Django for Professionals Production Websites with Python Django (William S. Vincent) (z-library.sk, 1lib.sk, z-lib.sk)

📄 File Format: PDF

💾 File Size: 12.5 MB

📖 Read Online ⬇️ Download

Registered users can read the full content for free

Register as a Gaohf Library member to read the complete e-book online for free and enjoy a better reading experience.

📄 Page 1

(This page has no text content)

📄 Page 2

Django for Professionals Production websites with Python & Django William S. Vincent This book is for sale at http://leanpub.com/djangoforprofessionals This version was published on 2019-11-04 This is a Leanpub book. Leanpub empowers authors and publishers with the Lean Publishing process. Lean Publishing is the act of publishing an in-progress ebook using lightweight tools and many iterations to get reader feedback, pivot until you have the right book and build traction once you do. © 2018 - 2019 William S. Vincent

📄 Page 3

Also ByWilliam S. Vincent Django for Beginners Django for APIs

📄 Page 4

Contents Introduction 1 Prerequisites 2 Book Structure 3 Book Layout 4 Text Editor 5 Conclusion 6 Chapter 1: Docker 7 What is Docker? 8 Containers vs. Virtual Environments 9 Install Docker 10 Docker Hello, World 11 Django Hello, World 13 Pages App 16 Images, Containers, and the Docker Host 21 Git 27 Conclusion 27 Chapter 2: PostgreSQL 29 Starting 30 Docker 31 Detached Mode 33 PostgreSQL 36

📄 Page 5

CONTENTS Settings 39 Psycopg 41 New Database 43 Git 46 Conclusion 47 Chapter 3: Bookstore Project 48 Docker 51 PostgreSQL 53 Custom User Model 54 Custom User Forms 58 Custom User Admin 60 Superuser 61 Tests 63 Unit Tests 63 Git 66 Conclusion 67 Chapter 4: Pages App 68 Templates 69 URLs and Views 72 Tests 74 Testing Templates 77 Testing HTML 78 setUp Method 80 Resolve 82 Git 84 Conclusion 85 Chapter 5: User Registration 86

📄 Page 6

CONTENTS Auth App 86 Auth URLs and Views 88 Homepage 89 Django Source Code 92 Log In 95 Redirects 97 Log Out 99 Sign Up 101 Tests 107 setUpTestData() 110 Git 111 Conclusion 111 Chapter 6: Static Assets 112 staticfiles app 112 STATIC_URL 112 STATICFILES_DIRS 113 STATIC_ROOT 113 STATICFILES_FINDERS 114 Static Directory 115 Images 117 JavaScript 120 collectstatic 122 Bootstrap 123 About Page 126 Django Crispy Forms 129 Tests 134 Git 136 Conclusion 136

📄 Page 7

CONTENTS Chapter 7: Advanced User Registration 137 django-allauth 138 AUTHENTICATION_BACKENDS 139 EMAIL_BACKEND 141 ACCOUNT_LOGOUT_REDIRECT 142 URLs 144 Templates 145 Log In 147 Log Out 149 Sign Up 151 Admin 155 Email Only Login 158 Tests 162 Social 165 Git 165 Conclusion 166 Chapter 8: Environment Variables 167 .env files 168 SECRET_KEY 168 DEBUG 171 Databases 173 Git 173 Conclusion 174 Chapter 9: Email 175 Custom Confirmation Emails 175 Email Confirmation Page 182 Password Reset and Password Change 185 Email Service 185

📄 Page 8

CONTENTS Git 186 Conclusion 187 Chapter 10: Books App 188 Models 189 Admin 191 URLs 195 Views 196 Templates 197 object_list 199 Individual Book Page 201 context_object_name 205 get_absolute_url 206 Primary Keys vs. IDs 208 Slugs vs. UUIDs 209 Navbar 213 Tests 214 Git 216 Conclusion 216 Chapter 11: Reviews App 218 Foreign Keys 218 Reviews model 220 Admin 222 Templates 227 Tests 229 Git 232 Conclusion 232 Chapter 12: File/Image Uploads 234

