Flassk Tutorial

Beginners To Experts

The site is under development.

Intermediate

1.1 What is Flask?
Flask is a lightweight web framework in Python.
It supports building web apps easily using minimal code.
Flask uses Werkzeug and Jinja2 internally.
from flask import Flask
app = Flask(__name__)
@app.route('/')
def home():
    return "Hello, Flask!"
app.run()

1.2 Installing Flask
Flask is installed using pip, Python's package manager.
Use a virtual environment to manage dependencies.
You can verify installation with pip show.
pip install flask
pip show flask

1.3 Your First Flask App
A Flask app starts with importing Flask and creating an instance.
Define routes using decorators.
Run the server with debug mode enabled for development.
from flask import Flask
app = Flask(__name__)
@app.route('/')
def hello():
    return "Welcome to Flask!"
if __name__ == '__main__':
    app.run(debug=True)

1.4 Flask App Structure
Typical structure has app.py, templates/, and static/.
templates/ holds HTML and static/ holds CSS, JS.
Keeps frontend/backend separation clear.
project/
├── app.py
├── templates/
└── static/

1.5 Running the Flask Server
You can start the server using flask run.
Set environment variables before running.
app.run() is also an option for launching manually.
export FLASK_APP=app.py
flask run

1.6 Routing in Flask
Routes link URLs to Python functions.
Use @app.route with a URL pattern.
Dynamic routes allow variable input from URL.
@app.route('/user/')
def greet(name):
    return f"Hello, {name}!"

1.7 Flask Debug Mode
Debug mode gives useful error messages.
It automatically reloads the app on code change.
Use debug=True only during development.
if __name__ == '__main__':
    app.run(debug=True)

1.8 Flask with HTML Templates
HTML templates go in the templates folder.
Use render_template to render HTML pages.
Jinja2 syntax allows embedding Python logic.
from flask import render_template
@app.route('/')
def home():
    return render_template('index.html')

1.9 Static Files in Flask
Store images, CSS, and JS in the static folder.
Access them using url_for() in templates.
This helps organize client-side files.
<link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">

1.10 Summary of Basics
Flask allows fast setup of dynamic web apps.
You learned routing, templating, and structure.
Let’s build on this to handle forms and logic next.

2.1 Dynamic Routes
Use placeholders in route URLs to capture values.
Useful for personalized content or ID-based access.
Flask passes URL parts to view functions.
@app.route('/profile/')
def show_profile(username):
    return f"Profile: {username}"

2.2 Converters in Routes
You can specify data types using converters.
Ensures that route parameters match expected type.
Types include int, float, path, etc.
@app.route('/item/')
def item(item_id):
    return f"Item number {item_id}"

2.3 URL Building with url_for
url_for() builds URLs using function names.
Avoids hardcoding paths in templates or Python.
Helpful when refactoring routes.
url_for('show_profile', username='john')

2.4 Redirects
Use redirect() to send users to another page.
Combined with url_for() it becomes flexible.
Good for login/logout workflows.
from flask import redirect, url_for
return redirect(url_for('login'))

2.5 HTTP Methods
Flask routes can handle GET, POST, PUT, DELETE, etc.
Use methods parameter in route decorator.
Handle form submissions using POST.
@app.route('/submit', methods=['POST'])
def submit():
    return "Form submitted!"

2.6 Handling 404 Errors
Flask allows custom 404 error handlers.
You can show user-friendly error messages.
Use @app.errorhandler(404) decorator.
@app.errorhandler(404)
def page_not_found(e):
    return "Page Not Found", 404

2.7 Returning JSON
Flask can return JSON responses with jsonify().
Useful for APIs and AJAX requests.
from flask import jsonify
@app.route('/data')
def data():
    return jsonify({"name": "John", "age": 30})

2.8 URL Parameters
Read query string parameters using request.args.
Great for filters, searches, and dynamic content.
from flask import request
@app.route('/search')
def search():
    q = request.args.get('q')
    return f"Searching for {q}"

2.9 Response Objects
You can return full Response objects.
Customize headers, content type, and status codes.
from flask import Response
return Response("Custom response", status=200)

2.10 Summary
This chapter covered dynamic routes, converters, and views.
You also learned about HTTP methods and custom errors.
Up next: handling forms and user input.

3.1 What is Jinja2?
Jinja2 is Flask's template engine that enables dynamic HTML.
It allows embedding Python-like expressions inside HTML.
Templates separate logic from presentation.
<!-- templates/index.html -->
<h1>Hello, {{ name }}!</h1>

3.2 Using Variables in Templates
Pass variables from Flask views to templates.
Use {{ variable }} syntax to display values.
Variables can be strings, lists, or dictionaries.
from flask import render_template

@app.route('/hello')
def hello():
    return render_template('index.html', name='Alice')

3.3 Control Structures
Use for loops and if statements in templates.
Helps to render content conditionally or repeatedly.
Jinja2 syntax uses {% %} for control blocks.
<ul>
{% for item in items %}
  <li>{{ item }}</li>
{% endfor %}
</ul>

3.4 Template Inheritance
Create base templates and extend them.
Allows reuse of common layout elements.
Use {% block %} tags to define customizable sections.
<!-- base.html -->
<html>
  <body>
    {% block content %}{% endblock %}
  </body>
</html>

<!-- home.html -->
{% extends 'base.html' %}
{% block content %}
  <h1>Home Page</h1>
{% endblock %}

3.5 Filters in Templates
Filters modify variables output like uppercase, length.
Use the pipe `|` syntax.
Example: {{ name|upper }} outputs uppercase name.
<p>{{ 'hello'|capitalize }}</p>  <!-- Outputs: Hello -->

3.6 Macros for Reusable Snippets
Macros define reusable template snippets/functions.
Helps reduce code duplication.
Use {% macro %} and call them in templates.
{% macro input(name, value='') %}
  <input type="text" name="{{ name }}" value="{{ value }}">
{% endmacro %}

{{ input('username') }}

3.7 Escaping HTML
Jinja2 autoescapes variables to prevent XSS.
Use |safe filter to render raw HTML.
Be cautious with unescaped content.
{{ user_input }}      <!-- Escaped by default -->
{{ user_input|safe }} <!-- Render as raw HTML -->

3.8 Template Debugging
Use debug mode to see errors in templates.
Flask shows line number and error messages.
Helpful for fixing syntax or runtime errors.
app.run(debug=True)

3.9 Static Files in Templates
Use url_for('static', filename='...') to link static files.
Ensures correct path resolution.
Common for CSS, JS, images.
<link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">

3.10 Summary of Templates and Jinja2
Templates enable dynamic HTML rendering.
Jinja2 provides control structures, filters, and inheritance.
It separates Python code from HTML presentation.

4.1 Handling Form Data
Forms send user input via POST or GET requests.
Flask can extract data from these requests.
Use request.form or request.args to access.
from flask import request

@app.route('/submit', methods=['POST'])
def submit():
    name = request.form['name']
    return f"Hello, {name}!"

4.2 GET vs POST Methods
GET appends data to URL, POST sends data in request body.
POST is preferred for sensitive data.
Routes must specify allowed methods.
@app.route('/search', methods=['GET'])
def search():
    query = request.args.get('q')
    return f"Search: {query}"

4.3 HTML Form Basics
Forms are created with <form> tags and input fields.
Use action and method attributes.
Submit buttons trigger data sending.
<form action="/submit" method="POST">
  <input type="text" name="name">
  <input type="submit" value="Send">
</form>

4.4 Flask-WTF Introduction
Flask-WTF simplifies form handling and validation.
Uses WTForms for easy form creation.
Provides CSRF protection.
from flask_wtf import FlaskForm
from wtforms import StringField, SubmitField

class NameForm(FlaskForm):
    name = StringField('Name')
    submit = SubmitField('Submit')

4.5 CSRF Protection
Protects against Cross-Site Request Forgery attacks.
Flask-WTF handles CSRF tokens automatically.
Always use for forms that modify data.
app.config['SECRET_KEY'] = 'your_secret_key'

4.6 Form Validation
Validate form inputs before processing.
WTForms provides built-in validators.
Example: DataRequired ensures input is not empty.
from wtforms.validators import DataRequired

name = StringField('Name', validators=[DataRequired()])

4.7 Handling File Uploads
Use Flask's request.files to get uploaded files.
Save files securely using secure_filename.
Set upload folder in app config.
from werkzeug.utils import secure_filename

file = request.files['file']
filename = secure_filename(file.filename)
file.save('/path/to/uploads/' + filename)

4.8 Redirects and URL For
Use redirect() to send users to other routes.
url_for() generates URLs dynamically.
Helps maintain clean URL handling.
from flask import redirect, url_for

return redirect(url_for('home'))

4.9 Flash Messages
Show temporary messages to users after actions.
Use flash() and get_flashed_messages() functions.
Messages appear once and disappear after.
from flask import flash, get_flashed_messages

flash('Form submitted successfully!')

4.10 Summary of Forms and User Input
Handling user input securely is critical.
Forms can be created and validated with Flask-WTF.
Always protect against common security threats.

5.1 What are Flask Extensions?
Extensions add extra features to Flask easily.
They follow Flask's design principles.
Examples include Flask-SQLAlchemy, Flask-Login.
pip install flask_sqlalchemy

5.2 Flask-SQLAlchemy
Simplifies database integration.
Provides ORM to work with databases using Python classes.
Supports SQLite, MySQL, PostgreSQL, etc.
from flask_sqlalchemy import SQLAlchemy
db = SQLAlchemy(app)

class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True, nullable=False)

5.3 Flask-Migrate
Helps with database migrations.
Manages changes in database schema easily.
Works with Flask-SQLAlchemy.
flask db init
flask db migrate -m "Initial migration"
flask db upgrade

5.4 Flask-Login
Manages user sessions and authentication.
Provides login_required decorator.
Supports user login/logout flow.
from flask_login import LoginManager, login_user, login_required

login_manager = LoginManager(app)

@app.route('/dashboard')
@login_required
def dashboard():
    return "Welcome to your dashboard"

5.5 Flask-Mail
Simplifies sending emails.
Useful for notifications, password resets.
Integrates with SMTP servers.
from flask_mail import Mail, Message
mail = Mail(app)

msg = Message("Hello", recipients=["user@example.com"])
mail.send(msg)

5.6 Flask-Caching
Adds caching to improve performance.
Supports multiple backends like Redis.
Easy to use decorators for caching.
from flask_caching import Cache
cache = Cache(app)

@cache.cached(timeout=60)
def get_data():
    return expensive_computation()

5.7 Flask-RESTful
Helps build REST APIs quickly.
Provides resource routing and parsing.
Simplifies API development.
from flask_restful import Api, Resource
api = Api(app)

class HelloWorld(Resource):
    def get(self):
        return {'hello': 'world'}

api.add_resource(HelloWorld, '/')

5.8 Installing Extensions
Use pip to install Flask extensions.
Always check compatibility with Flask version.
Use virtual environments to isolate dependencies.
pip install flask-login flask-mail flask-migrate

5.9 Managing Extension Configurations
Configure extensions using app.config.
Use environment variables for secrets.
Keep configurations secure and modular.
app.config['SECRET_KEY'] = 'your_secret_key'
app.config['MAIL_SERVER'] = 'smtp.example.com'

5.10 Summary of Flask Extensions
Extensions add powerful features easily.
Learn the popular extensions for your needs.
Proper configuration ensures smooth integration.

6.1 Why Use Databases?
Databases store persistent application data.
They allow efficient data retrieval and management.
Essential for dynamic applications.
# Example: User info stored in a database instead of memory.

6.2 Relational vs NoSQL
Relational uses tables and SQL queries.
NoSQL uses flexible document or key-value models.
Choose based on application needs.
# SQL: SELECT * FROM users WHERE id=1;
# NoSQL: db.users.find({id:1})

6.3 Using SQLite with Flask
SQLite is lightweight and file-based.
No separate server needed.
Good for small to medium apps.
import sqlite3

conn = sqlite3.connect('database.db')
c = conn.cursor()
c.execute('CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY, name TEXT)')
conn.commit()
conn.close()

6.4 Flask-SQLAlchemy Basics
SQLAlchemy ORM maps classes to database tables.
Simplifies database queries.
Integrates seamlessly with Flask.
from flask_sqlalchemy import SQLAlchemy
db = SQLAlchemy(app)

class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.String(80))

6.5 Creating and Querying Records
Add and query data using ORM methods.
Use session.add() and session.query().
Commit changes to save.
user = User(name='Alice')
db.session.add(user)
db.session.commit()

users = User.query.all()
for u in users:
    print(u.name)

6.6 Database Migrations
Migrations track schema changes.
Use Flask-Migrate for smooth upgrades.
Avoid manual table alterations.
flask db migrate -m "Add user table"
flask db upgrade

6.7 Connection Pooling
Reuse database connections for efficiency.
Managed by SQLAlchemy by default.
Improves app scalability.
# Handled internally by SQLAlchemy; no code needed here.

