search

therealadityashankar / flask-value-checker

easy form or query parameter checking with flask
MIT License
1 stars 1 forks source link

Update value_checker #1

Closed cbcoutinho closed 4 years ago

cbcoutinho commented 4 years ago

It was previously not possible to have query parameters checked when POSTing form-data, because you can't POST both data and form input.

This PR makes it possible to continue validating query parameters along requests that include with form-data

therealadityashankar commented 4 years ago

Wow, thanks !

I like the Ideas posted here, i.e. checking both query parameters and form parameters is great,

here's what I think would be a better idea, checking only - either the form - or args, and writing separate decorators for both

i.e. something like

from flask_value_checker import Invigilator
from flask import Flask, request

app = Flask(__name__)
invigilator = Invigilator()

@app.route('/abc', methods=['POST'])
@invigilator.check(
   'POST form-only',
   '''
   username : str/lenlim(5, 15)
   password : str/lenlim(8, inf)
   stayLoggedIn : str/accept(['on'])/optional
   '''
)
def abc():
    stay_logged_in = request.form.get('stayLoggedIn', 'off')
    return f'hi {request.form['username']}, stay logged in: {stay_logged_in}'

app.run()

and for arguments

@app.route('/abc', methods=['POST'])
@invigilator.check(
   'POST args-only',
   '''
   username : str/lenlim(5, 15)
   password : str/lenlim(8, inf)
   stayLoggedIn : str/accept(['on'])/optional
   '''
)
def abc():
    stay_logged_in = request.form.get('stayLoggedIn', 'off')
    return f'hi {request.form['username']}, stay logged in: {stay_logged_in}'

app.run()

and for both

@app.route('/abc', methods=['POST'])
@invigilator.check(
   'POST args-or-form',
   '''
   username : str/lenlim(5, 15)
   password : str/lenlim(8, inf)
   stayLoggedIn : str/accept(['on'])/optional
   '''
)
def abc():
    stay_logged_in = request.form.get('stayLoggedIn', 'off')
    return f'hi {request.form['username']}, stay logged in: {stay_logged_in}'

app.run()

moreover

@app.route('/abc', methods=['POST'])
@invigilator.check(
   'POST form-only',

I think should be synonymous with

@app.route('/abc', methods=['POST'])
@invigilator.check(
   'POST',

since that's most probably the use-case

the second thing is that flask-value-check does not support files-yet, so that'd be a separate issue

do you think this can be made any better ?

therealadityashankar commented 4 years ago

add further comments in the referenced issues