Django Web Framework
Django is a high-level Python web framework that encourages rapid development and clean, pragmatic design. Learn MVC architecture, ORM, admin interface, authentication, and REST APIs.
What is Django?
Django is a high-level Python web framework that enables rapid development of secure and maintainable websites. It follows the "batteries included" philosophy, providing built-in features for authentication, admin interface, ORM, forms, and more.
"The web framework for perfectionists with deadlines."
Installation and Project Setup
Getting started with Django:
# Install Django
# pip install django
# Create a new Django project
# django-admin startproject myproject
# Navigate to project directory
# cd myproject
# Create a Django app
# python manage.py startapp myapp
# Run the development server
# python manage.py runserverProject Structure
Understanding Django project structure:
myproject/
├── manage.py # Command-line utility
├── myproject/ # Project settings
│ ├── __init__.py
│ ├── asgi.py # ASGI config for async support
│ ├── settings.py # Project settings
│ ├── urls.py # URL routing
│ └── wsgi.py # WSGI config for deployment
└── myapp/ # Your Django app
├── __init__.py
├── admin.py # Admin interface configuration
├── apps.py # App configuration
├── models.py # Database models
├── tests.py # Unit tests
├── urls.py # App URL routing
└── views.py # View functionsModels and Database
Creating database models with Django ORM:
# myapp/models.py
from django.db import models
from django.contrib.auth.models import User
from django.urls import reverse
from django.utils import timezone
class Category(models.Model):
name = models.CharField(max_length=100, unique=True)
slug = models.SlugField(max_length=100, unique=True)
description = models.TextField(blank=True)
created_at = models.DateTimeField(auto_now_add=True)
class Meta:
verbose_name_plural = "Categories"
def __str__(self):
return self.name
def get_absolute_url(self):
return reverse('category_detail', kwargs={'slug': self.slug})
class Post(models.Model):
STATUS_CHOICES = (
('draft', 'Draft'),
('published', 'Published'),
)
title = models.CharField(max_length=200)
slug = models.SlugField(max_length=200, unique=True)
author = models.ForeignKey(User, on_delete=models.CASCADE, related_name='blog_posts')
content = models.TextField()
excerpt = models.TextField(blank=True, help_text="Brief description for previews")
category = models.ForeignKey(Category, on_delete=models.CASCADE, related_name='posts')
status = models.CharField(max_length=10, choices=STATUS_CHOICES, default='draft')
published_at = models.DateTimeField(default=timezone.now)
created_at = models.DateTimeField(auto_now_add=True)
updated_at = models.DateTimeField(auto_now=True)
# Tags (many-to-many relationship)
tags = models.ManyToManyField('Tag', blank=True, related_name='posts')
class Meta:
ordering = ['-published_at']
indexes = [
models.Index(fields=['status', 'published_at']),
models.Index(fields=['author', 'status']),
]
def __str__(self):
return self.title
def get_absolute_url(self):
return reverse('post_detail', kwargs={'slug': self.slug})
@property
def is_published(self):
return self.status == 'published' and self.published_at <= timezone.now()
class Tag(models.Model):
name = models.CharField(max_length=50, unique=True)
slug = models.SlugField(max_length=50, unique=True)
created_at = models.DateTimeField(auto_now_add=True)
def __str__(self):
return self.name
def get_absolute_url(self):
return reverse('tag_detail', kwargs={'slug': self.slug})
class Comment(models.Model):
post = models.ForeignKey(Post, on_delete=models.CASCADE, related_name='comments')
author = models.ForeignKey(User, on_delete=models.CASCADE)
content = models.TextField()
created_at = models.DateTimeField(auto_now_add=True)
updated_at = models.DateTimeField(auto_now=True)
is_approved = models.BooleanField(default=False)
class Meta:
ordering = ['created_at']
def __str__(self):
return f'Comment by {self.author} on {self.post}'
# Custom manager for published posts
class PublishedManager(models.Manager):
def get_queryset(self):
return super().get_queryset().filter(
status='published',
published_at__lte=timezone.now()
)
class Post(models.Model):
