<div dir="ltr">Hi <span style="font-size:12.8px">Gergely,</span><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">I completely agree that exposing all routes without an option of hiding some of them is a no-go. In my package you can use private() decorator func in order to hide either a route or a Blueprint. I have put some examples in the Readme:</span></div><div><span style="font-size:12.8px"><br></span></div><div><pre style="box-sizing:border-box;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:13.6px;margin-top:0px;margin-bottom:0px;font-stretch:normal;line-height:1.45;word-wrap:normal;padding:16px;overflow:auto;background-color:rgb(246,248,250);border-radius:3px;word-break:normal;color:rgb(36,41,46)"><span class="gmail-pl-en" style="box-sizing:border-box;color:rgb(111,66,193)">@private</span>()
<span class="gmail-pl-en" style="box-sizing:border-box;color:rgb(111,66,193)">@app.route</span>(<span class="gmail-pl-s" style="box-sizing:border-box;color:rgb(3,47,98)"><span class="gmail-pl-pds" style="box-sizing:border-box">'</span>/restricted_route/<span class="gmail-pl-pds" style="box-sizing:border-box">'</span></span>)
<span class="gmail-pl-k" style="box-sizing:border-box;color:rgb(215,58,73)">def</span> <span class="gmail-pl-en" style="box-sizing:border-box;color:rgb(111,66,193)">private_endpoint</span>():
    <span class="gmail-pl-k" style="box-sizing:border-box;color:rgb(215,58,73)">return</span> <span class="gmail-pl-s" style="box-sizing:border-box;color:rgb(3,47,98)"><span class="gmail-pl-pds" style="box-sizing:border-box">'</span>Hello Private Endpoint<span class="gmail-pl-pds" style="box-sizing:border-box">'</span></span></pre></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">As well as Blueprints:</span></div><div><span style="font-size:12.8px"><br></span></div><div><pre style="box-sizing:border-box;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:13.6px;margin-top:0px;margin-bottom:0px;font-stretch:normal;line-height:1.45;word-wrap:normal;padding:16px;overflow:auto;background-color:rgb(246,248,250);border-radius:3px;word-break:normal;color:rgb(36,41,46)"><span class="gmail-pl-c" style="box-sizing:border-box;color:rgb(106,115,125)"><span class="gmail-pl-c" style="box-sizing:border-box">#</span> or: app_bp = private(Blueprint('my_bp', __name__))</span>
app_bp <span class="gmail-pl-k" style="box-sizing:border-box;color:rgb(215,58,73)">=</span> Blueprint(<span class="gmail-pl-s" style="box-sizing:border-box;color:rgb(3,47,98)"><span class="gmail-pl-pds" style="box-sizing:border-box">'</span>my_bp<span class="gmail-pl-pds" style="box-sizing:border-box">'</span></span>, <span class="gmail-pl-c1" style="box-sizing:border-box;color:rgb(0,92,197)">__name__</span>)
private(app_bp)</pre></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Does it correlate to your suggestion?</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">My vision of requests with parameters was to just put those in the available url string as is (just like they were put in route()):</span></div><div><span style="font-size:12.8px"><br></span></div><div><pre style="box-sizing:border-box;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:13.6px;margin-top:0px;margin-bottom:0px;font-stretch:normal;line-height:1.45;word-wrap:normal;padding:16px;overflow:auto;background-color:rgb(246,248,250);border-radius:3px;word-break:normal;color:rgb(36,41,46)"><span class="gmail-pl-s" style="box-sizing:border-box;color:rgb(3,47,98)"><span class="gmail-pl-pds" style="box-sizing:border-box">"</span>hello_world<span class="gmail-pl-pds" style="box-sizing:border-box">"</span></span>: {                              // name of a public endpoint
        <span class="gmail-pl-s" style="box-sizing:border-box;color:rgb(3,47,98)"><span class="gmail-pl-pds" style="box-sizing:border-box">"</span>active_urls<span class="gmail-pl-pds" style="box-sizing:border-box">"</span></span>: [
            <span class="gmail-pl-s" style="box-sizing:border-box;color:rgb(3,47,98)"><span class="gmail-pl-pds" style="box-sizing:border-box">"</span>/<span class="gmail-pl-pds" style="box-sizing:border-box">"</span></span>,
            <span class="gmail-pl-s" style="box-sizing:border-box;color:rgb(3,47,98)"><span class="gmail-pl-pds" style="box-sizing:border-box">"</span>/health_check/<int:customer_id>/<span class="gmail-pl-pds" style="box-sizing:border-box">"</span></span>
        ],
        <span class="gmail-pl-s" style="box-sizing:border-box;color:rgb(3,47,98)"><span class="gmail-pl-pds" style="box-sizing:border-box">"</span>methods<span class="gmail-pl-pds" style="box-sizing:border-box">"</span></span>: [
            <span class="gmail-pl-s" style="box-sizing:border-box;color:rgb(3,47,98)"><span class="gmail-pl-pds" style="box-sizing:border-box">"</span>GET<span class="gmail-pl-pds" style="box-sizing:border-box">"</span></span>,
            <span class="gmail-pl-s" style="box-sizing:border-box;color:rgb(3,47,98)"><span class="gmail-pl-pds" style="box-sizing:border-box">"</span>HEAD<span class="gmail-pl-pds" style="box-sizing:border-box">"</span></span>,
            <span class="gmail-pl-s" style="box-sizing:border-box;color:rgb(3,47,98)"><span class="gmail-pl-pds" style="box-sizing:border-box">"</span>OPTIONS<span class="gmail-pl-pds" style="box-sizing:border-box">"</span></span>
