Flask Essentials: Data Validation, Database Connectivity, and Crafting RESTful APIs

kukhoonryou

Kuk Hoon Ryou

Posted on May 10, 2024

Flask Essentials: Data Validation, Database Connectivity, and Crafting RESTful APIs

Hello, beginners who are learning web development! In this post, we will explore what data validation is and why it's important. Additionally, we will implement data validation using Flask, a web framework in Python. We will also gradually learn how to integrate databases with Flask and validate data in RESTful APIs.

What is Data Validation?
Data validation is the process of checking whether the user-inputted data conforms to the desired format and conditions. For example, if you are receiving an email address in a user registration form, you need to check whether the inputted data actually follows the email format. Data validation is very important for several reasons:

  • It prevents users from accidentally entering incorrect data.
  • It stops malicious users from attacking the web application.
  • It provides a better user experience by notifying users of input errors.

Data Validation with Flask and Flask-WTF
Flask is a web framework written in Python, and by using an extension called Flask-WTF, you can easily implement data validation. Let's create a simple login form and apply data validation.

1. Creating a Form Class
We create a LoginForm class by inheriting from FlaskForm. This form contains two fields: username and password. Each field is attached with validators InputRequired and Length, meaning that the field must be filled and the length of the input must be within a specified range.

from flask_wtf import FlaskForm
from wtforms import StringField, PasswordField
from wtforms.validators import InputRequired, Length

class LoginForm(FlaskForm):
    username = StringField('Username', validators=[InputRequired(), Length(min=4, max=15)])
    password = PasswordField('Password', validators=[InputRequired(), Length(min=8, max=80)])
Enter fullscreen mode Exit fullscreen mode

Role and Function:

  • StringField and PasswordField receive string and password inputs from the user.
  • The InputRequired validator ensures the field is not left empty.
  • The Length validator ensures the length of the input is within the set limits.

2. Setting Up Routes
When you access the /login path, the login function is executed. In this function, we create an instance of LoginForm and call the validate_on_submit() method to check the validity of the form data. If the check passes, a 'Login Successful!' message is displayed; otherwise, the login.html template is rendered.

from flask import Flask, render_template, request

app = Flask(__name__)
app.secret_key = 'your_secret_key'

@app.route('/login', methods=['GET', 'POST'])
def login():
    form = LoginForm()
    if form.validate_on_submit():
        return 'Login Successful!'
    return render_template('login.html', form=form)
Enter fullscreen mode Exit fullscreen mode

Role and Function:

  • validate_on_submit() checks the validity of the form data when the form is submitted.
  • render_template() renders an HTML template file to be displayed to the user.
  1. Writing the HTML Template We write the login.html template to display the login form in HTML. We use the Jinja2 template language to convert the Flask form object into an HTML form. The hidden_tag() method of the form object creates a hidden field to prevent CSRF attacks.
<!DOCTYPE html>
<html>
<head>
    <title>Login</title>
</head>
<body>
    <form method="post">
        {{ form.hidden_tag() }}
        {{ form.username.label }} {{ form.username(size=20) }}
        {{ form.password.label }} {{ form.password(size=20) }}
        <input type="submit" value="Login">
    </form>
</body>
</html>
Enter fullscreen mode Exit fullscreen mode

Role and Function:

  • form.hidden_tag() creates a hidden field to prevent CSRF attacks.
  • The form object is used to convert each field and its label into HTML.

Connecting Flask with a Database
In web applications, databases are used to store data like user information. Flask uses a library called SQLAlchemy to make database operations easier.

1. Setting Up SQLAlchemy
We configure SQLAlchemy in the Flask application. The SQLALCHEMY_DATABASE_URI setting specifies the type and location of the database to use. Here, we use SQLite.

from flask import Flask
from flask_sqlalchemy import SQLAlchemy

app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///example.db'
db = SQLAlchemy(app)
Enter fullscreen mode Exit fullscreen mode

Role and Function:

  • SQLALCHEMY_DATABASE_URI specifies the type and location of the database to use.
  • SQLAlchemy(app) adds database integration capabilities to the application.

2. Defining the Data Model
We define the User model to represent the structure of the user information table in the database. It has three columns: id, username, and password, each with specified data types and constraints.

class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True, nullable=False)
    password = db.Column(db.String(80), nullable=False)

db.create_all()
Enter fullscreen mode Exit fullscreen mode

Role and Function:

  • Each db.Column defines a column in the database table.
  • primary_key, unique, nullable set constraints for each column.
  • db.create_all() creates the database table based on the defined model.

3. Adding and Querying Data
This code adds a new user to the database and queries for that user.

new_user = User(username='exampleuser', password='securepassword123')
db.session.add(new_user)
db.session.commit()

user = User.query.filter_by(username='exampleuser').first()
if user:
    print('Found user:', user.username)
Enter fullscreen mode Exit fullscreen mode

Role and Function:

  • db.session.add(new_user) adds a new user object to the database session.
  • db.session.commit() commits the changes to the database.
  • User.query.filter_by(username='exampleuser').first() searches for the user in the database.

Validating Data in a RESTful API
RESTful API is a design approach that allows web services to be used by various devices. Flask makes it easy to create RESTful APIs. Validating user data in an API is very important.

from flask import request, jsonify

@app.route('/api/login', methods=['POST'])
def api_login():
    username = request.json.get('username')
    password = request.json.get('password')

    if not username or not password:
        return jsonify({'error': 'Missing username or password'}), 400

    user = User.query.filter_by(username=username).first()
    if user and user.password == password:
        return jsonify({'message': 'Login Successful!'}), 200

    return jsonify({'error': 'Invalid username or password'}), 401
Enter fullscreen mode Exit fullscreen mode

Data validation, database integration, and RESTful APIs are very important concepts in web development. I hope this post helps you understand how to implement these features in Flask. If you want to learn more, it's a good idea to refer to the official Flask documentation or related tutorials. Enjoy your web development journey!

💖 💪 🙅 🚩
kukhoonryou
Kuk Hoon Ryou

Posted on May 10, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related