6.8 Handling Transactions
Transactions ensure data integrity.
Commit or rollback changes as a unit.
Use db.session.commit() and db.session.rollback().
try:
    user = User(name='Bob')
    db.session.add(user)
    db.session.commit()
except:
    db.session.rollback()

6.9 Securing Database Access
Use environment variables for credentials.
Limit database user permissions.
Avoid hardcoding sensitive info.
import os
app.config['SQLALCHEMY_DATABASE_URI'] = os.getenv('DATABASE_URL')

6.10 Summary of Database Integration
Databases provide persistent, reliable storage.
ORM tools simplify database operations.
Secure configuration is critical for safety.

7.1 What is Authentication?
Authentication verifies the identity of a user.
It ensures only authorized users access certain parts.
Commonly involves login and password checks.
# Verify user credentials before granting access

7.2 Setting up Flask-Login
Flask-Login manages user sessions.
It simplifies login/logout and access control.
Initialize with your Flask app.
from flask_login import LoginManager
login_manager = LoginManager()
login_manager.init_app(app)

7.3 User Model for Authentication
User class must implement certain methods.
Flask-Login requires is_authenticated, get_id(), etc.
Often extends your database User model.
class User(UserMixin, db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(150), unique=True)

7.4 Login View
Handles user login form submission.
Validates credentials and calls login_user().
Redirects after successful login.
from flask_login import login_user

@app.route('/login', methods=['GET', 'POST'])
def login():
    # validate form and login_user()
    pass

7.5 Logout Functionality
Ends the user session.
Use logout_user() function.
Redirect to public pages after logout.
from flask_login import logout_user

@app.route('/logout')
def logout():
    logout_user()
    return redirect(url_for('home'))

7.6 Protecting Routes
Use @login_required decorator on routes.
Only logged-in users can access protected pages.
Redirects to login page if unauthorized.
from flask_login import login_required

@app.route('/dashboard')
@login_required
def dashboard():
    return "User dashboard"

7.7 Remember Me Feature
Keeps users logged in across sessions.
Implemented via setting remember=True in login_user().
Optional checkbox in login forms.
login_user(user, remember=True)

7.8 Handling Unauthorized Access
Customize unauthorized handler.
Show friendly message or redirect.
Override login_manager.unauthorized_handler.
@login_manager.unauthorized_handler
def unauthorized():
    return redirect(url_for('login'))

7.9 Password Hashing
Never store plain passwords.
Use hashing libraries like Werkzeug.
Securely check passwords on login.
from werkzeug.security import generate_password_hash, check_password_hash

hashed = generate_password_hash('mypassword')
check_password_hash(hashed, 'mypassword')  # returns True

7.10 Summary of User Authentication
Authentication protects user data and app resources.
Flask-Login simplifies session management.
Always hash passwords and protect routes.

8.1 What is a REST API?
REST APIs provide a standard way to communicate over HTTP.
They expose data and functionality as resources.
Use HTTP methods like GET, POST, PUT, DELETE.
# API endpoints serve JSON data

8.2 Setting up Flask-RESTful
Flask-RESTful extension simplifies API building.
Provides Resource classes and request parsing.
Initialize Api with your Flask app.
from flask_restful import Api
api = Api(app)

8.3 Creating a Resource
Define Resource classes with HTTP method handlers.
Implement get(), post(), put(), delete() methods.
Add resource to API with a route.
from flask_restful import Resource

class HelloWorld(Resource):
    def get(self):
        return {'hello': 'world'}

api.add_resource(HelloWorld, '/')

8.4 JSON Input and Output
Parse JSON request data with request.get_json().
Return JSON responses as dictionaries.
Flask-RESTful auto converts dicts to JSON.
from flask import request

class Item(Resource):
    def post(self):
        data = request.get_json()
        return {'you sent': data}, 201

8.5 Handling HTTP Status Codes
Return status codes alongside responses.
Use tuples like (response, status_code).
Communicates success or error clearly.
return {'message': 'Created'}, 201
return {'error': 'Not found'}, 404

8.6 Request Parsing with reqparse
Simplifies validation and parsing of arguments.
Define expected fields and types.
Automatically returns errors on bad input.
from flask_restful import reqparse

parser = reqparse.RequestParser()
parser.add_argument('name', required=True)
args = parser.parse_args()

8.7 Error Handling in APIs
Return consistent error responses.
Use try-except to catch exceptions.
Flask-RESTful supports custom error handlers.
try:
    # do something
except Exception as e:
    return {'error': str(e)}, 500

8.8 Authentication for APIs
Protect API endpoints with tokens or keys.
Use Flask-HTTPAuth or JWT extensions.
Prevent unauthorized access.
from flask_httpauth import HTTPTokenAuth

auth = HTTPTokenAuth(scheme='Bearer')

8.9 API Versioning
Manage breaking changes using versioned URLs.
Example: /api/v1/resource and /api/v2/resource.
Helps clients migrate smoothly.
api.add_resource(HelloWorld, '/api/v1/hello')

8.10 Summary of REST APIs
REST APIs enable app interoperability.
Flask-RESTful eases API development.
Always secure and validate your APIs.

9.1 Template Macros
Macros allow reusable snippets inside templates.
Reduce repetition and improve maintainability.
Define macros with {% macro %} and call them.
{% macro button(text) %}
  <button>{{ text }}</button>
{% endmacro %}

{{ button('Click me') }}

9.2 Template Filters
Filters modify output variables.
Built-in filters include lower, upper, replace.
Create custom filters in Python.
{{ 'Hello'|lower }}  <!-- outputs 'hello' -->

9.3 Template Globals
Register Python functions as global template helpers.
Use @app.template_global decorator.
Access in templates like built-in functions.
@app.template_global()
def greet(name):
    return f"Hello, {name}"

{{ greet('Alice') }}

9.4 Template Context Processors
Inject variables into all templates automatically.
Use @app.context_processor decorator.
Useful for global data like user info.
@app.context_processor
def inject_user():
    return dict(user='Alice')

9.5 Template Tests
Tests check variable states in templates.
Example tests: defined, none, equalto.
Used with {% if variable is test %}.
{% if user is defined %}Welcome {{ user }}{% endif %}

9.6 Escaping and Autoescaping
Prevent XSS by escaping output.
Autoescaping is enabled by default.
Use |safe filter to disable escaping.
{{ user_input|safe }}

9.7 Template Inheritance Revisited
Use multiple levels of template inheritance.
Organize large projects with base templates.
Override blocks in child templates.
{% extends "base.html" %}
{% block content %}Page content here{% endblock %}

9.8 Using Includes
Insert partial templates with {% include %}.
Useful for headers, footers, or widgets.
Keeps templates modular.
{% include "header.html" %}

9.9 Working with Loops in Templates
Loop over lists or dicts in templates.
Use loop variable for index or first/last.
Controls flow inside templates.
{% for item in items %}
  {{ loop.index }}: {{ item }}
{% endfor %}

9.10 Summary of Advanced Templates
Advanced template features improve code reuse.
Macros, filters, context processors help.
Organize templates efficiently for large apps.

10.1 What are Sessions?
Sessions store data across requests per user.
Stored server-side or in signed cookies.
Used for login state, preferences.
from flask import session
session['user'] = 'Alice'

10.2 Using Cookies
Cookies store data on the client browser.
Sent with each HTTP request.
Use to remember user info.
resp = make_response("Set cookie")
resp.set_cookie('username', 'Alice')
return resp

10.3 Flask Session Setup
Flask uses secure cookies by default.
Requires app secret key.
Good for small session data.
app.secret_key = 'your_secret_key'

10.4 Modifying Session Data
Store or update values in session dict.
Remove keys with session.pop().
Session persists until browser closes or timeout.
session['cart'] = ['item1', 'item2']
session.pop('cart', None)

10.5 Permanent Sessions
Sessions can be permanent to last longer.
Configure duration with PERMANENT_SESSION_LIFETIME.
Set session.permanent = True.
from datetime import timedelta
app.permanent_session_lifetime = timedelta(days=7)
session.permanent = True

10.6 Secure Cookies and Encryption
Flask signs cookies to prevent tampering.
Use HTTPS to protect cookies in transit.
Avoid storing sensitive data in cookies.
# Use HTTPS and SECRET_KEY for secure sessions

10.7 Using Flask-Session
Server-side session extension.
Stores sessions in filesystem, Redis, or databases.
Useful for large session data.
from flask_session import Session
app.config['SESSION_TYPE'] = 'filesystem'
Session(app)

10.8 Accessing Session in Templates
Pass session data to templates.
Use session like a dict in Jinja2.
Display user preferences or login status.
<p>Logged in as: {{ session['user'] }}</p>

10.9 Clearing Sessions and Logout
Clear all session data on logout.
Use session.clear() method.
Helps prevent unauthorized reuse.
@app.route('/logout')
def logout():
    session.clear()
    return redirect(url_for('home'))

10.10 Summary of Sessions and Cookies
Sessions maintain user state across requests.
Cookies store data client-side but have limits.
Use secure sessions to protect user data.

11.1 Why Use a Database?
Databases store persistent data.
They help manage, query, and relate data.
Essential for dynamic web applications.
# Store user info, posts, etc.

11.2 SQL vs NoSQL
SQL databases are relational (tables).
NoSQL stores unstructured data (documents, key-values).
Choose based on app needs.
# Example: SQLite (SQL), MongoDB (NoSQL)

11.3 Setting Up SQLite
SQLite is lightweight and built-in.
Good for small to medium apps.
No separate server needed.
import sqlite3
conn = sqlite3.connect('database.db')

11.4 Using SQLAlchemy ORM
ORM maps Python classes to database tables.
Makes database access easier and safer.
Integrates well with Flask.
from flask_sqlalchemy import SQLAlchemy
db = SQLAlchemy(app)

class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.String(50))

11.5 Creating and Migrating Database
Use Flask-Migrate for schema migrations.
Helps evolve database without data loss.
Integrates with Alembic tool.
flask db init
flask db migrate
flask db upgrade

11.6 CRUD Operations
Create, Read, Update, Delete data in DB.
Use SQLAlchemy methods for these.
Commit changes to save.
user = User(name='Alice')
db.session.add(user)
db.session.commit()

11.7 Querying the Database
Retrieve records with filter(), all(), first().
Use order_by(), limit() for sorting and pagination.
Queries return model instances.
users = User.query.filter_by(name='Alice').all()

11.8 Handling Relationships
Define one-to-many, many-to-many relations.
Use db.relationship and ForeignKey.
Simplifies complex data models.
class Post(db.Model):
    user_id = db.Column(db.Integer, db.ForeignKey('user.id'))
    user = db.relationship('User', backref='posts')

11.9 Database Transactions and Rollbacks
Group operations to ensure atomicity.
Rollback changes on errors.
Use try-except with session.
try:
    db.session.add(new_user)
    db.session.commit()
except:
    db.session.rollback()

11.10 Summary of Database Integration
Databases store and manage app data.
SQLAlchemy simplifies database operations.
Migrations keep schema in sync with models.

