible variables in Flask In-Reply-To: <1491914399.6547.0@smtp.gmail.com> References: <1491914399.6547.0@smtp.gmail.com> Message-ID: You probably want to take a look at the request context and proxies. IIRC 'current_user' is a proxy pushed onto the request context. http://flask.pocoo.org/docs/0.12/reqcontext/ -Spencer Sent from my iPhone On Apr 11, 2017, at 8:44 AM, "badrihippo at gmail.com" > wrote: I know I figured this out sometime, but can't remember now. How does one make a variable that is automatically accessible to all views? I mean like the current_user variable provided by Flask-Admin: it automatically calculates current_user and makes it available to the view for each request, without having to manually define it each time. Basically, make it so that instead of... @app.route('/example') def example(): my_var = something() @app.route('/example/2') def second_example(): my_var = something() ...it automatically calculates my_var without having to manually define it in each view. Okay, I hope that was clear. And thanks in advance! -Badri/Hippo _______________________________________________ Flask mailing list Flask at python.org https://mail.python.org/mailman/listinfo/flask -------------- next part -------------- An HTML attachment was scrubbed... URL: From coreybrett at gmail.com Tue Apr 11 11:22:41 2017 From: coreybrett at gmail.com (Corey Boyle) Date: Tue, 11 Apr 2017 11:22:41 -0400 Subject: [Flask] Globally accessible variables in Flask In-Reply-To: <1491914399.6547.0@smtp.gmail.com> References: <1491914399.6547.0@smtp.gmail.com> Message-ID: I think you are looking for this. http://flask.pocoo.org/docs/0.12/templating/#context-processors On Tue, Apr 11, 2017 at 8:39 AM, wrote: > I know I figured this out sometime, but can't remember now. How does one > make a variable that is automatically accessible to all views? > > I mean like the current_user variable provided by Flask-Admin: it > automatically calculates current_user and makes it available to the view for > each request, without having to manually define it each time. > > Basically, make it so that instead of... > > @app.route('/example') > def example(): > my_var = something() > > @app.route('/example/2') > def second_example(): > my_var = something() > > > ...it automatically calculates my_var without having to manually define it > in each view. > > Okay, I hope that was clear. And thanks in advance! > > ?Badri/Hippo > > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask > From skip.montanaro at gmail.com Wed Apr 12 14:02:58 2017 From: skip.montanaro at gmail.com (Skip Montanaro) Date: Wed, 12 Apr 2017 13:02:58 -0500 Subject: [Flask] A bit confused about route decorator and optional parameters Message-ID: I'm trying to create a Flask endpoint which corresponds to an existing function which takes a single required arg and potentially a half dozen or so optional args. (I know, crazy. Still, it's what I have to work with.) What's the idiomatic approach to this? Let's simplify the problem with a silly hypothetical concrete example. Suppose I have this function: def func(param, opt1=None, opt2=None, opt3=None): return (param, opt1, opt2, opt3) Any subset of the optN parameters might be given (that is, the presence of opt2 doesn't imply the presence of opt1). What are the best app.route() decorator calls for this function? When none are given, I clearly can have @app.route("/func/param") Do I give a defaults dictionary for the other params, like so? @app.route("/func/param", defaults={"opt1": None, "opt2": None, "opt3": None}) With that signature, can I use traditional URL parameter notation to specify the optional parameters? My initial experiment didn't succeed, so I've failed so far to provide an existence proof of that solution, and my perusal of the documentation has so far not turned up any examples of "?...&...&..." notation. Thx, Skip Montanaro From wright8191 at gmail.com Wed Apr 12 14:22:48 2017 From: wright8191 at gmail.com (Harrison Wright) Date: Wed, 12 Apr 2017 13:22:48 -0500 Subject: [Flask] A bit confused about route decorator and optional parameters In-Reply-To: References: Message-ID: I'm not certain of an idiomatic way, it depends on what you want your API design to me. Based on your question it is unclear to me if you want path parameters or query parameters, but... If you would like to specify optional path parameters, you need to define an app route with those parameters. Remember that you can define multiple routes to a single function. Such as... @app.route("/func/", defaults={"opt1": None, "opt2": None, "opt3": None}) @app.route("/func//opt1/", defaults={"opt2": None, "opt3": None}) @app.route("/func//opt1//opt2/", defaults={"opt3": None}) and so on.... doing this for a half dozen optional path parameters sounds messy. If you want to parse option query parameters you should use request.args.get('param_name') I would suggest creating a route function that simple serves as a wrapper for the function that is already defined, and use optional query parameters (or a mix of query/path parameters where it makes sense). It's hard to say for sure without the semantics of the function and arguments. Something like: @app.route("/func/") def my_func(required_param): func_you_have(required_param, opt1=request.args.get('opt1'), opt2=request.args.get('opt2'), ...) On Wed, Apr 12, 2017 at 1:02 PM, Skip Montanaro wrote: > I'm trying to create a Flask endpoint which corresponds to an existing > function which takes a single required arg and potentially a half > dozen or so optional args. (I know, crazy. Still, it's