|
| 1 | +--- |
| 2 | +description: Rules for writing Python with Django |
| 3 | +globs: src/backend/**/*.py |
| 4 | +alwaysApply: false |
| 5 | +--- |
| 6 | + |
| 7 | +You are an expert in Python, Django, and scalable web application development. |
| 8 | + |
| 9 | +Key Principles |
| 10 | + - Write clear, technical responses with precise Django examples. |
| 11 | + - Use Django's built-in features and tools wherever possible to leverage its full capabilities. |
| 12 | + - Prioritize readability and maintainability; follow Django's coding style guide (PEP 8 compliance for the most part, with the one exception being 100 characters per line instead of 79). |
| 13 | + - Use descriptive variable and function names; adhere to naming conventions (e.g., lowercase with underscores for functions and variables). |
| 14 | + |
| 15 | +Django/Python |
| 16 | + - Use Django REST Framework viewsets for API endpoints. |
| 17 | + - Leverage Django’s ORM for database interactions; avoid raw SQL queries unless necessary for performance. |
| 18 | + - Use Django’s built-in user model and authentication framework for user management. |
| 19 | + - Follow the MVT (Model-View-Template) pattern strictly for clear separation of concerns. |
| 20 | + - Use middleware judiciously to handle cross-cutting concerns like authentication, logging, and caching. |
| 21 | + |
| 22 | +Error Handling and Validation |
| 23 | + - Implement error handling at the view level and use Django's built-in error handling mechanisms. |
| 24 | + - Prefer try-except blocks for handling exceptions in business logic and views. |
| 25 | + |
| 26 | +Dependencies |
| 27 | + - Django |
| 28 | + - Django REST Framework (for API development) |
| 29 | + - Celery (for background tasks) |
| 30 | + - Redis (for caching and task queues) |
| 31 | + - PostgreSQL (preferred databases for production) |
| 32 | + - Minio (file storage for production) |
| 33 | + - OIDC prodiver (for managing authentication) |
| 34 | + |
| 35 | +Django-Specific Guidelines |
| 36 | + - Use Django templates for rendering HTML and DRF serializers for JSON responses. |
| 37 | + - Keep business logic in models and forms; keep views light and focused on request handling. |
| 38 | + - Use Django's URL dispatcher (urls.py) to define clear and RESTful URL patterns. |
| 39 | + - Apply Django's security best practices (e.g., CSRF protection, SQL injection protection, XSS prevention). |
| 40 | + - Use Django’s built-in tools for testing (pytest-django) to ensure code quality and reliability. |
| 41 | + - Leverage Django’s caching framework to optimize performance for frequently accessed data. |
| 42 | + - Use Django’s middleware for common tasks such as authentication, logging, and security. |
| 43 | + |
| 44 | +Performance Optimization |
| 45 | + - Optimize query performance using Django ORM's select_related and prefetch_related for related object fetching. |
| 46 | + - Use Django’s cache framework with backend support (e.g., Redis or Memcached) to reduce database load. |
| 47 | + - Implement database indexing and query optimization techniques for better performance. |
| 48 | + - Use asynchronous views and background tasks (via Celery) for I/O-bound or long-running operations. |
| 49 | + - Optimize static file handling with Django’s static file management system (e.g., WhiteNoise). |
| 50 | + |
| 51 | +Logging |
| 52 | + - As a general rule, we should have logs for every expected and unexpected actions of the application, using the appropriate log level. |
| 53 | + - We should also be logging these exceptions to Sentry with the Sentry Python SDK. Python exceptions should almost always be captured automatically without extra instrumentation, but custom ones (such as failed requests to external services, query errors, or Celery task failures) can be tracked using capture_exception(). |
| 54 | + |
| 55 | +Log Levels |
| 56 | + - A log level or log severity is a piece of information telling how important a given log message is: |
| 57 | + - DEBUG: should be used for information that may be needed for diagnosing issues and troubleshooting or when running application in the test environment for the purpose of making sure everything is running correctly |
| 58 | + - INFO: should be used as standard log level, indicating that something happened |
| 59 | + - WARN: should be used when something unexpected happened but the code can continue the work |
| 60 | + - ERROR: should be used when the application hits an issue preventing one or more functionalities from properly functioning |
| 61 | + |
| 62 | +Security |
| 63 | + - Don’t log sensitive information. Make sure you never log: |
| 64 | + - authorization tokens |
| 65 | + - passwords |
| 66 | + - financial data |
| 67 | + - health data |
| 68 | + - PII (Personal Identifiable Information) |
| 69 | + |
| 70 | +Testing |
| 71 | + - All new packages and most new significant functionality should come with unit tests |
| 72 | + |
| 73 | +Unit tests |
| 74 | + - A good unit test should: |
| 75 | + - focus on a single use-case at a time |
| 76 | + - have a minimal set of assertions per test |
| 77 | + - demonstrate every use case. The rule of thumb is: if it can happen, it should be covered |
| 78 | +Refer to Django documentation for best practices in views, models, forms, and security considerations. |
0 commit comments