The latest articles on DEV Community by Digvijay Singh (@digvijay_singhrajput). https://dev.to/digvijay_singhrajput https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1734261%2Ff8cbd54d-40b7-4624-ad5c-14082ec26462.png https://dev.to/digvijay_singhrajput en Digvijay Singh Tue, 21 Apr 2026 23:30:54 +0000 https://dev.to/digvijay_singhrajput/gitignore-done-right-what-to-ignore-why-and-the-pattern-every-production-codebase-uses-23o https://dev.to/digvijay_singhrajput/gitignore-done-right-what-to-ignore-why-and-the-pattern-every-production-codebase-uses-23o <h6> A deep dive into .gitignore for Python projects — the secrets pattern, the template exception, what belongs in version control and what doesn't, and how one missing line can cost you real money. </h6> <h2> .gitignore Done Right </h2> <p>A developer at a startup pushed their <code>.env</code> file to a public GitHub repository by mistake.</p> <p>Within 4 minutes — automated bots had scraped it.<br> Within 6 minutes — they were making API calls on his account.<br> His bill at the end of the month: $340.</p> <p>One missing line in <code>.gitignore</code> caused this.</p> <p>This article covers everything about <code>.gitignore</code> for Python projects — what to ignore, why each category exists, and the pattern every production codebase uses.</p> <h2> What <code>.gitignore</code> Actually Does </h2> <p><code>.gitignore</code> tells Git: "these files and folders exist on my machine — never track them, never commit them, never include them in diffs or pull requests."</p> <p>Two reasons you need it:</p> <p><strong>Reason 1 — Security</strong></p> <p>Your <code>.env</code> file contains:</p> <ul> <li>Database passwords</li> <li>API keys (OpenAI, Groq, Anthropic)</li> <li>JWT signing secrets</li> <li>AES encryption keys</li> </ul> <p>If any of these reach GitHub — automated bots scan public repositories continuously. They find keys, abuse them, and you receive a bill. This is not theoretical. It happens every day.</p> <p><strong>Reason 2 — Repository hygiene</strong></p> <p>Some files are auto-generated on your machine and serve no purpose in the repository:</p> <ul> <li> <code>__pycache__/</code> — Python bytecode, machine-specific, regenerates automatically</li> <li> <code>.venv/</code> — your virtual environment, thousands of files each developer creates themselves</li> <li> <code>.DS_Store</code> — macOS filesystem metadata, meaningless to other developers</li> <li> <code>.idea/</code> — IDE configuration, personal and machine-specific</li> </ul> <p>These files change constantly, cause merge conflicts, and bloat the repository for zero benefit.</p> <h2> The Most Important Pattern — Secrets </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># ============================================================ # SECRETS — NEVER commit these # ============================================================ .env .env.* !.env.example </code></pre> </div> <p>Let's break down each line:</p> <p><strong><code>.env</code></strong> — Your real secrets file. Contains actual API keys, passwords, database URLs. Lives only on your machine. Never committed.</p> <p><strong><code>.env.*</code></strong> — Covers all environment variants: <code>.env.local</code>, <code>.env.development</code>, <code>.env.production</code>, <code>.env.staging</code>. One pattern ignores all of them.</p> <p><strong><code>!.env.example</code></strong> — The <code>!</code> prefix means <strong>exception</strong>. Despite the previous rules, this file IS tracked by git.</p> <h3> Why commit <code>.env.example</code>? </h3> <p><code>.env.example</code> is the template. It has the same variable names as <code>.env</code> but with placeholder values — no real secrets.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># .env.example — committed to git</span> <span class="nv">DATABASE_URL</span><span class="o">=</span>postgresql+asyncpg://docqa:docqa_password@localhost:5432/docqa <span class="nv">SECRET_KEY</span><span class="o">=</span>replace-with-64-char-hex-generate-with-openssl-rand-hex-32 <span class="nv">GROQ_API_KEY</span><span class="o">=</span>your-groq-api-key-here <span class="nv">OPENAI_API_KEY</span><span class="o">=</span> <span class="c"># optional — leave empty if not using</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># .env — never committed — has real values</span> <span class="nv">DATABASE_URL</span><span class="o">=</span>postgresql+asyncpg://docqa:myRe4lP@ss@prod.db.internal:5432/docqa <span class="nv">SECRET_KEY</span><span class="o">=</span>a3f8c2e1d4b7f9a2c5e8d1b4f7a2c5e8d3f6b9a2c5e8d1b4f7a2c5e8d3f6b9a <span class="nv">GROQ_API_KEY</span><span class="o">=</span>gsk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx </code></pre> </div> <p>When someone clones the repository:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cp</span> .env.example .env <span class="c"># fill in real values</span> </code></pre> </div> <p>Zero guessing about what variables are needed. Zero Slack messages asking "what env vars do I need?" Zero setup friction.</p> <p><strong>A professional <code>.env.example</code> includes comments:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># JWT signing key — if stolen, anyone can forge login tokens for any user</span> <span class="c"># Generate with: openssl rand -hex 32</span> <span class="c"># Must be at least 32 characters — app refuses to start otherwise</span> <span class="nv">SECRET_KEY</span><span class="o">=</span>replace-with-64-char-hex-string <span class="c"># AES-256-GCM encryption key for LLM API keys stored in DB</span> <span class="c"># MUST be different from SECRET_KEY</span> <span class="c"># Generate with: openssl rand -hex 32</span> <span class="nv">ENCRYPTION_KEY</span><span class="o">=</span>replace-with-another-64-char-hex-string <span class="c"># Default LLM provider — completely free, no credit card needed</span> <span class="c"># Get your key at: https://console.groq.com</span> <span class="nv">GROQ_API_KEY</span><span class="o">=</span>your-groq-api-key-here </code></pre> </div> <p>Each comment tells: what the variable does, why it matters, how to generate it, where to get it. Future developers (including future you) will thank present you.</p> <h2> Python-Specific Patterns </h2> <h3> Bytecode </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>__pycache__/ *.py[cod] *.pyo .Python </code></pre> </div> <p>When Python runs your <code>.py</code> file, it compiles it to bytecode and stores it in <code>__pycache__/</code>. This happens automatically every time you run your code.</p> <p>Why ignore it?</p> <ul> <li>Machine-specific — your compiled bytecode won't work on someone else's machine</li> <li>Regenerates automatically — no value in tracking it</li> <li>Changes constantly — causes meaningless merge conflicts</li> </ul> <p>The <code>*.py[cod]</code> pattern covers <code>.pyc</code> (compiled), <code>.pyo</code> (optimized), and <code>.pyd</code> (Windows DLL) in one rule.</p> <h3> Virtual Environment </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>venv/ .venv/ env/ ENV/ .env/ </code></pre> </div> <p>Your virtual environment contains thousands of files — every package you've installed. Each developer creates their own virtual environment. The <code>requirements.txt</code> file is what gets committed — that's the contract. The actual installed packages stay local.</p> <p>Multiple folder names covered because different tools create differently named environments (<code>python -m venv</code> vs <code>virtualenv</code> vs <code>poetry</code>).</p> <h3> Testing and Coverage </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>.pytest_cache/ .coverage coverage.xml htmlcov/ .tox/ </code></pre> </div> <p>Test runners generate cache and coverage files. <code>.pytest_cache/</code> speeds up test runs locally but is meaningless in the repository. Coverage reports are generated artifacts — they should be generated fresh rather than committed.</p> <h3> Type Checking </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>.mypy_cache/ .ruff_cache/ </code></pre> </div> <p>Type checkers cache their analysis for performance. Like bytecode, these are machine-specific and regenerate automatically.</p> <h2> IDE and Editor Files </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>.vscode/ .idea/ *.swp *.swo .DS_Store Thumbs.db </code></pre> </div> <p>IDE configuration is personal. Your VS Code settings for font size, color theme, and key bindings are not relevant to other developers. Your IntelliJ project structure is machine-specific.</p> <p><strong>Exception</strong>: Some teams commit a <code>.vscode/</code> folder with shared extension recommendations. If you do this deliberately, use <code>!.vscode/extensions.json</code> to re-include just that file.</p> <p><code>*.swp</code> and <code>*.swo</code> are temporary files created by Vim.<br> <code>.DS_Store</code> is macOS metadata about folder display preferences.<br> <code>Thumbs.db</code> is Windows thumbnail cache.</p> <p>None of these belong in a repository.