Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Django's Architecture: The Good, The Bad, and The Ugly
Search
Andrew Godwin
October 22, 2011
Programming
21
14k
Django's Architecture: The Good, The Bad, and The Ugly
A talk I gave at FOSDEM 2011.
Andrew Godwin
October 22, 2011
Tweet
Share
More Decks by Andrew Godwin
See All by Andrew Godwin
Reconciling Everything
andrewgodwin
1
230
Django Through The Years
andrewgodwin
0
110
Writing Maintainable Software At Scale
andrewgodwin
0
350
A Newcomer's Guide To Airflow's Architecture
andrewgodwin
0
270
Async, Python, and the Future
andrewgodwin
2
560
How To Break Django: With Async
andrewgodwin
1
610
Taking Django's ORM Async
andrewgodwin
0
620
The Long Road To Asynchrony
andrewgodwin
0
540
The Scientist & The Engineer
andrewgodwin
1
630
Other Decks in Programming
See All in Programming
Rustのweb開発を助ける 便利なツール紹介
yuki0418
1
190
CSC307 Lecture 06
javiergs
PRO
0
360
Javaの現状2024夏 / Java current status 2024 summer
kishida
4
1.4k
データカタログ運用物語 〜令和6年夏の理想と現実〜
kuro_kurorrr
0
110
MIERUNE BBQにおけるユーザー中心設計()
mierune
PRO
1
110
CSC307 Lecture 07
javiergs
PRO
0
220
From Spring Boot 2 to Spring Boot 3 with Java 22 and Jakarta EE
ivargrimstad
0
1.9k
Ruby メモリ管理 プログラミング
megmogmog1965
0
130
AWSでゲームサーバーを運用! Amazon GameLiftのお話
iriikeita
0
200
開発部に不満を持っていたCSがエンジニアにジョブチェンしてわかった「勝手に諦めない」ことの大切さ
sakuraikotone
28
16k
CSC307 Lecture 08
javiergs
PRO
0
330
SRE チーム立ち上げ前に考えたこと・取り組んだこと / Considerations and Preparations Before Establishing an SRE Team
mackey0225
3
320
Featured
See All Featured
Automating Front-end Workflow
addyosmani
1362
200k
Building a Modern Day E-commerce SEO Strategy
aleyda
25
6.7k
Writing Fast Ruby
sferik
623
60k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
353
29k
No one is an island. Learnings from fostering a developers community.
thoeni
17
2.8k
A Tale of Four Properties
chriscoyier
155
22k
Infographics Made Easy
chrislema
238
18k
Rebuilding a faster, lazier Slack
samanthasiow
78
8.5k
Fontdeck: Realign not Redesign
paulrobertlloyd
79
5.1k
The World Runs on Bad Software
bkeepers
PRO
63
11k
Rails Girls Zürich Keynote
gr2m
93
13k
Agile that works and the tools we love
rasmusluckow
325
20k
Transcript
The Good, The Bad, & The Ugly Django's Architecture: Andrew
Godwin FOSDEM 2011
Django core committer Mercenary programmer Startup founder (ep.io)
Django: A Brief History
Initial Public Release in 2005
1.0 in 2008
1.3 in a few weeks
Basic Layout
contrib core db dispatch http forms middleware shortcuts templates views
contrib admin auth comments contenttypes flatpages gis humanize localflavor messages
sessions staticfiles syndication
core cache files handlers mail management serializers servers paginator urlresolvers
validators
db backends models
others views.decorators views.generic csrf test forms.widgets forms.fields forms.formsets forms.models
Almost every piece of code has been changed since 2005
""Good, Bad, Ugly?""
Lessons from both the past and the present
Some stuff here is historical (we fixed it, thankfully)
There's still nasty bits (we're working on those)
The Good
contrib.admin
admin.site.register( Book, list_display = [ "title", "slug", ], prepopulated_fields =
{ "slug": ( "title", "description", ) } )
The Model Layer (sometimes incorrectly called the ORM)
Sensible Abstractions (sessions, caching, mail, etc.)
GeoDjango (contrib.gis)
from django.contrib.gis.db import models class Lakes(models.Model): name = models.CharField(max_length=100) rate
= models.IntegerField() geom = models.MultiPolygonField() objects = models.GeoManager() >>> lake3 = Lakes.objects.get(id=3) >>> newlake.geom.contains(lake3.geom) True
None
Debugging Tools (./manage.py shell, testing tools, culture)
CSRF Protection (the new type)
Auto-escaping
View API simplicity
Python
MultiDB
Small actual core
Documentation (both the core docs and the culture)
The Community
Not being too high-level
The Bad
pre-1.2 CSRF Would you like token leakage with that?
<form action="/someview/" method="POST"> ... </form>
<form action="/someview/" method="POST"> ... <input name="csrftoken" ...></form>
<form action="http://evil.com" method="POST"> ... <input name="csrftoken" ...></form>
Schema changes Add a column? Oh, no, not sure we
can do that.
Template Implementation Hasn't changed that much.
The Ugly
""Magic"" It's hard to define, but you know it when
you see it.
Too many regular expressions They're great until they're 100+ chars
long
(^[-!#$%&'*+/=?^_`{}|~0-9A-Z]+(\.[-!#$%&'*+/=?^_`{}|~0-9A-Z]+)* # dot-atom |^"([\001-\010\013\014\016-\037!#-\[\]-\177]|\\[\001-011\013\014\016-\177])*" # quoted-string )@(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?$' # domain (^[-!#$%&'*+/=?^_`{}|~0-9A-Z]+(\.[-!#$%&'*+/=?^_`{}|~0-9A-Z]+)*
# dot-atom |^"([\001-\010\013\014\016-\037!#-\[\]-\177]|\\[\001-011\013\014\016-\177])*" # quoted-string )@(?:[A-Z0-9]+(?:-*[A-Z0-9]+)*\.)+[A-Z]{2,6}$ # domain
Customising Auth Can't really touch it.
{% endifnotequal %} Thankfully we fixed this in 1.2.
Are there lessons to be learnt?
Not everything needs fixing now A lot of these issues
have third-party solutions
How do you get better? Consistency, not always writing new
features, and people with too much free time.
Thanks. Andrew Godwin @andrewgodwin http://aeracode.org