Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Django minus Django (DJangoCon EU 2014)

Jacob Kaplan-Moss
May 14, 2014
Technology
12
1.1k

Django minus Django (DJangoCon EU 2014)

Jacob Kaplan-Moss

May 14, 2014
Tweet

More Decks by Jacob Kaplan-Moss

See All by Jacob Kaplan-Moss
To ••• With Passwords
jacobian
3
700
How to Ace a Technical Interview
jacobian
268
21k
Implementing Multi-factor Auth (dotSecurity 2016)
jacobian
9
1.1k
Heroku Under The Hood - Django Under The Hood 2015
jacobian
9
420
Django's request/response cycle - Django Under The Hood 2015
jacobian
9
890
Minimum Viable Security - Wharton Web Conference 2015
jacobian
1
520
Heroku 101 – PyCon 2014
jacobian
1
770
Be Agile, Not Vulnerable: Security engineering in an agile world
jacobian
8
530
Python Everywhere!
jacobian
0
350

Other Decks in Technology

See All in Technology
Elastic Observability 體驗工作坊 @ DevOpsDays Taipei 2022
unclejoe
0
510
AWS ソリューションで車輪の再発明をしない生活
track3jyo
PRO
1
790
Confident Learning
asei
2
870
TokyoR#101_RegressionAnalysis
kilometer
0
140
Building smarter apps with machine learning, from magic to reality
picardparis
4
3.3k
Modularising the Monolith - PHP Conference Japan 2022
avosalmon
1
520
ソフトウェア開発者に必要な考え方 / Necessary mindset for software developers
soudai
20
8.3k
n8nでワークフローを自動化した話 / 20220914_n8n
yug1224
1
780
「いちユーザーがPHPに新機能を追加するまで/PHPConference 2022」
colopl
0
550
SAP Community and Developer Update
sygyzmundovych
0
210
Swiftで我が家を より便利に、安全に!
u503
0
240
DevOpsDays Taipei 2022 Opening
cheng_wei_chen
3
920

Featured

See All Featured
Thoughts on Productivity
jonyablonski
45
2.5k
Side Projects
sachag
451
37k
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
174
8.7k
Six Lessons from altMBA
skipperchong
15
1.5k
Clear Off the Table
cherdarchuk
79
290k
jQuery: Nuts, Bolts and Bling
dougneiner
56
6.5k
Pencils Down: Stop Designing & Start Developing
hursman
113
9.9k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
270
12k
Designing Experiences People Love
moore
130
22k
GitHub's CSS Performance
jonrohan
1020
420k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
109
16k
VelocityConf: Rendering Performance Case Studies
addyosmani
316
22k

Transcript

  1. None

  2. Django is awesome!

  3. But it can’t come with all the awesome.

  4. So let’s go shopping! "

  5. A Day in the Life

  6. A Day in the Life •Django Site

  7. A Day in the Life •Django Site •- Django’s template

    engine

  8. A Day in the Life •Django Site •- Django’s template

    engine •+ Plus Jinja2

  9. A Day in the Life •Django Site •- Django’s template

    engine •+ Plus Jinja2 • No views, only REST

  10. A Day in the Life •Django Site •- Django’s template

    engine •+ Plus Jinja2 • No views, only REST • Plus a whole lot of JavaScript nonsense

  11. A Day in the Life •Django Site •- Django’s template

    engine •+ Plus Jinja2 • No views, only REST • Plus a whole lot of JavaScript nonsense • Start using lots of Redis

  12. A Day in the Life •Django Site •- Django’s template

    engine •+ Plus Jinja2 • No views, only REST • Plus a whole lot of JavaScript nonsense • Start using lots of Redis • Start accessing RDBMS less

  13. A Day in the Life •Django Site •- Django’s template

    engine •+ Plus Jinja2 • No views, only REST • Plus a whole lot of JavaScript nonsense • Start using lots of Redis • Start accessing RDBMS less • Some WSGI Wizardry

  14. A Day in the Life •Django Site •- Django’s template

    engine •+ Plus Jinja2 • No views, only REST • Plus a whole lot of JavaScript nonsense • Start using lots of Redis • Start accessing RDBMS less • Some WSGI Wizardry • Maybe Flask for this bit?

