Django for Professionals (William S. Vincent) (Z-Library)

📄 File Format: PDF

💾 File Size: 4.9 MB

📖 Read Online ⬇️ Download

Registered users can read the full content for free

Register as a Gaohf Library member to read the complete e-book online for free and enjoy a better reading experience.

📄 Page 1

(This page has no text content)

📄 Page 2

Django for Professionals Production websites with Python & Django William S. Vincent This book is for sale at http://leanpub.com/djangoforprofessionals This version was published on 2020-09-18 * * * * * This is a Leanpub book. Leanpub empowers authors and publishers with the Lean Publishing process. Lean Publishing is the act of publishing an in- progress ebook using lightweight tools and many iterations to get reader feedback, pivot until you have the right book and build traction once you do. * * * * * © 2018 - 2020 William S. Vincent

📄 Page 3

Table of Contents Introduction Prerequisites Book Structure Book Layout Text Editor Conclusion Chapter 1: Docker What is Docker? Containers vs. Virtual Environments Install Docker Docker Hello, World Django Hello, World Pages App Images, Containers, and the Docker Host Git Conclusion Chapter 2: PostgreSQL Starting Docker Detached Mode PostgreSQL Settings Psycopg New Database Git Conclusion Chapter 3: Bookstore Project Docker PostgreSQL Custom User Model

📄 Page 4

Custom User Forms Custom User Admin Superuser Tests Unit Tests Git Conclusion Chapter 4: Pages App Templates URLs and Views Tests Testing Templates Testing HTML setUp Method Resolve Git Conclusion Chapter 5: User Registration Auth App Auth URLs and Views Homepage Django Source Code Log In Redirects Log Out Sign Up Tests setUpTestData() Git Conclusion Chapter 6: Static Assets staticfiles app STATIC_URL STATICFILES_DIRS

📄 Page 5

STATIC_ROOT STATICFILES_FINDERS Static Directory Images JavaScript collectstatic Bootstrap About Page Django Crispy Forms Tests Git Conclusion Chapter 7: Advanced User Registration django-allauth AUTHENTICATION_BACKENDS EMAIL_BACKEND ACCOUNT_LOGOUT_REDIRECT URLs Templates Log In Log Out Sign Up Admin Email Only Login Tests Social Git Conclusion Chapter 8: Environment Variables environs[django] SECRET_KEY DEBUG and ALLOWED_HOSTS DATABASES Git

📄 Page 6

Conclusion Chapter 9: Email Custom Confirmation Emails Email Confirmation Page Password Reset and Password Change Email Service Git Conclusion Chapter 10: Books App Models Admin URLs Views Templates object_list Individual Book Page context_object_name get_absolute_url Primary Keys vs. IDs Slugs vs. UUIDs Navbar Tests Git Conclusion Chapter 11: Reviews App Foreign Keys Reviews model Admin Templates Tests Git Conclusion Chapter 12: File/Image Uploads

📄 Page 7

Media Files Models Admin Template Next Steps Git Conclusion Chapter 13: Permissions Logged-In Users Only Permissions Custom Permissions User Permissions PermissionRequiredMixin Groups & UserPassesTestMixin Tests Git Conclusion Chapter 14: Search Search Results Page Basic Filtering Q Objects Forms Search Form Git Conclusion Chapter 15: Performance django-debug-toolbar Analyzing Pages select_related and prefetch_related Caching Indexes django-extensions Front-end Assets Git

📄 Page 8

Conclusion Chapter 16: Security Social Engineering Django updates Deployment Checklist docker-compose-prod.yml DEBUG Defaults SECRET_KEY Web Security SQL injection XSS (Cross Site Scripting) Cross-Site Request Forgery (CSRF) Clickjacking Protection HTTPS/SSL HTTP Strict Transport Security (HSTS) Secure Cookies Admin Hardening Git Conclusion Chapter 17: Deployment PaaS vs IaaS WhiteNoise Media Files Gunicorn Heroku Deploying with Docker heroku.yml Heroku Deployment SECURE_PROXY_SSL_HEADER Heroku Logs Heroku Add-ons Conclusion Conclusion