# ... existing fields ...
objects = models.Manager() # Default manager
published = PublishedManager() # Custom manager
# ... rest of the model ...Views and URL Routing
Creating views and configuring URL routing:
# myapp/views.py
from django.shortcuts import render, get_object_or_404, redirect
from django.contrib.auth.decorators import login_required
from django.contrib import messages
from django.core.paginator import Paginator
from django.db.models import Q
from django.views.generic import ListView, DetailView, CreateView, UpdateView, DeleteView
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.urls import reverse_lazy
from .models import Post, Category, Tag, Comment
from .forms import CommentForm, PostForm
# Function-based views
def home(request):
"""Home page view showing latest posts"""
posts = Post.published.all()[:6] # Show 6 latest posts
categories = Category.objects.all()
featured_posts = Post.published.filter(featured=True)[:3]
context = {
'posts': posts,
'categories': categories,
'featured_posts': featured_posts,
}
return render(request, 'blog/home.html', context)
def post_list(request):
"""List all published posts with pagination and search"""
posts = Post.published.all()
# Search functionality
query = request.GET.get('q')
if query:
posts = posts.filter(
Q(title__icontains=query) |
Q(content__icontains=query) |
Q(excerpt__icontains=query)
)
# Category filter
category_slug = request.GET.get('category')
if category_slug:
posts = posts.filter(category__slug=category_slug)
# Tag filter
tag_slug = request.GET.get('tag')
if tag_slug:
posts = posts.filter(tags__slug=tag_slug)
# Pagination
paginator = Paginator(posts, 10) # 10 posts per page
page_number = request.GET.get('page')
page_obj = paginator.get_page(page_number)
context = {
'page_obj': page_obj,
'query': query,
'category_slug': category_slug,
'tag_slug': tag_slug,
}
return render(request, 'blog/post_list.html', context)
def post_detail(request, slug):
"""Display a single post with comments"""
post = get_object_or_404(Post, slug=slug, status='published')
# Handle comment form
comments = post.comments.filter(is_approved=True)
new_comment = None
if request.method == 'POST':
comment_form = CommentForm(data=request.POST)
if comment_form.is_valid():
new_comment = comment_form.save(commit=False)
new_comment.post = post
new_comment.author = request.user
new_comment.save()
messages.success(request, 'Your comment has been submitted for approval.')
return redirect('post_detail', slug=post.slug)
else:
comment_form = CommentForm()
# Related posts (same category, excluding current post)
related_posts = Post.published.filter(
category=post.category
).exclude(id=post.id)[:4]
context = {
'post': post,
'comments': comments,
'new_comment': new_comment,
'comment_form': comment_form,
'related_posts': related_posts,
}
return render(request, 'blog/post_detail.html', context)
@login_required
def create_post(request):
"""Create a new post"""
if request.method == 'POST':
form = PostForm(request.POST)
if form.is_valid():
post = form.save(commit=False)
post.author = request.user
post.save()
form.save_m2m() # Save many-to-many relationships
messages.success(request, 'Post created successfully!')
return redirect('post_detail', slug=post.slug)
else:
form = PostForm()
return render(request, 'blog/post_form.html', {'form': form, 'title': 'Create Post'})
# Class-based views
class PostListView(ListView):
model = Post
template_name = 'blog/post_list.html'
context_object_name = 'posts'
paginate_by = 10
def get_queryset(self):
queryset = Post.published.all()
# Search
query = self.request.GET.get('q')
if query:
queryset = queryset.filter(
Q(title__icontains=query) |
Q(content__icontains=query) |
Q(excerpt__icontains=query)
)
return queryset
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
context['query'] = self.request.GET.get('q')
return context
class PostDetailView(DetailView):
model = Post
template_name = 'blog/post_detail.html'
context_object_name = 'post'
def get_queryset(self):
return Post.published.all()
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
post = self.get_object()
# Related posts
context['related_posts'] = Post.published.filter(
category=post.category
).exclude(id=post.id)[:4]
# Comments
context['comments'] = post.comments.filter(is_approved=True)
# Comment form
if self.request.user.is_authenticated:
context['comment_form'] = CommentForm()
return context
class PostCreateView(LoginRequiredMixin, CreateView):
model = Post
form_class = PostForm
template_name = 'blog/post_form.html'
def form_valid(self, form):
form.instance.author = self.request.user
messages.success(self.request, 'Post created successfully!')
return super().form_valid(form)
class PostUpdateView(LoginRequiredMixin, UserPassesTestMixin, UpdateView):
model = Post
form_class = PostForm
template_name = 'blog/post_form.html'
def form_valid(self, form):
form.instance.author = self.request.user
messages.success(self.request, 'Post updated successfully!')
