Upgrade to Pro — share decks privately, control downloads, hide ads and more …

API-Driven Django

Philip James
May 10, 2018
Programming
1
360

API-Driven Django

A tutorial on making API-Driven Django apps.

Philip James

May 10, 2018
Tweet

More Decks by Philip James

See All by Philip James
Frog and Toad Learn about Django Security - NBT6
phildini
0
25
The Elephant and the Serpent (PyLatam 2019)
phildini
0
44
Account Security for the Fashionable App Developer
phildini
1
64
All in the Timing: Side-Channel Attacks
phildini
0
54
Giving Thanks
phildini
0
42
All in the Timing: Side-Channel Attacks in Python
phildini
0
410
Type uWSGI; Press Enter; What Happens?
phildini
0
93
Type uWSGI; Press Enter; What Happens?
phildini
1
73
Oops I Committed My Secret Key
phildini
0
390

Other Decks in Programming

See All in Programming
どうして僕の作ったクラスが手続き型と言われなきゃいけないんですか
akikogoto
1
120
アジャイルを支えるテストアーキテクチャ設計/Test Architecting for Agile
goyoki
9
3.3k
初めてDefinitelyTypedにPRを出した話
syumai
0
420
ふかぼれ!CSSセレクターモジュール / Fukabore! CSS Selectors Module
petamoriken
0
150
ECS Service Connectのこれまでのアップデートと今後のRoadmapを見てみる
tkikuc
2
250
Tauriでネイティブアプリを作りたい
tsucchinoko
0
370
CSC509 Lecture 13
javiergs
PRO
0
110
subpath importsで始めるモック生活
10tera
0
310
役立つログに取り組もう
irof
28
9.6k
Less waste, more joy, and a lot more green: How Quarkus makes Java better
hollycummins
0
100
Realtime API 入門
riofujimon
0
150
TypeScriptでライブラリとの依存を限定的にする方法
tutinoko
3
690

Featured

See All Featured
Scaling GitHub
holman
458
140k
Optimizing for Happiness
mojombo
376
70k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
33k
Facilitating Awesome Meetings
lara
50
6.1k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.1k
YesSQL, Process and Tooling at Scale
rocio
169
14k
A Modern Web Designer's Workflow
chriscoyier
693
190k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
42
9.2k
Why Our Code Smells
bkeepers
PRO
334
57k
Side Projects
sachag
452
42k

Transcript

  1. API-Driven Django Philip James PyCon 2018 @phildini

  2. Who am I?

  3. Format • Buddy system • Switching pairs • SHcky Notes

    • Learn by trying first • You can get this all at the end

  4. Some Pairing Best PracHces • Less familiar person should type

    first • Switching pairs at different sessions • One machine, one set of hands • No grabbing the keyboard

  5. Goals • Build a working Django API-First App for collecHng

    civic government data • Have that App use the same code for API endpoints as well as rendered templates • Have that app let anyone read, but only authorized users write

  6. https://www.djangoproject.com/

  7. http://www.django-rest-framework.org/

  8. CivicAPI • Django app to track votes taken at civic

    government meeHngs • Needs to support rich frontends and API clients • CRUD app on votes taken

  9. Create Retrieve Update Destroy

  10. GeXng started

  11. Pipenv https://docs.pipenv.org/ GeXng started

  12. mkdir civicapi && cd civicapi pipenv --three install django GeXng

    started

  13. pipenv run vs. pipenv shell GeXng started

  14. pipenv shell django-admin.py startproject civicapi . GeXng started

  15. django-admin.py startapp votes GeXng started

  16. python manage.py migrate GeXng started

  17. python manage.py createsuperuser GeXng started

  18. python manage.py runserver GeXng started

  19. {Check data in admin}

  20. •subject: string, required •vote_taken: date and Hme, required •ayes: integer,

    not required •nays: integer, not required Vote Model https://docs.djangoproject.com/en/2.0/ref/models/fields/ google: django model field reference

  21. Pair Exercise - 10 min 1. Make sure reqs are

    installed and project is set up 2. Try to build the model in votes/models.py 3. Add votes to installed_apps in civicapi/seXngs.py 4. python manage.py migrate 5. (extra - see it in admin) https://docs.djangoproject.com/en/2.0/ref/models/fields/ google: django model field reference

