Awesome-omni-skill django-framework
Django full-featured Python web framework with batteries included (ORM, admin, auth)
install
source · Clone the upstream repo
git clone https://github.com/diegosouzapw/awesome-omni-skill
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/diegosouzapw/awesome-omni-skill "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/development/django-framework-bobmatnyc" ~/.claude/skills/diegosouzapw-awesome-omni-skill-django-framework-2342e3 && rm -rf "$T"
manifest:
skills/development/django-framework-bobmatnyc/SKILL.mdsource content
Django Framework Skill
progressive_disclosure: entry_point: summary: "Full-featured Python web framework with batteries included (ORM, admin, auth)" when_to_use: - "When building content-heavy web applications" - "When needing built-in admin interface" - "When using Django ORM and migrations" - "When building REST APIs with Django REST Framework" quick_start: - "pip install django" - "django-admin startproject myproject" - "python manage.py runserver" token_estimate: entry: 75-90 full: 4500-5500
Overview
Django is a high-level Python web framework that encourages rapid development and clean, pragmatic design. Built by experienced developers, it takes care of much of the hassle of web development, enabling focus on writing applications without reinventing the wheel.
Key Philosophy: "Batteries included" - Django comes with extensive built-in features including ORM, authentication, admin interface, forms, and security features.
Core Concepts
MVT Architecture (Model-View-Template)
Django follows the MVT pattern:
- Model: Data layer (ORM models, database schema)
- View: Business logic (handles requests, returns responses)
- Template: Presentation layer (HTML with Django template language)
Project vs Apps
- Project: The entire Django application (settings, URLs, WSGI config)
- Apps: Modular components (blog, auth, API) that can be reused across projects
# Create project django-admin startproject myproject cd myproject # Create app python manage.py startapp blog # Register app in settings.py INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', # ... 'blog', ]
Models and ORM
Model Definition
# models.py from django.db import models from django.contrib.auth.models import User class Category(models.Model): name = models.CharField(max_length=100, unique=True) slug = models.SlugField(unique=True) created_at = models.DateTimeField(auto_now_add=True) class Meta: verbose_name_plural = "categories" ordering = ['name'] def __str__(self): return self.name class Post(models.Model): STATUS_CHOICES = [ ('draft', 'Draft'), ('published', 'Published'), ] title = models.CharField(max_length=200) slug = models.SlugField(unique=True) author = models.ForeignKey(User, on_delete=models.CASCADE, related_name='posts') category = models.ForeignKey(Category, on_delete=models.SET_NULL, null=True) content = models.TextField() status = models.CharField(max_length=10, choices=STATUS_CHOICES, default='draft') published_at = models.DateTimeField(null=True, blank=True) created_at = models.DateTimeField(auto_now_add=True) updated_at = models.DateTimeField(auto_now=True) class Meta: ordering = ['-published_at'] indexes = [ models.Index(fields=['-published_at']), models.Index(fields=['slug']), ] def __str__(self): return self.title
Common Field Types
# Text fields models.CharField(max_length=200) models.TextField() models.SlugField() models.EmailField() models.URLField() # Numeric fields models.IntegerField() models.DecimalField(max_digits=10, decimal_places=2) models.FloatField() # Date/time fields models.DateField() models.DateTimeField() models.DurationField() # Boolean models.BooleanField(default=False) # Relationships models.ForeignKey(Model, on_delete=models.CASCADE) models.ManyToManyField(Model) models.OneToOneField(Model, on_delete=models.CASCADE) # Files models.FileField(upload_to='uploads/') models.ImageField(upload_to='images/') # JSON (PostgreSQL) models.JSONField()
Migrations
# Create migrations after model changes python manage.py makemigrations # View SQL that will be executed python manage.py sqlmigrate blog 0001 # Apply migrations python manage.py migrate # Create empty migration for custom operations python manage.py makemigrations --empty blog # Reverse migration python manage.py migrate blog 0001
QuerySet API