return super().form_valid(form)
def test_func(self):
post = self.get_object()
return self.request.user == post.author
class PostDeleteView(LoginRequiredMixin, UserPassesTestMixin, DeleteView):
model = Post
success_url = reverse_lazy('post_list')
template_name = 'blog/post_confirm_delete.html'
def test_func(self):
post = self.get_object()
return self.request.user == post.author
def delete(self, request, *args, **kwargs):
messages.success(request, 'Post deleted successfully!')
return super().delete(request, *args, **kwargs)URL Configuration
Setting up URL routing:
# myproject/urls.py
from django.contrib import admin
from django.urls import path, include
from django.conf import settings
from django.conf.urls.static import static
from django.views.generic import TemplateView
urlpatterns = [
path('admin/', admin.site.urls),
path('', include('blog.urls')),
path('accounts/', include('django.contrib.auth.urls')),
path('api/', include('api.urls')),
]
# Serve media files during development
if settings.DEBUG:
urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
# myapp/urls.py
from django.urls import path
from . import views
from .views import (
PostListView, PostDetailView, PostCreateView,
PostUpdateView, PostDeleteView
)
app_name = 'blog'
urlpatterns = [
# Function-based views
path('', views.home, name='home'),
path('posts/', views.post_list, name='post_list'),
path('post//', views.post_detail, name='post_detail'),
path('post/new/', views.create_post, name='create_post'),
# Class-based views
path('posts/', PostListView.as_view(), name='post_list_cbv'),
path('post//', PostDetailView.as_view(), name='post_detail_cbv'),
path('post/new/', PostCreateView.as_view(), name='create_post_cbv'),
path('post//update/', PostUpdateView.as_view(), name='update_post'),
path('post//delete/', PostDeleteView.as_view(), name='delete_post'),
# Category and tag views
path('category//', views.category_posts, name='category_detail'),
path('tag//', views.tag_posts, name='tag_detail'),
# User posts
path('user//', views.user_posts, name='user_posts'),
# About and contact pages
path('about/', TemplateView.as_view(template_name='blog/about.html'), name='about'),
path('contact/', views.contact, name='contact'),
] Templates and Static Files
Creating Django templates:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>{% block title %}My Django Blog{% endblock %}</title>
<!-- Bootstrap CSS -->
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
<!-- Custom CSS -->
{% load static %}
<link rel="stylesheet" href="{% static 'css/style.css' %}">
</head>
<body>
<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
<div class="container">
<a class="navbar-brand" href="{% url 'home' %}">My Blog</a>
<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNav">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarNav">
<ul class="navbar-nav me-auto">
<li class="nav-item">
<a class="nav-link" href="{% url 'home' %}">Home</a>
</li>
<li class="nav-item">
<a class="nav-link" href="{% url 'post_list' %}">All Posts</a>
</li>
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" id="categoriesDropdown" role="button" data-bs-toggle="dropdown">
Categories
</a>
<ul class="dropdown-menu">
{% for category in categories %}
<li><a class="dropdown-item" href="{% url 'category_detail' category.slug %}">{{ category.name }}</a></li>
{% endfor %}
</ul>
</li>
<li class="nav-item">
<a class="nav-link" href="{% url 'about' %}">About</a>
</li>
<li class="nav-item">
<a class="nav-link" href="{% url 'contact' %}">Contact</a>
</li>
</ul>
<ul class="navbar-nav">
{% if user.is_authenticated %}
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" id="userDropdown" role="button" data-bs-toggle="dropdown">
{{ user.username }}
</a>
<ul class="dropdown-menu">
<li><a class="dropdown-item" href="{% url 'create_post' %}">New Post</a></li>
<li><a class="dropdown-item" href="{% url 'user_posts' user.username %}">My Posts</a></li>
<li><hr class="dropdown-divider"></li>
<li><a class="dropdown-item" href="{% url 'logout' %}">Logout</a></li>
</ul>
</li>
{% else %}
<li class="nav-item">
<a class="nav-link" href="{% url 'login' %}">Login</a>
</li>
<li class="nav-item">
<a class="nav-link" href="{% url 'register' %}">Register</a>
</li>
{% endif %}
</ul>
</div>
</div>
</nav>
<main class="container mt-4">
{% if messages %}
{% for message in messages %}
<div class="alert alert-{{ message.tags }} alert-dismissible fade show" role="alert">
{{ message }}
<button type="button" class="btn-close" data-bs-dismiss="alert"></button>