</p> <h2> Uploads and User Data </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>uploads/ *.pdf *.docx *.pptx *.csv *.xlsx </code></pre> </div> <p>User-uploaded documents are not source code. In production, they go to cloud object storage (Cloudflare R2, AWS S3, Google Cloud Storage) — not the server disk and definitely not git.</p> <p>Including these patterns prevents accidentally committing a test PDF during development. It also protects against committing user data that might contain sensitive information.</p> <h2> Logs </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>*.log logs/ </code></pre> </div> <p>Logs are runtime output. They change constantly, are often large, and contain information (user IDs, IP addresses, request data) that shouldn't be in version control.</p> <h2> Build Artifacts </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>dist/ build/ *.egg-info/ </code></pre> </div> <p>These are generated when you package your Python application for distribution. Like bytecode, they're build outputs — not source code.</p> <h2> Docker </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>.docker/ </code></pre> </div> <p>Some Docker tools create a <code>.docker/</code> directory with local state. This stays local.</p> <h2> The Complete <code>.gitignore</code> for Python AI Projects </h2> <p>Here's the full file with comments explaining each section:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># ============================================================ # SECRETS — NEVER commit these # ============================================================ .env .env.* !.env.example # ============================================================ # Python bytecode # ============================================================ __pycache__/ *.py[cod] *.pyo .Python # ============================================================ # Virtual environment # ============================================================ venv/ .venv/ env/ ENV/ .env/ # ============================================================ # Testing and coverage # ============================================================ .pytest_cache/ .coverage coverage.xml htmlcov/ .tox/ # ============================================================ # Type checking and linting cache # ============================================================ .mypy_cache/ .ruff_cache/ # ============================================================ # IDE and editor files # ============================================================ .vscode/ .idea/ *.swp *.swo .DS_Store Thumbs.db # ============================================================ # Docker # ============================================================ .docker/ # ============================================================ # Uploads and user data # Never commit user files — they go to cloud storage # ============================================================ uploads/ *.pdf *.docx *.pptx *.csv *.xlsx # ============================================================ # Logs — runtime output, not source code # ============================================================ *.log logs/ # ============================================================ # Build artifacts # ============================================================ dist/ build/ *.egg-info/ # ============================================================ # Node (for future React frontend) # ============================================================ node_modules/ .next/ frontend/dist/ frontend/build/ </code></pre> </div> <h2> What Happens If You Commit a Secret Accidentally </h2> <p>If you commit a <code>.env</code> file or any file containing secrets to a public repository — even briefly — assume the secret is compromised.</p> <p><strong>Step 1 — Remove from git tracking:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Remove the file from git tracking (keeps it on disk)</span> git <span class="nb">rm</span> <span class="nt">--cached</span> .env <span class="c"># Add to .gitignore</span> <span class="nb">echo</span> <span class="s2">".env"</span> <span class="o">&gt;&gt;</span> .gitignore <span class="c"># Commit the removal</span> git commit <span class="nt">-m</span> <span class="s2">"remove .env from git tracking"</span> <span class="c"># Push</span> git push </code></pre> </div> <p><strong>Step 2 — Rotate every secret immediately.</strong></p> <p>Do not wait. Do not hope "nobody saw it". Bots scan constantly.</p> <p>For API keys — go to the provider dashboard and regenerate.<br> For database passwords — change the password.<br> For JWT secrets — rotate the key (this invalidates all existing tokens — users must log in again).</p> <p><strong>Step 3 — Clean git history (if the repository is public):</strong></p> <p>The secret is still in git history even after removing the file. To fully remove it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Use git-filter-repo (the modern tool — replaces BFG Repo Cleaner)</span> pip <span class="nb">install </span>git-filter-repo git filter-repo <span class="nt">--path</span> .env <span class="nt">--invert-paths</span> git push <span class="nt">--force</span> <span class="nt">--all</span> </code></pre> </div> <p>⚠️ Force-pushing rewrites history. Coordinate with your team before doing this.</p> <h2> Checking Your Current Status </h2> <p>To verify your <code>.gitignore</code> is working:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># See what git is currently tracking</span> git ls-files <span class="c"># Check if a specific file would be ignored</span> git check-ignore <span class="nt">-v</span> .env <span class="c"># output: .gitignore:2:.env .env</span> <span class="c"># means: rule on line 2 of .gitignore matches .env — it's ignored ✅</span> <span class="c"># If the file is already tracked (check before adding to .gitignore)</span> git status <span class="c"># If .env shows up — remove it with: git rm --cached .env</span> </code></pre> </div> <h2> The Rule to Remember </h2> <div class="highlight js-code-highlight"> <pre class="highlight conf"><code>.<span class="n">env</span> → <span class="n">real</span> <span class="n">secrets</span> — <span class="n">NEVER</span> <span class="n">committed</span> .<span class="n">env</span>.* → <span class="n">all</span> <span class="n">variants</span> — <span class="n">NEVER</span> <span class="n">committed</span> !.<span class="n">env</span>.<span class="n">example</span> → <span class="n">the</span> <span class="n">exception</span> — <span class="n">ALWAYS</span> <span class="n">committed</span> </code></pre> </div> <p>The <code>!</code> exception is the pattern every production team uses.<br> The <code>.env.example</code> template is what makes onboarding painless.<br> The comments in <code>.env.example</code> are what make maintenance painless.</p> <h2> Next Article </h2> <p><strong>Article 3: Managing Environment Variables in Python</strong> — the full journey from <code>os.getenv()</code> scattered across files, to Pydantic Settings v2 with typed validation, fail-fast startup, and <code>@lru_cache</code> for immutable configuration.</p> <p><em>This article is part of a series on Building a Production AI Platform From Scratch. Full code at: [Once repo is cleaned] Soon</em></p> python git security beginners Digvijay Singh Sun, 19 Apr 2026 15:41:14 +0000 https://dev.to/digvijay_singhrajput/i-built-a-production-grade-ai-platform-from-scratch-heres-the-exact-folder-structure-2ij0 https://dev.to/digvijay_singhrajput/i-built-a-production-grade-ai-platform-from-scratch-heres-the-exact-folder-structure-2ij0 <h2> How I Structured a Production-Grade AI Platform From Scratch </h2> <p>I stopped doing tutorials.</p> <p>Not because tutorials are bad. But because after finishing one, I could follow code. I couldn't explain <strong>why</strong> the code was written that way.</p> <p>So I decided to build something real from scratch. No copy-paste. No shortcuts. Every decision justified. Every file explained.</p> <p>This is the first article in a series documenting how I build a <strong>production-grade Agentic RAG Document Intelligence System</strong> — phase by phase, file by file.</p> <h2> What We're Building </h2> <p>The <strong>GenAI DocQA Platform</strong> is a system where users upload documents (PDF, DOCX, CSV, PPTX) and ask complex natural language questions. A 10-node LangGraph agent retrieves relevant chunks, reasons over them, self-corrects, and streams sourced answers back to the user.</p> <p>Think: mini Perplexity AI + Notion AI + an OpenAI API platform. Built entirely from scratch.</p> <p><strong>Total cost to run: $0</strong> — all free tiers.