  22. {Show Code}

  23. Views

  24. Django Generic Views?

  25. To create: • View that lists and creates Votes We

    need: 1. django.views.generic.list.ListView 2. django.views.generic.edit.CreateView 3. Template file 4. URL update 5. (Possibly) a ModelForm

  26. What about an API?

  27. Two op&ons: 1. Add separate API views 2. Munge JSON

    responses into exisHng views

  28. What’s beker for the client? What’s beker for the dev?

  29. Rich frontends, client-first == API-Driven, API First

  30. StarHng with

  31. To create: • APIView that lists and creates Votes We

    need: 1. ModelSerializer for Vote 2. rest_framework.generics.ListCreateAPIView

  32. DRF ModelSerializers http://www.django-rest-framework.org/api-guide/serializers/#modelserializer

  33. DRF ModelSerializers class AccountSerializer(serializers.ModelSerializer): class Meta: model = Account fields

    = ('id', 'account_name', 'users', 'created') http://www.django-rest-framework.org/api-guide/serializers/#modelserializer

  34. Pair Exercise - 10 min 1. pipenv install djangorestframework 2.

    add rest_framework to the Django app 3. Try to make the ModelSerializer for Vote in the votes app 4. write a test to verify the serialized data http://www.django-rest-framework.org/api-guide/serializers/#modelserializer

  35. {Show Code}

  36. DRF ListCreateAPIView

  37. DRF ListCreateAPIView class UserList(generics.ListCreateAPIView): queryset = User.objects.all() serializer_class = UserSerializer

  38. Pair Exercise - 10 min 1. add a VoteList ListCreateAPIView

    to views 2. add the view to urls.py at /votes/ 3. python manage.py runserver 4. open a browser, browse to localhost:8000 5. play around, try to create some votes 6. (opHonal: write a test for the view) http://www.django-rest-framework.org/api-guide/generic-views/#examples

  39. {Show Code}

  40. DRF Renderers

  41. DRF JSONRenderer OrderedDict([('count', 3), ('next', None), ('previous', None), ('results', [OrderedDict([('id',

    1), ('subject', 'More apps should be built in Django!'), ('vote_taken', '2018-04-14T19:51:09Z'), ('ayes', 100), ('nays', 0)]),…])]) {'count': 3, 'next': None, 'previous': None, 'results': [{'id': 1, 'subject': 'More apps should be built in Django!', 'vote_taken': '2018-04-14T19:51:09Z', 'ayes': 100, 'nays': 0},...]}

  42. DRF TemplateHTMLRenderer OrderedDict([('count', 3), ('next', None), ('previous', None), ('results', [OrderedDict([('id',

    1), ('subject', 'More apps should be built in Django!'), ('vote_taken', '2018-04-14T19:51:09Z'), ('ayes', 100), ('nays', 0)]),…])]) <ul> <li><a href=“/votes/1/"> More apps should be built in Django! - 100/0 on 2018-04-14T19:51:09Z </a></li> … </ul>

  43. DRF BrowsableAPIRenderer OrderedDict([('count', 3), ('next', None), ('previous', None), ('results', [OrderedDict([('id',

    1), ('subject', 'More apps should be built in Django!'), ('vote_taken', '2018-04-14T19:51:09Z'), ('ayes', 100), ('nays', 0)]),…])])

  44. Django TemplaHng <ul> {% for user in results %} <li><a

    href="/users/{{ user.id }}/">{{ user.name }}</a></li> {% endfor %} </ul>

  45. DRF Template Gotcha! In se,ngs.py: REST_FRAMEWORK = { 'DEFAULT_PAGINATION_CLASS': 'rest_framework.paginaHon.PageNumberPaginaHon',

    'PAGE_SIZE': 10, }

  46. Pair Exercise - 20 min 1. add a templates directory

    to votes 2. add a vote_list.html template 3. add the TemplateHTMLRenderer to VoteList’s renderer_classes, along with JSONRenderer and BrowsableAPIRenderer 4. point the template_name to “vote_list.html" 5. Create votes/templates/vote_list.html 6. Browse to /votes/ and see the list. http://www.django-rest-framework.org/api-guide/renderers/#templatehtmlrenderer