</div>
{% endfor %}
{% endif %}
{% block content %}{% endblock %}
</main>
<footer class="bg-dark text-light mt-5 py-4">
<div class="container">
<div class="row">
<div class="col-md-6">
<h5>My Django Blog</h5>
<p>A blog built with Django.</p>
</div>
<div class="col-md-6 text-end">
<p>© 2024 My Django Blog. All rights reserved.</p>
</div>
</div>
</div>
</footer>
<!-- Bootstrap JS -->
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
<!-- Custom JS -->
<script src="{% static 'js/main.js' %}"></script>
</body>
</html>
{% extends "base.html" %}
{% block title %}All Posts{% endblock %}
{% block content %}
<div class="row">
<div class="col-md-8">
<h1>All Posts</h1>
<!-- Search form -->
<form method="get" class="mb-4">
<div class="input-group">
<input type="text" name="q" class="form-control" placeholder="Search posts..." value="{{ query }}">
<button class="btn btn-outline-secondary" type="submit">Search</button>
</div>
</form>
{% for post in page_obj %}
<article class="card mb-4">
<div class="card-body">
<h2 class="card-title"><a href="{% url 'post_detail' post.slug %}" class="text-decoration-none">{{ post.title }}</a></h2>
<div class="text-muted mb-2">
By <a href="{% url 'user_posts' post.author.username %}">{{ post.author }}</a> on {{ post.published_at|date:"M d, Y" }}
in <a href="{% url 'category_detail' post.category.slug %}">{{ post.category }}</a>
</div>
{% if post.excerpt %}
<p class="card-text">{{ post.excerpt|truncatewords:30 }}</p>
{% else %}
<p class="card-text">{{ post.content|truncatewords:30|striptags }}</p>
{% endif %}
<a href="{% url 'post_detail' post.slug %}" class="btn btn-primary">Read More</a>
</div>
</article>
{% empty %}
<p>No posts found.</p>
{% endfor %}
<!-- Pagination -->
{% if page_obj.has_other_pages %}
<nav aria-label="Post pagination">
<ul class="pagination justify-content-center">
{% if page_obj.has_previous %}
<li class="page-item">
<a class="page-link" href="?page={{ page_obj.previous_page_number }}{% if query %}&q={{ query }}{% endif %}">Previous</a>
</li>
{% else %}
<li class="page-item disabled">
<span class="page-link">Previous</span>
</li>
{% endif %}
{% for num in page_obj.paginator.page_range %}
{% if page_obj.number == num %}
<li class="page-item active">
<span class="page-link">{{ num }}</span>
</li>
{% elif num > page_obj.number|add:'-3' and num < page_obj.number|add:'3' %}
<li class="page-item">
<a class="page-link" href="?page={{ num }}{% if query %}&q={{ query }}{% endif %}">{{ num }}</a>
</li>
{% endif %}
{% endfor %}
{% if page_obj.has_next %}
<li class="page-item">
<a class="page-link" href="?page={{ page_obj.next_page_number }}{% if query %}&q={{ query }}{% endif %}">Next</a>
</li>
{% else %}
<li class="page-item disabled">
<span class="page-link">Next</span>
</li>
{% endif %}
</ul>
</nav>
{% endif %}
</div>
<div class="col-md-4">
<!-- Sidebar -->
<div class="card mb-4">
<div class="card-header">
<h5>Categories</h5>
</div>
<div class="card-body">
<ul class="list-unstyled">
{% for category in categories %}
<li><a href="{% url 'category_detail' category.slug %}">{{ category.name }}</a></li>
{% endfor %}
</ul>
</div>
</div>
<div class="card">
<div class="card-header">
<h5>Recent Posts</h5>
</div>
<div class="card-body">
<ul class="list-unstyled">
{% for post in recent_posts %}
<li><a href="{% url 'post_detail' post.slug %}">{{ post.title|truncatewords:5 }}</a></li>
{% endfor %}
</ul>
</div>
</div>
</div>
</div>
{% endblock %}Forms and Admin Interface
Creating forms and configuring the Django admin:
# myapp/forms.py
from django import forms
from django.contrib.auth.forms import UserCreationForm
from django.contrib.auth.models import User
from .models import Post, Comment
class PostForm(forms.ModelForm):
class Meta:
model = Post
fields = ['title', 'content', 'excerpt', 'category', 'tags', 'status']
widgets = {
'title': forms.TextInput(attrs={'class': 'form-control', 'placeholder': 'Enter post title'}),
'content': forms.Textarea(attrs={'class': 'form-control', 'rows': 10}),
'excerpt': forms.Textarea(attrs={'class': 'form-control', 'rows': 3, 'placeholder': 'Brief description (optional)'}),
'category': forms.Select(attrs={'class': 'form-select'}),
'tags': forms.SelectMultiple(attrs={'class': 'form-select'}),
'status': forms.Select(attrs={'class': 'form-select'}),
}
class CommentForm(forms.ModelForm):
class Meta:
model = Comment
fields = ['content']
widgets = {
'content': forms.Textarea(attrs={
'class': 'form-control',
'rows': 4,
'placeholder': 'Write your comment here...'
