Flask Configuration

Configuring Flask

Our Flask application is created so that configuring the application is easy. Note: If any of the configuration settings are changed, the Flask application needs to be stopped and restarted in order for changes to take effect.

The Flask application is configured through three different configuration files:

Config.py - For generic configuration settings.
DevelopmentConfig.py - For settings that are applied when running the FLask server as a development server.
ProductionConfig.py - For settings that are applied when running the Flask in a production environment.

General Configuration Settings

The Config.py file is used to configure most of the settings for the application. The settings that can be configured are farily detailed within the file, however a list of the settings, potential values, and explanations are provided below.

Configuration Name	Explanation	Example
username_domain	The domain that is appended to usernames when attempting to login. Note: "@" symbol is required.	"@yahoo.com"
logging	If the Flask server outputs any information to a log file.	True/False
logging_level	How much information is output to the log files? flaskLog.DEBUG - Send all messages to the log. flaskLog.INFO - Send everything but debug messages (Reccommended). flaskLog.WARNING - Log all messages except Debug and Info messages. flaskLog.ERROR - Only log error and critical messages. flaskLog.CRITICAL - Only log critical messages.	flaskLog.INFO
verbose	If the Flask server outputs any information to the console.	True/False
logging_level	How much information is output to the console? flaskLog.DEBUG - Send all messages to the console. flaskLog.INFO - Send everything but debug messages (Reccommended). flaskLog.WARNING - Output all messages except Debug and Info messages. flaskLog.ERROR - Only output error and critical messages. flaskLog.CRITICAL - Only output critical messages.	flaskLog.INFO
broadsoft_uri	The base url that will be accessed when sending API requests	http://reqres.in/api/login
JWT_COOKIE_CSRF_PROTECT	If tokens are protected with CSRF protection	True/False
JWT_TOKEN_LOCATION	Where to look for a JWT when processing a request. The options are 'headers', 'cookies', 'query_string', or 'json'. You can pass in a sequence or a set to check more then one location, such as: ('headers', 'cookies').	['cookies']
JWT_EXPIRATION_DELTA	The time to keep a JWT Token alive for before expiring a user's token. Must be a Python datetime.timeDelta object.	datetime.timedelta(hours=2)
JWT_ACCESS_TOKEN_EXPIRES	The time to keep a JWT access token alive for before expiring the user's access. Must be a Python datetime.timedelta object.	datetime.timedelta(hours=2)

Development Configuration Settings

Running the project in a development server poses less threats and may also require security functinoality that doesn't exist when developing the project. These settings can be configured in the DevelopmentConfig.py file. As a result, these settings may be lacking in security features which would otherwise be used in a production system. DO NOT USE THESE SETTINGS IN A PRODUCTION BUILD.

Configuration Name	Explanation	Example
JWT_COOKIE_SECURE	If JWT tokens have to be sent over an HTTPS connection.	True
JWT_SECRET_KEY	The secret key which is used to encrypt JWT data into the token. This should be kept private for a production server. Generate a secret key here.	"SecretKey"
environment	What Flask server environment to use	'Dev'

Production Configuration Settings

Running the project in a production setting requires a stricter set of security settings and as a result, these settings put those requirements into place. These settings can be changed in the ProductionConfig.py file.

Configuration Name	Explanation	Example
JWT_COOKIE_SECURE	If JWT tokens have to be sent over an HTTPS connection.	True
JWT_SECRET_KEY	The secret key which is used to encrypt JWT data into the token. This should be kept private for a production server. Generate a secret key here.	"SecretKey"