19:["$","div",null,{"className":"bg-theme dark:bg-gray-1400 h-dvh w-dvw flex flex-col","children":[["$","a",null,{"href":"#main-content","className":"absolute left-4 top-0 focus-visible:top-4 bg-blue-700 text-white rounded-4 text-xs p-4 z-50 transform -translate-y-full focus-visible:translate-y-0 otransition","children":"Skip to main content"}],"$L36","$L37",["$","div",null,{"role":"main","id":"main-content","className":"relative overflow-y-auto items-center flex flex-col","tabIndex":-1,"children":[["$","div",null,{"className":"max-w-[62.5rem] w-full pt-24 lg:pt-48 px-20 md:px-24","children":["$","$L38",null,{"rootHref":"/learn/course-paths?courseSlug=securing-flask-todo-app-with-session-authentication&unitSlug=protecting-routes-with-authentication-middleware","pathBreadcrumb":{"key":"106","title":"Implementing MVC ToDo App with Flask","href":"/learn/paths/implementing-mvc-todo-app-with-flask"},"courseBreadcrumb":{"key":"511","title":"Securing Flask ToDo App with Session Authentication","href":"/learn/courses/securing-flask-todo-app-with-session-authentication","options":[{"key":"505","href":"/learn/courses/getting-started-with-flask-and-web-development","imageUrl":"https://d3dq4v2xxejk8c.cloudfront.net/uploads/WZnD8NRWoWxStkPx3_cover1.jpg","numLessons":5,"numPractices":17,"active":false,"label":"Getting Started with Flask and Web Development","completedAt":"$undefined","completionRatio":"$undefined"},{"key":"506","href":"/learn/courses/building-a-todo-app-with-flask","imageUrl":"https://d3dq4v2xxejk8c.cloudfront.net/uploads/3702b08e-1978-4c10-b192-72cb25c8694e_optimized.jpg","numLessons":4,"numPractices":19,"active":false,"label":"Building a ToDo App with Flask","completedAt":"$undefined","completionRatio":"$undefined"},{"key":"508","href":"/learn/courses/integrating-a-sql-database-to-flask","imageUrl":"https://d3dq4v2xxejk8c.cloudfront.net/uploads/937faf37-fad6-4db2-9981-c8189cfc07b1_optimized.jpg","numLessons":4,"numPractices":17,"active":false,"label":"Integrating a SQL Database to Flask","completedAt":"$undefined","completionRatio":"$undefined"},{"key":"510","href":"/learn/courses/enhancing-flask-with-additional-features","imageUrl":"https://d3dq4v2xxejk8c.cloudfront.net/uploads/03df749a-d0bb-45b3-8529-74672e270b23_optimized.jpg","numLessons":4,"numPractices":16,"active":false,"label":"Enhancing Flask with Additional Features","completedAt":"$undefined","completionRatio":"$undefined"},{"key":"511","href":"/learn/courses/securing-flask-todo-app-with-session-authentication","imageUrl":"https://d3dq4v2xxejk8c.cloudfront.net/uploads/7eeb597a-d34c-4e98-9b09-de6dc6f78f11_optimized.jpg","numLessons":4,"numPractices":18,"active":true,"label":"Securing Flask ToDo App with Session Authentication","completedAt":"$undefined","completionRatio":"$undefined"}]},"lessonBreadcrumb":{"key":"3734","title":"Protecting Routes with Authentication Middleware","options":[{"key":"3734","href":"/learn/courses/securing-flask-todo-app-with-session-authentication/lessons/protecting-routes-with-authentication-middleware","active":true,"label":"Protecting Routes with Authentication Middleware","completedAt":"$undefined"},{"key":"3735","href":"/learn/courses/securing-flask-todo-app-with-session-authentication/lessons/implementing-secure-user-registration-in-flask","active":false,"label":"Implementing Secure User Registration in Flask","completedAt":"$undefined"},{"key":"3736","href":"/learn/courses/securing-flask-todo-app-with-session-authentication/lessons/authenticating-users-with-login-functionality","active":false,"label":"Authenticating Users with Login Functionality","completedAt":"$undefined"},{"key":"3737","href":"/learn/courses/securing-flask-todo-app-with-session-authentication/lessons/adding-user-logout-to-flask-app","active":false,"label":"Adding User Logout to Flask App","completedAt":"$undefined"}]}}]}],["$","div",null,{"className":"max-w-[62.5rem] w-full pt-24 pb-60 px-20 md:px-24 space-y-32 md:space-y-48","children":[["$","div",null,{"className":"mx-auto h-[12rem] w-[21.25rem] md:h-[25.5rem] md:w-[45rem] lg:h-[33.5rem] lg:w-[59.5rem] shrink-0","children":["$","$L39",null,{"src":"https://k3-production-bucket.s3.amazonaws.com/uploads/0c02e07f-4007-4af6-9959-6e678faf28ea_combined_video.mp4","thumbnailUrl":"https://k3-production-bucket.s3.amazonaws.com/uploads/516cbb01-6cda-4b50-968e-eb9db050e6c1_slide-1.png","mimeType":"video/mp4","speed":1,"forcePause":false}]}],[["$","div","17619",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Protecting Routes with Authentication Middleware"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":["Welcome to the first lesson of our course on securing a Flask MVC application. In this lesson, we'll explore how to implement an ",["$","em","em-0",{"children":"authentication middleware"}]," to protect the routes in our app. This middleware is vital because it ensures that only authorized users have access to specific features. For our ",["$","em","em-1",{"children":"ToDo app"}],", it will serve as a gatekeeper, safeguarding user routes and enhancing security."]