}),
}
class UserRegistrationForm(UserCreationForm):
email = forms.EmailField(required=True)
class Meta:
model = User
fields = ['username', 'email', 'password1', 'password2']
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
for field in self.fields.values():
field.widget.attrs['class'] = 'form-control'
class ContactForm(forms.Form):
name = forms.CharField(max_length=100, widget=forms.TextInput(attrs={'class': 'form-control'}))
email = forms.EmailField(widget=forms.EmailInput(attrs={'class': 'form-control'}))
subject = forms.CharField(max_length=200, widget=forms.TextInput(attrs={'class': 'form-control'}))
message = forms.CharField(widget=forms.Textarea(attrs={'class': 'form-control', 'rows': 5}))
def clean_email(self):
email = self.cleaned_data.get('email')
# Custom validation
if 'spam' in email.lower():
raise forms.ValidationError("Invalid email address")
return email
# myapp/admin.py
from django.contrib import admin
from django.contrib.auth.admin import UserAdmin
from .models import Post, Category, Tag, Comment
@admin.register(Category)
class CategoryAdmin(admin.ModelAdmin):
list_display = ['name', 'slug', 'created_at']
prepopulated_fields = {'slug': ('name',)}
search_fields = ['name']
@admin.register(Tag)
class TagAdmin(admin.ModelAdmin):
list_display = ['name', 'slug', 'created_at']
prepopulated_fields = {'slug': ('name',)}
search_fields = ['name']
@admin.register(Post)
class PostAdmin(admin.ModelAdmin):
list_display = ['title', 'author', 'category', 'status', 'published_at', 'created_at']
list_filter = ['status', 'created_at', 'published_at', 'author', 'category']
search_fields = ['title', 'content', 'author__username']
prepopulated_fields = {'slug': ('title',)}
raw_id_fields = ['author']
date_hierarchy = 'published_at'
ordering = ['status', 'published_at']
fieldsets = (
('Basic Information', {
'fields': ('title', 'slug', 'author', 'category')
}),
('Content', {
'fields': ('content', 'excerpt')
}),
('Publication', {
'fields': ('status', 'published_at', 'tags')
}),
)
@admin.register(Comment)
class CommentAdmin(admin.ModelAdmin):
list_display = ['post', 'author', 'created_at', 'is_approved']
list_filter = ['is_approved', 'created_at']
search_fields = ['content', 'author__username', 'post__title']
actions = ['approve_comments']
def approve_comments(self, request, queryset):
queryset.update(is_approved=True)
self.message_user(request, f'{queryset.count()} comments approved.')
approve_comments.short_description = "Approve selected comments"
# Customize User admin
class CustomUserAdmin(UserAdmin):
list_display = ['username', 'email', 'first_name', 'last_name', 'is_staff', 'date_joined']
list_filter = ['is_staff', 'is_superuser', 'groups']
search_fields = ['username', 'email', 'first_name', 'last_name']
# Unregister the default User admin and register the custom one
admin.site.unregister(User)
admin.site.register(User, CustomUserAdmin)
# Customize admin site
admin.site.site_header = "My Blog Administration"
admin.site.site_title = "My Blog Admin Portal"
admin.site.index_title = "Welcome to My Blog Admin"Authentication and User Management
Implementing user authentication and authorization:
# myapp/views.py (authentication views)
from django.shortcuts import render, redirect
from django.contrib.auth import login, authenticate
from django.contrib.auth.forms import AuthenticationForm
from django.contrib import messages
from .forms import UserRegistrationForm
def register(request):
if request.user.is_authenticated:
return redirect('home')
if request.method == 'POST':
form = UserRegistrationForm(request.POST)
if form.is_valid():
user = form.save()
login(request, user)
messages.success(request, f'Welcome {user.username}! Your account has been created.')
