So what did that code do?
First we imported the
Flask
class. An instance of this class will be our WSGI application. 首先引入Flask类,这个类的一个实例将是我们的WSGI应用Next we create an instance of this class. The first argument is the name of the application’s module or package.
__name__
is a convenient shortcut for this that is appropriate for most cases. This is needed so that Flask knows where to look for resources such as templates and static files. 创建Flask类的实例,第一个参数是应用的模块名或包名,以__name__作为参数将有助于Flask去寻找模板或静态类等资源We then use the
route()
decorator to tell Flask what URL should trigger our function. 使用route()装饰器来告诉Flask什么样的URL会触发我们的函数The function returns the message we want to display in the user’s browser. The default content type is HTML, so HTML in the string will be rendered by the browser. 函数返回的信息就是我们打算展示在用户浏览器上的信息
Save it as hello.py
or something similar. Make sure to not call your application flask.py
because this would conflict with Flask itself. 将它的文件名保存为类似于hello.py,不要和flask.py冲突了
To run the application, use the flask
command or python -m flask
. You need to tell the Flask where your application is with the --app
option. 要想运行应用,可以使用flask命令或者python -m flask
--app
option is used to specify how to load the applicationThe name “app” or “wsgi” is imported (as a “.py” file, or package), automatically detecting an app (app
or application
) or factory (create_app
or make_app
).
--app hello
The given name is imported, automatically detecting an app (app
or application
) or factory (create_app
or make_app
).
--app
has three parts: an optional path that sets the current working directory, a Python file or dotted import path, and an optional variable name of the instance or factory. If the name is a factory, it can optionally be followed by arguments in parentheses. The following values demonstrate these parts:
--app src/hello
Sets the current working directory to
src
then importshello
.--app hello.web
Imports the path
hello.web
.--app hello:app2
Uses the
app2
Flask instance inhello
.--app 'hello:create_app("dev")'
The
create_app
factory inhello
is called with the string'dev'
as the argument.
HTML Escaping
escape()
, shown here, can be used manually. It is omitted in most examples for brevity, but you should always be aware of how you’re using untrusted data.Routing: 路由
Modern web applications use meaningful URLs to help users. Users are more likely to like a page and come back if the page uses a meaningful URL they can remember and use to directly visit a page.
Use the route()
decorator to bind a function to a URL.
Variable Rules
You can add variable sections to a URL by marking sections with <variable_name>
. Your function then receives the <variable_name>
as a keyword argument. Optionally, you can use a converter to specify the type of the argument like <converter:variable_name>
.
Converter types:
| (default) accepts any text without a slash |
| accepts positive integers |
| accepts positive floating point values |
| like |
| accepts UUID strings |
Unique URLs / Redirection Behavior
The following two rules differ in their use of a trailing slash.
projects最后面加了一个"/" ,而about后面则没有"/"
The canonical URL for the projects
endpoint has a trailing slash. It’s similar to a folder in a file system. If you access the URL without a trailing slash (/projects
), Flask redirects you to the canonical URL with the trailing slash (/projects/
).
The canonical URL for the about
endpoint does not have a trailing slash. It’s similar to the pathname of a file. Accessing the URL with a trailing slash (/about/
) produces a 404 “Not Found” error. This helps keep URLs unique for these resources, which helps search engines avoid indexing the same page twice.
URL Building: URL构建
To build a URL to a specific function, use the url_for()
function. It accepts the name of the function as its first argument and any number of keyword arguments, each corresponding to a variable part of the URL rule. Unknown variable parts are appended to the URL as query parameters.
Why would you want to build URLs using the URL reversing function url_for()
instead of hard-coding them into your templates?
Reversing is often more descriptive than hard-coding the URLs.
You can change your URLs in one go instead of needing to remember to manually change hard-coded URLs.
URL building handles escaping of special characters transparently.
The generated paths are always absolute, avoiding unexpected behavior of relative paths in browsers.
If your application is placed outside the URL root, for example, in
/myapplication
instead of/
,url_for()
properly handles that for you.
For example, here we use the test_request_context()
method to try out url_for()
. test_request_context()
tells Flask to behave as though it’s handling a request even while we use a Python shell. See Context Locals.
HTTP Methods
Web applications use different HTTP methods when accessing URLs. You should familiarize yourself with the HTTP methods as you work with Flask. By default, a route only answers to GET
requests. You can use the methods
argument of the route()
decorator to handle different HTTP methods.
The example above keeps all methods for the route within one function, which can be useful if each part uses some common data.
You can also separate views for different methods into different functions. Flask provides a shortcut for decorating such routes with get()
, post()
, etc. for each common HTTP method.
