Lab 01 - Web basics (Flask)

Objectives

  • Basic Web frontend coding (HTML + CSS)
  • Browser Development Tools (i.e., Web Inspector)
  • Server intro: Python / Flask backend
  • Forms and authentication (user sessions)
  • Advanced HTTP: file uploading

Contents

Introduction

With the emergence of the Internet and its undeniable commercial importance, web development became a necessary software skill for an engineer to have.

A web site / application has two major components:

  • the frontend: the user interface, displayed with the help of a client-side browser; written in HTML + CSS, optionally employing JavaScript for better interactivity;
  • the backend: an optional server-side program used to provide additional web services to the users such as authentication, data persistence, database searching etc.

In the typical scenario, the user requests to open a website by using a known URL. After optionally doing the DNS resolution to obtain an IP address, the browser connects to the server using the HTTP protocol (optionally encrypted using TLS) and requests the web page using specific HTTP headers. The server software will then parse the message, identify the requested document or dynamic application, do optional processing (e.g., invoke a routine / server-side script / CGI program to generate the webpage's HTML contents) and send the results back to the client's browser for displaying (or download, in some cases).

Frontend Basics

On the client-side, HyperText Markup Language (HTML) is the de-facto standard language accepted by all browsers to describe the aspect and contents of a web page. A HTML document is built using nested elements (i.e., tags) describing the structure (layout) of the page, text / graphical content and, optionally, client-side scripts and metadata. Each HTML element may have a series of pre-defined properties (e.g., paragraph / line splitting, bigger/smaller font sizes, form input behavior etc.) which may (or may not) be altered using attributes specified between a tag's angle brackets:

<tag1 attribute1="attribute value" id="unique-name-here">
  <anothertag style="CSS properties">inside</anothertag>
  <p>paragraph <b>bold face</b></p>
</tag1>

HTML is often paired together with Cascading Style Sheets, a style definition language used to modify layout / content properties for multiple elements at once by using special pattern matching rules using selectors. The general syntax is the selector (note: there are multiple types / rules), followed by the list of style properties to apply (in { } brackets, separated by ;):

/* tag selector (matches all <tag1> elements) */
tag1 { property1: value; ... }
/* ID selector (matches <tag id="unique-name-here">) */
#unique-name-here { color: red; ... }
/* Class selectors (matches <tag class="normal-text gray-bold">) */
/* Note: an element may have multiple classes */
.normal-text { font-size: 14pt; ... }
.gray-bold { color: gray; font-weight: bold; }
/* Combined selectors: e.g. matches only <tag1> with class="special" */
tag1.special { ... }
/* Nested selectors (element contained in another element) */
#my-header h1 { ... }
/* or direct descentant rule: */
.nav > .nav-item { ... } 

Thus, it becomes possible to create re-usable page elements (e.g., menus, various font styles, context boxes). This has led to the emergence of many CSS frameworks (e.g., Bootstrap, Foundation) facilitating the creation of responsive (accessible to both desktop + mobile devices) designs.

Serverside: Python / Flask

On the server-side, software must be running and listen for HTTP connections, optionally do application-specific processing and serve the requested web pages or files.

There are many standalone web server programs available on the market, with open-source software being the norm (e.g., Apache httpd, nginx, lighttpd) that can readily serve static resources and can be configured to execute third party interpreters to do server-side processing (e.g., PHP).

Moreover, modern programming languages (e.g., NodeJS, Golang, Python) have built-in HTTP servers and third-party libraries that makes web development setup a breeze and well integrated with the web application's processing needs.

Today, we will introduce Flask, a web framework for the Python language. Flask uses Python decorators (e.g., @decorator) to enhance functions and register them to be executed whenever the web server receives a HTTP request:

from flask import Flask, request
 
# first, create a Flask application instance
app = Flask("my_website")
 
@app.route("/page.html")
def serve_page():
  """ Returns some basic HTML content. """
  return "<h1>hello world</h1>"

Of course, URL patterns can also be captured by a single function, check the official Flask route documentation.

The routine must return a HTTP response which may either be HTML string, a rendered template, a redirection or a custom-built Response object:

from Flask import Flask, render_template, redirect, Response
@app.route("/")
def serve_template():
  return render_template("index.html", title="Hello World")
 
@app.route("/admin")
def serve_unauthorized():
  # Note: 307 is standard HTTP code for TEMPORARY REDIRECT
  return redirect("/login.html", 307, "<h1>Redirecting, please wait...</h1>")
 
@app.route("/special.xml")
def serve_special_xml():
  return Response("<xml><author>Me</author></xml>", mimetype='text/xml')

Check Flask's Response object documentation for all available options.

