# Chapter 15: Modern Web Frameworks

Python's web framework ecosystem offers solutions for every scale and architecture. From microservices requiring minimal overhead to monolithic applications demanding comprehensive tooling, Python provides battle-tested frameworks that power some of the world's largest platforms. Instagram uses Django; Netflix employs Flask for microservices; and FastAPI has become the standard for high-performance machine learning APIs.

This chapter explores three dominant paradigms: **FastAPI** for modern, high-performance APIs with automatic validation; **Flask** for lightweight, flexible microservices; and **Django** for full-stack applications with built-in ORM, authentication, and admin interfaces. Each framework represents distinct architectural philosophies suited to different project requirements.

## 15.1 FastAPI: High-Performance Modern APIs

FastAPI is a modern, high-performance web framework built on **Starlette** (ASGI toolkit) and **Pydantic** (data validation). It leverages Python type hints for automatic validation, serialization, and documentation generation.

### Core Features

*   **High Performance**: On par with Node.js and Go (thanks to Starlette and Pydantic)
*   **Type Safety**: Automatic validation using Python type hints
*   **Automatic Documentation**: OpenAPI (Swagger) and ReDoc generated from code
*   **Async Support**: Native async/await for high-concurrency workloads
*   **Dependency Injection**: Powerful, intuitive DI system

### Installation and Basic Application

```bash
pip install fastapi uvicorn[standard]
```

```python
# main.py
from fastapi import FastAPI
from pydantic import BaseModel
from typing import Optional
from datetime import datetime

app = FastAPI(
    title="Blog API",
    description="A modern blog API built with FastAPI",
    version="1.0.0"
)

# Pydantic Models (Data Validation)
class ArticleBase(BaseModel):
    """Base model for article data."""
    title: str
    content: str
    published: bool = False

class ArticleCreate(ArticleBase):
    """Model for creating articles."""
    pass

class Article(ArticleBase):
    """Full article model with system-generated fields."""
    id: int
    author_id: int
    created_at: datetime
    updated_at: Optional[datetime] = None
    
    class Config:
        from_attributes = True  # Enable ORM mode (Pydantic v2)

# In-memory database (for demonstration)
articles_db: dict[int, dict] = {}
article_counter: int = 0

# Routes
@app.get("/")
def read_root() -> dict:
    """Root endpoint."""
    return {"message": "Welcome to the Blog API"}

@app.get("/articles", response_model=list[Article])
def list_articles(
    skip: int = 0,
    limit: int = 10,
    published_only: bool = False
) -> list[dict]:
    """
    List all articles with pagination.
    
    - **skip**: Number of articles to skip
    - **limit**: Maximum number of articles to return
    - **published_only**: Filter to only published articles
    """
    articles = list(articles_db.values())
    if published_only:
        articles = [a for a in articles if a["published"]]
    return articles[skip : skip + limit]

@app.post("/articles", response_model=Article, status_code=201)
def create_article(article: ArticleCreate, author_id: int = 1) -> dict:
    """
    Create a new article.
    
    Request body is automatically validated against ArticleCreate model.
    """
    global article_counter
    article_counter += 1
    
    article_dict = {
        "id": article_counter,
        "author_id": author_id,
        "title": article.title,
        "content": article.content,
        "published": article.published,
        "created_at": datetime.now(),
        "updated_at": None
    }
    articles_db[article_counter] = article_dict
    return article_dict

@app.get("/articles/{article_id}", response_model=Article)
def get_article(article_id: int) -> dict:
    """Get a specific article by ID."""
    if article_id not in articles_db:
        from fastapi import HTTPException
        raise HTTPException(status_code=404, detail="Article not found")
    return articles_db[article_id]

@app.put("/articles/{article_id}", response_model=Article)
def update_article(article_id: int, article: ArticleBase) -> dict:
    """Update an existing article."""
    if article_id not in articles_db:
        from fastapi import HTTPException
        raise HTTPException(status_code=404, detail="Article not found")
    
    existing = articles_db[article_id]
    existing.update({
        "title": article.title,
        "content": article.content,
        "published": article.published,
        "updated_at": datetime.now()
    })
    return existing

@app.delete("/articles/{article_id}", status_code=204)
def delete_article(article_id: int) -> None:
    """Delete an article."""
    if article_id not in articles_db:
        from fastapi import HTTPException
        raise HTTPException(status_code=404, detail="Article not found")
    del articles_db[article_id]
```

