I'm new to Flask and I'm creating a website with the following functionality: I want to retrieve the user location and store it in a database in order to build some analytics about the website audience (and eventually, also include some degree of personalisation according to the user location).
In order to do so I'm using an external API (https://ipinfo.io) and my goal would be to send a GET request to this API, with the user IP address every time somebody logs in my website.
My current approach is this:
def get_my_ip():
# Get user id
ip_address = request.remote_addr
# Retrieve user location data
location_details = get_ip_location_details(ip_address="80.57.40.203", access_token=ACCESS_TOKEN)
# Store data in the database
webview = WebsiteView(**location_details)
db.session.add(webview)
db.session.commit()
And I'm passing this function to all my routes along with their function for rendering the templates.
# Home route
#app.route("/")
def home():
get_my_ip()
return render_template('home.html')
This actually works but sometimes the website sends multiple requests to the external API when somebody logs in or refresh the page (even though the user interaction with the website is the same and all the requests are successful)
I would like to store this information only once every time somebody logs in the website and in order to do so the only idea I got is putting some constraints in the database to not keep track of the same user in multiple records, but what I would also like to do is sending the least amount of requests to the Ipinfo API.
Is this something possible to tell the website to wait for the response of request before sending new ones?
Related
I'm trying to run a query on bigquery in a Django project and get results. While working successfully in localhost, it does not redirect to the verification link at all when I take it to the live server.
I think I need to change the redirect_uri value as I read it. I added this in Da appflow variable but the url doesn't change. I am using the same query below with the example query in google's document, I am submitting my own query because it contains private information, but it is exactly the same query.
I have added to Authorized redirect URIs, and I put the api in production mode.;
The resulting redirect url is output as localhost in this way;
https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=123-nml31ekr2n0didomei5.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2F&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fbigquery&state=XF1WdtCoR4HaICwzSKk9A1giBrSzBv&access_type=offline
def query_stackoverflow():
launch_browser = True
project = 'xx-prod'
appflow = flow.InstalledAppFlow.from_client_secrets_file("static/client_secret_518684-nmpoqtgo5flvcgnl31ekr2ni5.apps.googleusercontent.com.json", scopes=["https://www.googleapis.com/auth/bigquery"], redirect_uri=["https://xx.com/"])
if launch_browser:
appflow.run_local_server()
else:
appflow.run_console()
credentials = appflow.credentials
client = bigquery.Client(project=project, credentials=credentials)
client = bigquery.Client()
query_job = client.query(
"""
SELECT
CONCAT(
'https://stackoverflow.com/questions/',
CAST(id as STRING)) as url,
view_count
FROM `bigquery-public-data.stackoverflow.posts_questions`
WHERE tags like '%google-bigquery%'
ORDER BY view_count DESC
LIMIT 10"""
)
results = query_job.result() # Waits for job to complete.
for row in results:
print("{} : {} views".format(row.url, row.view_count))
On live server google return auth url like this;
Please visit this URL to authorize this application: https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=51864584-nmpoqtgo5flvcgnln0didomei5.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2F&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fbigquery&state=W2uMZwzaYMEpFzExodRCf2wA4&access_type=offline
The first problem is that it does not automatically redirect to the link as in localhost, the second problem is that when I open this link manually, the link cannot be reached after mail verification.
From what i can see your code is using installed app flow. This means that the consent screen is going to open up on the machine its running on. If you have this running on a server, are you logging into the server and running it or are you in fact creating a web application?
flow.InstalledAppFlow
web app
If you are making a web application then you should be following this sample.
API access on behalf of your clients (web flow)
You will need to convert it to work with big query.
import google.oauth2.credentials
import google_auth_oauthlib.flow
# Initialize the flow using the client ID and secret downloaded earlier.
# Note: You can use the GetAPIScope helper function to retrieve the
# appropriate scope for AdWords or Ad Manager.
flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
'client_secret.json',
scope=[oauth2.GetAPIScope('adwords')])
# Indicate where the API server will redirect the user after the user completes
# the authorization flow. The redirect URI is required.
flow.redirect_uri = 'https://www.example.com/oauth2callback'
The code for a web application is slightly different then that of an installed application.
So I'm working on a django project, and one of the objectives is to allow a separate python script to make a HTTP request (using Requests library) to get json data after being authenticated. This works fine, the problem is that if I directly go the url the request.get object uses, I can see all of the data (without any user authentication being involved). This makes my authentication process pointless, as the data is easily visible by simply going to the url. So how would I hide the data on the web side from being viewed, but still allow a GET request to pull the data to my script?
On a side note, I already have a authentication system for the web interface portion of my project (which displays the data). I've tried putting it behind that but to no success.
import json, requests, _mysql
login_attempt = requests.post('http://127.0.0.1:8000/m_app/data_login/',
{'username': 'test', 'password': 'password1234'})
if login_attempt.content.decode('UTF-8') == 'Successful':
print('Logged in.')
else:
print('Not logged in.')
cookies = dict(sessionid=login_attempt.cookies.get('sessionid'))
data = requests.get('http://127.0.0.1:8000/m_app/load/data', #if I type this URL in, I see the data
cookies=cookies)
print(data.content) #prints desired data
By default all your views in django are public, but it's easy to make them protected by checking request.user or using a login_required decorator.
