Flask是一个基于Python开发并且依赖jinja2模板和Werkzeug WSGI服务的一个微型框架,对于Werkzeug本质是Socket服务端,其用于接收http请求并对请求进行预处理,然后触发Flask框架,开发人员基于Flask框架提供的功能对请求进行相应的处理,并返回给用户,如果要返回给用户复杂的内容时,需要借助jinja2模板来实现对模板的处理,即:将模板和数据进行渲染,将渲染后的字符串返回给用户浏览器。
谈谈python,web框架
django框架:大而全,内部提供:ORM、Admin、中间件、From、ModelForm、Sessssion、rest_frmarword、缓存、信号、CSRF等
flask框架: 小而精,可扩展性强,第三方组件丰富(django中的几乎都有)
tornado框架:小而精,实现异步非阻塞
其他框架:
web.py
bottle.py
a. django和flask都依赖wsgi
- django 依赖 wsgiref
- flask 依赖 werkzeug
基本使用:
from werkzeug.wrappers import Response,Request from werkzeug.serving import run_simple @Request.application def index(request): return Response("hello world") if __name__ == '__main__': run_simple("localhost",4000,index)
from flask import Flask app=Flask(__name__) #Flask类对象 @app.route('/index') def index(): return "hello world" if __name__ == '__main__': app.run()
练习:
from flask import Flask,Response,render_template,request,redirect,session api=Flask("__name__") # 因为是将session写入到cookie中,必须加密(密钥) api.secret_key="kjabbgajdvv" USER_INFO={ "1":{"name":"曹超","age":18}, "2":{"name":"曹大超","age":28}, "3":{"name":"曹小超","age":38} } @api.route("/login",methods=["GET","POST"]) def login(): if request.method=="POST": # post请求(request.values==request.body) user=request.form.get("user") pwd=request.form.get("pwd") if user=="cao"and pwd=="123": # 将user写如seesion中 session["user_info"]=user return redirect("index") return render_template('login.html') @api.route("/index") def index(): user=session.get("user_info") if not user: return redirect("login") return render_template("index.html" ,user_dict=USER_INFO) #模板中取k,v时需要items() # return render_template("index.html" ,**{"user_dict":USER_INFO}) @api.route("/detail") def detail(): user = session.get("user_info") if not user: return redirect("login") # get请求 uid=request.args.get("uid") user_info=USER_INFO[uid] return render_template("detail.html" ,user_info=user_info) @api.route("/logout") def logout(): # 删除session del session["user_info"] return redirect("login") if __name__ == '__main__': api.run(port=8080,debug=True)
路由系统
- @app.route('/user/<username>')
- @app.route('/post/<int:post_id>')
- @app.route('/post/<float:post_id>')
- @app.route('/post/<path:path>')
- @app.route('/login', methods=['GET', 'POST'])
两种路由写法:
方法一:
@app.route("/index")
def index():
return "index"
方法二:
def login():
return "login"
app.add_url_rule('/login',"xx",login) #xx 别名
或app.add_url_rule('/login',view_func=login)
def auth(func): def inner(*args, **kwargs): print('before') result = func(*args, **kwargs) print('after') return result return inner @app.route('/index.html',methods=['GET','POST'],endpoint='index') @auth def index(): return 'Index' 或 def index(): return "Index" self.add_url_rule(rule='/index.html', endpoint="index", view_func=index, methods=["GET","POST"]) or app.add_url_rule(rule='/index.html', endpoint="index", view_func=index, methods=["GET","POST"]) app.view_functions['index'] = index 或 def auth(func): def inner(*args, **kwargs): print('before') result = func(*args, **kwargs) print('after') return result return inner class IndexView(views.View): methods = ['GET'] decorators = [auth, ] def dispatch_request(self): print('Index') return 'Index!' app.add_url_rule('/index', view_func=IndexView.as_view(name='index')) # name=endpoint 或 class IndexView(views.MethodView): methods = ['GET'] decorators = [auth, ] def get(self): return 'Index.GET' def post(self): return 'Index.POST' app.add_url_rule('/index', view_func=IndexView.as_view(name='index')) # name=endpoint @app.route和app.add_url_rule参数: rule, URL规则 view_func, 视图函数名称 defaults=None, 默认值,当URL中无参数,函数需要参数时,使用defaults={'k':'v'}为函数提供参数 