$30 off During Our Annual Pro Sale. View Details »

Django's Architecture: The Good, The Bad, and The Ugly

Django's Architecture: The Good, The Bad, and The Ugly

A talk I gave at FOSDEM 2011.

Andrew Godwin

October 22, 2011
Tweet

More Decks by Andrew Godwin

Other Decks in Programming

Transcript

  1. The Good, The Bad, & The Ugly
    Django's Architecture:
    Andrew Godwin
    FOSDEM 2011

    View Slide

  2. Django core committer
    Mercenary programmer
    Startup founder (ep.io)

    View Slide

  3. Django: A Brief History

    View Slide

  4. Initial Public Release in 2005

    View Slide

  5. 1.0 in 2008

    View Slide

  6. 1.3 in a few weeks

    View Slide

  7. Basic Layout

    View Slide

  8. contrib
    core
    db
    dispatch
    http
    forms
    middleware
    shortcuts
    templates
    views

    View Slide

  9. contrib
    admin
    auth
    comments
    contenttypes
    flatpages
    gis
    humanize
    localflavor
    messages
    sessions
    staticfiles
    syndication

    View Slide

  10. core
    cache
    files
    handlers
    mail
    management
    serializers
    servers
    paginator
    urlresolvers
    validators

    View Slide

  11. db
    backends models

    View Slide

  12. others
    views.decorators
    views.generic
    csrf
    test
    forms.widgets
    forms.fields
    forms.formsets
    forms.models

    View Slide

  13. Almost every piece of code
    has been changed since 2005

    View Slide

  14. ""Good, Bad, Ugly?""

    View Slide

  15. Lessons from both the
    past and the present

    View Slide

  16. Some stuff here is historical
    (we fixed it, thankfully)

    View Slide

  17. There's still nasty bits
    (we're working on those)

    View Slide

  18. The Good

    View Slide

  19. contrib.admin

    View Slide

  20. admin.site.register(
    Book,
    list_display = [
    "title",
    "slug",
    ],
    prepopulated_fields = {
    "slug": (
    "title",
    "description",
    )
    }
    )

    View Slide

  21. The Model Layer
    (sometimes incorrectly called the ORM)

    View Slide

  22. Sensible Abstractions
    (sessions, caching, mail, etc.)

    View Slide

  23. GeoDjango
    (contrib.gis)

    View Slide

  24. from django.contrib.gis.db import models
    class Lakes(models.Model):
    name = models.CharField(max_length=100)
    rate = models.IntegerField()
    geom = models.MultiPolygonField()
    objects = models.GeoManager()
    >>> lake3 = Lakes.objects.get(id=3)
    >>> newlake.geom.contains(lake3.geom)
    True

    View Slide

  25. View Slide

  26. Debugging Tools
    (./manage.py shell, testing tools, culture)

    View Slide

  27. CSRF Protection
    (the new type)

    View Slide

  28. Auto-escaping

    View Slide

  29. View API simplicity

    View Slide

  30. Python

    View Slide

  31. MultiDB

    View Slide

  32. Small actual core

    View Slide

  33. Documentation
    (both the core docs and the culture)

    View Slide

  34. The Community

    View Slide

  35. Not being too high-level

    View Slide

  36. The Bad

    View Slide

  37. pre-1.2 CSRF
    Would you like token leakage with that?

    View Slide


  38. ...

    View Slide


  39. ...

    View Slide


  40. ...

    View Slide

  41. Schema changes
    Add a column? Oh, no, not sure we can do that.

    View Slide

  42. Template Implementation
    Hasn't changed that much.

    View Slide

  43. The Ugly

    View Slide

  44. ""Magic""
    It's hard to define, but you know it
    when you see it.

    View Slide

  45. Too many regular expressions
    They're great until they're 100+ chars long

    View Slide

  46. (^[-!#$%&'*+/=?^_`{}|~0-9A-Z]+(\.[-!#$%&'*+/=?^_`{}|~0-9A-Z]+)* # dot-atom
    |^"([\001-\010\013\014\016-\037!#-\[\]-\177]|\\[\001-011\013\014\016-\177])*" # quoted-string
    )@(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?$' # domain
    (^[-!#$%&'*+/=?^_`{}|~0-9A-Z]+(\.[-!#$%&'*+/=?^_`{}|~0-9A-Z]+)* # dot-atom
    |^"([\001-\010\013\014\016-\037!#-\[\]-\177]|\\[\001-011\013\014\016-\177])*" # quoted-string
    )@(?:[A-Z0-9]+(?:-*[A-Z0-9]+)*\.)+[A-Z]{2,6}$ # domain

    View Slide

  47. Customising Auth
    Can't really touch it.

    View Slide

  48. {% endifnotequal %}
    Thankfully we fixed this in 1.2.

    View Slide

  49. Are there lessons to be learnt?

    View Slide

  50. Not everything needs fixing now
    A lot of these issues have third-party solutions

    View Slide

  51. How do you get better?
    Consistency, not always writing new features,
    and people with too much free time.

    View Slide

  52. Thanks.
    Andrew Godwin
    @andrewgodwin
    http://aeracode.org

    View Slide