Django's Architecture: The Good, The Bad, and The Ugly

Transcript

1. 1.

   The Good, The Bad, & The Ugly Django's Architecture: Andrew

   Godwin FOSDEM 2011
2. 2.

   Django core committer Mercenary programmer Startup founder (ep.io)

3. 3.

   Django: A Brief History

4. 4.

   Initial Public Release in 2005

5. 5.

   1.0 in 2008

6. 6.

   1.3 in a few weeks

7. 7.

   Basic Layout

8. 8.

   contrib core db dispatch http forms middleware shortcuts templates views

9. 9.

   contrib admin auth comments contenttypes flatpages gis humanize localflavor messages

   sessions staticfiles syndication
10. 10.

    core cache files handlers mail management serializers servers paginator urlresolvers

    validators
11. 11.

    db backends models

12. 12.

    others views.decorators views.generic csrf test forms.widgets forms.fields forms.formsets forms.models

13. 13.

    Almost every piece of code has been changed since 2005

14. 14.

    ""Good, Bad, Ugly?""

15. 15.

    Lessons from both the past and the present

16. 16.

    Some stuff here is historical (we fixed it, thankfully)

17. 17.

    There's still nasty bits (we're working on those)

18. 18.

    The Good

19. 19.

    contrib.admin

20. 20.

    admin.site.register( Book, list_display = [ "title", "slug", ], prepopulated_fields =

    { "slug": ( "title", "description", ) } )
21. 21.

    The Model Layer (sometimes incorrectly called the ORM)

22. 22.

    Sensible Abstractions (sessions, caching, mail, etc.)

23. 23.

    GeoDjango (contrib.gis)

24. 24.

    from django.contrib.gis.db import models class Lakes(models.Model): name = models.CharField(max_length=100) rate

    = models.IntegerField() geom = models.MultiPolygonField() objects = models.GeoManager() >>> lake3 = Lakes.objects.get(id=3) >>> newlake.geom.contains(lake3.geom) True
25. 25.

    None
26. 26.

    Debugging Tools (./manage.py shell, testing tools, culture)

27. 27.

    CSRF Protection (the new type)

28. 28.

    Auto-escaping

29. 29.

    View API simplicity

30. 30.

    Python

31. 31.

    MultiDB

32. 32.

    Small actual core

33. 33.

    Documentation (both the core docs and the culture)

34. 34.

    The Community

35. 35.

    Not being too high-level

36. 36.

    The Bad

37. 37.

    pre-1.2 CSRF Would you like token leakage with that?

38. 38.

    <form action="/someview/" method="POST"> ... </form>

39. 39.

    <form action="/someview/" method="POST"> ... <input name="csrftoken" ...></form>

40. 40.

    <form action="http://evil.com" method="POST"> ... <input name="csrftoken" ...></form>

41. 41.

    Schema changes Add a column? Oh, no, not sure we

    can do that.
42. 42.

    Template Implementation Hasn't changed that much.

43. 43.

    The Ugly

44. 44.

    ""Magic"" It's hard to define, but you know it when

    you see it.
45. 45.

    Too many regular expressions They're great until they're 100+ chars

    long
46. 46.

    (^[-!#$%&'*+/=?^_`{}|~0-9A-Z]+(\.[-!#$%&'*+/=?^_`{}|~0-9A-Z]+)* # dot-atom |^"([\001-\010\013\014\016-\037!#-\[\]-\177]|\\[\001-011\013\014\016-\177])*" # quoted-string )@(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?$' # domain (^[-!#$%&'*+/=?^_`{}|~0-9A-Z]+(\.[-!#$%&'*+/=?^_`{}|~0-9A-Z]+)*

    # dot-atom |^"([\001-\010\013\014\016-\037!#-\[\]-\177]|\\[\001-011\013\014\016-\177])*" # quoted-string )@(?:[A-Z0-9]+(?:-*[A-Z0-9]+)*\.)+[A-Z]{2,6}$ # domain
47. 47.

    Customising Auth Can't really touch it.

48. 48.

    {% endifnotequal %} Thankfully we fixed this in 1.2.

49. 49.

    Are there lessons to be learnt?

50. 50.

    Not everything needs fixing now A lot of these issues

    have third-party solutions
51. 51.

    How do you get better? Consistency, not always writing new

    features, and people with too much free time.
52. 52.

    Thanks. Andrew Godwin @andrewgodwin http://aeracode.org