Mastering Django: Core电子书

Mastering Django: Core

Mastering Django: Core

Credits

About the Author

www.PacktPub.com

Why subscribe?

Preface

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

1. Introduction to Django and Getting Started

Introducing Django

Django's history

Installing Django

Installing Python

Python versions

Installation

Installing a Python Virtual Environment

Installing Django

Setting up a database

Starting a project

Django settings

The development server

The Model-View-Controller (MVC) design pattern

What's next?

2. Views and URLconfs

Your first Django-powered page: Hello World

Your first view

Your first URLconf

Regular expressions

A quick note about 404 errors

A quick note about the site root

How Django processes a request

Your second view: dynamic content

URLconfs and loose coupling

Your third view: dynamic URLs

Django's pretty error pages

What's next?

3. Templates

Template system basics

Using the template system

Creating template objects

Rendering a template

Dictionaries and contexts

Multiple contexts, same template

Context variable lookup

Method call behavior

How invalid variables are handled

Basic template-tags and filters

Tags

if/else

for

ifequal/ifnotequal

Comments

Filters

Philosophies and limitations

Using templates in views

Template loading

Template directories

render()

Template subdirectories

The include template tag

Template inheritance

What's next?

4. Models

The "dumb" way to do database queries in views

Configuring the database

Your first app

Defining Models in Python

Your first model

Installing the Model

Basic data access

Adding model string representations

Inserting and updating data

Selecting objects

Filtering data

Retrieving single objects

Ordering data

Chaining lookups

Slicing data

Updating multiple objects in one statement

Deleting objects

What's next?

5. The Django Admin Site

Using the admin site

Start the development server

Enter the admin site

Adding your models to the admin site

Making fields optional

Making date and numeric fields optional

Customizing field labels

Custom model admin classes

Customizing change lists

Customizing edit forms

Users, groups, and permissions

When and why to use the admin interface-and when not to

What's next?

6. Forms

Getting data from the Request Object

Information about the URL

Other information about the Request

Information about submitted data

A simple form-handling example

Query string parameters

Improving our simple form-handling example

Simple validation

Making a contact form

Your first form class

Tying form objects into views

Changing how fields are rendered

Setting a maximum length

Setting initial values

Custom validation rules

Specifying labels

Customizing form design

What's next?

7. Advanced Views and URLconfs

URLconf Tips and Tricks

Streamlining function imports

Special-Casing URLs in debug mode

Named groupsPreview

The matching/grouping algorithm

What the URLconf searches against

Captured arguments are always strings

Specifying defaults for view arguments

Performance

Error handling

Including other URLconfs

Captured parameters

Passing extra options to view functions

Passing extra options to include()

Reverse resolution of URLs

Examples

Naming URL patterns

URL namespaces

Reversing namespaced URLs

URL namespaces and included URLconfs

What's next?

8. Advanced Templates

Template language review

Requestcontext and context processors

auth

DEBUG

i18n

MEDIA

static

csrf

Request

messages

Guidelines for writing our own context processors

Automatic HTML escaping

How to turn it off

For individual variables

For template blocks

Automatic escaping of string literals in filter arguments

Inside Template loading

The DIRS option

Loader types

Filesystem loader

App directories loader

Other loaders

Extending the template system

Code layout

Creating a template library

Custom template tags and filters

Writing custom template filters

Registering custom filters

Template filters that expect strings

Filters and auto-escaping

Filters and time zones

Writing custom template tags

Simple tags

Inclusion tags

Assignment tags

Advanced custom template tags

A quick overview

Writing the compilation function

Writing the renderer

Auto-escaping Considerations

Thread-safety Considerations

Registering the tag

Passing template variables to The Tag

Setting a variable in the context

Variable scope in context

Parsing until another block tag

Parsing until another block tag, and saving contents

What's next

9. Advanced Models

Related objects

Accessing ForeignKey values

Accessing many-to-many values

Managers

Adding extra manager methods

Modifying initial manager QuerySets

Model methods

Overriding predefined model methods

Executing raw SQL queries

Performing raw queries

Model table names

Mapping query fields to model fields

Index lookups

Deferring model fields

Adding annotations

Passing parameters into raw()

Executing custom SQL directly

Connections and cursors

Adding extra Manager methods

What's next?

10. Generic Views

Generic views of objects

Making "friendly" template contexts

Adding extra context

Viewing subsets of objects

Dynamic filtering

Performing extra work

What's next?