</p> <h3> The Full Stack </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Layer</th> <th>Technology</th> </tr> </thead> <tbody> <tr> <td>API Framework</td> <td>FastAPI + async SQLAlchemy 2.0</td> </tr> <tr> <td>AI Agent</td> <td>LangGraph (10-node ReAct workflow)</td> </tr> <tr> <td>RAG</td> <td>pgvector + BM25 hybrid search + Cohere reranking</td> </tr> <tr> <td>LLMs</td> <td>Groq (free) → OpenAI → Anthropic (fallback chain)</td> </tr> <tr> <td>Embeddings</td> <td>Sentence-Transformers (local, free, CPU)</td> </tr> <tr> <td>Cache</td> <td>Redis (rate limiting + query cache + embeddings)</td> </tr> <tr> <td>Database</td> <td>PostgreSQL 16 + pgvector extension</td> </tr> <tr> <td>Monitoring</td> <td>LangSmith + Prometheus + Grafana + RAGAS</td> </tr> <tr> <td>Security</td> <td>JWT + bcrypt + AES-256-GCM + Presidio PII</td> </tr> <tr> <td>Infrastructure</td> <td>Docker Compose + GitHub Actions CI/CD</td> </tr> </tbody> </table></div> <h3> 13 Phases </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Phase</th> <th>What Gets Built</th> </tr> </thead> <tbody> <tr> <td><strong>01</strong></td> <td>Project scaffold — this article</td> </tr> <tr> <td><strong>02</strong></td> <td>JWT auth, bcrypt, AES encryption, rate limiting</td> </tr> <tr> <td><strong>03</strong></td> <td>Document parsers, chunking, WebSocket progress</td> </tr> <tr> <td><strong>04</strong></td> <td>Embeddings, pgvector, hybrid search, reranking</td> </tr> <tr> <td><strong>05</strong></td> <td>LLM router — 7 providers, fallback chain, cost tracking</td> </tr> <tr> <td><strong>06</strong></td> <td>RAG pipeline — prompt engineering, query rewriting, CRAG</td> </tr> <tr> <td><strong>07</strong></td> <td>LangGraph 10-node agent, self-correction loops</td> </tr> <tr> <td><strong>08</strong></td> <td>MCP integration — external tool calling</td> </tr> <tr> <td><strong>09</strong></td> <td>SSE streaming, conversation memory</td> </tr> <tr> <td><strong>10</strong></td> <td>Safety layer — PII masking, RAGAS evaluation, CI gates</td> </tr> <tr> <td><strong>11-13</strong></td> <td>React frontend, production deployment</td> </tr> </tbody> </table></div> <p>This article covers <strong>Phase 1</strong> — the complete project scaffold. No AI yet. Just the foundation that everything else sits on.</p> <h2> The Philosophy: Why This Matters </h2> <p>Before writing a single line of code, I made one decision:</p> <blockquote> <p><strong>Every file gets a reason. Every decision gets a justification. Nothing exists "because the tutorial said so."</strong></p> </blockquote> <p>This forces architectural clarity. When you know WHY each piece exists, you can adapt it. When you only know WHAT it does, you're stuck.</p> <h2> Phase 1 File Structure </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>genai-platform/ ├── .gitignore # what git never tracks ├── .env.example # env var template — committed ├── README.md # project front door ├── .github/ │ └── workflows/ │ ├── ci.yml # runs on every push │ └── deploy.yml # runs on main merge only ├── infrastructure/ │ └── docker-compose.yml # PostgreSQL + Redis + Backend └── backend/ ├── requirements.txt # pinned Python dependencies ├── pyproject.toml # ruff + mypy + pytest config ├── Dockerfile # multi-stage production build ├── alembic.ini # migration configuration ├── alembic/ │ ├── env.py # async migration bridge │ └── versions/ # migration files (Phase 2+) └── app/ ├── __init__.py # package marker + version ├── config.py # Pydantic Settings — all env vars ├── main.py # FastAPI app + lifespan + middleware ├── dependencies.py # get_db, get_redis, get_current_user ├── db/ │ ├── database.py # async engine + session factory │ └── init_db.py # pgvector extension + admin seed ├── monitoring/ │ ├── logger.py # structured JSON logging (structlog) │ └── metrics.py # 12 Prometheus metrics defined └── api/v1/ └── health.py # /health (liveness) + /ready (readiness) </code></pre> </div> <p>24 files. Let's go through the key decisions.</p> <h2> Decision 1: <code>.gitignore</code> — What Never Gets Committed </h2> <p>The <code>.gitignore</code> has one critical pattern most developers miss:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># The pattern every production codebase uses .env # real secrets — never committed .env.* # covers .env.local, .env.production, etc. !.env.example # ← the ! means EXCEPTION — template IS committed </code></pre> </div> <p><code>.env.example</code> is committed. It has placeholder values. When someone clones the repo they do:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cp</span> .env.example .env <span class="c"># then fill in real values</span> </code></pre> </div> <p>Zero guessing about what variables are needed.</p> <p>We also ignore uploaded documents:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>uploads/ *.pdf *.docx *.pptx *.csv </code></pre> </div> <p>In production, files go to Cloudflare R2 object storage — not git. Git is for code. Not user data.</p> <h2> Decision 2: Environment Variables Done Right </h2> <p>The beginner approach:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># scattered across 15 files — dangerous </span><span class="n">db_url</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">"</span><span class="s">DATABASE_URL</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># returns None silently if missing </span><span class="n">secret</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">"</span><span class="s">SECRIT_KEY</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># typo — also None, no warning </span><span class="n">expire</span> <span class="o">=</span> <span class="nf">int</span><span class="p">(</span><span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">"</span><span class="s">TOKEN_EXPIRE</span><span class="sh">"</span><span class="p">))</span> <span class="c1"># crashes here if None </span></code></pre> </div> <p>Three problems: typos return <code>None</code> silently, no types, missing variables don't surface until runtime — deep inside a failing request.</p> <p>The production approach — Pydantic Settings:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># app/config.py </span><span class="kn">from</span> <span class="n">pydantic_settings</span> <span class="kn">import</span> <span class="n">BaseSettings</span><span class="p">,</span> <span class="n">SettingsConfigDict</span> <span class="kn">from</span> <span class="n">pydantic</span> <span class="kn">import</span> <span class="n">Field</span><span class="p">,</span> <span class="n">field_validator</span> <span class="kn">from</span> <span class="n">functools</span> <span class="kn">import</span> <span class="n">lru_cache</span> <span class="k">class</span> <span class="nc">Settings</span><span class="p">(</span><span class="n">BaseSettings</span><span class="p">):</span> <span class="n">model_config</span> <span class="o">=</span> <span class="nc">SettingsConfigDict</span><span class="p">(</span> <span class="n">env_file</span><span class="o">=</span><span class="sh">"</span><span class="s">.env</span><span class="sh">"</span><span class="p">,</span> <span class="n">extra</span><span class="o">=</span><span class="sh">"</span><span class="s">ignore</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="c1"># Required — app refuses to start without these </span> <span class="n">DATABASE_URL</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="nc">Field</span><span class="p">(...)</span> <span class="n">SECRET_KEY</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="nc">Field</span><span class="p">(...)</span> <span class="n">GROQ_API_KEY</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="nc">Field</span><span class="p">(...)</span> <span class="c1"># Optional — typed, with defaults </span> <span class="n">ACCESS_TOKEN_EXPIRE_MINUTES</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="mi">15</span> <span class="c1"># "15" → int automatically </span> <span class="n">DEBUG</span><span class="p">:</span> <span class="nb">bool</span> <span class="o">=</span> <span class="bp">False</span> <span class="c1"># "true" → bool automatically </span> <span class="c1"># Custom validators — fail fast with clear messages </span> <span class="nd">@field_validator</span><span class="p">(</span><span class="sh">"</span><span class="s">SECRET_KEY</span><span class="sh">"</span><span class="p">)</span> <span class="nd">@classmethod</span> <span class="k">def</span> <span class="nf">validate_secret_key</span><span class="p">(</span><span class="n">cls</span><span class="p">,</span> <span class="n">v</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="k">if</span> <span class="nf">len</span><span class="p">(</span><span class="n">v</span><span class="p">)</span> <span class="o">&lt;</span> <span class="mi">32</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">ValueError</span><span class="p">(</span> <span class="sh">"</span><span class="s">SECRET_KEY must be at least 32 characters. </span><span class="sh">"</span> <span class="sh">"</span><span class="s">Generate with: openssl rand -hex 32</span><span class="sh">"</span> <span class="p">)</span> <span class="k">return</span> <span class="n">v</span> <span class="nd">@field_validator</span><span class="p">(</span><span class="sh">"</span><span class="s">DATABASE_URL</span><span class="sh">"</span><span class="p">)</span> <span class="nd">@classmethod</span> <span class="k">def</span> <span class="nf">validate_database_url</span><span class="p">(</span><span class="n">cls</span><span class="p">,</span> <span class="n">v</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">v</span><span class="p">.