📄 Page 9

CONTENTS Media Files 234 Models 236 Admin 239 Template 241 Next Steps 245 Git 245 Conclusion 246 Chapter 13: Permissions 247 Logged-In Users Only 247 Permissions 249 Custom Permissions 252 User Permissions 253 PermissionRequiredMixin 255 Groups & UserPassesTestMixin 258 Tests 258 Git 262 Conclusion 262 Chapter 14: Orders with Stripe 263 Payments Flow 264 Orders app 264 Stripe 269 Publishable & Secret Keys 273 Stripe Checkout 275 Charges 281 Stripe + Permissions 285 Templates 287 Tests 289 Git 290

📄 Page 10

CONTENTS Conclusion 290 Chapter 15: Search 291 Search Results Page 291 Basic Filtering 294 Q Objects 296 Forms 297 Search Form 298 Git 301 Conclusion 302 Chapter 16: Performance 303 django-debug-toolbar 304 Analyzing Pages 308 select_related and prefetch_related 310 Caching 310 Indexes 313 django-extensions 315 Front-end Assets 315 Git 316 Conclusion 317 Chapter 17: Security 318 Social Engineering 318 Django updates 319 Deployment Checklist 320 Local vs. Production 320 DEBUG 323 ALLOWED HOSTS 323 Web Security 325

📄 Page 11

CONTENTS SQL injection 325 XSS (Cross Site Scripting) 326 Cross-Site Request Forgery (CSRF) 327 Clickjacking Protection 329 HTTPS/SSL 330 HTTP Strict Transport Security (HSTS) 331 Secure Cookies 332 Admin Hardening 333 Git 335 Conclusion 335 Chapter 18: Deployment 337 PaaS vs IaaS 337 WhiteNoise 338 Gunicorn 341 dj-database-url 342 Heroku 343 Deploying with Docker 344 heroku.yml 345 Heroku Deployment 347 SECURE_PROXY_SSL_HEADER 354 Heroku Logs 355 Stripe Live Payments 356 Heroku Add-ons 357 PonyCheckup 358 Conclusion 360 Conclusion 361

📄 Page 12

Introduction Welcome to Django for Professionals, a guide to building professional websites with the Django web framework1. There is a massive gulf between building simple “toy apps” that can be created and deployed quickly and what it takes to build a “produc- tion-ready” web application suitable for deployment to thousands or even millions of users. This book will show you to how to bridge that gap. When you first install Django and create a new project the default settings are geared towards fast local development. And this makes sense: there’s no need to add all the additional features required of a large website until you know you need them. These defaults include SQLite as the default database, a local web server, local static asset hosting, built-in Usermodel, and DEBUGmode turned on. But for a production projectmany, if notmost, of these settingsmust be reconfigured. And even then there can be a frustrating lack of agreement among the experts. For example, what’s the best production database to use?ManyDjango developers,myself included, choose PostgreSQL. It is whatwewill use in this book. However an argument can be made for MySQL depending on the project. It really does all depend on the specific requirements of a project. Rather than overwhelm the reader with the full array of choices available this book shows one approach, grounded in current Django community best practices, for building a professional website. The topics covered include using Docker for local development and deployment, PostgreSQL, a customusermodel, robust user authen- tication flow with email, comprehensive testing, environment variables, security and performance improvements, and more. 1https://djangoproject.com

📄 Page 13

Introduction 2 By the end of this book you will have built a professional website and learned all the necessary steps to do so. Whether you are starting a new project that hopes to be as large as Instagram (currently the largest Django website in the world) or making much-needed updates to an existing Django project, you will have the tools and knowledge to do so. Prerequisites If you’re brand-new to either Django or web development, this is not the book for you. The pace will be far too fast. While you could read along, copy all the code, and have a working website at the end, I instead recommend starting with my book Django for Beginners2. It starts with the very basics and progressively introduces concepts via building five increasingly complex Django applications. After completing that book you will be ready for success with this book. I have also written a book on transforming Django websites into web APIs called Django for APIs3. In practice most Django developers work in teams with other developers and focus on back-end APIs, not full-stack web applications that require dedicated JavaScript front-ends. Reading Django for APIs is therefore helpful to your education as a Django developer, but not required before reading this book. We will use Docker throughout most of this book but still rely, briefly, on having Python 3, Django, and Pipenv installed locally. Git is also a necessary part of the developer toolchain. If you need help on these steps you can find more details here4. Finally we will be using the command line extensively in this book as well so if you need a refresher on it, please see here5. 2https://djangoforbeginners.com 3https://djangoforapis.com 4https://djangoforbeginners.com/initial-setup/ 5https://wsvincent.com/terminal-command-line-for-beginners/