# Basic queries Post.objects.all() Post.objects.filter(status='published') Post.objects.exclude(status='draft') Post.objects.get(pk=1) # Returns single object or raises DoesNotExist # Chaining filters Post.objects.filter(status='published').filter(category__name='Tech') # Field lookups Post.objects.filter(title__icontains='django') # Case-insensitive contains Post.objects.filter(published_at__year=2024) Post.objects.filter(published_at__gte=datetime(2024, 1, 1)) Post.objects.filter(author__username__startswith='john') # Ordering Post.objects.order_by('-published_at') Post.objects.order_by('category', '-created_at') # Limiting Post.objects.all()[:5] # First 5 Post.objects.all()[5:10] # Offset pagination # Aggregation from django.db.models import Count, Avg, Sum Category.objects.annotate(post_count=Count('post')) Post.objects.aggregate(avg_length=Avg('content__length')) # Q objects for complex queries from django.db.models import Q Post.objects.filter(Q(status='published') | Q(author=request.user)) Post.objects.filter(Q(status='published') & ~Q(category=None)) # F expressions for field comparisons from django.db.models import F Post.objects.filter(updated_at__gt=F('published_at')) # Select/Prefetch related (performance optimization) Post.objects.select_related('author', 'category') # SQL JOIN Post.objects.prefetch_related('tags') # Separate query for M2M
Model Methods and Properties
class Post(models.Model): # ... fields ... @property def is_published(self): return self.status == 'published' and self.published_at is not None def get_absolute_url(self): from django.urls import reverse return reverse('post_detail', kwargs={'slug': self.slug}) def save(self, *args, **kwargs): # Auto-generate slug if not provided if not self.slug: from django.utils.text import slugify self.slug = slugify(self.title) super().save(*args, **kwargs) class Meta: verbose_name = "blog post" verbose_name_plural = "blog posts"
Views
Function-Based Views (FBV)
# views.py from django.shortcuts import render, get_object_or_404, redirect from django.http import JsonResponse, HttpResponse from django.contrib.auth.decorators import login_required from .models import Post from .forms import PostForm def post_list(request): posts = Post.objects.filter(status='published').select_related('author', 'category') context = {'posts': posts} return render(request, 'blog/post_list.html', context) def post_detail(request, slug): post = get_object_or_404(Post, slug=slug, status='published') return render(request, 'blog/post_detail.html', {'post': post}) @login_required def post_create(request): if request.method == 'POST': form = PostForm(request.POST) if form.is_valid(): post = form.save(commit=False) post.author = request.user post.save() return redirect('post_detail', slug=post.slug) else: form = PostForm() return render(request, 'blog/post_form.html', {'form': form}) def api_posts(request): posts = Post.objects.filter(status='published').values('title', 'slug', 'published_at') return JsonResponse(list(posts), safe=False)
Class-Based Views (CBV)
# views.py from django.views.generic import ListView, DetailView, CreateView, UpdateView, DeleteView from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin from django.urls import reverse_lazy from .models import Post class PostListView(ListView): model = Post template_name = 'blog/post_list.html' context_object_name = 'posts' paginate_by = 10 def get_queryset(self): return Post.objects.filter(status='published').select_related('author', 'category') class PostDetailView(DetailView): model = Post template_name = 'blog/post_detail.html' context_object_name = 'post' def get_queryset(self): return Post.objects.filter(status='published') class PostCreateView(LoginRequiredMixin, CreateView): model = Post form_class = PostForm template_name = 'blog/post_form.html' def form_valid(self, form): form.instance.author = self.request.user return super().form_valid(form) class PostUpdateView(LoginRequiredMixin, UserPassesTestMixin, UpdateView): model = Post form_class = PostForm template_name = 'blog/post_form.html' def test_func(self): post = self.get_object() return self.request.user == post.author class PostDeleteView(LoginRequiredMixin, UserPassesTestMixin, DeleteView): model = Post success_url = reverse_lazy('post_list') def test_func(self): post = self.get_object() return self.request.user == post.author
URLs and Routing