</span><span class="nf">startswith</span><span class="p">(</span><span class="sh">"</span><span class="s">postgresql+asyncpg://</span><span class="sh">"</span><span class="p">):</span> <span class="k">raise</span> <span class="nc">ValueError</span><span class="p">(</span> <span class="sh">"</span><span class="s">DATABASE_URL must use asyncpg driver. </span><span class="sh">"</span> <span class="sh">"</span><span class="s">Change postgresql:// to postgresql+asyncpg://</span><span class="sh">"</span> <span class="p">)</span> <span class="k">return</span> <span class="n">v</span> <span class="nd">@lru_cache</span><span class="p">()</span> <span class="k">def</span> <span class="nf">get_settings</span><span class="p">()</span> <span class="o">-&gt;</span> <span class="n">Settings</span><span class="p">:</span> <span class="k">return</span> <span class="nc">Settings</span><span class="p">()</span> <span class="n">settings</span> <span class="o">=</span> <span class="nf">get_settings</span><span class="p">()</span> <span class="c1"># read once, cached forever </span></code></pre> </div> <p>If <code>DATABASE_URL</code> is missing:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ValidationError: DATABASE_URL field required </code></pre> </div> <p>If <code>SECRET_KEY</code> is too short:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ValidationError: SECRET_KEY must be at least 32 characters. Generate with: openssl rand <span class="nt">-hex</span> 32 </code></pre> </div> <p>Clear. Specific. Actionable. At startup — not runtime.</p> <p>The <code>@lru_cache()</code> means the <code>.env</code> file is read <strong>once</strong> at startup. Not on every request. Not on every import. Once. Cached forever. This also ensures immutable configuration — the app has one consistent config for its entire lifetime.</p> <h2> Decision 3: Async SQLAlchemy 2.0 — Why It Changes Everything </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># app/db/database.py </span><span class="kn">from</span> <span class="n">sqlalchemy.ext.asyncio</span> <span class="kn">import</span> <span class="p">(</span> <span class="n">create_async_engine</span><span class="p">,</span> <span class="n">async_sessionmaker</span><span class="p">,</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="p">)</span> <span class="kn">from</span> <span class="n">sqlalchemy.orm</span> <span class="kn">import</span> <span class="n">DeclarativeBase</span> <span class="n">engine</span> <span class="o">=</span> <span class="nf">create_async_engine</span><span class="p">(</span> <span class="n">url</span><span class="o">=</span><span class="n">settings</span><span class="p">.</span><span class="n">DATABASE_URL</span><span class="p">,</span> <span class="c1"># postgresql+asyncpg:// — MUST be asyncpg </span> <span class="n">pool_size</span><span class="o">=</span><span class="mi">20</span><span class="p">,</span> <span class="c1"># 20 connections in pool </span> <span class="n">max_overflow</span><span class="o">=</span><span class="mi">10</span><span class="p">,</span> <span class="c1"># 10 extra when pool is full </span> <span class="n">pool_pre_ping</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="c1"># test before using (prevents stale connections) </span> <span class="n">echo</span><span class="o">=</span><span class="n">settings</span><span class="p">.</span><span class="n">DEBUG</span><span class="p">,</span> <span class="c1"># log SQL in development </span><span class="p">)</span> <span class="n">AsyncSessionLocal</span> <span class="o">=</span> <span class="nf">async_sessionmaker</span><span class="p">(</span> <span class="n">bind</span><span class="o">=</span><span class="n">engine</span><span class="p">,</span> <span class="n">expire_on_commit</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="c1"># ← CRITICAL — more on this below </span> <span class="n">class_</span><span class="o">=</span><span class="n">AsyncSession</span><span class="p">,</span> <span class="n">autoflush</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="p">)</span> <span class="k">class</span> <span class="nc">Base</span><span class="p">(</span><span class="n">DeclarativeBase</span><span class="p">):</span> <span class="k">pass</span> </code></pre> </div> <h3> The <code>expire_on_commit=False</code> Trap </h3> <p>This is the most common async SQLAlchemy mistake. By default, after <code>commit()</code>, SQLAlchemy marks all objects as "expired". The next attribute access triggers a new DB query. In sync code — fine. In async code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">user</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">User</span><span class="p">,</span> <span class="n">user_id</span><span class="p">)</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="n">user</span><span class="p">.</span><span class="n">email</span><span class="p">)</span> <span class="c1"># ← CRASH in async: MissingGreenlet error </span></code></pre> </div> <p>With <code>expire_on_commit=False</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">user</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">User</span><span class="p">,</span> <span class="n">user_id</span><span class="p">)</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="n">user</span><span class="p">.</span><span class="n">email</span><span class="p">)</span> <span class="c1"># ✅ works — values kept in memory </span></code></pre> </div> <p>When you actually need fresh data, use <code>await db.refresh(user)</code> explicitly. <strong>Explicit is better than implicit.</strong></p> <h3> Why <code>postgresql+asyncpg://</code> Not <code>postgresql://</code>? </h3> <p>One character difference. Completely different behaviour.</p> <p><code>postgresql://</code> → sync driver → blocks the event loop → your server handles one request at a time during DB calls.</p> <p><code>postgresql+asyncpg://</code> → async driver → non-blocking → server handles hundreds of concurrent requests during DB calls.</p> <p>Our validator in <code>config.py</code> catches the wrong driver at startup:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ValidationError: DATABASE_URL must use asyncpg driver. </code></pre> </div> <h2> Decision 4: FastAPI Application Structure </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># app/main.py </span><span class="kn">from</span> <span class="n">contextlib</span> <span class="kn">import</span> <span class="n">asynccontextmanager</span> <span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">FastAPI</span> <span class="kn">from</span> <span class="n">fastapi.middleware.cors</span> <span class="kn">import</span> <span class="n">CORSMiddleware</span> <span class="nd">@asynccontextmanager</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">lifespan</span><span class="p">(</span><span class="n">app</span><span class="p">:</span> <span class="n">FastAPI</span><span class="p">):</span> <span class="c1"># ── STARTUP ────────────────────────────────────────────── </span> <span class="nf">setup_logging</span><span class="p">()</span> <span class="c1"># 1. logging first — everything else logs </span> <span class="nf">setup_prometheus</span><span class="p">()</span> <span class="c1"># 2. metrics </span> <span class="k">await</span> <span class="nf">init_db</span><span class="p">()</span> <span class="c1"># 3. DB — needs logging ready </span> <span class="nf">connect_redis</span><span class="p">()</span> <span class="c1"># 4. Redis </span> <span class="k">yield</span> <span class="c1"># ← app handles requests here </span> <span class="c1"># ── SHUTDOWN ───────────────────────────────────────────── </span> <span class="k">await</span> <span class="n">redis</span><span class="p">.</span><span class="nf">aclose</span><span class="p">()</span> <span class="k">await</span> <span class="n">engine</span><span class="p">.</span><span class="nf">dispose</span><span class="p">()</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">FastAPI</span><span class="p">(</span><span class="n">lifespan</span><span class="o">=</span><span class="n">lifespan</span><span class="p">)</span> </code></pre> </div> <h3> Why <code>lifespan</code> Instead of <code>@app.on_event</code>? </h3> <p><code>@app.on_event("startup")</code> is <strong>deprecated</strong> since FastAPI 0.93. It's still in most tutorials. Don't use it.</p> <p>The <code>lifespan</code> pattern:</p> <ul> <li>Startup and shutdown in one function — paired naturally</li> <li> <code>finally</code> block ensures cleanup even on crashes</li> <li>Testable — can be mocked cleanly</li> <li>No deprecation warnings ### The Startup Order</li> </ul> <p>Order matters. Logging must be first so everything after it can produce logs.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Logging → Prometheus → Database → Redis → Ready </code></pre> </div> <p>If database fails at startup — we <strong>raise the exception</strong>. An app that starts without a database looks healthy but serves broken responses. Fail fast. Fail loudly.</p> <h3> Middleware — Three Layers </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Layer 1: CORS — browsers need this to call your API </span><span class="n">app</span><span class="p">.