12.1 What are Forms?
Forms collect user input via HTML.
They send data to the server.
Used for login, registration, feedback.
<form method="POST"></form>

12.2 Using Flask-WTF
Flask-WTF integrates WTForms.
Provides form validation and CSRF protection.
Simplifies form creation.
from flask_wtf import FlaskForm
from wtforms import StringField, SubmitField

12.3 Creating a Form Class
Define fields and validators.
Example fields: StringField, PasswordField.
Attach validators like DataRequired.
class LoginForm(FlaskForm):
    username = StringField('Username', validators=[DataRequired()])
    submit = SubmitField('Login')

12.4 Rendering Forms in Templates
Use Jinja2 to render form fields.
Include csrf_token for security.
Customize form layout.
<form method="POST">
  {{ form.csrf_token }}
  {{ form.username.label }} {{ form.username() }}
  {{ form.submit() }}
</form>

12.5 Handling Form Submission
Check form.validate_on_submit().
Process valid data.
Return errors otherwise.
form = LoginForm()
if form.validate_on_submit():
    username = form.username.data

12.6 Custom Validators
Define your own validation functions.
Raise ValidationError on failure.
Use decorator @validates or inline.
def validate_username(form, field):
    if ' ' in field.data:
        raise ValidationError('No spaces allowed')

12.7 File Upload Forms
Use FileField to accept files.
Validate file types.
Save files securely.
from flask_wtf.file import FileField, FileAllowed
class UploadForm(FlaskForm):
    file = FileField('Upload', validators=[FileAllowed(['jpg', 'png'])])

12.8 Flash Messages for Feedback
Provide user feedback using flash().
Display messages in templates.
Useful for form success/errors.
from flask import flash
flash('Login successful')

12.9 Protecting Forms with CSRF
WTForms includes CSRF tokens by default.
Prevent cross-site request forgery attacks.
Ensure secret key is set.
app.secret_key = 'your_secret_key'

12.10 Summary of Forms and Validation
Forms gather and validate user input.
Flask-WTF eases creation and security.
Always validate to protect your app.

13.1 Handling File Uploads
Accept files via HTML forms.
Use request.files in Flask.
Save files to server.
file = request.files['file']
file.save('/path/to/save')

13.2 Upload Folder Setup
Configure upload directory in app config.
Keep uploads organized.
Avoid saving files in unsafe locations.
app.config['UPLOAD_FOLDER'] = 'uploads/'

13.3 Allowed File Types
Restrict uploads to certain extensions.
Check file extensions before saving.
Protect against malicious files.
ALLOWED_EXTENSIONS = {'png', 'jpg', 'jpeg', 'gif'}
def allowed_file(filename):
    return '.' in filename and filename.rsplit('.',1)[1].lower() in ALLOWED_EXTENSIONS

13.4 Saving Uploaded Files
Use secure_filename to avoid unsafe names.
Save files under upload folder.
Handle name collisions.
from werkzeug.utils import secure_filename
filename = secure_filename(file.filename)
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))

13.5 File Upload Form
HTML form with enctype multipart/form-data.
File input for users to select files.
Submit button to upload.
<form method="POST" enctype="multipart/form-data">
  <input type="file" name="file">
  <input type="submit" value="Upload">
</form>

13.6 Handling File Downloads
Send files to users via send_from_directory.
Use correct MIME types.
Provide download links.
from flask import send_from_directory

@app.route('/download/<filename>')
def download(filename):
    return send_from_directory(app.config['UPLOAD_FOLDER'], filename)

13.7 File Size Limits
Limit max upload size in app config.
Protect server from large files.
Handle errors gracefully.
app.config['MAX_CONTENT_LENGTH'] = 16 * 1024 * 1024  # 16MB

13.8 File Upload Security Tips
Always validate file types.
Use secure filenames.
Scan uploaded files if possible.
# Validate and sanitize uploads

13.9 Multiple File Uploads
Accept multiple files using input multiple.
Iterate over request.files.
Save each file.
files = request.files.getlist('files')
for f in files:
    f.save(os.path.join(app.config['UPLOAD_FOLDER'], f.filename))

13.10 Summary of File Uploads and Downloads
Handling uploads adds functionality.
Secure and validate files.
Provide downloads safely to users.

14.1 What are Blueprints?
Blueprints organize Flask apps into components.
Helps split large apps into modules.
Makes app more maintainable.
# Modular app components

14.2 Creating a Blueprint
Define a blueprint with a name and import name.
Register routes inside blueprint.
from flask import Blueprint
bp = Blueprint('bp', __name__)

@bp.route('/')
def index():
    return "Hello from blueprint"

14.3 Registering Blueprint with App
Register blueprint in main app.
Prefix URLs optionally.
app.register_blueprint(bp, url_prefix='/bp')

14.4 Using Multiple Blueprints
Split features into separate blueprints.
Each blueprint handles related routes.
Compose app from modules.
# bp_auth.py, bp_blog.py, etc.

14.5 Static and Template Folders in Blueprints
Blueprints can have their own static/templates.
Flask merges all folders at runtime.
Enables isolated components.
bp = Blueprint('bp', __name__, template_folder='templates', static_folder='static')

14.6 Blueprint URL Naming
Use url_for with blueprint names.
Avoid conflicts between route names.
Improves URL organization.
url_for('bp.index')

14.7 Blueprint Error Handlers
Define error handlers specific to blueprints.
Localize error handling logic.
@bp.errorhandler(404)
def not_found(e):
    return "Not Found", 404

14.8 Blueprint Before/After Request Hooks
Run functions before or after requests.
Useful for setup or cleanup.
@bp.before_request
def before():
    pass

14.9 Blueprint Templates and Context Processors
Blueprints can add context processors.
Pass data to all blueprint templates.
@bp.context_processor
def inject_data():
    return dict(bp_name='My Blueprint')

14.10 Summary of Blueprints
Blueprints modularize your Flask app.
Facilitate teamwork and organization.
Essential for large applications.

15.1 Why Deploy Flask Apps?
Deployment makes your app accessible online.
Moves app from development to production.
Users can access via URLs.
# Host app on web servers

15.2 Preparing App for Deployment
Disable debug mode.
Use production-ready servers.
Set environment variables securely.
app.run(debug=False)

15.3 Using Gunicorn
Gunicorn is a production WSGI server.
Runs Flask apps efficiently.
Use with Unix-based systems.
gunicorn app:app

15.4 Deploying on Heroku
Heroku offers free cloud hosting.
Use Procfile and requirements.txt.
Push code via Git.
web: gunicorn app:app

15.5 Deploying on AWS Elastic Beanstalk
AWS offers scalable app hosting.
Use EB CLI to deploy.
Automates server setup.
eb init
eb create

15.6 Configuring Environment Variables
Store secrets outside code.
Use os.environ to access.
Keep keys safe.
import os
SECRET_KEY = os.environ.get('SECRET_KEY')

15.7 Using Reverse Proxies
Use Nginx or Apache as proxy.
Handle HTTPS and load balancing.
Protect backend Flask app.
# Nginx proxy configuration example

15.8 Logging and Monitoring
Track app errors and access.
Use Flask logging or external services.
Helps maintain uptime.
import logging
logging.basicConfig(level=logging.INFO)

15.9 Scaling Flask Applications
Use multiple worker processes.
Load balancing across servers.
Optimize database and caching.
gunicorn -w 4 app:app

15.10 Summary of Deployment
Deployment brings your app live.
Use production-ready servers and config.
Monitor and scale for performance.

16.1 What is User Authentication?
Authentication verifies user identity.
It allows secure access control.
Essential for user accounts.
# Verify who the user is before granting access

16.2 Using Flask-Login
Flask-Login manages user sessions.
Simplifies login/logout and user tracking.
Integrates easily with Flask apps.
from flask_login import LoginManager
login_manager = LoginManager()
login_manager.init_app(app)

16.3 User Model Requirements
User model needs id, is_authenticated, etc.
Implement these properties for Flask-Login.
They help track logged-in status.
class User(UserMixin, db.Model):
    id = db.Column(db.Integer, primary_key=True)
    # Flask-Login needs is_authenticated, etc. from UserMixin

16.4 Login View and Form
Create login form using Flask-WTF.
Validate user credentials.
Log user in with login_user().
from flask_login import login_user

@app.route('/login', methods=['GET', 'POST'])
def login():
    form = LoginForm()
    if form.validate_on_submit():
        user = User.query.filter_by(username=form.username.data).first()
        if user and user.check_password(form.password.data):
            login_user(user)
            return redirect(url_for('dashboard'))
    return render_template('login.html', form=form)

16.5 Protecting Routes with Login Required
Use @login_required to restrict access.
Redirects unauthorized users to login.
Keeps private pages secure.
from flask_login import login_required

@app.route('/dashboard')
@login_required
def dashboard():
    return "Welcome to your dashboard"

16.6 User Logout
Use logout_user() to end sessions.
Redirect users after logout.
Clear session data.
from flask_login import logout_user

@app.route('/logout')
@login_required
def logout():
    logout_user()
    return redirect(url_for('home'))

16.7 Password Hashing
Store hashed passwords for security.
Use libraries like Werkzeug’s generate_password_hash.
Never save plain text passwords.
from werkzeug.security import generate_password_hash, check_password_hash

hashed = generate_password_hash('mypassword')
check_password_hash(hashed, 'mypassword')  # returns True

16.8 Remember Me Functionality
Keep users logged in across sessions.
Use remember=True in login_user().
Adds convenience for users.
login_user(user, remember=True)

16.9 Handling Unauthorized Access
Customize unauthorized handler.
Show messages or redirect users.
Improve UX when login is needed.
@login_manager.unauthorized_handler
def unauthorized():
    return redirect(url_for('login'))

16.10 Summary of User Authentication
Authentication protects resources.
Flask-Login simplifies session management.
Always hash passwords and secure routes.

17.1 What is a RESTful API?
RESTful APIs provide structured web services.
Use HTTP methods for actions.
Enables communication between clients and servers.
# REST stands for Representational State Transfer

17.2 Flask-RESTful Extension
Simplifies building REST APIs.
Provides Resource classes and request parsing.
Works well with Flask apps.
from flask_restful import Api, Resource

api = Api(app)

17.3 Creating API Resources
Define Resource classes with methods.
Map HTTP methods to class functions.
Keep code organized.
class HelloResource(Resource):
    def get(self):
        return {'message': 'Hello, World!'}

api.add_resource(HelloResource, '/hello')

17.4 Handling JSON Requests and Responses
Use request.get_json() to parse input.
Return dictionaries for JSON output.
Flask-RESTful auto-converts to JSON.
from flask import request

class EchoResource(Resource):
    def post(self):
        data = request.get_json()
        return {'you_sent': data}

17.5 Query Parameters
Access query strings via request.args.
Use to filter or modify responses.
Easy to parse in Flask.
@app.route('/search')
def search():
    term = request.args.get('term')
    return {'result': f'Searching for {term}'}

17.6 Status Codes and Error Handling
Return HTTP status codes with responses.
Use abort() to trigger errors.
Helps clients understand response status.
from flask_restful import abort

def get_item(item_id):
    if not item_exists(item_id):
        abort(404, message="Item not found")

17.7 Authentication with APIs
Protect endpoints with tokens or keys.
Use Flask-JWT or Flask-HTTPAuth.
Keeps API secure.
from flask_httpauth import HTTPBasicAuth
auth = HTTPBasicAuth()

@auth.verify_password
def verify(username, password):
    # Verify credentials here
    return True

17.8 Pagination and Filtering
Break large data into pages.
Use query params for filters.
Improves performance.
page = int(request.args.get('page', 1))
per_page = int(request.args.get('per_page', 10))
items = Item.query.paginate(page, per_page, False)

17.9 API Versioning
Manage breaking changes via versions.
Use URL prefixes or headers.
Keeps older clients working.
api.add_resource(HelloResource, '/v1/hello')

17.10 Summary of RESTful APIs
REST APIs enable client-server communication.
Flask-RESTful makes API creation easy.
Secure and document your APIs well.

18.1 Why Test Flask Apps?
Testing ensures code works as expected.
Helps catch bugs early.
Increases reliability.
# Automated tests save time and errors

18.2 Using unittest Module
Python’s built-in testing framework.
Write test cases as classes.
Run tests from command line.
import unittest

class MyTest(unittest.TestCase):
    def test_example(self):
        self.assertEqual(2 + 2, 4)

18.3 Flask Test Client
Simulates requests to your app.
Allows testing routes without running server.
Access response data easily.
with app.test_client() as client:
    response = client.get('/')
    assert response.status_code == 200

18.4 Writing Unit Tests for Views
Test expected output and status.
Check redirects and errors.
Keep tests independent.
def test_home():
    with app.test_client() as client:
        response = client.get('/')
        assert b"Welcome" in response.data

18.5 Setup and Teardown
Prepare test environment before tests.
Clean up after tests.
Use setUp and tearDown methods.
class MyTest(unittest.TestCase):
    def setUp(self):
        self.client = app.test_client()
    def tearDown(self):
        pass

18.6 Testing Forms and Validation
Submit POST requests with form data.
Check validation errors.
Ensure correct handling.
response = client.post('/login', data={'username': 'test', 'password': '1234'})
assert response.status_code == 200

18.7 Mocking in Tests
Replace parts with mocks to isolate tests.
Control behavior and side effects.
Use unittest.mock.
from unittest.mock import patch

@patch('app.send_email')
def test_email(mock_send):
    mock_send.return_value = True

18.8 Continuous Integration (CI)
Automatically run tests on code changes.
Use GitHub Actions, Travis CI, etc.
Ensures consistent code quality.
# Example GitHub Actions workflow file

18.9 Code Coverage
Measure how much code tests cover.
Identify untested areas.
Use coverage.py tool.
coverage run -m unittest discover
coverage report

18.10 Summary of Testing Flask Apps
Tests improve app quality and stability.
Use Flask test client and unittest.
Automate tests with CI tools.