endpoint=None, 名称,用于反向生成URL,即: url_for('名称') methods=None, 允许的请求方式,如:["GET","POST"] strict_slashes=None, 对URL最后的 / 符号是否严格要求, 如: @app.route('/index',strict_slashes=False), 访问 http://www.xx.com/index/ 或 http://www.xx.com/index均可 @app.route('/index',strict_slashes=True) 仅访问 http://www.xx.com/index redirect_to=None, 重定向到指定地址 如: @app.route('/index/<int:nid>', redirect_to='/home/<nid>') 或 def func(adapter, nid): return "/home/888" @app.route('/index/<int:nid>', redirect_to=func) subdomain=None, 子域名访问 from flask import Flask, views, url_for app = Flask(import_name=__name__) app.config['SERVER_NAME'] = 'wupeiqi.com:5000' @app.route("/", subdomain="admin") def static_index(): """Flask supports static subdomains This is available at static.your-domain.tld""" return "static.your-domain.tld" @app.route("/dynamic", subdomain="<username>") def username_index(username): """Dynamic subdomains are also supported Try going to user1.your-domain.tld/dynamic""" return username + ".your-domain.tld" if __name__ == '__main__': app.run()
from flask import Flask, views, url_for from werkzeug.routing import BaseConverter app = Flask(import_name=__name__) class RegexConverter(BaseConverter): """ 自定义URL匹配正则表达式 """ def __init__(self, map, regex): super(RegexConverter, self).__init__(map) self.regex = regex def to_python(self, value): """ 路由匹配时,匹配成功后传递给视图函数中参数的值 :param value: :return: """ return int(value) def to_url(self, value): """ 使用url_for反向生成URL时,传递的参数经过该方法处理,返回的值用于生成URL中的参数 :param value: :return: """ val = super(RegexConverter, self).to_url(value) return val # 添加到flask中 app.url_map.converters['regex'] = RegexConverter @app.route('/index/<regex("d+"):nid>') def index(nid): print(url_for('index', nid='888')) return 'Index' if __name__ == '__main__': app.run()
配置文件
flask中的配置文件是一个flask.config.Config对象(继承字典),默认配置为: { 'DEBUG': get_debug_flag(default=False), 是否开启Debug模式 'TESTING': False, 是否开启测试模式 'PROPAGATE_EXCEPTIONS': None, 'PRESERVE_CONTEXT_ON_EXCEPTION': None, 'SECRET_KEY': None, 'PERMANENT_SESSION_LIFETIME': timedelta(days=31), 'USE_X_SENDFILE': False, 'LOGGER_NAME': None, 'LOGGER_HANDLER_POLICY': 'always', 'SERVER_NAME': None, 'APPLICATION_ROOT': None, 'SESSION_COOKIE_NAME': 'session', 'SESSION_COOKIE_DOMAIN': None, 'SESSION_COOKIE_PATH': None, 'SESSION_COOKIE_HTTPONLY': True, 'SESSION_COOKIE_SECURE': False, 'SESSION_REFRESH_EACH_REQUEST': True, 'MAX_CONTENT_LENGTH': None, 'SEND_FILE_MAX_AGE_DEFAULT': timedelta(hours=12), 'TRAP_BAD_REQUEST_ERRORS': False, 'TRAP_HTTP_EXCEPTIONS': False, 'EXPLAIN_TEMPLATE_LOADING': False, 'PREFERRED_URL_SCHEME': 'http', 'JSON_AS_ASCII': True, 'JSON_SORT_KEYS': True, 'JSONIFY_PRETTYPRINT_REGULAR': True, 'JSONIFY_MIMETYPE': 'application/json', 'TEMPLATES_AUTO_RELOAD': None, } 方式一: app.config['DEBUG'] = True PS: 由于Config对象本质上是字典,所以还可以使用app.config.update(...) 方式二: app.config.from_pyfile("python文件名称") 如: settings.py DEBUG = True app.config.from_pyfile("settings.py") app.config.from_envvar("环境变量名称") 环境变量的值为python文件名称名称,内部调用from_pyfile方法 app.config.from_json("json文件名称") JSON文件名称,必须是json格式,因为内部会执行json.loads app.config.from_mapping({'DEBUG':True}) 字典格式 app.config.from_object("python类或类的路径") app.config.from_object('pro_flask.settings.TestingConfig') settings.py class Config(object): DEBUG = False TESTING = False DATABASE_URI = 'sqlite://:memory:' class ProductionConfig(Config): DATABASE_URI = 'mysql://user@localhost/foo' class DevelopmentConfig(Config): DEBUG = True class TestingConfig(Config): TESTING = True PS: 从sys.path中已经存在路径开始写 PS: settings.py文件默认路径要放在程序root_path目录,如果instance_relative_config为True,则就是instance_path目录
练习