        ]
    },</pre></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">By providing more information like required param format or an example of response format for a given route I think I'd create a vulnerability. I think that everything about data formats has to be in the API docs. This extension aimed to get rid of hardcoded api urls in the components/client code mostly...</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Please, let me know what you think.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">P.S. I'm quite new to contributing something valuable to the open-source. Could you please suggest me any resources that I might share my work with?</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Thank you for your help and for the feedback.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Kind regards,</span></div><div><span style="font-size:12.8px">Alena</span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jul 5, 2017 at 11:34 AM, Alena Lifar <span dir="ltr"><<a href="mailto:alenaslifar@gmail.com" target="_blank">alenaslifar@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Abdesslem,<div><br></div><div>Awesome, thanks!</div><div><br></div><div>Kind regards,</div><div>Alena</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jul 5, 2017 at 9:31 AM, Abdesslem Amri <span dir="ltr"><<a href="mailto:amriabdesslem@gmail.com" target="_blank">amriabdesslem@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi,<div><br></div><div><span style="font-size:12.8px">To add a new extension. you have to make a pull request to </span><a href="https://github.com/pallets/flask-website" style="font-size:12.8px" target="_blank">https://github.com/pallets/<span class="m_4432795002451797836m_-8357309112062839407gmail-il"><wbr>flask</span>-website</a><span style="font-size:12.8px">.</span><br></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Best regards,</span></div><div><span style="font-size:12.8px">Abdesslem Amri</span></div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="m_4432795002451797836h5">2017-07-04 22:45 GMT+02:00 Alena Lifar <span dir="ltr"><<a href="mailto:alenaslifar@gmail.com" target="_blank">alenaslifar@gmail.com</a>></span>:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="m_4432795002451797836h5"><div dir="ltr"><span style="font-size:12.8px">Hello everyone,</span><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">My name is Alena and I have been working on a Flask Extension that collects and exposes routes declared in your Flask application/Blueprint via REST.</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Here is Github project: <a href="https://github.com/UseTheApi/flask_url_discovery" target="_blank">https://github.com/Us<wbr>eTheApi/flask_url_discovery</a></div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Could anyone please take a look and let me know if this could be useful? Do you think it has a chance to be added into Flask Extension Registry? Is there anything I have to improve?</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">I have found this link: <a href="http://librelist.com/browser/flask/2010/7/25/flask-extension-review-status/" target="_blank">http://librelist.com/bro<wbr>wser/flask/2010/7/25/flask-ext<wbr>ension-review-status/</a> which points to <a href="http://github.com/mitsuhiko/flask/tree/master/extreview/" target="_blank">http://github.com/mitsuhiko<wbr>/flask/tree/master/extreview/</a> <wbr>for Flask Extensions review and approval but this link is dead.</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Thank you for your time.</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Kind regards,</div><div style="font-size:12.8px">Alena</div></div>
<br></div></div>______________________________<wbr>_________________<br>
Flask mailing list<br>
<a href="mailto:Flask@python.org" target="_blank">Flask@python.org</a><br>
<a href="https://mail.python.org/mailman/listinfo/flask" rel="noreferrer" target="_blank">https://mail.python.org/mailma<wbr>n/listinfo/flask</a><br>
<br></blockquote></div><span class="m_4432795002451797836HOEnZb"><font color="#888888"><br><br clear="all"><div><br></div>-- <br><div class="m_4432795002451797836m_-8357309112062839407gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><hr>
<font face="Arial" size="1" color="Gray"><br>
The preceding message (including attachments) is covered by the 
Electronic Communication Privacy Act, 18 U.S.C. sections 2510-2512, is 
intended only for the person or entity to which it is addressed, and may
 contain information that is confidential, protected
 by attorney-client or other privilege, or otherwise protected from 
disclosure by law. If you are not the intended recipient, you are hereby
 notified that any retention, dissemination, distribution, or copying of
 this communication is strictly prohibited. Please
 reply to the sender that you have received the message in error and 
destroy the original message and all copies.<br>
</font>


<br>______________________________<wbr>_________________</div></div>
</font></span></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>