Days
Hours
Minutes
Seconds
x
Skip to content

Flask

File Upload

The following sections describe how to handle file uploads on your server using Flask as a server-side language. For information on the upload workflow refer to the file upload documentation.

Frontend

Setting up the index page.

  1. On the head section include the Editor style.

  2. <!DOCTYPE html>
    <html>
    <head>
    <meta charset="utf-8">
    
    <link href="https://cdn.jsdelivr.net/npm/froala-editor@latest/css/froala_editor.pkgd.min.css" rel="stylesheet" type="text/css" />
    </head>
  3. On the body section include the Editor JS files and define the area for the editor.

  4. <body>  
    <script type="text/javascript" src="https://cdn.jsdelivr.net/npm/froala-editor@latest/js/froala_editor.pkgd.min.js"></script>
    
    <div class="sample">
    <h2>File upload example.</h2>
    <form>
    <textarea id="edit" name="content"></textarea>
    </form>
    </div>
    
  5. Initialize the editor and set the file upload URL

  6. <script>
    new FroalaEditor('#edit', {
    // Set the file upload URL.
    fileUploadURL: '/UploadFiles',
    
    fileUploadParams: {
    id: 'my_editor'
    }
    })
    </script>
    </body>
    </html>

The full code should look like this:

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<link href="https://cdn.jsdelivr.net/npm/froala-editor@latest/css/froala_editor.pkgd.min.css" rel="stylesheet" type="text/css" />
</head>

<body>
<script type="text/javascript" src="https://cdn.jsdelivr.net/npm/froala-editor@latest/js/froala_editor.pkgd.min.js"></script>

<div class="sample">
<h2>File upload example.</h2>
<form>
<textarea id="edit" name="content"></textarea>
</form>
</div>


<script>
new FroalaEditor('#edit', {

fileUploadURL: '/UploadFiles',

fileUploadParams: {
id: 'my_editor'
}
})
</script>
</body>
</html>

Backend

server.py handles the server part for flask

Inside server.py, the File class handles the file upload

from flask import Flask, request, send_from_directory, jsonify
import base64
import datetime
from os.path import isfile, join
from mimetypes import MimeTypes
from os import listdir
from wand.image import Image
import wand.image
import hashlib
import json
import time
import hmac
import copy
import sys
import os

import wand.image

# Create public directory at startup.
BASE_DIR = os.path.dirname(os.path.abspath(__file__))
publicDirectory = os.path.join(BASE_DIR, "public")
if not os.path.exists(publicDirectory):
os.makedirs(publicDirectory)

app = Flask(__name__, static_url_path = "")

@app.route("/")
def get_main_html():
return send_from_directory("./", "index.html")

@app.route("/public/<path:path>")
def get_public(path):
return send_from_directory("public/", path)

@app.route("/static/<path:path>")
def get_static(path):
return send_from_directory("./", path)

@app.route("/upload_file", methods = ["POST"])
def upload_file():
options = {
"validation": None
}
try:
response = File.upload(FlaskAdapter(request), "/public/", options)
except Exception:
response = {"error": str(sys.exc_info()[1])}
return json.dumps(response)

@app.route("/upload_file_validation", methods = ["POST"])
def upload_file_validation():

def validation(filePath, mimetype):
size = os.path.getsize(filePath)
if size > 10 * 1024 * 1024:
  return False
return True

options = {
"fieldname": "myFile",
"validation": validation
}

try:
response = File.upload(FlaskAdapter(request), "/public/", options)
except Exception:
response = {"error": str(sys.exc_info()[1])}
return json.dumps(response)


class File(object):

defaultUploadOptions = {
"fieldname": "file",
"validation": {
  "allowedExts": ["txt", "pdf", "doc"],
  "allowedMimeTypes": ["text/plain", "application/msword", "application/x-pdf", "application/pdf"]
}
}

    @staticmethod
def upload(req, fileRoute, options = None):
"""
File upload to disk.
Parameters:
  req: framework adapter to http request. See BaseAdapter.
  fileRoute: string
  options: dict optional, see defaultUploadOptions attribute
Return:
  dict: {link: "linkPath"}
"""

if options is None:
  options = File.defaultUploadOptions
else:
  options = Utils.merge_dicts(File.defaultUploadOptions, options)

# Get extension.
filename = req.getFilename(options["fieldname"]);
extension = Utils.getExtension(filename)
extension = "." + extension if extension else ""

# Generate new random name.

# python 2-3 compatible:
try:
  sha1 = hashlib.sha1(str(time.time()).encode("utf-8")).hexdigest() #  v3
except Exception:
  sha1 = hashlib.sha1(str(time.time())).hexdigest() # v2
routeFilename = fileRoute + sha1 + extension

fullNamePath = Utils.getServerPath() + routeFilename

req.saveFile(options["fieldname"], fullNamePath)

# Check validation.
if "validation" in options:
  if not Utils.isValid(options["validation"], fullNamePath, req.getMimetype(options["fieldname"])):
      File.delete(routeFilename)
      raise Exception("File does not meet the validation.")