# project/urls.py from django.contrib import admin from django.urls import path, include urlpatterns = [ path('admin/', admin.site.urls), path('blog/', include('blog.urls')), path('api/', include('api.urls')), ] # blog/urls.py from django.urls import path from . import views app_name = 'blog' urlpatterns = [ path('', views.PostListView.as_view(), name='post_list'), path('post/<slug:slug>/', views.PostDetailView.as_view(), name='post_detail'), path('post/create/', views.PostCreateView.as_view(), name='post_create'), path('post/<slug:slug>/edit/', views.PostUpdateView.as_view(), name='post_update'), path('post/<slug:slug>/delete/', views.PostDeleteView.as_view(), name='post_delete'), # Function-based views path('api/posts/', views.api_posts, name='api_posts'), ]
Templates
Template Syntax
{# blog/templates/blog/post_list.html #} {% extends 'base.html' %} {% load static %} {% block title %}Blog Posts{% endblock %} {% block content %} <h1>Blog Posts</h1> {% if posts %} {% for post in posts %} <article class="post"> <h2><a href="{% url 'blog:post_detail' post.slug %}">{{ post.title }}</a></h2> <p class="meta"> By {{ post.author.username }} on {{ post.published_at|date:"F d, Y" }} in {{ post.category.name }} </p> <p>{{ post.content|truncatewords:50 }}</p> </article> {% empty %} <p>No posts found.</p> {% endfor %} {# Pagination #} {% if is_paginated %} <div class="pagination"> {% if page_obj.has_previous %} <a href="?page=1">First</a> <a href="?page={{ page_obj.previous_page_number }}">Previous</a> {% endif %} Page {{ page_obj.number }} of {{ page_obj.paginator.num_pages }} {% if page_obj.has_next %} <a href="?page={{ page_obj.next_page_number }}">Next</a> <a href="?page={{ page_obj.paginator.num_pages }}">Last</a> {% endif %} </div> {% endif %} {% else %} <p>No posts available.</p> {% endif %} {% endblock %}
Template Filters and Tags
{# Common filters #} {{ value|lower }} {{ value|upper }} {{ value|title }} {{ value|truncatewords:30 }} {{ value|date:"Y-m-d" }} {{ value|default:"N/A" }} {{ html_content|safe }} {# Disable auto-escaping #} {{ url|urlencode }} {# Custom template tag #} {% load custom_tags %} {% get_recent_posts 5 as recent %} {# Include other templates #} {% include 'blog/partials/post_card.html' with post=post %} {# Static files #} <link rel="stylesheet" href="{% static 'css/style.css' %}"> <img src="{% static 'images/logo.png' %}" alt="Logo">
Forms
Form Definition
# forms.py from django import forms from .models import Post, Category class PostForm(forms.ModelForm): class Meta: model = Post fields = ['title', 'slug', 'category', 'content', 'status'] widgets = { 'content': forms.Textarea(attrs={'rows': 10}), 'slug': forms.TextInput(attrs={'placeholder': 'auto-generated-if-empty'}), } def clean_slug(self): slug = self.cleaned_data.get('slug') if slug and Post.objects.filter(slug=slug).exclude(pk=self.instance.pk).exists(): raise forms.ValidationError('This slug is already in use.') return slug class ContactForm(forms.Form): name = forms.CharField(max_length=100) email = forms.EmailField() subject = forms.CharField(max_length=200) message = forms.CharField(widget=forms.Textarea) def clean_email(self): email = self.cleaned_data.get('email') if email and not email.endswith('@example.com'): raise forms.ValidationError('Please use your company email.') return email def send_email(self): # Send email logic pass
Form Usage in Views
def contact_view(request): if request.method == 'POST': form = ContactForm(request.POST) if form.is_valid(): form.send_email() messages.success(request, 'Message sent successfully!') return redirect('contact_success') else: form = ContactForm() return render(request, 'contact.html', {'form': form})
Form Rendering in Templates
<form method="post"> {% csrf_token %} {# Auto-render all fields #} {{ form.as_p }} {# Manual field rendering #} <div class="form-group"> {{ form.title.label_tag }} {{ form.title }} {% if form.title.errors %} <div class="errors">{{ form.title.errors }}</div> {% endif %} </div> <button type="submit">Submit</button> </form>
Django Admin
Basic Admin Configuration
# admin.py from django.contrib import admin from .models import Post, Category @admin.register(Category) class CategoryAdmin(admin.ModelAdmin): list_display = ['name', 'slug', 'created_at'] prepopulated_fields = {'slug': ('name',)} search_fields = ['name'] @admin.register(Post) class PostAdmin(admin.ModelAdmin): list_display = ['title', 'author', 'category', 'status', 'published_at'] list_filter = ['status', 'category', 'created_at'] search_fields = ['title', 'content'] prepopulated_fields = {'slug': ('title',)} date_hierarchy = 'published_at' ordering = ['-published_at'] fieldsets = ( ('Basic Information', { 'fields': ('title', 'slug', 'author', 'category') }), ('Content', { 'fields': ('content',) }), ('Publication', { 'fields': ('status', 'published_at') }), ) def get_queryset(self, request): qs = super().get_queryset(request) return qs.select_related('author', 'category')
Advanced Admin Features