11. User Authentication in Django

Overview

Using the Django authentication system

User objects

Creating superusers

Creating users

Changing passwords

Permissions and authorization

Default permissions

Groups

Programmatically creating permissions

Permission caching

Authentication in web requests

How to log a user in

How to log a user out

Limiting access to logged-in users

The raw way

The login_required decorator

Limiting access to logged-in users that pass a test

The permission_required() decorator

Session invalidation on password change

Authentication views

Login

Logout

Logout_then_login

Password_change

Password_change_done

Password_reset

Password_reset_done

Password_reset_confirm

Password_reset_complete

The redirect_to_login helper function

Built-in forms

Authenticating data in templates

Users

Permissions

Managing users in the admin

Creating users

Changing passwords

Password management in Django

How Django stores passwords

Using Bcrypt with Django

Password truncation with BCryptPasswordHasher

Other Bcrypt implementations

Increasing the work factor

Password upgrading

Manually managing a user's password

Customizing authentication in Django

Other authentication sources

Specifying authentication backends

Writing an authentication backend

Handling authorization in custom backends

Authorization for anonymous users

Authorization for inactive users

Handling object permissions

Custom permissions

Extending the existing user model

Substituting a custom user model

What's next?

12. Testing in Django

Introduction to testing

Introducing automated testing

What are automated tests?

So why create tests?

Basic testing strategies

Writing a test

Creating a test

Running tests

Testing tools

The test client

Provided TestCase classes

Simple TestCase

Transaction TestCase

TestCase

LiveServerTestCase

Test cases features

Default test client

Fixture loading

Overriding settings

settings()

modify_settings()

override_settings()

modify_settings()

Assertions

Email services

Management commands

Skipping tests

The test database

Using different testing frameworks

What's next?

13. Deploying Django

Preparing your codebase for production

Deployment checklist

Critical settings

SECRET_KEY

DEBUG

Environment-specific settings

ALLOWED_HOSTS

CACHES

DATABASES

EMAIL_BACKEND and Related Settings

STATIC_ROOT and STATIC_URL

MEDIA_ROOT and MEDIA_URL

HTTPS

CSRF_COOKIE_SECURE

SESSION_COOKIE_SECURE

Performance optimizations

CONN_MAX_AGE

TEMPLATES

Error reporting

LOGGING

ADMINS and MANAGERS

Customize the default error views

Using a virtualenv

Using different settings for production

Deploying Django to a production server

Deploying Django with Apache and mod_wsgi

Basic configuration

Using mod_wsgi daemon Mode

Serving files

Serving the admin files

If you get a UnicodEncodError

Serving static files in production

Serving the site and your static files from the same server

Serving static files from a dedicated server

Serving static files from a cloud service or CDN

Scaling

Running on a single server

Separating out the database server

Running a separate media server

Implementing load balancing and redundancy

Going big

Performance tuning

There's no such thing as Too Much RAM

Turn off Keep-Alive

Use Memcached

Use Memcached often

Join the conversation

What's next?

14. Generating Non-HTML Content

The basics: views and MIME types

Producing CSV

Streaming large CSV files

Using the template system

Other text-based formats

Generating PDF

Install ReportLab

Write your view

Complex PDF's

Further resources

Other possibilities

The syndication feed framework

The high-level framework

Overview

Feed classes

A simple example

A complex example

Specifying the type of feed

Enclosures

Language

URLs

Publishing Atom and RSS Feeds in tandem

The low-level framework

SyndicationFeed classes

SyndicationFeed.__init__()

SyndicationFeed.add_item()

SyndicationFeed.write()

SyndicationFeed.writeString()

Custom feed generators

SyndicationFeed.root_attributes(self, )

SyndicationFeed.add_root_elements(self, handler)

SyndicationFeed.item_attributes(self, item)

SyndicationFeed.add_item_elements(self, handler, item)

The Sitemap framework

Installation

Initialization

Sitemap classes

A simple example

Sitemap class reference

items

location

lastmod

changefreq

priority

protocol

i18n

Shortcuts

Example

Sitemap for static views

Creating a sitemap index

Template customization

Context variables

Index

Sitemap

Pinging google

django.contrib.syndication.ping_google()

Pinging Google via manage.py

What's next?

15. Django Sessions

Enabling sessions

Configuring the session engine

Using database-backed sessions

Using cached sessions

Using file-based sessions

Using cookie-based sessions

Using Sessions in Views

flush()

set_test_cookie()

test_cookie_worked()

delete_test_cookie()

set_expiry(value)

get_expiry_age()

get_expiry_date()

get_expire_at_browser_close()

clear_expired()

cycle_key()

Session object guidelines

Session serialization

Bundled serializers

serializers.JSONSerializer

serializers.PickleSerializer

Write your own serializer

Setting test cookies

Using sessions out of views

When sessions are saved

Browser-length sessions vs. persistent sessions

Clearing the session store

What's next

16. Djangos Cache Framework

Setting up the cache

Memcached

Database caching

Creating the cache table

Multiple databases

Filesystem caching

Local-memory caching

Dummy caching (for development)

Using a custom cache backend

Cache arguments

The per-site cache

The per-view cache

Specifying per-view Cache in the URLconf

Template fragment caching

The low-level cache API

Accessing the cache

Basic usage

Cache key prefixing

Cache versioning

Cache key transformation

Cache key warnings

Downstream caches

Using vary headers

Controlling cache: using other headers

What's next?