**Running the Application:**
```bash
uvicorn main:app --reload --host 0.0.0.0 --port 8000
```

**Automatic Documentation:**
*   Swagger UI: `http://localhost:8000/docs`
*   ReDoc: `http://localhost:8000/redoc`
*   OpenAPI JSON: `http://localhost:8000/openapi.json`

### Dependency Injection

FastAPI's dependency injection system provides a powerful way to share logic, database connections, and enforce authentication:

```python
from fastapi import Depends, HTTPException, status
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from typing import Annotated
from pydantic import BaseModel

# Mock database
users_db = {
    "alice": {"id": 1, "username": "alice", "role": "admin"},
    "bob": {"id": 2, "username": "bob", "role": "user"}
}

# Security scheme
security = HTTPBearer()

# Dependency: Get current user
async def get_current_user(
    credentials: Annotated[HTTPAuthorizationCredentials, Depends(security)]
) -> dict:
    """
    Validate JWT token and return current user.
    
    This dependency is injected into protected endpoints.
    """
    token = credentials.credentials
    # In production, validate JWT and extract user ID
    # Simplified: token is username
    if token not in users_db:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid authentication credentials"
        )
    return users_db[token]

# Dependency: Require admin role
async def require_admin(
    current_user: Annotated[dict, Depends(get_current_user)]
) -> dict:
    """Dependency that requires admin role."""
    if current_user["role"] != "admin":
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail="Admin access required"
        )
    return current_user

# Type alias for common dependency
CurrentUser = Annotated[dict, Depends(get_current_user)]

# Using dependencies
@app.get("/users/me")
def read_users_me(current_user: CurrentUser) -> dict:
    """Get current user profile."""
    return current_user

@app.delete("/users/{user_id}")
def delete_user(
    user_id: int,
    admin: Annotated[dict, Depends(require_admin)]
) -> dict:
    """Delete user (admin only)."""
    return {"message": f"User {user_id} deleted by {admin['username']}"}
```

### Pydantic Validation

Pydantic validates data automatically, enforcing types and constraints:

```python
from pydantic import BaseModel, Field, EmailStr, field_validator
from typing import Optional
from enum import Enum
import re

class UserStatus(str, Enum):
    ACTIVE = "active"
    INACTIVE = "inactive"
    SUSPENDED = "suspended"

class UserCreate(BaseModel):
    """User creation with validation rules."""
    
    username: str = Field(
        ...,
        min_length=3,
        max_length=20,
        pattern=r"^[a-zA-Z0-9_]+$",
        description="Unique username (alphanumeric and underscore only)"
    )
    email: EmailStr
    password: str = Field(..., min_length=8, max_length=100)
    age: Optional[int] = Field(None, ge=13, le=120)  # 13-120 range
    status: UserStatus = UserStatus.ACTIVE
    
    @field_validator('password')
    @classmethod
    def password_strength(cls, v: str) -> str:
        """Validate password contains required character types."""
        if not re.search(r'[A-Z]', v):
            raise ValueError('Password must contain uppercase letter')
        if not re.search(r'[a-z]', v):
            raise ValueError('Password must contain lowercase letter')
        if not re.search(r'\d', v):
            raise ValueError('Password must contain digit')
        return v

@app.post("/users", response_model=dict, status_code=201)
def create_user(user: UserCreate) -> dict:
    """
    Create user with automatic validation.
    
    FastAPI validates the request body against UserCreate:
    - Returns 422 Unprocessable Entity if validation fails
    - Detailed error messages for each field
    """
    return {"username": user.username, "email": user.email}

# Example validation error response (422):
# {
#   "detail": [
#     {
#       "type": "string_pattern_mismatch",
#       "loc": ["body", "username"],
#       "msg": "String should match pattern '^[a-zA-Z0-9_]+$'",
#       "input": "invalid user!"
#     }
#   ]
# }
```