19.1 What are Flask Extensions?
Extensions add features to Flask easily.
They integrate third-party libraries.
Simplify common tasks.
# Examples: Flask-Login, Flask-Migrate, Flask-Mail

19.2 Installing Extensions
Use pip to install extensions.
Verify compatibility with Flask version.
Check extension docs.
pip install flask-login flask-migrate flask-mail

19.3 Flask-Mail
Send emails from Flask apps.
Configure SMTP server settings.
Use for notifications and confirmations.
from flask_mail import Mail, Message
mail = Mail(app)

19.4 Flask-Migrate
Manage database migrations.
Built on Alembic.
Keeps schema in sync with models.
flask db migrate
flask db upgrade

19.5 Flask-Caching
Cache expensive computations.
Improves performance.
Supports multiple backends.
from flask_caching import Cache
cache = Cache(app)

19.6 Flask-Admin
Create admin interfaces quickly.
Provides CRUD UI for models.
Highly customizable.
from flask_admin import Admin
admin = Admin(app)

19.7 Flask-WTF
Simplifies web forms.
Supports CSRF protection.
Integrates WTForms.
from flask_wtf import FlaskForm

19.8 Flask-RESTful
Build REST APIs easily.
Provides Resource classes.
Handles request parsing.
from flask_restful import Api
api = Api(app)

19.9 Flask-Security
Add authentication and authorization.
Supports roles and permissions.
Builds on Flask-Login.
from flask_security import Security

19.10 Summary of Flask Extensions
Extensions expand Flask capabilities.
Pick extensions to speed up development.
Always check docs and community support.

20.1 Flask Signals
Signals notify parts of app on events.
Useful for decoupled event handling.
Flask supports blinker signals.
from flask import signals

def handler(sender):
    print("Signal received")

signals.request_started.connect(handler)

20.2 Custom CLI Commands
Add custom commands to flask CLI.
Automate tasks and maintenance.
Use @app.cli.command decorator.
@app.cli.command()
def hello():
    print("Hello from custom CLI")

20.3 WebSockets with Flask-SocketIO
Real-time bi-directional communication.
Great for chats, notifications.
Uses socket.io protocol.
from flask_socketio import SocketIO
socketio = SocketIO(app)

20.4 Asynchronous Tasks
Run long tasks outside requests.
Use Celery or RQ with Flask.
Keeps app responsive.
from celery import Celery
celery = Celery(app.name)

20.5 Using Contexts in Flask
Flask uses app and request contexts.
Manage data specific to a request.
Avoid global variables.
with app.app_context():
    # do something

20.6 Flask Signals Example
Connect signal handlers.
React to request start/end.
Useful for logging.
from flask import request_started

def log_request(sender, **extra):
    print('Request started')

request_started.connect(log_request, app)

20.7 Integrating Flask with Frontend Frameworks
Serve REST API backend to React/Vue.
Use CORS headers.
Keep frontend and backend decoupled.
from flask_cors import CORS
CORS(app)

20.8 Deploying with Docker
Containerize Flask apps.
Ensure environment consistency.
Simplify deployment.
# Dockerfile example
FROM python:3.9
WORKDIR /app
COPY requirements.txt .
RUN pip install -r requirements.txt
COPY . .
CMD ["gunicorn", "app:app"]

20.9 Profiling Flask Apps
Measure performance bottlenecks.
Use Flask-Profiler or cProfile.
Optimize slow endpoints.
import cProfile
profiler = cProfile.Profile()
profiler.enable()
# your code
profiler.disable()
profiler.print_stats()

20.10 Summary of Advanced Topics
Flask supports advanced features for scalability.
Use signals, async tasks, and integrations.
Master these to build professional apps.

21.1 Introduction to Databases
Databases store persistent app data.
Relational databases use tables.
SQL is used to query them.
# Examples: SQLite, PostgreSQL, MySQL

21.2 Using SQLAlchemy
SQLAlchemy is an ORM for Python.
It maps Python classes to database tables.
Simplifies database operations.
from flask_sqlalchemy import SQLAlchemy
db = SQLAlchemy(app)

21.3 Defining Models
Models represent database tables.
Define fields as class attributes.
Use types like Integer, String.
class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True)

21.4 CRUD Operations
Create, Read, Update, Delete data.
Use session to commit changes.
Query with filters and conditions.
user = User(username='alice')
db.session.add(user)
db.session.commit()

21.5 Database Migrations
Track database schema changes.
Use Flask-Migrate for migrations.
Keeps DB schema in sync with models.
flask db init
flask db migrate -m "Initial migration"
flask db upgrade

21.6 Querying Data
Use query methods to fetch data.
Filter, order, and paginate results.
Results are Python objects.
users = User.query.filter_by(username='alice').all()

21.7 Relationships Between Models
Define one-to-many, many-to-many relations.
Use db.relationship and foreign keys.
Enables complex data models.
class Post(db.Model):
    user_id = db.Column(db.Integer, db.ForeignKey('user.id'))
    user = db.relationship('User', backref='posts')

21.8 Database Sessions and Transactions
Use sessions to manage transactions.
Commit changes or rollback on errors.
Ensures data integrity.
try:
    db.session.commit()
except:
    db.session.rollback()

21.9 Optimizing Database Access
Use indexing and query optimization.
Avoid N+1 query problems.
Profile queries for performance.
# Use eager loading to reduce queries
posts = Post.query.options(db.joinedload('user')).all()

21.10 Summary of Database Integration
Integrate databases using SQLAlchemy.
Define models and manage migrations.
Optimize queries for app performance.

22.1 What are Blueprints?
Blueprints organize Flask apps into components.
Help structure large applications.
Separate routes and logic modularly.
# Allows splitting app into reusable parts

22.2 Creating a Blueprint
Import Blueprint from flask.
Define routes inside blueprint.
Register blueprint with app.
from flask import Blueprint
bp = Blueprint('bp', __name__)

@bp.route('/hello')
def hello():
    return "Hello from Blueprint"

22.3 Registering Blueprints
Register blueprints in main app.
Use url_prefix to namespace routes.
Enables modular route design.
app.register_blueprint(bp, url_prefix='/bp')

22.4 Blueprint Templates and Static Files
Each blueprint can have its own templates folder.
Serve static files per blueprint.
Keeps assets organized.
bp = Blueprint('bp', __name__, template_folder='templates', static_folder='static')

22.5 Blueprint URL Routing
Define routes relative to blueprint.
Compose URL prefixes with app prefix.
Organize routes clearly.
@bp.route('/dashboard')
def dashboard():
    return "Blueprint dashboard"

22.6 Using Blueprints for APIs
Separate API logic from main app.
Easier to maintain large APIs.
Group related endpoints.
api_bp = Blueprint('api', __name__, url_prefix='/api')

22.7 Blueprint Error Handlers
Define error pages specific to blueprint.
Handle exceptions modularly.
Improves user experience.
@bp.errorhandler(404)
def not_found(e):
    return "Blueprint 404 Error", 404

22.8 Blueprint Before/After Request
Run code before or after requests.
Initialize resources or cleanup.
Scoped to blueprint.
@bp.before_request
def before():
    print("Before blueprint request")

22.9 Testing Blueprints
Use test client with blueprint routes.
Ensure blueprint isolation.
Test modular features.
with app.test_client() as client:
    response = client.get('/bp/hello')
    assert response.status_code == 200

22.10 Summary of Blueprints
Blueprints help organize large apps.
Modularize routes, templates, and static.
Use for better maintainability.

23.1 Introduction to Flask-WTF
Flask-WTF integrates WTForms.
Simplifies form creation and validation.
Provides CSRF protection.
from flask_wtf import FlaskForm
from wtforms import StringField, PasswordField

23.2 Creating Forms
Define form classes with fields.
Use validators for data integrity.
Connect forms to templates.
class LoginForm(FlaskForm):
    username = StringField('Username')
    password = PasswordField('Password')

23.3 Rendering Forms in Templates
Use Jinja2 to render forms.
Include CSRF tokens.
Generate input fields easily.
{{ form.csrf_token }}
{{ form.username.label }} {{ form.username() }}

23.4 Validating Form Data
Check if form.validate_on_submit() is True.
Validate required fields and formats.
Display errors to users.
if form.validate_on_submit():
    # process data

23.5 Handling Form Submissions
Process POST requests.
Store or update data.
Redirect after success.
@app.route('/login', methods=['GET', 'POST'])
def login():
    form = LoginForm()
    if form.validate_on_submit():
        # login logic
        return redirect('/')
    return render_template('login.html', form=form)

23.6 Custom Validators
Create functions to enforce rules.
Add to field validators list.
Raise ValidationError if invalid.
from wtforms.validators import ValidationError

def validate_username(form, field):
    if ' ' in field.data:
        raise ValidationError('No spaces allowed')

23.7 Flashing Messages
Show feedback messages to users.
Use flash() and get_flashed_messages().
Display in templates.
from flask import flash

flash('Login successful')

23.8 Handling File Uploads
Use FileField in forms.
Save uploaded files securely.
Validate file types.
from flask_wtf.file import FileField, FileAllowed

class UploadForm(FlaskForm):
    photo = FileField('Photo', validators=[FileAllowed(['jpg', 'png'])])

23.9 CSRF Protection
Prevent cross-site request forgery attacks.
Flask-WTF adds hidden CSRF tokens.
Validated automatically.
{{ form.csrf_token }}

23.10 Summary of Forms and Validation
Flask-WTF makes form handling safe.
Validate user input effectively.
Protect forms from attacks.

24.1 Deployment Options
Deploy on cloud platforms or VPS.
Options include Heroku, AWS, DigitalOcean.
Choose based on app needs.
# Examples: Heroku git push, AWS Elastic Beanstalk

24.2 Using Gunicorn
Production-grade WSGI server.
Handles multiple requests efficiently.
Replace Flask’s built-in server.
gunicorn app:app

24.3 Configuring Environment Variables
Store secrets outside code.
Use dotenv or platform configs.
Keeps credentials secure.
export SECRET_KEY='mysecretkey'

24.4 Setting Up Reverse Proxy
Use Nginx or Apache to forward requests.
Improves security and load balancing.
Supports HTTPS.
# Example Nginx config snippet
proxy_pass http://127.0.0.1:8000;

24.5 HTTPS with SSL Certificates
Secure your site with SSL/TLS.
Use Let’s Encrypt for free certs.
Encrypts traffic.
# Certbot command example
certbot --nginx -d example.com

24.6 Managing Logs
Collect server and app logs.
Use logging module.
Helps diagnose issues.
import logging
logging.basicConfig(filename='app.log', level=logging.INFO)

24.7 Scaling Flask Apps
Use multiple workers/processes.
Load balance across instances.
Use caching and CDNs.
gunicorn -w 4 app:app

24.8 Database in Production
Use production-ready DB engines.
Configure backups and monitoring.
Optimize for scale.
# Use PostgreSQL or managed DB services

24.9 Handling Static Files
Serve static files efficiently.
Use CDN or web server.
Avoid serving static via Flask.
# Configure Nginx to serve /static path

24.10 Summary of Deployment
Deploy Flask apps with best practices.
Use proper servers and security.
Monitor and scale as needed.

