For example, to lock down the entire application, you could do something like this:
@server.before_request
def check_login():
if request.method == 'GET':
if current_user:
if request.url in ['http://127.0.0.1:8050/login', 'http://127.0.0.1:8050/logout']:
return
if 'Referer' in request.headers:
if request.headers['Referer'] in ['http://127.0.0.1:8050/login', 'http://127.0.0.1:8050/logout']:
return
if current_user.is_authenticated:
return
else:
for pg in dash.page_registry:
if request.path == dash.page_registry[pg]['path']:
session['url'] = request.url
return redirect('http://127.0.0.1:8050/login')
else:
if current_user:
if current_user.is_authenticated or request.path == '/login':
return
if (request.headers['Referer'] in ['http://127.0.0.1:8050/login', 'http://127.0.0.1:8050/logout']
and (request.path in ['/_dash-layout', '/_dash-dependencies'] or
(request.json['changedPropIds'] == ["_pages_location.pathname", "_pages_location.search"]
or request.json['changedPropIds'] == ['{"index":"redirectLogin","type":"redirect"}.n_intervals']))):
return
return jsonify({'status':'401', 'statusText':'unauthorized access'})
This has specific holes for loading the login and logout page, as well as holes to allow those to populate. Again, this isnt necessarily perfect. But will keep most people unable to access the data because it has very specific openings.