391 lines
11 KiB
Markdown
391 lines
11 KiB
Markdown
# Flask Project Configuration
|
|
|
|
This file provides specific guidance for Flask web application development using Claude Code.
|
|
|
|
## Project Overview
|
|
|
|
This is a Flask web application project optimized for scalable web development with the Flask micro-framework. The project follows Flask best practices and modern Python development patterns.
|
|
|
|
## Flask-Specific Development Commands
|
|
|
|
### Project Management
|
|
- `flask run` - Start development server
|
|
- `flask run --host=0.0.0.0 --port=5000` - Start server accessible from network
|
|
- `flask shell` - Open Flask shell with application context
|
|
- `python -m flask --help` - Show available Flask commands
|
|
|
|
### Database Management
|
|
- `flask db init` - Initialize database migrations
|
|
- `flask db migrate -m "message"` - Create database migration
|
|
- `flask db upgrade` - Apply database migrations
|
|
- `flask db downgrade` - Rollback database migration
|
|
- `flask db current` - Show current migration
|
|
- `flask db history` - Show migration history
|
|
|
|
### Development Tools
|
|
- `flask routes` - Show all registered routes
|
|
- `flask --version` - Show Flask version
|
|
- `export FLASK_ENV=development` - Set development environment
|
|
- `export FLASK_DEBUG=1` - Enable debug mode
|
|
|
|
### Custom Commands
|
|
- `flask init-db` - Initialize database with tables
|
|
- `flask seed-db` - Seed database with sample data
|
|
- `flask reset-db` - Reset database (development only)
|
|
|
|
## Flask Project Structure
|
|
|
|
```
|
|
myproject/
|
|
├── app/ # Application package
|
|
│ ├── __init__.py # Application factory
|
|
│ ├── extensions.py # Flask extensions
|
|
│ ├── config.py # Configuration settings
|
|
│ ├── models/ # Database models
|
|
│ │ ├── __init__.py
|
|
│ │ ├── base.py # Base model class
|
|
│ │ ├── user.py # User model
|
|
│ │ └── post.py # Post model
|
|
│ ├── blueprints/ # Application blueprints
|
|
│ │ ├── __init__.py
|
|
│ │ ├── main/ # Main blueprint
|
|
│ │ ├── auth/ # Authentication blueprint
|
|
│ │ ├── api/ # API blueprint
|
|
│ │ └── admin/ # Admin blueprint
|
|
│ ├── templates/ # Jinja2 templates
|
|
│ │ ├── base.html
|
|
│ │ ├── index.html
|
|
│ │ └── auth/
|
|
│ ├── static/ # Static files
|
|
│ │ ├── css/
|
|
│ │ ├── js/
|
|
│ │ └── images/
|
|
│ ├── forms/ # WTForms
|
|
│ │ ├── __init__.py
|
|
│ │ ├── auth.py
|
|
│ │ └── user.py
|
|
│ ├── utils/ # Utility functions
|
|
│ └── cli.py # Custom CLI commands
|
|
├── migrations/ # Database migrations
|
|
├── tests/ # Test files
|
|
│ ├── conftest.py
|
|
│ ├── test_models.py
|
|
│ ├── test_views.py
|
|
│ └── test_api.py
|
|
├── requirements/ # Requirements files
|
|
│ ├── base.txt
|
|
│ ├── development.txt
|
|
│ └── production.txt
|
|
├── wsgi.py # WSGI entry point
|
|
├── gunicorn.conf.py # Gunicorn configuration
|
|
└── docker-compose.yml # Docker Compose configuration
|
|
```
|
|
|
|
## Flask Application Factory
|
|
|
|
```python
|
|
# app/__init__.py
|
|
from flask import Flask
|
|
from app.extensions import db, migrate, login_manager, csrf, cache
|
|
from app.config import config
|
|
|
|
def create_app(config_name='default'):
|
|
app = Flask(__name__)
|
|
app.config.from_object(config[config_name])
|
|
|
|
# Initialize extensions
|
|
db.init_app(app)
|
|
migrate.init_app(app, db)
|
|
login_manager.init_app(app)
|
|
csrf.init_app(app)
|
|
cache.init_app(app)
|
|
|
|
# Register blueprints
|
|
from app.blueprints.main import main_bp
|
|
from app.blueprints.auth import auth_bp
|
|
from app.blueprints.api import api_bp
|
|
|
|
app.register_blueprint(main_bp)
|
|
app.register_blueprint(auth_bp, url_prefix='/auth')
|
|
app.register_blueprint(api_bp, url_prefix='/api/v1')
|
|
|
|
# Register CLI commands
|
|
from app.cli import init_commands
|
|
init_commands(app)
|
|
|
|
return app
|
|
```
|
|
|
|
## Configuration Management
|
|
|
|
```python
|
|
# app/config.py
|
|
import os
|
|
from datetime import timedelta