</span><span class="nf">add_middleware</span><span class="p">(</span> <span class="n">CORSMiddleware</span><span class="p">,</span> <span class="n">allow_origins</span><span class="o">=</span><span class="n">settings</span><span class="p">.</span><span class="n">ALLOWED_ORIGINS</span><span class="p">,</span> <span class="n">allow_credentials</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">allow_methods</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">GET</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">POST</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">PUT</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">PATCH</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">DELETE</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">OPTIONS</span><span class="sh">"</span><span class="p">],</span> <span class="n">allow_headers</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">*</span><span class="sh">"</span><span class="p">],</span> <span class="p">)</span> <span class="c1"># Layer 2: Request ID — every request gets a unique ID </span><span class="nd">@app.middleware</span><span class="p">(</span><span class="sh">"</span><span class="s">http</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">add_request_id</span><span class="p">(</span><span class="n">request</span><span class="p">:</span> <span class="n">Request</span><span class="p">,</span> <span class="n">call_next</span><span class="p">):</span> <span class="n">request_id</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">X-Request-ID</span><span class="sh">"</span><span class="p">,</span> <span class="nf">str</span><span class="p">(</span><span class="n">uuid</span><span class="p">.</span><span class="nf">uuid4</span><span class="p">()))</span> <span class="n">structlog</span><span class="p">.</span><span class="n">contextvars</span><span class="p">.</span><span class="nf">bind_contextvars</span><span class="p">(</span><span class="n">request_id</span><span class="o">=</span><span class="n">request_id</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">call_next</span><span class="p">(</span><span class="n">request</span><span class="p">)</span> <span class="n">response</span><span class="p">.</span><span class="n">headers</span><span class="p">[</span><span class="sh">"</span><span class="s">X-Request-ID</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">request_id</span> <span class="n">structlog</span><span class="p">.</span><span class="n">contextvars</span><span class="p">.</span><span class="nf">clear_contextvars</span><span class="p">()</span> <span class="k">return</span> <span class="n">response</span> <span class="c1"># Layer 3: Request Logging — every request logged automatically </span><span class="nd">@app.middleware</span><span class="p">(</span><span class="sh">"</span><span class="s">http</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">log_requests</span><span class="p">(</span><span class="n">request</span><span class="p">:</span> <span class="n">Request</span><span class="p">,</span> <span class="n">call_next</span><span class="p">):</span> <span class="n">start</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">perf_counter</span><span class="p">()</span> <span class="n">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">call_next</span><span class="p">(</span><span class="n">request</span><span class="p">)</span> <span class="n">duration_ms</span> <span class="o">=</span> <span class="p">(</span><span class="n">time</span><span class="p">.</span><span class="nf">perf_counter</span><span class="p">()</span> <span class="o">-</span> <span class="n">start</span><span class="p">)</span> <span class="o">*</span> <span class="mi">1000</span> <span class="n">log</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">request_completed</span><span class="sh">"</span><span class="p">,</span> <span class="n">method</span><span class="o">=</span><span class="n">request</span><span class="p">.</span><span class="n">method</span><span class="p">,</span> <span class="n">path</span><span class="o">=</span><span class="n">request</span><span class="p">.</span><span class="n">url</span><span class="p">.</span><span class="n">path</span><span class="p">,</span> <span class="n">status_code</span><span class="o">=</span><span class="n">response</span><span class="p">.</span><span class="n">status_code</span><span class="p">,</span> <span class="n">duration_ms</span><span class="o">=</span><span class="nf">round</span><span class="p">(</span><span class="n">duration_ms</span><span class="p">,</span> <span class="mi">2</span><span class="p">))</span> <span class="k">return</span> <span class="n">response</span> </code></pre> </div> <p><strong>CORS must be registered first</strong> — it needs to be on every response including error responses. If registered after your error handler, CORS errors on errors produce confusing network failures.</p> <h2> Decision 5: Dependency Injection </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># app/dependencies.py </span><span class="k">async</span> <span class="k">def</span> <span class="nf">get_db</span><span class="p">()</span> <span class="o">-&gt;</span> <span class="n">AsyncGenerator</span><span class="p">[</span><span class="n">AsyncSession</span><span class="p">,</span> <span class="bp">None</span><span class="p">]:</span> <span class="k">async</span> <span class="k">with</span> <span class="nc">AsyncSessionLocal</span><span class="p">()</span> <span class="k">as</span> <span class="n">session</span><span class="p">:</span> <span class="k">try</span><span class="p">:</span> <span class="k">yield</span> <span class="n">session</span> <span class="c1"># route runs with this session </span> <span class="k">await</span> <span class="n">session</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="k">except</span> <span class="nb">Exception</span><span class="p">:</span> <span class="k">await</span> <span class="n">session</span><span class="p">.</span><span class="nf">rollback</span><span class="p">()</span> <span class="k">raise</span> <span class="c1"># session closes automatically — even on exception </span> <span class="k">async</span> <span class="k">def</span> <span class="nf">get_redis</span><span class="p">(</span><span class="n">request</span><span class="p">:</span> <span class="n">Request</span><span class="p">):</span> <span class="k">return</span> <span class="n">request</span><span class="p">.</span><span class="n">app</span><span class="p">.</span><span class="n">state</span><span class="p">.</span><span class="n">redis</span> </code></pre> </div> <p>In every route:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@router.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/documents</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">list_documents</span><span class="p">(</span> <span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_db</span><span class="p">),</span> <span class="n">current_user</span><span class="p">:</span> <span class="n">User</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_current_user</span><span class="p">),</span> <span class="p">):</span> <span class="c1"># db is ready, current_user is verified </span> <span class="c1"># no setup code needed here </span> <span class="bp">...</span> </code></pre> </div> <p>The <code>yield</code> pattern ensures the session <strong>always closes</strong>, even if the route raises an exception. No leaked connections.</p> <p>For testing:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">app</span><span class="p">.</span><span class="n">dependency_overrides</span><span class="p">[</span><span class="n">get_db</span><span class="p">]</span> <span class="o">=</span> <span class="n">override_get_db</span> <span class="c1"># swap real DB for test DB </span></code></pre> </div> <h2> Decision 6: Liveness vs Readiness Probes </h2> <p>Two endpoints. Two completely different questions.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># GET /api/v1/health — liveness: is the process alive? # NEVER checks external services </span><span class="nd">@router.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/health</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">health_check</span><span class="p">():</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">ok</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">version</span><span class="sh">"</span><span class="p">:</span> <span class="n">__version__</span><span class="p">}</span> <span class="c1"># GET /api/v1/ready — readiness: can this instance handle traffic? # Checks ALL dependencies </span><span class="nd">@router.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/ready</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">readiness_check</span><span class="p">(</span><span class="n">request</span><span class="p">:</span> <span class="n">Request</span><span class="p">):</span> <span class="n">checks</span> <span class="o">=</span> <span class="p">{}</span> <span class="n">all_ready</span> <span class="o">=</span> <span class="bp">True</span> <span class="k">try</span><span class="p">:</span> <span class="k">async</span> <span class="k">with</span> <span class="n">engine</span><span class="p">.