return redirect('home')
else:
form = UserRegistrationForm()
return render(request, 'registration/register.html', {'form': form})
def user_login(request):
if request.user.is_authenticated:
return redirect('home')
if request.method == 'POST':
form = AuthenticationForm(request, data=request.POST)
if form.is_valid():
username = form.cleaned_data.get('username')
password = form.cleaned_data.get('password')
user = authenticate(username=username, password=password)
if user is not None:
login(request, user)
messages.success(request, f'Welcome back, {username}!')
return redirect(request.GET.get('next', 'home'))
else:
messages.error(request, 'Invalid username or password.')
else:
messages.error(request, 'Invalid username or password.')
else:
form = AuthenticationForm()
return render(request, 'registration/login.html', {'form': form})
# myproject/settings.py (authentication settings)
# Authentication settings
LOGIN_REDIRECT_URL = 'home'
LOGOUT_REDIRECT_URL = 'home'
LOGIN_URL = 'login'
# Password validation
AUTH_PASSWORD_VALIDATORS = [
{
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
'OPTIONS': {
'min_length': 8,
}
},
{
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
},
]
# Email settings (for password reset)
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'smtp.gmail.com'
EMAIL_PORT = 587
EMAIL_USE_TLS = True
EMAIL_HOST_USER = 'your-email@gmail.com'
EMAIL_HOST_PASSWORD = 'your-app-password'
# Security settings
SECRET_KEY = 'your-secret-key-here'
DEBUG = True
ALLOWED_HOSTS = []
# Database
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': BASE_DIR / 'db.sqlite3',
}
}
# Static and media files
STATIC_URL = '/static/'
STATIC_ROOT = BASE_DIR / 'staticfiles'
MEDIA_URL = '/media/'
MEDIA_ROOT = BASE_DIR / 'media'
# Internationalization
LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'UTC'
USE_I18N = True
USE_L10N = True
USE_TZ = TrueDjango REST Framework
Building REST APIs with Django REST Framework:
# requirements.txt additions
djangorestframework==3.14.0
django-filter==23.2
djangorestframework-simplejwt==5.2.2
# api/serializers.py
from rest_framework import serializers
from blog.models import Post, Category, Comment
class CategorySerializer(serializers.ModelSerializer):
posts_count = serializers.SerializerMethodField()
class Meta:
model = Category
fields = ['id', 'name', 'slug', 'description', 'posts_count']
def get_posts_count(self, obj):
return obj.posts.filter(status='published').count()
class PostListSerializer(serializers.ModelSerializer):
author = serializers.StringRelatedField()
category = serializers.StringRelatedField()
tags = serializers.StringRelatedField(many=True)
class Meta:
model = Post
fields = ['id', 'title', 'slug', 'author', 'category', 'tags',
'excerpt', 'published_at', 'created_at']
class PostDetailSerializer(serializers.ModelSerializer):
author = serializers.StringRelatedField()
category = CategorySerializer()
tags = serializers.StringRelatedField(many=True)
comments = serializers.SerializerMethodField()
class Meta:
model = Post
fields = ['id', 'title', 'slug', 'author', 'category', 'tags',
'content', 'excerpt', 'published_at', 'created_at', 'comments']
def get_comments(self, obj):
comments = obj.comments.filter(is_approved=True)
return CommentSerializer(comments, many=True).data
class CommentSerializer(serializers.ModelSerializer):
author = serializers.StringRelatedField()
class Meta:
model = Comment
fields = ['id', 'author', 'content', 'created_at']
class PostCreateSerializer(serializers.ModelSerializer):
class Meta:
model = Post
fields = ['title', 'content', 'excerpt', 'category', 'tags', 'status']
def create(self, validated_data):
validated_data['author'] = self.context['request'].user
return super().create(validated_data)
# api/views.py
from rest_framework import generics, permissions, filters
from rest_framework.decorators import api_view, permission_classes
from rest_framework.response import Response
from rest_framework.views import APIView
from django_filters.rest_framework import DjangoFilterBackend
from blog.models import Post, Category, Comment
