angle-uparrow-clockwisearrow-counterclockwisearrow-down-uparrow-leftatcalendarcard-listchatcheckenvelopefolderhouseinfo-circlepencilpeoplepersonperson-fillperson-plusphoneplusquestion-circlesearchtagtrashx

Welcome

This website is a multi-language CMS / Blog I build with Python, the framework Flask and SQLAlchemy. It is deployed on my ISPConfig3 (Nginx + Mariadb) server using Docker which is also used for development. Read more about this website.

Coronavirus

I investigated the deaths in The Netherlands in 2020 and looking at the data, I can only wonder why we have never had, and still do not have, a serious discussion about reopening the economy for people under 65 or, for example, people under 50. Read the findings and conclusions.

Recent

Most viewed

Tags

AJAXAlembicAlpineAPIApplication settingsAsyncBabelBootstrapCachingCaptchaCeleryCryptographyCSRF protectionDeepLDispatcherMiddleWareDNSDockerDocker-composeEmailExceptionsFastAPIFlaskGunicornIconsIMAPInternetISPConfigJavascriptJinja2MariaDBMultilanguageMultiprocessingPentestingPostfixProfilingpyOpenSSLPytestRedisSecurity testingSQLAlchemyTestingTimezoneUbuntu TouchUUIDWerkzeugWheelsWTForms

Using icons on your Flask website and reducing 'First Contentful Paint'

29 May 2020 0

Peter

post main image There are many types of vector icons. In this post I only look at SVG-icons, and limit myself to navigation icons, sometimes also called interface icons. These icons not only look nice on websites, they also color and scale like fonts. And they are very functional. Imagine a button with the text ' Edit' in it. Replace this text with a pencil-icon and you get more space on the page while it still is ...

Sharing models, classes, Blueprints and templates between apps with Flask DispatcherMiddleWare

12 May 2020 0

Peter

post main image This site is running Flask. It uses DispatcherMiddleWare to run the frontend app and the admin app. The Flask documents state that the Flask applications in this case are entirely isolated from each other. That is true but often there is a lot of code we want to share between these apps. Things we want to share Both apps use the same database meaning we want to share the models.py file. Then we ...

Converting a SQLAlchemy MariaDb / MySQL database with Integer Primary Keys to UUID Primary Keys for a Flask website

26 April 2020 0

Peter

post main image This website uses Flask, (plain) SQLAlchemy with Alembic for migrations and MariaDb. If you do not use these, this post probably is not what you are looking for. In a previous post I wrote why many websites should use UUID Primary Keys instead of Integer Primary Keys. Even if you have a high performance website then probably only few tables are responsible for this performance. High performance websites ...

Blacklisting IP addresses on your Flask website running on Linux

16 April 2020 0

Peter

post main image You have a website and it works fine. But you notice that certain visitors are trying to mess with your forms. They come from specific IP addresses. Then there are also bots that are scanning your site. Some are necessary but others should stay away. Don't you hate this? I do. In the past I once wrote a module that returned a not so nice response very slowly, byte-by-byte, slowing down their systems. ...

Using UUIDs instead of Integer Autoincrement Primary Keys with SQLAlchemy and MariaDb

9 April 2020 0

Peter

post main image We all know the Integer Autoincrement Primary Key. Works great, much software is doing it this way. It is fast. But it also has limitations. An alternative for the Integer Autoincrement Primary Key is the UUID (Universally Unique IDentifier) Primary Key. A UUID is a 128-bit number. It can be represented by a string, for example: 05390f2b-48e8-45c7-8ae4-08272dc69122 or a hex string (the same as above ...

Eliminate repetition and improve maintenance by creating a Flask view class

24 March 2020 0

Peter

post main image Flask is hot. Everyone loves Flask. I believe the main reason is that it is so easy to start with Flask. You create a virtual environment, copy-paste a few lines of code from some example, point your browser at 127.0.0.1:5000 and there is your page. Then you hack a little with a Jinja template and you get a beautiful page. You can even run Flask on a Raspberry Pi, isn't that wonderful? My main reason ...

Do not hesitate to reinvent the wheel if you want your software with open source components to live longer

10 March 2020 0

Peter

post main image The problem: a customer wants an application with a certain functionality and want this yesterday. What you do is look for a plug-and-play solution, libraries and/or extensions. You tell your customer that you can do it, customer is happy, you do it. For example, you take Wordpress, select and configure some plugins. Problem solved, or is it? Yes, the problem is solved but for how long? After some ...

Flask, WTForms and AJAX: CSRF protection, before_request and multilanguage

29 February 2020 1

Peter

post main image I never really checked if CSRF protection was working in my Flask application, this website. Is it enabled by default? From the Flask_WTF extension documentation: Any view using FlaskForm to process the request is already getting CSRF protection. And from the text of Miguel Grinberg's post 'Cookie Security for Flask Applications': If you are handling your web forms with the Flask-WTF extension, ...

