Django Beyond Basics

Who is this for?

NOOB GOOD CHUCK NORRIS

What I thought…

NOOB GOOD CHUCK NORRIS

It is more like… DESIGNER

BIG PICTURE GUY OPERATIONS

ADMIN

RAILS GUY

@arocks arunrocks.com

Hi!

Disclaimer This presentation does not aim to be a

comprehensive overview of any part of Django. There are several tutorials covering various

aspects of the framework. Instead this is talk is part experience sharing, part advocacy and

part entertainment.

What is Django?

It is just a framework!

Definitely not a CMS!

Get the BIG picture

The BIG picture slide

Thanks to Karen Rustad & Asheesh Laroia

Also starring…

• Lightweight, standalone web server for dev • Form serialization and validation system • Flexible caching framework • Support for middleware classes at various levels • Internationalization system • Unit test framework

Why is Django Awesome?

List of awesome-ness

• Admin • Security • Great documentation • Friendly community • Stable • Batteries included • Open Source!

Coming from PHP/ASP background

Coming from PHP/ASP background

Step 1: Forget Everything, esp how easy life was… Step 2: Think architecture first Step 3: Think about Separation of Concerns Step 4: ??? Step 5: Profit!!!

101 bad excuses not to use Django

But Django is too heavy!

Flask from flask import Flask

app = Flask(__name__)

@app.route('/')

def hello_world():

return 'Hello World!'

if __name__ == '__main__':

app.run()

Django example is one file & almost the same size!

Django from django.http import HttpResponse

from django.conf.urls.defaults import patterns

DEBUG=True

ROOT_URLCONF = 'pico'

DATABASES = { 'default': {} }

SECRET_KEY = '0123456789‘ * 50

def index(request):

return HttpResponse('Hello World!')

urlpatterns = patterns('', (r'^$', index))

$ PYTHONPATH=. django-admin.py runserver

0.0.0.0:8000 --settings=pico

No, It is batteries included!

(+ cool downloadable apps)

But Django is too ugly!

Why use: “example.com/product/[0-9]+”

?

Isn’t this is much cooler: “example.com/product/{id}”

? SQL Injection!

example.com/product/1 or 1=1 will become:

SELECT * FROM Products WHERE ID = 1 OR 1=1

Even Django will not always save you: “example.com/product/(.+)”

Avoid!

Be as strict as possible: “example.com/product/[0-9]+”

Looks prettier now, huh?

Why not Django?

• Unusually high performance needs • Existing Database models? • Migrations? • ORM/ Template is not enough

In other words, you want to replace all of Django’s components. Which you would eventually?!

Best Practices

• Distrust outside data. Sanitize everything! • Don’t leak implementation details. • Fatter Models/Managers and Leaner Views • Follow PEP8 and readable names • Be as DRY as possible. • Break down into reusable Apps

novice questions

What is a QuerySet? Why is media separate?

Which IDE? How to deploy?

Must-learn Python Packages

Must-learn Python Packages

• Pip – Don’t start without this!

• iPython/BPython – Better than vanilla console

• Pudb – Best debugger

• Fabric – Easy deployment

But what goes well with Django?

Must-learn Django Packages

Must-learn Django Packages

• Django-debug-toolbar – Only in DEV! • Django_compressor – Not just compression • Django-extensions – Tons of goodies • South – Getting integrated? • Celery – Delayed Gratification • Tastypie *– Build yummy APIs

* Or anything that suits you

Other cool Django Packages

• Django social auth: One app to most Social logins • Django Paypal: PayPal Payments Standard & Pro • crispy-forms: Nice HTML for forms • django-taggit: Implement tags easily • Psycopg2: Talk to PostgreSQL, a solid database • django-storages: Store anywhere - Cloud, DB or FTP

My Django Workflow

1) Create a new Django project 2) Find a 3rd party app or create an app 3) Write/Improve models.py 4) Play with queries on console. Run syncdb. 5) Add a bare admin.py 6) Add data from admin UI 7) Write views.py. Leverage CBVs 8) If needed, add a model form to forms.py 9) Add views to urls.py 10) Jump to step 3 till app looks good 11) jump to step 2

For examples, head to arunrocks.com

A simplistic Django workflow…

1) Create a new Django project 2) Find a 3rd party app or create an app 3) Write/Improve models.py 4) Play with queries on console. Repeat step 3 5) Add a bare admin.py 6) Add data from admin UI 7) Write views.py. Leverage CBVs 8) If needed, add a model form to forms.py 9) Add views to urls.py 10) Jump to step 3 till app looks good

Make friends with Git, South, Fabric…

A better Django workflow…

$ ./manage.py schemamigration app --initial

$ ./manage.py migrate app

$ ./manage.py schemamigration app --auto

$ git init

Write tests.py

Fabric/Puppet/Chef

Forms are easy!

Forms are easy!

• Use forms as much as possible (Hint: security) • ModelForms cover most uses case • But select which fields show in ModelForms • Hard set all defaults before form.save • FormView is a great generic view for forms • Using bootstrap? Use crispy-forms to save time

Should I use CBVs?

Ok, I made a Django site. Now what?

Ok, I made a Django site. Now what?

• Turn off DEBUG • Use HTTPS logins • Set X-Frame-

Options header • Use SESSION_COOKIE_

SECURE • Change /admin/ url Or easier, go to

http://ponycheckup.com/

@arocks