I'm supplying a Django project to a client, who has requested a 'debugging' page that will show useful information.
[UPDATE for clarity: We'd like this page so we can use it for debugging in future: the clients are not very technical and I won't have direct access to their servers. In the event of future issues, it would be very useful if I could check out this page without asking them to edit the Debug setting or do any other server-side fiddling.]
The project will be running in production, so I can't set DEBUG=True.
What I would like is a page similar to the Django debugging page but without any sensitive information in.
I guess I can simply write my own, but does anyone have any ideas? Anything standard in Django I could use?
Thanks!
Googling 'standard Django debugging page'
Isn't as effective as reading the Django source itself.
Look in base.py for code like this
from django.views import debug
That will provide you some hints as to how they do it.
Then you can look at django/views/debug.py for the "technical_404_response" view function. You can use this function in your code, also.
You can use Django Debug Toolbar and enable it only for choosen IPs
Related
Hi Guys I am deploying a django project to elastic-beanstalk on AWS it currently is working fine, however I would like to know if it's a good or bad practice to allow the BrowsableAPIRenderer to be able to handle requests on my browser, I try to find anything related to it but there is really not too much documentation if not any at all. My App has a really strict permission policy, even when I access through the browsable API, it returns the following:
{
"detail": "Authentication credentials were not provided."
}
however it displays some sort of "information" about the endpoint. It's in that part where I find it difficult to define if I should allow it so that other developers can easily know what is going on, or on the other hand if it is a big risk to be accessible to the public.
You may find this question and its answers useful. Based on this answer, it is true that providing the BrowsableAPIRenderer would help development:
It provides simple UI interface to interact with model objects.
It can provide detailed debugging information.
A list of URLs can be shown in some API root
Based on your current settings, a user would at least need to log on either in DRF login page or Django ADMIN page to see and interact with your API.
You can enable the BrowsableAPI in development but disable it in your production settings following this answer.
In production, I wouldn't want other users, who have write permission, to interact with the APIs via BrowsableAPI. It will force the other users to use the front end app or other secure app to interact with APIs. That would provide a secure layer to forbid descriptive actions done using BrowsableAPI.
While readthedocs.io offers the possibility to enable Google Analytics for a page by just adding the tracking ID within a project's settings, the same offer does not seem to exists for using Piwik.
I would like to use Piwik for a page that I generate for a Python project using Sphinx and that is hosted on readthedocs.io. I guess one way to enable it would be to add the Piwik tracking code to the page template as mentioned in https://github.com/rtfd/readthedocs.org/issues/199 however I'm not sure how to start with this.
Has someone been able to use Piwki in this configuration or an idea on how to achieve it? Thank you very much for your help!
Modify your theme's template, inserting your Piwik tracking code. My answer to a related question can point you in the right direction.
So, I've recently inherited a large code base that is fairly obfuscated. When I navigate a page on my local machine is there any way to determine which template/view is actually being called to create the view that I'm seeing at that moment?
I would like to get a better idea of where certain parts of the page are actually coming from, but the project is so large and disorganized that going through present templates is simply not feasible.
Is there any nice way to get around this? Worth mentioning that the defined urls all seem to be poorly written, obfuscated regex, (not to mention incredibly long) so direct examination of the urls file is not extremely feasible.
When I try to run resolve on the url of the page I'm trying to view I get a 404, and I'm not really sure where to progress from there, since the page clearly works.
Any help would be greatly appreciated.
Personnaly I use this : https://github.com/django-debug-toolbar/django-debug-toolbar
The Django Debug Toolbar is a configurable set of panels that display
various debug information about the current request/response and when
clicked, display more details about the panel's content.
Currently, the following panels have been written and are working:
Django version
Request timer
A list of settings in settings.py
Common HTTP headers
GET/POST/cookie/session variable display
Templates and context used, and their template paths
SQL queries including time to execute and links to EXPLAIN each query
List of signals, their args and receivers
Logging output via Python's built-in logging, or via the logbook module
There is also one Django management command currently:
debugsqlshell: Outputs the SQL that gets executed as you work in the Python interactive shell. (See example below)
If you have ideas for other panels please let us know.
Note: The Debug Toolbar only works on Django 1.3 and newer.
0 code to add, only a few minor changes to settings.py
You will get what you want and even more.
I have a new job and a huge django project (15 apps, more than 30 loc). It's pretty hard to understand it's architecture from scratch. Are there any techniques to simplify my work in the beginning? sometimes it's even hard to understand where to find a form or a view that I need... thnx in advance.
When I come to this kind of problem I open up a notebook and answer the following:
1. Infrastructure
Server configuration, OS etc
Check out the database type (mysql, postgres, nosql)
External APIS (e.g Facebook Connect)
2. Backend
Write a simple description
Write its input/output from user (try to be thorough; which fields are required and which aren't)
Write its FK and its relation to any other apps (and why)
List down each plugin the app is using. And for what purpose. For example in rails I'd write: 'gem will_paginate - To display guestbook app results on several pages'
3. Frontend
Check out the JS framework
Check the main stylesheet files (for the template)
The main html/haml (etc) files for creating a new template based page.
When you are done doing that. I think you are much more prepared and able go deeper developing/debugging the app. Good luck.
Use this http://packages.python.org/django-extensions/graph_models.html
to generate the Relationship diagrams from the models so that you can visually see how the models are related to each other. This will give you nice idea about the app
1) Try to install the site from scratch. You will find what external apps are needed for the site to run.
2) Reverse engineer. Browse through the site and try to find out what you have to do to change something to that page. Start with the url, look up in urls.py, read the view, check the model. Are there any hints to other processes?
3) Try to write down everything you don't understand, and document the answers for future reference.
I would clone the project so you can mess up endlessly.
Then I would start to reduce the code. "What happens if if just remove this function here?
Also get django debug toolbar:
https://github.com/django-debug-toolbar/django-debug-toolbar
A good terminal debugger is also golden, there are many out there, here is an example:
https://github.com/tomchristie/django-pdb
This allow you to halt the code and even inject and mutate parameters in runtime. Just like GDB in C.
If you use FireFox you can install FireBug on it and when you for example submit ajax form you can see at which url send you request after what you can easily find controller which work with this form data. At chrome this utility embedded by default and call by F12 key.
Taking into account that I barely know python and am simply following the "hello-world" example here: http://code.google.com/appengine/docs/python/gettingstarted/
I'm unclear as to how I would: use a "MainHandler" class mapped to '/' as a welcome page, ask the user to login and then only allow logged-in users to access a "EditorHandler" class mapped to '/editor'
You've asked a very broad question, and provided no details about what (if any) framework you're planning to use to implement your app. I guess you are probably using webapp?
The basic idea would be to create a login url that you redirect the user to, or you provide to them. If you want them redirected to an edit page on your app, you can specify a dest_url when calling create_login_url:
users.create_login_url(dest_url='/edit')
Within your code you can secure your edit handler easily in app.yaml or with the '#login_required' decorator, depending on how you've setup your app.
This seems to work: http://appengine-cookbook.appspot.com/recipe/login-decorator
Although I dont understand the magic behind most of it, it's probably due to my lack of python skills.
Some comments on that article also point to more "native" solutions:
http://code.google.com/appengine/docs/python/tools/webapp/utilmodule.html