### Async Database Integration

```python
from fastapi import FastAPI
from sqlalchemy.ext.asyncio import AsyncSession, create_async_engine
from sqlalchemy.orm import sessionmaker
from contextlib import asynccontextmanager
from typing import AsyncGenerator

DATABASE_URL = "postgresql+asyncpg://user:password@localhost/blog"

engine = create_async_engine(DATABASE_URL, echo=True)
AsyncSessionLocal = sessionmaker(
    engine, class_=AsyncSession, expire_on_commit=False
)

# Dependency
async def get_db() -> AsyncGenerator[AsyncSession, None]:
    """Provide database session."""
    async with AsyncSessionLocal() as session:
        try:
            yield session
            await session.commit()
        except Exception:
            await session.rollback()
            raise
        finally:
            await session.close()

# Lifespan context (for startup/shutdown)
@asynccontextmanager
async def lifespan(app: FastAPI):
    # Startup: Create tables
    async with engine.begin() as conn:
        await conn.run_sync(Base.metadata.create_all)
    yield
    # Shutdown: Cleanup
    await engine.dispose()

app = FastAPI(lifespan=lifespan)

@app.post("/articles/async")
async def create_article_async(
    article: ArticleCreate,
    db: AsyncSession = Depends(get_db)
) -> dict:
    """Create article using async database."""
    db_article = Article(**article.dict())
    db.add(db_article)
    await db.refresh(db_article)
    return db_article
```

## 15.2 Flask: Lightweight and Flexible

Flask is a micro-framework that provides the essentials for web development without imposing architectural decisions. It excels in microservices, prototypes, and applications requiring maximum flexibility.

### Basic Application

```bash
pip install flask
```

```python
# app.py
from flask import Flask, request, jsonify, abort, Response
from functools import wraps
from typing import Callable, Any
import json

app = Flask(__name__)

# Configuration
app.config['DEBUG'] = True
app.config['SECRET_KEY'] = 'dev-key-change-in-production'

# In-memory storage
articles: list[dict] = []

# Route: Basic
@app.route('/')
def index() -> str:
    """Simple text response."""
    return "Welcome to Flask Blog API"

# Route: JSON response
@app.route('/api/v1/articles', methods=['GET'])
def get_articles() -> Response:
    """List all articles."""
    return jsonify({
        'data': articles,
        'count': len(articles)
    })

# Route: URL parameters
@app.route('/api/v1/articles/<int:article_id>', methods=['GET'])
def get_article(article_id: int) -> Response:
    """Get specific article."""
    article = next((a for a in articles if a['id'] == article_id), None)
    if not article:
        abort(404, description="Article not found")
    return jsonify(article)

# Route: POST with request body
@app.route('/api/v1/articles', methods=['POST'])
def create_article() -> tuple[Response, int]:
    """Create new article."""
    data = request.get_json()
    
    if not data:
        abort(400, description="Request body is required")
    
    # Manual validation (no built-in validation like FastAPI)
    required_fields = ['title', 'content']
    missing = [f for f in required_fields if f not in data]
    if missing:
        abort(400, description=f"Missing fields: {missing}")
    
    article = {
        'id': len(articles) + 1,
        'title': data['title'],
        'content': data['content'],
        'published': data.get('published', False)
    }
    articles.append(article)
    
    return jsonify(article), 201

# Route: PUT
@app.route('/api/v1/articles/<int:article_id>', methods=['PUT'])
def update_article(article_id: int) -> Response:
    """Update article."""
    article = next((a for a in articles if a['id'] == article_id), None)
    if not article:
        abort(404, description="Article not found")
    
    data = request.get_json()
    article.update(data)
    return jsonify(article)

# Route: DELETE
@app.route('/api/v1/articles/<int:article_id>', methods=['DELETE'])
def delete_article(article_id: int) -> tuple[Response, int]:
    """Delete article."""
    global articles
    article = next((a for a in articles if a['id'] == article_id), None)
    if not article:
        abort(404, description="Article not found")
    
    articles = [a for a in articles if a['id'] != article_id]
    return jsonify({'message': 'Article deleted'}), 204

# Error handlers
@app.errorhandler(404)
def not_found(error) -> tuple[Response, int]:
    """Custom 404 response."""
    return jsonify({'error': 'Not found', 'message': str(error)}), 404

@app.errorhandler(400)
def bad_request(error) -> tuple[Response, int]:
    """Custom 400 response."""
    return jsonify({'error': 'Bad request', 'message': str(error)}), 400

# Middleware pattern (before_request)
@app.before_request
def before_request() -> None:
    """Run before every request."""
    # Logging, authentication checks, etc.
    app.logger.info(f"Request: {request.method} {request.path}")

# After request
@app.after_request
def after_request(response: Response) -> Response:
    """Run after every request."""
    response.headers['X-Content-Type-Options'] = 'nosniff'
    return response

if __name__ == '__main__':
    app.run(host='0.0.0.0', port=5000, debug=True)
```

