Building Modern Web Applications with Django: A Complete Guide
Django is a high-level Python web framework that enables rapid development of secure and maintainable websites. With its "batteries-included" philosophy, Django provides everything developers need to build robust web applications.
In this comprehensive guide, we'll explore how to build modern web applications using Django, covering everything from basic setup to advanced features and deployment.
Key Topics
- Project Setup: Initial configuration and structure
- Models and Database: Data modeling and migrations
- Views and Templates: Request handling and rendering
- Forms and Authentication: User input and security
- REST APIs: Building API endpoints
- Testing and Deployment: Quality assurance and production setup
1. Project Setup
Start by setting up a new Django project.
Initial Setup
# Create and activate virtual environment
python -m venv venv
source venv/bin/activate # On Windows: venv\\Scripts\\activate
# Install Django
pip install django
# Create new project
django-admin startproject myproject
cd myproject
# Create new app
python manage.py startapp myapp
# Run development server
python manage.py runserver
Project Configuration
# settings.py
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'myapp', # Add your app here
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [BASE_DIR / 'templates'],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
},
]
# URL Configuration
# urls.py
from django.contrib import admin
from django.urls import path, include
urlpatterns = [
path('admin/', admin.site.urls),
path('', include('myapp.urls')),
]
2. Models and Database
Define your data models and handle database operations.
Model Definition
# models.py
from django.db import models
from django.contrib.auth.models import User
class Category(models.Model):
name = models.CharField(max_length=100)
description = models.TextField(blank=True)
created_at = models.DateTimeField(auto_now_add=True)
class Meta:
verbose_name_plural = "categories"
def __str__(self):
return self.name
class Product(models.Model):
name = models.CharField(max_length=200)
description = models.TextField()
price = models.DecimalField(max_digits=10, decimal_places=2)
category = models.ForeignKey(Category, on_delete=models.CASCADE)
created_by = models.ForeignKey(User, on_delete=models.CASCADE)
created_at = models.DateTimeField(auto_now_add=True)
updated_at = models.DateTimeField(auto_now=True)
is_active = models.BooleanField(default=True)
class Meta:
ordering = ['-created_at']
def __str__(self):
return self.name
def get_absolute_url(self):
return reverse('product_detail', args=[str(self.id)])
# Database operations
from django.db.models import Q, Avg, Count
# Querying data
products = Product.objects.all()
active_products = Product.objects.filter(is_active=True)
expensive_products = Product.objects.filter(price__gt=100)
# Complex queries
search_term = "phone"
search_results = Product.objects.filter(
Q(name__icontains=search_term) |
Q(description__icontains=search_term)
)
# Aggregation
avg_price = Product.objects.aggregate(Avg('price'))
category_counts = Product.objects.values('category').annotate(
count=Count('id')
)
Database Migrations
# Create migrations
python manage.py makemigrations
# Apply migrations
python manage.py migrate
# Create superuser
python manage.py createsuperuser
3. Views and Templates
Handle HTTP requests and render responses.
Class-Based Views
# views.py
from django.views.generic import ListView, DetailView, CreateView, UpdateView
from django.contrib.auth.mixins import LoginRequiredMixin
from .models import Product
class ProductListView(ListView):
model = Product
template_name = 'products/list.html'
context_object_name = 'products'
paginate_by = 10
def get_queryset(self):
queryset = super().get_queryset()
category = self.request.GET.get('category')
if category:
queryset = queryset.filter(category__name=category)
return queryset
class ProductDetailView(DetailView):
model = Product
template_name = 'products/detail.html'
context_object_name = 'product'
class ProductCreateView(LoginRequiredMixin, CreateView):
model = Product
template_name = 'products/form.html'
fields = ['name', 'description', 'price', 'category']
def form_valid(self, form):
form.instance.created_by = self.request.user
return super().form_valid(form)
# urls.py
from django.urls import path
from .views import ProductListView, ProductDetailView, ProductCreateView
urlpatterns = [
path('products/', ProductListView.as_view(), name='product_list'),
path('products/<int:pk>/', ProductDetailView.as_view(), name='product_detail'),
path('products/create/', ProductCreateView.as_view(), name='product_create'),
]
Templates
<!-- templates/base.html -->
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>{% block title %}My Store{% endblock %}</title>
<link href="https://cdn.jsdelivr.net/npm/tailwindcss@2.2.19/dist/tailwind.min.css" rel="stylesheet">
</head>
<body class="bg-gray-100">
<nav class="bg-white shadow-lg">
<div class="max-w-6xl mx-auto px-4">
<div class="flex justify-between">
<div class="flex space-x-7">
<a href="{% url 'home' %}" class="flex items-center py-4">
<span class="font-semibold text-gray-500 text-lg">My Store</span>
</a>
</div>
<div class="flex items-center space-x-3">
{% if user.is_authenticated %}
<a href="{% url 'product_create' %}"
class="py-2 px-4 bg-blue-500 text-white rounded hover:bg-blue-600">
Add Product
</a>
<a href="{% url 'logout' %}" class="py-2 px-4 text-gray-500 hover:text-gray-700">
Logout
</a>
{% else %}
<a href="{% url 'login' %}" class="py-2 px-4 text-gray-500 hover:text-gray-700">
Login
</a>
{% endif %}
</div>
</div>
</div>
</nav>
<main class="container mx-auto mt-4 px-4">
{% if messages %}
<div class="messages">
{% for message in messages %}
<div class="bg-{% if message.tags %}{{ message.tags }}{% endif %}-100 border border-{% if message.tags %}{{ message.tags }}{% endif %}-400 text-{% if message.tags %}{{ message.tags }}{% endif %}-700 px-4 py-3 rounded relative" role="alert">
<span class="block sm:inline">{{ message }}</span>
</div>
{% endfor %}
</div>
{% endif %}
{% block content %}
{% endblock %}
</main>
<footer class="bg-white mt-8 py-4">
<div class="container mx-auto px-4 text-center text-gray-500">
© 2024 My Store. All rights reserved.
