MyMovie
Introduction
A series of talks covering the “life cycle” of a project.
Talk 2
“Show me the money!”
Writing the server-side code.
- Database
- Setup a User model and (social) authentication
- Write the Movie models
- API
- Document the API
- Write views and serialisers
Greenfields Development
Barebones Django
Install a virtualenv with django.
$ mkvirtualenv mymovie-server
$ pip install django
$ django-admin startproject mymovie
Dependancies
Add a requirements.txt with the project dependancies, and
$ pip install -r requirements.txtPyMySQL==0.6.6 # Python3 compatible library
psycopg2==2.6 # add Postgresql for Heroku
Django==1.8.2
djangorestframework==3.1.2 # for API
djangorestframework-jwt==1.2.0 # for API authentication
drf-nested-routers==0.9.0
jsonfield==1.0.3 # for ease of use
django-filter==0.10.0
python-social-auth==0.2.10 # social authentication
Pillow==2.8.1
django-resized==0.3.5
sorl-thumbnail==12.2
django-redis==4.0.0
hiredis==0.2.0
django-compressor==1.5
# for serving the site in most places
waitress==0.8.9
whitenoise==1.0.6
dj-database-url==0.3.0Djano Settings
- Changed the entry module from “mymovie” to “app”
- Refactored settings.py into settings/base.py, settings/test.py, etc
- Pickup sensitive settings from the environment
# settings.development
from .base import *
DEBUG = True
TEMPLATE_DEBUG = True
INSTALLED_APPS += ("debug_toolbar",)
INTERNAL_IPS = ("127.0.0.1",)
MIDDLEWARE_CLASSES += ("debug_toolbar.middleware.DebugToolbarMiddleware",)
ALLOWED_HOSTS = ['*']Snippet of settings.base
We define a helper function to get environment settings, and throw an exception if it isn't defined.
# settings.base snippet
def get_env_variable(var_name, default=None):
"""
Get the environment variable or return the default if provided
or raise an exception
"""
try:
if os.environ[var_name] in ('true', 'false'):
return bool(strtobool(os.environ[var_name]))
return os.environ[var_name]
except KeyError:
if default is not None:
return default
error_msg = "Set the %s environment variable" % var_name
raise ImproperlyConfigured(error_msg)
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'mymovie',
'USER': get_env_variable('DB_USER', ''),
'PASSWORD': get_env_variable('DB_PASSWORD', ''),
'HOST': get_env_variable('DB_HOST', ''),
'PORT': get_env_variable('DB_PORT', ''),
'OPTIONS': {'init_command': 'SET storage_engine=INNODB;'},
}
}
# Use the STATIC_HOST env to setup CDN hosting
# http://whitenoise.evans.io/en/latest/django.html#instructions-for-amazon-cloudfront
STATIC_URL = get_env_variable('DJANGO_STATIC_HOST', '') + '/static/'
MEDIA_URL = '/media/'
# Logging
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'formatters': {
'verbose': {
'format': '%(levelname)s %(asctime)s %(module)s %(process)d %(thread)d %(message)s'
},
},
'handlers': {
'console': {
'level': 'DEBUG',
'class': 'logging.StreamHandler',
'formatter': 'verbose',
},
},
'loggers': {
# requests handled by django
'django.requests': {
'handlers': ['console'],
'level': get_env_variable('DJANGO_LOG_LEVEL', 'ERROR'),
}
}
}Project files so far
.
