API-Driven Django

Transcript

1. API-Driven Django Philip James PyCon 2018 @phildini

2. Who am I?

3. Format • Buddy system • Switching pairs • SHcky Notes

   • Learn by trying first • You can get this all at the end

4. Some Pairing Best PracHces • Less familiar person should type

   first • Switching pairs at different sessions • One machine, one set of hands • No grabbing the keyboard

5. Goals • Build a working Django API-First App for collecHng

   civic government data • Have that App use the same code for API endpoints as well as rendered templates • Have that app let anyone read, but only authorized users write

6. https://www.djangoproject.com/

7. http://www.django-rest-framework.org/

8. CivicAPI • Django app to track votes taken at civic

   government meeHngs • Needs to support rich frontends and API clients • CRUD app on votes taken

9. Create Retrieve Update Destroy

10. GeXng started

11. Pipenv https://docs.pipenv.org/ GeXng started

12. mkdir civicapi && cd civicapi pipenv --three install django GeXng

    started

13. pipenv run vs. pipenv shell GeXng started

14. pipenv shell django-admin.py startproject civicapi . GeXng started

15. django-admin.py startapp votes GeXng started

16. python manage.py migrate GeXng started

17. python manage.py createsuperuser GeXng started

18. python manage.py runserver GeXng started

19. {Check data in admin}

20. •subject: string, required •vote_taken: date and Hme, required •ayes: integer,

    not required •nays: integer, not required Vote Model https://docs.djangoproject.com/en/2.0/ref/models/fields/ google: django model field reference

21. Pair Exercise - 10 min 1. Make sure reqs are

    installed and project is set up 2. Try to build the model in votes/models.py 3. Add votes to installed_apps in civicapi/seXngs.py 4. python manage.py migrate 5. (extra - see it in admin) https://docs.djangoproject.com/en/2.0/ref/models/fields/ google: django model field reference

22. {Show Code}

23. Views

24. Django Generic Views?

25. To create: • View that lists and creates Votes We

    need: 1. django.views.generic.list.ListView 2. django.views.generic.edit.CreateView 3. Template file 4. URL update 5. (Possibly) a ModelForm

26. What about an API?

27. Two op&ons: 1. Add separate API views 2. Munge JSON

    responses into exisHng views

28. What’s beker for the client? What’s beker for the dev?

29. Rich frontends, client-first == API-Driven, API First

30. StarHng with

31. To create: • APIView that lists and creates Votes We

    need: 1. ModelSerializer for Vote 2. rest_framework.generics.ListCreateAPIView

32. DRF ModelSerializers http://www.django-rest-framework.org/api-guide/serializers/#modelserializer

33. DRF ModelSerializers class AccountSerializer(serializers.ModelSerializer): class Meta: model = Account fields

    = ('id', 'account_name', 'users', 'created') http://www.django-rest-framework.org/api-guide/serializers/#modelserializer

34. Pair Exercise - 10 min 1. pipenv install djangorestframework 2.

    add rest_framework to the Django app 3. Try to make the ModelSerializer for Vote in the votes app 4. write a test to verify the serialized data http://www.django-rest-framework.org/api-guide/serializers/#modelserializer

35. {Show Code}

36. DRF ListCreateAPIView

37. DRF ListCreateAPIView class UserList(generics.ListCreateAPIView): queryset = User.objects.all() serializer_class = UserSerializer

38. Pair Exercise - 10 min 1. add a VoteList ListCreateAPIView

    to views 2. add the view to urls.py at /votes/ 3. python manage.py runserver 4. open a browser, browse to localhost:8000 5. play around, try to create some votes 6. (opHonal: write a test for the view) http://www.django-rest-framework.org/api-guide/generic-views/#examples

39. {Show Code}

40. DRF Renderers

41. DRF JSONRenderer OrderedDict([('count', 3), ('next', None), ('previous', None), ('results', [OrderedDict([('id',

    1), ('subject', 'More apps should be built in Django!'), ('vote_taken', '2018-04-14T19:51:09Z'), ('ayes', 100), ('nays', 0)]),…])]) {'count': 3, 'next': None, 'previous': None, 'results': [{'id': 1, 'subject': 'More apps should be built in Django!', 'vote_taken': '2018-04-14T19:51:09Z', 'ayes': 100, 'nays': 0},...]}

42. DRF TemplateHTMLRenderer OrderedDict([('count', 3), ('next', None), ('previous', None), ('results', [OrderedDict([('id',

    1), ('subject', 'More apps should be built in Django!'), ('vote_taken', '2018-04-14T19:51:09Z'), ('ayes', 100), ('nays', 0)]),…])]) <ul> <li><a href=“/votes/1/"> More apps should be built in Django! - 100/0 on 2018-04-14T19:51:09Z </a></li> … </ul>

43. DRF BrowsableAPIRenderer OrderedDict([('count', 3), ('next', None), ('previous', None), ('results', [OrderedDict([('id',

    1), ('subject', 'More apps should be built in Django!'), ('vote_taken', '2018-04-14T19:51:09Z'), ('ayes', 100), ('nays', 0)]),…])])