📄 Page 9

Learning Resources Feedback

📄 Page 10

Introduction Welcome to Django for Professionals, a guide to building professional websites with the Django web framework. There is a massive gulf between building simple “toy apps” that can be created and deployed quickly and what it takes to build a “production-ready” web application suitable for deployment to thousands or even millions of users. This book will show you to how to bridge that gap. When you first install Django and create a new project the default settings are geared towards fast local development. And this makes sense: there’s no need to add all the additional features required of a large website until you know you need them. These defaults include SQLite as the default database, a local web server, local static asset hosting, built-in User model, and DEBUG mode turned on. But for a production project many, if not most, of these settings must be reconfigured. And even then there can be a frustrating lack of agreement among the experts. For example, what’s the best production database to use? Many Django developers, myself included, choose PostgreSQL. It is what we will use in this book. However an argument can be made for MySQL depending on the project. It really does all depend on the specific requirements of a project. Rather than overwhelm the reader with the full array of choices available this book shows one approach, grounded in current Django community best practices, for building a professional website. The topics covered include using Docker for local development and deployment, PostgreSQL, a custom user model, robust user authentication flow with email, comprehensive testing, environment variables, security and performance improvements, and more. By the end of this book you will have built a professional website and learned all the necessary steps to do so. Whether you are starting a new

📄 Page 11

project that hopes to be as large as Instagram (currently the largest Django website in the world) or making much-needed updates to an existing Django project, you will have the tools and knowledge to do so. Prerequisites If you’re brand-new to either Django or web development, this is not the book for you. The pace will be far too fast. While you could read along, copy all the code, and have a working website at the end, I instead recommend starting with my book Django for Beginners. It starts with the very basics and progressively introduces concepts via building five increasingly complex Django applications. After completing that book you will be ready for success with this book. I have also written a book on transforming Django websites into web APIs called Django for APIs. In practice most Django developers work in teams with other developers and focus on back-end APIs, not full-stack web applications that require dedicated JavaScript front-ends. Reading Django for APIs is therefore helpful to your education as a Django developer, but not required before reading this book. We will use Docker throughout most of this book but still rely, briefly, on having Python 3, Django, and Pipenv installed locally. Git is also a necessary part of the developer toolchain. Finally, we will be using the command line extensively in this book as well so if you need a refresher on it, please see here. Book Structure Chapter 1 starts with an introduction to Docker and explores how to “Dockerize” a traditional Django project. In Chapter 2 PostgreSQL is introduced, a production-ready database that we can run locally within our Docker environment. Then Chapter 3 starts the main project in the book: an online Bookstore featuring a custom user model, search, image uploads, permissions, and a host of other goodies. Chapter 4 focuses on building out a Pages app for a basic homepage along with robust testing which is included with every new feature on the site. In

📄 Page 12

Chapter 5 a complete user registration flow is implemented from scratch using the built-in auth app for sign up, log in, and log out. Chapter 6 introduces proper static asset configuration for CSS, JavaScript, and images as well as the addition of Bootstrap for styling. In Chapter 7 the focus shifts to advanced user registration, namely including email-only log in and social authentication via the third-party django-allauth package. Chapter 8 introduces environment variables, a key component of Twelve-Factor App development and a best practice widely used in the web development community. Rounding out the set up of our project, Chapter 9 focuses on email and adding a dedicated third-party provider. The structure of the first half of the book is intentional. When it comes time to build your own Django projects, chances are you will be repeating many of the same steps from Chapters 3-9. After all, every new project needs proper configuration, user authentication, and environment variables. So treat these chapters as your detailed explanation and guide. The second half of the book focuses on specific features related to our Bookstore website. Chapter 10 starts with building out the models, tests, and pages for our Bookstore via a Books app. There is also a discussion of URLs and switching from id to a slug to a UUID (Universally Unique IDentifier) in the URLs. Chapter 11 features the addition of reviews to our Bookstore and a discussion of foreign keys. In Chapter 12 image-uploading is added and in Chapter 13 permissions are set across the site to lock it down. For any site but especially e-commerce, search is a vital component and Chapter 14 walks through building a form and increasingly complex search filters for the site. In Chapter 15 the focus switches to performance optimizations including the addition of django-debug-toolbar to inspect queries and templates, database indexes, front-end assets, and multiple built-in caching options. Chapter 16 covers security in Django, both the built-in options as well as additional configurations that can–and should–be added for a production environment. The final section, Chapter 17, is on deployment, the standard

