
Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Flask toolkits to boost your development and simplify flask, its featured with AutoSwagger
pip install flask-toolkits
Flask toolkits implements and provides several features from FastAPI
like:
swagger
/openapi
spec for you)view
/router
function which is unable in Flask
beforePydantic
JSONResponse
class to replace jsonify
roles in send dictionary data with encoding improvements.typing
's generic (ex: Optional
, Union
, List
)File
and Form
input parameters validation and automatic swagger.Authorization
header in openapi spec.Authorization
processing function for security and can be used as login
or auth
.add_url_rule
and route
for endpoint definitionalias
on endpoint parameters (path, query, header, etc) to enable
non-pythonic terms of parameter namestoolkit
swagger
/openapi
)flask-http-middleware
)pydantic
)The original Blueprints
class from flask
can't insert most of arguments inside endpoint.
Here our APIRouter
allows you to have arguments inside your endpoint
from typing import Optional
from flask_toolkits import APIRouter, Body, Header, Query
from flask_toolkits.responses import JSONResponse
router = APIRouter("email", import_name=__name__, static_folder="/routers/email", url_prefix="/email")
@router.post("/read", tags=["Email Router"])
def get_email(
id: int,
name: Optional[str],
):
return JSONResponse({"id": id, "name": name})
Here our APIRouter
allows you to auto-documenting your endpoint through AutoSwagger
.
Define the new router using APIRouter
class, lets put it in another pyfile
email_view.py
from typing import Optional
from flask_toolkits import APIRouter, Body, Header, Query
from flask_toolkits.responses import JSONResponse
router = APIRouter("email", import_name=__name__, static_folder="/routers/email", url_prefix="/email")
@router.post("/read", tags=["Email Router"])
def get_email(
id: int = Body(),
name: Optional[str] = Body(None),
token: int = Header(),
race: Optional[str] = Query(None)
):
return JSONResponse({"id":id, "name": name})
main.py
from flask import Flask
from flask_toolkits import AutoSwagger
from email_view import router as email_router
app = Flask(__name__)
auto_swagger = AutoSwagger()
app.register_blueprint(email_router)
app.register_blueprint(auto_swagger)
if __name__ == "__main__":
app.run()
then you can go to http://localhost:5000/docs
and you will found you router is already documented
flask-toolkits
provide multiple field parameters such as Header
, Query
, Body
, Path
, File
, Form
flask-toolkits
helps you to define your security scheme for authorization easier than before. In advance this also give you automated documentation.
lets assume you have your own bearer security schema. You just have to create a new instance of HTTPBearerSecurity()
to enable automatic documentation on it.
from flask import request
from flask_toolkits import APIRouter
from flask_toolkits.security import HTTPBearerSecurity
router = APIRouter("api", __name__)
@router.get("/home", security=HTTPBearerSecurity())
def home(message: str):
if my_security_scheme(request):
return JSONResponse({"message": message})
return JSONResponse({"message": "invalid authorization"})
this is how it looks like
on you clicked it
If you want to define your own security scheme you can follow below guidance
from flask import request
from flask_toolkits import APIRouter
from flask_toolkits.security import HTTPBearerSecurity
class JWTBearer(HTTPBearerSecurity):
def __init__(self):
super().__init__()
def __call__(self, req):
data = self.get_authorization_data(req)
if data != "abcdefghij":
raise Exception("This is not good")
return req
router = APIRouter("api", __name__)
@router.get("/home", security=JWTBearer())
def home(message: str):
if my_security_scheme(request):
return JSONResponse({"message": message})
return JSONResponse({"message": "invalid authorization"})
Overriding __call__
method inside the subclass would define your security schema for the routers that are using your security scheme
Just pass it to APIRouter
and all its endpoint will use that security scheme!
router_with_bearer = APIRouter("api", __name__, security=JWTBearer())
but don't worries! You can also override it by just defining in the router decorator!
@router_with_bearer.get("/home", security=AnotherBearerSecurity())
def home():
return {"message": "hello"}
In case you have non-pythonic terms with unicode character (-, +, _, =) for your paramter names, you can apply the alias
into the parameters easily
@app.get("/test-alias")
def test_alias(
apikey: str = Header(alias="x-api-key")
):
return JSONResponse({"apikey": apikey})
here you will also have your swagger is defined with that alias
Creating the response example and schema easily by just defining the class and pass it to create_response_example
or accessing as_response()
from BaseSchema
objects
from flask_toolkits.responses import response_json_example
class PersonResponse(BaseSchema):
name: str
age: int
class FailedResponse(BaseSchema):
message: str
error_code: int
@router.route(
'/hello_world/<first>/<int:number>', tags=["My Hello"],
responses={
200: response_json_example(PersonResponse(name="Alex", age=20)),
400: FailedResponse(message="Data not found", error_code=101).as_response()
},
)
def hello_world(
name: str = Query(),
age: int = Query()
):
resp = {
"name": name,
"age": age
}
return JSONResponse(resp)
add_url_rule
and route
method for Flask
's App or Blueprints
object are now supported. This also allows you to have multiple HTTP methods in a single endpoint function
@app.route("/test-multiple-method", methods=["GET", "POST", "PUT", "DELETE", "PATCH"])
def go_multi_method(
name: str = Body()
):
return JSONResponse({"result": name})
Here you will get null
if you hit it using GET
but you'll get the value on you hit with other methods that support Body
. You won't loose your validation since it only applied for methods that support that kind of params.
import time
from flask import Flask
from flask_toolkits.middleware import MiddlewareManager, BaseHTTPMiddleware
app = Flask(__name__)
class MetricsMiddleware(BaseHTTPMiddleware):
def __init__(self):
super().__init__()
def dispatch(self, request, call_next):
t0 = time.time()
response = call_next(request)
response_time = time.time()-t0
response.headers.add("response_time", response_time)
return response
app.wsgi_app = MiddlewareManager(app)
app.wsgi_app.add_middleware(MetricsMiddleware)
@app.get("/health")
def health():
return {"message":"I'm healthy"}
FAQs
Flask toolkits to boost your development and simplify flask, its featured with AutoSwagger
We found that flask-toolkits demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Product
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
Security News
Research
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.