# Making App : 

1) django-admin startproject {project_name}

2) python manage.py startapp {app_name}

#  Models in Django

Django models define the structure of the database.

In [None]:
from django.db import models

class Post(models.Model):
    title = models.CharField(max_length=200)
    content = models.TextField()
    created_at = models.DateTimeField(auto_now_add=True)

    def __str__(self):
        return self.title
    
CharField()
TextField()
DateTimeField()
PositiveBigIntegerField()
BigIntegerField
ForeignKey()

# Running Migrations:

python manage.py makemigrations
python manage.py migrate

# Django Admin Panel and registering Model:

The Django admin panel allows for easy management of database objects.

In [None]:
from django.contrib import admin
from .models import Post

class ProductAdmin(admin.ModelAdmin):
    """
    we can make some Forms for views of Data :
    
    list_display = []
    list_filter = []
    search_fields = []
    list_select_related = False
    list_per_page = 100 
    list_max_show_all = 200 
    list_editable = ()
    date_hierarchy = None
    save_as = False
    save_as_continue = True
    save_on_top = False
    preserve_filters = True
    inlines = []
    
    """
admin.site.register(Post)

# Views and URL Routing

In [None]:
#View : 
from django.shortcuts import render

def home_view(request):
    return render(request, 'home.html')

#URL:
""" In urls.py of the app: """
from django.urls import path
from .views import home_view

urlpatterns = [
    path('', home_view, name='home'),
    #re_path(r"checking/(?P<name_of_value>[A-Za-z0-9]{len_of_value})/",home_view),
]

""" In the project's urls.py: """

from django.contrib import admin
from django.urls import include, path

urlpatterns = [
    path('admin/', admin.site.urls),
    path('', include('{app_name}.urls')),
]



# Decorators  for View : 

In [None]:
"""
1. @login_required:
 This decorator ensures that a view can only be accessed by authenticated users.
 If the user is not logged in, they are redirected to the login page.
"""
from django.contrib.auth.decorators import login_required

@login_required(login_url='/custom-login/')
def my_view(request):
    # View code here


""" 
@permission_required:
 This decorator checks if the user has the specific permission(s) required to access the view.
 If not, they are redirected to the login page or shown a 403 Forbidden page.
"""
from django.contrib.auth.decorators import permission_required

@permission_required(['app_label.permission1', 'app_label.permission2'])
def my_view(request):
    # View code here

"""
@user_passes_test:
 This decorator allows you to define a custom test that the user must pass to access the view. 
 For example, you could ensure that only staff members can access certain views.
"""
from django.contrib.auth.decorators import user_passes_test

@user_passes_test({custom-test}, login_url='/no-access/')
def my_view(request):
    # View code here

"""
@require_http_methods:
 This decorator ensures that a view only allows certain HTTP methods
 (GET, POST, etc.).
"""
from django.views.decorators.http import require_http_methods

#@require_GET
#@require_POST
@require_http_methods(["GET", "POST"])
def my_view(request):
    # View code here
    

"""
@csrf_exempt
 This decorator disables Cross-Site Request Forgery (CSRF) protection for the decorated view.
 Use with caution, as this makes your view vulnerable to CSRF attacks.
"""
from django.views.decorators.csrf import csrf_exempt

@csrf_exempt
def my_view(request):
    # View code here

"""
@csrf_protect: 
 This decorator ensures that CSRF protection is enabled for the view.
 CSRF protection is enabled by default,
 but you can use this to enforce it in specific views.
"""
from django.views.decorators.csrf import csrf_protect

@csrf_protect
def my_view(request):
    # View code here

"""
@cache_page
 This decorator caches the response of a view for a specified amount of time,
 which can improve performance by reducing database queries and computations.
 """
from django.views.decorators.cache import cache_page

@cache_page(60 * 15)  # Cache for 15 minutes
def my_view(request):
    # View code here

"""
@vary_on_headers
This decorator sets the "Vary" header for caching purposes.
It ensures the cache varies based on specific request headers
(e.g., User-Agent, Accept-Language).
"""
from django.views.decorators.vary import vary_on_headers

@vary_on_headers('User-Agent')
def my_view(request):
    # View code here

"""
 @vary_on_cookie
 This decorator ensures that the cache varies depending on cookies,
 which is useful when user-specific data is stored in cookies.
 """

from django.views.decorators.vary import vary_on_cookie

@vary_on_cookie
def my_view(request):
    # View code here

"""
@never_cache:
This decorator ensures that the view's response is never cached,
regardless of any other caching headers or settings.
"""
from django.views.decorators.cache import never_cache

@never_cache
def my_view(request):
    # View code here
    
"""
@sensitive_post_parameters:
 This decorator marks certain POST parameters as sensitive,
 which means they won’t be included in error reports or logging.
"""
from django.views.decorators.debug import sensitive_post_parameters

@sensitive_post_parameters('password', 'credit_card_number')
def my_view(request):
    # View code here

"""
@sensitive_variables:
 This decorator hides sensitive variables
 (like passwords) from appearing in error reports.
"""
from django.views.decorators.debug import sensitive_variables

@sensitive_variables('password')
def my_view(request):
    password = request.POST['password']
    # View code here
    

"""
@xframe_options_deny::
This decorator prevents the view from being rendered inside a frame or iframe,
which can help mitigate clickjacking attacks.
"""
from django.views.decorators.clickjacking import xframe_options_deny

@xframe_options_deny
def my_view(request):
    # View code here

"""
@xframe_options_exempt
 This decorator allows the view to be rendered inside a frame,
 overriding the default DENY X-Frame-Options header.
 """
from django.views.decorators.clickjacking import xframe_options_exempt

@xframe_options_exempt
def my_view(request):
    # View code here


# Forms in Django

In [None]:
#Forms:
from django import forms

class ContactForm(forms.Form):
    name = forms.CharField(max_length=100)
    email = forms.EmailField()
    message = forms.CharField(widget=forms.Textarea)

    
#In the view (views.py):

from django.shortcuts import render
from .forms import ContactForm

def contact_view(request):
    form = ContactForm()
    return render(request, 'contact.html', {'form': form})


# Django Authentication

In [None]:
from django.contrib.auth import authenticate, login
from django.shortcuts import render, redirect

def login_view(request):
    if request.method == 'POST':
        username = request.POST['username']
        password = request.POST['password']
        user = authenticate(request, username=username, password=password)
        if user is not None:
            login(request, user)
            return redirect('home')
    return render(request, 'login.html')


# Django Middleware

Middleware in Django is a way to process requests globally before they reach the view.

In [None]:
class MyCustomMiddleware:
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        # Code to execute before view
        response = self.get_response(request)
        # Code to execute after view
        return response

""" can add middleware in settings.py: """    

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'myapp.middleware.MyCustomMiddleware',
]


# Django Rest Framework (DRF)

pip install djangorestframework

In [None]:
#Example Serializer:

from rest_framework import serializers
from .models import Post

class PostSerializer(serializers.ModelSerializer):
    class Meta:
        model = Post
        fields = ['id', 'title', 'content', 'created_at']

#API View:       
        
from rest_framework.response import Response
from rest_framework.decorators import api_view
from .models import Post
from .serializers import PostSerializer

@api_view(['GET'])
def post_list(request):
    posts = Post.objects.all()
    serializer = PostSerializer(posts, many=True)
    return Response(serializer.data)

#URL for API:

from django.urls import path
from .views import post_list

urlpatterns = [
    path('api/posts/', post_list, name='post_list'),
]