what I have to > work with.) What's the idiomatic approach to this? > > Let's simplify the problem with a silly hypothetical concrete example. > Suppose I have this function: > > def func(param, opt1=None, opt2=None, opt3=None): > return (param, opt1, opt2, opt3) > > Any subset of the optN parameters might be given (that is, the > presence of opt2 doesn't imply the presence of opt1). What are the > best app.route() decorator calls for this function? When none are > given, I clearly can have > > @app.route("/func/param") > > Do I give a defaults dictionary for the other params, like so? > > @app.route("/func/param", defaults={"opt1": None, "opt2": None, "opt3": > None}) > > With that signature, can I use traditional URL parameter notation to > specify the optional parameters? My initial experiment didn't succeed, > so I've failed so far to provide an existence proof of that solution, > and my perusal of the documentation has so far not turned up any > examples of "?...&...&..." notation. > > Thx, > > Skip Montanaro > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask > -------------- next part -------------- An HTML attachment was scrubbed... URL: From skip.montanaro at gmail.com Wed Apr 12 14:28:52 2017 From: skip.montanaro at gmail.com (Skip Montanaro) Date: Wed, 12 Apr 2017 13:28:52 -0500 Subject: [Flask] A bit confused about route decorator and optional parameters In-Reply-To: References:

Message-ID: On Wed, Apr 12, 2017 at 1:22 PM, Harrison Wright wrote: > @app.route("/func/") > def my_func(required_param): > func_you_have(required_param, > opt1=request.args.get('opt1'), > opt2=request.args.get('opt2'), > ...) Thank you. This seems to be exactly what I need. I was thinking the optional parameters had to be specified in the function signature. Skip From badrihippo at gmail.com Thu Apr 13 03:35:17 2017 From: badrihippo at gmail.com (badrihippo at gmail.com) Date: Thu, 13 Apr 2017 12:35:17 +0500 Subject: [Flask] Globally accessible variables in Flask In-Reply-To: References: <1491914399.6547.0@smtp.gmail.com> Message-ID: <1492068917.1720.0@smtp.gmail.com> Thanks, everyone! Yes, Werkzeug's LocalProxy and Flask's @app.context_processor were what I was looking for. I realised flask_admin is using both: the first one makes it available to the view, and the second one to the template. Guess they'll both come in useful, in different contexts (no pun intended)! ?Badri/Hippo -------------- next part -------------- An HTML attachment was scrubbed... URL: From skip.montanaro at gmail.com Thu Apr 13 14:23:25 2017 From: skip.montanaro at gmail.com (Skip Montanaro) Date: Thu, 13 Apr 2017 13:23:25 -0500 Subject: [Flask] Application structure best practice? Message-ID: I asked a colleague about some mildly confusing (to me) usage of the name "app". He got it from this tutorial: https://blog.miguelgrinberg.com/post/the-flask-mega-tutorial-part-i-hello-world Not quite halfway through the blog, he has the reader create an app directory, then an __init__.py file in it containing these lines: from flask import Flask app = Flask(__name__) from app import views The author then spends a couple short paragraphs explaining the double-duty done by the name "app" and the atypical import at the end of the module (personally, not where I look first for import statements). This seems odd to me, but if that's the common idiom, I'm happy to go with it. The Flaskr tutorial has a bit different structure. The lack of an __init__.py file suggests that it's written using Python 3. I'm stuck with Python 2 for the foreseeable future, however. Do people use different schemes to setup their application structures? Is there a "best practice" for the application structure? Thx, Skip Montanaro -------------- next part -------------- An HTML attachment was scrubbed... URL: From thomas.david.vaughan at gmail.com Thu Apr 13 15:15:35 2017 From: thomas.david.vaughan at gmail.com (Tom Vaughan) Date: Thu, 13 Apr 2017 16:15:35 -0300 Subject: [Flask] Application structure best practice? In-Reply-To: References: Message-ID: Hey Skip, Please see https://gitlab.com/tvaughan/docker-flask-starterkit The app is created in https://gitlab.com/tvaughan/docker-flask-starterkit/blob/master/app/starterkit/app.py#L39. This approach allows for different environments, like development and production (https://gitlab.com/tvaughan/docker-flask-starterkit/tree/master/app/starterkit/settings), via an environment variable (https://gitlab.com/tvaughan/docker-flask-starterkit/blob/master/Makefile#L23 and https://gitlab.com/tvaughan/docker-flask-starterkit/blob/master/coreos/etc/systemd/system/app.service#L12) or manually (https://gitlab.com/tvaughan/docker-flask-starterkit/blob/master/app/starterkit/tests/helpers.py#L11). uWSGI then creates the app via https://gitlab.com/tvaughan/docker-flask-starterkit/blob/master/app/uwsgi.ini#L4. I don't claim this constitutes "best practices." This is just what I've done to solve this problem. Best, -Tom On Thu, Apr 13, 2017 at 3:23 PM, Skip Montanaro wrote: > I asked a colleague about some mildly confusing (to me) usage of the name > "app". He got it from this tutorial: > > https://blog.miguelgrinberg.com/post/the-flask-mega-tutorial-part-i-hello-world > > Not quite halfway through the blog, he has the reader create an app > directory, then an __init__.py file in it containing these lines: > > from flask import Flask > > app = Flask(__name__) > from app import views > > > The author then spends a couple short paragraphs explaining the double-duty > done by the name "app" and the atypical import at the end of the module > (personally, not where I look first for import statements). This seems odd > to me, but if that's the common idiom, I'm happy to go with it. The Flaskr > tutorial has a bit different structure. The lack of an __init__.py file > suggests that it's written using Python 3. I'm stuck with Python 2 for the > foreseeable future, however. Do people use different schemes to setup their > application structures? Is there a "best practice" for the application > structure? > > Thx, > > Skip Montanaro > > > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask > From skip.montanaro at gmail.com Fri Apr 14 09:54:33 2017 From: skip.montanaro at gmail.com (Skip Montanaro) Date: Fri, 14 Apr 2017 08:54:33 -0500 Subject: [Flask] Application structure best practice? In-Reply-To: References: Message-ID: Tom> Please see https://gitlab.com/tvaughan/docker-flask-starterkit Thanks. I also stumbled on cookiecutter, which has a couple Flask templates. I'll be doing some poking around the next few days. I have a mail archive display/browse app in mind which I'm hopeful might be generally useful. Skip From scott.werner.vt at gmail.com Sat Apr 15 09:34:20 2017 From: scott.werner.vt at gmail.com (Scott Werner) Date: Sat, 15 Apr 2017 09:34:20 -0400 Subject: [Flask] A bit confused about route decorator and optional parameters In-Reply-To: References:

Message-ID: Forgot to hit reply all on my response: https://webargs.readthedocs.io/ is an excellent package for parsing query parameters and can also be used on paths. Scott Werner scott.werner.vt at gmail.com On Apr 12, 2017 2:28 PM, "Skip Montanaro" wrote: > On Wed, Apr 12, 2017 at 1:22 PM, Harrison Wright > wrote: > > @app.route("/func/") > > def my_func(required_param): > > func_you_have(required_param, > > opt1=request.args.get('opt1'), > > opt2=request.args.get('opt2'), > > ...) > > Thank you. This seems to be exactly what I need. I was thinking the > optional parameters had to be specified in the function signature. > > Skip > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask > -------------- next part -------------- An HTML attachment was scrubbed... URL: From skip.montanaro at gmail.com Sat Apr 15 09:43:13 2017 From: skip.montanaro at gmail.com (Skip Montanaro) Date: Sat, 15 Apr 2017 08:43:13 -0500 Subject: [Flask] A bit confused about route decorator and optional parameters In-Reply-To: References:

Message-ID: Thanks for the pointer. I've been away from any sort of web development for a long while. Things have changed quite a bit since the days of cgi.FieldStorage. For you young'uns out there, the Python documentation for the cgi module shows how we used to get things done. Everyone had the print statement and a bunch of angle brackets in their toolkit. Seems quaint now. :-) https://docs.python.org/2/library/cgi.html On Sat, Apr 15, 2017 at 8:34 AM, Scott Werner wrote: > Forgot to hit reply all on my response: > > https://webargs.readthedocs.io/ is an excellent package for parsing query > parameters and can also be used on paths. > > Scott Werner > scott.werner.vt at gmail.com > > On Apr 12, 2017 2:28 PM, "Skip Montanaro" wrote: >> >> On Wed, Apr 12, 2017 at 1:22 PM, Harrison Wright >> wrote: >> > @app.route("/func/") >> > def my_func(required_param): >> > func_you_have(required_param, >> > opt1=request.args.get('opt1'), >> > opt2=request.args.get('opt2'), >> > ...) >> >> Thank you. This seems to be exactly what I need. I was thinking the >> optional parameters had to be specified in the function signature. >> >> Skip >> _______________________________________________ >> Flask mailing list >> Flask at python.org >> https://mail.python.org/mailman/listinfo/flask From skip.montanaro at gmail.com Mon Apr 17 14:28:19 2017 From: skip.montanaro at gmail.com (Skip Montanaro) Date: Mon, 17 Apr 2017 13:28:19 -0500 Subject: [Flask] I'm missing something about these Flask cookiecutter template Message-ID: I'm casting about for a useful Flask template for more serious applications. I've done one or two very small Flask apps manually, but thought it would be nice to see what sort of structures people use for more complex stuff. I installed cookiecutter into my Anaconda environment. (That was a chore because anaconda.org keeps complaining that I'm not authorized , so I had to download and install it and its dependencies manually. Not great fun.) Then I instantiated this template: https://github.com/sloria/cookiecutter-flask and answered the simple questions it asked (name, title, description, etc.) Then, looking at these instructions: https://github.com/sloria/cookiecutter-flask/blob/master/%7B%7Bcookiecutter.app_name%7D%7D/README.rst#quickstart I saw a bit more than I hoped for. So far, in my trivial applications, I've just run from the repo (no installation). I figured this would be all I needed: export {{cookiecutter.app_name | upper}}_SECRET='something-really-secret' export FLASK_APP=/path/to/autoapp.py export FLASK_DEBUG=1 flask run When I visit the app's URL, I keep getting flask.cli.NoAppException: The file/path provided (manage) does not appear to exist. Please verify the path is correct. If app is not on PYTHONPATH, ensure the extension is .py So I tried another template: https://github.com/JackStouffer/cookiecutter-Flask-Foundation Same drill. Answer the questions, set the FLASK environment variables, run the flask app: (anaconda) stouffer-flask% pwd /home/skip/src/stouffer-flask (anaconda) stouffer-flask% cd defunct_archiver/ (anaconda) defunct_archiver% ls defunct_archiver manage.py README.md tests Makefile __pycache__ requirements.txt (anaconda) defunct_archiver% export FLASK_APP=${PWD}/manage.py (anaconda) defunct_archiver% export FLASK_DEBUG=1 (anaconda) defunct_archiver% flask run * Serving Flask app "manage" * Forcing debug mode on /home/skip/src/stouffer-flask/defunct_archiver/manage.py:5: ExtDeprecationWarning: Importing flask.ext.script is deprecated, use flask_script instead. from flask.ext.script import Manager, Server * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit) * Restarting with stat /home/skip/src/stouffer-flask/defunct_archiver/manage.py:5: ExtDeprecationWarning: Importing flask.ext.script is deprecated, use flask_script instead. from flask.ext.script import Manager, Server * Debugger is active! * Debugger PIN: 104-595-126 Then I visit http://127.0.0.1:5000/ and get the same 500 response. 