### Blueprints: Organizing Large Applications

```python
# articles/routes.py
from flask import Blueprint, jsonify, request
from typing import List

articles_bp = Blueprint('articles', __name__, url_prefix='/api/v1/articles')

@articles_bp.route('/', methods=['GET'])
def list_articles() -> dict:
    """List articles."""
    return jsonify([])

@articles_bp.route('/<int:article_id>', methods=['GET'])
def get_article(article_id: int) -> dict:
    """Get article."""
    return jsonify({'id': article_id})

# users/routes.py
from flask import Blueprint

users_bp = Blueprint('users', __name__, url_prefix='/api/v1/users')

@users_bp.route('/', methods=['GET'])
def list_users() -> dict:
    """List users."""
    return jsonify([])

# app.py
from flask import Flask
from articles.routes import articles_bp
from users.routes import users_bp

app = Flask(__name__)
app.register_blueprint(articles_bp)
app.register_blueprint(users_bp)
```

### Request Hooks and Middleware

```python
from flask import g, request
from functools import wraps
import time
import jwt

# Authentication decorator
def token_required(f: Callable) -> Callable:
    """Decorator for protected routes."""
    @wraps(f)
    def decorated(*args, **kwargs):
        token = request.headers.get('Authorization')
        
        if not token:
            return jsonify({'error': 'Token is missing'}), 401
        
        try:
            # Remove 'Bearer ' prefix
            token = token.split(' ')[1]
            data = jwt.decode(token, app.config['SECRET_KEY'], algorithms=['HS256'])
            g.current_user = data['user_id']
        except jwt.ExpiredSignatureError:
            return jsonify({'error': 'Token has expired'}), 401
        except jwt.InvalidTokenError:
            return jsonify({'error': 'Invalid token'}), 401
        
        return f(*args, **kwargs)
    return decorated

@app.route('/protected')
@token_required
def protected_route() -> dict:
    """Route requiring authentication."""
    return jsonify({'message': f'Hello user {g.current_user}!'})

# Request timing middleware
@app.before_request
def start_timer() -> None:
    """Start timer for request."""
    g.start_time = time.time()

@app.teardown_request
def log_request(exception=None) -> None:
    """Log request duration."""
    if hasattr(g, 'start_time'):
        duration = time.time() - g.start_time
        app.logger.info(f"Request took {duration:.3f}s")
```

### Flask Extensions

Flask's minimalist core is extended through a rich ecosystem:

```python
# Flask-SQLAlchemy: ORM integration
from flask_sqlalchemy import SQLAlchemy
from datetime import datetime

app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///blog.db'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
db = SQLAlchemy(app)

class Article(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    title = db.Column(db.String(100), nullable=False)
    content = db.Column(db.Text, nullable=False)
    created_at = db.Column(db.DateTime, default=datetime.utcnow)
    author_id = db.Column(db.Integer, db.ForeignKey('user.id'))

class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True, nullable=False)
    articles = db.relationship('Article', backref='author', lazy=True)

# Flask-Migrate: Database migrations
# pip install flask-migrate
from flask_migrate import Migrate
migrate = Migrate(app, db)

# Commands:
# flask db init      - Initialize migration repository
# flask db migrate   - Generate migration script
# flask db upgrade   - Apply migrations

# Flask-RESTful: REST API helpers
# pip install flask-restful
from flask_restful import Resource, Api, fields, marshal_with

api = Api(app)

article_fields = {
    'id': fields.Integer,
    'title': fields.String,
    'content': fields.String,
    'created_at': fields.DateTime
}

class ArticleResource(Resource):
    @marshal_with(article_fields)
    def get(self, article_id):
        return Article.query.get_or_404(article_id)
    
    def delete(self, article_id):
        article = Article.query.get_or_404(article_id)
        db.session.delete(article)
        db.session.commit()
        return '', 204

api.add_resource(ArticleResource, '/api/articles/<int:article_id>')
```

### Jinja2 Templates

```python
from flask import render_template, redirect, url_for, flash

@app.route('/articles')
def articles_page():
    articles = Article.query.all()
    return render_template('articles/list.html', articles=articles)

@app.route('/articles/new', methods=['GET', 'POST'])
def new_article():
    if request.method == 'POST':
        article = Article(
            title=request.form['title'],
            content=request.form['content']
        )
        db.session.add(article)
        db.session.commit()
        flash('Article created successfully!', 'success')
        return redirect(url_for('articles_page'))
    
    return render_template('articles/new.html')
```