</span><span class="nf">connect</span><span class="p">()</span> <span class="k">as</span> <span class="n">conn</span><span class="p">:</span> <span class="k">await</span> <span class="n">conn</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="nf">text</span><span class="p">(</span><span class="sh">"</span><span class="s">SELECT 1</span><span class="sh">"</span><span class="p">))</span> <span class="n">checks</span><span class="p">[</span><span class="sh">"</span><span class="s">database</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">ok</span><span class="sh">"</span><span class="p">}</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">all_ready</span> <span class="o">=</span> <span class="bp">False</span> <span class="n">checks</span><span class="p">[</span><span class="sh">"</span><span class="s">database</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">)}</span> <span class="k">try</span><span class="p">:</span> <span class="k">await</span> <span class="n">request</span><span class="p">.</span><span class="n">app</span><span class="p">.</span><span class="n">state</span><span class="p">.</span><span class="n">redis</span><span class="p">.</span><span class="nf">ping</span><span class="p">()</span> <span class="n">checks</span><span class="p">[</span><span class="sh">"</span><span class="s">redis</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">ok</span><span class="sh">"</span><span class="p">}</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">all_ready</span> <span class="o">=</span> <span class="bp">False</span> <span class="n">checks</span><span class="p">[</span><span class="sh">"</span><span class="s">redis</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">}</span> <span class="k">return</span> <span class="nc">JSONResponse</span><span class="p">(</span> <span class="n">status_code</span><span class="o">=</span><span class="mi">200</span> <span class="k">if</span> <span class="n">all_ready</span> <span class="k">else</span> <span class="mi">503</span><span class="p">,</span> <span class="n">content</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">ready</span><span class="sh">"</span> <span class="k">if</span> <span class="n">all_ready</span> <span class="k">else</span> <span class="sh">"</span><span class="s">not_ready</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">checks</span><span class="sh">"</span><span class="p">:</span> <span class="n">checks</span><span class="p">},</span> <span class="p">)</span> </code></pre> </div> <p><strong>Real scenario — PostgreSQL restarts for 30 seconds:</strong></p> <p>With one combined endpoint:</p> <ul> <li> <code>/health</code> returns 503</li> <li>Kubernetes thinks the process is dead</li> <li>Kubernetes kills and restarts the container</li> <li>Restart doesn't fix PostgreSQL</li> <li>Kubernetes keeps restarting</li> <li>This is a crash loop — users see errors for minutes With two separate endpoints:</li> <li> <code>/health</code> returns 200 (process is alive)</li> <li> <code>/ready</code> returns 503 (can't reach DB)</li> <li>Load balancer stops routing to this instance</li> <li>Traffic goes to other healthy instances</li> <li>Users see nothing</li> </ul> <h2> - PostgreSQL comes back → <code>/ready</code> returns 200 → traffic resumes </h2> <h2> Decision 7: Structured Logging </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># app/monitoring/logger.py </span><span class="kn">import</span> <span class="n">structlog</span> <span class="k">def</span> <span class="nf">setup_logging</span><span class="p">():</span> <span class="n">structlog</span><span class="p">.</span><span class="nf">configure</span><span class="p">(</span> <span class="n">processors</span><span class="o">=</span><span class="p">[</span> <span class="n">structlog</span><span class="p">.</span><span class="n">stdlib</span><span class="p">.</span><span class="n">add_log_level</span><span class="p">,</span> <span class="n">structlog</span><span class="p">.</span><span class="n">stdlib</span><span class="p">.</span><span class="n">add_logger_name</span><span class="p">,</span> <span class="n">structlog</span><span class="p">.</span><span class="n">processors</span><span class="p">.</span><span class="nc">TimeStamper</span><span class="p">(</span><span class="n">fmt</span><span class="o">=</span><span class="sh">"</span><span class="s">iso</span><span class="sh">"</span><span class="p">),</span> <span class="n">structlog</span><span class="p">.</span><span class="n">contextvars</span><span class="p">.</span><span class="n">merge_contextvars</span><span class="p">,</span> <span class="c1"># includes request_id </span> <span class="n">structlog</span><span class="p">.</span><span class="n">processors</span><span class="p">.</span><span class="nc">JSONRenderer</span><span class="p">()</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">settings</span><span class="p">.</span><span class="n">DEBUG</span> <span class="k">else</span> <span class="n">structlog</span><span class="p">.</span><span class="n">dev</span><span class="p">.</span><span class="nc">ConsoleRenderer</span><span class="p">(</span><span class="n">colors</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="p">],</span> <span class="n">wrapper_class</span><span class="o">=</span><span class="n">structlog</span><span class="p">.</span><span class="n">stdlib</span><span class="p">.</span><span class="n">BoundLogger</span><span class="p">,</span> <span class="n">logger_factory</span><span class="o">=</span><span class="n">structlog</span><span class="p">.</span><span class="n">stdlib</span><span class="p">.</span><span class="nc">LoggerFactory</span><span class="p">(),</span> <span class="p">)</span> </code></pre> </div> <p><strong>Development output</strong> (colored, human-readable):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>2025-03-14 10:30:00 [info] document_uploaded filename=report.pdf size_mb=2.4 </code></pre> </div> <p><strong>Production output</strong> (JSON, machine-readable):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="nl">"event"</span><span class="p">:</span><span class="s2">"document_uploaded"</span><span class="p">,</span><span class="nl">"filename"</span><span class="p">:</span><span class="s2">"report.pdf"</span><span class="p">,</span><span class="nl">"size_mb"</span><span class="p">:</span><span class="mf">2.4</span><span class="p">,</span><span class="w"> </span><span class="nl">"request_id"</span><span class="p">:</span><span class="s2">"abc-123"</span><span class="p">,</span><span class="nl">"level"</span><span class="p">:</span><span class="s2">"info"</span><span class="p">,</span><span class="nl">"timestamp"</span><span class="p">:</span><span class="s2">"2025-03-14T10:30:00Z"</span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Same logging call. Different format. Zero code changes.</p> <p>Usage anywhere in the app:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">log</span> <span class="o">=</span> <span class="n">structlog</span><span class="p">.</span><span class="nf">get_logger</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span> <span class="n">log</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sh">"</span><span class="s">chunks_created</span><span class="sh">"</span><span class="p">,</span> <span class="n">count</span><span class="o">=</span><span class="mi">47</span><span class="p">,</span> <span class="n">strategy</span><span class="o">=</span><span class="sh">"</span><span class="s">parent_child</span><span class="sh">"</span><span class="p">,</span> <span class="n">duration_ms</span><span class="o">=</span><span class="mi">234</span><span class="p">)</span> <span class="n">log</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sh">"</span><span class="s">llm_failed</span><span class="sh">"</span><span class="p">,</span> <span class="n">provider</span><span class="o">=</span><span class="sh">"</span><span class="s">groq</span><span class="sh">"</span><span class="p">,</span> <span class="n">error</span><span class="o">=</span><span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">),</span> <span class="n">exc_info</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> </code></pre> </div> <p>The <code>request_id</code> bound in middleware flows through every log line automatically. When something breaks, search <code>request_id = "abc-123"</code> and see the complete story of that request.</p> <h2> Decision 8: Multi-Stage Docker Build </h2> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># Stage 1 — Builder (large, temporary)</span> <span class="k">FROM</span><span class="w"> </span><span class="s">python:3.12-slim</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">builder</span> <span class="k">WORKDIR</span><span class="s"> /build</span> <span class="k">RUN </span>apt-get update <span class="o">&amp;&amp;</span> apt-get <span class="nb">install</span> <span class="nt">-y</span> gcc python3-dev libpq-dev <span class="se">\ </span> <span class="o">&amp;&amp;</span> <span class="nb">rm</span> <span class="nt">-rf</span> /var/lib/apt/lists/<span class="k">*</span> <span class="c"># requirements.txt BEFORE app code — enables layer caching</span> <span class="k">COPY</span><span class="s"> requirements.txt .