I built a website following https://dev.to/hackersandslackers/integrate-plotly-dash-into-your-flask-app-5gbo which basically embeds dashboards into flask so you have access to all the flask goodies.
Problem is that now, when I try to pwd protect the website, I can still go to the other pages (i.e the first one is not a stop).
My example website structure is
/plotlydash-flask-tutorial
├── /application
│ ├── __init__.py
│ ├── routes.py
│ ├── /static
│ ├── /templates
└── index.html
│ └── /plotlydash
│ └── page1.py
└── page2.py
└── home.py
├── /data
├── README.md
├── config.py
└── wsgi.py
While my routes.py looks like this
from flask import Flask, render_template, redirect, request, url_for
import flask_login as flask_login
from flask_login import LoginManager, UserMixin
from flask import current_app as app
login_manager = LoginManager()
login_manager.init_app(app)
users = {'rev':{'pw':'rev12345'}}
class User(UserMixin):
pass
@login_manager.user_loader
def user_loader(username):
if username not in users:
return
user = User()
user.id = username
return user
@login_manager.request_loader
def request_loader(request):
username = request.form.get('username')
if username not in users:
return
user = User()
user.id = username
user.is_authenticated = request.form['pw'] == users[username]['pw']
return user
@app.route('/', methods=['GET', 'POST'])
def index():
if request.method == 'POST':
username = request.form.get('username')
if request.form.get('pw') == users[username]['pw']:
user = User()
user.id = username
flask_login.login_user(user)
return redirect("/home")
return render_template('index.html')
While this work to prevent access to '/' when I go to '/page1' or '/home' it does allow access without authentication. What am I missing? Is it because the Dash apps are started in parallel to the main Flask instance?
CodePudding user response:
Solved using a function from here. Great resource! https://github.com/jimmybow/Flask_template_auth_with_Dash/blob/master/Dashboard/Dash_App1.py
CodePudding user response:
Each app.route function needs its own @flask_login.login_required
decorator to prevent a non-authorized user from accessing it.
It also looks like your /home
route redirects to itself in a loop, without ever returning a rendered template.