📄 Page 13

upgrades needed to migrate away from the Django web server, local static file handling, and configuring ALLOWED_HOSTS. The Conclusion touches upon various next steps to take with the project and additional Django best practices. Book Layout There are many code examples in this book, which are formatted as follows: Code # This is Python code print(Hello, World) For brevity we will use dots ... to denote existing code that remains unchanged, for example, in a function we are updating. Code def make_my_website: ... print("All done!") We will also use the command line console frequently to execute commands, which take the form of a $ prefix in traditional Unix style. Command Line $ echo "hello, world" The result of this particular command in the next line will state: Command Line "hello, world" Typically both a command and its output will be combined for brevity. The command will always be prefaced by a $ and the output will not. For example, the command and result above would be represented as follows: Command Line $ echo "hello, world" hello, world

📄 Page 14

Text Editor A modern text editor is a must-have part of any software developer’s toolkit. Among other features they come with plug-ins that help format and correct errors in Python code. Popular options include Black, autopep8, and YAPF. Seasoned developers may still prefer using Vim or Emacs, but newcomers and increasingly experienced programmers as well prefer modern text editors such as VSCode, Atom, Sublime Text, or PyCharm. Conclusion Django is an excellent choice for any developer who wants to build modern, robust web applications with a minimal amount of code. It is popular, under active development, and thoroughly battle-tested by the largest websites in the world. Complete source code for the book can be found in the official Github repository. In the next chapter we’ll learn how to configure any computer for Django development with Docker.

📄 Page 15

Chapter 1: Docker Properly configuring a local development environment remains a steep challenge despite all the other advances in modern programming. There are simply too many variables: different computers, operating systems, versions of Django, virtual environment options, and so on. When you add in the challenge of working in a team environment where everyone needs to have the same set up the problem only magnifies. In recent years a solution has emerged: Docker. Although only a few years old, Docker has quickly become the default choice for many developers working on production-level projects. With Docker it’s finally possible to faithfully and dependably reproduce a production environment locally, everything from the proper Python version to installing Django and running additional services like a production-level database. This means it no longer matter if you are on a Mac, Windows, or Linux computer. Everything is running within Docker itself. Docker also makes collaboration in teams exponentially easier. Gone are the days of sharing long, out-of-date README files for adding a new developer to a group project. Instead with Docker you simply share two files–a Dockerfile and docker-compose.yml file–and the developer can have confidence that their local development environment is exactly the same as the rest of the team. Docker is not a perfect technology. It is still relatively new, complex under- the-hood, and under active development. But the promise that it aspires to–a consistent and shareable developer environment, that can be run either locally on any computer or deployed to any server–makes it a solid choice. In this chapter we’ll learn a little bit more about Docker itself and “Dockerize” our first Django project.

📄 Page 16

What is Docker? Docker is a way to isolate an entire operating system via Linux containers which are a type of virtualization. Virtualization has its roots at the beginning of computer science when large, expensive mainframe computers were the norm. How could multiple programmers use the same single machine? The answer was virtualization and specifically virtual machines which are complete copies of a computer system from the operating system on up. If you rent space on a cloud provider like Amazon Web Services (AWS) they are typically not providing you with a dedicated piece of hardware. Instead you are sharing one physical server with other clients. But because each client has their virtual machine running on the server, it appears to the client as if they have their own server. This technology is what makes it possible to quickly add or remove servers from a cloud provider. It’s largely software behind the scenes, not actual hardware being changed. What’s the downside to a virtual machine? Size and speed. A typical guest operating system can easily take up 700MB of size. So if one physical server supports three virtual machines, that’s at least 2.1GB of disk space taken up along with separate needs for CPU and memory resources. Enter Docker. The key idea is that most computers rely on the same Linux operating system, so what if we virtualized from the Linux layer up instead? Wouldn’t that provide a lightweight, faster way to duplicate much of the same functionality? The answer is yes. And in recent years Linux containers have become widely popular. For most applications–especially web applications–a virtual machine provides far more resources than are needed and a container is more than sufficient. This, fundamentally, is what Docker is: a way to implement Linux containers! An analogy we can use here is that of homes and apartments. Virtual Machines are like homes: stand-alone buildings with their own

