0

I would like to host my Flask-based web application on GAE.

Regular users are authenticated against Google using flask-oauthlib.

However, I would like to authenticate admin users using GAE's Users API, since it provides, among others, the users.is_current_user_admin().

However, it seems that I cannot protect the admin region from app.yaml, because the following configuration is not valid:

# app.yaml
[...]
handlers:
# For admin users
# THIS IS INVALID!
- url: /admin
  login: admin

# For regular users
- url: /.*
  script: main.app

Option 1: Create a separate flask app object in the same GAE application:

# app.yaml
[...]
# For admin users
- url: /admin
  script: admin.app
  login: admin

Is that a good practice? If not, why?


Option 2: Simply implement a function such as:

def is_admin():
  return current_user.email in ["admin1@...", "admin2@...", "admin3@..."]

That is, do not rely on GAE's Users API.


Notes:

  • there are only a few admin users
  • I do not need fine-grained roles at the moment

Any thoughts (other solutions)?

turdus-merula
  • 8,546
  • 8
  • 38
  • 50

1 Answers1

1

I have such mixed logins in my non-Flask app, and my handlers look like this:

handlers:
- url: /admin
  script: main.app
  login: admin

- url: /.*
  script: main.app

No need to have a separate app for admin. I don't know how Flask works, but I would expect this to work for you as well.

new name
  • 15,861
  • 19
  • 68
  • 114