class PostAdmin(admin.ModelAdmin): # Custom actions actions = ['make_published', 'make_draft'] def make_published(self, request, queryset): updated = queryset.update(status='published') self.message_user(request, f'{updated} posts marked as published.') make_published.short_description = "Mark selected posts as published" # Inline editing class TagInline(admin.TabularInline): model = Post.tags.through extra = 1 inlines = [TagInline] # Custom methods in list_display def author_email(self, obj): return obj.author.email author_email.short_description = 'Author Email' list_display = ['title', 'author', 'author_email', 'status']
Authentication and Permissions
User Authentication
# views.py from django.contrib.auth import authenticate, login, logout from django.contrib.auth.forms import UserCreationForm from django.contrib.auth.decorators import login_required, permission_required def login_view(request): if request.method == 'POST': username = request.POST['username'] password = request.POST['password'] user = authenticate(request, username=username, password=password) if user is not None: login(request, user) return redirect('home') return render(request, 'login.html') def logout_view(request): logout(request) return redirect('home') def register_view(request): if request.method == 'POST': form = UserCreationForm(request.POST) if form.is_valid(): user = form.save() login(request, user) return redirect('home') else: form = UserCreationForm() return render(request, 'register.html', {'form': form}) @login_required def profile_view(request): return render(request, 'profile.html') @permission_required('blog.add_post') def create_post_view(request): # Only users with 'add_post' permission can access pass
Custom User Model
# models.py from django.contrib.auth.models import AbstractUser class CustomUser(AbstractUser): bio = models.TextField(blank=True) avatar = models.ImageField(upload_to='avatars/', null=True, blank=True) website = models.URLField(blank=True) # settings.py AUTH_USER_MODEL = 'accounts.CustomUser'
Permissions
# Check permissions in views if request.user.has_perm('blog.delete_post'): # User can delete posts pass # Check in templates {% if perms.blog.add_post %} <a href="{% url 'post_create' %}">Create Post</a> {% endif %} # Custom permissions class Post(models.Model): class Meta: permissions = [ ('can_publish', 'Can publish posts'), ]
Django REST Framework
Installation and Setup
pip install djangorestframework
# settings.py INSTALLED_APPS = [ # ... 'rest_framework', ] REST_FRAMEWORK = { 'DEFAULT_PERMISSION_CLASSES': [ 'rest_framework.permissions.IsAuthenticatedOrReadOnly', ], 'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination', 'PAGE_SIZE': 10, 'DEFAULT_AUTHENTICATION_CLASSES': [ 'rest_framework.authentication.SessionAuthentication', 'rest_framework.authentication.TokenAuthentication', ], }
Serializers
# serializers.py from rest_framework import serializers from .models import Post, Category class CategorySerializer(serializers.ModelSerializer): class Meta: model = Category fields = ['id', 'name', 'slug'] class PostSerializer(serializers.ModelSerializer): author = serializers.ReadOnlyField(source='author.username') category = CategorySerializer(read_only=True) category_id = serializers.PrimaryKeyRelatedField( queryset=Category.objects.all(), source='category', write_only=True ) class Meta: model = Post fields = ['id', 'title', 'slug', 'author', 'category', 'category_id', 'content', 'status', 'published_at', 'created_at'] read_only_fields = ['author', 'created_at'] def validate_title(self, value): if len(value) < 5: raise serializers.ValidationError("Title must be at least 5 characters.") return value
API Views