├── app
│ ├── __init__.py
│ ├── settings
│ │ ├── base.py
│ │ ├── development.py
│ │ ├── __init__.py
│ │ ├── production.py
│ │ └── test.py
│ ├── static
│ │ └── app
│ │ ├── favicon.png
│ │ └── robots.txt
│ ├── tests
│ │ ├── __init__.py
│ │ ├── test_static.py
│ │ └── test_validate.py
│ ├── urls.py
│ └── wsgi.py
├── LICENSE
├── manage.py
├── Procfile.dev
├── README.md
├── requirements
│ ├── base.txt
│ ├── develop.txt
│ ├── production.txt
│ └── test.txt
└── requirements.txt
User Authentication
- Support Admin login with username/password
- django.contrib.auth
- Client UI will perform “social authentication”
- python-social-auth
- API will authenticate with json web tokens (JWT)
- djangorestframework-jwt
Admin pages
Authentication for django admin using username+password login.
Social authentication
Token, token, who has the token?
API authentication
The JWT is passed as an HTTP Header in the request.
Does it work?
What do the unit tests look like?
# -*- coding: utf-8 -*-
from calendar import timegm
from django.contrib.auth import get_user_model
from django.test import TestCase
from mock import patch
from rest_framework import status
from rest_framework.test import APIClient
from rest_framework_jwt import utils
from .factories import UserFactory
class TokenTestCase(TestCase):
"""Methods from the JWT tests to work with tokens."""
def create_token(self, user, exp=None, orig_iat=None):
payload = utils.jwt_payload_handler(user)
if exp:
payload['exp'] = exp
if orig_iat:
payload['orig_iat'] = timegm(orig_iat.utctimetuple())
token = utils.jwt_encode_handler(payload)
return token
class TestUserApi(TokenTestCase):
"""Test the API calls."""
def setUp(self):
self.client = APIClient(enforce_csrf_checks=True)
def test_login(self):
"""Test the login endpoint"""
user = get_user_model().objects.create_user(
username='testuser',
email='testuser@test.domain.com',
password='password',
)
data = dict(
username=user.username,
email=user.email,
password='password',
)
response = self.client.post(
'/api/v1/auth/login',
data=data,
format='json',
)
self.assertEqual(response.status_code, status.HTTP_200_OK,
'Got error: {}'.format(response.content))
decoded_payload = utils.jwt_decode_handler(response.data['token'])
self.assertEqual(decoded_payload['username'], user.username)
self.assertEqual(decoded_payload['email'], user.email)
self.assertEqual(decoded_payload['user_id'], user.pk)
def test_get_info(self):
"""Call the get info endpoint"""
user = UserFactory.create() # suppress @UndefinedVariable
auth = 'JWT {}'.format(self.create_token(user))
response = self.client.get(
'/api/v1/users/me',
HTTP_AUTHORIZATION=auth,
format='json',
)
self.assertEqual(response.status_code, status.HTTP_200_OK,
'Got error: {}'.format(response.content))
self.assertEqual(response.data['email'], user.email)
self.assertEqual(response.data['id'], user.pk)
self.assertEqual(response.data['first_name'], user.first_name)
self.assertEqual(response.data['last_name'], user.last_name)
self.assertEqual(response.data['full_name'], user.get_full_name())
self.assertEqual(response.data['avatar'], user.profile.avatar_url)
gplus_user_data = {...mock data...}
class TestSocialAuth(TestCase):
"""Test that the user is registered if we get a social access token."""
backend = 'google-plus'
access_token = 'sample.token'
def setUp(self):
self.client = APIClient(enforce_csrf_checks=True)
@patch('social.backends.base.BaseAuth.get_json')
def test_gplus_auth(self, mock):
"""Exchange access token for JWT"""
mock.return_value = gplus_user_data
response = self.client.get(
'/api/v1/auth/register-by-token/{}'.format(self.backend),
params=dict(
access_token=self.access_token
),
format='json',
)
self.assertEqual(response.status_code, status.HTTP_200_OK,
'Got error: {}'.format(response.content))
self.assertIn('token', response.data, 'Missing JWT')
self.assertIn('user', response.data, 'Missing User')Movie Models
All the documentation you really need...