25.1 Understanding Flask Security
Security is critical for web apps.
Protect user data and sessions.
Prevent common vulnerabilities.
# Follow best practices to avoid attacks

25.2 Cross-Site Scripting (XSS)
Injected scripts harm users.
Use Jinja2 auto-escaping.
Sanitize user input.
{{ user_input | e }}

25.3 Cross-Site Request Forgery (CSRF)
Prevent unauthorized actions.
Use Flask-WTF CSRF protection.
Tokens validate forms.
{{ form.csrf_token }}

25.4 SQL Injection
Don’t trust raw user input.
Use parameterized queries.
ORMs protect against injections.
# SQLAlchemy safely escapes queries
User.query.filter_by(username=input_username).first()

25.5 Secure Session Management
Use secure cookies.
Set HTTPOnly and Secure flags.
Rotate session IDs.
app.config['SESSION_COOKIE_HTTPONLY'] = True
app.config['SESSION_COOKIE_SECURE'] = True

25.6 Password Storage
Always hash passwords.
Use strong algorithms like bcrypt.
Never store plaintext.
from werkzeug.security import generate_password_hash
hashed = generate_password_hash('mypassword')

25.7 Rate Limiting
Prevent brute force attacks.
Use Flask-Limiter extension.
Limits number of requests.
from flask_limiter import Limiter
limiter = Limiter(app)

25.8 HTTPS Everywhere
Use HTTPS for all traffic.
Prevents data interception.
Use SSL certificates.
# Redirect HTTP to HTTPS

25.9 Security Headers
Set headers like Content-Security-Policy.
Protect against various attacks.
Use Flask-Talisman.
from flask_talisman import Talisman
Talisman(app)

25.10 Summary of Security Best Practices
Follow security principles strictly.
Use tools and extensions.
Regularly update dependencies.

26.1 Reading a File
Read text files to display or process data.
Use Python’s open() function.
Remember to close the file.
with open('sample.txt', 'r') as file:
    content = file.read()
print(content)

26.2 Writing to a File
Write or update file content.
Use mode 'w' to overwrite or 'a' to append.
Always close after writing.
with open('output.txt', 'w') as file:
    file.write("Hello, Flask!")

26.3 Uploading Files in Flask
Users can upload files through forms.
Access files from request.files.
Save files securely on server.
from flask import request

@app.route('/upload', methods=['POST'])
def upload():
    f = request.files['file']
    f.save('uploads/' + f.filename)
    return "File saved!"

26.4 Serving Uploaded Files
Serve user files from a static or uploads folder.
Use send_from_directory to send files.
Keep security in mind.
from flask import send_from_directory

@app.route('/uploads/<filename>')
def uploaded_file(filename):
    return send_from_directory('uploads', filename)

26.5 Handling File Paths
Use os.path for platform-independent paths.
Prevent path traversal attacks.
Sanitize user inputs.
import os

safe_path = os.path.join('uploads', filename)

26.6 Limiting File Upload Size
Prevent large file uploads to protect server.
Use Flask config MAX_CONTENT_LENGTH.
Return error on oversize files.
app.config['MAX_CONTENT_LENGTH'] = 16 * 1024 * 1024  # 16MB

26.7 File Type Validation
Check extensions to allow safe file types.
Reject unsupported file types.
Avoid security risks.
ALLOWED_EXTENSIONS = {'png', 'jpg', 'txt'}

def allowed_file(filename):
    return '.' in filename and filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS

26.8 Deleting Files
Remove unwanted or outdated files.
Use os.remove() safely.
Ensure files exist before deleting.
import os

if os.path.exists('uploads/old_file.txt'):
    os.remove('uploads/old_file.txt')

26.9 File Streaming
Stream large files without loading fully in memory.
Use generators and Response.
Useful for big downloads.
from flask import Response

def generate():
    with open('largefile.txt') as f:
        for line in f:
            yield line

@app.route('/stream')
def stream():
    return Response(generate())

26.10 Summary of File Handling
File handling lets you manage user and app data.
Always validate and secure file operations.
Flask makes uploads and downloads easy.

27.1 What are Sessions?
Sessions store user data between requests.
They are server-side but use cookies.
Help track logged-in users.
from flask import session
session['username'] = 'Alice'

27.2 Setting and Getting Session Data
Store data using keys.
Retrieve with session.get().
Data persists until cleared or expired.
session['email'] = 'alice@example.com'
email = session.get('email')

27.3 Clearing Sessions
Remove session data on logout.
Use session.clear() or pop specific keys.
Helps secure user info.
session.pop('username', None)
session.clear()

27.4 Using Cookies in Flask
Cookies store small data on the client.
Set cookies in response headers.
Use request.cookies to read.
from flask import make_response

resp = make_response("Cookie set")
resp.set_cookie('theme', 'dark')
return resp

27.5 Reading Cookies
Access cookie values via request.cookies.
Check if cookie exists.
Use in user preferences.
theme = request.cookies.get('theme')

27.6 Secure Sessions with Secret Key
Flask signs session data to prevent tampering.
Set a strong SECRET_KEY.
Never share secret key publicly.
app.config['SECRET_KEY'] = 'your-secret-key'

27.7 Session Lifetime
Configure how long sessions last.
Use PERMANENT_SESSION_LIFETIME.
Auto expire old sessions.
from datetime import timedelta
app.permanent_session_lifetime = timedelta(days=7)

27.8 Using Flask-Login for Sessions
Flask-Login manages user sessions.
Handles login/logout automatically.
Simplifies session management.
from flask_login import LoginManager
login_manager = LoginManager(app)

27.9 Session Security Tips
Use HTTPS to protect cookies.
Set Secure and HttpOnly flags.
Rotate session IDs on login.
app.config['SESSION_COOKIE_SECURE'] = True

27.10 Summary of Sessions and Cookies
Sessions keep user data across requests.
Cookies store small data on clients.
Secure sessions protect user privacy.

28.1 What is a REST API?
REST APIs allow communication between clients and servers.
Use HTTP methods like GET, POST, PUT, DELETE.
They transfer data as JSON.
# REST APIs are stateless and use JSON

28.2 Creating a Simple API Endpoint
Use @app.route with methods.
Return JSON responses.
Set content type application/json.
from flask import jsonify

@app.route('/api/data', methods=['GET'])
def get_data():
    return jsonify({'message': 'Hello API'})

28.3 Handling POST Requests
Accept JSON data from clients.
Access via request.get_json().
Validate and process data.
@app.route('/api/data', methods=['POST'])
def post_data():
    data = request.get_json()
    return jsonify(data), 201

28.4 Using Flask-RESTful
Flask-RESTful simplifies API creation.
Define resources as classes.
Handle HTTP methods easily.
from flask_restful import Resource, Api
api = Api(app)

class Hello(Resource):
    def get(self):
        return {'hello': 'world'}

api.add_resource(Hello, '/hello')

28.5 API Error Handling
Return proper HTTP status codes.
Send error messages in JSON.
Use abort() to raise errors.
from flask import abort

if not valid:
    abort(400, 'Invalid request')

28.6 Authentication in APIs
Protect APIs with tokens or OAuth.
Use Flask-JWT or Flask-HTTPAuth.
Secure API access.
from flask_httpauth import HTTPTokenAuth
auth = HTTPTokenAuth('Bearer')

28.7 Pagination and Filtering
Return results in pages.
Filter data using query parameters.
Improve API performance.
page = request.args.get('page', 1, type=int)

28.8 API Versioning
Support multiple API versions.
Use URL prefixes or headers.
Maintain backward compatibility.
/api/v1/resource
/api/v2/resource

28.9 Testing APIs
Use Flask test client.
Automate API tests.
Verify responses and status codes.
with app.test_client() as client:
    response = client.get('/api/data')
    assert response.status_code == 200

28.10 Summary of Flask REST APIs
Build APIs to exchange JSON data.
Use Flask or extensions.
Secure and test your endpoints.

29.1 Using Flask Debugger
Debug mode shows errors in browser.
Auto reloads code on changes.
Set debug=True when running.
app.run(debug=True)

29.2 Logging Errors
Use Python logging module.
Save logs to files.
Review logs for troubleshooting.
import logging
logging.basicConfig(filename='app.log', level=logging.ERROR)

29.3 Using breakpoints
Insert breakpoints in code.
Pause execution to inspect.
Use pdb module.
import pdb; pdb.set_trace()

29.4 Handling Exceptions
Use try-except blocks.
Catch and log errors.
Provide user-friendly messages.
try:
    risky_code()
except Exception as e:
    app.logger.error(e)

29.5 Testing with Flask CLI
Use `flask shell` for interactive testing.
Run test commands quickly.
Inspect app context.
flask shell

29.6 Debug Toolbar
Flask-DebugToolbar gives detailed info.
Shows request, SQL queries, etc.
Install and enable easily.
from flask_debugtoolbar import DebugToolbarExtension
toolbar = DebugToolbarExtension(app)

29.7 Profiling Performance
Find slow code paths.
Use cProfile or Flask extensions.
Optimize bottlenecks.
import cProfile
cProfile.run('app.run()')

29.8 Unit Testing Flask Apps
Write tests with unittest or pytest.
Test routes, functions, DB.
Ensure code reliability.
import unittest

class MyTest(unittest.TestCase):
    def test_home(self):
        tester = app.test_client()
        response = tester.get('/')
        self.assertEqual(response.status_code, 200)

29.9 Debugging Deployment Issues
Check server logs.
Test environment variables.
Validate configs.
# Check logs in /var/log or cloud platform

29.10 Summary of Debugging
Use debugger and logging effectively.
Test and profile your app.
Handle exceptions gracefully.

30.1 Using Context Processors
Inject variables into all templates.
Avoid passing repeatedly.
Use @app.context_processor decorator.
@app.context_processor
def inject_user():
    return dict(user='Alice')

30.2 Custom Jinja Filters
Create filters to modify output.
Register with app.jinja_env.filters.
Use in templates easily.
def reverse_string(s):
    return s[::-1]
app.jinja_env.filters['reverse'] = reverse_string

30.3 Using Flask Signals
Signals notify on app events.
Useful for decoupled logic.
Listen and respond asynchronously.
from flask.signals import request_started

def log_request(sender, **extra):
    print("Request started")

request_started.connect(log_request)

30.4 Caching with Flask-Caching
Cache expensive computations.
Improve performance.
Supports multiple backends.
from flask_caching import Cache
cache = Cache(app)

@cache.cached(timeout=60)
def get_data():
    # expensive call
    pass

30.5 Using Flask Shell Context
Preload objects in flask shell.
Saves typing imports.
Use shell_context_processor.
@app.shell_context_processor
def make_shell_context():
    return dict(app=app, db=db, User=User)

30.6 Managing Configurations
Use config files or env vars.
Separate dev and prod configs.
Use app.config.from_object().
app.config.from_object('config.DevelopmentConfig')

30.7 Using Middleware
Middleware intercepts requests.
Modify requests or responses.
Wrap Flask WSGI app.
class Middleware:
    def __init__(self, app):
        self.app = app
    def __call__(self, environ, start_response):
        # modify environ or headers
        return self.app(environ, start_response)
app.wsgi_app = Middleware(app.wsgi_app)

30.8 Using Signals for Logging
Log requests and responses.
Use Flask signals.
Centralize logging logic.
from flask.signals import request_finished

def log_response(sender, response, **extra):
    print("Response sent")

request_finished.connect(log_response)

30.9 Efficient Template Inheritance
Use base templates.
Avoid repeating layout code.
Use Jinja’s extends and blocks.
{% raw %}
{% extends "base.html" %}
{% block content %}
  
Hello

{% endblock %}
{% endraw %}

30.10 Summary of Advanced Tips
Use Flask’s advanced features.
Improve maintainability and speed.
Write cleaner and modular code.

31.1 What are Blueprints?
Blueprints help organize Flask apps into reusable components.
They allow modular route grouping.
Useful for large applications.
from flask import Blueprint

bp = Blueprint('bp', __name__)

@bp.route('/hello')
def hello():
    return "Hello from Blueprint"

31.2 Registering Blueprints
Attach blueprints to main app.
Register them in app factory or main file.
Enables modular app building.
app.register_blueprint(bp, url_prefix='/bp')

31.3 Blueprint Templates and Static Files
Blueprints can have own templates/static folders.
Keeps files organized per module.
Use blueprint name in template paths.
bp = Blueprint('bp', __name__, template_folder='templates')

31.4 Blueprint URL Prefixes
URL prefixes group routes under a common path.
Helps avoid route conflicts.
Easily change base path for routes.
app.register_blueprint(bp, url_prefix='/admin')

31.5 Passing Static Folder to Blueprint
Blueprint can serve its own static files.
Use static_folder parameter.
Keeps static files modular.
bp = Blueprint('bp', __name__, static_folder='static')

31.6 Using Blueprint in App Factory
Register blueprints inside create_app function.
Keeps app modular and testable.
Recommended for large apps.
def create_app():
    app = Flask(__name__)
    app.register_blueprint(bp)
    return app

31.7 Blueprint Error Handlers
Define custom error handlers per blueprint.
Allows modular error management.
Use errorhandler decorator.
@bp.errorhandler(404)
def not_found(e):
    return "Not found in blueprint", 404

31.8 Blueprint Before Request
Run code before each blueprint request.
Useful for authentication or setup.
Use before_request decorator.
@bp.before_request
def before():
    print("Before blueprint request")

31.9 Blueprint Templates Inheritance
Blueprints templates can extend base templates.
Supports modular UI design.
Use Jinja2’s extends normally.
{% raw %}
{% extends "base.html" %}
{% block content %}
Blueprint content here
{% endblock %}
{% endraw %}

31.10 Summary of Blueprints
Blueprints organize large Flask apps.
They modularize routes, templates, and static files.
Makes app maintainable and scalable.