# views.py from rest_framework import viewsets, permissions, status from rest_framework.decorators import action from rest_framework.response import Response from .models import Post from .serializers import PostSerializer class IsAuthorOrReadOnly(permissions.BasePermission): def has_object_permission(self, request, view, obj): if request.method in permissions.SAFE_METHODS: return True return obj.author == request.user class PostViewSet(viewsets.ModelViewSet): queryset = Post.objects.all() serializer_class = PostSerializer permission_classes = [permissions.IsAuthenticatedOrReadOnly, IsAuthorOrReadOnly] lookup_field = 'slug' def get_queryset(self): queryset = Post.objects.select_related('author', 'category') status = self.request.query_params.get('status') if status: queryset = queryset.filter(status=status) return queryset def perform_create(self, serializer): serializer.save(author=self.request.user) @action(detail=True, methods=['post']) def publish(self, request, slug=None): post = self.get_object() post.status = 'published' post.published_at = timezone.now() post.save() return Response({'status': 'post published'})
API URLs
# api/urls.py from rest_framework.routers import DefaultRouter from blog.views import PostViewSet router = DefaultRouter() router.register(r'posts', PostViewSet) urlpatterns = router.urls
Testing
Unit Tests with Django TestCase
# tests.py from django.test import TestCase, Client from django.contrib.auth import get_user_model from django.urls import reverse from .models import Post, Category User = get_user_model() class PostModelTest(TestCase): def setUp(self): self.user = User.objects.create_user(username='testuser', password='12345') self.category = Category.objects.create(name='Tech', slug='tech') def test_post_creation(self): post = Post.objects.create( title='Test Post', slug='test-post', author=self.user, category=self.category, content='Test content' ) self.assertEqual(post.title, 'Test Post') self.assertEqual(str(post), 'Test Post') def test_get_absolute_url(self): post = Post.objects.create( title='Test Post', slug='test-post', author=self.user, content='Test' ) self.assertEqual(post.get_absolute_url(), '/blog/post/test-post/') class PostViewTest(TestCase): def setUp(self): self.client = Client() self.user = User.objects.create_user(username='testuser', password='12345') self.post = Post.objects.create( title='Test Post', slug='test-post', author=self.user, content='Test content', status='published' ) def test_post_list_view(self): response = self.client.get(reverse('blog:post_list')) self.assertEqual(response.status_code, 200) self.assertContains(response, 'Test Post') def test_post_detail_view(self): response = self.client.get(reverse('blog:post_detail', kwargs={'slug': 'test-post'})) self.assertEqual(response.status_code, 200) self.assertContains(response, 'Test Post') def test_post_create_requires_login(self): response = self.client.get(reverse('blog:post_create')) self.assertEqual(response.status_code, 302) # Redirect to login def test_post_create_authenticated(self): self.client.login(username='testuser', password='12345') response = self.client.post(reverse('blog:post_create'), { 'title': 'New Post', 'slug': 'new-post', 'content': 'New content', 'status': 'draft' }) self.assertEqual(Post.objects.count(), 2)
Testing with pytest-django
pip install pytest-django pytest-cov
# pytest.ini [pytest] DJANGO_SETTINGS_MODULE = myproject.settings python_files = tests.py test_*.py *_tests.py # conftest.py import pytest from django.contrib.auth import get_user_model User = get_user_model() @pytest.fixture def user(db): return User.objects.create_user(username='testuser', password='12345') @pytest.fixture def category(db): from blog.models import Category return Category.objects.create(name='Tech', slug='tech') @pytest.fixture def post(db, user, category): from blog.models import Post return Post.objects.create( title='Test Post', slug='test-post', author=user, category=category, content='Test content', status='published' ) # test_models.py import pytest from blog.models import Post @pytest.mark.django_db def test_post_creation(user, category): post = Post.objects.create( title='Test Post', slug='test-post', author=user, category=category, content='Test content' ) assert post.title == 'Test Post' assert str(post) == 'Test Post' @pytest.mark.django_db def test_post_queryset(post): posts = Post.objects.filter(status='published') assert posts.count() == 1 assert posts.first() == post # test_views.py import pytest from django.urls import reverse @pytest.mark.django_db def test_post_list_view(client, post): response = client.get(reverse('blog:post_list')) assert response.status_code == 200 assert 'Test Post' in str(response.content) @pytest.mark.django_db def test_post_create_requires_login(client): response = client.get(reverse('blog:post_create')) assert response.status_code == 302 @pytest.mark.django_db def test_post_create_authenticated(client, user): client.force_login(user) response = client.post(reverse('blog:post_create'), { 'title': 'New Post', 'slug': 'new-post', 'content': 'New content', 'status': 'draft' }) assert Post.objects.count() == 1 # Run tests with coverage # pytest --cov=blog --cov-report=html
Database Optimization