17. Django Middleware

Activating middleware

Hooks and application order

Writing your own middleware

process_request

process_view

process_template_response

process_response

Dealing with streaming responses

process_exception

__init__

Marking middleware as unused

Additional guidelines

Available middleware

Cache middleware

Common middleware

GZip middleware

Conditional GET middleware

Locale middleware

Message middleware

Security middleware

HTTP strict transport security

X-content-type-options: nosniff

X-XSS-protection

SSL redirect

Session middleware

Site middleware

Authentication middleware

CSRF protection middleware

X-Frame-options middleware

Middleware ordering

What's next?

18. Internationalization

Definitions

Internationalization

Localization

locale name

language code

message file

translation string

format file

Translation

Internationalization: in Python code

Standard translation

Comments for Translators

Marking strings as No-Op

Pluralization

Contextual markers

Lazy translation

Model fields and relationships

Model verbose names values

Model methods short_description attribute values

Working with lazy translation objects

Lazy translations and plural

Joining strings: string_concat()

Other uses of lazy in delayed translations

Localized names of languages

Internationalization: In template code

trans template tag

blocktrans template tag

String literals passed to tags and filters

Comments for translators in templates

Switching language in templates

Other tags

Internationalization: In Javascript code

The javascript_catalog view

Using the JavaScript translation catalog

Note on performance

Internationalization: In URL patterns

Language prefix in URL patterns

Translating URL patterns

Reversing in templates

Localization: How to create language files

Message files

Compiling message files

Creating message files from JavaScript source code

gettext on windows

Customizing the makemessages command

Explicitly setting the active language

Using translations outside views and templates

Implementation notes

Specialties of Django translation

How Django discovers language preference

How Django discovers translations

What's next?

19. Security in Django

Django's built in security features

Cross Site Scripting (XSS) protection

Cross Site Request Forgery (CSRF) protection

How to use it

AJAX

Other template engines

The decorator method

Rejected requests

How it works

Caching

Testing

Limitations

Edge cases

Utilities

django.views.decorators.csrf.csrf_exempt(view)

django.views.decorators.csrf.requires_csrf_token(view)

django.views.decorators.csrf.ensure_csrf_cookie(view)

Contrib and reusable apps

CSRF settings

SOL injection protection

Clickjacking protection

An example of clickjacking

Preventing clickjacking

How to use it

Setting X-Frame-Options for all responses

Setting X-Frame-Options per view

Limitations

Browsers that support X-Frame-Options

SSL/HTTPS

HTTP strict transport security

Host header validation

Session security

User-Uploaded content

Additional security tips

Archive of security issues

Cryptographic signing

Protecting the SECRET_KEY

Using the low-level API

Using the salt argument

Verifying timestamped values

Protecting complex data structures

Security middleware

What's next?

20. More on Installing Django

Running other databases

Installing Django manually

Upgrading Django

Remove any old versions of Django

Installing a Distribution-specific package

Installing the development version

What's next?

21. Advanced Database Management

General notes

Persistent connections

Connection management

Caveats

Encoding

postgreSQL notes

Optimizing postgreSQL's configuration

Isolation level

Indexes for varchar and text columns

MySQL notes

Version support

Storage engines

MySQL DB API drivers

mySQLdb

mySQLclient

mySQL connector/python

Timezone definitions

Creating your database

Collation settings

Connecting to the database

Creating your tables

Table names

Savepoints

Notes on specific fields

Character fields

Fractional seconds support for time and datetime fields

TIMESTAMP columns

Row locking with Queryset.Select_For_Update()

Automatic typecasting can cause unexpected results

SQLite notes

Substring matching and case sensitivity

Old SQLite and CASE expressions

Using newer versions of the SQLite DB-API 2.0 driver

Database is locked errors

queryset.Select_For_Update() not Supported

pyformat parameter style in raw queries not supported

Parameters not quoted in connection.queries

Oracle notes

Connecting to the database

Threaded option

INSERT ... RETURNING INTO

Naming issues

NULL and empty strings

Textfield limitations

Using a 3rd-Party database backend

Integrating Django with a legacy database

Give Django your database parameters

Auto-generate the models

Install the core Django tables

Cleaning up generated models

Test and tweak

What's next?