Template Engines

A typical website has a common HTML design, with only portions of its code changing on a per-page basis with specific content. In order to prevent needless code duplication, a template engine is usually employed to obtain HTML documents from common layouts. A template is, basically, a HTML page interleaved with specific code blocks used to insert dynamically generated content from variables; many engines feature full programming languages that support loops and conditionals.\

Flask readily integrates with the Jinja templating engine which uses Python-like statements to enrich a HTML page with programmatic content:

<!-- ... -->
<body>
    <h1>My Webpage is {{ awesome_variable }}</h1>
 
    <ul id="main-menu">
    {% for item in navigation %}
        <li><a href="{{ item.href }}">{{ item.caption }}</a></li>
    {% endfor %}
    </ul>
 
    {# a comment #}
</body>

The Jinja templates usually reside inside the project's templates/ directory (check the Flask documentation if you want to change it) and can be rendered using the render_template utility function.

Accessing HTTP request data

When Python is executing a Flask-decorated function, the request context is made available using the request member of the Flask package.

It contains all request data provided by the browser:

  • request.method: the requested HTTP method string (e.g., GET or POST);
  • request.args: a Python dict object with URL query string parameters, e.g. http://hostname/page.html?arg1=value&arg2=value;
  • request.form: HTML form data (for HTTP POST methods) as a dict object;
  • request.cookies: cookies stored by the browser (also a dict);
  • request.headers: other HTTP request headers;

Example code for printing data to the console:

from Flask import request # and many others
# ...
@app.route("/")
def my_request_handler():
  print("Method is", request.method)
  print("URL parameters:", request.args)
  # hint: access members using dict.get() method to have a default value:
  print(request.args.get("arg1", "default value"))
  if request.method == "POST":
    print("Any form data:", request.form)
  print("Cookies:", str(request.cookies))
  print("Headers:", str(request.headers))

Flask also parses many other request data formats (XML, JSON, multipart / file upload requests etc.) and provides helpers to manipulating them.

Finally, we note that the HTTP protocol is stateless: on its own, it doesn't retain anything from previous requests, e.g., the user's identity or navigation history.

Thus, it becomes the server's responsibility to use browser-assisted persistence mechanisms such as cookies to associate a HTTP request with a specific user, also called a Session. For security reasons, the server must specifically validate any data received from the user, often through cryptographic means.

Preparation

In order to solve the tasks, you will need a modern browser (duh), a code editor supporting HTML, CSS and Python (e.g., Visual Studio Code with plugins), a Python 3 distribution (you must also have pip installed).

Next, we will need to install the Flask Python package using the PIP package manager:

# NOTE: choose the most appropriate command:
# install globally (requires root / admin)
python3 -mpip install flask
# .. or for the current user only (e.g., inside ~/.local/lib/python/ on Linux)
python3 -mpip install --user flask

Tasks

00. Getting Started

First, download the skeleton archive (.zip) and unzip it.

It has the following structure:

├── initial_design.html  # initial HTML template
├── public/
│   ├── bootstrap/ # bootstrap sources
│   ├── images/
│   └── style.css  # main stylesheet
├── server.py      # server-side application
└── templates/     # Jinja templates

To test, open initial_design.html in a browser. It should look similar to the following screenshot:

Also, it would be a good idea to test your Python / Flask setup:

python3 server.py
# it should say that the server is running on http://127.0.0.1:5000/

01. Minor Design Changes

Our customer wants to make some changes to our design:

  • Add a header image with our logo at the top
    • Several candidates are present inside public/images/;
    • Hint: check out style.css for existing definitions!
  • Change the color (maybe something blue? depends on the image);
  • Make the content box have rounded borders (try 15px);
  • Insert some dummy content text (e.g., Lorem Ipsum);

Phew, that was easy!

02. Integration with Flask backend

We now want to move the design from a static html file to using Flask Jinja template rendering. For this, you must:

  • Migrate / split the HTML code to templates/_base.html (base template) and templates/index.html (child);
  • Modify server.py to call render_template to actually serve our design.
  • Also create about.html and a Python method for serving it (fill it with whatever content you want ;) );
  • Finally, fix the URLs in the template's menu to point to the appropriate pages.

03. Authentication

Now it's the time to add authentication to our website.

We will use the built-in Flask client-side encrypted sessions feature, for which will need to take the following steps to enable:

  • Import the session field from Flask;
  • Configure a secret encryption key for the session cookies:
    # insert after initializing `app`
    app.config["SECRET_KEY"] = "<type some secret here>"
  • Write the Flask functions for login.html and logout.html with the appropriate checks / actions.
  • Use the authenticated variable inside the Jinja template and conditionally display the user's status.

04. Advanced: File upload

As a final task, we want to upload some files using our web application.

  • Create a new upload.html form page with a <input type=file …> field (and, ofc., a submit button!);
    • Note: you need to use multipart/form-data form encoding for HTTP file uploading to work.
  • Create the appropriate Flask route that serves the upload.html page;
  • Enhance your route function to save the uploaded file on disk (e.g., the upload/ directory);
  • Finally, test it!

05. [10p] Feedback

Please take a minute to fill in the feedback form for this lab.

ii/labs/s2/01.txt · Last modified: 2022/04/15 02:48 by radu.mantu
CC Attribution-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0