Flask with multiple forms on a page posted using AJAX and returning a rendered form result

22 February 2020 0

Peter

post main image While working on comments system for the first time I bounced into the problem of having multiple WTForms forms on a single page. On every page there also is the search form but this is not a POST form. It is doing a GET. The comments system uses two forms: Comment form Comment reply form The comment form is immediately below the content item, blog post or page, the comment reply form is initially ...

A textarea with a character counter widget for Flask, WTForms and Bootstrap

15 February 2020 1

Peter

post main image I hoped to tell you today that you could comment on the blog posts of this website now. That would have meant that I completed the first implementation of the comments system. Unfortunately I stumbled upon some problems, yes of course, I am a programmer, and one of them involved the TextAreaField. I just wanted a simple extended version of the WTForm TextAreaField, just add a character counter field ...

Threaded comments using Common Table Expressions (CTE) for a MySQL Flask blog or CMS

8 February 2020 68

Peter

post main image Now that I have blog posts, pages and a contact form, I decided to implement the comments for the blog posts and pages. Not just flat comments but threaded comments, also called nested comments. Some months ago I read about this and I really liked Miguel Grinberg's article: Implementing User Comments with SQLAlchemy. As often Miguel starts with defining the problem and some hard core theory and explaining ...

The mysterious Flask Application Context, my questions and answers

30 January 2020 0

Peter

post main image When you start with Flask you read a bit about the Application Context, TL;DR. Do not know about you but I certainly did not understand it fully. What is app, what is current_app, what is the difference, you just start programming your application. All the time in the background there is this weird buzz: what exactly is the Application Context ... Then at a certain moment when using a class you instantiated ...

WTForms image picker widget for Flask with Bootstrap 4 without extra Javascript and CSS

24 January 2020 0

Peter

post main image When you sign up for this website you are assigned an avatar image. Of course you can change the avatar in 'your account' and this is done using an image picker. Many image pickers examples can be found on the internet. But this is a Flask site including WTForms and I want the image picker to be generated by the wonderful Jinja macro I am using, see also link below, ok, I modified it a bit. With this ...

OWASP Zed Attack Proxy (ZAP) security testing

13 January 2020 0

Peter

post main image Time for joy or crisis: running the OWASP Zed Attack Proxy (ZAP) application to check vulnerabilities of our web application. Developers often know there are weak points in their code, but there always is a date of delivery. So why not use a tool that list the well-known and  important ones? This is my first time using ZAP so if are an expert you best stop reading here. In the links below there ...

Flask, Babel and Javascript language files

6 January 2020 0

Peter

post main image This Flask website is multilanguage. The implementation is described in previous posts. So far all my translations were in the Python code and the HTML templates. On a few places I needed some translations in Javascript and did this by pulling this Javascript code inline in the HTML template. For example, for forms I needed: e.target.setCustomValidity('Please fill out this field.'); I ...

Flask site penetration tests: security headers and the session cookie

27 December 2019 0

Peter

post main image You created a Flask web application, it is running fine and using https. But is it secure enough? Did you do everything to protect your visitors, did you do everything to prevent malicious attacks? A good way to proceed on this is to pentest your site. Penetration testing tools, or pen testing tools, can identifying security weaknesses. They identify vulnerabilities in the web application that can ...

Docker on Debian / Ubuntu not respecting ufw firewall settings exposing ports

9 December 2019 1

Peter

post main image Again another unexpected Docker issue. In a previous post I described why and how you must force Docker to use a subnet, to prevent sudden unexpected changes in the network with consequences like mail no longer working. This post is about Docker not respecting firewall settings, at least when running Debian / Ubuntu and ufw (Uncomplicated Firewall). Docker does not tell you this, and exposes ports, ...

Docker containers suddenly using 192.168.0.0/16 instead of 172.17.0.0/16: services lost

27 November 2019 0

Peter

post main image I have an ISPConfig server with Docker applications. They use the host Postfix mail transfer agent (MTA) to deliver mail to the outside world. Before using the send mail function I have a check if Postfix can be accessed. This works fine. But suddenly mail was not sent. The log file contained error messages like: 2019-11-26 17:31:56,758 ERROR MailMessage - send_mail: self.error_message = sending message, ...

Using Python kwargs (keyword arguments) in Flask url_for() for pagination

24 November 2019 0

Peter

post main image For this website I am using Flask and SQLAlchemy without the Flask-SQLAlchemy extension. I need pagination for several pages. For example the home page holds the list of blogs and it should show a maximum of 12 items per page. It is not that difficult to implement. The home page view function requires a page_number that defaults to 1 if it not specified: @pages_blueprint.route('/', defaults={'page_number': ...

Developing Ubuntu Touch apps with Python using pyOtherSide

18 November 2019 0

Peter

post main image Probably many of you know only two mobile phone operating systems, iOS on Apple phones, and Googles Android on all other phones (some 80%). But there is also Ubuntu Touch (UT) originally developed by Canonical Ltd. and continued by UBports. I write a post about this because I am using UT on a Nexus 5 and wondered how difficult it would be to develop apps for it. When I discovered that you can use Python ...