32.1 Introduction to WTForms
WTForms simplifies form creation and validation.
Provides Python classes to define forms.
Integrates well with Flask via Flask-WTF.
from flask_wtf import FlaskForm
from wtforms import StringField, SubmitField
from wtforms.validators import DataRequired

32.2 Creating a Simple Form
Define form fields as class attributes.
Use validators for input checks.
Submit button triggers form.
class NameForm(FlaskForm):
    name = StringField('Name', validators=[DataRequired()])
    submit = SubmitField('Submit')

32.3 Rendering Forms in Templates
Use Jinja2 to render form fields.
Include CSRF token for security.
Use form.hidden_tag() in template.
<form method="POST">
  {{ form.hidden_tag() }}
  {{ form.name.label }} {{ form.name() }}
  {{ form.submit() }}
</form>

32.4 Handling Form Submission
Check form.validate_on_submit() in view.
Process validated data.
Redirect or render template after.
@app.route('/submit', methods=['GET', 'POST'])
def submit():
    form = NameForm()
    if form.validate_on_submit():
        name = form.name.data
        return f"Hello, {name}!"
    return render_template('form.html', form=form)

32.5 CSRF Protection
Flask-WTF adds CSRF tokens automatically.
Protects against cross-site attacks.
Requires app SECRET_KEY.
app.config['SECRET_KEY'] = 'your-secret-key'

32.6 Custom Validators
Create functions to validate complex rules.
Attach to fields.
Raise ValidationError on failure.
from wtforms.validators import ValidationError

def must_be_hello(form, field):
    if field.data != 'hello':
        raise ValidationError('Must be hello!')

32.7 File Upload Fields
Use FileField to upload files via forms.
Validate allowed extensions.
Save file after submission.
from flask_wtf.file import FileField, FileAllowed

class UploadForm(FlaskForm):
    photo = FileField('Photo', validators=[FileAllowed(['jpg', 'png'])])

32.8 Form Field Rendering Options
Customize HTML attributes in templates.
Add classes, placeholders, IDs.
Improve UI design.
{{ form.name(class="form-control", placeholder="Enter name") }}

32.9 Flash Messages with Forms
Show success or error messages.
Use Flask flash and get_flashed_messages.
Display in templates.
from flask import flash

flash('Form submitted successfully!')

32.10 Summary of Flask Forms
WTForms simplifies form handling.
Use validators and CSRF protection.
Render and process forms easily.

33.1 What is SQLAlchemy?
SQLAlchemy is a popular ORM for Python.
It helps map Python classes to database tables.
Supports multiple databases.
from flask_sqlalchemy import SQLAlchemy
db = SQLAlchemy()

33.2 Configuring the Database URI
Set database connection string in app config.
Supports SQLite, PostgreSQL, MySQL, etc.
Example shown uses SQLite.
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///site.db'

33.3 Defining Models
Create Python classes inheriting from db.Model.
Define columns as class variables.
Each class maps to a database table.
class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(20), unique=True, nullable=False)

33.4 Creating and Initializing the Database
Create tables with db.create_all().
Run once to setup.
Use shell or app context.
with app.app_context():
    db.create_all()

33.5 Adding Records
Create model instances and add to session.
Commit session to save changes.
user = User(username='Alice')
db.session.add(user)
db.session.commit()

33.6 Querying Records
Use query interface to fetch records.
Filter, order, and paginate results.
users = User.query.all()
user = User.query.filter_by(username='Alice').first()

33.7 Updating Records
Modify object properties.
Commit changes.
user.username = 'Bob'
db.session.commit()

33.8 Deleting Records
Use db.session.delete() to remove.
Commit transaction.
db.session.delete(user)
db.session.commit()

33.9 Relationships Between Models
Use db.relationship and db.ForeignKey.
Link tables like users and posts.
Enable easy data access.
class Post(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    user_id = db.Column(db.Integer, db.ForeignKey('user.id'))
    user = db.relationship('User', backref='posts')

33.10 Summary of SQLAlchemy Integration
SQLAlchemy provides powerful ORM.
Define models to interact with DB.
Simplifies database operations in Flask.

34.1 Why Use Migrations?
Migrations help manage DB schema changes.
Track changes in version control.
Apply incremental updates safely.
# Avoid manual schema changes

34.2 Installing Flask-Migrate
Add Flask-Migrate package.
Integrates Alembic with Flask.
Simplifies migrations.
pip install flask-migrate

34.3 Initializing Migrate
Create Migrate object with app and db.
Setup migration folder.
from flask_migrate import Migrate
migrate = Migrate(app, db)

34.4 Creating Migration Scripts
Use flask db commands.
Generate scripts for DB changes.
flask db init
flask db migrate -m "Initial migration"

34.5 Applying Migrations
Apply scripts to update DB schema.
Keep DB in sync with models.
flask db upgrade

34.6 Downgrading Migrations
Revert DB to previous state.
Use flask db downgrade.
Handle migration rollbacks.
flask db downgrade

34.7 Handling Model Changes
Update models, then create new migrations.
Apply changes incrementally.
Keep migrations organized.
# Modify model.py, then:
flask db migrate -m "Add new field"

34.8 Migration Scripts Structure
Scripts are Python files.
They define upgrade and downgrade functions.
Auto-generated by Alembic.
def upgrade():
    pass

def downgrade():
    pass

34.9 Best Practices for Migrations
Commit migration scripts to version control.
Test migrations in dev environments.
Keep migration messages clear.
# Use descriptive commit messages

34.10 Summary of Flask-Migrate
Flask-Migrate manages DB schema changes.
Makes evolving database easy.
Integrates Alembic seamlessly with Flask.

35.1 Preparing for Deployment
Remove debug mode.
Use production-ready server.
Ensure requirements.txt is updated.
app.run(debug=False)
pip freeze > requirements.txt

35.2 Using WSGI Servers
Use Gunicorn or uWSGI.
They serve Flask apps efficiently.
Better than Flask dev server.
gunicorn app:app

35.3 Setting Environment Variables
Use environment vars for config.
Store secrets safely.
Avoid hardcoding.
export FLASK_ENV=production
export SECRET_KEY='your-secret-key'

35.4 Deploying on Heroku
Push code to Heroku Git.
Use Procfile to define startup.
Heroku auto-detects Python apps.
web: gunicorn app:app

35.5 Using Docker for Deployment
Containerize app with Docker.
Use Dockerfile to define environment.
Portable and consistent deployments.
FROM python:3.9
COPY . /app
WORKDIR /app
RUN pip install -r requirements.txt
CMD ["gunicorn", "app:app"]

35.6 Configuring Reverse Proxy
Use Nginx or Apache in front.
Handles SSL and load balancing.
Proxies requests to WSGI server.
# Example nginx config snippet
location / {
    proxy_pass http://127.0.0.1:8000;
}

35.7 Monitoring and Logging
Track app health and errors.
Use external services or built-in logs.
Essential for production.
tail -f /var/log/myapp.log

35.8 Scaling Flask Applications
Use multiple worker processes.
Load balance traffic.
Use caching and databases wisely.
gunicorn -w 4 app:app

35.9 Security Best Practices
Use HTTPS everywhere.
Keep dependencies updated.
Sanitize user inputs.
# Use tools like Flask-Talisman for HTTPS

35.10 Summary of Deployment
Proper deployment ensures performance and security.
Use production servers and best practices.
Monitor and scale as needed.

36.1 Understanding Authentication
Authentication verifies user identity.
Users log in with credentials.
Flask-Login helps manage sessions.
from flask_login import LoginManager

login_manager = LoginManager()
login_manager.init_app(app)

36.2 Setting Up Flask-Login
Initialize Flask-Login in your app.
Define user_loader to reload user.
Secure user session management.
@login_manager.user_loader
def load_user(user_id):
    return User.query.get(int(user_id))

36.3 Creating Login and Logout Views
Create routes for login and logout.
Use login_user and logout_user functions.
Manage user session lifecycle.
from flask_login import login_user, logout_user

@app.route('/login', methods=['GET', 'POST'])
def login():
    # Authenticate and login user
    login_user(user)
    return redirect('/dashboard')

@app.route('/logout')
def logout():
    logout_user()
    return redirect('/')

36.4 Protecting Routes with Login Required
Use @login_required decorator.
Prevent unauthenticated access.
Redirect unauthorized users to login.
from flask_login import login_required

@app.route('/dashboard')
@login_required
def dashboard():
    return "Welcome to your dashboard"

36.5 User Registration and Password Hashing
Register new users securely.
Hash passwords using werkzeug.security.
Never store plaintext passwords.
from werkzeug.security import generate_password_hash, check_password_hash

hashed_password = generate_password_hash('mypassword')

36.6 Remember Me Functionality
Keep users logged in across sessions.
Use `remember=True` in login_user.
Enhances user convenience.
login_user(user, remember=True)

36.7 Role-Based Authorization
Assign roles to users (e.g., admin, user).
Restrict access based on roles.
Use custom decorators for roles.
def admin_required(f):
    @wraps(f)
    def decorated(*args, **kwargs):
        if not current_user.is_admin:
            abort(403)
        return f(*args, **kwargs)
    return decorated

36.8 OAuth Integration with Flask-Dance
Use OAuth for login via Google, Facebook, etc.
Simplifies third-party authentication.
Flask-Dance manages OAuth flows.
from flask_dance.contrib.google import make_google_blueprint

google_bp = make_google_blueprint(client_id="xxx", client_secret="yyy")
app.register_blueprint(google_bp, url_prefix="/login")

36.9 Handling User Sessions Securely
Use secure cookies.
Set session timeout.
Protect against session hijacking.
app.config['REMEMBER_COOKIE_DURATION'] = timedelta(days=7)

36.10 Summary of Flask Authentication
Authentication verifies who you are.
Use Flask-Login for sessions.
Protect routes and hash passwords securely.

37.1 What is a RESTful API?
RESTful APIs use HTTP methods for CRUD operations.
They provide structured, stateless communication.
Flask is great for building REST APIs.
GET /users  # Retrieve users
POST /users # Create user

37.2 Installing Flask-RESTful
Flask-RESTful extension simplifies API building.
Provides Resource and Api classes.
Easy routing for REST endpoints.
pip install flask-restful

37.3 Creating a Resource
Define classes for API endpoints.
Use methods for HTTP verbs.
Return JSON responses.
from flask_restful import Resource

class UserResource(Resource):
    def get(self):
        return {"users": ["Alice", "Bob"]}

37.4 Adding Resources to API
Register resources with Api instance.
Map resources to URL routes.
Enables organized endpoint management.
from flask_restful import Api

api = Api(app)
api.add_resource(UserResource, '/users')

37.5 Handling HTTP Methods
Define get(), post(), put(), delete() methods.
Process request data.
Return appropriate status codes.
def post(self):
    data = request.get_json()
    # create new user
    return {"message": "User created"}, 201

37.6 Request Parsing and Validation
Use reqparse or marshmallow.
Validate input data.
Return errors for invalid data.
from flask_restful import reqparse

parser = reqparse.RequestParser()
parser.add_argument('name', required=True)
args = parser.parse_args()

37.7 Using Flask Marshmallow for Serialization
Marshmallow helps serialize/deserialize data.
Define schemas to structure responses.
Integrate with SQLAlchemy models.
from flask_marshmallow import Marshmallow
ma = Marshmallow(app)

class UserSchema(ma.Schema):
    class Meta:
        fields = ('id', 'username')

37.8 Error Handling in APIs
Return JSON error messages.
Use abort() for HTTP errors.
Provide meaningful responses.
from flask_restful import abort

if not user:
    abort(404, message="User not found")

37.9 API Versioning
Maintain multiple API versions.
Use URL or headers to version.
Ensures backward compatibility.
api.add_resource(UserResource, '/api/v1/users')

37.10 Summary of RESTful APIs
Flask-RESTful simplifies API development.
Use resources for endpoints.
Handle validation, serialization, and errors properly.

