In the before_request()
function (below), I want to redirect the user to /login
if they are not yet logged in. Is there a special variable that will give me the current URL that will work as the below example does?
@app.before_request
def before_request():
# the variable current_url does not exist
# but i want something that works like it
if (not 'logged_in' in session) and (current_url != '/login'):
return redirect(url_for('login'))
I need to check that the current URL is /login
, because if I don't the server goes into an infinite loop.
There are a couple of properties on the request object you can check, documented here, request.path
is probably what you want. Can I suggest request.endpoint
though, so you'll be covered should you decide to route your view to another url, or multiple urls
@app.before_request
def before_request():
if 'logged_in' not in session and request.endpoint != 'login':
return redirect(url_for('login'))
You can use a decorator. Here's an example that shows how to check an API key before specific requests:
from functools import wraps
def require_api_key(api_method):
@wraps(api_method)
def check_api_key(*args, **kwargs):
apikey = request.headers.get('ApiKey')
if apikey and apikey == SECRET_KEY:
return api_method(*args, **kwargs)
else:
abort(401)
return check_api_key
And you can use it with:
@require_api_key
Here's an implementation of the accepted answer with flask-login:
@app.before_request
def require_authorization():
from flask import request
from flask.ext.login import current_user
if not (current_user.is_authenticated or request.endpoint == 'login'):
return login_manager.unauthorized()