Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Django: The Good Parts by James Bennett

PyCon 2014
April 12, 2014
1.5k

Django: The Good Parts by James Bennett

PyCon 2014

April 12, 2014
Tweet

Transcript

  1. Full stack • Request/response • Templating • ORM • Forms

    library • Auth • Admin • Security (XSS/CSRF/ clickjacking) • Testing framework • Caching framework • Logging framework • etc., etc.
  2. The good parts • HTTP abstraction + request/response cycle •

    Conservative (yes!) approach to features • The secret weapon: apps
  3. H(ate)TTP • Nine different request methods, some safe, some idempotent,

    some neither, vastly different request/response characteristics • Unicode-unaware • Persistence, auth, streaming, security all tacked on/afterthoughts
  4. How to CGI • Script invoked by web server, request

    information stored in environment variables • Submitted data received via standard input • Script does its processing • Response headers and response body sent via standard output
  5. How to (actually) CGI • Script invoked by web server,

    you hope, if everything’s configured correctly • chmod 777 ALL the things! • Environment is full of lies and sadness • Give up figuring out what the actual requested URL was and fork()-bomb the server • Drink. A lot.
  6. WSGI pain points • CGI-style environ: have to pass it

    around, parse it, re-parse it, re-re-parse it, re-re-re-parse it… • Signaling up and down the stack requires inventing ad-hoc protocols • Return/response API sucks. For reals. • Inherits HTTP’s awful approach to character encoding
  7. Let’s do better! • HTTPRequest • Already parsed and normalized

    for you • Sensible attribute and dictionary-based access • Relatively sane handling of character encoding
  8. Let’s do better! • HttpResponse • Easy to construct and

    manipulate • Convenient subclasses for common specialized responses (404, redirects, etc.)
  9. Let’s do better! • Write a callable that takes an

    HttpRequest as argument, and either returns an HttpResponse or raises an exception • URL parsing done for you: map regexes (URLs) to callables • Want extra arguments? Put capturing groups in the regex
  10. Life cycle • Middleware system baked in (all middleware systems

    suck, though) • Signals! • Decorators! • Call other stuff — it’s callables all the way down
  11. We read PEP 333 so you don’t have to •

    A Django project is a WSGI application • wsgi.py + WSGI_APPLICATION setting • Translate WSGI environ to HttpRequest • Translate returned HTTPResponse to WSGI response format
  12. Conservatism • Strong preference for community solutions • Core framework

    more about providing API support • More “swappable” components than expected
  13. Conservatism • More stability over time • Features land when

    ready • Competition often produces better solutions
  14. Maybe: • Some models • Some views • Some forms

    • Some utility code • Some middleware • etc.