1

I've read about blueprints in Flask but I think my app is too small to use it yet. However I would like to keep my code clear. Since my app has a user login I would like to keep several functions protected. Now I'm wondering if the following code is as safe as putting all the code into a route or is that not proper coding?

import scriptwithseveralfunctions.py

@app.route('/functionone')
@login_required
def do_something():
  scriptwithseveralfunctions.myfunction()
jz22
  • 2,328
  • 5
  • 31
  • 50
  • You probably want to add further route protections (only particular logged in users, e.g. admins / staff) – shad0w_wa1k3r Jul 27 '17 at 07:46
  • I will do that in a later step. I'm just wondering if executing functions like that is safe. I don't want unlogged in users to somehow be able to execute myfunction(). – jz22 Jul 27 '17 at 07:49
  • For things like this, it is as safe as you make it. But, instead of that, why not go with cron jobs that execute management commands on the backend? What's the purpose that you are fulfilling by having such a route? – shad0w_wa1k3r Jul 27 '17 at 07:53
  • My actual app is much more complex. I just wanted to show a basic example to find out if it makes a difference to put the code in another script in terms of protection. I don't want people to be able to execute this code by bypassing the login. – jz22 Jul 27 '17 at 07:57
  • There are some (not 0 or many) cases where this is done. e.g. https://stackoverflow.com/questions/20359810/how-to-trigger-jenkins-builds-remotely-and-to-pass-parameters. If you have a good authentication for it, as well as accidental trigger handling (hit url twice within seconds?), then you should ideally be good. – shad0w_wa1k3r Jul 27 '17 at 08:01
  • You could probably mark the answer here as accepted – Wayne Werner Oct 05 '17 at 13:03

1 Answers1

1

Yes, it's definitely safe. Only functions with @app.route wrapper will be exposed to the user.

Shang
  • 85
  • 7