127.0.0.1 - - [17/Apr/2017 13:23:39] "GET / HTTP/1.1" 500 - Traceback (most recent call last): File "/home/skip/anaconda3/envs/anaconda/lib/python3.6/site-packages/flask/cli.py", line 178, in __call__ self._flush_bg_loading_exception() File "/home/skip/anaconda3/envs/anaconda/lib/python3.6/site-packages/flask/cli.py", line 166, in _flush_bg_loading_exception reraise(*exc_info) File "/home/skip/anaconda3/envs/anaconda/lib/python3.6/site-packages/flask/_compat.py", line 33, in reraise raise value File "/home/skip/anaconda3/envs/anaconda/lib/python3.6/site-packages/flask/cli.py", line 155, in _load_app self._load_unlocked() File "/home/skip/anaconda3/envs/anaconda/lib/python3.6/site-packages/flask/cli.py", line 170, in _load_unlocked self._app = rv = self.loader() File "/home/skip/anaconda3/envs/anaconda/lib/python3.6/site-packages/flask/cli.py", line 231, in load_app rv = locate_app(self.app_import_path) File "/home/skip/anaconda3/envs/anaconda/lib/python3.6/site-packages/flask/cli.py", line 95, in locate_app 'is .py' % module) flask.cli.NoAppException: The file/path provided (manage) does not appear to exist. Please verify the path is correct. If app is not on PYTHONPATH, ensure the extension is .py Shouldn't I be able to bring up one of these skeletal Flask apps from my local repo without having to go through the labor of packaging and installing it? Is there some underlying exception getting raised and tossed in favor of the higher level NoAppException? If so, is there some way to get at it? Thx, Skip Montanaro -------------- next part -------------- An HTML attachment was scrubbed... URL: From projetmbc at gmail.com Thu Apr 20 17:17:13 2017 From: projetmbc at gmail.com (Christophe BAL (via GMAIL)) Date: Thu, 20 Apr 2017 23:17:13 +0200 Subject: [Flask] User connected as an associated user on a Linux server Message-ID: <3f9ca89d-784c-f0e3-5336-d3819403b631@gmail.com> Hello. I hope that my message will not produce to much noise. *Here is my question.** * **Is there an easy way with flask to connect a "web user" as a Linux user on the server where the flask app is hosted ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From gergely at polonkai.eu Fri Apr 21 02:28:51 2017 From: gergely at polonkai.eu (Gergely Polonkai) Date: Fri, 21 Apr 2017 06:28:51 +0000 Subject: [Flask] User connected as an associated user on a Linux server In-Reply-To: <3f9ca89d-784c-f0e3-5336-d3819403b631@gmail.com> References: <3f9ca89d-784c-f0e3-5336-d3819403b631@gmail.com> Message-ID: Depends on what you want to do. If you want to authenticate (ie. allow the user to log in with their system password), there are mechanisms to let you do this, although I think it?s a security risk. If you want to let your user execute system commands through Flask, and you have only one such user, you will have to run your app as that user. If you have more than one users, you have to run your app as root, which is generally a bad idea. All the above is true if you have only Flask in the game. Add task executors (like Celery) and you get a different (but not much different) answer. If you could tell us your base problem (ie. why do you need this?), maybe the community can come up with some alternatives. Best, Gergely On Thu, Apr 20, 2017, 23:17 Christophe BAL (via GMAIL) wrote: > Hello. > > > I hope that my message will not produce to much noise. > > > *Here is my question.* > > Is there an easy way with flask to connect a "web user" as a Linux user on > the server where the flask app is hosted ? > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask > -------------- next part -------------- An HTML attachment was scrubbed... URL: From projetmbc at gmail.com Fri Apr 21 09:38:31 2017 From: projetmbc at gmail.com (Christophe BAL (via GMAIL)) Date: Fri, 21 Apr 2017 15:38:31 +0200 Subject: [Flask] User connected as an associated user on a Linux server In-Reply-To: References: <3f9ca89d-784c-f0e3-5336-d3819403b631@gmail.com> Message-ID: <32467152-6f91-44e5-d3e2-622854a23f82@gmail.com> Ideally I would like to propose in a secure environment the possibility to play with merly all the functionnalities of Python. I am thinking of this as a dream because I know that a lot of problem can appear. I would also like to use git in backend via an easy to use interface. In that case the user will not know that I use a user Linux session. C. Le 21/04/2017 ? 