django: beyond basics
TRANSCRIPT
Django Beyond Basics
Who is this for?
NOOB GOOD CHUCK NORRIS
What I thought…
NOOB GOOD CHUCK NORRIS
It is more like… DESIGNER
BIG PICTURE GUY OPERATIONS
ADMIN
RAILS GUY
@arocks arunrocks.com
Hi!
Disclaimer This presentation does not aim to be a
comprehensive overview of any part of Django. There are several tutorials covering various
aspects of the framework. Instead this is talk is part experience sharing, part advocacy and
part entertainment.
What is Django?
It is just a framework!
Definitely not a CMS!
Get the BIG picture
The BIG picture slide
Thanks to Karen Rustad & Asheesh Laroia
Also starring…
• Lightweight, standalone web server for dev • Form serialization and validation system • Flexible caching framework • Support for middleware classes at various levels • Internationalization system • Unit test framework
Why is Django Awesome?
List of awesome-ness
• Admin • Security • Great documentation • Friendly community • Stable • Batteries included • Open Source!
Coming from PHP/ASP background
Coming from PHP/ASP background
Step 1: Forget Everything, esp how easy life was… Step 2: Think architecture first Step 3: Think about Separation of Concerns Step 4: ??? Step 5: Profit!!!
101 bad excuses not to use Django
But Django is too heavy!
Flask from flask import Flask
app = Flask(__name__)
@app.route('/')
def hello_world():
return 'Hello World!'
if __name__ == '__main__':
app.run()
Django example is one file & almost the same size!
Django from django.http import HttpResponse
from django.conf.urls.defaults import patterns
DEBUG=True
ROOT_URLCONF = 'pico'
DATABASES = { 'default': {} }
SECRET_KEY = '0123456789‘ * 50
def index(request):
return HttpResponse('Hello World!')
urlpatterns = patterns('', (r'^$', index))
$ PYTHONPATH=. django-admin.py runserver
0.0.0.0:8000 --settings=pico
No, It is batteries included!
(+ cool downloadable apps)
But Django is too ugly!
Why use: “example.com/product/[0-9]+”
?
Isn’t this is much cooler: “example.com/product/{id}”
? SQL Injection!
example.com/product/1 or 1=1 will become:
SELECT * FROM Products WHERE ID = 1 OR 1=1
Even Django will not always save you: “example.com/product/(.+)”
Avoid!
Be as strict as possible: “example.com/product/[0-9]+”
Looks prettier now, huh?
Why not Django?
• Unusually high performance needs • Existing Database models? • Migrations? • ORM/ Template is not enough
In other words, you want to replace all of Django’s components. Which you would eventually?!
Best Practices
• Distrust outside data. Sanitize everything! • Don’t leak implementation details. • Fatter Models/Managers and Leaner Views • Follow PEP8 and readable names • Be as DRY as possible. • Break down into reusable Apps
novice questions
What is a QuerySet? Why is media separate?
Which IDE? How to deploy?
Must-learn Python Packages
Must-learn Python Packages
• Pip – Don’t start without this!
• iPython/BPython – Better than vanilla console
• Pudb – Best debugger
• Fabric – Easy deployment
But what goes well with Django?
Must-learn Django Packages
Must-learn Django Packages
• Django-debug-toolbar – Only in DEV! • Django_compressor – Not just compression • Django-extensions – Tons of goodies • South – Getting integrated? • Celery – Delayed Gratification • Tastypie *– Build yummy APIs
* Or anything that suits you
Other cool Django Packages
• Django social auth: One app to most Social logins • Django Paypal: PayPal Payments Standard & Pro • crispy-forms: Nice HTML for forms • django-taggit: Implement tags easily • Psycopg2: Talk to PostgreSQL, a solid database • django-storages: Store anywhere - Cloud, DB or FTP
My Django Workflow
1) Create a new Django project 2) Find a 3rd party app or create an app 3) Write/Improve models.py 4) Play with queries on console. Run syncdb. 5) Add a bare admin.py 6) Add data from admin UI 7) Write views.py. Leverage CBVs 8) If needed, add a model form to forms.py 9) Add views to urls.py 10) Jump to step 3 till app looks good 11) jump to step 2
For examples, head to arunrocks.com
A simplistic Django workflow…
1) Create a new Django project 2) Find a 3rd party app or create an app 3) Write/Improve models.py 4) Play with queries on console. Repeat step 3 5) Add a bare admin.py 6) Add data from admin UI 7) Write views.py. Leverage CBVs 8) If needed, add a model form to forms.py 9) Add views to urls.py 10) Jump to step 3 till app looks good
Make friends with Git, South, Fabric…
A better Django workflow…
$ ./manage.py schemamigration app --initial
$ ./manage.py migrate app
$ ./manage.py schemamigration app --auto
$ git init
Write tests.py
Fabric/Puppet/Chef
Forms are easy!
Forms are easy!
• Use forms as much as possible (Hint: security) • ModelForms cover most uses case • But select which fields show in ModelForms • Hard set all defaults before form.save • FormView is a great generic view for forms • Using bootstrap? Use crispy-forms to save time
Should I use CBVs?
Ok, I made a Django site. Now what?
Ok, I made a Django site. Now what?
• Turn off DEBUG • Use HTTPS logins • Set X-Frame-
Options header • Use SESSION_COOKIE_
SECURE • Change /admin/ url Or easier, go to
http://ponycheckup.com/
@arocks