</div>
</footer>
</body>
</html>
<!-- templates/products/list.html -->
{% extends 'base.html' %}
{% block title %}Products - {{ block.super }}{% endblock %}
{% block content %}
<div class="grid grid-cols-1 md:grid-cols-3 gap-4">
{% for product in products %}
<div class="bg-white p-4 rounded-lg shadow">
<h2 class="text-xl font-semibold">{{ product.name }}</h2>
<p class="text-gray-600">{{ product.description|truncatewords:30 }}</p>
<p class="text-lg font-bold mt-2">${{ product.price }}</p>
<a href="{% url 'product_detail' product.pk %}"
class="mt-4 inline-block bg-blue-500 text-white px-4 py-2 rounded hover:bg-blue-600">
View Details
</a>
</div>
{% empty %}
<p class="text-gray-500">No products found.</p>
{% endfor %}
</div>
{% if is_paginated %}
<div class="mt-4 flex justify-center">
<div class="inline-flex rounded-md shadow-sm">
{% if page_obj.has_previous %}
<a href="?page={{ page_obj.previous_page_number }}"
class="px-3 py-2 text-gray-700 bg-white border rounded-l hover:bg-gray-100">
Previous
</a>
{% endif %}
<span class="px-3 py-2 text-gray-700 bg-gray-100 border-t border-b">
Page {{ page_obj.number }} of {{ page_obj.paginator.num_pages }}
</span>
{% if page_obj.has_next %}
<a href="?page={{ page_obj.next_page_number }}"
class="px-3 py-2 text-gray-700 bg-white border rounded-r hover:bg-gray-100">
Next
</a>
{% endif %}
</div>
</div>
{% endif %}
{% endblock %}
4. Forms and Authentication
Handle user input and authentication.
Forms
# forms.py
from django import forms
from .models import Product
class ProductForm(forms.ModelForm):
class Meta:
model = Product
fields = ['name', 'description', 'price', 'category']
widgets = {
'description': forms.Textarea(attrs={'rows': 4}),
'price': forms.NumberInput(attrs={'step': '0.01'}),
}
def clean_price(self):
price = self.cleaned_data['price']
if price <= 0:
raise forms.ValidationError("Price must be greater than zero")
return price
# Authentication views
from django.contrib.auth.views import LoginView, LogoutView
from django.contrib.auth.forms import UserCreationForm
from django.urls import reverse_lazy
class CustomLoginView(LoginView):
template_name = 'registration/login.html'
redirect_authenticated_user = True
class SignUpView(CreateView):
form_class = UserCreationForm
template_name = 'registration/signup.html'
success_url = reverse_lazy('login')
Authentication Templates
<!-- templates/registration/login.html -->
{% extends 'base.html' %}
{% block content %}
<div class="max-w-md mx-auto bg-white p-8 rounded-lg shadow-md">
<h2 class="text-2xl font-bold mb-6">Log In</h2>
<form method="post">
{% csrf_token %}
{% for field in form %}
<div class="mb-4">
<label class="block text-gray-700 text-sm font-bold mb-2"
for="{{ field.id_for_label }}">
{{ field.label }}
</label>
{{ field }}
{% if field.errors %}
<p class="text-red-500 text-xs italic">{{ field.errors.0 }}</p>
{% endif %}
</div>
{% endfor %}
<button type="submit"
class="w-full bg-blue-500 text-white font-bold py-2 px-4 rounded hover:bg-blue-600">
Log In
</button>
</form>
<div class="mt-4 text-center">
<p class="text-gray-600">
Don't have an account?
<a href="{% url 'signup' %}" class="text-blue-500 hover:text-blue-700">Sign Up</a>
</p>
</div>
</div>
{% endblock %}
5. REST APIs
Build RESTful APIs with Django REST framework.
