Request object

Information of user’s client request to server

flask.Request and django.http.HttpRequest

URL routing

Routes HTTP requests (GET, POST, PUT, UPDATE), data payload, and URL path

Django’s routing and Flask’s routing

Views

Invoked when a request matches URL pattern and receives request object

Django’s views and Flask’s views

Class-based: django and flask

Context information

Passed into HTML template for processing.

django.template.Template.render() (pass dict into Context object)

flask.render_template() (accepts dict)

HTML template engine

Renders template via context information.

Django’s templating and Flask’s templating

Response object

Object with HTTP meta information and content to send to the browser.

django.http.HttpResponse and flask.Response

Static file-handling

Handles static files like CSS, JS assets, and downloads.

Static files in django and Static files in Flask

What Django provides

• Template Engine
  • Filters
  • Tags
  • Context preprocessor middleware (global, per-request dict-like object passed into templates)
• ORM
  • QuerySet (reuseable object used in ORM-backed features)
  • Migrations
  • Raw Queries
• Forms
  • Fields
  • Widgets
  • Model Forms (ORM-backed forms)
• Views
  • Class-based views
    • DetailView, ListView (ORM-backed views)
• URL routing
• Administration web interface (ORM-backed CRUD backend)
• Authentication
  • User model
  • Basic permission systems
• Caching
• Multi-tenancy via domain
• Modularity via Apps
• Settings, configurable via DJANGO_SETTINGS_MODULE
• Command system
  • Shell with automatic integration of bpython and ipython, if detected
  • Launch DB command-line client (psql, mysql, sqlite3, sqlplus) based on engine configuration in settings.
  • Custom commands
• Static file support

Extending Django

Django has a vibrant third-party development community. Apps are installed via appending them to the INSTALLED_APPS in the settings.

Popular Django extensions include:

• REST: Django REST Framework, aka “DRF”
• Permissions: django-guardian
• Asset pipelines: django-compressor, django-webpack-loader
• Debugging, Miscellaneous: django-extensions, django-debug-toolbar
• Filtering / Search: django-filter
• Tabular / paginated output of db: django-tables2

Django extension project names tend to be prefixed django- and lowercase.

Customizing Django

Eventually the included forms, fields and class-based views included in Django aren’t going to be enough.

Django’s scope

Django is a framework. The aspects django occupies are:

• mapping database schemas, their queries, and query results to objects
• mapping URL patterns to views containing business logic
• providing request information such as GET, PUT, and session stuff to views (HttpRequest)
• presenting data, including HTML templates and JSON (HttpResponse)
• environmental configuration (settings) and an environment variables (DJANGO_SETTINGS_MODULE) e.g. dev, staging, prod workflows

A tool kit of libraries that abstract the monotony of common tasks in web projects.

If it’s difficult to visualize a web app in terms of its database schema and WordPress or Drupal would suffice, Django may not be the strongest pick for that.

Where a CMS will automatically provide a web admin to post content, toggle plugins and settings, and even allow user registration and comments, Django leaves you building blocks of components you customize to the situation. Programming is required.

Django’s programming language, python, also gives it a big boost.

from django.contrib.auth import get_user_model
from django.http import HttpResponse

def user_profile(request, **kwargs):
    User = get_user_model()
    user = User.objects.get(pk=kwargs['pk'])
    html = "<html><body>Full Name: %s.</body></html>" % user.get_full_name()
    return HttpResponse(html)

from django.conf.urls import url
from .views import user_profile

urlpatterns = [
  url(r'^profile/(?P<pk>\d+)/$', user_profile),
]

from django.contrib.auth import get_user_model
from django.views.generic.detail import DetailView

class UserProfile(DetailView):
    model = get_user_model()

from django.conf.urls import url
from .views import UserProfile

urlpatterns = [
  url(r'^profile/(?P<pk>\d+)/$', UserProfile.as_view()),
]

django.template.exceptions.TemplateDoesNotExist: core/myuser_detail.html

<html><body>Full name: {{ object.get_full_name }}</body></html>

from django.contrib.auth import get_user_model
from django.http import HttpResponse