from .serializers import (
PostListSerializer, PostDetailSerializer,
CategorySerializer, CommentSerializer, PostCreateSerializer
)
class PostListAPIView(generics.ListCreateAPIView):
queryset = Post.published.all()
filter_backends = [DjangoFilterBackend, filters.SearchFilter, filters.OrderingFilter]
filterset_fields = ['category', 'author', 'tags']
search_fields = ['title', 'content', 'excerpt']
ordering_fields = ['published_at', 'created_at']
ordering = ['-published_at']
def get_serializer_class(self):
if self.request.method == 'POST':
return PostCreateSerializer
return PostListSerializer
def get_permissions(self):
if self.request.method == 'POST':
return [permissions.IsAuthenticated()]
return [permissions.AllowAny()]
class PostDetailAPIView(generics.RetrieveUpdateDestroyAPIView):
queryset = Post.published.all()
serializer_class = PostDetailSerializer
def get_permissions(self):
if self.request.method in ['PUT', 'PATCH', 'DELETE']:
return [permissions.IsAuthenticated()]
return [permissions.AllowAny()]
class CategoryListAPIView(generics.ListAPIView):
queryset = Category.objects.all()
serializer_class = CategorySerializer
class CommentListCreateAPIView(generics.ListCreateAPIView):
serializer_class = CommentSerializer
permission_classes = [permissions.IsAuthenticatedOrReadOnly]
def get_queryset(self):
post_id = self.kwargs['post_id']
return Comment.objects.filter(post_id=post_id, is_approved=True)
def perform_create(self, serializer):
post_id = self.kwargs['post_id']
serializer.save(
author=self.request.user,
post_id=post_id,
is_approved=False # Comments need approval
)
@api_view(['GET'])
def api_root(request):
return Response({
'posts': request.build_absolute_uri('/api/posts/'),
'categories': request.build_absolute_uri('/api/categories/'),
'documentation': 'https://www.django-rest-framework.org/api-guide/'
})
# api/urls.py
from django.urls import path
from . import views
app_name = 'api'
urlpatterns = [
path('', views.api_root, name='api_root'),
path('posts/', views.PostListAPIView.as_view(), name='post_list'),
path('posts//', views.PostDetailAPIView.as_view(), name='post_detail'),
path('posts//comments/', views.CommentListCreateAPIView.as_view(), name='post_comments'),
path('categories/', views.CategoryListAPIView.as_view(), name='category_list'),
]
# myproject/settings.py additions
INSTALLED_APPS = [
# ... existing apps ...
'rest_framework',
'rest_framework_simplejwt',
'django_filters',
'api',
]
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.AllowAny',
],
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework_simplejwt.authentication.JWTAuthentication',
'rest_framework.authentication.SessionAuthentication',
],
'DEFAULT_FILTER_BACKENDS': [
'django_filters.rest_framework.DjangoFilterBackend',
'rest_framework.filters.SearchFilter',
'rest_framework.filters.OrderingFilter',
],
'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
'PAGE_SIZE': 10,
} Deployment and Production
Deploying Django applications:
# requirements.txt for production
Django==4.2.7
djangorestframework==3.14.0
django-filter==23.2
djangorestframework-simplejwt==5.2.2
gunicorn==21.2.0
whitenoise==6.6.0
psycopg2-binary==2.9.7
python-decouple==3.8
# myproject/settings.py (production settings)
import os
from decouple import config
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = config('SECRET_KEY')
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = config('DEBUG', default=False, cast=bool)
ALLOWED_HOSTS = config('ALLOWED_HOSTS', default='').split(',')
# Database
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql',
'NAME': config('DB_NAME'),
'USER': config('DB_USER'),
'PASSWORD': config('DB_PASSWORD'),
'HOST': config('DB_HOST'),
'PORT': config('DB_PORT', default='5432'),
}
}
# Static files (CSS, JavaScript, Images)
STATIC_URL = '/static/'
STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles')
# Media files
MEDIA_URL = '/media/'
MEDIA_ROOT = os.path.join(BASE_DIR, 'media')
# WhiteNoise for static files
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'whitenoise.middleware.WhiteNoiseMiddleware', # Add this
