Although I understand the idea, there is a couple of possible issues.
- Continuous open-to-anyone-everywhere attack-vector of the DNAT-entry pointing to your web-page.
- Un-encrypted "admin" credentials in the Python files ; if ever compromised you have full power on the Mikrotik
- Only 1 "stage" , meaning making the request to the correct URL and you are in.
I also use port-knocking in a 3-stage setup, meaning 3 knocks are required (random ports, mix of UDP/TCP), within a certain time-frame (seconds) to give access for a specified duration.
Much,much more secure, I would say near impossible to "guess" it and there is no permanent "patchhole" like you have pointing to your Phythong webserver.
Any smartphone could run such app where you can pre-configure the knocking-sequence. If your user is eg. sitting in a hotel he can use the Hotel Wifi and perform the sequence, then the laptop (also connected on Hotel-wifi) probably uses the same public-IP and is therefore also usable. (same applies if at home)
Or the use could use his phone on 4G in "tethering" mode and act as wireless AP for the laptop to work on after sequencing the port-knock.
The alternative offcourse is "VPN"