08:28, Gergely Polonkai a ?crit : > > Depends on what you want to do. > > If you want to authenticate (ie. allow the user to log in with their > system password), there are mechanisms to let you do this, although I > think it?s a security risk. > > If you want to let your user execute system commands through Flask, > and you have only one such user, you will have to run your app as that > user. If you have more than one users, you have to run your app as > root, which is generally a bad idea. > > All the above is true if you have only Flask in the game. Add task > executors (like Celery) and you get a different (but not much > different) answer. > > If you could tell us your base problem (ie. why do you need this?), > maybe the community can come up with some alternatives. > > Best, > Gergely > > > On Thu, Apr 20, 2017, 23:17 Christophe BAL (via GMAIL) > > wrote: > > Hello. > > > I hope that my message will not produce to much noise. > > > *Here is my question.** > * > > Is there an easy way with flask to connect a "web user" as a Linux > user on the server where the flask app is hosted ? > > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask > -- Christophe BAL Enseignant Agr?g? de Math?matiques Programmeur Python Amateur -------------- next part -------------- An HTML attachment was scrubbed... URL: From david at davidbaumgold.com Fri Apr 21 09:41:10 2017 From: david at davidbaumgold.com (David Baumgold) Date: Fri, 21 Apr 2017 09:41:10 -0400 Subject: [Flask] User connected as an associated user on a Linux server In-Reply-To: <32467152-6f91-44e5-d3e2-622854a23f82@gmail.com> References: <3f9ca89d-784c-f0e3-5336-d3819403b631@gmail.com> <32467152-6f91-44e5-d3e2-622854a23f82@gmail.com> Message-ID: Have you looked at PythonAnywhere??https://www.pythonanywhere.com/?It might be exactly what you?re looking for. DB On April 21, 2017 at 9:38:52 AM, Christophe BAL (via GMAIL) (projetmbc at gmail.com) wrote: Ideally I would like to propose in a secure environment the possibility to play with merly all the functionnalities of Python. I am thinking of this as a dream because I know that a lot of problem can appear. I would also like to use git in backend via an easy to use interface. In that case the user will not know that I use a user Linux session. C. Le 21/04/2017 ? 08:28, Gergely Polonkai a ?crit?: Depends on what you want to do. If you want to authenticate (ie. allow the user to log in with their system password), there are mechanisms to let you do this, although I think it?s a security risk. If you want to let your user execute system commands through Flask, and you have only one such user, you will have to run your app as that user. If you have more than one users, you have to run your app as root, which is generally a bad idea. All the above is true if you have only Flask in the game. Add task executors (like Celery) and you get a different (but not much different) answer. If you could tell us your base problem (ie. why do you need this?), maybe the community can come up with some alternatives. Best, Gergely On Thu, Apr 20, 2017, 23:17 Christophe BAL (via GMAIL) wrote: Hello. I hope that my message will not produce to much noise. Here is my question. Is there an easy way with flask to connect a "web user" as a Linux user on the server where the flask app is hosted ? _______________________________________________ Flask mailing list Flask at python.org https://mail.python.org/mailman/listinfo/flask -- Christophe BAL Enseignant Agr?g? de Math?matiques Programmeur Python Amateur _______________________________________________ Flask mailing list Flask at python.org https://mail.python.org/mailman/listinfo/flask -------------- next part -------------- An HTML attachment was scrubbed... URL: From projetmbc at gmail.com Fri Apr 21 09:44:05 2017 From: projetmbc at gmail.com (Christophe BAL (via GMAIL)) Date: Fri, 21 Apr 2017 15:44:05 +0200 Subject: [Flask] User connected as an associated user on a Linux server In-Reply-To: References: <3f9ca89d-784c-f0e3-5336-d3819403b631@gmail.com> <32467152-6f91-44e5-d3e2-622854a23f82@gmail.com> Message-ID: <0c165261-d3d0-9379-bc0d-aacef06f62e0@gmail.com> I know that and maybe I will use it but in the other hand I would like to learn a little how about to do that kind of things or merly. 21/04/2017 ? 15:41, David Baumgold a ?crit : > Have you looked at PythonAnywhere? https://www.pythonanywhere.com/ It > might be exactly what you?re looking for. > > DB > > On April 21, 2017 at 9:38:52 AM, Christophe BAL (via GMAIL) > (projetmbc at gmail.com ) wrote: > >> Ideally I would like to propose in a secure environment the >> possibility to play with merly all the functionnalities of Python. I >> am thinking of this as a dream because I know that a lot of problem >> can appear. >> >> >> I would also like to use git in backend via an easy to use interface. >> In that case the user will not know that I use a user Linux session. >> >> >> C. >> >> >> Le 21/04/2017 ? 08:28, Gergely Polonkai a ?crit : >>> >>> Depends on what you want to do. >>> >>> If you want to authenticate (ie. allow the user to log in with their >>> system password), there are mechanisms to let you do this, although >>> I think it?s a security risk. >>> >>> If you want to let your user execute system commands through Flask, >>> and you have only one such user, you will have to run your app as >>> that user. If you have more than one users, you have to run your app >>> as root, which is generally a bad idea. >>> >>> All the above is true if you have only Flask in the game. Add task >>> executors (like Celery) and you get a different (but not much >>> different) answer. >>> >>> If you could tell us your base problem (ie. why do you need this?), >>> maybe the community can come up with some alternatives. >>> >>> Best, >>> Gergely >>> >>> >>> On Thu, Apr 20, 2017, 23:17 Christophe BAL (via GMAIL) >>> > wrote: >>> >>> Hello. >>> >>> >>> I hope that my message will not produce to much noise. >>> >>> >>> *Here is my question.