📄 Page 14

Introduction 3 Book Structure Chapter 1 starts with an introduction to Docker and explores how to “dockerize” a traditional Django project. In Chapter 2 PostgreSQL is introduced, a production- ready database that we can run locally within our Docker environment. Then Chapter 3 starts the main project in the book: an online Bookstore featuring a custom user model, payments, search, image uploads, permissions, and a host of other goodies. Chapter 4 focuses on building out a Pages app for a basic homepage along with robust testing which is included with every new feature on the site. In Chapter 5 a complete user registration flow is implemented from scratch using the built-in auth app for sign up, log in, and log out. Chapter 6 introduces proper static asset configuration for CSS, JavaScript, and images as well as the addition of Bootstrap for styling. In Chapter 7 the focus shifts to advanced user registration, namely including email- only log in and social authentication via the third-party django-allauth package. Chapter 8 introduces environment variables, a key component of Twelve-Factor App development and a best practice widely used in the web development community. Rounding out the set up of our project, Chapter 9 focuses on email and adding a dedicated third-party provider. The structure of the first half of the book is intentional. When it comes time to build your own Django projects, chances are you will be repeating many of the same steps from Chapters 3-9. After all, every new project needs proper configuration, user authentication, and environment variables. So treat these chapters as your detailed explanation and guide. The second half of the book focuses on specific features related to our Bookstore website. Chapter 10 starts with building out the models, tests, and pages for our Bookstore via a Books app. There is also a discussion of URLs and switching from id to a slug to a UUID (Universally Unique IDentifier) in the URLs. Chapter 11 features the addition of

📄 Page 15

Introduction 4 reviews to our Bookstore and a discussion of foreign keys. In Chapter 12 image-uploading is added and in Chapter 13 permissions are set across the site to lock it down. An ordering option is added in Chapter 14 via Stripe. For any site but especially e-commerce, search is a vital component and Chapter 15 walks through building a form and increasingly complex search filters for the site. In Chapter 16 the focus switches to performance optimizations including the addition of django-debug-toolbar to inspect queries and templates, database indexes, front- end assets, andmultiple built-in caching options.Chapter 17 covers security inDjango, both the built-in options as well as additional configurations that can–and should–be added for a production environment. The final section, Chapter 18, is on deployment, the standard upgrades needed to migrate away from the Django web server, local static file handling, and configuring ALLOWED_HOSTS. The Conclusion touches upon various next steps to take with the project and addi- tional Django best practices. Book Layout There are many code examples in this book, which are formatted as follows: Code # This is Python code print(Hello, World) For brevity we will use dots ... to denote existing code that remains unchanged, for example, in a function we are updating.

📄 Page 16

Introduction 5 Code def make_my_website: ... print("All done!") We will also use the command line console frequently to execute commands, which take the form of a $ prefix in traditional Unix style. Command Line $ echo "hello, world" The result of this particular command in the next line will state: Command Line "hello, world" Typically both a command and its output will be combined for brevity. The command will always be prefaced by a $ and the output will not. For example, the command and result above would be represented as follows: Command Line $ echo "hello, world" hello, world Text Editor A modern text editor is a must-have part of any software developer’s toolkit. Among other features they come with plug-ins that help format and correct errors in Python code. Popular options include Black6, autopep87, and YAPF8. 6https://github.com/ambv/black 7https://github.com/hhatto/autopep8 8https://github.com/google/yapf

📄 Page 17

Introduction 6 Seasoned developers may still prefer using Vim9 or Emacs10, but newcomers and increasingly experienced programmers as well prefer modern text editors such as VSCode11, Atom12, Sublime Text13, or PyCharm14. Conclusion Django is an excellent choice for any developer who wants to build modern, robust web applications with a minimal amount of code. It is popular, under active develop- ment, and thoroughly battle-tested by the largest websites in the world. Complete source code for the book can be found in the official Github repository15. In the next chapterwe’ll learn how to configure any computer forDjango development with Docker. 9https://www.vim.org/ 10https://www.gnu.org/software/emacs/ 11https://code.visualstudio.com/ 12https://atom.io/ 13https://www.sublimetext.com/ 14https://www.jetbrains.com/pycharm/ 15https://github.com/wsvincent/djangoforprofessionals

