## ***Day 2 Python and Django Fundamentals***

### Objectives

- Understand Django's project/app architecture
- Create, Run and Extend a Django app correctly

### Python Best Practices Refresher

#### Agenda

- Review
    - PEP 8 Basics
    - Virtual environment discipline
    - `requirements.txt` usage
- Understand why Django enforces structure

##### PEP 8 : Python Coding Guidelines Implementation

1. Install `autopep8` and `pylint`

In [None]:
pip install autopep8

In [None]:
pip install pylint

2. Automate in VS Code

- Open Command Pallete (`Ctrl+Shift+P`)
- Type **"Preferences: Open User Settings (JSON)"** and select it.
- Add or modify the following lines in the JSON file:

In [None]:
{
    // 1. Enforce 4 spaces for indentation
    "editor.tabSize": 4,
    "editor.insertSpaces": true,

    // 2. Set the vertical ruler to 79 characters (Visual Guide)
    "editor.rulers": [79],

    // 3. Enable Formatting on Save
    "editor.formatOnSave": true,

    // 4. Set Autopep8 as the default formatter
    "python.formatting.provider": "autopep8",
    "python.formatting.autopep8Args": [
        "--max-line-length=79"
    ],

    // 5. Enable Pylint
    "python.linting.enabled": true,
    "python.linting.pylintEnabled": true,
    "python.linting.pylintArgs": [
        "--max-line-length=79"
    ]
}

##### Virtual Environment Discipline

A. Isolation and Setup

1. Always Create: When starting a new project, create a new virtual environment immediately (`python3 -m venv .venv`).
2. Activate First: Never install a package (`pip install`) until you have activated the environment.
3. Standard Naming: Always name the environment directory `.venv`. This is recognized by most editors (like VS Code and PyCharm) and is the default directory to exclude from version control.

B. Dependency Management

1. Freeze Dependencies: After successfully installing all necessary packages for your project, you must create a list of exact versions.
2. Command: `pip freeze > requirements.txt`
3. This generates the authoritative file that lists every package and its exact version (e.g., requests==2.28.1).
4. Install Dependencies: When another developer (or a server) gets your code, they use this file to set up the environment:
    - Command: `pip install -r requirements.txt`
5. Update requirements.txt: Whenever you install a new package or upgrade an existing one, immediately run pip freeze > requirements.txt again to update the file.

C. Version Control (Git)

1. Exclude the Environment: The virtual environment directory (.venv) contains thousands of files and should NEVER be committed to Git.
2. Add to `.gitignore`: Ensure your project's `.gitignore` file includes the `.venv` directory:
3. Include `requirements.txt`: The `requirements.txt` file MUST be committed and tracked by Git, as it is the sole source of truth for your project's dependencies.

##### Utilizing `requirements.txt`

Sample `requirements.txt`:

In [None]:
beautifulsoup4==4.12.3
certifi==2024.2.2
Django==5.0.3
Pillow==10.2.0
pytz==2024.1
requests==2.31.0
six==1.16.0
sqlparse==0.4.4
tzdata==2024.1
urllib3==2.2.1

Understanding the structure:

1. Package Name: (e.g. `Django`, `requests`)
2. Pinned Version: (e.g. `==5.0.3`, `==2.31.0`)

##### Why Django enforces structure?

Django enforces structure to make complex web applications organized, stable, and maintainable for teams.

Here is the concise breakdown:

Coding Structure (Why it uses MTV (Model-Template-View))

- Goal: To prevent chaos in large codebases.

- Method: It strictly separates code into Model (data/database), View (business logic), and Template (display/HTML).

- Result: Developers can easily find, fix, and update features (Apps) without breaking unrelated parts of the application.

Environment Management (Why it needs `venv` and `requirements.txt`)

- Goal: To guarantee the application works the same everywhere.

- Method: Django has many internal dependencies. Using a Virtual Environment (`venv`) and a pinned `requirements.txt` file isolates the project and locks down the exact versions of every package.

- Result: This prevents "dependency hell"—where a minor, automatic update to a single library breaks the entire, complex Django system when moving from a developer's machine to the server.

### Django Project vs App Architecture (Core Concept)

#### Agenda

- Understand:
    - What a project is 
    - What an app is
    - Why Django uses this separation
- Identify the roles of:
    - `settings.py`
    - `urls.py`
    - `wsgi.py` / `asgi.py`

*Key Insight: A Django project is a ***container***, apps are ***features****

In order to build a structured and scalable applications, the difference betwwen a *Project* and an *App* must be clarified.

**Django Project** - is the collection of settings for an instance in Django. It handles the whole application or configuration settings.

**Django App** - is a module that handles a single feature. It defines a specific functionality within the app.

***Why Django uses this Separation?***

* **Reusability** - Project provides configuration, App provides feature.
* **Modularity** - breaking application into small, manageable Apps, useful for a large or enterprise-level projects.
* **Scalability** - Easy to scale and allow developer teams work efficiently.

***Roles of different project files:***

- `settings.py` -  contains all the configuration of your Django installation. This explains how settings work and which are available.

- `urls.py` - contains URL declarations for the Django project. Contains URL path to map with your Python functions (specifically views).

