Django minus Django (DJangoCon EU 2014)

View Slide

Django is awesome!

View Slide

But it can’t come
with all the
awesome.

View Slide

So let’s go shopping!
"

View Slide

A Day in the Life

View Slide

A Day in the Life
•Django Site

View Slide

A Day in the Life
•Django Site
•- Django’s template engine

View Slide

A Day in the Life
•Django Site
•+ Plus Jinja2

View Slide

A Day in the Life
•Django Site
•+ Plus Jinja2
• No views, only REST

View Slide

A Day in the Life
•Django Site
•+ Plus Jinja2
• Plus a whole lot of JavaScript nonsense

View Slide

A Day in the Life
•Django Site
•+ Plus Jinja2
• Start using lots of Redis

View Slide

A Day in the Life
•Django Site
•+ Plus Jinja2
• Start accessing RDBMS less

View Slide

A Day in the Life
•Django Site
•+ Plus Jinja2
• Some WSGI Wizardry

View Slide

A Day in the Life
•Django Site
•+ Plus Jinja2
• Maybe Flask for this bit?

View Slide

A Day in the Life
•Django Site
•+ Plus Jinja2
• Maybe Flask for this bit?
• I hear node is cool…

View Slide

Batteries included?

View Slide

TEMPLATES &
VIEWS &
AUTH &
MODELS

View Slide

Templates

View Slide

Templates with Jinja2
https://github.com/mitsuhiko/templatetk/blob/master/POST_MORTEM
•Jinja2 is basically Django Templates++
•More expressive language
•Byte-code rendering speedups
•Sites using Django+Jinja:
•Mozilla
•Pitchfork

View Slide

Could not parse the remainder: '['username']' from 'user['username']'
{% extends "base.html" %}
{% block title %}home{% endblock %}
!
{% block content %}
{% if user %}
Hello {{ user['username'] }}
{% endif %}
{% endblock content %}

View Slide

from django.http import HttpResponse
from django.template import RequestContext
!
from jinja2 import Environment, PackageLoader
env = Environment(loader=PackageLoader('ourapp', 'templates'))
!
def jinja_render(request, template_name, dictionary=None):
if not dictionary:
dictionary = {}
template = env.get_template("index.html")
new_context = RequestContext(request, dictionary)
context_dict = {}
for d in new_context.dicts:
context_dict.update(d)
!
rendered_template = template.render(**context_dict)
return HttpResponse(rendered_template)
!
def home(request):
# return render(request, "index.html")
return jinja_render(request, “index.html")
ourapp/views.py

View Slide

Jingo
https://github.com/jbalogh/jingo/
•Install Jingo.
•Use all the Django functions.

View Slide

A Kill To A View

View Slide

A Brief Over-View
• “A view is a callable which takes a request and
returns a response.”

View Slide

A Brief Over-View
haha, get it?

View Slide

django.http.HttpRequest
A Brief Over-View
haha, get it?

View Slide

django.http.HttpRequest
django.http.HttpResponse
A Brief Over-View
haha, get it?

View Slide

A typical view
from django.shortcuts import render
from people.models import Person
!
def living_people(request):
return render(request,
template = 'people/living.html',
context = {
'people': Person.objects.filter(alive=True)
}
)

View Slide

tmpl = template.loader.get_template('people/living.html')
context = template.Context({
})
body = tmpl.render(context)
return http.HttpResponse(body)
return render(request,
template = 'people/living.html',
context = {
}
)
django.shortcuts.render

View Slide

Coupling by convention
from django import http, template
!
})

View Slide

“coupled” to django.template
!
})

View Slide

“coupled” to django models
“coupled” to django.template
!
})

View Slide

This is also a view…
from django.conf import settings
!
import redis
db = redis.from_url(settings.REDIS_URL)
!
'people': db.get(‘people:living’)}
})

View Slide

Look, I “removed” models!
This is also a view…
!
import redis
!
'people': db.get(‘people:living’)}
})

View Slide

… and this …
import json
import redis
from django import http
!
!
body = json.dumps({
'people': db.get('people:living')
})
return http.HttpResponse(body, content_type='application/json')

View Slide

Template engine? We don’t need
no steeeking template engine.
… and this …
import json
import redis
!
!
body = json.dumps({
})

View Slide

… and this …
import json
import redis
!
!
class LivingPeople(object):
def __call__(self, request):
body = json.dumps({
})

View Slide

Hey, I’m a class view
And this is crazy
But I have a __call__ method
So call me maybe
… and this …
import json
import redis
!
!
class LivingPeople(object):
def __call__(self, request):
body = json.dumps({
})

View Slide

… and even this.
import redis
from rest_framework import viewsets
from rest_framework.response import Response
!
!
class LivingPersonViewSet(viewsets.ViewSet):
def list(self, request):
people = db.get('people:living')
return Response(people)
!
def retrieve(self, request, pk):
person = db.get('people:living:%s' % int(pk))
return Response(person)

