Blog System

A full-stack blog solution with register, login/out, post, comment, delete with users management

Flask SQLAlchemy WTForms Blueprint

Technical Architecture

Overview

The blog system is a modular and self-contained component, implemented as a Flask Blueprint, that provides a complete set of features for a multi-user blog. It's designed to be seamlessly integrated into a larger Flask application with clear separation of concerns.

Core Technologies

  • • Flask (Python web framework)
  • • SQLAlchemy with shared database instance
  • • WTForms for form handling and validation
  • • Flask-Login for authentication
  • • Blueprint architecture for modular design

Key Features

  • • User registration and authentication
  • • Role-based access control
  • • Blog post creation and management
  • • Comment system
  • • Admin dashboard

Module Structure

blog_project/
├── __init__.py      # Package initialization
├── main.py          # Flask routes and blueprint definition
├── models.py        # SQLAlchemy database models
├── forms.py         # WTForms form definitions
├── templates/       # HTML templates
│   ├── header.html
│   ├── footer.html
│   ├── indexb.html
│   ├── login.html
│   ├── register.html
│   ├── make-post.html
│   ├── post.html
│   └── admin_dashboard.html
└── static/          # CSS, JS, and assets

Data Layer (models.py)

User Model

  • • id: Primary key
  • • email: Unique email address
  • • password: Hashed password
  • • name: User's full name
  • • badge: Unique badge number
  • • pin: Hashed PIN for authentication
  • • category: Role-based access control
  • • company: Optional company name

BlogPost Model

  • • id: Primary key
  • • author_id: Foreign key to User
  • • title: Post title (unique)
  • • subtitle: Post subtitle
  • • date: Publication date
  • • body: Post content (rich text)
  • • img_url: Featured image URL

Comment Model

  • • id: Primary key
  • • text: Comment content
  • • author_id: Foreign key to User
  • • post_id: Foreign key to BlogPost

API Endpoints

Authentication

  • GET/POST /register
  • GET/POST /login
  • GET /logout
  • POST /api/authenticate_badge_pin

Blog Management

  • GET / (all posts)
  • GET/POST /post/<id>
  • GET/POST /new-post
  • GET/POST /edit-post/<id>
  • GET /delete/<id>

Admin Functions

  • GET /admin/dashboard
  • POST /admin/delete_user/<id>

Authentication & Authorization

Authentication System

  • • Flask-Login for session management
  • • Secure password hashing with werkzeug
  • • Dual authentication (email/password + badge/PIN)
  • • CSRF protection with WTForms
  • • Automatic session handling

Role-Based Access Control

  • • @roles_required decorator for fine-grained control
  • • User categories: executive, director, vip, manager, etc.
  • • Executive: Full admin access
  • • Director: Can create/edit posts
  • • Regular users: Read and comment only

Database Relationships

User → Posts

One-to-many relationship where one user can author multiple posts

User → Comments

One-to-many relationship where one user can write multiple comments

Post → Comments

One-to-many relationship where one post can have multiple comments

Cascading Deletes

When a user is deleted, all their posts and comments are automatically removed from the database.

Implementation Details

Blueprint Architecture

Blueprint Definition

blog_bp = Blueprint('blog', __name__, 
                    template_folder='templates',
                    static_folder='static',
                    static_url_path='/blog_project/static')

The blueprint has its own dedicated template and static folders, ensuring modularity and organization.

Application Integration

from blog_project.main import blog_bp
app.register_blueprint(blog_bp, url_prefix='/blog_project')

All routes are accessible under the /blog_project prefix (e.g., /blog_project/login, /blog_project/post/1).

Form Handling & Validation

WTForms Integration

  • • CreatePostForm for blog post creation
  • • RegisterForm for user registration
  • • LoginForm for user authentication
  • • CommentForm for post comments
  • • Built-in CSRF protection

Validation Features

  • • Required field validation
  • • Email format validation
  • • URL validation for images
  • • PIN format validation (4-6 digits)
  • • Unique email and badge validation

Data Flow Example: Creating a New Post

1

Authenticated user with 'executive' role navigates to /blog_project/new-post

2

@roles_required decorator validates user permissions

3

CreatePostForm is instantiated and rendered with CKEditor

4

User submits form, triggering POST request

5

Form validation checks CSRF token and required fields

6

New BlogPost object is created and saved to database

7

User is redirected to main blog page to see the new post

Security Features

Password Security

  • • werkzeug.security for password hashing
  • • PBKDF2 with SHA256 algorithm
  • • Salt length of 8 characters
  • • Separate hashing for passwords and PINs
  • • Never stores plaintext credentials

Access Control

  • • Role-based authorization system
  • • Decorator-based route protection
  • • Automatic redirect to login for unauthenticated users
  • • 403 Forbidden for unauthorized access
  • • Session-based authentication
Go to the Blog Back to Home