Request Handling
Request Object
Basic Request Information
from flask import request
@app.route('/info')
def request_info():
return {
'method': request.method,
'url': request.url,
'path': request.path,
'remote_addr': request.remote_addr,
'user_agent': request.headers.get('User-Agent')
}
Query Parameters
@app.route('/search')
def search():
query = request.args.get('q', '')
page = request.args.get('page', 1, type=int)
per_page = request.args.get('per_page', 10, type=int)
return {
'query': query,
'page': page,
'per_page': per_page
}
# Multiple values for same parameter
@app.route('/tags')
def tags():
tags = request.args.getlist('tag')
return {'tags': tags}
Form Data
@app.route('/submit', methods=['POST'])
def submit_form():
name = request.form.get('name')
email = request.form.get('email')
message = request.form.get('message')
# Validate form data
if not name or not email:
return 'Name and email are required', 400
return f'Hello {name}, your message has been received!'
# File upload
@app.route('/upload', methods=['POST'])
def upload_file():
if 'file' not in request.files:
return 'No file selected', 400
file = request.files['file']
if file.filename == '':
return 'No file selected', 400
if file:
filename = secure_filename(file.filename)
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
return f'File {filename} uploaded successfully'
JSON Handling
JSON Request Data
@app.route('/api/users', methods=['POST'])
def create_user():
if not request.is_json:
return {'error': 'Content-Type must be application/json'}, 400
data = request.get_json()
# Validate required fields
required_fields = ['name', 'email']
for field in required_fields:
if field not in data:
return {'error': f'{field} is required'}, 400
# Process data
user = create_user_from_data(data)
return {'id': user.id, 'name': user.name, 'email': user.email}
JSON Response
from flask import jsonify
@app.route('/api/users/<int:user_id>')
def get_user(user_id):
user = User.query.get_or_404(user_id)
return jsonify({
'id': user.id,
'name': user.name,
'email': user.email,
'created_at': user.created_at.isoformat()
})
@app.route('/api/users')
def get_users():
users = User.query.all()
return jsonify({
'users': [
{'id': u.id, 'name': u.name, 'email': u.email}
for u in users
]
})
File Uploads
Single File Upload
import os
from werkzeug.utils import secure_filename
UPLOAD_FOLDER = 'uploads'
ALLOWED_EXTENSIONS = {'txt', 'pdf', 'png', 'jpg', 'jpeg', 'gif'}
app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER
app.config['MAX_CONTENT_LENGTH'] = 16 * 1024 * 1024 # 16MB max file size
def allowed_file(filename):
return '.' in filename and \
filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS
@app.route('/upload', methods=['POST'])
def upload_file():
if 'file' not in request.files:
return 'No file part', 400
file = request.files['file']
if file.filename == '':
return 'No selected file', 400
if file and allowed_file(file.filename):
filename = secure_filename(file.filename)
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
return f'File {filename} uploaded successfully'
return 'Invalid file type', 400
Multiple File Upload
@app.route('/upload-multiple', methods=['POST'])
def upload_multiple_files():
uploaded_files = []
for key, file in request.files.items():
if file and allowed_file(file.filename):
filename = secure_filename(file.filename)
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
uploaded_files.append(filename)
return {
'uploaded_files': uploaded_files,
'count': len(uploaded_files)
}
Headers
Request Headers
@app.route('/headers')
def show_headers():
headers = dict(request.headers)
return jsonify(headers)
@app.route('/auth-header')
def check_auth():
auth_header = request.headers.get('Authorization')
if not auth_header:
return 'Authorization header required', 401
if not auth_header.startswith('Bearer '):
return 'Invalid authorization format', 401
token = auth_header.split(' ')[1]
# Validate token
return f'Token: {token}'
Response Headers
from flask import make_response
@app.route('/custom-headers')
def custom_headers():
response = make_response('Hello World')
response.headers['X-Custom-Header'] = 'Custom Value'
response.headers['Cache-Control'] = 'no-cache'
return response
@app.route('/json-with-headers')
def json_with_headers():
response = jsonify({'message': 'Hello World'})
response.headers['X-API-Version'] = '1.0'
return response
Cookies
Reading Cookies
@app.route('/preferences')
def get_preferences():
theme = request.cookies.get('theme', 'light')
language = request.cookies.get('language', 'en')
return f'Theme: {theme}, Language: {language}'
Setting Cookies
@app.route('/set-theme/<theme>')
def set_theme(theme):
response = make_response(f'Theme set to {theme}')
response.set_cookie('theme', theme, max_age=60*60*24*365) # 1 year
return response
@app.route('/login', methods=['POST'])
def login():
username = request.form.get('username')
password = request.form.get('password')
if authenticate_user(username, password):
response = make_response('Login successful')
response.set_cookie('user_id', str(user.id), secure=True, httponly=True)
return response
return 'Invalid credentials', 401
Sessions
Session Management
from flask import session
app.secret_key = 'your-secret-key'
@app.route('/login', methods=['POST'])
def login():
username = request.form.get('username')
password = request.form.get('password')
if authenticate_user(username, password):
session['user_id'] = user.id
session['username'] = user.username
return 'Login successful'
return 'Invalid credentials', 401
@app.route('/logout')
def logout():
session.pop('user_id', None)
session.pop('username', None)
return 'Logged out successfully'
@app.route('/profile')
def profile():
if 'user_id' not in session:
return 'Please log in first', 401
user_id = session['user_id']
user = User.query.get(user_id)
return f'Welcome, {user.username}!'
Request Validation
Form Validation
def validate_email(email):
import re
pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
return re.match(pattern, email) is not None
@app.route('/register', methods=['POST'])
def register():
username = request.form.get('username')
email = request.form.get('email')
password = request.form.get('password')
errors = []
if not username or len(username) < 3:
errors.append('Username must be at least 3 characters')
if not email or not validate_email(email):
errors.append('Valid email is required')
if not password or len(password) < 8:
errors.append('Password must be at least 8 characters')
if errors:
return {'errors': errors}, 400
# Create user
user = User(username=username, email=email)
user.set_password(password)
db.session.add(user)
db.session.commit()
return {'message': 'User created successfully'}
Request Middleware
Before Request Handlers
@app.before_request
def before_request():
# Log request
app.logger.info(f'{request.method} {request.url} from {request.remote_addr}')
# Check if user is authenticated for protected routes
if request.endpoint and request.endpoint.startswith('admin_'):
if 'user_id' not in session:
return 'Authentication required', 401
@app.after_request
def after_request(response):
# Add security headers
response.headers['X-Content-Type-Options'] = 'nosniff'
response.headers['X-Frame-Options'] = 'DENY'
response.headers['X-XSS-Protection'] = '1; mode=block'
return response
Content Types
Handling Different Content Types
@app.route('/api/data', methods=['POST'])
def handle_data():
content_type = request.headers.get('Content-Type')
if content_type == 'application/json':
data = request.get_json()
return process_json_data(data)
elif content_type == 'application/x-www-form-urlencoded':
data = request.form.to_dict()
return process_form_data(data)
elif content_type.startswith('multipart/form-data'):
data = request.form.to_dict()
files = request.files.to_dict()
return process_multipart_data(data, files)
else:
return 'Unsupported content type', 415