This repo provides a quick-start template for creating a stand-alone web application using the Flask micro-framework for Python 3.8+. You can use this template as a basis for an app that will serve HTML and other content or as a starting point for an API-only service that will be paired with an SPA (React, Angular, etc.) or some other type of client.
Features:
- Flask 2.x and blueprints
- Jinja2 HTML templates
- SQLAlchemy database models
- Marshmallow for object marshalling
- JSON Web Token (JWT) authentication
- PyTest unit-tests
- Serve in production with waitress
- Pylint and Black
See RESTful Flask application quick-start for more info.
You will need Python 3.8 or later. Use the appropriate installation method for your system to install Python and make sure it is in your path. The template currently targets Python 3.10 (recommended).
This project also uses pipenv to manage dependencies and its virtual environment. You will need to install it if you do not already have it.
To use the template, click the Use this template button in the Github repository to create a new project using this code as a basis. Alternatively, you can clone the repository locally.
The template currently expects Python 3.10, if you need to use an older version, you will need to modify the
Pipfile
.
Use pipenv to create a virtual environment and install the dependencies:
pipenv install --dev
The --dev
option will also install the optional development dependencies such as pylint
and pytest
.
Before running the app for the first time, you must initialize the database with:
Linux/MacOS:
export FLASK_APP=sample; pipenv run flask initdb
Windows Powershell
$env:FLASK_APP = "sample"; pipenv run flask initdb
To start the development server with automatic reloading, run:
Linux/MacOS:
export FLASK_APP=sample; pipenv run flask run --debugger --reload --with-threads
Windows Powershell
$env:FLASK_APP = "sample"; pipenv run flask run --debugger --reload --with-threads
The app will be available with http://localhost:5000
. Log in with the test user name user1
and password 1234
:
Click the Contacts link to list and create sample data.
Edit a contact:
To serve the app with waitress
for production use, run:
pipenv run python -m sample
Hit Ctrl-C
to abort.
This is just a starting point for production deployment - see the waitress docs for more info.
Run the pytest
unit tests with:
pipenv run pytest
You should see something like:
======================================================= test session starts ========================================================
platform darwin -- Python 3.5.2, pytest-3.0.3, py-1.4.31, pluggy-0.4.0
rootdir: /Users/kmilligan/workspace/flask-quickstart, inifile:
collected 11 items
tests/test_auth.py ......
tests/test_contacts.py .....
==================================================== 11 passed in 2.90 seconds =====================================================
Use an HTTP client such as PostMan or the VSCode Thunder Client extension to experiment with the REST API endpoints:
Before you can access secured endpoints, you must obtain a JWT access token. Send a POST request to http://127.0.0.1:5000/api/login
with the username/password to login and get an access token and a refresh token:
Copy the access token to the clipboard - you will need it for subsequent requests. Also, save the refresh token somewhere, we'll use it later.
To verify that you have a valid access token, create a new GET request to http://127.0.0.1:5000/api/auth
and set the "Authorization" type to "Bearer Token" and paste the access token into the Token field and send the request (alternatively, set the Authorization
header to "Bearer <access token>
").
If the access token has expired or is about to expire, you can obtain a new one by using the api/refresh
endpoint:
Now you can use the sample contacts endpoints to list, create, update and delete entries:
For example, if you don't need to serve HTML, you can remove the templates
directory and the page-oriented views from the blueprints. Alternatively, if you don't need to serve RESTful resources, you can delete the API endpoints.
A real application will likely use some external service to lookup users, validate passwords, control access, etc. Enhance the auth.py
module with your own authentication/authorization logic.