API Setup
# Install Django REST framework
pip install djangorestframework
# settings.py
INSTALLED_APPS += ['rest_framework']
REST_FRAMEWORK = {
'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
'PAGE_SIZE': 10,
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.TokenAuthentication',
],
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticatedOrReadOnly',
],
}
# serializers.py
from rest_framework import serializers
from .models import Product, Category
class CategorySerializer(serializers.ModelSerializer):
class Meta:
model = Category
fields = ['id', 'name', 'description']
class ProductSerializer(serializers.ModelSerializer):
category = CategorySerializer(read_only=True)
category_id = serializers.IntegerField(write_only=True)
created_by = serializers.ReadOnlyField(source='created_by.username')
class Meta:
model = Product
fields = ['id', 'name', 'description', 'price', 'category',
'category_id', 'created_by', 'created_at', 'updated_at']
# views.py
from rest_framework import viewsets
from rest_framework.permissions import IsAuthenticatedOrReadOnly
from .serializers import ProductSerializer, CategorySerializer
class ProductViewSet(viewsets.ModelViewSet):
queryset = Product.objects.all()
serializer_class = ProductSerializer
permission_classes = [IsAuthenticatedOrReadOnly]
def perform_create(self, serializer):
serializer.save(created_by=self.request.user)
# urls.py
from rest_framework.routers import DefaultRouter
from .views import ProductViewSet
router = DefaultRouter()
router.register(r'products', ProductViewSet)
urlpatterns = [
path('api/', include(router.urls)),
]
6. Testing and Deployment
Ensure quality and deploy your application.
Testing
# tests.py
from django.test import TestCase, Client
from django.urls import reverse
from django.contrib.auth.models import User
from .models import Category, Product
class ProductTests(TestCase):
def setUp(self):
self.client = Client()
self.user = User.objects.create_user(
username='testuser',
password='testpass123'
)
self.category = Category.objects.create(
name='Test Category',
description='Test Description'
)
self.product = Product.objects.create(
name='Test Product',
description='Test Description',
price='99.99',
category=self.category,
created_by=self.user
)
def test_product_list_view(self):
response = self.client.get(reverse('product_list'))
self.assertEqual(response.status_code, 200)
self.assertContains(response, 'Test Product')
def test_product_detail_view(self):
response = self.client.get(
reverse('product_detail', args=[self.product.id])
)
self.assertEqual(response.status_code, 200)
self.assertContains(response, self.product.name)
def test_create_product(self):
self.client.login(username='testuser', password='testpass123')
response = self.client.post(reverse('product_create'), {
'name': 'New Product',
'description': 'New Description',
'price': '149.99',
'category': self.category.id
})
self.assertEqual(response.status_code, 302)
self.assertTrue(
Product.objects.filter(name='New Product').exists()
)
Deployment Configuration
# settings/production.py
from .base import *
DEBUG = False
ALLOWED_HOSTS = ['yourdomain.com']
# Security settings
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_BROWSER_XSS_FILTER = True
SECURE_CONTENT_TYPE_NOSNIFF = True
X_FRAME_OPTIONS = 'DENY'
# Static and media files
STATIC_ROOT = BASE_DIR / 'staticfiles'
MEDIA_ROOT = BASE_DIR / 'mediafiles'
# Database
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql',
'NAME': os.environ.get('DB_NAME'),
'USER': os.environ.get('DB_USER'),
'PASSWORD': os.environ.get('DB_PASSWORD'),
'HOST': os.environ.get('DB_HOST'),
'PORT': os.environ.get('DB_PORT', '5432'),
}
}
# Caching
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.redis.RedisCache',
'LOCATION': os.environ.get('REDIS_URL'),
}
}
# Email configuration
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = os.environ.get('EMAIL_HOST')
EMAIL_PORT = os.environ.get('EMAIL_PORT')
EMAIL_HOST_USER = os.environ.get('EMAIL_HOST_USER')
EMAIL_HOST_PASSWORD = os.environ.get('EMAIL_HOST_PASSWORD')
EMAIL_USE_TLS = True
# Logging
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'handlers': {
'file': {
'level': 'ERROR',
'class': 'logging.FileHandler',
'filename': BASE_DIR / 'logs/django.log',
},
},
'loggers': {
'django': {
'handlers': ['file'],
'level': 'ERROR',
'propagate': True,
},
},
}
Best Practices
-
Project Structure
- Use apps for logical components
- Keep views thin, models fat
- Separate concerns properly
-
Security
- Keep SECRET_KEY secure
- Use environment variables
- Implement proper authentication
- Regular security updates
-
Performance
- Use caching appropriately
- Optimize database queries
- Implement pagination
- Use async views when needed
-
Code Quality
- Write tests
- Use type hints
- Follow PEP 8
- Document your code
Conclusion
Django provides a robust framework for building web applications with Python. By following these patterns and best practices, you can create scalable, secure, and maintainable web applications.
Remember to:
- Start with proper planning and structure
- Follow Django's best practices
- Write tests from the beginning
- Keep security in mind
- Monitor and optimize performance
Continue learning and exploring Django's extensive ecosystem to build even better web applications.