def user_profile(request, **kwargs):
    User = get_user_model()
    user = User.objects.get(username=kwargs['username'])
    html = "<html><body>Full Name: %s.</body></html>" % user.get_full_name()
    return HttpResponse(html)

from django.conf.urls import url
from .views import user_profile

urlpatterns = [
  url(r'^profile/(?P<pk>\w+)/$', user_profile),
]

class UserProfile(DetailView):
    model = get_user_model()
    slug_field = 'username'

urlpatterns = [
  url(r'^profile/(?P<slug>\w+)/$', UserProfile.as_view()),
]

urlpatterns = [
  url(r'^profile/(?P<username>\w+)/$', UserProfile.as_view()),
]

class UserProfile(DetailView):
    model = get_user_model()
    slug_field = 'username'
    slug_url_kwarg = 'username'

urlpatterns = [
  url(r'^profile/$', UserProfile.as_view()),
]

MIDDLEWARE = [
    # ... other middleware
    'django.contrib.auth.middleware.AuthenticationMiddleware',
]

class UserProfile(DetailView):
    def get_object(self):
        return self.request.user

from django.contrib.auth.decorators import login_required

urlpatterns = [
  url(r'^profile/$', login_required(UserProfile.as_view())),
]

Configuring Django

Django’s settings are stored in a python file. This means that the Django configuration can include any python code, including accessing environment variables, importing other modules, checking if a file exists, lists, tuples, arrays, and dicts.

Django relies on an environment variable, DJANGO_SETTINGS_MODULE, to load a module of setting information.

Settings are a lazily-loaded singleton object:

• When an attribute of django.conf.settings is accessed, it will do a onetime “setup”. The section Django’s intialization shows there’s a few ways settings get configured.

• Singleton, meaning that it can be imported from throughout the application code and still retrieve the same instance of the object.

  Reminder

  Sometimes global interpreter locks and thread safety are brought up when discussing languages. Web admin interfaces and JSON API’s aren’t CPU bound. Most web problems are I/O bound.

  In other words, issues websites face when scaling are concurrency related. In practice, it’s not even limited to the dichotomy of concurrency and parallelism: Websites scale by offloading to infrastructure such as reverse proxies, task queues (e.g. Celery, RQ), and replicated databases. Computational heavy backend services are done elsewhere and use different tools (kafka, hadoop, spark, Elasticsearch, etc).

Django uses import_module() to turn a string into a module. It’s kind of like an eval, but strictly for importing. It happens here.

It’s available as an environmental variable as projects commonly have multiple settings files. For instance, a base settings file, then other files for local, development, staging, and production. Those 3 will have different database configurations. Production will likely have heavy caching.

To access settings attributes application-wide, import the settings:

from django.conf import settings

From there, attributes can be accessed:

print(settings.DATABASES)

Django’s intialization

Django’s initialization is complicated. However, its complexity is proportional to what’s required to do the job.

As seen in Configuring Django, the settings are loaded as a side-effect of accessing the setting object.

In addition to that, django maintains an application registry, apps, also a singleton. It’s populated via django.setup().

Finding and loading the settings requires an environmental variable is set. Django’s generated manage.py will set a default one if its unspecified.

What Flask provides

• Template system via Jinja2
• URL routing via Werkzeug
• Modularity via blueprints
• In-browser REPL-powered tracebook debugging via Werkzeug’s
• Static file handling

Extending Flask

Since Flask doesn’t include things like an ORM, authentication and access control, it’s up to the user to include libraries to handle those a la carte.

Popular Flask extensions include:

• Database: Flask-SQLAlchemy
• REST: Flask-RESTful (flask-restful-swagger), Flask API
• Admins: Flask-Admin Flask-SuperAdmin
• Auth: Flask-Login, Flask-Security
• Asset Pipeline: Flask-Assets, Flask-Webpack
• Commands: Flask-Script

Flask extension project names tend to be prefixed Flask-, PascalCase, with the first letter of words uppercase.

Used with flask, but not flask-specific (could be used in normal scripts):

• Social authentication: authomatic, python-social-auth
• Forms: WTForms
• RDBMS: SQLAlchemy, peewee
• Mongo: MongoEngine

For more, see awesome-flask on github.

