> ## Documentation Index
> Fetch the complete documentation index at: https://notes.kodekloud.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview of login application code

> Overview of a Flask login application demonstrating user authentication, database queries, redirects to a product service, and security best practices.

Welcome. This lesson walks through the login application's core code and explains how users are routed after authentication. The primary logic lives in `app.py`, which sets up the database connection (via a `get_db_connection()` helper) and exposes the Flask routes for rendering the login form, validating credentials, and forwarding authenticated users to the product application.

Below is a single, complete snippet that demonstrates the full flow — from form submission to redirect — replacing fragmented examples with one concise implementation.

```python theme={null}
# Routes
@app.route('/')
def login():
    return render_template('login.html')

@app.route('/login', methods=['POST'])
def login_post():
    email = request.form['email']
    password = request.form['password']

    conn = get_db_connection()
    if conn:
        cursor = conn.cursor()
        # Use parameterized query to avoid SQL injection
        cursor.execute("SELECT * FROM users WHERE email = %s AND password = %s", (email, password))
        user = cursor.fetchone()
        cursor.close()
        conn.close()

        if user:
            return redirect(url_for('product'))

    return redirect(url_for('login'))

@app.route('/product')
def product():
    # This redirect points to the product application running on another service.
    return redirect("http://35.156.49.246:5000/welcomepage")
    # Alternative for local testing:
    # return "Hello, this is the product page."

if __name__ == "__main__":
    app.run(debug=True, host="0.0.0.0", port=5000)
```

Key points about this implementation

* The app uses `get_db_connection()` to obtain a DB connection and performs a parameterized query to look up the user by `email` and `password`.
* On success, the route redirects to `/product`, which in turn forwards to the product application at the configured external URL.
* The Flask app listens on `0.0.0.0:5000` with `debug=True` for local development.

Routes summary

| Method | Path       | Purpose                                                                                                         |
| ------ | ---------- | --------------------------------------------------------------------------------------------------------------- |
| GET    | `/`        | Render `login.html` — the login form.                                                                           |
| POST   | `/login`   | Validate submitted `email` and `password`. If valid, redirect to `/product`.                                    |
| GET    | `/product` | Redirects to the product application (`http://35.156.49.246:5000/welcomepage`) or serves a local test response. |

Security note

<Callout icon="warning" color="#FF6B6B">
  This example checks passwords as stored plaintext in the database. Storing or comparing plaintext passwords is insecure. In production, always store hashed passwords (e.g., using bcrypt) and verify using a secure hashing check. Also run the app over HTTPS in production.
</Callout>

Best practices and quick improvements

* Password storage: Replace plaintext storage with a strong hashing scheme (bcrypt, Argon2). Verify using the hashing library rather than direct comparison.
* Sessions: After authentication, set a secure session or issue a JWT so subsequent requests can be authorized without re-checking credentials.
* Input validation: Validate and sanitize form inputs before using them in queries or application logic.
* HTTPS: Deploy behind TLS in production and disable `debug=True` for safety.
* Connection handling: Use connection pooling for production workloads (e.g., SQLAlchemy pool, a connection pooler).

Links and references

* Flask documentation: [https://flask.palletsprojects.com/](https://flask.palletsprojects.com/)
* Password hashing (bcrypt): [https://pypi.org/project/bcrypt/](https://pypi.org/project/bcrypt/)
* Docker training (reference): [https://learn.kodekloud.com/user/courses/docker-training-course-for-the-absolute-beginner](https://learn.kodekloud.com/user/courses/docker-training-course-for-the-absolute-beginner)
* AWS CodeBuild: [https://aws.amazon.com/codebuild/](https://aws.amazon.com/codebuild/)
* AWS CodePipeline (CI/CD): [https://learn.kodekloud.com/user/courses/aws-codepipeline-ci-cd-pipeline](https://learn.kodekloud.com/user/courses/aws-codepipeline-ci-cd-pipeline)

Next steps

* Containerize this service with a Dockerfile and build images for your CI pipeline.
* Add automated tests and a CI job (e.g., AWS CodeBuild).
* Deploy via a CD pipeline (e.g., AWS CodePipeline) and secure traffic with HTTPS.

That's it for this lesson — see you in the next one.

<CardGroup>
  <Card title="Watch Video" icon="video" cta="Learn more" href="https://learn.kodekloud.com/user/courses/building-scalable-microservices-on-aws-deploy-a-crypto-app/module/d14608f9-c900-4ec7-9bdd-ed8e215da540/lesson/f5375085-5a50-4d15-a21f-b288e68a7c77" />
</CardGroup>
