Sanic-WTF makes using WTForms with Sanic and CSRF (Cross-Site Request Forgery) protection a little bit easier.
pip install --upgrade Sanic-WTFfrom sanic import Sanic
app = Sanic(__name__)
# either WTF_CSRF_SECRET_KEY or SECRET_KEY should be set
app.config['WTF_CSRF_SECRET_KEY'] = 'top secret!'
@app.middleware('request')
async def add_session_to_request(request):
# setup sessionfrom sanic_wtf import SanicForm
from wtforms.fields import PasswordField, StringField, SubmitField
from wtforms.validators import DataRequired
class LoginForm(SanicForm):
name = StringField('Name', validators=[DataRequired()])
password = PasswordField('Password', validators=[DataRequired()])
submit = SubmitField('Sign In')That's it, just subclass SanicForm and later on passing in the current request object when you instantiate the form class. Sanic-WTF will do the trick.
from sanic import response
@app.route('/', methods=['GET', 'POST'])
async def index(request):
form = LoginForm(request)
if request.method == 'POST' and form.validate():
name = form.name.data
password = form.password.data
# check user password, log in user, etc.
return response.redirect('/profile')
# here, render_template is a function that render template with context
return response.html(await render_template('index.html', form=form))Note
For WTForms users: please note that SanicForm requires the whole request object instead of some sort of MultiDict.
For more details, please see documentation.
BSD New, see LICENSE for details.