|
|
|
|
class Config:
|
|
SECRET_KEY = os.environ.get('SECRET_KEY') or 'dev-secret-key'
|
|
SQLALCHEMY_TRACK_MODIFICATIONS = False
|
|
SQLALCHEMY_RECORD_QUERIES = True
|
|
|
|
# Session configuration
|
|
PERMANENT_SESSION_LIFETIME = timedelta(hours=1)
|
|
SESSION_COOKIE_SECURE = True
|
|
SESSION_COOKIE_HTTPONLY = True
|
|
SESSION_COOKIE_SAMESITE = 'Lax'
|
|
|
|
# File upload
|
|
MAX_CONTENT_LENGTH = 16 * 1024 * 1024 # 16MB
|
|
UPLOAD_FOLDER = os.path.join(os.getcwd(), 'uploads')
|
|
|
|
# Cache
|
|
CACHE_TYPE = 'simple'
|
|
CACHE_DEFAULT_TIMEOUT = 300
|
|
|
|
class DevelopmentConfig(Config):
|
|
DEBUG = True
|
|
SQLALCHEMY_DATABASE_URI = os.environ.get('DEV_DATABASE_URL') or \
|
|
'sqlite:///dev.db'
|
|
SESSION_COOKIE_SECURE = False
|
|
|
|
class ProductionConfig(Config):
|
|
DEBUG = False
|
|
SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL')
|
|
|
|
# Security headers
|
|
SECURITY_HEADERS = {
|
|
'Strict-Transport-Security': 'max-age=31536000; includeSubDomains',
|
|
'X-Content-Type-Options': 'nosniff',
|
|
'X-Frame-Options': 'DENY',
|
|
'X-XSS-Protection': '1; mode=block'
|
|
}
|
|
|
|
class TestingConfig(Config):
|
|
TESTING = True
|
|
SQLALCHEMY_DATABASE_URI = 'sqlite:///:memory:'
|
|
WTF_CSRF_ENABLED = False
|
|
|
|
config = {
|
|
'development': DevelopmentConfig,
|
|
'production': ProductionConfig,
|
|
'testing': TestingConfig,
|
|
'default': DevelopmentConfig
|
|
}
|
|
```
|
|
|
|
## Flask Best Practices
|
|
|
|
### Application Structure
|
|
- Use application factory pattern for configuration flexibility
|
|
- Organize code into blueprints for modularity
|
|
- Separate models, views, and forms into different modules
|
|
- Use extensions.py to initialize Flask extensions
|
|
- Implement proper error handling and logging
|
|
|
|
### Database Models
|
|
- Use SQLAlchemy ORM for database operations
|
|
- Implement base model with common functionality
|
|
- Add proper relationships between models
|
|
- Use database migrations for schema changes
|
|
- Implement model validation and constraints
|
|
|
|
### Blueprint Organization
|
|
- Group related functionality into blueprints
|
|
- Use URL prefixes for namespacing
|
|
- Implement blueprint-specific templates
|
|
- Add proper error handlers for each blueprint
|
|
- Use blueprint factories for complex blueprints
|
|
|
|
### Template Management
|
|
- Use template inheritance for consistent layout
|
|
- Create reusable template macros
|
|
- Implement proper CSRF protection in forms
|
|
- Use Flask-WTF for form handling and validation
|
|
- Organize templates by blueprint
|
|
|
|
### Security Considerations
|
|
- Always validate and sanitize user input
|
|
- Use Flask-Login for user session management
|
|
- Implement proper authentication and authorization
|
|
- Use CSRF protection for all forms
|
|
- Set secure session cookie configuration
|
|
- Implement rate limiting for API endpoints
|
|
|
|
## Flask Extensions
|
|
|
|
### Essential Extensions
|
|
```python
|
|
# app/extensions.py
|
|
from flask_sqlalchemy import SQLAlchemy
|
|
from flask_migrate import Migrate
|
|
from flask_login import LoginManager
|
|
from flask_wtf.csrf import CSRFProtect
|
|
from flask_caching import Cache
|
|
from flask_limiter import Limiter
|
|
from flask_limiter.util import get_remote_address
|
|
|
|
db = SQLAlchemy()
|
|
migrate = Migrate()
|
|
login_manager = LoginManager()
|
|
csrf = CSRFProtect()
|
|
cache = Cache()
|
|
limiter = Limiter(key_func=get_remote_address)
|
|
```
|
|
|
|
### Recommended Extensions
|
|
- **Flask-SQLAlchemy** - Database ORM
|
|
- **Flask-Migrate** - Database migrations
|
|
- **Flask-Login** - User session management
|
|
- **Flask-WTF** - Form handling and CSRF protection
|
|
- **Flask-Caching** - Caching support
|
|
- **Flask-Limiter** - Rate limiting
|
|
- **Flask-Mail** - Email support
|
|
- **Flask-Admin** - Admin interface
|
|
|
|
## Testing Strategy
|
|
|
|
### Test Organization
|
|
```python
|
|
# tests/conftest.py
|
|
import pytest
|
|