Configuring Flask

Configuration is typically added after Flask object is initialized. No server is running at this point:

app = Flask(__name__)

After initialization, configuration available via a dict-like attribute via the Flask.config.

Only uppercase values are stored in the config.

There are a few ways to set configuration options. dict.update():

app.config.update(KEYWORD0='value0', KEYWORD1='value1')

For the future examples, let’s assume this:

- website/
  - __init__.py
  - app.py
  - config/
    - __init__.py
    - dev.py

Inside website/config/dev.py:

class DevConfig(object):
    DEBUG = True
    TESTING = True
    DATABASE_URL = 'sqlite://:memory:'

Creating a class and pointing to it via flask.Config.from_object() also works:

from .config.dev import DevConfig
app.config.from_object(DevConfig)

Another option with from_object() is a string of the config object’s location:

app.config.from_object('website.config.dev.DevConfig')

In addition, it’ll work with modules (django’s style of storing settings). For website/config/dev.py:

DEBUG = True
TESTING = True
DATABASE_URL = 'sqlite://:memory:'

Then:

app.config.from_object('website.config.dev')

So, this sounds strange, but as of Flask 1.12, that’s all there is regarding importing classes/modules. The rest is all importing python files.

To import an object (module or class) from an environmental variable, do something like:

app.config.from_object(os.environ.get('FLASK_MODULE', 'web.conf.default'))

flask.Config.from_envvar() is spiritually similar to DJANGO_SETTINGS_MODULE, but looks can be deceiving.

The environmental variable set points to a file, which is interpreted like a module.

Assuming website/config/dev.py:

DEBUG = True
TESTING = True
DATABASE_URL = 'sqlite://:memory:'

Let’s apply a configuration from an environmental variable:

app.config.from_envvars('FLASK_CONFIG')

FLASK_CONFIG should map to a python file:

export FLASK_CONFIG=website/config/dev.py

Here’s where Flask’s configurations aren’t so orthogonal. There’s also a flask.Config.from_pyfile():

app.config.from_pyfile('website/config/dev.py')

Flask’s Initialization

Flask’s initiation is different then Django’s.

Before any server is started, the Flask object must be initialized. The Flask object acts a registry URL mappings, view callback code (business logic), hooks, and other configuration data.

The Flask object only requires one argument to initialize, the so-called import_name parameter. This is used as a way to identify what belongs to your application. For more information on this parameter, see About the First Parameter on the Flask API documentation page:

from flask import Flask
app = Flask('myappname')

Above: app, an instantiated Flask object. No server or configuration present (yet).

from flask import Flask
app = Flask(__name__)

@app.route('/')
def hello_world():
    return 'Hello, World'

from flask import Flask
app = Flask(__name__)

def hello_world():
    return 'Hello, World'
app.add_url_rule('/', 'hello_world', hello_world)

from flask import Flask

class DevConfig(object):
    DEBUG = True
    TESTING = True
    DATABASE_URL = 'sqlite://:memory:'

def get_app():
    app = Flask(__name__)
    app.config.from_object(DevConfig)
    return app

if __name__ == '__main__':
    app = get_app()
    app.run()

Flask and Databases

Unlike Django, Flask doesn’t tie project’s to a database.

There’s no rules saying a Flask app has to connect to a database. It’s python, flask could used to make a proxy/abstraction of a thirdparty REST API. Or a quick web front-end to a pure-python program. Another possiblity, generating a purely static website with no SQL backend a la NPR.

If a website is using RDBMS, which is often true, a popular choice is SQLAlchemy. Flask-SQLAlchemy helps assist in gluing them together.

SQLAlchemy is mature (a decade older than this writing), battle-tested with a massive test suite, dialects for many SQL solutions. It also provides something called “core” underneath the hood that allows building SQL queries via python objects.

SQLAlchemy is also active. Innovation keeps happening. The change log keeps showing good things happening. Like Django’s ORM, SQLAlchemy’s documentation is top notch. Not to mention, Alembic, a project by the same author, harnesses SQLAlchemy to power migrations.