Select Related and Prefetch Related
# N+1 query problem (BAD) posts = Post.objects.all() for post in posts: print(post.author.username) # Hits database for each post # Solution with select_related (for ForeignKey/OneToOne) posts = Post.objects.select_related('author', 'category') for post in posts: print(post.author.username) # No additional queries # Solution with prefetch_related (for ManyToMany/Reverse ForeignKey) posts = Post.objects.prefetch_related('tags') for post in posts: for tag in post.tags.all(): # No additional queries print(tag.name) # Advanced prefetch with filtering from django.db.models import Prefetch posts = Post.objects.prefetch_related( Prefetch('comments', queryset=Comment.objects.filter(approved=True)) )
Database Indexing
class Post(models.Model): title = models.CharField(max_length=200, db_index=True) class Meta: indexes = [ models.Index(fields=['status', '-published_at']), models.Index(fields=['author', 'status']), ]
Bulk Operations
# Bulk create (single query) posts = [ Post(title=f'Post {i}', content=f'Content {i}', author=user) for i in range(100) ] Post.objects.bulk_create(posts) # Bulk update (single query) Post.objects.filter(status='draft').update(status='published') # Bulk delete Post.objects.filter(created_at__lt=old_date).delete()
Middleware and Signals
Custom Middleware
# middleware.py class RequestLoggingMiddleware: def __init__(self, get_response): self.get_response = get_response def __call__(self, request): # Code before view print(f"Request: {request.method} {request.path}") response = self.get_response(request) # Code after view print(f"Response: {response.status_code}") return response # settings.py MIDDLEWARE = [ # ... 'myapp.middleware.RequestLoggingMiddleware', ]
Signals
# signals.py from django.db.models.signals import post_save, pre_delete from django.dispatch import receiver from django.contrib.auth import get_user_model from .models import Post User = get_user_model() @receiver(post_save, sender=User) def create_user_profile(sender, instance, created, **kwargs): if created: Profile.objects.create(user=instance) @receiver(post_save, sender=Post) def notify_post_published(sender, instance, **kwargs): if instance.status == 'published' and instance.published_at: # Send notification pass @receiver(pre_delete, sender=Post) def cleanup_post_files(sender, instance, **kwargs): # Delete associated files if instance.image: instance.image.delete(save=False) # apps.py class BlogConfig(AppConfig): name = 'blog' def ready(self): import blog.signals
Settings and Configuration
Settings Best Practices
# settings/base.py import os from pathlib import Path BASE_DIR = Path(__file__).resolve().parent.parent SECRET_KEY = os.environ.get('SECRET_KEY') DEBUG = False INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', # Third-party 'rest_framework', # Local 'blog', ] DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql', 'NAME': os.environ.get('DB_NAME'), 'USER': os.environ.get('DB_USER'), 'PASSWORD': os.environ.get('DB_PASSWORD'), 'HOST': os.environ.get('DB_HOST', 'localhost'), 'PORT': os.environ.get('DB_PORT', '5432'), } } # settings/development.py from .base import * DEBUG = True ALLOWED_HOSTS = ['localhost', '127.0.0.1'] # settings/production.py from .base import * DEBUG = False ALLOWED_HOSTS = [os.environ.get('ALLOWED_HOST')] SECURE_SSL_REDIRECT = True SESSION_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True
Deployment
Production Checklist
# Check deployment readiness python manage.py check --deploy
Docker Deployment
# Dockerfile FROM python:3.11-slim ENV PYTHONUNBUFFERED=1 WORKDIR /app COPY requirements.txt . RUN pip install --no-cache-dir -r requirements.txt COPY . . RUN python manage.py collectstatic --noinput CMD ["gunicorn", "myproject.wsgi:application", "--bind", "0.0.0.0:8000"]
# docker-compose.yml version: '3.8' services: db: image: postgres:15 environment: POSTGRES_DB: mydb POSTGRES_USER: myuser POSTGRES_PASSWORD: mypassword volumes: - postgres_data:/var/lib/postgresql/data web: build: . command: gunicorn myproject.wsgi:application --bind 0.0.0.0:8000 volumes: - .:/app - static_volume:/app/staticfiles ports: - "8000:8000" env_file: - .env depends_on: - db nginx: image: nginx:alpine volumes: - ./nginx.conf:/etc/nginx/nginx.conf - static_volume:/app/staticfiles ports: - "80:80" depends_on: - web volumes: postgres_data: static_volume:
Gunicorn Configuration