from flask import Flask,session app=Flask(__name__) app.config.from_object("settings.DevelopmentConfig") @app.route("/index") def index(): session["user"]=123 return "index" def login(): print(session["user"]) return "login" app.add_url_rule('/login',view_func=login) if __name__ == '__main__': app.run()
class BaseConfig(object): DEBUG = True SECRET_KEY = "asudflkjdfadjfakdf" class ProductionConfig(BaseConfig): DEBUG = False class DevelopmentConfig(BaseConfig): pass class TestingConfig(BaseConfig): pass
视图
CBV:
from flask import Flask,render_template,redirect,views
app = Flask(__name__)
def wapper(func):
def inner(*args,**kwargs):
print('before')
return func(*args,**kwargs)
return inner
class IndexView(views.MethodView):
methods = ['GET']
decorators = [wapper, ] #装饰器
def get(self):
return 'Index.GET'
def post(self):
return 'Index.POST'
app.add_url_rule('/index', view_func=IndexView.as_view(name='index')) # 别名name=endpoint
if __name__ == '__main__':
app.run()
session
session 对象。它允许你在不同请求间存储特定用户的信息。它是在 Cookies 的基础上实现的,并且对 Cookies 进行密钥签名要使用会话,你需要设置一个密钥。
-
设置:session['username'] = 'xxx'
- 删除:session.pop('username', None)
方法 和字典一样
注意:session中存储的是字典,修改字典内部元素时,会造成数据不更新。 - motified = True - SESSION_REFRESH_EACH_REQUEST = True and session.permanent = True(redis中默认)
from flask import Flask,session from flask_session import RedisSessionInterface app = Flask(__name__) app.secret_key = 'asdf' # 默认session # from flask.sessions import SecureCookieSessionInterface # app.session_interface = SecureCookieSessionInterface() # 方式一:redis 保存session # from redis import Redis # app.session_interface = RedisSessionInterface( # redis=Redis(host='127.0.0.1',port=6379), # key_prefix='flaskxxx' # ) # 方式二:redis 保存session 见第三方session from flask.ext.session import Session from redis import Redis app.config['SESSION_TYPE'] = 'redis' app.config['SESSION_REDIS'] = Redis(host='192.168.0.94',port='6379') Session(app) @app.route('/login') def login(): session['k1'] = 123 return 'login' @app.route('/xx') def index(): v = session['k1'] print(v) return 'Index' if __name__ == '__main__': app.run()
#!/usr/bin/env python # -*- coding:utf-8 -*- """ pip3 install redis pip3 install flask-session """ from flask import Flask, session, redirect from flask.ext.session import Session app = Flask(__name__) app.debug = True app.secret_key = 'asdfasdfasd' app.config['SESSION_TYPE'] = 'redis' from redis import Redis app.config['SESSION_REDIS'] = Redis(host='192.168.0.94',port='6379') Session(app) @app.route('/login') def login(): session['username'] = 'alex' return redirect('/index') @app.route('/index') def index(): name = session['username'] return name if __name__ == '__main__': app.run()
pip3 install Flask-Session run.py from flask import Flask from flask import session from pro_flask.utils.session import MySessionInterface app = Flask(__name__) app.secret_key = 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' app.session_interface = MySessionInterface() @app.route('/login.html', methods=['GET', "POST"]) def login(): print(session) session['user1'] = 'alex' session['user2'] = 'alex' del session['user2'] return "内容" if __name__ == '__main__': app.run() session.py #!/usr/bin/env python # -*- coding:utf-8 -*- import uuid import json from flask.sessions import SessionInterface from flask.sessions import SessionMixin from itsdangerous import Signer, BadSignature, want_bytes class MySession(dict, SessionMixin): def __init__(self, initial=None, sid=None): self.sid = sid self.initial = initial super(MySession, self).__init__(initial or ()) def __setitem__(self, key, value): super(MySession, self).