from app import create_app
|
|
from app.extensions import db
|
|
|
|
@pytest.fixture(scope='session')
|
|
def app():
|
|
app = create_app('testing')
|
|
with app.app_context():
|
|
db.create_all()
|
|
yield app
|
|
db.drop_all()
|
|
|
|
@pytest.fixture
|
|
def client(app):
|
|
return app.test_client()
|
|
|
|
@pytest.fixture
|
|
def runner(app):
|
|
return app.test_cli_runner()
|
|
```
|
|
|
|
### Test Types
|
|
- **Unit tests** for models and utilities
|
|
- **Integration tests** for views and API endpoints
|
|
- **Functional tests** for user workflows
|
|
- **Performance tests** for critical paths
|
|
|
|
### Testing Best Practices
|
|
- Use fixtures for common test data
|
|
- Test both success and error conditions
|
|
- Mock external dependencies
|
|
- Use factory_boy for test data generation
|
|
- Implement database transaction rollback in tests
|
|
|
|
## Performance Optimization
|
|
|
|
### Database Optimization
|
|
- Use connection pooling for production
|
|
- Implement query optimization with indexes
|
|
- Use lazy loading for relationships
|
|
- Cache frequently accessed data
|
|
- Monitor database query performance
|
|
|
|
### Caching Strategy
|
|
- Implement Redis for session storage
|
|
- Use view-level caching for static content
|
|
- Cache database query results
|
|
- Implement cache invalidation strategies
|
|
- Use CDN for static files
|
|
|
|
### Application Optimization
|
|
- Use Gunicorn with multiple workers
|
|
- Implement proper logging and monitoring
|
|
- Optimize static file serving
|
|
- Use async tasks for long-running operations
|
|
- Implement proper error handling
|
|
|
|
## Deployment Considerations
|
|
|
|
### Production Setup
|
|
- Use environment variables for configuration
|
|
- Implement proper logging and monitoring
|
|
- Set up database connection pooling
|
|
- Configure reverse proxy (Nginx)
|
|
- Use HTTPS with proper SSL certificates
|
|
|
|
### Docker Configuration
|
|
```dockerfile
|
|
FROM python:3.11-slim
|
|
WORKDIR /app
|
|
COPY requirements/production.txt requirements.txt
|
|
RUN pip install -r requirements.txt
|
|
COPY . .
|
|
EXPOSE 5000
|
|
CMD ["gunicorn", "--config", "gunicorn.conf.py", "wsgi:app"]
|
|
```
|
|
|
|
### Environment Variables
|
|
```bash
|
|
FLASK_ENV=production
|
|
SECRET_KEY=your-secret-key
|
|
DATABASE_URL=postgresql://user:pass@host:port/db
|
|
REDIS_URL=redis://host:port/db
|
|
```
|
|
|
|
## Common Flask Patterns
|
|
|
|
### Custom Decorators
|
|
```python
|
|
from functools import wraps
|
|
from flask import abort
|
|
from flask_login import current_user
|
|
|
|
def admin_required(f):
|
|
@wraps(f)
|
|
def decorated_function(*args, **kwargs):
|
|
if not current_user.is_admin:
|
|
abort(403)
|
|
return f(*args, **kwargs)
|
|
return decorated_function
|
|
```
|
|
|
|
### Request Context Processors
|
|
```python
|
|
@app.context_processor
|
|
def inject_user():
|
|
return dict(current_user=current_user)
|
|
```
|
|
|
|
### Custom Filters
|
|
```python
|
|
@app.template_filter('datetime')
|
|
def datetime_filter(value, format='%Y-%m-%d %H:%M'):
|
|
return value.strftime(format) if value else ''
|
|
```
|
|
|
|
## Development Workflow
|
|
|
|
### Getting Started
|
|
1. Clone the repository
|
|
2. Create virtual environment: `python -m venv venv`
|
|
3. Activate environment: `source venv/bin/activate`
|
|
4. Install dependencies: `pip install -r requirements/development.txt`
|
|
5. Set environment variables
|
|
6. Initialize database: `flask db upgrade`
|
|
7. Run development server: `flask run`
|
|
|
|
### Development Process
|
|
1. Create feature branch from main
|
|
2. Implement changes with tests
|
|
3. Run test suite: `pytest`
|
|
4. Check code quality: `flake8`, `black`
|
|
5. Create pull request for review
|
|
6. Deploy after approval
|
|
|
|
### Code Quality Tools
|
|
- **Black** - Code formatting
|
|
- **isort** - Import sorting
|
|
- **flake8** - Linting
|
|
- **mypy** - Type checking
|
|
- **pytest** - Testing framework
|
|
- **coverage** - Test coverage |