I attached some comments to lines of code, but here are some general remarks.
- Flask and SQLAlchemy are already completely unicode based, but Python 2.7 is not by default. Just to be sure, I would add
from __future__ import unicodeat the top of every file.
- Would be good to have some tests (in Mutalyzer I use pytest).
- The documentation by README file is good enough for this project, but the API is entirely documented by example. Perhaps better to at least describe the HTTP method, URL endpoint, headers, and form fields separately.
- I would not put method-specific request arguments in HTTP headers. For example,
Transfer-Idin uploading a file; I would expect this to be in the URL (
- Very good to describe all possible error messages and their meaning in the docs. However, I would make it clear that the description can be used as an error code (i.e., can be used by a program and won't change) by just calling it error code or the like. Then there's also room to include a human readable message in a second field.
- Add some documentation on how to run the server (and also on running
- Is gunicorn really a dependency? I don't think so.
- Could add something about the optional nginx upload module to the docs, and I think it would be better to default that configuration value to false.
- It should be possible to customize the config without changing the application source code, e.g., by reading some configuration file.
- Note in the docs that it's only been tested with SQLite.
- Use the logging module. Expecially log a short line in those cases where we silently ignore exceptions, but probably also when a user id doesn't match etcetera.
That's all for now :)