__setitem__(key, value) def __getitem__(self, item): return super(MySession, self).__getitem__(item) def __delitem__(self, key): super(MySession, self).__delitem__(key) class MySessionInterface(SessionInterface): session_class = MySession container = {} def __init__(self): import redis self.redis = redis.Redis() def _generate_sid(self): return str(uuid.uuid4()) def _get_signer(self, app): if not app.secret_key: return None return Signer(app.secret_key, salt='flask-session', key_derivation='hmac') def open_session(self, app, request): """ 程序刚启动时执行,需要返回一个session对象 """ sid = request.cookies.get(app.session_cookie_name) if not sid: sid = self._generate_sid() return self.session_class(sid=sid) signer = self._get_signer(app) try: sid_as_bytes = signer.unsign(sid) sid = sid_as_bytes.decode() except BadSignature: sid = self._generate_sid() return self.session_class(sid=sid) # session保存在redis中 # val = self.redis.get(sid) # session保存在内存中 val = self.container.get(sid) if val is not None: try: data = json.loads(val) return self.session_class(data, sid=sid) except: return self.session_class(sid=sid) return self.session_class(sid=sid) def save_session(self, app, session, response): """ 程序结束前执行,可以保存session中所有的值 如: 保存到resit 写入到用户cookie """ domain = self.get_cookie_domain(app) path = self.get_cookie_path(app) httponly = self.get_cookie_httponly(app) secure = self.get_cookie_secure(app) expires = self.get_expiration_time(app, session) val = json.dumps(dict(session)) # session保存在redis中 # self.redis.setex(name=session.sid, value=val, time=app.permanent_session_lifetime) # session保存在内存中 self.container.setdefault(session.sid, val) session_id = self._get_signer(app).sign(want_bytes(session.sid)) response.set_cookie(app.session_cookie_name, session_id, expires=expires, httponly=httponly, domain=domain, path=path, secure=secure)
模板
Flask使用的是Jinja2模板,所以其语法(更接近python)和Django无差别
view.py
from flask import Flask,session,render_template,Markup app=Flask(__name__) app.debug=True def func1(): return 22 def func2(): return Markup("<input value='姓名'/>")
#全局定义函数,所有模板都可以用 @app.template_global() def func3(a1,a2): return a1+a2 @app.route("/index") def index(): data_dict={ "k1":"caohcoa", "k2":[11,22,33,44,550], "k5":{"name":"sb","age":23}, "k3":lambda x:x+1, "k4":func1, "k6":func2 } return render_template("index.html",**data_dict) if __name__ == '__main__': app.run()
templates-->index.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Title</title> </head> <body> <h3>INDEX</h3> <div> <h4>{{k1}}</h4> <h4>{{k2.0}} {{k2[0]}} </h4> <h4>{{k3(3)}}</h4> <h4>{{k4()}}</h4> <h4>{{k5["name"]}} {{k5.name}} {{k5.get("name")}}</h4> <h4>{{k6()}} </h4> <h4>{{func3(1,3)}} </h4> </div> </body> </html>
防止XSS攻击
模板: xx|safe
脚本:Markup(xxx)
请求与响应
# 请求相关信息 # request.method # request.args # request.form # request.values # request.cookies # request.headers # request.path # request.full_path # request.script_root # request.url # request.base_url # request.url_root # request.host_url # request.host # request.files # obj = request.files['the_file_name'] # obj.save('/var/www/uploads/' + secure_filename(f.filename)) # 响应相关信息 # return "字符串" # return render_template('html模板路径',**{}) # return redirect('/index.html') # response = make_response(render_template('index.html')) # response是flask.wrappers.Response类型 # response.delete_cookie('key') # response.set_cookie('key', 'value') # response.headers['X-Something'] = 'A value' # return response
特殊装饰器
条件:当请求到来时,在函数执行之前和函数执行之后进行操作
1、使用装饰器