📄 Page 18

Chapter 1: Docker Properly configuring a local development environment remains a steep challenge despite all the other advances in modern programming. There are simply too many variables: different computers, operating systems, versions of Django, virtual envi- ronment options, and so on. When you add in the challenge of working in a team environment where everyone needs to have the same set up the problem only magnifies. In recent years a solution has emerged: Docker16. Although only a few years old, Docker has quickly become the default choice for many developers working on production-level projects. With Docker it’s finally possible to faithfully and dependably reproduce a production environment locally, everything from the proper Python version to installing Django and running additional services like a production-level database. This means it no longermatter if you are on aMac,Windows, or Linux computer. Everything is running within Docker itself. Docker also makes collaboration in teams exponentially easier. Gone are the days of sharing long, out-of-date README files for adding a new developer to a group project. Instead with Docker you simply share two files–a Dockerfile and docker-compose.yml file–and the developer can have confidence that their local development environment is exactly the same as the rest of the team. Docker is not a perfect technology. It is still relatively new, complex under-the-hood, and under active development. But the promise that it aspires to–a consistent and 16https://www.docker.com/

📄 Page 19

Chapter 1: Docker 8 shareable developer environment, that can be run either locally on any computer or deployed to any server–makes it a solid choice. In this chapter we’ll learn a little bit more about Docker itself and “Dockerize” our first Django project. What is Docker? Docker is a way to isolate an entire operating system via Linux containers which are a type of virtualization17. Virtualization has its roots at the beginning of computer science when large, expensive mainframe computers were the norm. How could multiple programmers use the same single machine? The answer was virtualization and specifically virtual machines18 which are complete copies of a computer system from the operating system on up. If you rent space on a cloud provider like Amazon Web Services (AWS)19 they are typically not providing you with a dedicated piece of hardware. Instead you are sharing one physical serverwith other clients. But because each client has their virtual machine running on the server, it appears to the client as if they have their own server. This technology is what makes it possible to quickly add or remove servers from a cloud provider. It’s largely software behind the scenes, not actual hardware being changed. What’s the downside to a virtual machine? Size and speed. A typical guest operating system can easily take up 700MB of size. So if one physical server supports three virtual machines, that’s at least 2.1GB of disk space taken up alongwith separate needs for CPU and memory resources. 17https://en.wikipedia.org/wiki/Virtualization 18https://en.wikipedia.org/wiki/Virtual_machine 19https://aws.amazon.com/

📄 Page 20

Chapter 1: Docker 9 Enter Docker. The key idea is that most computers rely on the same Linux20 operating system, so what if we virtualized from the Linux layer up21 instead? Wouldn’t that provide a lightweight, faster way to duplicate much of the same functionality? The answer is yes. And in recent years Linux containers22 have becomewidely popular. For most applications–especially web applications–a virtual machine provides far more resources than are needed and a container is more than sufficient. This, fundamentally, is what Docker is: a way to implement Linux containers! An analogy we can use here is that of homes and apartments. Virtual Machines are like homes: stand-alone buildings with their own infrastructure including plumbing and heating, as well as a kitchen, bathrooms, bedrooms, and so on. Docker containers are like apartments: they share common infrastructure like plumbing and heating, but come in various sizes that match the exact needs of an owner. Containers vs. Virtual Environments As a Python programmer you should already familiar with the concept of virtual environments, which are a way to isolate Python packages. Thanks to virtual envi- ronments, one computer can run multiple projects locally. For example, Project A might use Python 3.4 and Django 1.11 among other dependencies; whereas Project B uses Python 3.7 and Django 2.2. By configuring a dedicated virtual environment for each project we can manage these different software packages while not polluting our global environment. Confusingly there are multiple popular tools right now to implement virtual environ- ments: everything from virtualenv to venv to Pipenv, but fundamentally they all do the same thing. 20https://en.wikipedia.org/wiki/Linux 21https://en.wikipedia.org/wiki/Operating-system-level_virtualization 22https://en.wikipedia.org/wiki/Linux_containers