Skip to main content

A Flask extension to limit access to your routes by using allowed hosts.

Project description

Flask Allowed Hosts

Flask Allowed Hosts is a Flask extension that provides host validation for API endpoints. It allows you to enforce that requests are only accepted from specific hosts, providing an additional layer of security for your Flask application.

Installation

Install the package using pip:

pip install flask-allowed-hosts

Getting Started

To limit access to your routes using flask-allowed-hosts:

from flask import Flask, request, jsonify
from flask_allowed_hosts import AllowedHosts

ALLOWED_HOSTS = ["123.123.123.123", "321.321.321.321"]


# Returns a json response if the request IP is not in the allowed hosts
def on_denied():
  error = {"error": "Oops! looks like you are not allowed to access this page!"}
  return jsonify(error), 403


app = Flask(__name__)
allowed_hosts = AllowedHosts(app, allowed_hosts=ALLOWED_HOSTS, on_denied=on_denied)


@app.route("/", methods=["GET"])
def home_page():
  return "Hello World!"


@app.route("/api/greet", methods=["GET"])
@allowed_hosts.limit()
def greet_endpoint():
  name = request.args.get("name", "Friend")
  greeting = {"greeting": f"Hello There {name}!"}
  return jsonify(greeting), 200


@app.route("/api/greet/override", methods=["GET"])
@allowed_hosts.limit(allowed_hosts=["127.0.0.1", "localhost"])
def greet_override_endpoint():
  name = request.args.get("name", "Friend")
  greeting = {"greeting override": f"Hello There {name}!"}
  return jsonify(greeting), 200


if __name__ == '__main__':
  app.run(host='0.0.0.0', port=5000, debug=True)

Now only the allowed hosts set in ALLOWED_HOSTS can access the protected endpoint(s). Requests from other hosts will receive a 403 Forbidden error.

You can check out more examples in the examples directory.

Arguments

  • allowed_hosts: [List[str], str] : Modify this list to include the allowed hosts. The default value is an empty list [], which means requests from all hosts are allowed.

  • on_denied: Callable: Modify this function to customize the behavior when a request is denied. The default is None, which means a 403 Forbidden error is returned.

Contributing

Contributions are welcome! If you have any suggestions, bug reports, or feature requests, please open an issue or submit a pull request.

License

This project is licensed under the [MIT] License - see the LICENSE.md file for details.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

flask_allowed_hosts-1.0.3.tar.gz (4.4 kB view details)

Uploaded Source

Built Distribution

flask_allowed_hosts-1.0.3-py3-none-any.whl (4.9 kB view details)

Uploaded Python 3

File details

Details for the file flask_allowed_hosts-1.0.3.tar.gz.

File metadata

  • Download URL: flask_allowed_hosts-1.0.3.tar.gz
  • Upload date:
  • Size: 4.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.0.0 CPython/3.12.2

File hashes

Hashes for flask_allowed_hosts-1.0.3.tar.gz
Algorithm Hash digest
SHA256 71043cedb6f52cd620271a23cd3ddc98f5da6bcda7758ce9bd154f5688707c91
MD5 3bdb288778041222b6dc877296f6c7eb
BLAKE2b-256 f2441c197982d951930a36dfa07ae716b804dfbf5f615805dbac967431110b8f

See more details on using hashes here.

File details

Details for the file flask_allowed_hosts-1.0.3-py3-none-any.whl.

File metadata

File hashes

Hashes for flask_allowed_hosts-1.0.3-py3-none-any.whl
Algorithm Hash digest
SHA256 b56fc6e53a6b56abfbc3254b7ed8e3fc80b1ad819d1bacc4fcf079a6b1489e09
MD5 dbb0cbb896e69e8e52148b2e66daa48d
BLAKE2b-256 962caecf50723369f8784c2863263d3f51751f7862061c99069ee352ffa0525c

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page