Static Files:静态文件
Dynamic web applications also need static files. That’s usually where the CSS and JavaScript files are coming from. Ideally your web server is configured to serve them for you, but during development Flask can do that as well. Just create a folder called static
in your package or next to your module and it will be available at /static
on the application.
To generate URLs for static files, use the special 'static'
endpoint name:
The file has to be stored on the filesystem as static/style.css
.
Rendering Templates:渲染模板
Generating HTML from within Python is not fun, and actually pretty cumbersome because you have to do the HTML escaping on your own to keep the application secure. Because of that Flask configures the Jinja2 template engine for you automatically.
Templates can be used to generate any type of text file. For web applications, you’ll primarily be generating HTML pages, but you can also generate markdown, plain text for emails, and anything else.
For a reference to HTML, CSS, and other web APIs, use the MDN Web Docs.
To render a template you can use the render_template()
method. All you have to do is provide the name of the template and the variables you want to pass to the template engine as keyword arguments. Here’s a simple example of how to render a template:
Flask will look for templates in the templates
folder. So if your application is a module, this folder is next to that module, if it’s a package it’s actually inside your package:
For templates you can use the full power of Jinja2 templates. Head over to the official Jinja2 Template Documentation for more information.
Here is an example template:
Inside templates you also have access to the config
, request
, session
and g
[1] objects as well as the url_for()
and get_flashed_messages()
functions.
Templates are especially useful if inheritance is used. If you want to know how that works, see Template Inheritance. Basically template inheritance makes it possible to keep certain elements on each page (like header, navigation and footer).
Automatic escaping is enabled, so if person
contains HTML it will be escaped automatically. If you can trust a variable and you know that it will be safe HTML (for example because it came from a module that converts wiki markup to HTML) you can mark it as safe by using the Markup
class or by using the |safe
filter in the template. Head over to the Jinja 2 documentation for more examples.
Here is a basic introduction to how the Markup
class works:
Accessing Request Data
For web applications it’s crucial to react to the data a client sends to the server. In Flask this information is provided by the global request
object. If you have some experience with Python you might be wondering how that object can be global and how Flask manages to still be threadsafe. The answer is context locals:
Context Locals
Insider Information
If you want to understand how that works and how you can implement tests with context locals, read this section, otherwise just skip it.
Certain objects in Flask are global objects, but not of the usual kind. These objects are actually proxies to objects that are local to a specific context. What a mouthful. But that is actually quite easy to understand.
Imagine the context being the handling thread. A request comes in and the web server decides to spawn a new thread (or something else, the underlying object is capable of dealing with concurrency systems other than threads). When Flask starts its internal request handling it figures out that the current thread is the active context and binds the current application and the WSGI environments to that context (thread). It does that in an intelligent way so that one application can invoke another application without breaking.
So what does this mean to you? Basically you can completely ignore that this is the case unless you are doing something like unit testing. You will notice that code which depends on a request object will suddenly break because there is no request object. The solution is creating a request object yourself and binding it to the context. The easiest solution for unit testing is to use the test_request_context()
context manager. In combination with the with
statement it will bind a test request so that you can interact with it. Here is an example:
The other possibility is passing a whole WSGI environment to the request_context()
method:
The Request Object
The request object is documented in the API section and we will not cover it here in detail (see Request
). Here is a broad overview of some of the most common operations. First of all you have to import it from the flask
module:
The current request method is available by using the method
attribute. To access form data (data transmitted in a POST
or PUT
request) you can use the form
attribute. Here is a full example of the two attributes mentioned above:
What happens if the key does not exist in the form
attribute? In that case a special KeyError
is raised. You can catch it like a standard KeyError
but if you don’t do that, a HTTP 400 Bad Request error page is shown instead. So for many situations you don’t have to deal with that problem.
To access parameters submitted in the URL (?key=value
) you can use the args
attribute:
We recommend accessing URL parameters with get
or by catching the KeyError
because users might change the URL and presenting them a 400 bad request page in that case is not user friendly.
For a full list of methods and attributes of the request object, head over to the Request
documentation.
File Uploads
You can handle uploaded files with Flask easily. Just make sure not to forget to set the enctype="multipart/form-data"
attribute on your HTML form, otherwise the browser will not transmit your files at all.
Uploaded files are stored in memory or at a temporary location on the filesystem. You can access those files by looking at the files
attribute on the request object. Each uploaded file is stored in that dictionary. It behaves just like a standard Python file
object, but it also has a save()
method that allows you to store that file on the filesystem of the server. Here is a simple example showing how that works:
If you want to know how the file was named on the client before it was uploaded to your application, you can access the filename
attribute. However please keep in mind that this value can be forged so never ever trust that value. If you want to use the filename of the client to store the file on the server, pass it through the secure_filename()
function that Werkzeug provides for you:
For some better examples, see Uploading Files.