View Slide

View Slide

Django Rest Framework
+
AngularJS
=
(well, you know)
http://blog.kevinastone.com/
getting-started-with-django-rest-framework-and-angularjs.html

View Slide

Auth

View Slide

django.“contrib”.auth
• django.contrib.auth.middleware.AuthenticationMiddleware
• django.contrib.sessions.middleware.SessionMiddleware
• django.contrib.auth.backends.ModelBackend
• django.contrib.auth.models.User
• django.contrib.auth.context_processors.auth

View Slide

What auth needs to do
•Securely (hopefully!) verify  
someone’s identify.
•Set request.user to an object that
quacks like a user.
•That object should probably be a  
model instance.

View Slide

Secure is Hard

View Slide

Insecure Is Easy!

View Slide

View Slide

from gist_auth.models import GistUser
!
class SuperInsecureGistAuthBackend(object):
!
def authenticate(self, **credentials):
username = credentials['username']
!
gists = self.get_gist_users()
!
if username not in user_gists:
return None
!
user_dict = self.get_user_data(user_gists[username])
real_password = user_dict['files']['password.txt']['content']
!
if credentials['password'] == real_password:
user, created = GistUser.objects.get_or_create(username=username)
if created:
user.gist_id = user_dict['id']
user.save()
!
return user
gist_auth/auth.py

View Slide

from django.contrib.auth.models import AbstractUser
from django.db import models
!
class GistUser(AbstractUser):
!
gist_id = models.CharField(max_length=255, unique=True)
gist_auth/models.py
AUTH_USER_MODEL = ‘gist_orm.GistUser' # app_name.label_of_model
AUTHENTICATION_BACKENDS = (
'gist_orm.auth.SuperInsecureGistAuthBackend',
)
gist_auth/settings.py
https://github.com/jacobb/dj_minus_dj

View Slide

django.contrib.auth
• django.contrib.auth.backends.ModelBackend
• django.contrib.auth.models.User
• django.contrib.auth.context_processors.auth
• django.contrib.auth.middleware.AuthenticationMiddleware

View Slide

Do I Feel Lucky?
from gist_auth.models import GistUser
!
class AuthRoulette(object):
!
def process_request(self, request):
random_user = GistUser.objects.order_by('?')[0]
request.user = random_user

View Slide

Typical
use-case:
SSO

View Slide

Now, the model
layer. Seems easy,
how hard could it be?

View Slide

Done.
DATABASES = {}

View Slide

“Just Say No”
•“Removing” Django’s model layer is easy:
just don’t use it.
•However, there are consequences for
your insolence…

View Slide

A whole new data store
import json
import redis
!
!
body = json.dumps({
})

View Slide

Frameworks are like ogres
•Frameworks are layered for
a reason.
•Coupling of models—of any
ﬂavor—into your view code
is an anti-pattern.

View Slide

Strategies for safe
model replacement
•Continue to enforce strong separation  
of concerns.
•Use an existing encapsulation abstraction
(SQLAlchemy ORM, MongoEngine, etc.),
or “POPOs”.

View Slide

“POPO”
Plain Old Python Object
class Person(object):
!
@classmethod
def get_living_people(cls):
return cls.db.get('people:living')

View Slide

Separation of concerns
import json
!
from .models import Person
!
body = json.dumps(Person.get_living_people())
import redis
!
class Person(object):
!
@classmethod
def get_living_people(cls):
return cls.db.get('people:living')
myapp/models.py
myapp/views.py

View Slide

PersonForm = ModelForm(Person)

View Slide

“Doctor, it hurts when I do this.”
•Many, many things depend on Django’s model layer, or
things that themselves depend on models.
•In particular, ModelForms and Auth. And what uses
ModelForms and Auth?
•… that’s right, the Admin.
•Similarly, many larger 3rd-party apps won’t work with
custom model layers, either.
•It can be done (see, for example, github.com/vpulim/
mango), but the tradeoffs can be difﬁcult.

View Slide

Does Django play well with others?
Templates A
Auth (extending) A
Auth (replacing) C
View B
Models A*

View Slide

What’s Left
• Settings
• URLConf/Routing
• request → middleware → response cycle
• Forms.
• But forms are cool!

View Slide

“This part is left as an
exercise to the reader”
•Remove these last bits with pure WSGI.
•Let us know how hard it was.

View Slide

THANK
YOU Jacob Burch
Revolution Systems

@jacobburch

Jacob Kaplan-Moss
Heroku

@jacobian
Need a job? Heroku is hiring!
Need someone to do a job? Revsys is hirable.

View Slide

Django minus Django (DJangoCon EU 2014)

Django minus Django (DJangoCon EU 2014)

Jacob Kaplan-Moss

More Decks by Jacob Kaplan-Moss

Other Decks in Technology

Featured

Transcript