- Use the session object to persist data across multiple requests.
- Identity and Access Management (IAM): a subfield of software engineering that focuses on users, their attributes, their login information, and the resources that they are allowed to access.
- Authentication: proving one's identity to an application in order to access protected information; logging in.
- Authorization: allowing or disallowing access to resources based on a user's attributes.
- Session: the time between a user logging in and logging out of a web application.
- Cookie: data from a web application that is stored by the browser. The application can retrieve this data during subsequent sessions.
In this lab, you'll be building out a blog paywall feature by using the session hash to keep track of how many page views a user has made.
There is some starter code in place for a Flask API backend and a React frontend. To get set up, run:
$ pipenv install && pipenv shell
$ npm install --prefix client
$ cd server
$ flask db upgrade
$ python seed.py
You can work on this lab by running the tests with pytest -x
. It will also be
helpful to see what's happening during the request/response cycle by running the
app in the browser. You can run the Flask server with:
$ python app.py
And you can run React from the root directory in another terminal with:
$ npm start --prefix client
You don't have to make any changes to the React code to get this lab working.
Our app will keep track of how many blog posts a user has viewed by using the
session
object. Each user can view a maximum of three articles before
seeing the paywall.
When a user makes a GET
request to /articles/<int:id>
, the following should
happen:
- If this is the first request this user has made, set
session['page_views']
to an initial value of 0.- Hint: consider using a ternary operator to set this initial value!
- For every request to
/articles/<int:id>
, increment the value ofsession['page_views']
by 1. - If the user has viewed 3 or fewer pages, render a JSON response with the article data.
- If the user has viewed more than 3 pages, render a JSON response including an
error message
{'message': 'Maximum pageview limit reached'}
, and a status code of 401 unauthorized. - An API endpoint at
/clear
is available to clear your session as needed.