Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Django's Architecture: The Good, The Bad, and The Ugly
Search
Andrew Godwin
October 22, 2011
Programming
21
14k
Django's Architecture: The Good, The Bad, and The Ugly
A talk I gave at FOSDEM 2011.
Andrew Godwin
October 22, 2011
Tweet
Share
More Decks by Andrew Godwin
See All by Andrew Godwin
Reconciling Everything
andrewgodwin
1
200
Django Through The Years
andrewgodwin
0
86
Writing Maintainable Software At Scale
andrewgodwin
0
330
A Newcomer's Guide To Airflow's Architecture
andrewgodwin
0
240
Async, Python, and the Future
andrewgodwin
2
540
How To Break Django: With Async
andrewgodwin
1
570
Taking Django's ORM Async
andrewgodwin
0
580
The Long Road To Asynchrony
andrewgodwin
0
510
The Scientist & The Engineer
andrewgodwin
1
570
Other Decks in Programming
See All in Programming
educure_カリキュラム生操作マニュアル.pdf
linew_official
0
810
PHP8.3の機能を振り返る / Review of PHP 8.3 features
seike460
PRO
1
110
TCAとKMPを用いた新規動画配信アプリ 「ABEMA Live」の設計
tomu28
1
110
Milestoner
bkuhlmann
1
410
R言語の環境構築と基礎 Tokyo.R 112
bob3bob3
0
270
雑に思考を整理する技術と効能
konifar
60
29k
大規模Reactアプリのリアーキテクチャ~8万行のTanStack Query移行の軌跡~
kj455
4
960
冗長なエラーログを削減し、スタックトレースを手に入れる / Reducing Verbose Error Logs and Obtaining Stack Traces
upamune
0
770
Anthropic Cookbook のおすすめレシピ
schroneko
7
980
Goのエラースタックトレースの歴史と今後
sonatard
9
1.5k
デフォルトにして至高、RubyMineの大好きな所
ruzia
0
400
使ってみよう Azure AI Document Intelligence
kosmosebi
2
320
Featured
See All Featured
Build The Right Thing And Hit Your Dates
maggiecrowley
24
2k
How STYLIGHT went responsive
nonsquared
92
4.8k
GitHub's CSS Performance
jonrohan
1025
450k
Code Reviewing Like a Champion
maltzj
514
39k
Into the Great Unknown - MozCon
thekraken
10
990
Statistics for Hackers
jakevdp
789
220k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
2
3.4k
What’s in a name? Adding method to the madness
productmarketing
PRO
16
2.6k
Keith and Marios Guide to Fast Websites
keithpitt
408
22k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
25
2.3k
Rebuilding a faster, lazier Slack
samanthasiow
73
8.2k
BBQ
matthewcrist
80
8.8k
Transcript
The Good, The Bad, & The Ugly Django's Architecture: Andrew
Godwin FOSDEM 2011
Django core committer Mercenary programmer Startup founder (ep.io)
Django: A Brief History
Initial Public Release in 2005
1.0 in 2008
1.3 in a few weeks
Basic Layout
contrib core db dispatch http forms middleware shortcuts templates views
contrib admin auth comments contenttypes flatpages gis humanize localflavor messages
sessions staticfiles syndication
core cache files handlers mail management serializers servers paginator urlresolvers
validators
db backends models
others views.decorators views.generic csrf test forms.widgets forms.fields forms.formsets forms.models
Almost every piece of code has been changed since 2005
""Good, Bad, Ugly?""
Lessons from both the past and the present
Some stuff here is historical (we fixed it, thankfully)
There's still nasty bits (we're working on those)
The Good
contrib.admin
admin.site.register( Book, list_display = [ "title", "slug", ], prepopulated_fields =
{ "slug": ( "title", "description", ) } )
The Model Layer (sometimes incorrectly called the ORM)
Sensible Abstractions (sessions, caching, mail, etc.)
GeoDjango (contrib.gis)
from django.contrib.gis.db import models class Lakes(models.Model): name = models.CharField(max_length=100) rate
= models.IntegerField() geom = models.MultiPolygonField() objects = models.GeoManager() >>> lake3 = Lakes.objects.get(id=3) >>> newlake.geom.contains(lake3.geom) True
None
Debugging Tools (./manage.py shell, testing tools, culture)
CSRF Protection (the new type)
Auto-escaping
View API simplicity
Python
MultiDB
Small actual core
Documentation (both the core docs and the culture)
The Community
Not being too high-level
The Bad
pre-1.2 CSRF Would you like token leakage with that?
<form action="/someview/" method="POST"> ... </form>
<form action="/someview/" method="POST"> ... <input name="csrftoken" ...></form>
<form action="http://evil.com" method="POST"> ... <input name="csrftoken" ...></form>
Schema changes Add a column? Oh, no, not sure we
can do that.
Template Implementation Hasn't changed that much.
The Ugly
""Magic"" It's hard to define, but you know it when
you see it.
Too many regular expressions They're great until they're 100+ chars
long
(^[-!#$%&'*+/=?^_`{}|~0-9A-Z]+(\.[-!#$%&'*+/=?^_`{}|~0-9A-Z]+)* # dot-atom |^"([\001-\010\013\014\016-\037!#-\[\]-\177]|\\[\001-011\013\014\016-\177])*" # quoted-string )@(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?$' # domain (^[-!#$%&'*+/=?^_`{}|~0-9A-Z]+(\.[-!#$%&'*+/=?^_`{}|~0-9A-Z]+)*
# dot-atom |^"([\001-\010\013\014\016-\037!#-\[\]-\177]|\\[\001-011\013\014\016-\177])*" # quoted-string )@(?:[A-Z0-9]+(?:-*[A-Z0-9]+)*\.)+[A-Z]{2,6}$ # domain
Customising Auth Can't really touch it.
{% endifnotequal %} Thankfully we fixed this in 1.2.
Are there lessons to be learnt?
Not everything needs fixing now A lot of these issues
have third-party solutions
How do you get better? Consistency, not always writing new
features, and people with too much free time.
Thanks. Andrew Godwin @andrewgodwin http://aeracode.org