Enable CSRF by blueprint (exclude API views)

ereuse_devicehub/devicehub.py

@@ -23,7 +23,6 @@ from ereuse_devicehub.templating import Environment
 
 
 from flask_login import LoginManager
-from flask_wtf.csrf import CSRFProtect
 from ereuse_devicehub.resources.user.models import User
 
 
@@ -69,9 +68,6 @@ class Devicehub(Teal):
         self.configure_extensions()
 
     def configure_extensions(self):
-        # configure & enable CSRF of Flask-WTF
-        CSRFProtect(self)
-
         # configure Flask-Login
         login_manager = LoginManager()
         login_manager.init_app(self)

examples/app.py

@@ -1,9 +1,22 @@
-from ereuse_devicehub.devicehub import Devicehub
-
 """
 Example app with minimal configuration.
 
 Use this as a starting point.
 """
+from flask_wtf.csrf import CSRFProtect
 
-app = Devicehub(inventory='db1')
+from ereuse_devicehub.config import DevicehubConfig
+from ereuse_devicehub.devicehub import Devicehub
+from ereuse_devicehub.inventory.views import devices
+from ereuse_devicehub.views import core
+
+app = Devicehub(inventory=DevicehubConfig.DB_SCHEMA)
+app.register_blueprint(core)
+app.register_blueprint(devices)
+
+# configure & enable CSRF of Flask-WTF
+# NOTE: enable by blueprint to exclude API views
+# TODO(@slamora: enable by default & exclude API views when decouple of Teal is completed
+csrf = CSRFProtect(app)
+csrf.protect(core)
+csrf.protect(devices)