- `wsgi.py / asgi.py` 
    - "Web Server Gateway Interface" - It is designed for synchronous (one-request-at-a-time) way for the server to communicate with the Django application. Used for traditional synchronous web requests.
    - "Asynchronous Server Gateway Interface" - It is designed for asynchronous operations. Allows multiple I/O operations handling and useful for modern asynchronous features like WebSockets and long-running API calls.

### Create your First Django App

#### Agenda

- Create a new app inside your project
- Register the app correctly

**Command for creating new app**

In [None]:
python manage.py startapp core

**Register in `settings.py`**

In [None]:
INSTALLED_APPS = [
    ...
    'core',
]

### Views, URLs, and Request Flow

#### Agenda

- Create a basic view
- Wire URL routing
- Understand request -> response lifecycle

**Example View (`core/views.py`)**

In [None]:
from django.http import JsonResponse

def health_check(request):
    return JsonResponse({"status": "ok"})

**Wire URLs**

In [None]:
# core/urls.py
from django.urls import path
from .views import health_check

urlpatterns = [
    path("health/", health_check),
]

**Add to backend/urls.py**

In [None]:
# project urls.py
path("api/", include("core.urls"))

**Test**

[Visit this Testing Link](http://127.0.0.1:8000/api/health/)

**Result**

![**Result**](./images/Day2_ViewsURLsRequestFlow.jpg)

### Django Settings and Configuration Basics

#### Agenda

- Understand:
    - `DEBUG`
    - `INSTALLED_APPS`
    - `MIDDLEWARE`
- Learn where configuration belongs
- Avoid hardcoding secrets

**DEBUG** - a boolean value that controls the level of error information displayed to users and determines development behavior. Set to `TRUE` during development to show detailed error tracebacks and set to `FALSE` in production to prevent revealing sensitive code and configuration data to the public.

**INSTALLED_APPS** - a list of strings that acts as a registry of all Django applications that are active in the current project. It also tells Django what features, models, template tags, and management commands to load. Every custom App you create must be added to this list to be functional.

**MIDDLEWARE** - a list of strings that defines a chain of processing hooks - functions or classes - that sit between the Django Request / Response cycle. It intercepts every HTTP request before it hits a View and every response before it leaves the server.


| Configuration Type | Where it Belongs (Best Practice) | Why |
| :--- | :--- | :--- |
| **Global Settings** | `settings.py` | This file holds project-wide values like `INSTALLED_APPS`, `MIDDLEWARE`, and database settings. |
| **Environment Specific Settings** | Environment Variables (e.g. `.env` file) | This includes secrets, API keys, and deployment-specific values (like the production database URL or `DEBUG=False`). |
| **Local-Only Settings** | `.gitignore` | The file containing the actual secret values (like `.env`) should be added to `.gitignore` to prevent it from being accidentally committed to version control. |

**What Does "Avoid Hardcoding Secrets" Mean?**

Hardcoding a secret means writing sensitive data (like passwords, API keys, or secret keys) directly into your source code files (e.g., `settings.py`).

**Example of Hardcoding (Bad Practice):**

In [None]:
# settings.py (BAD!)
SECRET_KEY = 'vry-scret-hardcoded-key-12345'
AWS_SECRET_KEY = 'AKIAIOSFODNN7EXAMPLE'

***Note: Avoid hardcoding means externalizing all sensitive data***

In [None]:
# settings.py (GOOD!)
import os
SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY')
AWS_SECRET_KEY = os.environ.get('AWS_ACCESS_KEY')

**Why is it important?**

**Security Risk** : If your source code is ever shared, posted on a public repository (like GitHub), or accessed by unauthorized personnel, the hardcoded secrets are immediately exposed, leading to data breaches or compromised infrastructure.

**Deployment Rigidity** : You cannot easily switch between environments. If the staging server uses a different database password than the development server, you would have to manually edit and redeploy the code for every environment.

**Auditability** : Secrets must often be rotated (changed). Hardcoding forces you to change and redeploy your entire application just to update a single password.

### GIT Commit (Engineering Discipline)

#### Agenda

- Commit meaningful progress

**Command**

In [None]:
git add .
git commit -m "Add core app with basic health endpoint"

### Reflection and Validation

#### Agenda

- Answer quickly:
    - Can I explain project vs. app?
    - Do I understand request flow?
- Note one question to clarify tomorrow

**Can I explain project vs. app?**

- Generally, a Django project is the main folder of your application. It stores all the global configuration and settings of our whole project. On the other hand, a Django app is the feature of your project. This stores specific modules and functionality within your project.

**Do I understand request flow?**

- Firstly, I created a basic view which I configured in my `views.py` in my `core` App, then I made a URL in the `urls.py` as api/health/. After that I connected the url in the main project's `urls.py`. The request is sent after I test the link. I observed that when I visited the link, the GET method for the url "/api/health/" is displayed and a showed a 200 value. This denotes that I succeeded in requesting for a view in that specific API which allowed me to view the image that I got that says "status : ok".

### Day 2 Completion Checklist

- ✅ A registered Django app
- ✅ Working URL routing
- ✅ At least one API endpoint
- ✅ Clean GIT commit history

#### What to focus on tomorrow?

- Django models
- ORM fundamentals
- Admin panel power usage