  47. {Show Code}

  48. Tip! ?format=

  49. Break!

  50. Why not use the BrowseableAPIRenderer for everything?

  51. CreaHng a Vote with the rendered template

  52. CreaHng a Vote with the rendered template <form action="/votes/" method="POST"

    enctype="multipart/form-data"> {% csrf_token %} <p> <label for="subject">Subject</label> <input id="subject" name="subject" type="text"> </p> <p> <label for="vote_taken">Vote taken</label> <input id="vote_taken" name="vote_taken" type="datetime-local"> </p> <p> <label for="ayes">Ayes</label> <input id="ayes" name="ayes" type="number"> </p> <p> <label for="nays">Nays</label> <input id="nays" name="nays" type="number"> </p> <input type="submit" value="Save"> </form>

  53. CreaHng a Vote with the rendered template def create(self, request,

    *args, **kwargs): response = super(VoteList, self).create(request, *args, **kwargs) if request.accepted_renderer.format == 'html' and response.status_code == 201: return redirect('/votes/') return response

  54. Pair Exercise - 5 min 1. add the code snippets

    to vote_list.html and views.py 2. Browse to /votes/ and add a vote via the interface.

  55. {Review Code}

  56. Vote Detail

  57. DRF RetrieveUpdateDestroyAPIView class UserDetail(generics.RetrieveUpdateDestroyAPIView): queryset = User.objects.all() serializer_class = UserSerializer

  58. Pair Exercise - 10 min 1. add a VoteDetail view,

    using generics.RetrieveUpdateDestroyAPIView 2. Don’t forget the right renderers! 3. add that view to urls.py 4. add a vote.html template 5. point the template_name to “vote.html" 6. Wire up the links in “vote_list.html” 7. Browse to /votes/ and see the list, make sure the links are clickable. http://www.django-rest-framework.org/tutorial/3-class-based-views/#using-generic-class- based-views

  59. {Show Code}

  60. AuthenHcaHon

  61. Reading vs. WriHng

  62. Session, Token, OAuth

  63. DRF AuthenHcaHon Classes && DRF Permissions Classes

  64. Pair Exercise - 10 min 1. add permissions.IsAuthenHcatedOrReadOnly to VoteList

    view and VoteDetail view 2. Browse to /votes/ try adding a vote 3. Open an anonymous browser window, try doing the same thing 4. (opHonal: add some tests for the authed and non- authed requests) http://www.django-rest-framework.org/tutorial/4-authentication-and-permissions/#adding- required-permissions-to-views

  65. {Show Code}

  66. Keeping things DRY

  67. Keeping things DRY •We can use mixins for common funcHonality

    •Capture auth, permissions, renderers in one place •While we’re here, only allow the BrowseableAPIRenderer to staff users

  68. def get_renderers(self): renderer_classes = self.renderer_classes if self.request.user.is_staff: renderer_classes += [BrowsableAPIRenderer]

    return [renderer() for renderer in renderer_classes]

  69. Pair Exercise - 10 min 1. add a VoteAPIMixin that

    captures renderer classes, queryset, serializer_class, and permission classes 2. Make sure the get_renderers snippet is defined in the mixin 3. Add the mixin to both view classes, remove the duplicate code from the views 4. Browse the api and make sure things sHll work. 5. Run tests and make sure things sHll work

  70. {Show Code}

  71. Token Auth

  72. Pair Exercise - 10 min 1. add ‘rest_framework.authtoken' to seXngs.py

    2. Add correct authenHcaHon classes to seXngs.py ‘DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework.authentication.BasicAuthentication', 'rest_framework.authentication.SessionAuthentication', 'rest_framework.authentication.TokenAuthentication', ) http://www.django-rest-framework.org/api-guide/authentication/#tokenauthentication

  73. TesHng

  74. TesHng • http://www.django-rest-framework.org/ api-guide/testing/ • https://docs.djangoproject.com/en/2.0/ topics/testing/ •“Code without tests

    is broken as designed.” - Jacob Kaplan-Moss

  75. Pair Exercise - 10 min 1. Add more tests for

    VoteList and VoteDetail views 2. Pay special akenHon to edge cases with authenHcaHon and renderer type 3. Any more tests you can think of? 4. (opHonal: add ability to edit votes from VoteDetail)

  76. Where to go from here?

  77. Deploying OAuth Django Channels Working with Web Frontends

  78. Thanks! Philip James [email protected] @[email protected] https://github.com/phildini/api-driven-django