Django App-gehoben

Transcript

1. App-gehoben PyCon DE, 31.Oktober 2012 Frank Becker <[email protected]> Mittwoch, 31.

   Oktober 12

2. Motivation http://www.djangopackages.com @robert_winslow: So much of software development is about

   discovering and grokking the wheels someone else already made for you. Mittwoch, 31. Oktober 12

3. • shell_plus • create_app (von Dia UML file) • export_emails

   (aller User) • graph_models (graphviz) • Jobs scheduling • TimeStampedModel ABS (created, modified) • Field Extensions (AutoSlugField, CreationDateTimeField, ModificationDateTimeField, UUIDField, EncryptedCharField, EncryptedTextField) • print_settings • sqldiff • sqlcreate • RunServerPlus (werkzeug) • RunProfileServer django-extensions Mittwoch, 31. Oktober 12

4. Mittwoch, 31. Oktober 12

5. django-braces Class Based Generic Views sind cool, aber... • LoginRequiredMixin

   • PermissionRequiredMixin • MultiplePermissionsRequiredMixin • SuperuserRequiredMixin • UserFormKwargsMixin • UserKwargModelFormMixin • SuccessURLRedirectListMixin • SetHeadlineMixin • CreateAndRedirectToEditView • SelectRelatedMixin • StaffuserRequiredMixin • JSONResponseMixin • AjaxResponseMixin Mittwoch, 31. Oktober 12

6. django-braces from django.views.generic import TemplateView from braces.views import LoginRequiredMixin, PermissionRequiredMixin

   class SomeSecretView(LoginRequiredMixin, TemplateView): template_name = "path/to/template.html" def get(self, request): return self.render_to_response({}) class SomeProtectedView(LoginRequiredMixin, PermissionRequiredMixin, TemplateView): permission_required = "auth.change_user" template_name = "path/to/template.html" Mittwoch, 31. Oktober 12

7. django-bootstrap http://paltman.com/2012/08/23/twitter-bootstrap-and-ajax/ # only adding this request.is_ajax() block to the

   existing views.py @login_required def message_list(request): if request.is_ajax(): data = { "html": render_to_string("messages/_message_list.html", { "messages": request.user.messages.all() }, context_instance=RequestContext(request)) } return HttpResponse(json.dumps(data), mimetype="application/json") return render(request, "messages/message_list.html", { "messages": request.user.messages.all(), "form": MessageForm() }) # messages.html {% extends "messages/base.html" %} {% block body %} <h1>Your Messages</h1> <p class="lead">Here is a stream of your messages.</p> <{% include "messages/_message_form.html with form=form %}> {% include "messages/_message_list.html" with messages=messages %} {% endblock %} {% block extra_body %} <script src="{% static "js/bootstrap-ajax.js" %}"></script> {% endblock %} Mittwoch, 31. Oktober 12

8. #_message_list.html <div class="messages" data-refresh-url="{% url messages %}"> {% for message

   in messages %} {% include "messages/_message.html" with message=message %} {% endfor %} </div> #_message_form.html {% load bootstrap_tags %} <form action="{% url message_list %}" method="post" id="message-form" class="form ajax" data-replace="#message-form" data-refresh=".messages,.message-count"> {% csrf_token %} {{ form|as_bootstrap }} <div class="form-actions"> <button type="submit" class="btn btn-primary">Submit</button> </div> </form> Mittwoch, 31. Oktober 12

9. django-secure • SECURE_SSL_REDIRECT • SECURE_HSTS_SECONDS • SECURE_FRAME_DENY • SECURE_CONTENT_TYPE_NOSNIFF •

   SECURE_BROWSER_XSS_FILTER • SESSION_COOKIE_SECURE + SESSION_COOKIE_HTTPONLY • python manage.py checksecure Mittwoch, 31. Oktober 12

10. ... Running djangosecure.check.sessions.check_session_cookie_httponly... OK Running djangosecure.check.djangosecure.check_security_middleware... OK Running djangosecure.check.djangosecure.check_sts... FAIL

