Python : Flask : Catch All Url for login_required

Question

I want the user to not be able to fetch any assets if they aren't logged in. Can any one tell me why the below doesn't work for :

http://domain-name:5000/static/index.html.

The user gets served the index.html file even though they are not logged in.

lm.login_view = "/static/login.html"
@app.route('/',defaults={'path':''})
@app.route('/static/<path:path>')
@login_required
def root():
    logging.debug('Login Required - Authenticated user. Will Redirect')
    return redirect(path)

Thanks!

Answer 1

By default if exist static folder flask have static endpoint which maped static url path to static folder path. You can change static_url_path or static_folder flask argument to another (not static).

If you want require login for static endpoint then you can try next code:

@app.before_request
def check_login():
    if request.endpoint == 'static' and not current_user.is_authenticated():
        abort(401)
    return None

or override send_static_file view function:

def send_static_file(self, filename):
    if not current_user.is_authenticated():
        abort(401)
    return super(Flask, self).send_static_file(filename)