Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Django's Architecture: The Good, The Bad, and T...
Search
Andrew Godwin
October 22, 2011
Programming
21
15k
Django's Architecture: The Good, The Bad, and The Ugly
A talk I gave at FOSDEM 2011.
Andrew Godwin
October 22, 2011
Tweet
Share
More Decks by Andrew Godwin
See All by Andrew Godwin
Reconciling Everything
andrewgodwin
1
330
Django Through The Years
andrewgodwin
0
220
Writing Maintainable Software At Scale
andrewgodwin
0
450
A Newcomer's Guide To Airflow's Architecture
andrewgodwin
0
360
Async, Python, and the Future
andrewgodwin
2
680
How To Break Django: With Async
andrewgodwin
1
730
Taking Django's ORM Async
andrewgodwin
0
730
The Long Road To Asynchrony
andrewgodwin
0
660
The Scientist & The Engineer
andrewgodwin
1
780
Other Decks in Programming
See All in Programming
AIを活用し、今後に備えるための技術知識 / Basic Knowledge to Utilize AI
kishida
22
5.8k
Processing Gem ベースの、2D レトロゲームエンジンの開発
tokujiros
2
130
基礎から学ぶ大画面対応(Learning Large-Screen Support from the Ground Up)
tomoya0x00
0
1.3k
Navigation 2 を 3 に移行する(予定)ためにやったこと
yokomii
0
260
概念モデル→論理モデルで気をつけていること
sunnyone
2
190
AI時代のUIはどこへ行く?
yusukebe
18
8.9k
AIコーディングAgentとの向き合い方
eycjur
0
270
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
370
Laravel Boost 超入門
fire_arlo
3
220
アプリの "かわいい" を支えるアニメーションツールRiveについて
uetyo
0
270
私の後悔をAWS DMSで解決した話
hiramax
4
210
MCPとデザインシステムに立脚したデザインと実装の融合
yukukotani
4
1.4k
Featured
See All Featured
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3k
Agile that works and the tools we love
rasmusluckow
330
21k
Docker and Python
trallard
45
3.6k
We Have a Design System, Now What?
morganepeng
53
7.8k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
920
For a Future-Friendly Web
brad_frost
180
9.9k
How GitHub (no longer) Works
holman
315
140k
KATA
mclloyd
32
14k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
44
2.5k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
30
9.7k
Documentation Writing (for coders)
carmenintech
74
5k
Code Reviewing Like a Champion
maltzj
525
40k
Transcript
The Good, The Bad, & The Ugly Django's Architecture: Andrew
Godwin FOSDEM 2011
Django core committer Mercenary programmer Startup founder (ep.io)
Django: A Brief History
Initial Public Release in 2005
1.0 in 2008
1.3 in a few weeks
Basic Layout
contrib core db dispatch http forms middleware shortcuts templates views
contrib admin auth comments contenttypes flatpages gis humanize localflavor messages
sessions staticfiles syndication
core cache files handlers mail management serializers servers paginator urlresolvers
validators
db backends models
others views.decorators views.generic csrf test forms.widgets forms.fields forms.formsets forms.models
Almost every piece of code has been changed since 2005
""Good, Bad, Ugly?""
Lessons from both the past and the present
Some stuff here is historical (we fixed it, thankfully)
There's still nasty bits (we're working on those)
The Good
contrib.admin
admin.site.register( Book, list_display = [ "title", "slug", ], prepopulated_fields =
{ "slug": ( "title", "description", ) } )
The Model Layer (sometimes incorrectly called the ORM)
Sensible Abstractions (sessions, caching, mail, etc.)
GeoDjango (contrib.gis)
from django.contrib.gis.db import models class Lakes(models.Model): name = models.CharField(max_length=100) rate
= models.IntegerField() geom = models.MultiPolygonField() objects = models.GeoManager() >>> lake3 = Lakes.objects.get(id=3) >>> newlake.geom.contains(lake3.geom) True
None
Debugging Tools (./manage.py shell, testing tools, culture)
CSRF Protection (the new type)
Auto-escaping
View API simplicity
Python
MultiDB
Small actual core
Documentation (both the core docs and the culture)
The Community
Not being too high-level
The Bad
pre-1.2 CSRF Would you like token leakage with that?
<form action="/someview/" method="POST"> ... </form>
<form action="/someview/" method="POST"> ... <input name="csrftoken" ...></form>
<form action="http://evil.com" method="POST"> ... <input name="csrftoken" ...></form>
Schema changes Add a column? Oh, no, not sure we
can do that.
Template Implementation Hasn't changed that much.
The Ugly
""Magic"" It's hard to define, but you know it when
you see it.
Too many regular expressions They're great until they're 100+ chars
long
(^[-!#$%&'*+/=?^_`{}|~0-9A-Z]+(\.[-!#$%&'*+/=?^_`{}|~0-9A-Z]+)* # dot-atom |^"([\001-\010\013\014\016-\037!#-\[\]-\177]|\\[\001-011\013\014\016-\177])*" # quoted-string )@(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?$' # domain (^[-!#$%&'*+/=?^_`{}|~0-9A-Z]+(\.[-!#$%&'*+/=?^_`{}|~0-9A-Z]+)*
# dot-atom |^"([\001-\010\013\014\016-\037!#-\[\]-\177]|\\[\001-011\013\014\016-\177])*" # quoted-string )@(?:[A-Z0-9]+(?:-*[A-Z0-9]+)*\.)+[A-Z]{2,6}$ # domain
Customising Auth Can't really touch it.
{% endifnotequal %} Thankfully we fixed this in 1.2.
Are there lessons to be learnt?
Not everything needs fixing now A lot of these issues
have third-party solutions
How do you get better? Consistency, not always writing new
features, and people with too much free time.
Thanks. Andrew Godwin @andrewgodwin http://aeracode.org