Converting Flask App Starter Into Django

Archie To

My goal in this project is to convert a Flask skeleton code into Django.

• The source code for Flask app (initial product): https://gitlab.com/dleske/oft
• The source code for Django app (final product): https://gitlab.com/uvic-arcsoft/strap/app-starter-django

The blog will summarize my takes on Flask and Django.

Authentication transformation

1. Authentication system in the Flask code:

Flask code authenticates users by checking the HTTP request header “X-Forwarded-User”. There are four levels of authentication and authorization in the Flask code:

• Unauthenticated users (Level 0): “X-Forwarded-User” is not set or doesn’t exist
• Unauthorized users (Level 1): “X-Forwarded-User” is set to something that does not exist in the user database
• Authorized users without admin rights (Level 2): “X-Forwarded-User” is set to an username that exists in the user database but does not have the admin right
• Authorized users with admin rights (Level 3): “X-Forwarded-User” is set to an username that exists in the user database and has the admin right

The behavior of the code is concluded as following:

• An unauthenticated user (level 0) accessing any page will result in a 401 Unauthenticated error
• An unauthorized user (level 1) accessing any page will result in a 403 Unauthorized error
• An authorized user without admin rights (level 2) accessing a page that requires an admin right will result in 403 Unauthorized error. However, this user can access any other pages that do not require admin rights
• An authorized user with admin rights (level 3) can access any page.

2. Authentication system in the Django code: Django code also authenticate users by checking the HTTP request header “X-Forwarded-User”. However, there are only 3 levels of authentication and authorization:

• Unauthenticated users and unauthorized users (level 0):

  • “X-Forwarded-User” is not set or doesn’t exist
  • “X-Forwarded-User” is set to something that does not exist in the user database
  • Note that this is a combination of level 0 and level 1 in the Flask code

• Authorized users without admin rights (Level 1): “X-Forwarded-User” is set to an username that exists in the user database but does not have the admin right

• Authorized users with admin rights (Level 2): “X-Forwarded-User” is set to an username that exists in the user database and has the admin right

There are three main pages:

1. Login Page

• If user is level 0, they will see the Login Page
• If user is level 1, they will be redirected to the User Page
• If user is level 2, they will be redirected to the Admin Page

2. User Page

• If user is level 0, they will be redirected to the Login Page
• If user is level 1 or 2, they will see the User Page

3. Admin Page

• If user is level 0, they will be redirected to the Login Page
• If user is level 1, they will be redirected to the User Page
• If user is level 2, they will see the Admin Page

Note that the main difference between the Flask and Django code is that Django code redirects an user to a page that they have access to instead of just returning an error.  

The main difference between Flask and Django

Complexity

Flask is a more beginner friendly framework. You can get your development server setup and run quickly and easily. After that, you can start writing code, building views and adding functionalities right away. Flask project structure is not too complex also, where most of your files can be put into a single directory named src. In Flask, there is a tool named SQL Alchemy that allows you to implement a database into the application with ease.

Django, however, requires a bit more understanding of the code and documentation. To break down, a Django project is your entire application. A project consists of smaller applications (technically Python packages in Django and is equivalent to Blueprint in Flask), where each application manages a part of your project. For example, for an ecommerce project, you can have an application to handle user authentication, an app to render the ecommerce store and an app to handle payment. Inside of each application, there are different files that construct different aspects. For instance, view.py builds views, url.py builds the page navigations, models build entries and columns in the database.

Flexibility and code reusability

Due to being more complex, Django allows developers to do more with the code. There are more components presented in Django such as middleware (middleware is executed every time a new view is rendered), built in classes and forms, class mixins, etc. These components allow coder to build a more functional and complex application but at the same time writing less code due to code reusability. For example, developers can use class-based views to render views that they want instead of having to write out all necessary aspects of the views such as context, query performed, and template used.

Structure, scalability, compatibility

Overall, Django projects have a better code structure than Flask projects, where each project is divided into smaller applications and each application is divided into file components. Therefore, for a larger project, the code is easier to manage and adding code will require less effort due to the code reusability.

However, if you are planning to build a simple project, Flask would be a better choice. Django, in this case, would be an overkill. Flask still has every you need, from building views, connecting to a database to user authentication. ** **    

---