Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/BrandonCVale/SISTEMA-HABITOS/llms.txt

Use this file to discover all available pages before exploring further.

All configuration for Hábito. lives inside the create_app() application factory in app/__init__.py. There is no separate config class, .env file, or environment variable loading in the current codebase — every value is set directly on app.config before any extension is initialised. This is a straightforward setup appropriate for development; see the Production Considerations section for recommended changes before deploying.

Application Settings

The following keys are set on app.config inside create_app().
SECRET_KEY
str
required
'sistema_habitos_76Fu-39+' — Flask uses this key to cryptographically sign the session cookie and the data passed through flash(). Any tampering with the cookie will be detected because the signature will not match.Production requirement: This value must be replaced with a long, unpredictable random string before deploying. See Production Considerations.
SQLALCHEMY_DATABASE_URI
str
required
'sqlite:///habitos.db' — Instructs Flask-SQLAlchemy to use a SQLite database. The three-slash (///) path is relative to the Flask application’s instance path, which resolves to the app/ directory. The habitos.db file is created automatically by db.create_all() in main.py on first run.
SQLALCHEMY_TRACK_MODIFICATIONS
bool
False — Disables Flask-SQLAlchemy’s object modification tracking event system. This system has significant overhead and is not needed by Hábito., so it is explicitly turned off. Flask-SQLAlchemy emits a deprecation warning if this key is not set.
SQLALCHEMY_ECHO
bool
True (development default) — When True, SQLAlchemy prints every SQL statement it generates to the console (stdout). This is extremely helpful for understanding what the ORM is doing and for debugging slow queries during development.Production requirement: Must be set to False in production. See Production Considerations.
The full block from app/__init__.py: 
app.config['SECRET_KEY'] = 'sistema_habitos_76Fu-39+'
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///habitos.db'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
app.config['SQLALCHEMY_ECHO'] = True

Flask-Login Settings

After login_manager.init_app(app) is called, three attributes are configured on the LoginManager instance:
login_manager.login_view
str
required
'auth.inicio_sesion' — The endpoint name (Blueprint + function name) that Flask-Login redirects unauthenticated users to when they attempt to access a @login_required route. Uses Flask’s url_for() internally, so the value must match the registered Blueprint name and view function exactly.
login_manager.login_message
str
'Por favor inicia sesión para acceder.' — The message that Flask-Login automatically flashes when it redirects an unauthenticated visitor to the login page.
login_manager.login_message_category
str
'error' — The flash category applied to the login_message above. Matches the "error" category used throughout the rest of the app so the template renders it with the same error styling.
Flask-Login also needs a user loader callback to reconstruct the logged-in user from the ID stored in the session cookie. This is registered as a closure inside create_app(): 
from app.models.usuario import Usuario

@login_manager.user_loader
def load_user(user_id: str) -> Optional[Usuario]:
    # Flask-Login always passes user_id as a string
    return db.session.get(Usuario, int(user_id))

Development Server

main.py is the entry point for the development server. It creates the app, ensures all tables exist, and starts Flask’s built-in Werkzeug server: 
from app import create_app, db
from app.models import Usuario, Habito

app = create_app()

with app.app_context():
    db.create_all()
    print("Base de datos y tablas verificadas/creadas con éxito.")

if __name__ == '__main__':
    app.run(debug=True, host='0.0.0.0')
OptionValueEffect
debugTrueEnables the Werkzeug interactive debugger and automatic reloader on code changes
host'0.0.0.0'Binds to all network interfaces, making the server reachable from other devices on the same LAN (e.g. testing on a phone)
The default port when no port= argument is given is 5000, so the app is reachable at http://localhost:5000 during development.

Production Considerations

The current configuration is intentionally simple for a development environment. Before deploying to any internet-facing server, address all of the following points.
Rotate SECRET_KEY immediately. The hardcoded key 'sistema_habitos_76Fu-39+' is public. Any attacker who knows it can forge session cookies and bypass Flask-Login. Generate a proper key with:
import secrets
print(secrets.token_hex(32))
Set SQLALCHEMY_ECHO = False in production. With ECHO = True, every SQL statement is written to stdout. In a cloud environment this pollutes log aggregators, increases I/O costs, and may leak sensitive query structure in shared logging systems.
Never use app.run(debug=True) in production. debug=True activates the Werkzeug interactive debugger, which allows arbitrary Python code execution in the browser if an unhandled exception occurs. Use a production WSGI server such as Gunicorn or uWSGI instead:
# Gunicorn example (4 worker processes)
gunicorn -w 4 -b 0.0.0.0:8000 "main:app"
Use os.environ.get() to read sensitive values from the environment at runtime. This keeps secrets out of the source code entirely. 
import os
from flask import Flask, redirect, url_for
from flask_sqlalchemy import SQLAlchemy
from flask_login import LoginManager

login_manager = LoginManager()
db = SQLAlchemy()


def create_app():
    app = Flask(__name__)

    app.config['SECRET_KEY'] = os.environ.get('SECRET_KEY', 'change-me-in-production')
    app.config['SQLALCHEMY_DATABASE_URI'] = os.environ.get(
        'DATABASE_URL', 'sqlite:///habitos.db'
    )
    app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
    # Echo off in production
    app.config['SQLALCHEMY_ECHO'] = os.environ.get('SQLALCHEMY_ECHO', 'false').lower() == 'true'

    db.init_app(app)
    login_manager.init_app(app)
    login_manager.login_view = 'auth.inicio_sesion'
    login_manager.login_message = 'Por favor inicia sesión para acceder.'
    login_manager.login_message_category = 'error'

    # ... rest of factory unchanged
    return app
Set the environment variables on your server or CI/CD platform: 
export SECRET_KEY="$(python -c 'import secrets; print(secrets.token_hex(32))')"
export DATABASE_URL="postgresql://user:pass@host/habitos_prod"
export SQLALCHEMY_ECHO="false"

Dependencies

All packages are pinned in requirements.txt. The table below lists the packages directly used by Hábito. with their pinned versions and roles.
PackageVersionPurpose
Flask3.1.3Core web framework — routing, request/response, templates, sessions, flash
Flask-SQLAlchemy3.1.1SQLAlchemy integration for Flask — provides the db object and db.Model base
Flask-Login0.6.3Session-based user authentication — @login_required, login_user(), logout_user(), current_user
bcrypt5.0.0Password hashing — bcrypt.hashpw() and bcrypt.checkpw() used in UsuarioRepository
plotly6.8.0Interactive progress charts rendered in visualizar_progreso.html
pandas3.0.3Data manipulation used by EstadisticasService to build the chart data frame
SQLAlchemy2.0.49ORM and query engine — underpins Flask-SQLAlchemy; provides Mapped, mapped_column, db.select()
Jinja23.1.6HTML templating engine bundled with Flask — renders all .html templates
Werkzeug3.1.8WSGI utilities bundled with Flask — handles request parsing, static files, and the dev server
Additional packages present in requirements.txt (blinker, click, colorama, itsdangerous, MarkupSafe, etc.) are transitive dependencies pulled in automatically by Flask and its extensions.

Build docs developers (and LLMs) love

Get started for freeTalk to us