</span> <span class="k">RUN </span>pip <span class="nb">install</span> <span class="nt">--no-cache-dir</span> <span class="nt">--prefix</span><span class="o">=</span>/install <span class="nt">-r</span> requirements.txt <span class="c"># Stage 2 — Production (small, deployed)</span> <span class="k">FROM</span><span class="w"> </span><span class="s">python:3.12-slim</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">production</span> <span class="c"># Runtime dependencies only — no build tools</span> <span class="k">RUN </span>apt-get update <span class="o">&amp;&amp;</span> apt-get <span class="nb">install</span> <span class="nt">-y</span> libpq5 tesseract-ocr curl <span class="se">\ </span> <span class="o">&amp;&amp;</span> <span class="nb">rm</span> <span class="nt">-rf</span> /var/lib/apt/lists/<span class="k">*</span> <span class="c"># Copy ONLY compiled packages — not gcc, not make, not compilers</span> <span class="k">COPY</span><span class="s"> --from=builder /install /usr/local</span> <span class="c"># Non-root user — least privilege principle</span> <span class="k">RUN </span>groupadd <span class="nt">-r</span> appgroup <span class="o">&amp;&amp;</span> useradd <span class="nt">-r</span> <span class="nt">-g</span> appgroup appuser <span class="k">RUN </span><span class="nb">mkdir</span> <span class="nt">-p</span> /app/uploads <span class="o">&amp;&amp;</span> <span class="nb">chown</span> <span class="nt">-R</span> appuser:appgroup /app <span class="k">USER</span><span class="s"> appuser</span> <span class="k">COPY</span><span class="s"> --chown=appuser:appgroup ./app /app/app</span> <span class="k">CMD</span><span class="s"> ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]</span> </code></pre> </div> <p><strong>Result:</strong> 812MB → 298MB. Same application. Same functionality.</p> <p><strong>Layer caching rule:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Things that change RARELY → top of Dockerfile Things that change OFTEN → bottom of Dockerfile </code></pre> </div> <p><code>requirements.txt</code> changes rarely. App code changes constantly. Copy requirements first → pip install is cached → code changes don't trigger pip install.</p> <h2> Decision 9: Alembic Async Bridge </h2> <p>Standard Alembic is synchronous. Our app uses async SQLAlchemy. The bridge:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># alembic/env.py </span><span class="k">async</span> <span class="k">def</span> <span class="nf">run_async_migrations</span><span class="p">()</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="n">connectable</span> <span class="o">=</span> <span class="nf">create_async_engine</span><span class="p">(</span><span class="n">settings</span><span class="p">.</span><span class="n">DATABASE_URL</span><span class="p">)</span> <span class="k">async</span> <span class="k">with</span> <span class="n">connectable</span><span class="p">.</span><span class="nf">connect</span><span class="p">()</span> <span class="k">as</span> <span class="n">connection</span><span class="p">:</span> <span class="c1"># run_sync() extracts a sync connection from async </span> <span class="c1"># Alembic runs inside that sync connection </span> <span class="k">await</span> <span class="n">connection</span><span class="p">.</span><span class="nf">run_sync</span><span class="p">(</span><span class="n">do_run_migrations</span><span class="p">)</span> <span class="k">await</span> <span class="n">connectable</span><span class="p">.</span><span class="nf">dispose</span><span class="p">()</span> <span class="k">def</span> <span class="nf">run_migrations_online</span><span class="p">()</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="n">asyncio</span><span class="p">.</span><span class="nf">run</span><span class="p">(</span><span class="nf">run_async_migrations</span><span class="p">())</span> </code></pre> </div> <p><code>connection.run_sync(do_run_migrations)</code> is the bridge.</p> <ul> <li> <code>connection</code> is async</li> <li> <code>run_sync()</code> extracts a sync version</li> <li>Alembic runs normally inside <code>do_run_migrations()</code> This is the official Alembic async pattern.</li> </ul> <h2> Decision 10: GitHub Actions CI </h2> <p>Every push triggers four jobs in parallel:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">jobs</span><span class="pi">:</span> <span class="na">lint</span><span class="pi">:</span> <span class="c1"># ruff — style + security issues</span> <span class="na">typecheck</span><span class="pi">:</span> <span class="c1"># mypy — type errors</span> <span class="na">test</span><span class="pi">:</span> <span class="c1"># pytest with real postgres + redis</span> <span class="na">services</span><span class="pi">:</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">pgvector/pgvector:pg16</span> <span class="na">redis</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">redis:7-alpine</span> <span class="na">docker</span><span class="pi">:</span> <span class="c1"># verify image builds</span> <span class="na">needs</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">lint</span><span class="pi">,</span> <span class="nv">typecheck</span><span class="pi">,</span> <span class="nv">test</span><span class="pi">]</span> <span class="c1"># only if all pass</span> </code></pre> </div> <p>Key decisions:</p> <ul> <li>Real PostgreSQL and Redis in test job — not mocks</li> <li>Docker build only runs after all three pass — fail fast on cheap checks</li> <li> <code>cache: "pip"</code> in setup-python — subsequent runs are 10× faster</li> </ul> <h2> - <code>cache-from: type=gha</code> for Docker — layer caching across CI runs </h2> <h2> Running Phase 1 </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># 1. Clone and set up</span> git clone https://github.com/digvijaysingh21/genai-docqa.git <span class="nb">cd </span>genai-docqa <span class="nb">cp</span> .env.example .env <span class="c"># 2. Generate secrets</span> openssl rand <span class="nt">-hex</span> 32 <span class="c"># paste as SECRET_KEY</span> openssl rand <span class="nt">-hex</span> 32 <span class="c"># paste as ENCRYPTION_KEY</span> <span class="c"># Get free Groq key at: console.groq.com → paste as GROQ_API_KEY</span> <span class="c"># 3. Start everything</span> <span class="nb">cd </span>infrastructure docker compose up <span class="c"># 4. Test</span> curl http://localhost:8000/api/v1/health <span class="c"># {"status":"ok","version":"1.0.0","environment":"development"}</span> curl http://localhost:8000/api/v1/ready <span class="c"># {"status":"ready","checks":{"database":{"status":"ok"},"redis":{"status":"ok"}}}</span> <span class="c"># 5. Open Swagger UI</span> open http://localhost:8000/docs </code></pre> </div> <h2> What Phase 1 Establishes </h2> <p>Before a single AI feature is built, we have:</p> <ul> <li>✅ Deterministic builds (pinned versions)</li> <li>✅ Fail-fast configuration (Pydantic validators)</li> <li>✅ Async database with connection pooling</li> <li>✅ Structured JSON logging with request tracing</li> <li>✅ 12 Prometheus metrics defined</li> <li>✅ Liveness + readiness health probes</li> <li>✅ Multi-stage Docker build (300MB vs 800MB)</li> <li>✅ Non-root container user</li> <li>✅ Layer-optimised Dockerfile (10s rebuild vs 6min)</li> <li>✅ Async Alembic migration bridge</li> <li>✅ FastAPI DI system (get_db, get_redis)</li> <li>✅ CI pipeline (lint + typecheck + tests + docker build) This is the foundation. Everything from Phase 2 through Phase 13 sits on top of this.</li> </ul> <h2> Next Article </h2> <p><strong>Phase 2: Auth and Security</strong> — JWT tokens with 15-minute access + 7-day refresh, bcrypt password hashing, AES-256-GCM encryption for LLM API keys (BYOK pattern), and Redis sliding window rate limiting.</p> <p>If you're building along, the full code is at: <a href="https://dev.toadd%20after%20cleanup">THE REPO will be added soon</a></p> <p><em>Building this project phase by phase. Every decision explained. Follow along for Phase 2.</em></p> ai python fastapi docker Digvijay Singh Fri, 13 Mar 2026 06:03:50 +0000 https://dev.to/digvijay_singhrajput/how-to-reset-the-postgresql-postgres-password-forgot-password-fix-3hd https://dev.to/digvijay_singhrajput/how-to-reset-the-postgresql-postgres-password-forgot-password-fix-3hd <p>For many developers working with PostgreSQL locally, forgetting the postgres user password is very common.</p> <p>When trying to connect using pgAdmin or psql, you might see an error like:</p> <p>connection failed: FATAL: password authentication failed for user "postgres"</p> <p>This guide shows a simple method to reset the password on Windows.</p> <p><strong>1) Locate the PostgreSQL Configuration File</strong></p> <p>Navigate to the PostgreSQL data folder:</p> <p>C:\Program Files\PostgreSQL\16\data</p> <p>Find the file:</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> pg_hba.conf </code></pre> </div> <p>This file controls how PostgreSQL authenticates users.