[Flask] Flask Extension Development
Alena Lifar
alenaslifar at gmail.com
Wed Jul 5 05:36:13 EDT 2017
Hi Gergely,
I completely agree that exposing all routes without an option of hiding
some of them is a no-go. In my package you can use private() decorator func
in order to hide either a route or a Blueprint. I have put some examples in
the Readme:
@private()@app.route('/restricted_route/')def private_endpoint():
return 'Hello Private Endpoint'
As well as Blueprints:
# or: app_bp = private(Blueprint('my_bp', __name__))
app_bp = Blueprint('my_bp', __name__)
private(app_bp)
Does it correlate to your suggestion?
My vision of requests with parameters was to just put those in the
available url string as is (just like they were put in route()):
"hello_world": { // name of a public endpoint
"active_urls": [
"/",
"/health_check/<int:customer_id>/"
],
"methods": [
"GET",
"HEAD",
"OPTIONS"
]
},
By providing more information like required param format or an example of
response format for a given route I think I'd create a vulnerability. I
think that everything about data formats has to be in the API docs. This
extension aimed to get rid of hardcoded api urls in the components/client
code mostly...
Please, let me know what you think.
P.S. I'm quite new to contributing something valuable to the open-source.
Could you please suggest me any resources that I might share my work with?
Thank you for your help and for the feedback.
Kind regards,
Alena
On Wed, Jul 5, 2017 at 11:34 AM, Alena Lifar <alenaslifar at gmail.com> wrote:
> Hi Abdesslem,
>
> Awesome, thanks!
>
> Kind regards,
> Alena
>
> On Wed, Jul 5, 2017 at 9:31 AM, Abdesslem Amri <amriabdesslem at gmail.com>
> wrote:
>
>> Hi,
>>
>> To add a new extension. you have to make a pull request to
>> https://github.com/pallets/flask-website.
>>
>> Best regards,
>> Abdesslem Amri
>>
>> 2017-07-04 22:45 GMT+02:00 Alena Lifar <alenaslifar at gmail.com>:
>>
>>> Hello everyone,
>>>
>>> My name is Alena and I have been working on a Flask Extension that
>>> collects and exposes routes declared in your Flask application/Blueprint
>>> via REST.
>>>
>>> Here is Github project: https://github.com/UseTheApi/flask_url_discovery
>>>
>>> Could anyone please take a look and let me know if this could be useful?
>>> Do you think it has a chance to be added into Flask Extension Registry? Is
>>> there anything I have to improve?
>>>
>>> I have found this link: http://librelist.com/bro
>>> wser/flask/2010/7/25/flask-extension-review-status/ which points to
>>> http://github.com/mitsuhiko/flask/tree/master/extreview/ for Flask
>>> Extensions review and approval but this link is dead.
>>>
>>> Thank you for your time.
>>>
>>> Kind regards,
>>> Alena
>>>
>>> _______________________________________________
>>> Flask mailing list
>>> Flask at python.org
>>> https://mail.python.org/mailman/listinfo/flask
>>>
>>>
>>
>>
>> --
>> ------------------------------
>>
>> The preceding message (including attachments) is covered by the
>> Electronic Communication Privacy Act, 18 U.S.C. sections 2510-2512, is
>> intended only for the person or entity to which it is addressed, and may
>> contain information that is confidential, protected by attorney-client or
>> other privilege, or otherwise protected from disclosure by law. If you are
>> not the intended recipient, you are hereby notified that any retention,
>> dissemination, distribution, or copying of this communication is strictly
>> prohibited. Please reply to the sender that you have received the message
>> in error and destroy the original message and all copies.
>>
>> _______________________________________________
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/flask/attachments/20170705/46170038/attachment-0001.html>
More information about the Flask
mailing list