Flask is pure, easy to master, but can lend to reinventing the wheel

Flask is meant to stay out of the way and put the developer into control. Even over things as granular as piecing together the Flask object, registering blueprints and starting the web server.

The API is, much like this website, is documented using sphinx. The reference will become a goto. To add to it, a smaller codebase means a developer can realistically wrap their brain around the internals.

Developers that find implicit behavior to be a hindrance and thrive in explicitness will feel comfortable using Flask.

However, this comes at the cost of omitting niceties many web projects would actually find helpful, not an encumbrance. It’ll also leave developer’s relying on third party extensions. To think of a few that’d come up for many:

What about authentication?

There’s no way to store the users. So grab SQLAlchemy, peewee, or MongoEngine. There’s the database back-end.

Now to building the user schema. Should the website accept email addresses as usernames? What about password hashing? Maybe Flask-Security or Flask-Login will do here.

Meanwhile, Django would have the ORM, User Model, authentication decorators for views, and login forms, with database-backed validation. And it’s pluggable and templated.

What about JSON and REST?

If it involves a database backend, that still has to be done (like above). To help Flask projects along, there are solutions like Flask API (inspired by Django Rest Framework) and Flask-RESTful.

Django is comprehensive, solid, active, customizable, and robust

Batteries included.

A deep notion of customizability and using subclassed Field, Forms, Class Based Views, and so on to suit situations.

The components django provided complement each other.

Rather than dragging in hard-requirements, nothing forces you to:

• use the Form framework
• if using the Form framework, to:
  • back forms with models (ModelForm)
  • output the form via as_p(), as_table(), or as_ul()
• use class-based views
• use a specific class-based view
• if using a class-based view, fully implement every method of a specialized-view
• use django’s builtin User model

Above are just a few examples, but Django doesn’t strap projects into using every battery.

That said, the QuerySet object plays a huge role in catalyzing the momentum django provides. It provides easy database-backed form validations, simple object retrieval with views, and code readability. It’s even utilized downstream by extensions like django-filters and django-tables2. These two plugins don’t even know about each other, but since they both operate using the same database object, you can use django-filter’s filter options to facet and search results that are produced by django-tables2.

Open source momentum

Flask, as a microframework, is relatively dormant from a feature standpoint. Its scope is well-defined.

Flask isn’t getting bloated. Recent pull requests seem to be on tweaking and refining facilities that are already present.

It’s not about stars, or commits, or contributor count. It’s about features and support niceties that can be articulated in change logs.

Even then though, it’s hard to put things into proportion. Flask includes Werkzeug and Jinja2 as hard dependencies. They run as independent projects (i.e. their own issue trackers), under the pallets organization.

Django wants to handle everything on the web backend. Everything fits together. And it needs to, because it’s a framework. Or a framework of frameworks. Since it covers so much ground, let’s try once again to put it into proportion, against Flask:

There are also feature requests that come in, often driven by need of the web development community, and things that otherwise wouldn’t be considered for Flask or Flask extension. Which kind of hurts open source, because there’s code that could be reuseable being written, but not worth the effort to make an extension for. So there are snippets for that.

And in a language like Python where packages, modules, and duck typing rule, I feel snippets, while laudable, are doomed to fall short keeping in check perpetual recreation of patterns someone else done. Not to mention, snippets don’t have CI, nor versioning, nor issue trackers (maybe a comment thread).

By not having a united front, the oppurtunity for synergetic efforts that bridge across extensions (a la Django ORM, Alchemy, DRF, and django-guardian) fail to materialize, creating extensions that are porous. This leaves devs to fill in the blanks for all-inclusive functionality that’d already be working had they just picked a different tool for the job.

Bonus: Cookiecutter template for Flask projects

Since I still use Flask. I maintain a cookiecutter template project for it.

This cookiecutter project will create a core application object that can load Flask blueprints via a declarative YAML or JSON configuration.

Feel free to use it as a sample project. In terminal:

$ pip install --user cookiecutter
$ cookiecutter https://github.com/tony/cookiecutter-flask-pythonic.git
$ cd ./path-to-project
$ virtualenv .env && . .env/bin/activate
$ pip install -r requirements.txt
$ ./manage.py

Bonus: How do I learn Django or Flask?