10.14. Wrap up

The cam in the yard now watches what’s in front of it, streams the view to whichever phone is logged in, fires Server-Sent Events the moment something moves, accepts dashboard commands over a WebSocket, and uploads a JPEG of every triggered frame to a cloud archive – all over HTTPS, behind a login, with CORS and CSRF closing the door on cross-site mischief. One script, four background coroutines sharing the asyncio loop with one HTTP server, three small files in /sdcard/static/ for the dashboard, one signing secret on the filesystem.

10.14.1. Reference roadmap

When you reach for one of these features in your own application, the reference pages are the lookup destinations:

• microdot — minimal HTTP framework – microdot.Microdot, Request, Response, the route decorators, mount(), microdot.abort(), microdot.redirect(), start_server(), run().

• microdot.auth — HTTP authentication – BasicAuth and TokenAuth for header-based auth.

• microdot.session — signed cookie sessions – the signed-cookie session store.

• microdot.login — user login flow – the login flow built on top of session.

• microdot.sse — Server-Sent Events – Server-Sent Events for one-way push.

• microdot.websocket — WebSocket support – WebSockets for two-way framed messaging.

• microdot.cors — Cross-Origin Resource Sharing – the CORS middleware.

• microdot.csrf — CSRF protection – the CSRF middleware.

• microdot.multipart — multipart/form-data parsing – form and file upload parsing (the backyard cam doesn’t accept uploads, but most dashboards eventually do).

• jwt — JSON Web Tokens – the JWT primitive that backs both TokenAuth and the session store.

• requests — HTTP client – the outbound HTTP client.

Each one is a one-page lookup. Use them now that you’ve seen each piece in context.