    You have not set a value for the SECURE_HSTS_SECONDS setting. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security (see http://en.wikipedia.org/wiki/Strict_Transport_Security). Running djangosecure.check.djangosecure.check_sts_include_subdomains... FAIL You have not set the SECURE_HSTS_INCLUDE_SUBDOMAINS setting to True. Without this, your site is potentially vulnerable to attack via an insecure connection to a subdomain. Running djangosecure.check.djangosecure.check_frame_deny... FAIL Your SECURE_FRAME_DENY setting is not set to True, so your pages will not be served with an 'x-frame-options: DENY' header. Unless there is a good reason for your site to be served in a frame, you should consider enabling this header to help prevent clickjacking attacks. ... Mittwoch, 31. Oktober 12

11. South • Muss man haben. • DB Schemamigration • python

    manage.py schemamigration APP --init • python manage.py schemamigration APP --auto Mittwoch, 31. Oktober 12

12. debug-toolbar Mittwoch, 31. Oktober 12

13. django-cache-panel Mittwoch, 31. Oktober 12

14. django-debugtools • {% print %} • X-View Middleware • jQuery

    debug print Mittwoch, 31. Oktober 12

15. Sentry Mittwoch, 31. Oktober 12

16. django-compressor # base.html template <!-- Le styles --> <link href="{{

    STATIC_URL }}css/ahz/bootstrap.css" rel="stylesheet"> {% compress css %} <link rel="stylesheet" href="{{ STATIC_URL }}css/ahz/custom.scss" type="text/x-scss"> {% endcompress css %} # settings.py COMPRESS_PRECOMPILERS = ( ('text/x-scss', '/.../bin/pyscss -C -o {outfile} {infile}'), ) # rendered html <link rel="stylesheet" href="/static/CACHE/css/0f5901951cca.css" type="text/css" /> Mittwoch, 31. Oktober 12

17. django-pipeline /django- pipeline-compass • Compressor Konkurrent • will ich mir

    mal angucken ... Mittwoch, 31. Oktober 12

18. django-crispy-forms • http://www.slideshare.net/pydanny/advanced- django-forms-usage • Programmatic Forms Mittwoch, 31. Oktober

    12

19. django-crispy-forms https://github.com/maraujop/django-crispy-forms https://gist.github.com/1838193 Mittwoch, 31. Oktober 12

20. django-floppyforms • Widgets rendered per Template • HTML5 Widgets •

    crispy-forms + floppyforms kombinierbar #from django import forms import floppyforms as forms Mittwoch, 31. Oktober 12

21. django-tastypie # myapp/api.py # ============ from tastypie.resources import ModelResource from

    myapp.models import Entry class EntryResource(ModelResource): class Meta: queryset = Entry.objects.all() # urls.py # ======= from django.conf.urls.defaults import * from tastypie.api import Api from myapp.api import EntryResource v1_api = Api(api_name='v1') v1_api.register(EntryResource()) urlpatterns = patterns('', # The normal jazz here then... (r'^api/', include(v1_api.urls)), ) • RESTful API kinderleicht • Batteries included Mittwoch, 31. Oktober 12

22. tastypie-queryset-client Get >>> client = Client("http://api.server.com/your/v1/") >>> client.your.objects.get(name="your") <your: {u"id":

    u"1", u"name": u"your", u"status": u"any"}> Count >>> client = Client("http://api.server.com/your/v1/") >>> client.your.objects.count() 100 Filter >>> client = Client("http://api.server.com/your/v1/") >>> client.your.objects.filter(name="your") <QuerySet <class 'Response'> (3/3)> Mittwoch, 31. Oktober 12

23. django-reversion Mittwoch, 31. Oktober 12

24. django-sse • Server-Sent Events Mittwoch, 31. Oktober 12

25. django-socketio • Web-Sockets Mittwoch, 31. Oktober 12

26. celerymon Mittwoch, 31. Oktober 12

27. easy-thumbnails {# thumbnail [source] [size] [options] #} {% thumbnail person.photo

    100x50 %} Mittwoch, 31. Oktober 12

28. www.djangopackages.com Mittwoch, 31. Oktober 12