Why I switched to Django over any other framework?

In this article, I’ll discuss my recent web development using Django and if you’re new to this website, let me give you a short brief.

For the past couple of months, I did few reviews of HackbotOne old website, which I built using MERN stack a few years ago. And found out many missing parts in terms of design, technology stack & security protection of the website and many more. So I have to rebuild the site from scratch with new architecture, and this time, I have chosen Django as the technology stack.

Now the question is why I have switched to Django over the MERN stack?

Let me explain to you in brief.

Why Django?

In terms of full-stack web development, Django gained so much popularity in the industry. And due to its architecture (raid development, clean design & high security), many technologist giant companies like (YouTube, Netflix, Facebook, Instagram, UBER & many more) are running on the Django web framework. The framework comes with a toolkit that saves lots of time for the developers and allows them to reuse the same components every time. Developers spent only time building new modules that will be unique throughout the development. Django is free and open-source with vast community support that helps developers to build web application faster & secure also contribute to the open-source community.

Now, I’ll explain the architecture of Django that I found important in this framework that helps to build a full-stack based web application efficiently.

Contents

  • Django Security Protection
  • How Django provides security protection?
  • What is Django MVT (Models Views Templates) design pattern?

Django Security Protection

Web application security is always essential in every web development project to overcome the security risk to the application. So before starting on rebuilding this website, I have more concern on the security aspect that can maintain the website more efficiently and securely. So in today’s modern web application development, there are many web frameworks available to develop a full-stack based web application but not every framework provides security by default to protect the application. And as per my research, I found Django has an excellent reputation for protecting web application from security vulnerabilities as it provides security protection by default.

Django has built-in security middlewares that cover OWASP Top 10 security guidelines to protect the web application.

Security in Django

  1. Cross-site scripting (XSS)
  2. Cross-site request forgery (CSRF)
  3. SQL injection
  4. Clickjacking
  5. SSL/HTTPS
  6. Host header validation
  7. Referrer policy
  8. Session security
  9. User-uploaded content

Django security guideline says although it provides good security protection still it’s the developer responsibility to follow some of the basic guidelines while deploying the application into production.

Please refer to Django security documentation for more information.

How Django protect security within the framework?

To handle security vulnerabilities, Django provides built-in security middlewares to protect the application. And under the settings.py file of every Django project, these middlewares can be found.

MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

These middlewares work like a plugin to handle various security vulnerabilities to protect the web application. And Django also allows us to create custom middleware which is also a great feature to write security plugin.

Please refer to Django official security middleware documentation for more information.

  1. Django Middleware
  2. Security Middleware
  3. HTTP Middleware

What is Django MVT (Models Views Templates) design pattern?

The software design pattern is always quite important in every software development project, and Django follows MVT (Model View Template) design pattern in every web application project.

Models

The model is a class that subclasses django.db.models.Model and Django use these models to create tables in the database. And the model act as an interface to simplify the complex database query and maps to one single table in the database, an attribute of the model represent as database fields.

Quick example

In this example below, Blog is a model class with 15 fields defined as class attributes and maps to the database column.

class Blog(models.Model):
title = models.CharField(max_length=100, blank=True)
blog_id = models.CharField(max_length=100, blank=True)
author = models.CharField(max_length=100, blank=True)
published_date = models.DateTimeField(auto_now_add=True)
last_updated_date = models.DateTimeField(auto_now=True)
seo_thumbnail = models.CharField(max_length=500, blank=True)
small_thumbnail = models.CharField(max_length=500, blank=True)
thumbnail = models.CharField(max_length=500, blank=True)
keywords = ArrayField(models.CharField(max_length=100),
blank=True)
highlights = models.TextField(blank=True)
description = models.TextField(blank=True)
visibility = models.BooleanField(default=False)
is_featured = models.BooleanField(default=False)
featured_board = models.BooleanField(default=False)
featured = models.TextField(blank=True)

Django’s Database engine will map to the above model and create a table like below.

CREATE TABLE public.blogs_blog (
id serial NOT NULL PRIMARY KEY,
title character varying(100) NOT NULL,
blog_id character varying(100) NOT NULL,
author character varying(100) NOT NULL,
published_date timestamp with time zone NOT NULL,
last_updated_date timestamp with time zone NOT NULL,
seo_thumbnail character varying(500) NOT NULL,
small_thumbnail character varying(500) NOT NULL,
thumbnail character varying(500) NOT NULL,
keywords character varying(100)[] NOT NULL,
highlights text NOT NULL,
description text NOT NULL,
visibility boolean NOT NULL,
is_featured boolean NOT NULL,
featured text NOT NULL,
featured_board boolean NOT NULL
);

Please refer to Django official documentation of Models for further understanding.

Views

The Django views are essential components of every web application that takes a web request and returns a web response. And the acknowledgement can be an anything HTML page or redirect to another page.

Django Official documentation says

Quick example

from django.shortcuts import render

def index(request):
return render(request, 'index.html')

Let’s understand the above example code line by line.

  1. First, we imported the render method that returns the HTTPResponse object.
  2. Second, we defined an index function that takes the request object as an argument which is nothing but an HTTPRequest object.
  3. Third, the index function is a view function that returns the HTTPResponse object.

Please refer to Django official documentation of the view function for further understanding.

Templates

The Django templates are the third most essential components of the web application. Templates provide a layout to the web pages so that the user can view the final website, in Django templates are build using HTML, CSS & JavaScript, which are the core components of a webpage.

Django template system configured in settings.py that contains configuration like to update the DIRS path and so on.

TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
},
]

Please refer to Django official documentation of the Templates for further understanding.

Django is a very well structured, high-level python web framework that provides a complete suite for full-stack web development to build the website faster, secure and more scalable, so that’s why I choose this framework to rebuild the HackbotOne website.

HackbotOne Architecture

The HackbotOne microservices built using django-rest-framework, and there are three different services developed to store and retrieve the data.

  1. Blogs
  2. Portfolio
  3. Youtube

The Admin panel controls all three microservices and stores data in the PostgreSQL database. To retrieve the records for all three microservices, api.hackbotone.com connects to the database returns results for each endpoint and all of these endpoints are publicly accessible over the internet.

Open Source

The complete development I have made open-source on my Github, and if you’re interested in Django development, I believe hackbotone project work definitely will be helpful on your project. I’ll highly encourage you to clone both of the below repositories, and if you find any issues or have any idea feel free to raise an issue.

I hope you found this article helpful, please share this article on your social media or developer communities, so others can be benefited by reading this post.

Python | Application Security | Web Security | Cybersecurity | Software Development