...and what was built
# -*- coding: utf-8 -*-
import datetime
from django.conf import settings
from django.db import models
from django.utils.encoding import python_2_unicode_compatible
from jsonfield import JSONField
from movies.service import omdb
SERVICE_OMDB = 'omdb'
SERVICE_CHOICES = (
(SERVICE_OMDB, 'Open Movie Database'),
)
class MovieManager(models.Manager):
def lookup(self, name=None, service=SERVICE_OMDB, service_id=None):
"""
Lookup a movie.
If we don't have it already, retrieve data from the service.
"""
movie = None
qs = self.filter(
servicemovie__service=service,
servicemovie__service_id=service_id)
if qs.exists():
return qs[0]
else:
movie_data = omdb.get(service_id=service_id)
if movie_data:
movie, _ = self.get_or_create(
name=movie_data.get('Title', name),
year=movie_data.get('Year'),
poster=movie_data.get('Poster'),
)
service, _ = ServiceMovie.objects.get_or_create(
movie=movie,
service=service,
service_id=service_id,
)
service.service_data = movie_data
service.updated = datetime.date.today()
service.save()
return movie
@python_2_unicode_compatible
class Movie(models.Model):
"""Minimal amount of data for a Movie."""
name = models.CharField(max_length=255, db_index=True)
poster = models.URLField(max_length=255, blank=True, null=True)
year = models.CharField(
max_length=20,
verbose_name='Year of Release',
db_index=True, blank=True, null=True)
subscribers = models.ManyToManyField(settings.AUTH_USER_MODEL,
through='Watchlist')
class Meta:
ordering = ('name',)
def __str__(self):
return '{0}'.format(self.name)
@python_2_unicode_compatible
class ServiceMovie(models.Model):
"""Link between a movie and a remote service with more information."""
movie = models.ForeignKey(Movie)
service_id = models.CharField(max_length=50, db_index=True)
service = models.CharField(max_length=10, db_index=True,
choices=SERVICE_CHOICES, default=SERVICE_OMDB)
service_data = JSONField(null=True, blank=True)
updated = models.DateField(null=True, blank=True, db_index=True)
class Meta:
unique_together = ('service_id', 'service')
def __str__(self):
return '{0}'.format(self.movie.name)
@python_2_unicode_compatible
class Watchlist(models.Model):
"""
Link between a movie and a user.
The Notifications requested are linked to this model.
"""
movie = models.ForeignKey(Movie)
user = models.ForeignKey(settings.AUTH_USER_MODEL)
def __str__(self):
return '{0}/{1}'.format(self.movie.name, self.user.get_full_name())
NOTIFY_CINEMA = 0
NOTIFY_RETAIL = 1
NOTIFY_RENTAL = 2
NOTIFY_STREAMING = 3
NOTIFICATION_CHOICES = (
(NOTIFY_CINEMA, 'Cinema'),
(NOTIFY_RETAIL, 'Retail Purchase'),
(NOTIFY_RENTAL, 'Rental'),
(NOTIFY_STREAMING, 'Online Streaming'),
)
@python_2_unicode_compatible
class Notification(models.Model):
"""
A list of the notifications a user has requested.
"""
watchlist = models.ForeignKey(Watchlist)
notified = models.BooleanField(default=False)
notified_date = models.DateField(
null=True, blank=True,
help_text='Date when the notification was sent',
)
type = models.IntegerField(
db_index=True,
choices=NOTIFICATION_CHOICES, default=NOTIFY_CINEMA,
help_text='Send notification when movie is available for ...'
)
class Meta:
ordering = ('watchlist', 'type')
unique_together = ('watchlist', 'type')
def __str__(self):
return '{0}/{1}/{2}/{3}'.format(
self.get_type_display(),
'Y' if self.notified else 'N',
self.watchlist.movie.name,
self.watchlist.user.get_full_name(),
)OMDB lookup service
# -*- coding: utf-8 -*-
import requests
APIHOST = 'http://www.omdbapi.com/'
def get(name=None, service_id=None):
params = dict(type='movie',
r='json')
if name:
params.update(dict(s=name))
if id:
params.update(dict(i=service_id, tomatoes=True))
response = requests.get(APIHOST, params=params)
data = response.json()
if 'Error' in data and data.get('Response') == 'False':
raise Exception(data.get('Error'))
if response.ok:
return data
else:
return NoneAPI Documentation
Visit http://docs.mymovie1.apiary.io/ and have a play.