**Template File (templates/articles/list.html):**
```html
<!DOCTYPE html>
<html>
<head>
    <title>Articles</title>
</head>
<body>
    {% with messages = get_flashed_messages(with_categories=true) %}
        {% if messages %}
            {% for category, message in messages %}
                <div class="alert alert-{{ category }}">{{ message }}</div>
            {% endfor %}
        {% endif %}
    {% endwith %}
    
    <h1>Articles</h1>
    <ul>
        {% for article in articles %}
            <li>
                <a href="{{ url_for('article_detail', article_id=article.id) }}">
                    {{ article.title }}
                </a>
                <small>{{ article.created_at.strftime('%Y-%m-%d') }}</small>
            </li>
        {% endfor %}
    </ul>
    
    <a href="{{ url_for('new_article') }}">Create New Article</a>
</body>
</html>
```

## 15.3 Django: Batteries Included

Django is a full-stack framework following the "batteries included" philosophy. It provides an ORM, authentication system, admin interface, caching, and more out of the box. Django uses the **Model-Template-View (MTV)** architecture.

### Project Structure

```bash
# Installation
pip install django

# Create project
django-admin startproject myblog
cd myblog

# Create app
python manage.py startapp articles

# Project structure
myblog/
├── manage.py
├── myblog/
│   ├── __init__.py
│   ├── settings.py
│   ├── urls.py
│   ├── asgi.py
│   └── wsgi.py
└── articles/
    ├── __init__.py
    ├── admin.py
    ├── apps.py
    ├── migrations/
    ├── models.py
    ├── tests.py
    └── views.py
```

### Models and ORM

```python
# articles/models.py
from django.db import models
from django.contrib.auth.models import User
from django.urls import reverse

class PublishedManager(models.Manager):
    """Custom manager for published articles."""
    def get_queryset(self):
        return super().get_queryset().filter(status='published')

class Article(models.Model):
    """Blog article model."""
    
    STATUS_CHOICES = [
        ('draft', 'Draft'),
        ('published', 'Published'),
    ]
    
    title = models.CharField(max_length=200)
    slug = models.SlugField(max_length=200, unique_for_date='publish')
    author = models.ForeignKey(
        User, 
        on_delete=models.CASCADE,
        related_name='articles'
    )
    content = models.TextField()
    publish = models.DateTimeField(auto_now_add=True)
    created = models.DateTimeField(auto_now_add=True)
    updated = models.DateTimeField(auto_now=True)
    status = models.CharField(
        max_length=10,
        choices=STATUS_CHOICES,
        default='draft'
    )
    tags = models.ManyToManyField('Tag', blank=True)
    
    # Managers
    objects = models.Manager()  # Default manager
    published = PublishedManager()  # Custom manager
    
    class Meta:
        ordering = ['-publish']
        indexes = [
            models.Index(fields=['-publish']),
            models.Index(fields=['status']),
        ]
    
    def __str__(self) -> str:
        return self.title
    
    def get_absolute_url(self) -> str:
        return reverse('articles:detail', args=[self.slug])

class Tag(models.Model):
    """Article tags."""
    name = models.CharField(max_length=50, unique=True)
    slug = models.SlugField(max_length=50, unique=True)
    
    def __str__(self) -> str:
        return self.name

class Comment(models.Model):
    """Comments on articles."""
    article = models.ForeignKey(
        Article,
        on_delete=models.CASCADE,
        related_name='comments'
    )
    name = models.CharField(max_length=80)
    email = models.EmailField()
    body = models.TextField()
    created = models.DateTimeField(auto_now_add=True)
    active = models.BooleanField(default=True)
    
    class Meta:
        ordering = ['created']
    
    def __str__(self) -> str:
        return f'Comment by {self.name} on {self.article}'
```

**Database Migrations:**
```bash
# Create migrations
python manage.py makemigrations

# Apply migrations
python manage.py migrate

# View migration SQL
python manage.py sqlmigrate articles 0001
```

