Hide Flask-Admin behind simple HTTP auth
This example is about Flask-Admin, which is a library that adds a smart automatic CRUD panel according to your data models (typically SQLAlchemy models).
If you have a simple website or want to separate your normal user authentication system from the admin login, or just want a quick temporary solution for securing your admin panel, here is how you can do it using simple HTTP authentication:
1 2 3 4 5 6 7 8 9 10 11 12 13 | from flask import request, Response from werkzeug.exceptions import HTTPException import flask_admin.contrib.sqla class ModelView(flask_admin.contrib.sqla.ModelView): def is_accessible(self): auth = request.authorization or request.environ.get('REMOTE_USER') # workaround for Apache if not auth or (auth.username, auth.password) != app.config['ADMIN_CREDENTIALS']: raise HTTPException('', Response( "Please log in.", 401, {'WWW-Authenticate': 'Basic realm="Login Required"'} )) return True |
Then just use this class or subclass it as normal.
This code, of course, refers to the app configuration. You need something like:
app.config['ADMIN_CREDENTIALS'] = ('admin', 'pa$$word')
|
Created (last updated )
Comments powered by Disqus