Django Rest Framework
- Adds content negotiation to the Request/Response flow
- Serialization to and from the Django models
- Default endpoints for GET/POST/PUT
- hooks and decorators to roll-your-own
- Builtin API explorer
Model Serialization
The process of converting the stored data into and out of the transport format, ie JSON or XML
# -*- coding: utf-8 -*-
from rest_framework import serializers
from .models import Movie, Watchlist, Notification, ServiceMovie
from users.serializers import UserSerializer
class ServiceSerializer(serializers.ModelSerializer):
class Meta:
model = ServiceMovie
fields = ('id', 'service', 'service_id', 'updated', 'service_data')
class MovieSerializer(serializers.ModelSerializer):
services = ServiceSerializer(many=True, source='servicemovie_set')
class Meta:
model = Movie
fields = ('id', 'name', 'poster', 'year', 'services')Model Serialization
... gives a JSON response like this...
{
"id": 1,
"name": "Movie 0",
"poster": "http://www.kautzer.net/",
"year": "2015",
"services": [
{
"id": 1,
"service": "omdb",
"service_id": "8651",
"updated": "2015-05-07",
"service_data": "{'jsonfield': 'Sample data'}"
}
]
}Watchlist Serializer
And now for somethiing completely different.
class WatchlistSerializer(serializers.ModelSerializer):
user = UserSerializer(write_only=True, required=False)
movie = MovieSerializer(read_only=True)
notifications = NotificationSerializer(
read_only=True,
many=True,
source='notification_set')
# fields used when creating a new watchlist
moviename = serializers.CharField(write_only=True)
notifywhen = serializers.ListField(write_only=True)
service = serializers.CharField(write_only=True)
service_id = serializers.CharField(write_only=True)
class Meta:
model = Watchlist
def create(self, validated_data):
"""
Save the new watchlist and associated notifications and movies.
"""
ModelClass = self.Meta.model
moviename = validated_data.pop('moviename')
notifywhen = validated_data.pop('notifywhen')
service = validated_data.pop('service')
service_id = validated_data.pop('service_id')
movie = Movie.objects.lookup(name=moviename,
service=service,
service_id=service_id,
)
validated_data.update(dict(movie=movie))
try:
instance = ModelClass.objects.create(**validated_data)
except TypeError as exc:
msg = (
'Got a `TypeError` when calling `%s.objects.create()`. '
'This may be because you have a writable field on the '
'serializer class that is not a valid argument to '
'`%s.objects.create()`. You may need to make the field '
'read-only, or override the %s.create() method to handle '
'this correctly.\nOriginal exception text was: %s.' %
(
ModelClass.__name__,
ModelClass.__name__,
self.__class__.__name__,
exc
)
)
raise TypeError(msg)
for notify_type in notifywhen:
Notification.objects.create(watchlist=instance, type=notify_type)
return instanceCreate a Watchlist
When you POST
{
"moviename": "Star Trek",
"service": "omdb",
"service_id": "tt0796366",
"notifywhen": [ "0", "1" ]
}You get
{
"id": 3,
"movie": {
"id": 4,
"name": "Star Trek",
"poster": "http://ia.media-imdb.com/images/M/MV5BMjE5NDQ5OTE4Ml5BMl5BanBnXkFtZTcwOTE3NDIzMw@@._V1_SX300.jpg",
"year": "2009",
"services": [
{
"id": 4,
"service": "omdb",
"service_id": "tt0796366",
"updated": "2015-06-17",
"service_data": "some stuff goes here"
}
]
},
"notifications": [
{
"id": 4,
"notified": false,
"notified_date": null,
"type": 0,
"watchlist": 3
},
{
"id": 5,
"notified": false,
"notified_date": null,
"type": 1,
"watchlist": 3
}
]
}Views
The view handles the incoming request. It relies on the serializer to validate data, and provide a safe representation to send over the wire.