}],"\n",["$","p","p-1",{"children":"Think of an authentication middleware as a checkpoint that verifies a user's credentials before permitting access to designated areas of the application. By the end of this lesson, your app will be fortified with this indispensable security feature, ready to prevent unauthorized access."}]]}]]}],["$","div","17620",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Lesson Overview"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":"In this lesson, we will cover the following key topics to secure our Flask ToDo app:"}],"\n",["$","ol","ol-0",{"className":"list-decimal pl-24 space-y-8","children":["\n",["$","li","li-0",{"children":[["$","strong","strong-0",{"children":"Creating the Authentication Page"}],": Design a user interface for login and registration to facilitate user authentication."]}],"\n",["$","li","li-1",{"children":[["$","strong","strong-0",{"children":"Implementing the User Controller"}],": Establish a controller to handle the connection between the authentication page and the backend."]}],"\n",["$","li","li-2",{"children":[["$","strong","strong-0",{"children":"Developing the Authentication Middleware"}],": Develop middleware to intercept requests and verify user authentication status."]}],"\n",["$","li","li-3",{"children":[["$","strong","strong-0",{"children":"Integrating Middleware into the Flask App"}],": Seamlessly incorporate the authentication middleware into the app to protect routes."]}],"\n"]}],"\n",["$","p","p-1",{"children":"By the end of this lesson, you will be equipped with the skills to implement robust authentication middleware in your Flask application, enhancing its security and accessibility management."}]]}]]}],["$","div","17621",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Creating the Authentication Page"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":["The first step in building an authentication system is to provide a user interface for login and registration. Let's create a new ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"auth.html"}]," template for our authentication page inside our ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"/templates"}]," directory:"]}],"\n",["$","div","pre-0",{"className":"my-24","children":["$","$L3a",null,{"language":"html","onClickPlay":"$undefined","display":"block","children":"\n\n\n \n \n Login / Register\n \n\n\n

Login or Register

\n\n \n \n\n"}]}],"\n",["$","p","p-1",{"children":"This HTML code provides a simple form for user login and registration. It includes fields for a username and password, as well as buttons to submit the form. For now, we will not add any actions to these buttons, since we just need a page to redirect unauthenticated users."}]]}]]}],["$","div","17622",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Implementing the User Controller"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":"Next, we'll create a controller to handle routes related to users, such as rendering the authentication page, and later handling registration and login."}],"\n",["$","p","p-1",{"children":["Here's how you set up the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"controllers/user_controller.py"}],":"]}],"\n",["$","div","pre-0",{"className":"my-24","children":["$","$L3a",null,{"language":"python","onClickPlay":"$undefined","display":"block","children":"from flask import Blueprint, render_template\n\nuser_controller = Blueprint('user', __name__)\n\n# Route to render the authentication page\n@user_controller.route('/auth', methods=['GET'])\ndef auth_page():\n return render_template('auth.html')"}]}],"\n",["$","p","p-2",{"children":["In this code, we use Flask's ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"Blueprint"}]," to modularize our application. Inside this blueprint we define the ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"/auth"}]," route for rendering the authentication page. This controller lays the groundwork for managing user authentication."]