# gunicorn.conf.py bind = "0.0.0.0:8000" workers = 4 worker_class = "sync" worker_connections = 1000 timeout = 30 keepalive = 2 accesslog = "-" errorlog = "-" loglevel = "info"
Security Best Practices
# settings.py (production) SECRET_KEY = os.environ.get('SECRET_KEY') # Never hardcode DEBUG = False ALLOWED_HOSTS = ['yourdomain.com'] # HTTPS/SSL SECURE_SSL_REDIRECT = True SESSION_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True SECURE_HSTS_SECONDS = 31536000 SECURE_HSTS_INCLUDE_SUBDOMAINS = True SECURE_HSTS_PRELOAD = True # Security headers SECURE_CONTENT_TYPE_NOSNIFF = True SECURE_BROWSER_XSS_FILTER = True X_FRAME_OPTIONS = 'DENY' # Password validation AUTH_PASSWORD_VALIDATORS = [ {'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator'}, {'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator'}, {'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator'}, {'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator'}, ] # CSRF protection (automatically enabled) # Always use {% csrf_token %} in forms
Common Patterns and Best Practices
Environment Variables
# Use python-decouple or django-environ from decouple import config SECRET_KEY = config('SECRET_KEY') DEBUG = config('DEBUG', default=False, cast=bool) DATABASE_URL = config('DATABASE_URL')
Custom Management Commands
# blog/management/commands/cleanup_posts.py from django.core.management.base import BaseCommand from blog.models import Post from datetime import timedelta from django.utils import timezone class Command(BaseCommand): help = 'Delete old draft posts' def add_arguments(self, parser): parser.add_argument('--days', type=int, default=30) def handle(self, *args, **options): days = options['days'] cutoff_date = timezone.now() - timedelta(days=days) deleted = Post.objects.filter( status='draft', created_at__lt=cutoff_date ).delete() self.stdout.write(self.style.SUCCESS(f'Deleted {deleted[0]} posts')) # Run: python manage.py cleanup_posts --days=60
Caching
# settings.py CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.redis.RedisCache', 'LOCATION': 'redis://127.0.0.1:6379/1', } } # views.py from django.views.decorators.cache import cache_page from django.core.cache import cache @cache_page(60 * 15) # Cache for 15 minutes def post_list(request): posts = Post.objects.filter(status='published') return render(request, 'blog/post_list.html', {'posts': posts}) # Low-level cache API def get_post_count(): count = cache.get('post_count') if count is None: count = Post.objects.filter(status='published').count() cache.set('post_count', count, 60 * 60) # Cache for 1 hour return count
Quick Reference
Common Commands
# Project management django-admin startproject myproject python manage.py startapp myapp python manage.py runserver python manage.py runserver 0.0.0.0:8000 # Database python manage.py makemigrations python manage.py migrate python manage.py showmigrations python manage.py sqlmigrate app_name 0001 python manage.py dbshell # Users python manage.py createsuperuser python manage.py changepassword username # Static files python manage.py collectstatic # Testing python manage.py test pytest pytest --cov=app --cov-report=html # Shell python manage.py shell python manage.py shell_plus # django-extensions # Production python manage.py check --deploy gunicorn myproject.wsgi:application
Useful Packages
# Development pip install django-debug-toolbar pip install django-extensions # REST API pip install djangorestframework pip install djangorestframework-simplejwt # Testing pip install pytest-django pip install factory-boy # Deployment pip install gunicorn pip install whitenoise # Static file serving # Utilities pip install python-decouple pip install django-environ pip install celery # Task queue
Next Steps: Explore Django documentation at https://docs.djangoproject.com/ and Django REST Framework at https://www.django-rest-framework.org/
Related Skills
When using Django, these skills enhance your workflow:
- sqlalchemy: Alternative ORM for SQLAlchemy-first projects with advanced query capabilities
- test-driven-development: Complete TDD workflow for Django apps (models, views, forms)
- fastapi-local-dev: FastAPI development patterns for building Django + FastAPI hybrid systems
- celery: Asynchronous task processing for Django background jobs and scheduled tasks
[Full documentation available in these skills if deployed in your bundle]