# -*- coding: utf-8 -*-
from rest_framework import viewsets
from custom_rest_framework.viewsets import JWTViewSet
from .models import Movie, Watchlist, Notification
from .serializers import MovieSerializer, \
WatchlistSerializer, \
NotificationSerializer
class MovieViewSet(JWTViewSet, viewsets.ModelViewSet):
serializer_class = MovieSerializer
queryset = Movie.objects.all()
class WatchlistViewSet(JWTViewSet, viewsets.ModelViewSet):
serializer_class = WatchlistSerializer
def get_queryset(self):
"""Filter based on the auth user"""
user = self.request.user
return Watchlist.objects.filter(user=user)
def perform_create(self, serializer):
"""Ensure we save the request user with the model"""
serializer.save(user=self.request.user)
class NotificationViewSet(JWTViewSet, viewsets.ModelViewSet):
serializer_class = NotificationSerializer
def get_queryset(self):
"""Filter based on the auth user"""
user = self.request.user
return Notification.objects.filter(watchlist__user=user)URL Routes / REST Endpoints
Finally the views are connected to the Django URL configuration.
# -*- coding: utf-8 -*-
from django.conf.urls import patterns, include, url
from rest_framework_nested.routers import SimpleRouter, NestedSimpleRouter
from .views import MovieViewSet, WatchlistViewSet, NotificationViewSet
router = SimpleRouter(trailing_slash=False)
router.include_format_suffixes = False
router.register(r'v1/movies', MovieViewSet, base_name='movie')
router.register(r'v1/watchlists', WatchlistViewSet, base_name='watchlist')
# register the nested urls for movie routes
wl_router = NestedSimpleRouter(router, r'v1/watchlists',
lookup='watchlist', trailing_slash=False)
wl_router.register(r'notifications', NotificationViewSet,
base_name='notification')
urlpatterns = patterns('',
url(r'', include(router.urls, namespace='movie')),
url(r'', include(wl_router.urls, namespace='movie')),
)Tests
After all that work I am rewarded with
So let's write some Unit Tests
Unit tests check the functionality of a small unit of the code.
class TestMovieApi(TokenTestCase):
"""Test the API calls."""
def setUp(self):
self.client = APIClient(enforce_csrf_checks=True)
self.user = UserFactory.create() # suppress @UndefinedVariable
self.auth = 'JWT {}'.format(self.create_token(self.user))
def test_get_movie(self):
movie = MovieFactory.create() # suppress @UndefinedVariable
response = self.client.get(
'/api/v1/movies/{}'.format(movie.pk),
HTTP_AUTHORIZATION=self.auth,
format='json',
)
self.assertEqual(response.status_code, status.HTTP_200_OK,
'Got error: {}'.format(response.content))
self.assertEqual(response.data['id'], movie.pk)
def test_get_watchlist_wrong_user(self):
watchlist = WatchlistFactory.create() # suppress @UndefinedVariable
response = self.client.get(
'/api/v1/watchlists/{}'.format(watchlist.pk),
HTTP_AUTHORIZATION=self.auth,
format='json',
)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND,
'Got error: {}'.format(response.content))
def test_get_watchlist(self):
watchlist = WatchlistWithNotificationsFactory.create() # suppress @UndefinedVariable
response = self.client.get(
'/api/v1/watchlists/{}'.format(watchlist.pk),
HTTP_AUTHORIZATION='JWT {}'.format(
self.create_token(watchlist.user)
),
format='json',
)
self.assertEqual(response.status_code, status.HTTP_200_OK,
'Got error: {}'.format(response.content))
self.assertEqual(response.data['id'], watchlist.pk)
def test_create_watchlist(self):
"""Create a new watchlist"""
data = dict(
moviename="Star Trek",
service=SERVICE_OMDB,
service_id='tt0796366',
notifywhen=[NOTIFY_CINEMA, NOTIFY_RENTAL, NOTIFY_STREAMING],
)
response = self.client.post(
'/api/v1/watchlists',
data=data,
HTTP_AUTHORIZATION=self.auth,
format='json',
)
self.assertEqual(response.status_code, status.HTTP_201_CREATED,
'Got error: {}'.format(response.content))
self.assertIn('id', response.data, 'Missing id')
self.assertIn('movie', response.data, 'Missing movie')
self.assertIn('notifications', response.data, 'Missing notifications')Happy, Happy. Joy, Joy
Look! It went GREEN! I am personally validated!