### Views (Function-Based and Class-Based)

```python
# articles/views.py
from django.shortcuts import render, get_object_or_404, redirect
from django.views.generic import ListView, DetailView, CreateView, UpdateView
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.contrib.auth.decorators import login_required
from django.db.models import Count
from .models import Article, Comment
from .forms import ArticleForm, CommentForm

# Function-Based Views
def article_list(request):
    """List all published articles."""
    articles = Article.published.all()
    tag_slug = request.GET.get('tag')
    
    if tag_slug:
        articles = articles.filter(tags__slug=tag_slug)
    
    return render(request, 'articles/list.html', {'articles': articles})

def article_detail(request, slug):
    """Show article with comments."""
    article = get_object_or_404(
        Article,
        slug=slug,
        status='published'
    )
    comments = article.comments.filter(active=True)
    
    if request.method == 'POST':
        comment_form = CommentForm(data=request.POST)
        if comment_form.is_valid():
            new_comment = comment_form.save(commit=False)
            new_comment.article = article
            new_comment.save()
            return redirect(article.get_absolute_url())
    else:
        comment_form = CommentForm()
    
    return render(request, 'articles/detail.html', {
        'article': article,
        'comments': comments,
        'comment_form': comment_form
    })

# Class-Based Views (preferred for CRUD operations)
class ArticleListView(ListView):
    """List articles with pagination."""
    queryset = Article.published.all()
    context_object_name = 'articles'
    paginate_by = 10
    template_name = 'articles/list.html'
    
    def get_queryset(self):
        queryset = super().get_queryset()
        tag_slug = self.request.GET.get('tag')
        if tag_slug:
            queryset = queryset.filter(tags__slug=tag_slug)
        return queryset

class ArticleDetailView(DetailView):
    """Show article detail."""
    model = Article
    template_name = 'articles/detail.html'
    context_object_name = 'article'
    
    def get_queryset(self):
        return Article.published.all()
    
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        context['comments'] = self.object.comments.filter(active=True)
        context['comment_form'] = CommentForm()
        return context

class ArticleCreateView(LoginRequiredMixin, CreateView):
    """Create new article."""
    model = Article
    form_class = ArticleForm
    template_name = 'articles/form.html'
    
    def form_valid(self, form):
        form.instance.author = self.request.user
        return super().form_valid(form)

class ArticleUpdateView(LoginRequiredMixin, UserPassesTestMixin, UpdateView):
    """Update article (author only)."""
    model = Article
    form_class = ArticleForm
    template_name = 'articles/form.html'
    
    def test_func(self):
        article = self.get_object()
        return self.request.user == article.author

class ArticleDeleteView(LoginRequiredMixin, UserPassesTestMixin, DeleteView):
    """Delete article (author only)."""
    model = Article
    template_name = 'articles/confirm_delete.html'
    success_url = '/articles/'
    
    def test_func(self):
        return self.request.user == self.get_object().author
```

### URL Configuration

```python
# myblog/urls.py
from django.contrib import admin
from django.urls import path, include

urlpatterns = [
    path('admin/', admin.site.urls),
    path('articles/', include('articles.urls', namespace='articles')),
    path('accounts/', include('django.contrib.auth.urls')),
]

# articles/urls.py
from django.urls import path
from . import views

app_name = 'articles'

urlpatterns = [
    path('', views.ArticleListView.as_view(), name='list'),
    path('<slug:slug>/', views.ArticleDetailView.as_view(), name='detail'),
    path('new/', views.ArticleCreateView.as_view(), name='create'),
    path('<slug:slug>/edit/', views.ArticleUpdateView.as_view(), name='update'),
    path('<slug:slug>/delete/', views.ArticleDeleteView.as_view(), name='delete'),
]
```

### Admin Interface

```python
# articles/admin.py
from django.contrib import admin
from .models import Article, Tag, Comment

@admin.register(Article)
class ArticleAdmin(admin.ModelAdmin):
    """Admin configuration for Article model."""
    list_display = ['title', 'slug', 'author', 'publish', 'status']
    list_filter = ['status', 'created', 'publish', 'author']
    search_fields = ['title', 'content']
    prepopulated_fields = {'slug': ('title',)}
    raw_id_fields = ['author']
    date_hierarchy = 'publish'
    ordering = ['status', '-publish']
    
    # Inline editing of comments
    class CommentInline(admin.TabularInline):
        model = Comment
        extra = 0
    
    inlines = [CommentInline]

@admin.register(Tag)
class TagAdmin(admin.ModelAdmin):
    list_display = ['name', 'slug']
    prepopulated_fields = {'slug': ('name',)}

@admin.register(Comment)
class CommentAdmin(admin.ModelAdmin):
    list_display = ['name', 'email', 'article', 'created', 'active']
    list_filter = ['active', 'created', 'updated']
    search_fields = ['name', 'email', 'body']
    actions = ['approve_comments']
    
    @admin.action(description='Approve selected comments')
    def approve_comments(self, request, queryset):
        queryset.update(active=True)
```

