Move each flask module into a Blueprint and have CSRF protection only on the API blueprint

endpoints/web.py

@@ -3,7 +3,7 @@ import requests
 import stripe
 
 from flask import (abort, redirect, request, url_for, render_template,
-                   make_response, Response)
+                   make_response, Response, Blueprint)
 from flask.ext.login import current_user
 from urlparse import urlparse
 
@@ -18,6 +18,8 @@ from endpoints.common import common_login
 
 logger = logging.getLogger(__name__)
 
+web = Blueprint('web', __name__)
+
 
 def render_page_template(name):
   resp = make_response(render_template(name, route_data=get_route_data()))
@@ -25,16 +27,16 @@ def render_page_template(name):
   return resp
 
 
-@app.route('/', methods=['GET'], defaults={'path': ''})
-@app.route('/repository/<path:path>', methods=['GET'])
-@app.route('/organization/<path:path>', methods=['GET'])
+@web.route('/', methods=['GET'], defaults={'path': ''})
+@web.route('/repository/<path:path>', methods=['GET'])
+@web.route('/organization/<path:path>', methods=['GET'])
 def index(path):
   return render_page_template('index.html')
 
 
-@app.route('/snapshot', methods=['GET'])
-@app.route('/snapshot/', methods=['GET'])
-@app.route('/snapshot/<path:path>', methods=['GET'])
+@web.route('/snapshot', methods=['GET'])
+@web.route('/snapshot/', methods=['GET'])
+@web.route('/snapshot/<path:path>', methods=['GET'])
 def snapshot(path = ''):
   parsed = urlparse(request.url)
   final_url = '%s://%s/%s' % (parsed.scheme, 'localhost', path)
@@ -45,74 +47,74 @@ def snapshot(path = ''):
   abort(404)
 
 
-@app.route('/plans/')
+@web.route('/plans/')
 def plans():
   return index('')
 
 
-@app.route('/guide/')
+@web.route('/guide/')
 def guide():
   return index('')
 
 
-@app.route('/organizations/')
-@app.route('/organizations/new/')
+@web.route('/organizations/')
+@web.route('/organizations/new/')
 def organizations():
   return index('')
 
 
-@app.route('/user/')
+@web.route('/user/')
 def user():
   return index('')
 
 
-@app.route('/signin/')
+@web.route('/signin/')
 def signin():
   return index('')
 
 
-@app.route('/new/')
+@web.route('/new/')
 def new():
   return index('')
 
 
-@app.route('/repository/')
+@web.route('/repository/')
 def repository():
   return index('')
 
 
-@app.route('/security/')
+@web.route('/security/')
 def security():
   return index('')
 
 
-@app.route('/v1')
-@app.route('/v1/')
+@web.route('/v1')
+@web.route('/v1/')
 def v1():
   return index('')
 
 
-@app.route('/status', methods=['GET'])
+@web.route('/status', methods=['GET'])
 def status():
   return make_response('Healthy')
 
 
-@app.route('/tos', methods=['GET'])
+@web.route('/tos', methods=['GET'])
 def tos():
   return render_page_template('tos.html')
 
 
-@app.route('/disclaimer', methods=['GET'])
+@web.route('/disclaimer', methods=['GET'])
 def disclaimer():
   return render_page_template('disclaimer.html')
 
 
-@app.route('/privacy', methods=['GET'])
+@web.route('/privacy', methods=['GET'])
 def privacy():
   return render_page_template('privacy.html')
 
 
-@app.route('/receipt', methods=['GET'])
+@web.route('/receipt', methods=['GET'])
 def receipt():
   if not current_user.is_authenticated():
     abort(401)
@@ -142,7 +144,7 @@ def receipt():
   abort(404)
 
 
-@app.route('/oauth2/github/callback', methods=['GET'])
+@web.route('/oauth2/github/callback', methods=['GET'])
 def github_oauth_callback():
   code = request.args.get('code')
   payload = {
@@ -205,7 +207,7 @@ def github_oauth_callback():
   return render_page_template('githuberror.html')
 
 
-@app.route('/confirm', methods=['GET'])
+@web.route('/confirm', methods=['GET'])
 def confirm_email():
   code = request.values['code']
 
@@ -219,7 +221,7 @@ def confirm_email():
   return redirect(url_for('index'))
 
 
-@app.route('/recovery', methods=['GET'])
+@web.route('/recovery', methods=['GET'])
 def confirm_recovery():
   code = request.values['code']
   user = model.validate_reset_code(code)
@@ -229,8 +231,3 @@ def confirm_recovery():
     return redirect(url_for('user'))
   else:
     abort(403)
-
-
-@app.route('/reset', methods=['GET'])
-def password_reset():
-  pass