Discord
Account
Edit Profile
My Plan
Logout.png)
After developing numerous production Flask applications, from startups to enterprise systems, I've established a robust template for building scalable web applications. This guide shares proven patterns and best practices from real-world implementations.
What is a Flask Web Application?
A Flask web application is a complete web-based solution that handles user interactions, data management, and business logic. Unlike simple websites, web applications provide dynamic functionality, user authentication, and complex data operations.
Project Structure
flask-webapp/ ├── app/ │ ├── __init__.py │ ├── auth/ │ │ ├── __init__.py │ │ ├── routes.py │ │ ├── forms.py │ │ └── models.py │ ├── main/ │ │ ├── __init__.py │ │ ├── routes.py │ │ └── forms.py │ ├── api/ │ │ ├── __init__.py │ │ └── routes.py │ ├── templates/ │ │ ├── base.html │ │ ├── auth/ │ │ ├── main/ │ │ └── errors/ │ ├── static/ │ │ ├── css/ │ │ ├── js/ │ │ └── img/ │ ├── models/ │ └── utils/ ├── migrations/ ├── tests/ ├── config.py ├── requirements.txt └── wsgi.py
Application Setup
# app/__init__.py
from flask import Flask
from flask_sqlalchemy import SQLAlchemy
from flask_login import LoginManager
from flask_migrate import Migrate
from flask_mail import Mail
from config import Config
db = SQLAlchemy()
login_manager = LoginManager()
migrate = Migrate()
mail = Mail()
def create_app(config_class=Config):
app = Flask(__name__)
app.config.from_object(config_class)
# Initialize extensions
db.init_app(app)
login_manager.init_app(app)
migrate.init_app(app, db)
mail.init_app(app)
# Register blueprints
from app.auth import bp as auth_bp
from app.main import bp as main_bp
from app.api import bp as api_bp
app.register_blueprint(auth_bp, url_prefix='/auth')
app.register_blueprint(main_bp)
app.register_blueprint(api_bp, url_prefix='/api')
return app
Configuration Management
# config.py
import os
from dotenv import load_dotenv
basedir = os.path.abspath(os.path.dirname(__file__))
load_dotenv(os.path.join(basedir, '.env'))
class Config:
SECRET_KEY = os.environ.get('SECRET_KEY') or 'hard-to-guess-string'
SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL') or \
'sqlite:///' + os.path.join(basedir, 'app.db')
SQLALCHEMY_TRACK_MODIFICATIONS = False
MAIL_SERVER = os.environ.get('MAIL_SERVER')
MAIL_PORT = int(os.environ.get('MAIL_PORT') or 25)
MAIL_USE_TLS = os.environ.get('MAIL_USE_TLS') is not None
MAIL_USERNAME = os.environ.get('MAIL_USERNAME')
MAIL_PASSWORD = os.environ.get('MAIL_PASSWORD')
ADMINS = ['admin@example.com']
POSTS_PER_PAGE = 10
Database Models
# app/models/user.py
from app import db, login_manager
from werkzeug.security import generate_password_hash, check_password_hash
from flask_login import UserMixin
class User(UserMixin, db.Model):
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String(64), unique=True, index=True)
email = db.Column(db.String(120), unique=True, index=True)
password_hash = db.Column(db.String(128))
posts = db.relationship('Post', backref='author', lazy='dynamic')
def set_password(self, password):
self.password_hash = generate_password_hash(password)
def check_password(self, password):
return check_password_hash(self.password_hash, password)
@login_manager.user_loader
def load_user(id):
return User.query.get(int(id))
Authentication System
# app/auth/routes.py
from flask import render_template, redirect, url_for, flash, request
from flask_login import login_user, logout_user, current_user
from app.auth import bp
from app.auth.forms import LoginForm, RegistrationForm
from app.models import User
from app import db
@bp.route('/login', methods=['GET', 'POST'])
def login():
if current_user.is_authenticated:
return redirect(url_for('main.index'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).first()
if user is None or not user.check_password(form.password.data):
flash('Invalid username or password')
return redirect(url_for('auth.login'))
login_user(user, remember=form.remember_me.data)
next_page = request.args.get('next')
return redirect(next_page or url_for('main.index'))
return render_template('auth/login.html', title='Sign In', form=form)
Forms and Validation
# app/auth/forms.py
from flask_wtf import FlaskForm
from wtforms import StringField, PasswordField, BooleanField, SubmitField