  15. A Day in the Life •Django Site •- Django’s template

    engine •+ Plus Jinja2 • No views, only REST • Plus a whole lot of JavaScript nonsense • Start using lots of Redis • Start accessing RDBMS less • Some WSGI Wizardry • Maybe Flask for this bit? • I hear node is cool…

  16. Batteries included?

  17. TEMPLATES & VIEWS & AUTH & MODELS

  18. Templates

  19. Templates with Jinja2 https://github.com/mitsuhiko/templatetk/blob/master/POST_MORTEM •Jinja2 is basically Django Templates++ •More

    expressive language •Byte-code rendering speedups •Sites using Django+Jinja: •Mozilla •Pitchfork

  20. Could not parse the remainder: '['username']' from 'user['username']' {% extends

    "base.html" %} {% block title %}home{% endblock %} ! {% block content %} {% if user %} Hello {{ user['username'] }} {% endif %} {% endblock content %}

  21. from django.http import HttpResponse from django.template import RequestContext ! from

    jinja2 import Environment, PackageLoader env = Environment(loader=PackageLoader('ourapp', 'templates')) ! def jinja_render(request, template_name, dictionary=None): if not dictionary: dictionary = {} template = env.get_template("index.html") new_context = RequestContext(request, dictionary) context_dict = {} for d in new_context.dicts: context_dict.update(d) ! rendered_template = template.render(**context_dict) return HttpResponse(rendered_template) ! def home(request): # return render(request, "index.html") return jinja_render(request, “index.html") ourapp/views.py

  22. Jingo https://github.com/jbalogh/jingo/ •Install Jingo. •Use all the Django functions.

  23. A Kill To A View

  24. A Brief Over-View • “A view is a callable which

    takes a request and returns a response.”

  25. A Brief Over-View • “A view is a callable which

    takes a request and returns a response.” haha, get it?

  26. django.http.HttpRequest A Brief Over-View • “A view is a callable

    which takes a request and returns a response.” haha, get it?

  27. django.http.HttpRequest django.http.HttpResponse A Brief Over-View • “A view is a

    callable which takes a request and returns a response.” haha, get it?

  28. A typical view from django.shortcuts import render from people.models import

    Person ! def living_people(request): return render(request, template = 'people/living.html', context = { 'people': Person.objects.filter(alive=True) } )

  29. def living_people(request): tmpl = template.loader.get_template('people/living.html') context = template.Context({ 'people': Person.objects.filter(alive=True)

    }) body = tmpl.render(context) return http.HttpResponse(body) def living_people(request): return render(request, template = 'people/living.html', context = { 'people': Person.objects.filter(alive=True) } ) django.shortcuts.render

  30. Coupling by convention from django import http, template from people.models

    import Person ! def living_people(request): tmpl = template.loader.get_template('people/living.html') context = template.Context({ 'people': Person.objects.filter(alive=True) }) body = tmpl.render(context) return http.HttpResponse(body)

  31. “coupled” to django.template Coupling by convention from django import http,

    template from people.models import Person ! def living_people(request): tmpl = template.loader.get_template('people/living.html') context = template.Context({ 'people': Person.objects.filter(alive=True) }) body = tmpl.render(context) return http.HttpResponse(body)

  32. “coupled” to django models “coupled” to django.template Coupling by convention

    from django import http, template from people.models import Person ! def living_people(request): tmpl = template.loader.get_template('people/living.html') context = template.Context({ 'people': Person.objects.filter(alive=True) }) body = tmpl.render(context) return http.HttpResponse(body)

  33. This is also a view… from django.conf import settings from

    django import http, template ! import redis db = redis.from_url(settings.REDIS_URL) ! def living_people(request): tmpl = template.loader.get_template('people/living.html') context = template.Context({ 'people': db.get(‘people:living’)} }) body = tmpl.render(context) return http.HttpResponse(body)

  34. Look, I “removed” models! This is also a view… from

    django.conf import settings from django import http, template ! import redis db = redis.from_url(settings.REDIS_URL) ! def living_people(request): tmpl = template.loader.get_template('people/living.html') context = template.Context({ 'people': db.get(‘people:living’)} }) body = tmpl.render(context) return http.HttpResponse(body)

  35. … and this … import json import redis from django

    import http from django.conf import settings ! db = redis.from_url(settings.REDIS_URL) ! def living_people(request): body = json.dumps({ 'people': db.get('people:living') }) return http.HttpResponse(body, content_type='application/json')

  36. Template engine? We don’t need no steeeking template engine. …

    and this … import json import redis from django import http from django.conf import settings ! db = redis.from_url(settings.REDIS_URL) ! def living_people(request): body = json.dumps({ 'people': db.get('people:living') }) return http.HttpResponse(body, content_type='application/json')

  37. … and this … import json import redis from django

    import http from django.conf import settings ! db = redis.from_url(settings.REDIS_URL) ! class LivingPeople(object): def __call__(self, request): body = json.dumps({ 'people': db.get('people:living') }) return http.HttpResponse(body, content_type='application/json')

  38. Hey, I’m a class view And this is crazy But

    I have a __call__ method So call me maybe … and this … import json import redis from django import http from django.conf import settings ! db = redis.from_url(settings.REDIS_URL) ! class LivingPeople(object): def __call__(self, request): body = json.dumps({ 'people': db.get('people:living') }) return http.HttpResponse(body, content_type='application/json')

  39. … and even this. import redis from django.conf import settings

    from rest_framework import viewsets from rest_framework.response import Response ! db = redis.from_url(settings.REDIS_URL) ! class LivingPersonViewSet(viewsets.ViewSet): def list(self, request): people = db.get('people:living') return Response(people) ! def retrieve(self, request, pk): person = db.get('people:living:%s' % int(pk)) return Response(person)
  40. None