* * >>> * >>> >>> Is there an easy way with flask to connect a "web user" as a >>> Linux user on the server where the flask app is hosted ? >>> >>> _______________________________________________ >>> Flask mailing list >>> Flask at python.org >>> https://mail.python.org/mailman/listinfo/flask >>> >> >> -- >> Christophe BAL >> Enseignant Agr?g? de Math?matiques >> Programmeur Python Amateur >> _______________________________________________ >> Flask mailing list >> Flask at python.org >> https://mail.python.org/mailman/listinfo/flask -- Christophe BAL Enseignant Agr?g? de Math?matiques Programmeur Python Amateur -------------- next part -------------- An HTML attachment was scrubbed... URL: From tamasiaina at gmail.com Tue Apr 25 23:29:06 2017 From: tamasiaina at gmail.com (Jonathan Chen) Date: Tue, 25 Apr 2017 20:29:06 -0700 Subject: [Flask] Flask CLI Different Message Message-ID: Hey all, I am writing some command line commands at the moment, and I started to notice that the general flask help message isn't very personalized to my application. How do I change that message to make it more personalized? ~Jonathan C. -------------- next part -------------- An HTML attachment was scrubbed... URL: From skip.montanaro at gmail.com Wed Apr 26 15:29:53 2017 From: skip.montanaro at gmail.com (Skip Montanaro) Date: Wed, 26 Apr 2017 14:29:53 -0500 Subject: [Flask] Recursively expanding template content Message-ID: This will probably sound weird, but I have an index.html template which basically looks like ... {{ content }} ... The content comes from a Markdown file generated by import markdown from flask import Markup ... content = Markup(markdown.markdown(raw)) where "raw" is the raw content of the Markdown file. I'd like to embed some Jinja2 references in the Markdown file and have them automagically processed as if they appeared in the index.html template. In particular, I'd like to call render_template with the netloc: content = Markup(markdown.markdown(raw)) netloc = urlparse.urlparse(request.url).netloc return render_template("index.html", **locals()) Currently, I fudge by just replace()ing the "{{ netloc }}" references: content = Markup(markdown.markdown(raw)).replace("{{ netloc }}", netloc) That works, but seems crude. I tried explicitly calling Jinja2.Template().render(): content = Markup(markdown.markdown(raw)) netloc = urlparse.urlparse(request.url).netloc template = jinja2.Template(content) content = template.render(netloc=netloc) return render_template("index.html", **locals()) That kinda worked, but left me with a bunch of escaped HTML entities. My guess is that render_template doesn't like "<" and such in its input strings. I suspect there is an elegant solution to this, but as I am not wise in the ways of Flask, Jinja, or markdown, it's certainly not jumping out at me. Pointers (especially to documentation I've missed *) would be appreciated. Skip Montanaro (*) Prefer doc links rather than StackOverflow links, though they will do in a pinch. From gergely at polonkai.eu Thu Apr 27 02:04:20 2017 From: gergely at polonkai.eu (Gergely Polonkai) Date: Thu, 27 Apr 2017 06:04:20 +0000 Subject: [Flask] Recursively expanding template content In-Reply-To: References: Message-ID: Hello, here?s what I?d do. ? read the raw markdown ? parse it as a template: parsed_md = render(raw_md) ? convert it to Markup ? now render the ?parent? template: render_template('main.html', md=markup_md) Best, Gergely On Wed, Apr 26, 2017, 21:30 Skip Montanaro wrote: > This will probably sound weird, but I have an index.html template > which basically looks like > > ... > > {{ content }} > > ... > > The content comes from a Markdown file generated by > > import markdown > from flask import Markup > > ... > > content = Markup(markdown.markdown(raw)) > > where "raw" is the raw content of the Markdown file. > > I'd like to embed some Jinja2 references in the Markdown file and have > them automagically processed as if they appeared in the index.html > template. In particular, I'd like to call render_template with the > netloc: > > content = Markup(markdown.markdown(raw)) > netloc = urlparse.urlparse(request.url).netloc > return render_template("index.html", **locals()) > > Currently, I fudge by just replace()ing the "{{ netloc }}" references: > > content = Markup(markdown.markdown(raw)).replace("{{ netloc }}", netloc) > > That works, but seems crude. I tried explicitly calling > Jinja2.Template().render(): > > content = Markup(markdown.markdown(raw)) > netloc = urlparse.urlparse(request.url).netloc > template = jinja2.Template(content) > content = template.render(netloc=netloc) > return render_template("index.html", **locals()) > > That kinda worked, but left me with a bunch of escaped HTML entities. > My guess is that render_template doesn't like "<" and such in its > input strings. > > I suspect there is an elegant solution to this, but as I am not wise > in the ways of Flask, Jinja, or markdown, it's certainly not jumping > out at me. Pointers (especially to documentation I've missed *) would > be appreciated. > > Skip Montanaro > > (*) Prefer doc links rather than StackOverflow links, though they will > do in a pinch. > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask > -------------- next part -------------- An HTML attachment was scrubbed... URL: From keith at the-sanctuary.biz Thu Apr 27 13:08:57 2017 From: keith at the-sanctuary.biz (Keith MacDonald) Date: Thu, 27 Apr 2017 18:08:57 +0100 Subject: [Flask] Handling web requests from blacklisted IP addresses? In-Reply-To: References: Message-ID: <481296b1a77b6812f9de22f459a07c2a@the-sanctuary.biz> I've recently built a website based on Python and Flask. Everything's fine (thanks Flask). But being cautious, in case I made mistakes with the Routes, I've been logging any 404 error messages, along with the IP address the request came from. By accident, it seems to be working well as a malicious-probe detector. I'm seeing many 404 error messages caused by blacklisted IP addresses trying to find and access PHP admin pages (which don't exist). Should I care about this? I'm imagining I could add a table of blacklisted IP addresses quite easily, and check the IP address before routing any pages. But then what? Should I send all requests from blacklisted IP addresses to a special page? Or a completely blank page? Or redirect them to some hell-hole on the internet? Or what? Any suggestions gratefully received. Keith MacDonald From matt at sidefx.com Thu Apr 27 15:57:21 2017 From: matt at sidefx.com (Matt Chaput) Date: Thu, 27 Apr 2017 15:57:21 -0400 Subject: [Flask] flask.cli: What happened to @script_info_option? Message-ID: <11604D1A-DD3C-413F-9343-9E69212A76BA@sidefx.com> I wanted it to add common app-configuration options such as --config, --loglevel, --logfile, etc. to the group and read them from the scriptinfo in my app factory function. The decorator was apparently removed after 0.11 with a cryptic commit message like "implementing simplified interface". So... how do I do add app-factory-time configuration options now? Thanks, Matt From spenceryoung at ufl.edu Thu Apr 27 14:52:47 2017 From: spenceryoung at ufl.edu (Young,Spencer P) Date: Thu, 27 Apr 2017 18:52:47 +0000 Subject: [Flask] Handling web requests from blacklisted IP addresses? In-Reply-To: <481296b1a77b6812f9de22f459a07c2a@the-sanctuary.biz> References: <481296b1a77b6812f9de22f459a07c2a@the-sanctuary.biz> Message-ID: <5D11B5C8-B8FC-49D7-B0AC-652425E43976@ufl.edu> These things are just going to happen. If you blacklist an IP, I personally would offload that work to a firewall; just drop the traffic, no response. Don?t even let the requests hit the server, if possible. Others may opt to simply lockdown their more sensitive pages, like logins and downloads. In the WordPress world, there?s a product called ?Wordfence? that uses an algorithm to rank the ?maliciousness? of an IP to update blocking rules accordingly. Worth looking into how it works. Keep in mind, if you?re in an organization, it may be a vulnerability scanner probing internally. You may want to whitelist any vulnerability scanners. Hope that helps, -Spencer On 4/27/17, 1:08 PM, "Flask on behalf of Keith MacDonald" wrote: I've recently built a website based on Python and Flask. Everything's fine (thanks Flask). But being cautious, in case I made mistakes with the Routes, I've been logging any 404 error messages, along with the IP address the request came from. By accident, it seems to be working well as a malicious-probe detector. I'm seeing many 404 error messages caused by blacklisted IP addresses trying to find and access PHP admin pages (which don't exist). Should I care about this? I'm imagining I could add a table of blacklisted IP addresses quite easily, and check the IP address before routing any pages. But then what? Should I send all requests from blacklisted IP addresses to a special page? Or a completely blank page? Or redirect them to some hell-hole on the internet? Or what? Any suggestions gratefully received. Keith MacDonald _______________________________________________ Flask mailing list Flask at python.org https://mail.python.org/mailman/listinfo/flask From unai at sysbible.org Thu Apr 27 22:47:40 2017 From: unai at sysbible.org (Unai Rodriguez) Date: Fri, 28 Apr 2017 10:47:40 +0800 Subject: [Flask] Handling web requests from blacklisted IP addresses? In-Reply-To: <5D11B5C8-B8FC-49D7-B0AC-652425E43976@ufl.edu> References: <481296b1a77b6812f9de22f459a07c2a@the-sanctuary.biz> <5D11B5C8-B8FC-49D7-B0AC-652425E43976@ufl.edu> Message-ID: <1493347660.4032732.958904776.7E54FA1D@webmail.messagingengine.com> Fail2ban is also a good tool to handle that: https://www.fail2ban.org -- unai On Fri, Apr 28, 2017, at 02:52 AM, Young,Spencer P wrote: > These things are just going to happen. > If you blacklist an IP, I personally would offload that work to a > firewall; just drop the traffic, no response. Don?t even let the requests > hit the server, if possible. Others may opt to simply lockdown their more > sensitive pages, like logins and downloads. > In the WordPress world, there?s a product called ?Wordfence? that uses an > algorithm to rank the ?maliciousness? of an IP to update blocking rules > accordingly. Worth looking into how it works. > Keep in mind, if you?re in an organization, it may be a vulnerability > scanner probing internally. You may want to whitelist any vulnerability > scanners. > > Hope that helps, > -Spencer > > On 4/27/17, 1:08 PM, "Flask on behalf of Keith MacDonald" > keith at the-sanctuary.biz> wrote: > > I've recently built a website based on Python and Flask. Everything's > fine (thanks Flask). > > But being cautious, in case I made mistakes with the Routes, I've > been logging any 404 error messages, along with the IP address the > request came from. By accident, it seems to be working well as a > malicious-probe detector. I'm seeing many 404 error messages caused > by blacklisted IP addresses trying to find and access PHP admin pages > (which don't exist). > > Should I care about this? > I'm imagining I could add a table of blacklisted IP addresses quite > easily, and check the IP address before routing