}]]}]]}],["$","div","17623",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Developing the Authentication Middleware"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":["Now, let's create an ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"authentication_middleware.py"}]," file in the ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"middlewares"}]," directory. This file ensures users can only access protected parts of the app if they are logged in."]}],"\n",["$","p","p-1",{"children":"Here's the middleware code with comments:"}],"\n",["$","div","pre-0",{"className":"my-24","children":["$","$L3a",null,{"language":"python","onClickPlay":"$undefined","display":"block","children":"from flask import session, redirect, url_for, request\n\ndef require_login_middleware(app):\n # Set up the middleware to run before each request\n @app.before_request\n def require_login():\n # Check if the current endpoint is not in the allowed list\n if request.endpoint not in ['user.auth_page', 'static']:\n # Verify if 'user_id' is in the session; if not, the user is not logged in\n if 'user_id' not in session:\n # Redirect unauthenticated users to the authentication page\n return redirect(url_for('user.auth_page'))"}]}],"\n",["$","p","p-2",{"children":"How It Works:"}],"\n",["$","ol","ol-0",{"className":"list-decimal pl-24 space-y-8","children":["\n",["$","li","li-0",{"children":[["$","strong","strong-0",{"children":"Function Setup"}],": The ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"require_login_middleware"}]," function is defined to check authentication. It runs ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"require_login"}]," before every request."]}],"\n",["$","li","li-1",{"children":[["$","strong","strong-0",{"children":"URL Check"}],": ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"require_login"}]," checks if the current endpoint is an authentication page or a static file (like images or stylesheets). These should be accessible without login, so they are excluded from the check."]}],"\n",["$","li","li-2",{"children":[["$","strong","strong-0",{"children":"Session Check"}],": It looks for ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"user_id"}]," in the session. Without it, the user isn't logged in. For now, no users will have ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"user_id"}]," in the session since we haven't implemented the login route yet."]}],"\n",["$","li","li-3",{"children":[["$","strong","strong-0",{"children":"Redirect"}],": If ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"user_id"}]," is absent, the user is redirected to ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"/auth"}]," to log in, protecting other routes."]}],"\n"]}]]}]]}],["$","div","17624",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Integrating Middleware into the Flask App"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":["Finally, let's bring everything together by integrating this middleware into our Flask app. We will update the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"app.py"}]," file:"]}],"\n",["$","div","pre-0",{"className":"my-24","children":["$","$L3a",null,{"language":"python","onClickPlay":"$undefined","display":"block","children":"from flask import Flask\nfrom controllers.todo_controller import todo_controller\nfrom controllers.theme_controller import theme_controller\nfrom controllers.user_controller import user_controller\nfrom middlewares.error_handler import setup_error_handler\nfrom middlewares.authentication_middleware import require_login_middleware\nfrom models import db\nfrom config import Config\n\napp = Flask(__name__)\n\napp.config.from_object(Config)\n\napp.secret_key = 'your_unique_secret_key' \n\ndb.init_app(app)\n\nwith app.app_context():\n db.create_all()\n\nsetup_error_handler(app)\n\n# Setup authentication middleware\nrequire_login_middleware(app)\n\n# Register user controller blueprint\napp.register_blueprint(user_controller)\n\napp.register_blueprint(todo_controller)\napp.register_blueprint(theme_controller)\n\nif __name__ == '__main__':\n app.run(host='0.0.0.0', port=3000, debug=True)"}]}],"\n",["$","p","p-1",{"children":["In this file, we initialize the Flask app, set up session management with a secret key, integrate our authentication middleware using the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"require_login_middleware(app)"}]," function and register the ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"user_controller"}]," next to our already implemented controllers."]