38.1 Importance of Testing
Testing ensures code correctness.
Detects bugs early.
Improves maintainability.
# Always write tests for your app

38.2 Setting Up Testing Environment
Use Python’s unittest or pytest.
Create a test client from Flask app.
Isolate tests from production data.
import pytest

@pytest.fixture
def client():
    app.config['TESTING'] = True
    with app.test_client() as client:
        yield client

38.3 Writing Unit Tests for Views
Test response status and content.
Use client to send requests.
Check expected outputs.
def test_home(client):
    rv = client.get('/')
    assert rv.status_code == 200
    assert b"Welcome" in rv.data

38.4 Testing Forms and Input Validation
Submit form data via POST.
Test valid and invalid inputs.
Confirm error handling.
def test_submit_form(client):
    rv = client.post('/submit', data={'name': 'Alice'})
    assert b"Hello, Alice" in rv.data

38.5 Mocking External Services
Replace real API calls with mocks.
Isolate tests from external dependencies.
Use unittest.mock or pytest-mock.
from unittest.mock import patch

@patch('requests.get')
def test_api(mock_get, client):
    mock_get.return_value.json.return_value = {'key': 'value'}
    # test your endpoint

38.6 Debugging with Flask Debug Toolbar
Use debug toolbar to inspect requests.
Displays SQL queries, headers, and templates.
Install via flask-debugtoolbar.
pip install flask-debugtoolbar

38.7 Using pdb for Interactive Debugging
Insert `import pdb; pdb.set_trace()`.
Pause execution and inspect variables.
Great for step-by-step debugging.
import pdb; pdb.set_trace()

38.8 Logging for Debugging
Configure logging to file or console.
Helps trace issues in production.
Use Python’s logging module.
import logging
logging.basicConfig(level=logging.DEBUG)

38.9 Writing Integration Tests
Test multiple components working together.
Use test databases.
Ensure overall app functionality.
def test_full_flow(client):
    # register, login, access dashboard
    pass

38.10 Summary of Testing and Debugging
Testing improves app reliability.
Use Flask test client and mocks.
Debug with tools and logging.

39.1 What is WebSocket?
WebSocket allows real-time two-way communication.
It differs from HTTP’s request-response.
Useful for chat apps, live updates.
# WebSocket keeps connection open

39.2 Installing Flask-SocketIO
Adds WebSocket support to Flask.
Supports multiple async modes.
Easy integration.
pip install flask-socketio

39.3 Initializing SocketIO
Wrap Flask app with SocketIO.
Use socketio.run() instead of app.run().
from flask_socketio import SocketIO

socketio = SocketIO(app)

39.4 Handling Socket Events
Use decorators to listen for events.
Emit messages to clients.
Real-time interaction.
@socketio.on('message')
def handle_message(msg):
    print('Received:', msg)
    socketio.send('Reply: ' + msg)

39.5 Broadcasting Messages
Send messages to all connected clients.
Use broadcast=True.
Useful for notifications.
socketio.emit('update', data, broadcast=True)

39.6 Rooms and Namespaces
Group clients into rooms.
Namespaces separate event channels.
Enables targeted messaging.
join_room('room1')
leave_room('room1')

39.7 Using SocketIO with Templates
Use JavaScript SocketIO client.
Connect and listen to events.
Send events from browser.
<script src="//cdnjs.cloudflare.com/ajax/libs/socket.io/4.0.1/socket.io.min.js"></script>
<script>
  var socket = io();
  socket.on('message', function(msg) {
    console.log(msg);
  });
</script>

39.8 Deploying Flask-SocketIO Apps
Use async workers like eventlet or gevent.
Configure server accordingly.
Avoid Flask dev server.
pip install eventlet
socketio.run(app, host='0.0.0.0', port=5000)

39.9 Common Use Cases
Chat applications.
Real-time dashboards.
Collaborative tools.
# Real-time notifications, live data feeds

39.10 Summary of WebSockets
WebSocket enables real-time web apps.
Flask-SocketIO integrates easily.
Use for interactive, live features.

40.1 Configuring Flask Apps
Flask uses app.config dict.
Store settings like DEBUG, DB URI.
Load from Python files or env vars.
app.config['DEBUG'] = True

40.2 Using Config Classes
Define config in classes.
Easier to manage multiple environments.
Inherit common settings.
class Config:
    DEBUG = False
class DevConfig(Config):
    DEBUG = True

40.3 Loading Config from Files
Use app.config.from_pyfile()
Keeps secrets outside code.
Easier to change configs.
app.config.from_pyfile('config.py')

40.4 Environment Variables
Use os.environ for config.
Keeps sensitive data secure.
Supports 12-factor apps.
import os
app.config['SECRET_KEY'] = os.environ.get('SECRET_KEY')

40.5 Flask-Environments Extension
Helps manage env-specific configs.
Switch configs easily.
Supports dev, test, prod.
pip install flask-environments

40.6 Using dotenv for Local Env Variables
Store env vars in .env file.
Load automatically with python-dotenv.
Keeps code clean.
pip install python-dotenv
from dotenv import load_dotenv
load_dotenv()

40.7 Debug vs Production Config
DEBUG=True shows detailed errors.
Never enable debug in production.
Use separate configs.
if app.config['DEBUG']:
    # Dev-only settings

40.8 Configuring Logging Levels
Use logging.DEBUG, INFO, WARNING.
Control verbosity based on environment.
Helps diagnose issues.
import logging
logging.basicConfig(level=logging.INFO)

40.9 Flask Config Best Practices
Keep secrets out of source control.
Use environment variables.
Document config options.
# Use .env and config.py wisely

40.10 Summary of Configuration
Manage configs per environment.
Use environment variables and files.
Keep secrets secure and separate.

41.1 What is SQLAlchemy?
SQLAlchemy is a Python ORM for database management.
It abstracts SQL queries as Python code.
Makes database operations easier and safer.
# Install with:
pip install flask_sqlalchemy

41.2 Setting Up Flask-SQLAlchemy
Initialize SQLAlchemy with your Flask app.
Configure your database URI.
Connect Flask and your database.
from flask_sqlalchemy import SQLAlchemy
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///test.db'
db = SQLAlchemy(app)

41.3 Defining Models
Models represent tables in the database.
Define columns as class attributes.
Use inheritance from db.Model.
class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True, nullable=False)

41.4 Creating and Migrating the Database
Use Flask-Migrate for migrations.
Track changes in models.
Update DB schema without losing data.
from flask_migrate import Migrate

migrate = Migrate(app, db)
flask db init
flask db migrate
flask db upgrade

41.5 Adding and Querying Records
Add new rows with db.session.add().
Commit changes to save.
Query with model.query.filter_by().
user = User(username='Alice')
db.session.add(user)
db.session.commit()

users = User.query.all()

41.6 Relationships Between Models
Define one-to-many or many-to-many.
Use db.relationship and db.ForeignKey.
Manage related data easily.
class Post(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    user_id = db.Column(db.Integer, db.ForeignKey('user.id'))
    user = db.relationship('User', back_populates='posts')

41.7 Updating and Deleting Records
Modify model attributes.
Delete with db.session.delete().
Commit changes to persist.
user.username = 'Bob'
db.session.commit()

db.session.delete(user)
db.session.commit()

41.8 Querying Advanced Filters
Use filters like .filter(), .filter_by().
Support operators like ==, !=, <, >.
Chain filters for complex queries.
users = User.query.filter(User.username.like('A%')).all()

41.9 Handling Database Sessions Properly
Always commit or rollback.
Use try-except to catch errors.
Prevent session leaks.
try:
    db.session.add(user)
    db.session.commit()
except:
    db.session.rollback()

41.10 Summary of Database Integration
Use SQLAlchemy ORM for DB abstraction.
Define models, handle migrations.
Query and manage data with Python.

42.1 User Registration Forms
Use Flask-WTF for secure forms.
Validate inputs with validators.
CSRF protection included.
from flask_wtf import FlaskForm
from wtforms import StringField, PasswordField
from wtforms.validators import DataRequired

class RegistrationForm(FlaskForm):
    username = StringField('Username', validators=[DataRequired()])
    password = PasswordField('Password', validators=[DataRequired()])

42.2 Handling Form Submission
Validate form on POST.
Process and save user data.
Render form with errors if invalid.
@app.route('/register', methods=['GET', 'POST'])
def register():
    form = RegistrationForm()
    if form.validate_on_submit():
        # Save user
        return redirect('/')
    return render_template('register.html', form=form)

42.3 Password Hashing and Storage
Hash passwords with werkzeug.
Never store plaintext passwords.
Verify during login.
from werkzeug.security import generate_password_hash, check_password_hash

hashed_pw = generate_password_hash(form.password.data)

42.4 User Login Handling
Authenticate user credentials.
Use Flask-Login to manage session.
Redirect after login.
from flask_login import login_user

user = User.query.filter_by(username=form.username.data).first()
if user and check_password_hash(user.password, form.password.data):
    login_user(user)

42.5 User Profile Pages
Create profile route.
Display user info.
Allow editing profiles.
@app.route('/profile')
@login_required
def profile():
    return render_template('profile.html', user=current_user)

42.6 Updating User Information
Use forms for update.
Validate and commit changes.
Flash success messages.
@app.route('/profile/edit', methods=['GET', 'POST'])
@login_required
def edit_profile():
    form = ProfileForm(obj=current_user)
    if form.validate_on_submit():
        form.populate_obj(current_user)
        db.session.commit()
        flash('Profile updated')
        return redirect('/profile')

42.7 Handling Profile Pictures
Allow users to upload images.
Save securely to /static folder.
Update user model with filename.
from werkzeug.utils import secure_filename
file = request.files['photo']
filename = secure_filename(file.filename)
file.save(os.path.join('static/uploads', filename))

42.8 Password Reset Mechanism
Send reset emails with tokens.
Verify tokens for security.
Allow new password setting.
# Use itsdangerous for token generation
from itsdangerous import URLSafeTimedSerializer

42.9 User Roles and Permissions
Assign roles like admin or user.
Control access based on roles.
Enforce permissions in views.
if current_user.role != 'admin':
    abort(403)

42.10 Summary of User Management
Secure forms for registration/login.
Hash passwords and manage sessions.
Support profile updates and roles.

43.1 Sending Emails with Flask-Mail
Flask-Mail integrates SMTP email sending.
Configure SMTP settings.
Send simple emails easily.
from flask_mail import Mail, Message

mail = Mail(app)

43.2 Setting Up SMTP Configuration
Add SMTP details in config.
Use Gmail or custom SMTP.
Secure with TLS or SSL.
app.config.update(
    MAIL_SERVER='smtp.gmail.com',
    MAIL_PORT=587,
    MAIL_USE_TLS=True,
    MAIL_USERNAME='your_email@gmail.com',
    MAIL_PASSWORD='your_password'
)

43.3 Sending Basic Emails
Create Message objects.
Specify sender, recipients, and body.
Call mail.send() to send.
msg = Message("Hello", sender="you@gmail.com", recipients=["friend@gmail.com"])
msg.body = "This is a test email"
mail.send(msg)

43.4 Sending HTML Emails
Use msg.html for HTML content.
Supports styling and images.
Enhances email appearance.
msg.html = "<b>Bold text</b> and <i>italics</i>"

43.5 Attaching Files to Emails
Add attachments with msg.attach().
Send documents or images.
Specify filename and MIME type.
with app.open_resource("file.pdf") as fp:
    msg.attach("file.pdf", "application/pdf", fp.read())

43.6 Using Templates in Emails
Render HTML emails from templates.
Use render_template with variables.
Makes emails dynamic.
html = render_template('email.html', name=user.name)
msg.html = html

43.7 Email Confirmation Workflow
Send confirmation link after registration.
Verify user emails.
Activate accounts upon confirmation.
# Generate token and send URL to user

43.8 Password Reset Emails
Send reset link to user's email.
Include secure token.
Allow password reset via link.
# Send tokenized reset email similar to confirmation

43.9 Handling Email Errors
Catch SMTP exceptions.
Retry or log failures.
Notify admins if needed.
try:
    mail.send(msg)
except Exception as e:
    app.logger.error(f"Email error: {e}")

43.10 Summary of Email Integration
Use Flask-Mail for SMTP email sending.
Send plain, HTML, and attachments.
Support confirmation and reset flows.

