2.4.0

1. Doc strings overhauled, example uses can now be seen in the doc strings.
2. Addition of a new method in the security package.

include_crsf()

A decorator that handles CSRF protection.

On a GET request, a CSRF token is generated and stored in the session key
specified by the session_key parameter.

On a POST request, the form_key specified is checked against the session_key
specified.

If they match, the request is allowed to continue.
If no match, the response will be abort(abort_code), default 401.

@bp.route("/admin", methods=["GET", "POST"])
@include_csrf(session_key="csrf", form_key="csrf")
def admin_page():
    ...
    # You must pass in the CSRF token from the session into the template.
    # Then add <input type="hidden" name="csrf" value="{{ csrf }}"> to the form.
    return render_template("admin.html", csrf=session.get("csrf"))

def include_csrf(session_key: str = "csrf", form_key: str = "csrf", abort_code: int = 401):
    def include_csrf_wrapper(func):
        @wraps(func)
        def inner(*args, **kwargs):
            if request.method == "GET":
                session[session_key] = Auth.generate_form_token()

                return func(*args, **kwargs)

            if request.method == "POST":
                _session_key = session.get(session_key)
                _form_key = request.form.get(form_key)

                if _form_key is None:
                    return abort(abort_code)

                if _session_key is None:
                    return abort(abort_code)

                if _session_key != _form_key:
                    return abort(abort_code)

            return func(*args, **kwargs)

        return inner

    return include_csrf_wrapper

2.3.7

Some small fixes with CLI generated files. Fixes to security decorators when working with flash messages.

2.3.6

Name change to Flask-Imp to better reflect that this is an IMPorter.

2.3.4

Hotfix to address issue on Windows OS with the flask-bigapp init command and the flask-bigapp blueprint command.

Windows needed to have the utf-8 encoding set.

2.3.1

Overhaul to the import engine, auto import is now able to import vanilla Blueprints.

THIS VERSION HAS BREAKING CHANGES FROM VERSION 2.2.*

.import_global_collection() has been replaced by .import_app_resources()

This gives more control to importing app based resources.

bigapp.import_app_resources(
    folder = folder to import resources from
    app_factories = function names that the app instance will be passed to
    static_folder = "static" sets app.static_folder to None if not found
    templates_folder = "templates"  sets app.template_folder to None if not found
    scope_root_folders_to = [List of folders to import from, ignores other not on this list],
    scope_root_files_to =  [List of files to import from, ignores other not on this list],
)

An example of the simplest use case:

folder structure

Project/
    app/
        global/
            route.py
            another_route.py
    __init__.py
    venv/...

__init__.py

def create_app():
    app = Flask(__name__)
    bigapp.init_app(app)

    bigapp.import_app_resources()  # will look for global folder by default

    return app

global/route.py

from flask import current_app as app


@app.route("/")
def index():
    return "index"

global/another_route.py

from flask import current_app as app


@app.route("/another")
def another():
    return "another"

2.2.3

Bug fixes with order of checking in login_check

2.2.2

Bug fixes to login_check function.

pass_endpoint argument mechanism wasn't working correctly.

2.2.1

Major change to the way security decorators work.

This is a breaking change from 2.1.0

A value to check for must now be specified

@bp.route("/must-be-logged-in", methods=["GET"])
@login_check("logged_in", True, "login_failed")
def must_be_logged_in():
    ...

This will check if session["logged_in"] is equal to True

You can now set the login check to look for multiple values

@bp.route("/must-be-logged-in", methods=["GET"])
@login_check("logged_in", [1, "li", True], "login_failed")
def must_be_logged_in():
    ...

Permissions are able to have multiple values and be checked against multiple values, for example:

@bp.route("/must-have-perm", methods=["GET"])
@permission_check("permissions", ["admin", "manager"], "incorrect_permissions")
def must_have_perm():
    ...

This will check if session["permissions"] contains any of the following ["admin", "manager"]

session["permissions"] = ["admin"] will pass
session["permissions"] = "admin" will pass
session["permissions"] = "manager" will pass

session["permissions"] = ["user"] will fail
session["permissions"] = "user" will fail

Both login_check and permission_check are able to work with a list of str, bool, int or str, bool, int

2.1.0

Modules in the collection folder can now be imported from global/*.py or global/folder/*.py any collection module that does not contain the collection() function will be removed from sys.modules

2.0.4

Added styling to auto deployments of app and blueprints