I am working on a project in which i am working on a signup/login module. I have implemented the sessions in webapp2 python successfully. Now i want to implement the remember me feature on login. I am unable to find anything which can help me. I do know that i have to set the age of session. But i do not know how. Here is my session code.
def dispatch(self):
# Get a session store for this request.
self.session_store = sessions.get_store(request=self.request)
try:
# Dispatch the request.
webapp2.RequestHandler.dispatch(self)
finally:
# Save all sessions.
self.session_store.save_sessions(self.response)
#webapp2.cached_property
def session(self):
# Returns a session using the default cookie key.
return self.session_store.get_session()
Config:
config = {}
config['webapp2_extras.sessions'] = {
'secret_key': 'my-super-secret-key',
}
Kindly help me.
First in case you don't know the difference between sessions and cookies
What is a Cookie? A cookie is a small piece of text stored on a
user's computer by their browser. Common uses for cookies are
authentication, storing of site preferences, shopping cart items, and
server session identification.
Each time the users' web browser interacts with a web server it will
pass the cookie information to the web server. Only the cookies stored
by the browser that relate to the domain in the requested URL will be
sent to the server. This means that cookies that relate to
www.example.com will not be sent to www.exampledomain.com.
In essence, a cookie is a great way of linking one page to the next
for a user's interaction with a web site or web application.
.
What is a Session? A session can be defined as a server-side storage of
information that is desired to persist throughout the user's
interaction with the web site or web application.
Instead of storing large and constantly changing information via
cookies in the user's browser, only a unique identifier is stored on
the client side (called a "session id"). This session id is passed to
the web server every time the browser makes an HTTP request (ie a page
link or AJAX request). The web application pairs this session id with
it's internal database and retrieves the stored variables for use by
the requested page.
If you want to implement something like "remember me" you should use cookies because data stored in session isn't persistent.
For setting and getting cookies in webapp2:
response.headers.add_header('Set-Cookie', 'remember_me=%s' % some_hash)
request.cookies.get('remember_me', '')
I strongly recommend you to read this article that has explained this stuff thoroughly.
I have a console application that should get a list of people who liked my page.
As far as I understood I should run something like
QUERY = 'SELECT user_id FROM like WHERE object_id=__MY_PAGE_ID__'
url = "https://graph.facebook.com/fql?q=" + QUERY
data = requests.get(url)
but iI need to use some access token, and I don't understand what kind of. I have log and pass for user with administrative rights on this PAGE. But thay said that I can't get user token without interacting with web browser.
So I need to use app? Should I create it before somehow? How can you allow this app to get admin account on the page?
Thanks
I am trying make a post on my apps page wall as if it is coming from the app page (not another user) After researching I seem to find no solution that actually works!
I have tried to follow the documentation here:
I then get my 'access_token_page' by getting it from:
https://graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=CLIENT_SECRET&grant_type=client_credentials
Then using the facebook python api I try:
graph1 = facebook.GraphAPI(access_token_page)
graph1.put_wall_post(fbmessage, attachment, profile_id=APP_PAGE_ID)
However this just returns the following facebook error:
*** GraphAPIError: (#200) The user hasn't authorized the application to perform this action
Any ideas on what I am missing? Remember, I am looking to have the App Page make a post to itself, not have a post be generated from another username.
Thank you!
What you had done is using App Access Token to publish to page.
You should using Page Access Token to post on page admin behalf instead. User Access Token is works too but it's a bug as reported at https://developers.facebook.com/bugs/647340981958249, so it's not recommended to use User Access Token by this time of writing.
As documented at https://developers.facebook.com/docs/reference/api/page/#page_access_tokens:
Page Access Tokens
To perform the following operations as a Page, and not the current
user, you must use the Page's access token, not the user access token
commonly used for reading Graph API objects. This access token can be
retrieved by issuing an HTTP GET to /USER_ID/accounts with the
manage_pages permission.
More info about different type of access token please visit https://developers.facebook.com/docs/facebook-login/access-tokens/
Try Django Facebook:
https://github.com/tschellenbach/Django-facebook
This will deal with many of your API problems.
You need the page access token, see here:
https://developers.facebook.com/docs/facebook-login/access-tokens/
Ask for manage_pages as an extra permission
After getting that setup, simply do:
user_graph = OpenFacebook(user_access_token)
response = user_graph.get('me/accounts')
# turn the response to a dict, and be sure to get the page you want
page_access_token = response['data'][0]['access_token']
graph = OpenFacebook(page_access_token)
graph.set('me/feed', message='helloworld')
You can find more docs here:
http://django-facebook.readthedocs.org/en/latest/open_facebook/api.html