### Django REST Framework

For building APIs with Django:

```bash
pip install djangorestframework
```

```python
# settings.py
INSTALLED_APPS = [
    # ...
    'rest_framework',
    'articles',
]

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.IsAuthenticatedOrReadOnly',
    ],
    'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
    'PAGE_SIZE': 10
}

# articles/serializers.py
from rest_framework import serializers
from .models import Article, Tag, Comment

class TagSerializer(serializers.ModelSerializer):
    class Meta:
        model = Tag
        fields = ['id', 'name', 'slug']

class CommentSerializer(serializers.ModelSerializer):
    class Meta:
        model = Comment
        fields = ['id', 'name', 'email', 'body', 'created', 'active']
        read_only_fields = ['created']

class ArticleSerializer(serializers.ModelSerializer):
    """Article serializer with nested relationships."""
    author = serializers.ReadOnlyField(source='author.username')
    tags = TagSerializer(many=True, read_only=True)
    comments = CommentSerializer(many=True, read_only=True)
    
    class Meta:
        model = Article
        fields = [
            'id', 'title', 'slug', 'author', 'content',
            'publish', 'status', 'tags', 'comments'
        ]
        read_only_fields = ['publish']

# articles/api_views.py
from rest_framework import generics, permissions
from rest_framework.decorators import api_view
from rest_framework.response import Response
from .models import Article
from .serializers import ArticleSerializer

class ArticleListAPIView(generics.ListCreateAPIView):
    """List and create articles."""
    queryset = Article.published.all()
    serializer_class = ArticleSerializer
    permission_classes = [permissions.IsAuthenticatedOrReadOnly]
    
    def perform_create(self, serializer):
        serializer.save(author=self.request.user)

class ArticleDetailAPIView(generics.RetrieveUpdateDestroyAPIView):
    """Retrieve, update, or delete article."""
    queryset = Article.published.all()
    serializer_class = ArticleSerializer
    permission_classes = [permissions.IsAuthenticatedOrReadOnly]

# Function-based API view
@api_view(['GET'])
def article_stats(request):
    """Custom endpoint for article statistics."""
    total = Article.objects.count()
    published = Article.published.count()
    return Response({
        'total': total,
        'published': published
    })

# articles/api_urls.py
from django.urls import path
from rest_framework.urlpatterns import format_suffix_patterns
from . import api_views

urlpatterns = [
    path('articles/', api_views.ArticleListAPIView.as_view()),
    path('articles/<int:pk>/', api_views.ArticleDetailAPIView.as_view()),
    path('stats/', api_views.article_stats),
]

urlpatterns = format_suffix_patterns(urlpatterns)
```

## Summary

Python's web framework ecosystem provides solutions for every architectural need. **FastAPI** represents the modern approach: leveraging type hints for automatic validation, generating OpenAPI documentation, and supporting async/await for high-concurrency APIs. Its dependency injection system enables clean separation of concerns while Pydantic ensures data integrity without boilerplate code.

**Flask** embodies simplicity and flexibility. Its micro-framework philosophy provides essential routing and request handling without imposing architectural decisions. Through blueprints, extensions like Flask-SQLAlchemy, and its minimal core, Flask scales from prototypes to production microservices while remaining approachable for beginners.

**Django** offers the comprehensive "batteries included" experience. Its ORM provides a powerful abstraction over database operations, the admin interface automatically generates CRUD interfaces for content management, and the authentication system handles user management out of the box. Django REST Framework extends Django into a full-featured API platform with serialization, authentication, and browseable API documentation.

Each framework serves distinct use cases: FastAPI for high-performance APIs with strong typing, Flask for microservices and applications requiring maximum flexibility, and Django for full-stack applications needing comprehensive built-in features. Understanding their philosophies enables informed architectural decisions based on project requirements.

In the next chapter, we explore the database layer in depth: SQLAlchemy patterns, connection pooling, relationship mapping, and migration strategies that underpin data persistence across these frameworks.

**Next Chapter**: Chapter 16: Databases and ORM (SQLAlchemy Core, ORM, and Migrations).