📄 Page 17

infrastructure including plumbing and heating, as well as a kitchen, bathrooms, bedrooms, and so on. Docker containers are like apartments: they share common infrastructure like plumbing and heating, but come in various sizes that match the exact needs of an owner. Containers vs. Virtual Environments As a Python programmer you should already familiar with the concept of virtual environments, which are a way to isolate Python packages. Thanks to virtual environments, one computer can run multiple projects locally. For example, Project A might use Python 3.4 and Django 1.11 among other dependencies; whereas Project B uses Python 3.8 and Django 3.1. By configuring a dedicated virtual environment for each project we can manage these different software packages while not polluting our global environment. Confusingly there are multiple popular tools right now to implement virtual environments: everything from virtualenv to venv to Pipenv, but fundamentally they all do the same thing. The important distinction between virtual environments and Docker is that virtual environments can only isolate Python packages. They cannot isolate non-Python software like a PostgreSQL or MySQL database. And they still rely on a global, system-level installation of Python (in other words, on your computer). The virtual environment points to an existing Python installation; it does not contain Python itself. Linux containers go a step further and isolate the entire operating system, not just the Python parts. In other words, we will install Python itself within Docker as well as install and run a production-level database. Docker itself is a complex topic and we won’t dive that deep into it in this book, however understanding its background and key components is important. If you’d like to learn more about it, I recommend the Dive into Docker video course. Install Docker

📄 Page 18

Ok, enough theory. Let’s start using Docker and Django together. The first step is to sign up for a free account on Docker Hub and then install the Docker desktop app on your local machine: Docker for Mac Docker for Windows Docker for Linux This download might take some time to download as it is a big file! Feel free to stretch your legs at this point. Note that the Linux version has the user as root, in other words, you can do anything. This is often not ideal and you can set Docker to run as a non-root user if so desired. Once Docker is done installing we can confirm the correct version is running by typing the command docker --version on the command line. It should be at least version 18. Command Line $ docker --version Docker version 19.03.12, build 48a66213fe Docker is often used with an additional tool, Docker Compose, to help automate commands. Docker Compose is included with Mac and Windows downloads but if you are on Linux you will need to add it manually. You can do this by running the command sudo pip install docker-compose after your Docker installation is complete. Docker Hello, World Docker ships with its own “Hello, World” image that is a helpful first step to run. On the command line type docker run hello-world. This will download an official Docker image and then run it within a container. We’ll discuss both images and containers in a moment. Command Line $ docker run hello-world Unable to find image 'hello-world:latest' locally latest: Pulling from library/hello-world 1b930d010525: Pull complete Digest: sha256:b8ba256769a0ac28dd126d584e0a2011cd2877f3f76e093a7ae560f2a5301c00

📄 Page 19

Status: Downloaded newer image for hello-world:latest Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (amd64) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID: https://hub.docker.com/ For more examples and ideas, visit: https://docs.docker.com/get-started/ The command docker info lets us inspect Docker. It will contain a lot of output but focus on the top lines which show we now have 1 container which is stopped and 1 image. Command Line $ docker info Client: Debug Mode: false Server: Containers: 1 Running: 0 Paused: 0 Stopped: 1 Images: 1 ... This means Docker is successfully installed and running. Django Hello, World Now we will create a Django “Hello, World” project that runs locally on our computer and then move it entirely within Docker so you can see how all the pieces fit together. The first step is to choose a location for our code. This can be anywhere on your computer, but if you are on a Mac, an easy-to-find location is the

📄 Page 20

Desktop. From the command line navigate to the Desktop and create a code directory for all the code examples in this book. Command Line $ cd ~/Desktop $ mkdir code && cd code Then create a hello directory for this example and install Django using Pipenv which creates both a Pipfile and a Pipfile.lock file. Activate the virtual environment with the shell command. Command Line $ mkdir hello && cd hello $ pipenv install django~=3.1.0 $ pipenv shell (hello) $ If you need help installing Pipenv or Python 3 you can find more details here. Now we can use the startproject command to create a new Django project called config. Adding a period, ., at the end of the command is an optional step but one many Django developers do. Without the period Django adds an additional directory to the project; with the period it does not. Finally use the migrate command to initialize the database and start the local web server with the runserver command. Command Line (hello) $ django-admin startproject config . (hello) $ python manage.py migrate (hello) $ python manage.py runserver Assuming everything worked correctly you should now be able to navigate to see the Django Welcome page at http://127.0.0.1:8000/ in your web browser.