if "resize" in options and options["resize"] is not None:
  with Image(filename = fullNamePath) as img:
      img.transform(resize = options["resize"])
      img.save(filename = fullNamePath)

# build and send response.
response = {}
response["link"] = routeFilename
return response

    @staticmethod
def delete(src):
"""
Delete file from disk.
Parameters:
  src: string
"""

filePath = Utils.getServerPath() + src
try:
  os.remove(filePath)
except OSError:
  pass

class Utils(object):
"""
Utils static class.
"""

   @staticmethod
def hmac(key, string, hex = False):
"""
Calculate hmac.
Parameters:
 key: string
 string: string
 hex: boolean optional, return in hex, else return in binary
Return:
 string: hmax in hex or binary
"""

# python 2-3 compatible:
try:
 hmac256 = hmac.new(key.encode() if isinstance(key, str) else key, msg = string.encode("utf-8") if isinstance(string, str) else string, digestmod = hashlib.sha256) # v3
except Exception:
 hmac256 = hmac.new(key, msg=string, digestmod = hashlib.sha256) # v2

return hmac256.hexdigest() if hex else hmac256.digest()

   @staticmethod
def merge_dicts(a, b, path = None):
"""
Deep merge two dicts without modifying them. Source: http://stackoverflow.com/questions/7204805/dictionaries-of-dictionaries-merge/7205107#7205107
Parameters:
 a: dict
 b: dict
 path: list
Return:
 dict: Deep merged dict.
"""

aClone = copy.deepcopy(a);
# Returns deep b into a without affecting the sources.
if path is None: path = []
for key in b:
 if key in a:
     if isinstance(a[key], dict) and isinstance(b[key], dict):
         aClone[key] = Utils.merge_dicts(a[key], b[key], path + [str(key)])
     else:
         aClone[key] = b[key]
 else:
     aClone[key] = b[key]
return aClone

   @staticmethod
def getExtension(filename):
"""
Get filename extension.
Parameters:
 filename: string
Return:
 string: The extension without the dot.
"""
return os.path.splitext(filename)[1][1:]

   @staticmethod
def getServerPath():
"""
Get the path where the server has started.
Return:
 string: serverPath
"""
return os.path.abspath(os.path.dirname(sys.argv[0]))

   @staticmethod
def isFileValid(filename, mimetype, allowedExts, allowedMimeTypes):
"""
Test if a file is valid based on its extension and mime type.
Parameters:
 filename string
 mimeType string
 allowedExts list
 allowedMimeTypes list
Return:
 boolean
"""

# Skip if the allowed extensions or mime types are missing.
if not allowedExts or not allowedMimeTypes:
 return False

extension = Utils.getExtension(filename)
return extension.lower() in allowedExts and mimetype in allowedMimeTypes

   @staticmethod
def isValid(validation, filePath, mimetype):
"""
Generic file validation.
Parameters:
 validation: dict or function
 filePath: string
 mimetype: string
"""

# No validation means you dont want to validate, so return affirmative.
if not validation:
 return True

# Validation is a function provided by the user.
if callable(validation):
 return validation(filePath, mimetype)

if isinstance(validation, dict):
 return Utils.isFileValid(filePath, mimetype, validation["allowedExts"], validation["allowedMimeTypes"])

# Else: no specific validating behaviour found.
return False


class BaseAdapter(object):
"""
Interface. Inherit this class to use the lib in your framework.
"""

def __init__(self, request):
"""
Constructor.
Parameters:
 request: http request object from some framework.
"""
self.request = request

def riseError(self):
"""
Use this when you want to make an abstract method.
"""
raise NotImplementedError( "Should have implemented this method." )

def getFilename(self, fieldname):
"""
Get upload filename based on the fieldname.
Parameters:
 fieldname: string
Return:
 string: filename
"""
self.riseError()

def getMimetype(self, fieldname):
"""
Get upload file mime type based on the fieldname.
Parameters:
 fieldname: string
Return:
 string: mimetype
"""
self.riseError()

def saveFile(self, fieldname, fullNamePath):
"""
Save the upload file based on the fieldname on the fullNamePath location.
Parameters:
 fieldname: string
 fullNamePath: string
"""
self.riseError()


class FlaskAdapter(BaseAdapter):
"""
Flask Adapter: Check BaseAdapter to see what methods description.
"""

def checkFile(self, fieldname):
if fieldname not in self.request.files:
 raise Exception("File does not exist.")

def getFilename(self, fieldname):
self.checkFile(fieldname)
return self.request.files[fieldname].filename

def getMimetype(self, fieldname):
self.checkFile(fieldname)
return self.request.files[fieldname].content_type

def saveFile(self, fieldname, fullNamePath):
self.checkFile(fieldname)
file = self.request.files[fieldname]
file.save(fullNamePath)

Do you think we can improve this article? Let us know.

Ready to dive in? Explore our plans