Create a Flask public url decorator

Question

I'd like to create a decorator for Flask routes to flag certain routes as public, so I can do things like this:

@public
@app.route('/welcome')
def welcome():
    return render_template('/welcome.html')

Elsewhere, here's what I was thinking the decorator and check would look like:

_public_urls = set()

def public(route_function):
    # add route_function's url to _public_urls
    # _public_urls.add(route_function ...?.url_rule)
    def decorator(f):
        return f

def requested_url_is_public():
    from flask import request
    return request.url_rule in _public_urls

Then when a request is made, I have a context function that checks requested_url_is_public.

I'm a bit stumped because I don't know how to get the url rule for a given function in the public decorator.

Perhaps this isn't the best design choice for Flask, but I'd expect there's another simple & elegant way to achieve this.

I've seen this patterns like this before, and would like to mimic it. For example, this is something of a counterpart to Django's login_required decorator.

I'd enjoy reading thoughts on this.

Answer 1

Flask already has a login_required decorator (see view decorators). If you are using public_urls to decide which urls to require authentication for, you are most likely better off using that.

Answer 2

I ended up doing something like this:

def public(endpoint):
    """A decorator for endpoints that flags them as publicly accessible

    The endpoint is the Flask endpoint function. This is later tested by the
    _is_public function, which is called before every request.

    Note that @public must come AFTER route.add i.e.
    @app.route('...')
    @public
    def handler(): ...
    """
    @wraps(endpoint)
    def public_endpoint(*args, **kwargs):
        return endpoint(*args, **kwargs)
    public_endpoint._is_public = True
    return public_endpoint

and

def _is_public(endpoint):
    """Return true if the given endpoint function is public

    Tests whether the @public decorator has been applied to the url.
    """
    return getattr(endpoint, '_is_public', False) is True


@blueprint.before_app_request  # or @app.before_request
def security_check():
    """Check all incoming requests for a current user.
    """  
    if current_user.is_logged_in:  # need current_user test elsewhere
        # we don't need to check if we have a public url if the user is
        # logged in
        return

    try:
        if _is_public(current_app.view_functions[request.endpoint]):
            # we just go perform the endpoint function if it is public
            return
    except KeyError:
        # There is no endpoint matching the request
        abort(404)

    # user is not logged in and it's not a public url
    logging.info("No current user and %s is not public" % request.path[1:])

    # send the user to the welcome page
    return redirect(url_for("some_public_page"))