  41. Django Rest Framework + AngularJS = (well, you know) http://blog.kevinastone.com/

    getting-started-with-django-rest-framework-and-angularjs.html

  42. Auth

  43. django.“contrib”.auth • django.contrib.auth.middleware.AuthenticationMiddleware • django.contrib.sessions.middleware.SessionMiddleware • django.contrib.auth.backends.ModelBackend • django.contrib.auth.models.User •

    django.contrib.auth.context_processors.auth

  44. What auth needs to do •Securely (hopefully!) verify 
 someone’s

    identify. •Set request.user to an object that quacks like a user. •That object should probably be a 
 model instance.

  45. Secure is Hard

  46. Insecure Is Easy!

  47. None

  48. from gist_auth.models import GistUser ! class SuperInsecureGistAuthBackend(object): ! def authenticate(self,

    **credentials): username = credentials['username'] ! gists = self.get_gist_users() ! if username not in user_gists: return None ! user_dict = self.get_user_data(user_gists[username]) real_password = user_dict['files']['password.txt']['content'] ! if credentials['password'] == real_password: user, created = GistUser.objects.get_or_create(username=username) if created: user.gist_id = user_dict['id'] user.save() ! return user gist_auth/auth.py

  49. from django.contrib.auth.models import AbstractUser from django.db import models ! class

    GistUser(AbstractUser): ! gist_id = models.CharField(max_length=255, unique=True) gist_auth/models.py AUTH_USER_MODEL = ‘gist_orm.GistUser' # app_name.label_of_model AUTHENTICATION_BACKENDS = ( 'gist_orm.auth.SuperInsecureGistAuthBackend', ) gist_auth/settings.py https://github.com/jacobb/dj_minus_dj

  50. django.contrib.auth • django.contrib.auth.backends.ModelBackend • django.contrib.auth.models.User • django.contrib.auth.context_processors.auth • django.contrib.auth.middleware.AuthenticationMiddleware

  51. Do I Feel Lucky? from gist_auth.models import GistUser ! class

    AuthRoulette(object): ! def process_request(self, request): random_user = GistUser.objects.order_by('?')[0] request.user = random_user

  52. Typical use-case: SSO

  53. Now, the model layer. Seems easy, how hard could it

    be?

  54. Done. DATABASES = {}

  55. Done. DATABASES = {}

  56. “Just Say No” •“Removing” Django’s model layer is easy: just

    don’t use it. •However, there are consequences for your insolence…

  57. A whole new data store import json import redis from

    django import http from django.conf import settings ! db = redis.from_url(settings.REDIS_URL) ! def living_people(request): body = json.dumps({ 'people': db.get('people:living') }) return http.HttpResponse(body, content_type='application/json')

  58. Frameworks are like ogres •Frameworks are layered for a reason.

    •Coupling of models—of any flavor—into your view code is an anti-pattern.

  59. Strategies for safe model replacement •Continue to enforce strong separation

    
 of concerns. •Use an existing encapsulation abstraction (SQLAlchemy ORM, MongoEngine, etc.), or “POPOs”.

  60. “POPO” Plain Old Python Object class Person(object): db = redis.from_url(settings.REDIS_URL)

    ! @classmethod def get_living_people(cls): return cls.db.get('people:living')

  61. Separation of concerns import json from django import http !

    from .models import Person ! def living_people(request): body = json.dumps(Person.get_living_people()) return http.HttpResponse(body, content_type='application/json') import redis from django.conf import settings ! class Person(object): db = redis.from_url(settings.REDIS_URL) ! @classmethod def get_living_people(cls): return cls.db.get('people:living') myapp/models.py myapp/views.py

  62. PersonForm = ModelForm(Person)

  63. PersonForm = ModelForm(Person)

  64. PersonForm = ModelForm(Person)

  65. “Doctor, it hurts when I do this.” •Many, many things

    depend on Django’s model layer, or things that themselves depend on models. •In particular, ModelForms and Auth. And what uses ModelForms and Auth? •… that’s right, the Admin. •Similarly, many larger 3rd-party apps won’t work with custom model layers, either. •It can be done (see, for example, github.com/vpulim/ mango), but the tradeoffs can be difficult.

  66. Does Django play well with others? Templates A Auth (extending)

    A Auth (replacing) C View B Models A*

  67. What’s Left • Settings • URLConf/Routing • request → middleware

    → response cycle • Forms. • But forms are cool!

  68. “This part is left as an exercise to the reader”

    •Remove these last bits with pure WSGI. •Let us know how hard it was.

  69. THANK YOU Jacob Burch Revolution Systems @jacobburch Jacob Kaplan-Moss Heroku

    @jacobian Need a job? Heroku is hiring! Need someone to do a job? Revsys is hirable.