44. Django TemplaHng <ul> {% for user in results %} <li><a

    href="/users/{{ user.id }}/">{{ user.name }}</a></li> {% endfor %} </ul>

45. DRF Template Gotcha! In se,ngs.py: REST_FRAMEWORK = { 'DEFAULT_PAGINATION_CLASS': 'rest_framework.paginaHon.PageNumberPaginaHon',

    'PAGE_SIZE': 10, }

46. Pair Exercise - 20 min 1. add a templates directory

    to votes 2. add a vote_list.html template 3. add the TemplateHTMLRenderer to VoteList’s renderer_classes, along with JSONRenderer and BrowsableAPIRenderer 4. point the template_name to “vote_list.html" 5. Create votes/templates/vote_list.html 6. Browse to /votes/ and see the list. http://www.django-rest-framework.org/api-guide/renderers/#templatehtmlrenderer

47. {Show Code}

48. Tip! ?format=

49. Break!

50. Why not use the BrowseableAPIRenderer for everything?

51. CreaHng a Vote with the rendered template

52. CreaHng a Vote with the rendered template <form action="/votes/" method="POST"

    enctype="multipart/form-data"> {% csrf_token %} <p> <label for="subject">Subject</label> <input id="subject" name="subject" type="text"> </p> <p> <label for="vote_taken">Vote taken</label> <input id="vote_taken" name="vote_taken" type="datetime-local"> </p> <p> <label for="ayes">Ayes</label> <input id="ayes" name="ayes" type="number"> </p> <p> <label for="nays">Nays</label> <input id="nays" name="nays" type="number"> </p> <input type="submit" value="Save"> </form>

53. CreaHng a Vote with the rendered template def create(self, request,

    *args, **kwargs): response = super(VoteList, self).create(request, *args, **kwargs) if request.accepted_renderer.format == 'html' and response.status_code == 201: return redirect('/votes/') return response

54. Pair Exercise - 5 min 1. add the code snippets

    to vote_list.html and views.py 2. Browse to /votes/ and add a vote via the interface.

55. {Review Code}

56. Vote Detail

57. DRF RetrieveUpdateDestroyAPIView class UserDetail(generics.RetrieveUpdateDestroyAPIView): queryset = User.objects.all() serializer_class = UserSerializer

58. Pair Exercise - 10 min 1. add a VoteDetail view,

    using generics.RetrieveUpdateDestroyAPIView 2. Don’t forget the right renderers! 3. add that view to urls.py 4. add a vote.html template 5. point the template_name to “vote.html" 6. Wire up the links in “vote_list.html” 7. Browse to /votes/ and see the list, make sure the links are clickable. http://www.django-rest-framework.org/tutorial/3-class-based-views/#using-generic-class- based-views

59. {Show Code}

60. AuthenHcaHon

61. Reading vs. WriHng

62. Session, Token, OAuth

63. DRF AuthenHcaHon Classes && DRF Permissions Classes

64. Pair Exercise - 10 min 1. add permissions.IsAuthenHcatedOrReadOnly to VoteList

    view and VoteDetail view 2. Browse to /votes/ try adding a vote 3. Open an anonymous browser window, try doing the same thing 4. (opHonal: add some tests for the authed and non- authed requests) http://www.django-rest-framework.org/tutorial/4-authentication-and-permissions/#adding- required-permissions-to-views

65. {Show Code}

66. Keeping things DRY

67. Keeping things DRY •We can use mixins for common funcHonality

    •Capture auth, permissions, renderers in one place •While we’re here, only allow the BrowseableAPIRenderer to staff users

68. def get_renderers(self): renderer_classes = self.renderer_classes if self.request.user.is_staff: renderer_classes += [BrowsableAPIRenderer]

    return [renderer() for renderer in renderer_classes]

69. Pair Exercise - 10 min 1. add a VoteAPIMixin that

    captures renderer classes, queryset, serializer_class, and permission classes 2. Make sure the get_renderers snippet is defined in the mixin 3. Add the mixin to both view classes, remove the duplicate code from the views 4. Browse the api and make sure things sHll work. 5. Run tests and make sure things sHll work

70. {Show Code}

71. Token Auth

72. Pair Exercise - 10 min 1. add ‘rest_framework.authtoken' to seXngs.py

    2. Add correct authenHcaHon classes to seXngs.py ‘DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework.authentication.BasicAuthentication', 'rest_framework.authentication.SessionAuthentication', 'rest_framework.authentication.TokenAuthentication', ) http://www.django-rest-framework.org/api-guide/authentication/#tokenauthentication

73. TesHng

74. TesHng • http://www.django-rest-framework.org/ api-guide/testing/ • https://docs.djangoproject.com/en/2.0/ topics/testing/ •“Code without tests

    is broken as designed.” - Jacob Kaplan-Moss

75. Pair Exercise - 10 min 1. Add more tests for

    VoteList and VoteDetail views 2. Pay special akenHon to edge cases with authenHcaHon and renderer type 3. Any more tests you can think of? 4. (opHonal: add ability to edit votes from VoteDetail)

76. Where to go from here?

77. Deploying OAuth Django Channels Working with Web Frontends

78. Thanks! Philip James [email protected] @[email protected] https://github.com/phildini/api-driven-django