44.1 Handling File Uploads
Use HTML forms with enctype multipart/form-data.
Access files via request.files.
Save uploaded files securely.
file = request.files['file']
file.save('/path/to/save/' + file.filename)

44.2 Validating Uploaded Files
Check file extensions.
Limit size.
Prevent malicious uploads.
ALLOWED_EXTENSIONS = {'png', 'jpg', 'pdf'}
def allowed_file(filename):
    return '.' in filename and \
           filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS

44.3 Secure File Names
Use werkzeug's secure_filename.
Prevent directory traversal.
Sanitize file names.
from werkzeug.utils import secure_filename
filename = secure_filename(file.filename)

44.4 Storing Files on Server
Save files to a dedicated upload folder.
Keep uploads organized.
Manage storage limits.
UPLOAD_FOLDER = '/uploads'
app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))

44.5 Handling Multiple File Uploads
Use multiple file inputs.
Iterate over uploaded files.
Save each file.
files = request.files.getlist('files')
for f in files:
    f.save(os.path.join(app.config['UPLOAD_FOLDER'], secure_filename(f.filename)))

44.6 File Downloading
Use send_from_directory to serve files.
Set proper headers.
Enable file download prompts.
from flask import send_from_directory

@app.route('/download/<filename>')
def download(filename):
    return send_from_directory(app.config['UPLOAD_FOLDER'], filename)

44.7 Limiting Upload Size
Set MAX_CONTENT_LENGTH in config.
Prevent large uploads.
Handle errors gracefully.
app.config['MAX_CONTENT_LENGTH'] = 16 * 1024 * 1024  # 16 MB

44.8 Handling Upload Errors
Catch exceptions during upload.
Provide user feedback.
Log errors for debugging.
@app.errorhandler(413)
def too_large(e):
    return "File too large", 413

44.9 File Security Considerations
Validate file types.
Store outside web root if possible.
Scan files if needed.
# Always validate and sanitize inputs

44.10 Summary of File Handling
Upload files securely.
Validate and sanitize filenames.
Provide safe download functionality.

45.1 Preparing Flask App for Deployment
Use production configs.
Disable debug mode.
Test thoroughly.
app.config['DEBUG'] = False

45.2 Using WSGI Servers
Deploy with Gunicorn or uWSGI.
Handles multiple requests.
More robust than Flask dev server.
gunicorn app:app

45.3 Reverse Proxy Setup
Use Nginx or Apache as proxy.
Manage SSL termination.
Improve security and performance.
# Nginx example
location / {
    proxy_pass http://127.0.0.1:8000;
}

45.4 Using Environment Variables in Deployment
Store secrets out of code.
Use .env files or host env vars.
Keeps config flexible.
export SECRET_KEY='your_secret'

45.5 SSL/TLS Setup
Secure traffic with HTTPS.
Use certificates from Let's Encrypt.
Configure web server accordingly.
sudo certbot --nginx -d yourdomain.com

45.6 Database Configuration in Production
Use production DB servers.
Secure connections.
Use environment variables for credentials.
app.config['SQLALCHEMY_DATABASE_URI'] = os.environ.get('DATABASE_URL')

45.7 Logging and Monitoring
Enable logging to files.
Use monitoring tools (e.g. Prometheus).
Track errors and performance.
import logging
logging.basicConfig(filename='app.log', level=logging.WARNING)

45.8 Scaling Flask Applications
Use multiple worker processes.
Load balancing with proxy.
Consider caching layers.
gunicorn -w 4 app:app

45.9 Security Best Practices
Sanitize inputs.
Use HTTPS.
Keep dependencies updated.
# Regularly update packages
pip install --upgrade -r requirements.txt

45.10 Summary of Deployment
Use production servers.
Secure your app and data.
Monitor and scale effectively.

46.1 What is RESTful API?
RESTful APIs use HTTP methods for CRUD operations.
They follow stateless architecture.
Widely used for client-server communication.
# REST example: GET, POST, PUT, DELETE

46.2 Setting Up Flask-RESTful
Install Flask-RESTful extension.
Import Api and Resource.
Wrap your Flask app with Api.
pip install flask-restful

from flask_restful import Api, Resource
api = Api(app)

46.3 Creating a Resource
Resources map to endpoints.
Define get/post methods.
Return JSON responses.
class Hello(Resource):
    def get(self):
        return {'message': 'Hello World'}

api.add_resource(Hello, '/hello')

46.4 Handling POST Requests
Use request.get_json() to parse JSON.
Validate incoming data.
Return appropriate response.
from flask import request

class Item(Resource):
    def post(self):
        data = request.get_json()
        return {'you sent': data}, 201

46.5 URL Parameters and Query Strings
Capture variables in URL.
Access query strings via request.args.
Customize responses.
class User(Resource):
    def get(self, user_id):
        return {'user_id': user_id}

api.add_resource(User, '/user/<int:user_id>')

46.6 Error Handling in APIs
Use abort() to send HTTP errors.
Return meaningful messages.
Handle exceptions gracefully.
from flask_restful import abort

if not user:
    abort(404, message="User not found")

46.7 Authentication with APIs
Protect endpoints with tokens.
Use Flask-JWT or Flask-HTTPAuth.
Secure sensitive data.
from flask_httpauth import HTTPBasicAuth
auth = HTTPBasicAuth()

46.8 Pagination and Filtering
Limit responses with pagination.
Filter data via query params.
Improves API performance.
page = int(request.args.get('page', 1))
items = Model.query.paginate(page, 10)

46.9 Versioning Your API
Use URL prefix or headers.
Maintain backward compatibility.
Manage breaking changes easily.
api.add_resource(Hello, '/v1/hello')

46.10 Summary of RESTful APIs
Use Flask-RESTful for easy API creation.
Handle HTTP methods and errors.
Secure and scale your APIs.

47.1 Introduction to WebSockets
WebSockets enable full-duplex communication.
Useful for real-time apps like chat.
They keep connections open.
# Unlike HTTP, WebSockets stay open for push updates.

47.2 Installing Flask-SocketIO
Flask-SocketIO adds WebSocket support.
Use pip to install.
Initialize SocketIO with Flask.
pip install flask-socketio

from flask_socketio import SocketIO
socketio = SocketIO(app)

47.3 Setting Up SocketIO Events
Define event handlers.
Use decorators like @socketio.on.
Handle client-server messages.
@socketio.on('message')
def handle_message(msg):
    print('Message: ' + msg)

47.4 Emitting Messages to Clients
Send messages to all or specific clients.
Use socketio.emit().
Broadcast or private messages.
socketio.emit('response', {'data': 'Hello clients!'})

47.5 Handling Client Connections
Track connect/disconnect.
Use event handlers for 'connect' and 'disconnect'.
Manage client sessions.
@socketio.on('connect')
def handle_connect():
    print('Client connected')

47.6 Broadcasting Events
Send messages to all connected clients.
Use broadcast=True.
Useful for live updates.
socketio.emit('update', {'data': 'Broadcast message'}, broadcast=True)

47.7 Rooms and Namespaces
Group clients into rooms.
Use namespaces for different event groups.
Manage complex apps.
join_room('room1')
leave_room('room1')

47.8 Integrating with Frontend JavaScript
Use socket.io-client.
Listen and emit events in JS.
Real-time UI updates.
var socket = io();
socket.on('response', function(data) { console.log(data); });

47.9 Deployment Considerations for WebSockets
Use eventlet or gevent.
Configure proxy servers.
Handle scaling challenges.
socketio.run(app, host='0.0.0.0', port=5000)

47.10 Summary of WebSockets in Flask
Enable real-time bidirectional comms.
Use Flask-SocketIO extension.
Build interactive web apps.

48.1 Importance of Testing
Tests catch bugs early.
Ensure app reliability.
Facilitate maintenance.
# Automated tests improve code quality.

48.2 Setting Up pytest
pytest is a popular testing tool.
Install via pip.
Easy to write and run tests.
pip install pytest

48.3 Writing Unit Tests
Test individual functions.
Use assert statements.
Isolate logic from dependencies.
def test_add():
    assert 1 + 1 == 2

48.4 Testing Flask Routes
Use app.test_client() to simulate requests.
Check response status and data.
Automate endpoint testing.
def test_home():
    tester = app.test_client()
    response = tester.get('/')
    assert response.status_code == 200

48.5 Using Fixtures
Setup test environment.
Create reusable test data.
Use @pytest.fixture decorators.
@pytest.fixture
def client():
    with app.test_client() as client:
        yield client

48.6 Mocking Dependencies
Replace real services with mocks.
Control external interactions.
Use unittest.mock.
from unittest.mock import patch

@patch('module.function')
def test_mock(mock_func):
    mock_func.return_value = True

48.7 Debugging Tools in Flask
Use Flask Debug Toolbar.
Tracebacks show error context.
Enable debug mode during development.
app.run(debug=True)

48.8 Handling Test Failures
Review error messages.
Fix bugs and rerun tests.
Maintain good test coverage.
# Use verbose pytest output
pytest -v

48.9 Continuous Integration Setup
Automate tests on push.
Use GitHub Actions or Travis CI.
Catch issues before deployment.
# .github/workflows/python-app.yml example

48.10 Summary of Testing and Debugging
Testing ensures app quality.
Use pytest and mocks.
Debug efficiently with tools.

49.1 Why Caching?
Caching improves performance.
Reduces load on server and DB.
Speeds up response times.
# Cache static and dynamic content.

49.2 Flask-Caching Setup
Install Flask-Caching.
Configure cache backend.
Simple integration.
pip install Flask-Caching

from flask_caching import Cache
cache = Cache(app, config={'CACHE_TYPE': 'simple'})

49.3 Basic Caching Decorator
Cache route outputs.
Use @cache.cached decorator.
Set timeout for cache.
@cache.cached(timeout=60)
@app.route('/data')
def data():
    return expensive_function()

49.4 Caching with Parameters
Cache dynamic content by query params.
Use @cache.memoize for functions.
Improves efficiency.
@cache.memoize(50)
def get_user(user_id):
    # Expensive DB call
    pass

49.5 Cache Invalidation
Clear cache when data changes.
Use cache.delete() or cache.clear().
Prevent stale content.
cache.delete_memoized(get_user, user_id)

49.6 Using Redis as Cache Backend
Redis is a fast in-memory store.
Replace 'simple' with 'redis' backend.
Requires Redis server.
cache = Cache(app, config={'CACHE_TYPE': 'redis', 'CACHE_REDIS_URL': 'redis://localhost:6379/0'})

49.7 Caching Templates and Fragments
Cache parts of templates.
Use Flask-Cache extension helpers.
Reduces template rendering time.
# Jinja2 extensions support caching blocks

49.8 Client-Side Caching Headers
Set Cache-Control headers.
Let browsers cache static content.
Reduce server hits.
response.headers['Cache-Control'] = 'public, max-age=3600'

49.9 Monitoring Cache Performance
Track cache hits and misses.
Use logging or external tools.
Optimize cache usage.
# Enable debug logging for cache

49.10 Summary of Caching Strategies
Cache wisely to boost speed.
Use Flask-Caching with backends.
Manage invalidation carefully.

50.1 Flask-Migrate for DB Migrations
Automate DB schema changes.
Works with Alembic.
Simplifies upgrades.
pip install Flask-Migrate

50.2 Flask-Login for Authentication
Manages user sessions.
Provides login_required decorator.
Supports remember me.
from flask_login import LoginManager
login_manager = LoginManager(app)

50.3 Flask-WTF for Form Handling
Simplifies form creation.
Integrates CSRF protection.
Supports validators.
from flask_wtf import FlaskForm

50.4 Flask-Mail for Email Support
Send emails via SMTP.
Supports HTML and attachments.
Easy integration.
from flask_mail import Mail
mail = Mail(app)

50.5 Flask-SocketIO for WebSockets
Real-time communication.
Uses WebSocket protocol.
Supports rooms and namespaces.
from flask_socketio import SocketIO
socketio = SocketIO(app)

50.6 Flask-Caching for Performance
Adds caching layers.
Supports Redis and Memcached.
Improves response time.
from flask_caching import Cache
cache = Cache(app)

50.7 Flask-Admin for Admin Interfaces
Auto-generate admin UIs.
Manage models easily.
Supports authentication.
from flask_admin import Admin
admin = Admin(app)

50.8 Flask-Babel for Localization
Translate your app.
Support multiple languages.
Manage date/time formats.
from flask_babel import Babel
babel = Babel(app)

50.9 Flask-Uploads for File Uploads
Manage file uploads.
Configure upload sets.
Simplify file handling.
from flask_uploads import UploadSet, configure_uploads

50.10 Summary of Advanced Extensions
Use extensions to add features.
Integrate seamlessly.
Save development time.