from flask import Flask,Response,render_template,request,redirect,session api=Flask("__name__") # 因为是将session写入到cookie中,必须加密 api.secret_key="kjabbgajdvv" USER_INFO={ "1":{"name":"曹超","age":18}, "2":{"name":"曹大超","age":28}, "3":{"name":"曹小超","age":38} } def wrapper(func): def inner(*args,**kwargs): user=session.get("user_info") if not user: return redirect("login") ret=func(*args,**kwargs) return ret return inner @api.route("/login",methods=["GET","POST"]) def login(): if request.method=="POST": # post请求(request.values==request.body) user=request.form.get("user") pwd=request.form.get("pwd") if user=="cao"and pwd=="123": # 将user写如seesion中 session["user_info"]=user return redirect("index") return render_template('login.html') @api.route("/index",endpoint="index")
#1、执行wrapper函数 wrapper(index)
#2、将第一步的返回值重新赋值 index=wrapper(index) @wrapper #index=wrapper(index) def index(): return render_template("index.html" ,user_dict=USER_INFO) @api.route("/detail",endpoint="detail") #endpoint 别名 @wrapper def detail(): # get请求 uid=request.args.get("uid") user_info=USER_INFO[uid] return render_template("detail.html" ,user_info=user_info) @api.route("/logout") def logout(): # 删除session del session["user_info"] return redirect("login") if __name__ == '__main__': api.run(port=8080,debug=True)
2、使用before_request和after_request类似于中间件
搜索
from flask import Flask app=Flask(__name__) @app.before_request def x1(): print("前1") @app.before_request def x2(): print("前2") @app.after_request def o1(response): print("后1") return response @app.after_request def o2(response): print("后2") return response @app.route("/index") def index(): print("index") return "index" if __name__ == '__main__': app.run()
结果
流程图:
利用此功能做登录认证:
from flask import Flask,render_template,redirect,request,session app = Flask(__name__) app.secret_key = 'asdfasdfasdf' @app.before_request def check_login(): if request.path == '/login': return None user = session.get('user_info') if not user: return redirect('/login') @app.route('/login',methods=['GET','POST']) def login(): return "视图函数x1" @app.route('/index',methods=['GET','POST']) def index(): print('视图函数x2') return "视图函数x2" if __name__ == '__main__': app.run()
message(闪现)
message是一个基于Session(先将数据写入session,在session.pop("xx"))实现的用于保存数据的集合,其特点是:使用一次就删除。
from flask import Flask,flash,get_flashed_messages app=Flask(__name__) app.secret_key="sb" @app.route("/login") def login(): flash("你好啊!",category="x1") return "login" @app.route("/index") def index(): data=get_flashed_messages(category_filter=['x1']) print(data) return "index" if __name__=="__main__": app.run()
中间件
from flask import Flask, flash, redirect, render_template, request app = Flask(__name__) app.secret_key = 'some_secret' @app.route('/') def index1(): return render_template('index.html') @app.route('/set') def index2(): v = request.args.get('p') flash(v) return 'ok' class MiddleWare: def __init__(self,wsgi_app): self.wsgi_app = wsgi_app def __call__(self, *args, **kwargs): return self.wsgi_app(*args, **kwargs) if __name__ == "__main__": app.wsgi_app = MiddleWare(app.wsgi_app) app.run(port=9999)
蓝图(Blueprint)
作用:1、目录结构划分
2、一类 URL的划分
3、基于before_request(装饰器)现实一类url的功能
蓝图用于为应用提供目录划分:
小型应用程序:
# 启动文件 from blueprint.flaskitem import app if __name__ == '__main__': app.run()
from flask import Flask app=Flask(__name__) from .views import user,course app.register_blueprint(user.us) app.register_blueprint(course.co)
from flask import Blueprint # 示例化蓝图 co=Blueprint("co",__name__) @co.route("/index") def index(): return "index" @co.route("/login") def login(): return "login"
from flask import Blueprint # 示例化蓝图 us=Blueprint("us",__name__,url_prefix="api") #url_prefix ,访问url时加上api前缀 @us.route("/info") def info(): return "info" @us.route("/loginout") def loginout(): return "loginout"
