Skip to content

Flask backend

We use Flask as our web framework. It handles user authentication, dataset upload, task creation, and other aspects that require server-side interaction. It is designed to be independent from the OpenML API. This means that you can use it to create your own personal frontend for OpenML, using the main OpenML server to provide the data. Of course, you can also link it to your own local OpenML setup.

Design

Out flask app follows Application factories design pattern. A new app instance can be created by: 

    from autoapp import create_app
    app = create_app(config_object)

The backend is designed in a modular fashion with flask Blueprints. Currently, the flask app consists of two blueprints public and user:

  • Public blueprint: contains routes that do not require user authentication or authorization. like signup and forgot password.
  • User blueprint: Contains routes which require user authentication like login, changes in profile and fetching API key.

New blueprints can be registered in `server/app.py` with register_blueprints function:

    def register_blueprints(app):
        app.register_blueprint(new_blueprint)

Database setup

If you want o setup a local user database similar to OpenML then follow these steps:

  1. Install MySQL
  2. Create a new database 'openml'
  3. Set current database to 'openml' via use method
  4. Download users.sql file from openml.org github repo and add it in the openml db via "mysql -u root -p openml < users.sql"
  5. Edit the database path in `server/extensions.py` and `server/config.py`

Note: Remember to add passwords and socket extension address(if any) in both in server/extensions.py and server/config.py

Security

Flask backend uses JSON web tokens for all the user handling tasks. Flask JWT extended library is used to bind JWT with the flask app. Current Mechanism is :

  1. User logs in.
  2. JWT token is assigned to user and sent with every request to frontend.
  3. All the user information can only be accessed with a JWT token like edit profile and API-key.
  4. The JWT token is stored in local memory of the browser.
  5. The token get expired after 2 hours or get blacklisted after logout.

JWT is registered as an extension in `server/extensions.py`. All the user password hash are saved in Argon2 format with the new backend.

Registering Extensions

To register a new extension to flask backend extension has to be added in server/extensions.py and initialized in server/app.py. Current extensions are : flask_argon2, flask_bcrypt, flask_jwt_extended and flask_sqlalchemy.

Configuring App

Configuration variables like secret keys, Database URI and extension configurations are specified in server/config.py with Config object, which is supplied to the flask app during initialization.

Creating a new route

To create a new route in backend you can add the route in server/public/views.py or server/user/views.py (if it requires user authorisation or JWT usage in any way).

Bindings to OpenML server

You can specify which OpenML server to connect to. This is stored in the .env file in the main directory. It is set to the main OpenML server by default:

    ELASTICSEARCH_SERVER=https://www.openml.org/es
    OPENML_SERVER=https://www.openml.org

The ElasticSearch server is used to download information about datasets, tasks, flows and runs, as well as to power the frontend search. The OpenML server is used for uploading datasets, tasks, and anything else that requires calls to the OpenML API.

Bindings to frontend

The frontend is generated by React. See below for more information. The React app is loaded as a static website. This is done in Flask setup in file server.py.

    app = Flask(__name__, static_url_path='', static_folder='src/client/app/build')

It will find the React app there and load it.

Email Server

OpenML uses its own mail server, You can use basically any mail server compatible with python SMTP library. Our suggestion is to use mailtrap.io for local testing. You can configure email server configurations in .env file. Currently we only use emails for confirmation email and forgotten password emails.