A. Model Definition Reference

Fields

Field name restrictions

FileField notes

FileField FileField.upload_to

FileField.storage

FileField and FieldFile

FieldFile.url

FieldFile.open(mode='rb')

FieldFile.close()

FieldFile.save(name, content, save=True)

FieldFile.delete(save=True)

Universal field options

Field attribute reference

Attributes for fields

Field.auto_created

Field.concrete

Field.hidden

Field.is_relation

Field.model

Attributes for fields with relations

Field.many_to_many

Field.many_to_one

Field.one_to_many

Field.one_to_one

Field.related_model

Relationships

ForeignKey

Database representation

Arguments

limit_choices_to

related_name

related_query_name

to_field

db_constraint

on_delete

swappable

ManyToManyField

Database representation

Arguments

related_name

related_query_name

limit_choices_to

symmetrical

through

through_fields

db_table

db_constraint

swappable

OneToOneField

parent_link

Model metadata options

B. Database API Reference

Creating objects

Saving changes to objects

Saving ForeignKey and ManyToManyField fields

Retrieving objects

Retrieving all objects

Retrieving specific objects with filters

Chaining filters

Filtered querysets are unique

QuerySets are lazy

Retrieving a single object with get

Other queryset methods

Limiting querysets

Field lookups

Lookups that span relationships

Spanning multi-valued relationships

Filters can reference fields on the model

The pk lookup shortcut

Escaping percent signs and underscores in LIKE statements

Caching and querysets

When querysets are not cached

Complex lookups with Q objects

Comparing objects

Deleting objects

Copying model instances

Updating multiple objects at once

Related objects

One-to-many relationships

Forward

Following relationships backward

Using a custom reverse manager

Additional methods to handle related objects

Many-to-many relationships

One-to-one relationships

Queries over related objects

Falling back to raw SQL

C. Generic View Reference

Common arguments to generic views

Simple generic views

Rendering a template-TemplateView

Redirecting to another URL

Attributes

url

pattern_name

permanent

query_string

Methods

List/detail generic views

Lists of objects

Detail views

Date-Based Generic Views

ArchiveIndexView

YearArchiveView

MonthArchiveView

WeekArchiveView

DayArchiveView

TodayArchiveView

DateDetailView

Form handling with class-based views

Basic forms

Model forms

Models and request.user

AJAX example

D. Settings

What's a settings file?

Default settings

Seeing which settings you've changed

Using settings in Python code

Altering settings at runtime

Security

Creating your own settings

DJANGO_SETTINGS_MODULE

The django-admin utility

On the server (mod_wsgi)

Using settings without setting DJANGO_SETTINGS_MODULE

Custom default settings

Either configure() or DJANGO_SETTINGS_MODULE is required

Available settings

Core settings

Auth

Messages

Sessions

Sites

Static files

E. Built-in Template Tags and Filters

Built-in tags

autoescape

block

comment

csrf_token

cycle

debug

extends

filter

firstof

for

for... empty

if

Boolean operators

Complex expressions

Filters

ifchanged

ifequal

ifnotequal

include

load

lorem

now

regroup

spaceless

templatetag

url

verbatim

widthratio

with

Built-in filters

add

addslashes

capfirst

center

cut

date

default

default_if_none

dictsort

dictsortreversed

divisibleby

escape

escapejs

filesizeformat

first

floatformat

get_digit

iriencode

join

last

length

length_is

linebreaks

linebreaksbr

linenumbers

ljust

lower

make_list

phone2numeric

pluralize

pprint

random

rjust

safe

safeseq

slice

slugify

stringformat

striptags

time

timesince

timeuntil

title

truncatechars

truncatechars_html

truncatewords

truncatewords_html

unordered_list

upper

urlencode

urlize

urlizetrunc

wordcount

wordwrap

yesno

Internationalization tags and filters

i18n

l10n

tz

Other tags and filters libraries

static

get_static_prefix

get_media_prefix

F. Request and Response Objects

HttpRequest objects

Attributes

Methods

QueryDict objects

Methods

HttpResponse objects

Usage

Attributes

Methods

HttpResponse subclasses

JsonResponse Objects

Usage

StreamingHttpResponse objects

Performance considerations

Attributes

FileResponse objects

Error views

The 404 (page not found) view

The 500 (server error) view

The 403 (HTTP Forbidden) view

The 400 (bad request) view

Customizing error views

G. Developing Django with Visual Studio

Installing Visual Studio

Install PTVS and Web Essentials

Creating A Django project

Start a Django project

Django development in Visual Studio

Integration of Django management commands

Easy installation of Python packages

Easy installation of new Django apps