What I built
A performant, secure and reliable session-based authentication system with Django backend and SvelteKit frontend. It has a CI enabled by GitHub actions.
Category Submission
DIY Deployments
App Link
Its live version is here.
Screenshots
Description
This app uses minimal dependencies (pure Django - no REST API framework) to build a secure, performant and reliable (with 100% automated test coverage, enforced static analysis using Python best uniform code standards) session-based authentication REST APIs which were then consumed by a SvelteKit-based frontend Application.
Users' profile images are uploaded directly to AWS S3 (in tests, we ditched S3 and used Django's InMemoryStorage for faster tests).
A custom password reset procedure was also incorporated, and Celery tasks did email sendings.
The front end is resilient as it can mostly work without JavaScript. The user session is persisted until it is destroyed and the experience gives a hybrid feel of a SPA and MPA (termed #transitionalApps by Rich Haris).
Link to Source Code
It's hosted on GitHub via django-auth-backend
Sirneij
/
django-auth-backend
Django session-based authentication system with SvelteKit frontend
django-auth-backend
Django session-based authentication system with SvelteKit frontend and GitHub actions-based CI.
This app uses minimal dependencies (pure Django - no REST API framework) to build a secure, performant and reliable (with 100% automated test coverage, enforced static analysis using Python best uniform code standards) session-based authentication REST APIs which were then consumed by a SvelteKit-based frontend Application.
Users' profile images are uploaded directly to AWS S3 (in tests, we ditched S3 and used Django's InMemoryStorage for faster tests).
A custom password reset procedure was also incorporated, and Celery tasks did email sendings.
Run locally
-
To run the application, clone it:
git clone https://github.com/Sirneij/django-auth-backend.git
You can, if you want, grab its frontend counterpart.
-
Change the directory into the folder and create a virtual environment using either Python 3.9, 3.10 or 3.11 (tested against the three versions). Then activate it:
~django-auth-backend$ virtualenv -p python3.11 virtualenv ~django-auth-backend$ source virtualenv/bin/activate
…
Permissive License
MIT
Background (What made you decide to build this particular app? What inspired you?)
A few days ago, I shared the series I wrote on building an authentication system using rust (actix-web) and sveltekit with my LinkedIn connections. One of my connections requested that I make a Django version. I obliged and here it is!
How I built it (How did you utilize GitHub Actions or GitHub Codespaces? Did you learn something new along the way? Pick up a new skill?)
The backend service was built using Django with PostgreSQL database, Redis for session storage, and AWS S3 for file storage. The APIs were built without the use of external REST API frameworks such as Django REST framework. Data serialization and JSON responses were manually handled. Most of the views were made asynchronous. For testing, pytest and its ecosystem were heavily used. Mypy, Pylint and others were used for Static analysis. GitHub Actions were used for automated testing, coverage report and static analysis.
I learnt quite a few things:
- Writing Django views with the
asynckeyword and handling synchronous code in them - Manually handling and parsing multipart form data in Django view using the scantily documented (if even documented) MultiPartParser.
- Setting up and enforcing standard Python code styles with mypy, pylint, prospector, pep8, pyflakes and a host of other tools.
- Manually encoding form data, creating uploading and deleting mock files during tests
- Setting up and fixing issues with GitHub actions for Django applications and using them to automatically test and analyze apps against different Python versions
Additional Resources/Info
This application is the Python (Django) version of this series. A series of articles will be written to explain how it was built. Watch out.
Top comments (2)
Thanks for the post. I wanted some of your insights...
I have been using this Django SvelteKit template as it's based on svelte5 with django; has auth (register, login, forgot/reset password), forms-actions, mailing, toast/flash messages, validations and other essential features. It apply some awesome magic to bind django backend with sveltekit forms-actions, you do not have to write extra fetch calls, it just works.
Also, the fetch call gets super easy as it provides an $api/ alias to do that...
@sirneij Thank you so much for this one John, it is much appreciated, God bless you