from wtforms.validators import DataRequired, Email, EqualTo, Length
class RegistrationForm(FlaskForm):
username = StringField('Username', validators=[
DataRequired(),
Length(min=4, max=20)
])
email = StringField('Email', validators=[
DataRequired(),
Email()
])
password = PasswordField('Password', validators=[
DataRequired(),
Length(min=6)
])
password2 = PasswordField('Repeat Password', validators=[
DataRequired(),
EqualTo('password')
])
submit = SubmitField('Register')
Template Structure
{# templates/base.html #}
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>{% block title %}{% endblock %} - {{ config.APP_NAME }}</title>
<link rel="stylesheet" href="{{ url_for('static', filename='css/main.css') }}">
{% block styles %}{% endblock %}
</head>
<body>
{% include "components/navbar.html" %}
{% with messages = get_flashed_messages(with_categories=true) %}
{% if messages %}
{% for category, message in messages %}
<div class="alert alert-{{ category }}">
{{ message }}
</div>
{% endfor %}
{% endif %}
{% endwith %}
<main class="container">
{% block content %}{% endblock %}
</main>
{% include "components/footer.html" %}
<script src="{{ url_for('static', filename='js/main.js') }}"></script>
{% block scripts %}{% endblock %}
</body>
</html>
API Development
# app/api/routes.py
from flask import jsonify
from app.api import bp
from app.models import User
from app.api.auth import token_auth
@bp.route('/users/', methods=['GET'])
@token_auth.login_required
def get_user(id):
user = User.query.get_or_404(id)
return jsonify(user.to_dict())
@bp.route('/users', methods=['GET'])
@token_auth.login_required
def get_users():
page = request.args.get('page', 1, type=int)
per_page = min(request.args.get('per_page', 10, type=int), 100)
data = User.to_collection_dict(User.query, page, per_page, 'api.get_users')
return jsonify(data)
Error Handling
# app/errors/handlers.py
from flask import render_template
from app import db
from app.errors import bp
@bp.app_errorhandler(404)
def not_found_error(error):
return render_template('errors/404.html'), 404
@bp.app_errorhandler(500)
def internal_error(error):
db.session.rollback()
return render_template('errors/500.html'), 500
Task Queue Integration
# app/tasks.py
from flask import current_app
from app import create_app, db
from app.models import Task
from app.email import send_email
from celery import Celery
celery = Celery('tasks', broker='redis://localhost:6379/0')
@celery.task
def send_async_email(subject, sender, recipients, text_body, html_body):
app = create_app()
with app.app_context():
send_email(subject, sender, recipients, text_body, html_body)
Testing Setup
# tests/conftest.py
import pytest
from app import create_app, db
from app.models import User
from config import Config
class TestConfig(Config):
TESTING = True
SQLALCHEMY_DATABASE_URI = 'sqlite://'
@pytest.fixture
def app():
app = create_app(TestConfig)
with app.app_context():
db.create_all()
yield app
db.session.remove()
db.drop_all()
@pytest.fixture
def client(app):
return app.test_client()
Deployment Configuration
# Dockerfile
FROM python:3.9-slim
WORKDIR /app
COPY requirements.txt requirements.txt
RUN pip install -r requirements.txt
COPY . .
ENV FLASK_APP=wsgi.py
CMD ["gunicorn", "--bind", "0.0.0.0:5000", "wsgi:app"]
# docker-compose.yml
version: '3'
services:
web:
build: .
ports:
- "5000:5000"
env_file:
- .env
depends_on:
- db
db:
image: postgres:13
environment:
- POSTGRES_DB=flask_app
- POSTGRES_USER=flask
- POSTGRES_PASSWORD=password
Security Best Practices
# Security headers
@app.after_request
def add_security_headers(response):
response.headers['Content-Security-Policy'] = "default-src 'self'"
response.headers['X-Content-Type-Options'] = 'nosniff'
response.headers['X-Frame-Options'] = 'SAMEORIGIN'
response.headers['X-XSS-Protection'] = '1; mode=block'
return response
# CSRF Protection
from flask_wtf.csrf import CSRFProtect
csrf = CSRFProtect(app)
Conclusion
A well-structured Flask web application provides a solid foundation for building complex web solutions. Focus on modularity, security, and maintainability when developing your application.
Remember: Always follow security best practices, implement proper error handling, and maintain a clear separation of concerns in your application structure.
For more information, consult the Flask documentation.