The Final Slide
ASCII art for the win.
.
├── apiary.apib
├── app
│ ├── __init__.py
│ ├── __pycache__
│ ├── settings
│ │ ├── base.py
│ │ ├── development.py
│ │ ├── heroku.py
│ │ ├── __init__.py
│ │ ├── production.py
│ │ ├── __pycache__
│ │ └── test.py
│ ├── static
│ │ └── app
│ │ ├── favicon.png
│ │ ├── logo.png
│ │ ├── logo.svg
│ │ └── robots.txt
│ ├── templates
│ │ └── app
│ │ └── coming_soon.html
│ ├── tests
│ │ ├── __init__.py
│ │ ├── __pycache__
│ │ ├── test_static.py
│ │ └── test_validate.py
│ ├── urls.py
│ ├── views.py
│ └── wsgi.py
├── custom_rest_framework
│ ├── __init__.py
│ ├── __pycache__
│ └── viewsets.py
├── LICENSE
├── manage.py
├── movies
│ ├── admin.py
│ ├── __init__.py
│ ├── migrations
│ │ ├── 0001_initial.py
│ │ ├── 0002_auto_20150614_1740.py
│ │ ├── 0003_auto_20150615_1633.py
│ │ ├── __init__.py
│ │ └── __pycache__
│ ├── models.py
│ ├── __pycache__
│ ├── serializers.py
│ ├── service
│ │ ├── __init__.py
│ │ ├── omdb.py
│ │ └── __pycache__
│ ├── tests
│ │ ├── factories.py
│ │ ├── __init__.py
│ │ ├── __pycache__
│ │ ├── test_admin_actions.py
│ │ ├── test_api.py
│ │ └── test_models.py
│ ├── urls.py
│ └── views.py
├── Procfile
├── Procfile.dev
├── README.md
├── requirements
│ ├── base.txt
│ ├── develop.txt
│ ├── production.txt
│ ├── stackato.txt
│ └── test.txt
├── requirements.txt
├── runtime.txt
├── users
│ ├── admin.py
│ ├── __init__.py
│ ├── migrations
│ │ ├── 0001_initial.py
│ │ ├── __init__.py
│ │ └── __pycache__
│ ├── models.py
│ ├── __pycache__
│ ├── serializers.py
│ ├── social.py
│ ├── static
│ │ └── users
│ │ └── images
│ │ └── avatar-default.png
│ ├── tests
│ │ ├── factories.py
│ │ ├── __init__.py
│ │ ├── __pycache__
│ │ ├── test_api.py
│ │ ├── test_models.py
│ │ └── test_static.py
│ ├── urls.py
│ └── views.py
└── utils
├── actions.py
├── admin.py
├── __init__.py
├── migrations
│ └── __init__.py
├── models.py
├── __pycache__
├── tests.py
└── views.py
Questions
<insert question here>
MyMovie
Tracking movies so you don't have to.
James Mitchell