any pages. > But then what? > Should I send all requests from blacklisted IP addresses to a > special page? > Or a completely blank page? > Or redirect them to some hell-hole on the internet? > Or what? > > Any suggestions gratefully received. > > Keith MacDonald > > > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask > > > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask From stappers at stappers.nl Fri Apr 28 00:31:26 2017 From: stappers at stappers.nl (Geert Stappers) Date: Fri, 28 Apr 2017 06:31:26 +0200 Subject: [Flask] Handling web requests from blacklisted IP addresses? In-Reply-To: <1493347660.4032732.958904776.7E54FA1D@webmail.messagingengine.com> References: <481296b1a77b6812f9de22f459a07c2a@the-sanctuary.biz> <5D11B5C8-B8FC-49D7-B0AC-652425E43976@ufl.edu> <1493347660.4032732.958904776.7E54FA1D@webmail.messagingengine.com> Message-ID: <20170428043126.GM1384@gpm.stappers.nl> Do "reject", not "drop". It is "packet drop" that malicious users deserve, but care more about bonafide users, send "packet reject". On Fri, Apr 28, 2017 at 10:47:40AM +0800, Unai Rodriguez wrote: > Fail2ban is also a good tool to handle that: https://www.fail2ban.org > > -- unai > > On Fri, Apr 28, 2017, at 02:52 AM, Young,Spencer P wrote: > > These things are just going to happen. > > If you blacklist an IP, I personally would offload that work to a > > firewall; just drop the traffic, no response. Don???t even let the requests > > hit the server, if possible. Others may opt to simply lockdown their more > > sensitive pages, like logins and downloads. > > In the WordPress world, there???s a product called ???Wordfence??? that uses an > > algorithm to rank the ???maliciousness??? of an IP to update blocking rules > > accordingly. Worth looking into how it works. > > Keep in mind, if you???re in an organization, it may be a vulnerability > > scanner probing internally. You may want to whitelist any vulnerability > > scanners. > > > > Hope that helps, > > -Spencer > > > > On 4/27/17, 1:08 PM, "Flask on behalf of Keith MacDonald" > > > keith at the-sanctuary.biz> wrote: > > > > I've recently built a website based on Python and Flask. Everything's > > fine (thanks Flask). > > > > But being cautious, in case I made mistakes with the Routes, I've > > been logging any 404 error messages, along with the IP address the > > request came from. By accident, it seems to be working well as a > > malicious-probe detector. I'm seeing many 404 error messages caused > > by blacklisted IP addresses trying to find and access PHP admin pages > > (which don't exist). > > > > Should I care about this? > > I'm imagining I could add a table of blacklisted IP addresses quite > > easily, and check the IP address before routing any pages. > > But then what? > > Should I send all requests from blacklisted IP addresses to a > > special page? > > Or a completely blank page? > > Or redirect them to some hell-hole on the internet? > > Or what? > > > > Any suggestions gratefully received. > > > > Keith MacDonald > > > > > > _______________________________________________ > > Flask mailing list > > Flask at python.org > > https://mail.python.org/mailman/listinfo/flask > > > > > > _______________________________________________ > > Flask mailing list > > Flask at python.org > > https://mail.python.org/mailman/listinfo/flask > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask -- Groeten Geert Stappers -- Leven en laten leven From DC at mail.python.org Fri Apr 28 16:27:46 2017 From: DC at mail.python.org (DC at mail.python.org) Date: Fri, 28 Apr 2017 22:27:46 +0200 Subject: [Flask] global app state Message-ID: <6e7a256c-6ae6-a82b-ebd1-1b46663ca06b@dariocorti.com> Hi, I'm a rather experienced developer but not so much with Python and for sure not with Flask. I looked around before posting but I think I couldn't find the exact case I'm dealing with. I want to use Flask to build a backend for a single page web app. The backend will be mainly an Oracle connection layer. Because of how the application is intended to work, I need cursors to be kept open and fetched partially on each request from the web frontend. I plan to manually handle connection pooling, web browser <-> server- side cursors assignment and timeouts to clear "abandoned" cursors. I know this does not follow the typical modern stateless approach, but let's say that I have my reasons :) I plan to use apache or a standalone wsgi container for deployment in production. Now... for this to be possible I need to have a common place to store an object with all my db connections and open cursors. It must be accessible by any worker/thread/process (I can handle concurrency manually if needed), and shouldn't be killed just because one client finished its request or a worker is not necessary anymore and is terminated. One way is to have a custom external process and some ipc with a stateless Flask app, but it's an additional complication. Is there a way with Flask? I guess it's probably impossible if I have different apache processes, but what if I force mod_wsgi to only use multithreading? Thanks From osmanzakir90 at hotmail.com Tue Apr 25 16:23:23 2017 From: osmanzakir90 at hotmail.com (Osman Zakir) Date: Tue, 25 Apr 2017 20:23:23 +0000 Subject: [Flask] Password Handling Help Message-ID: I?m sending this email because I want to ask where I can read up on some info on how to allow a user of a web app I may be writing to change his/her password. Thanks in advance for helpful answers or feedback. -------------- next part -------------- An HTML attachment was scrubbed... URL: