Functions
_is_api_request
1
bool
▼
Detect whether the request is from an API client (not a browser).
Heuristic:
-…
_is_api_request
1
bool
▼
def _is_api_request(request: Any) -> bool
Detect whether the request is from an API client (not a browser).
Heuristic:
- Has
Authorizationheader → API client Acceptprefers JSON over HTML → API client- Otherwise → browser
Parameters
| Name | Type | Description |
|---|---|---|
request |
Any |
Returns
bool
login_required
1
Callable
▼
Require an authenticated user to access this route.
Browser requests are redir…
login_required
1
Callable
▼
def login_required(handler: Callable) -> Callable
Require an authenticated user to access this route.
Browser requests are redirected to the login URL (fromAuthConfig).
API requests receive a 401 response.
Usage::
@app.route("/dashboard")
@login_required
def dashboard():
return Template("dashboard.html")
Parameters
| Name | Type | Description |
|---|---|---|
handler |
Callable |
Returns
Callable
requires
1
Callable
▼
Require specific permissions to access this route.
Returns 401 if not authenti…
requires
1
Callable
▼
def requires(*permissions: str) -> Callable
Require specific permissions to access this route.
Returns 401 if not authenticated, 403 if missing permissions.
Usage::
@app.route("/admin")
@requires("admin")
def admin_panel():
return Template("admin.html")
@app.route("/edit")
@requires("editor", "moderator") # needs ALL listed permissions
def edit_post():
return Template("edit.html")
Parameters
| Name | Type | Description |
|---|---|---|
*permissions |
str |
Returns
Callable