Redirects and Errors
To redirect a user to another endpoint, use the redirect()
function; to abort a request early with an error code, use the abort()
function:
This is a rather pointless example because a user will be redirected from the index to a page they cannot access (401 means access denied) but it shows how that works.
By default a black and white error page is shown for each error code. If you want to customize the error page, you can use the errorhandler()
decorator:
Note the 404
after the render_template()
call. This tells Flask that the status code of that page should be 404 which means not found. By default 200 is assumed which translates to: all went well.
See Handling Application Errors for more details.
About Responses
The return value from a view function is automatically converted into a response object for you. If the return value is a string it’s converted into a response object with the string as response body, a 200 OK
status code and a text/html mimetype. If the return value is a dict or list, jsonify()
is called to produce a response. The logic that Flask applies to converting return values into response objects is as follows:
If a response object of the correct type is returned it’s directly returned from the view.
If it’s a string, a response object is created with that data and the default parameters.
If it’s an iterator or generator returning strings or bytes, it is treated as a streaming response.
If it’s a dict or list, a response object is created using
jsonify()
.If a tuple is returned the items in the tuple can provide extra information. Such tuples have to be in the form
(response, status)
,(response, headers)
, or(response, status, headers)
. Thestatus
value will override the status code andheaders
can be a list or dictionary of additional header values.If none of that works, Flask will assume the return value is a valid WSGI application and convert that into a response object.
If you want to get hold of the resulting response object inside the view you can use the make_response()
function.
Imagine you have a view like this:
You just need to wrap the return expression with make_response()
and get the response object to modify it, then return it:
APIs with JSON
A common response format when writing an API is JSON. It’s easy to get started writing such an API with Flask. If you return a dict
or list
from a view, it will be converted to a JSON response.
This is a shortcut to passing the data to the jsonify()
function, which will serialize any supported JSON data type. That means that all the data in the dict or list must be JSON serializable.
For complex types such as database models, you’ll want to use a serialization library to convert the data to valid JSON types first. There are many serialization libraries and Flask API extensions maintained by the community that support more complex applications.
Sessions
In addition to the request object there is also a second object called session
which allows you to store information specific to a user from one request to the next. This is implemented on top of cookies for you and signs the cookies cryptographically. What this means is that the user could look at the contents of your cookie but not modify it, unless they know the secret key used for signing.
In order to use sessions you have to set a secret key. Here is how sessions work:
How to generate good secret keys
A secret key should be as random as possible. Your operating system has ways to generate pretty random data based on a cryptographic random generator. Use the following command to quickly generate a value for Flask.secret_key
(or SECRET_KEY
):
A note on cookie-based sessions: Flask will take the values you put into the session object and serialize them into a cookie. If you are finding some values do not persist across requests, cookies are indeed enabled, and you are not getting a clear error message, check the size of the cookie in your page responses compared to the size supported by web browsers.
Besides the default client-side based sessions, if you want to handle sessions on the server-side instead, there are several Flask extensions that support this.
Message Flashing
Good applications and user interfaces are all about feedback. If the user does not get enough feedback they will probably end up hating the application. Flask provides a really simple way to give feedback to a user with the flashing system. The flashing system basically makes it possible to record a message at the end of a request and access it on the next (and only the next) request. This is usually combined with a layout template to expose the message.
To flash a message use the flash()
method, to get hold of the messages you can use get_flashed_messages()
which is also available in the templates. See Message Flashing for a full example.
Logging
Changelog
Sometimes you might be in a situation where you deal with data that should be correct, but actually is not. For example you may have some client-side code that sends an HTTP request to the server but it’s obviously malformed. This might be caused by a user tampering with the data, or the client code failing. Most of the time it’s okay to reply with 400 Bad Request
in that situation, but sometimes that won’t do and the code has to continue working.
You may still want to log that something fishy happened. This is where loggers come in handy. As of Flask 0.3 a logger is preconfigured for you to use.
Here are some example log calls:
The attached logger
is a standard logging Logger
, so head over to the official logging
docs for more information.
Hooking in WSGI Middleware
To add WSGI middleware to your Flask application, wrap the application’s wsgi_app
attribute. For example, to apply Werkzeug’s ProxyFix
middleware for running behind Nginx:
Wrapping app.wsgi_app
instead of app
means that app
still points at your Flask application, not at the middleware, so you can continue to use and configure app
directly.
Using Flask Extensions
Extensions are packages that help you accomplish common tasks. For example, Flask-SQLAlchemy provides SQLAlchemy support that makes it simple and easy to use with Flask.
For more on Flask extensions, see Extensions.
Deploying to a Web Server
Ready to deploy your new Flask app? See Deploying to Production.