}]]}]]}],["$","div","17625",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Accessing Protected Routes"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":["When a user tries to access the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"/"}]," route or any other route within the application, the authentication middleware takes action. The middleware checks if the user is authenticated by verifying the presence of a ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"user_id"}]," in the session. If the ",["$","code","code-2",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"user_id"}]," is not found in the session, this indicates that the user is not logged in. Consequently, the middleware intercepts the request and redirects the user to the authentication page ",["$","code","code-3",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"/auth"}],"."]}],"\n",["$","p","p-1",{"children":["$","span","img-0",{"className":"flex justify-center","children":["$","img",null,{"src":"https://k3-production-bucket.s3.amazonaws.com/uploads/4sSB3HSKDXaEMDfe2_mermaid-diagram-2024-10-07-163031.png","alt":"","title":"$undefined","width":"$undefined"}]}]}],"\n",["$","p","p-2",{"children":["As depicted in the diagram, when a route is accessed, the middleware evaluates whether the user is authenticated. If not (i.e., \"No\" path), the user is redirected to the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"/auth"}]," page. If the user is authenticated (i.e., \"Yes\" path), access to the requested route is granted. This mechanism ensures that all protected routes are only accessible to authenticated users, effectively acting as a security layer to safeguard the application's restricted areas."]}]]}]]}],["$","div","17626",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Summary and Preparation for Practice"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":["You have built a foundational understanding of adding authentication middleware to your ",["$","em","em-0",{"children":"Flask ToDo app"}]," and learned how to create a user authentication page, set up a user controller, and integrate a middleware to secure routes."]}],"\n",["$","p","p-1",{"children":"Now, you're ready to apply this knowledge in hands-on practice exercises. These exercises will reinforce what you've learned and give you the confidence to implement authentication in real-world Flask applications. Remember, securing your app is essential in protecting user data and maintaining trust. Keep up the great work, and let's move on to the practice session!"}]]}]]}]],["$","div",null,{"className":"flex gap-16 justify-between md:justify-start","children":[null,[["$","div",null,{"className":"hidden lg:block","children":["$","$L10",null,{"href":"/learn/courses/securing-flask-todo-app-with-session-authentication/lessons/implementing-secure-user-registration-in-flask","variant":"tertiary","size":"sm","TrailingIcon":"$3b","maxWidth":"47rem","children":"Next Lesson: Implementing Secure User Registration in Flask"}]}],["$","div",null,{"className":"hidden md:block lg:hidden","children":["$","$L10",null,{"href":"/learn/courses/securing-flask-todo-app-with-session-authentication/lessons/implementing-secure-user-registration-in-flask","variant":"tertiary","size":"sm","TrailingIcon":"$3b","maxWidth":"33rem","children":"Next Lesson: Implementing Secure User Registration in Flask"}]}],["$","div",null,{"className":"md:hidden","children":["$","$L10",null,{"href":"/learn/courses/securing-flask-todo-app-with-session-authentication/lessons/implementing-secure-user-registration-in-flask","variant":"tertiary","size":"sm","TrailingIcon":"$3b","children":"Next"}]}]]]}]]}],["$","div",null,{"className":"flex flex-col bg-gray-200 dark:bg-gray-1400 w-full px-20 md:px-24 pt-24 pb-48 items-center","children":["$","div",null,{"className":"max-w-screen-xl w-full flex flex-col lg:flex-row py-20 px-24 items-center justify-between gap-48 lg:gap-60 xl:gap-96","children":[["$","$L3c",null,{"alt":"Sign up","src":"/learn/img/signup-module.png","className":"h-auto w-[335px] md:w-[440px] lg:w-[480px] xl:w-[570px]","width":570,"height":336}],["$","div",null,{"className":"flex flex-col gap-32 ml-24 items-center lg:items-start","children":[["$","div",null,{"className":"text-h-md md:text-h-xl text-theme-strong text-center lg:text-start","children":"Join the 1M+ learners on CodeSignal"}],["$","div",null,{"className":"text-lg font-normal md:text-2xl text-theme text-center lg:text-start md:max-w-[536px] lg:max-w-none","children":"Be a part of our community of 1M+ users who develop and demonstrate their skills on CodeSignal"}],["$","$L35",null,{"size":"lg","pageType":"lessonPreview","uiRegion":"joinModule","children":"Start learning today!"}]]}]]}]}],"$L3d"]}]]}]