• Basic Web frontend coding (HTML + CSS)
• Browser Development Tools (i.e., Web Inspector)
• Server intro: Python / Flask backend
• Forms and authentication (user sessions)
• Advanced HTTP: file uploading

Tasks

With the emergence of the Internet and its undeniable commercial importance, web development became a necessary software skill for an engineer to have.

A web site / application has two major components:

• the frontend: the user interface, displayed with the help of a client-side browser; written in HTML + CSS, optionally employing JavaScript for better interactivity;
• the backend: an optional server-side program used to provide additional web services to the users such as authentication, data persistence, database searching etc.

In the typical scenario, the user requests to open a website by using a known URL. After optionally doing the DNS resolution to obtain an IP address, the browser connects to the server using the HTTP protocol (optionally encrypted using TLS) and requests the web page using specific HTTP headers. The server software will then parse the message, identify the requested document or dynamic application, do optional processing (e.g., invoke a routine / server-side script / CGI program to generate the webpage's HTML contents) and send the results back to the client's browser for displaying (or download, in some cases).

On the client-side, HyperText Markup Language (HTML) is the de-facto standard language accepted by all browsers to describe the aspect and contents of a web page. A HTML document is built using nested elements (i.e., tags) describing the structure (layout) of the page, text / graphical content and, optionally, client-side scripts and metadata. Each HTML element may have a series of pre-defined properties (e.g., paragraph / line splitting, bigger/smaller font sizes, form input behavior etc.) which may (or may not) be altered using attributes specified between a tag's angle brackets:

<tag1 attribute1="attribute value" id="unique-name-here">
  <anothertag style="CSS properties">inside</anothertag>
  <p>paragraph <b>bold face</b></p>
</tag1>

HTML is often paired together with Cascading Style Sheets, a style definition language used to modify layout / content properties for multiple elements at once by using special pattern matching rules using selectors. The general syntax is the selector (note: there are multiple types / rules), followed by the list of style properties to apply (in { } brackets, separated by ;):

/* tag selector (matches all <tag1> elements) */
tag1 { property1: value; ... }
/* ID selector (matches <tag id="unique-name-here">) */
#unique-name-here { color: red; ... }
/* Class selectors (matches <tag class="normal-text gray-bold">) */
/* Note: an element may have multiple classes */
.normal-text { font-size: 14pt; ... }
.gray-bold { color: gray; font-weight: bold; }
/* Combined selectors: e.g. matches only <tag1> with class="special" */
tag1.special { ... }
/* Nested selectors (element contained in another element) */
#my-header h1 { ... }
/* or direct descentant rule: */
.nav > .nav-item { ... } 

Thus, it becomes possible to create re-usable page elements (e.g., menus, various font styles, context boxes). This has led to the emergence of many CSS frameworks (e.g., Bootstrap, Foundation) facilitating the creation of responsive (accessible to both desktop + mobile devices) designs.

On the server-side, software must be running and listen for HTTP connections, optionally do application-specific processing and serve the requested web pages or files.

There are many standalone web server programs available on the market, with open-source software being the norm (e.g., Apache httpd, nginx, lighttpd) that can readily serve static resources and can be configured to execute third party interpreters to do server-side processing (e.g., PHP).

Moreover, modern programming languages (e.g., NodeJS, Golang, Python) have built-in HTTP servers and third-party libraries that makes web development setup a breeze and well integrated with the web application's processing needs.

Today, we will introduce Flask, a web framework for the Python language. Flask uses Python decorators (e.g., @decorator) to enhance functions and register them to be executed whenever the web server receives a HTTP request:

from flask import Flask, request
 
# first, create a Flask application instance
app = Flask("my_website")
 
@app.route("/page.html")
def serve_page():
  """ Returns some basic HTML content. """
  return "<h1>hello world</h1>"

Of course, URL patterns can also be captured by a single function, check the official Flask route documentation.

The routine must return a HTTP response which may either be HTML string, a rendered template, a redirection or a custom-built Response object:

from Flask import Flask, render_template, redirect, Response
@app.route("/")
def serve_template():
  return render_template("index.html", title="Hello World")
 
@app.route("/admin")
def serve_unauthorized():
  # Note: 307 is standard HTTP code for TEMPORARY REDIRECT
  return redirect("/login.html", 307, "<h1>Redirecting, please wait...</h1>")
 
@app.route("/special.xml")
def serve_special_xml():
  return Response("<xml><author>Me</author></xml>", mimetype='text/xml')

Check Flask's Response object documentation for all available options.

A typical website has a common HTML design, with only portions of its code changing on a per-page basis with specific content. In order to prevent needless code duplication, a template engine is usually employed to obtain HTML documents from common layouts. A template is, basically, a HTML page interleaved with specific code blocks used to insert dynamically generated content from variables; many engines feature full programming languages that support loops and conditionals.\

Flask readily integrates with the Jinja templating engine which uses Python-like statements to enrich a HTML page with programmatic content:

<!-- ... -->
<body>
    <h1>My Webpage is {{ awesome_variable }}</h1>
 
    <ul id="main-menu">
    {% for item in navigation %}
        <li><a href="{{ item.href }}">{{ item.caption }}</a></li>
    {% endfor %}
    </ul>
 
    {# a comment #}
</body>

The Jinja templates usually reside inside the project's templates/ directory (check the Flask documentation if you want to change it) and can be rendered using the render_template utility function.

When Python is executing a Flask-decorated function, the request context is made available using the request member of the Flask package.

It contains all request data provided by the browser:

• request.method: the requested HTTP method string (e.g., GET or POST);
• request.args: a Python dict object with URL query string parameters, e.g. http://hostname/page.html?arg1=value&arg2=value;
• request.form: HTML form data (for HTTP POST methods) as a dict object;
• request.cookies: cookies stored by the browser (also a dict);
• request.headers: other HTTP request headers;

Example code for printing data to the console:

from Flask import request # and many others
# ...
@app.route("/")
def my_request_handler():
  print("Method is", request.method)
  print("URL parameters:", request.args)
  # hint: access members using dict.get() method to have a default value:
  print(request.args.get("arg1", "default value"))
  if request.method == "POST":
    print("Any form data:", request.form)
  print("Cookies:", str(request.cookies))
  print("Headers:", str(request.headers))

Flask also parses many other request data formats (XML, JSON, multipart / file upload requests etc.) and provides helpers to manipulating them.

Finally, we note that the HTTP protocol is stateless: on its own, it doesn't retain anything from previous requests, e.g., the user's identity or navigation history.

Thus, it becomes the server's responsibility to use browser-assisted persistence mechanisms such as cookies to associate a HTTP request with a specific user, also called a Session. For security reasons, the server must specifically validate any data received from the user, often through cryptographic means.

In order to solve the tasks, you will need a modern browser (duh), a code editor supporting HTML, CSS and Python (e.g., Visual Studio Code with plugins), a Python 3 distribution (you must also have pip installed).

Next, we will need to install the Flask Python package using the PIP package manager:

# NOTE: choose the most appropriate command:
# install globally (requires root / admin)
python3 -mpip install flask
# .. or for the current user only (e.g., inside ~/.local/lib/python/ on Linux)
python3 -mpip install --user flask