</p> <p><strong>2) Open pg_hba.conf</strong></p> <p>Open the file using Notepad as Administrator.</p> <p>Find these lines:</p> <p>local all all scram-sha-256<br> host all all 127.0.0.1/32 scram-sha-256<br> host all all ::1/128 scram-sha-256</p> <p><strong>3) Temporarily Disable Password Authentication</strong></p> <p>Change scram-sha-256 to trust.</p> <p>local all all trust<br> host all all 127.0.0.1/32 trust<br> host all all ::1/128 trust</p> <p>Save the file.</p> <p>This temporarily allows login without a password.</p> <p><strong>4) Restart PostgreSQL Service</strong></p> <p>Press Windows + R</p> <p>Type:</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>services.msc </code></pre> </div> <p>Find the service:</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> postgresql-x64-16 </code></pre> </div> <p>Restart the service.</p> <p><strong>5) Open SQL Shell (psql)</strong></p> <p>Search for:</p> <p>SQL Shell (psql)</p> <p>Press Enter for all default values:</p> <p>Server [localhost]:<br> Database [postgres]:<br> Port [5432]:<br> Username [postgres]:</p> <p><strong>6) Reset the Password</strong></p> <p>Run the command:</p> <p>ALTER USER postgres PASSWORD 'newpassword123';</p> <p>Example:</p> <p>ALTER USER postgres PASSWORD 'MySecurePassword';</p> <p>If successful, you will see:</p> <p>ALTER ROLE</p> <p><strong>7) Restore Security</strong></p> <p>Go back to pg_hba.conf and change:</p> <p>trust</p> <p>back to:</p> <p>scram-sha-256</p> <p>Restart PostgreSQL again.</p> <p><strong>8) Connect Again</strong></p> <p>Now connect using pgAdmin:</p> <p>Username: postgres<br> Password: newpassword123<br> Port: 5432</p> <p>The connection should work successfully.</p> <p>✅ Final Notes</p> <p>Use trust only temporarily</p> <p>Always restore scram-sha-256</p> <p>This method works for most local PostgreSQL installations on Windows</p> postgres database webdev backend Digvijay Singh Wed, 18 Sep 2024 17:17:12 +0000 https://dev.to/digvijay_singhrajput/customizing-the-django-panel-a-step-by-step-guide-c17 https://dev.to/digvijay_singhrajput/customizing-the-django-panel-a-step-by-step-guide-c17 <p>In this guide I'll walk you through how to modify and extend Django default admin panel/interface, making it more user-friendly.</p> <p><strong>1. Set up the Project:</strong></p> <p>Start by creating a brand new project and app in Django</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>django-admin startproject myprojectname cd myprojectname python manage.py startapp developerscommunity </code></pre> </div> <p>** Note**<br> Do not forgot to add your app ti the INSTALLED_APPS in settings.py</p> <p><strong>2. Run migrations:</strong></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>python manage.py makemigrations python manage.py migrate </code></pre> </div> <p><strong>3. Resgister Models in Admin Panel:</strong></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> Register of models is compulsory to see it in django admin interface from django.contrib import admin from .models import DevCommunity admin.site.register(DevCommunity) </code></pre> </div> <p><strong>Above Steps will lead you to Django Admin Panel Now comes the customization part</strong></p> <p><strong>4. Customize the Admin Panel:</strong></p> <p>class CustomAdminSite(admin.AdminSite):</p> <p><strong>will appear at the top-left corner</strong></p> <p>site_header = "Dev Admin"</p> <p><strong>will show in the browser tab</strong></p> <p>site_title = Developer Admin Portal </p> <p><strong>will be displayed on the admin home page.</strong></p> <p>index_title = "Welcome to Developer Community" </p> <p>custom_admin_site = CustomAdminSite(name="dev_admin")</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> #All code at one place class CustomAdminSite(admin.AdminSite): site_header = "Dev Admin" site_title = Developer Admin Portal index_title = "Welcome to Developer Community" custom_admin_site = CustomAdminSite(name="dev_admin") </code></pre> </div> <p><strong>5. To register:</strong></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> #Finally register custom_admin_site.register(DevCommunity) </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3e1bsd0004xyq3ofyscp.PNG" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3e1bsd0004xyq3ofyscp.PNG" alt=" " width="444" height="143"></a></p> backend webdev django python Digvijay Singh Mon, 16 Sep 2024 18:19:14 +0000 https://dev.to/digvijay_singhrajput/django-file-structure-for-developers-4i68 https://dev.to/digvijay_singhrajput/django-file-structure-for-developers-4i68 <p>This django file structure guide will walk you through the essential elements of a django project.</p> <p><strong>Contents</strong></p> <ol> <li>Project Root Directory</li> <li>Project Directory (e.g., you_project_name)</li> <li>Applications (Apps)</li> <li>Templates Directory</li> <li>Static Directory</li> <li>Media Directory</li> <li>Virtual Environment (venv/)</li> </ol> <p><strong>1. Project Root Directory</strong></p> <p>This directory contains the entire Django project. It contains</p> <p><strong>- manage.py</strong>: It is a command line utility that allows us to interact with project. Mainly use to start development server, create apps, run migrations etc.</p> <p><strong>- Project Folder</strong> (Your Project name folder): It contains setting and configurations of our project.</p> <p><strong>2. Project Directory (e.g., you_project_name)</strong></p> <p>This is a folder that has configurations for our Django projects. It include files like:</p> <p><strong>- init.py</strong>:</p> <p><strong>- settings.py</strong>: Contains setting for our projects such as configurations, database settings, installed apps, allowed hosts, middleware.</p> <p><strong>- urls.py</strong>: It contains URL for our projects (Routing requests for our views).</p> <p><strong>- asgi.py</strong>: </p> <p><strong>- wsgi.py</strong>:</p> <p><strong>3. Applications (Apps)</strong>:</p> <p><strong>- models.py</strong>: It contains Data Structure for you project or we can say app's data/ structure of the database.</p> <p><strong>- views.py</strong>: Business logic (handling requests and responses)</p> <p><strong>- urls.py</strong>: your app specific url</p> <p><strong>- forms.py</strong>: structure and validation logic for the forms</p> <p><strong>- admin.py</strong>: Django admin panel(Dashboard) by registering the models (by creating a superuser and login to the Django's admin) </p> <p><strong>- apps.py</strong>:</p> <p><strong>- migrations/</strong>: Contains database migrations files.Each time you make any changes to your database you will see a new file with some random naes in this folder (e.g. 0001_initial, 0002_model_you_made_or_changes, ...)</p> <p><strong>4. Templates Directory</strong>:</p> <p><strong>- base.html</strong>:This contains shared code which is common in many files for example headers, footers which you want in your multiple pages.</p> <p>*<em>- other files that extend from base.html for specific views *</em>: Lets say login.html, home.html etc.</p> <p><strong>5. Static Directory</strong>:It contains static files such as CSS, JavaScript, images. App specific directories or global one (as per your requirements).</p> <p><strong>6. Media Directory</strong>: User uploaded files for example documents, any other files may be a profile picture of a user etc.</p> <p><strong>7. Virtual Environment (venv/)</strong>: Make a habit of creating a virtual environment for each of the django project to isolate project dependencies. It is important to note that it is essential for project specific packages without disturbing any global environment.</p> <p>your_project_name/<br> │<br> ├── manage.py<br> ├── your_project_name/<br> │ ├── <strong>init</strong>.py<br> │ ├── settings.py<br> │ ├── urls.py<br> │ ├── wsgi.py<br> │ └── asgi.py<br> │<br> ├── your_app_one/<br> │ ├── <strong>init</strong>.py<br> │ ├── admin.py<br> │ ├── apps.py<br> │ ├── models.py<br> │ ├── views.py<br> │ ├── urls.py<br> │ └── migrations/<br> │<br> ├── your_app_two/<br> │ ├── <strong>init</strong>.py<br> │ ├── admin.py<br> │ ├── apps.py<br> │ ├── models.py<br> │ ├── views.py<br> │ └── migrations/<br> │<br> ├── templates/<br> │ ├── base.html<br> │ └── home.html<br> │<br> └── static/<br> ├── css/<br> └── js/</p> <p><strong>Conclusion</strong><br> Understanding file structure before starting any projects in any language is very crucial and essential for efficient project development. I hope now it becomes easier for you all to navigate and manage your code bases.</p> <p>Please feel free to comment your thoughts or any tips.<br> <strong>If you want all essential django commands at one place please comment</strong></p> <p><strong>BONUS</strong></p> <p><strong>Commands that you should know for manage.py</strong></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> **1. python manage.py runserver ** : To start the server **2. python manage.py makemigrations** : Creating new migrations on the changes made in your models. **3. python manage.py migrate ** : Applying or unapplying migrations **4. python manage.py createsuperuser**: Access to django admin panel </code></pre> </div> <ul> <li> </li> </ul> webdev python django backend