# ... other middleware ...
]
# Security settings for production
SECURE_BROWSER_XSS_FILTER = True
SECURE_CONTENT_TYPE_NOSSIFF = True
X_FRAME_OPTIONS = 'DENY'
SECURE_HSTS_SECONDS = 31536000 if not DEBUG else 0
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True
SECURE_SSL_REDIRECT = True if not DEBUG else False
SESSION_COOKIE_SECURE = True if not DEBUG else False
CSRF_COOKIE_SECURE = True if not DEBUG else False
# Email settings
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = config('EMAIL_HOST')
EMAIL_PORT = config('EMAIL_PORT', default=587, cast=int)
EMAIL_USE_TLS = config('EMAIL_USE_TLS', default=True, cast=bool)
EMAIL_HOST_USER = config('EMAIL_HOST_USER')
EMAIL_HOST_PASSWORD = config('EMAIL_HOST_PASSWORD')
# Logging
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'handlers': {
'file': {
'level': 'ERROR',
'class': 'logging.FileHandler',
'filename': 'django_errors.log',
},
},
'loggers': {
'django': {
'handlers': ['file'],
'level': 'ERROR',
'propagate': True,
},
},
}
# wsgi.py (for production deployment)
import os
from django.core.wsgi import get_wsgi_application
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'myproject.settings')
application = get_wsgi_application()
# gunicorn.conf.py
bind = "0.0.0.0:8000"
workers = 3
worker_class = "sync"
worker_connections = 1000
timeout = 30
keepalive = 2
max_requests = 1000
max_requests_jitter = 50
user = "www-data"
group = "www-data"
tmp_upload_dir = None
# Dockerfile
FROM python:3.9-slim
ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONUNBUFFERED 1
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
COPY . .
RUN python manage.py collectstatic --noinput
EXPOSE 8000
CMD ["gunicorn", "--config", "gunicorn.conf.py", "myproject.wsgi:application"]
# docker-compose.yml
version: '3.8'
services:
web:
build: .
command: gunicorn --config gunicorn.conf.py myproject.wsgi:application
volumes:
- static_volume:/app/staticfiles
- media_volume:/app/media
expose:
- 8000
environment:
- DEBUG=False
- SECRET_KEY=your-production-secret-key
- DB_NAME=myblog
- DB_USER=postgres
- DB_PASSWORD=postgres
- DB_HOST=db
- DB_PORT=5432
depends_on:
- db
db:
image: postgres:13
environment:
- POSTGRES_DB=myblog
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=postgres
volumes:
- postgres_data:/var/lib/postgresql/data
nginx:
image: nginx:1.21
ports:
- "80:80"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- static_volume:/app/staticfiles
- media_volume:/app/media
depends_on:
- web
volumes:
postgres_data:
static_volume:
media_volume:
# nginx.conf
events {
worker_connections 1024;
}
http {
upstream django {
server web:8000;
}
server {
listen 80;
server_name localhost;
location /static/ {
alias /app/staticfiles/;
}
location /media/ {
alias /app/media/;
}
location / {
proxy_pass http://django;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
# .env file (don't commit to version control)
DEBUG=False
SECRET_KEY=your-production-secret-key-here
ALLOWED_HOSTS=yourdomain.com,www.yourdomain.com
DB_NAME=myblog
DB_USER=postgres
DB_PASSWORD=your-db-password
DB_HOST=localhost
DB_PORT=5432
EMAIL_HOST=smtp.gmail.com
EMAIL_PORT=587
EMAIL_USE_TLS=True
EMAIL_HOST_USER=your-email@gmail.com
EMAIL_HOST_PASSWORD=your-app-passwordBest Practices
- Use class-based views: For complex logic and reusability
- Implement proper authentication: Use Django's built-in auth system
- Use Django ORM effectively: Leverage querysets and managers
- Configure settings properly: Separate dev/prod configurations
- Use Django admin: For content management
- Implement proper error handling: Custom error pages and logging
- Use Django REST Framework: For API development
- Implement caching: For performance optimization
- Use migrations: For database schema changes
- Write tests: Unit and integration tests
- Use environment variables: For sensitive configuration
- Implement security measures: CSRF, XSS protection
- Use Django forms: For validation and security
- Optimize database queries: Use select_related and prefetch_related
- Use signals appropriately: For decoupled functionality
Common Patterns and Tips
- MVC architecture: Model-View-Template pattern
- URL namespaces: Avoid URL conflicts
- Template inheritance: DRY principle for templates
- Context processors: Global template context
- Middleware: Request/response processing
- Custom template tags: Reusable template logic
- Model managers: Custom query methods
- Signals: Decoupled event handling
- Fixtures: Sample data for testing
- Custom commands: Management commands
- Internationalization: Multi-language support
- Static file optimization: Compression and caching
- Database optimization: Indexing and query optimization
- Security hardening: HTTPS, secure headers
- Monitoring: Logging and error tracking
- Performance profiling: Identify bottlenecks
Django is a powerful and mature web framework that follows the "batteries included" philosophy. It provides everything you need to build complex web applications quickly and securely. The framework's emphasis on reusability, security, and scalability makes it an excellent choice for both small projects and large-scale applications.