request object provides information on the request that was made to the route. To utilize this object, it must be imported from the flask module:
from flask import request
In previous examples
request.form were used, however we can also use the
request.args property to retrieve a dictionary of the keys/values in the URL parameters.
@app.route("/api/users/<username>") def user_api(username): try: token = request.args.get("key") if key == "pA55w0Rd": if isUser(username): # The code of this method is irrelevant joined = joinDate(username) # The code of this method is irrelevant return "User " + username + " joined on " + joined else: return "User not found" else: return "Incorrect key" # If there is no key parameter except KeyError: return "No key provided"
To correctly authenticate in this context, the following URL would be needed (replacing the username with any username:
If a file upload was part of the submitted form in a POST request, the files can be handled using the
@app.route("/upload", methods=["POST"]) def upload_file(): f = request.files["wordlist-upload"] f.save("/var/www/uploads/" + f.filename) # Store with the original filename
The request may also include cookies in a dictionary similar to the URL parameters.
@app.route("/home") def home(): try: username = request.cookies.get("username") return "Your stored username is " + username except KeyError: return "No username cookies was found")