The latest articles on Forem by Abigail Afi Gbadago (@afimaamedufie). https://forem.com/afimaamedufie https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F379277%2Fd3127bae-1dbf-47b6-af2c-cccb19067f09.jpg https://forem.com/afimaamedufie en Abigail Afi Gbadago Fri, 10 Apr 2026 01:24:45 +0000 https://forem.com/mongodb/build-a-task-manager-with-django-mongodb-backend-5hd3 https://forem.com/mongodb/build-a-task-manager-with-django-mongodb-backend-5hd3 <p>Whilst life can work out beautifully when things are spontaneous, sometimes, a little planning and management help put things into perspective. Today, we are going to build a task manager using the MongoDB Atlas Free Tier and Django MongoDB Backend to help plan out tasks and activities. This task manager, which we will call “Get Going,” features a drag-and-drop Kanban board (To Do, In Progress, Done sections) built with HTMX.</p> <h3> Create a MongoDB Atlas cluster &amp; get connection string </h3> <p>To kick off things, we will create a MongoDB Atlas cluster by creating an account; if you don’t already have one (<a href="https://account.mongodb.com/account/register/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=django-task-manager&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">link to register</a>.</p> <p>If you already have an account, go ahead and sign in. In the left pane, click Project Overview to display a page with Clusters, Application Development, and a Toolbar.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbrh57l83c443di6i1nvy.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbrh57l83c443di6i1nvy.png" alt="MongoDB Atlas Cluster Overview"></a></p> <p>Next, click on <code>Create cluster.</code></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2lek58sxqestbg6s35n8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2lek58sxqestbg6s35n8.png" alt="MongoDB Atlas Create Cluster Page"></a></p> <p>Select the MongoDB Atlas Free Tier and enter your preferred cluster name. Then select your preferred provider and other settings.<br> Click create to deploy your new cluster.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxmry6v0w4fnfgdwbjfbm.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxmry6v0w4fnfgdwbjfbm.png" alt="MongoDB Atlas Deploy Cluster Page"></a></p> <p>After your cluster has been created, click <code>Connect</code> and add a database username and password.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fftqv1rwcinty7mv2em0v.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fftqv1rwcinty7mv2em0v.png" alt="MongoDB Atlas Connect Cluster to Page"></a></p> <p>After successfully adding credentials, click on <code>Connect to Cluster</code>, select <code>Drivers</code>, select <code>Python</code>, and install the Python driver via your command line interface.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2wv1bdzllff88ece3ax3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2wv1bdzllff88ece3ax3.png" alt="Connect to MongoDB Atlas Cluster Page"></a></p> <p>Copy the Connection URI to use as the HOST setting in settings.py.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc7q21yecvjylh6kks2qv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc7q21yecvjylh6kks2qv.png" alt="Connection URI on MongoDB Atlas Cluster Page"></a></p> <p>Next, we’ll create a virtual env and install dependencies.</p> <h3> Prerequisites </h3> <ul> <li>Platform used: MacOS Tahoe 26.3</li> <li>Python 3.12+</li> <li>MongoDB Atlas account (free tier)</li> </ul> <h3> Project setup </h3> <ul> <li>Create a project directory, set up a virtual environment, and install dependencies:</li> <li>Create a requirements.txt file with the following: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#requirements.txt Django&gt;=6.0 django-mongodb-backend python-dotenv </code></pre> </div> <p>After, run <code>pip install -r requirements.txt</code></p> <p>Next, create a Django project using the MongoDB starter template, then create the tasks app:</p> <ul> <li>django-admin startproject taskmanager --template <a href="https://github.com/mongodb-labs/django-mongodb-project/archive/refs/heads/6.0.x.zip" rel="noopener noreferrer">https://github.com/mongodb-labs/django-mongodb-project/archive/refs/heads/6.0.x.zip</a> </li> <li>cd taskmanager</li> <li>python manage.py startapp tasks</li> <li>Add the <code>task</code> app to settings.py by adding it to INSTALLED_APPS. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1">#settings.py </span> <span class="n">INSTALLED_APPS</span> <span class="o">=</span> <span class="p">[</span> <span class="bp">...</span> <span class="sh">'</span><span class="s">tasks</span><span class="sh">'</span><span class="p">,</span> <span class="p">]</span> </code></pre> </div> <h4> Environment Variables </h4> <p>Store sensitive credentials in a .env file at the project root (next to manage.py) to keep them out of source control. Then replace , , and with your MongoDB Atlas credentials.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight properties"><code><span class="c">#.env </span> <span class="py">SECRET_KEY</span><span class="p">=</span><span class="s">your-secret-key</span> <span class="py">DEBUG</span><span class="p">=</span><span class="s">True</span> <span class="py">ALLOWED_HOSTS</span><span class="p">=</span><span class="s">localhost,127.0.0.1</span> <span class="py">MONGODB_HOST</span><span class="p">=</span><span class="s">mongodb+srv://&lt;username&gt;:&lt;password&gt;@&lt;cluster&gt;.mongodb.net/?retryWrites=true&amp;w=majority&amp;appName=devrel-tutorial-django-taskmanager-devto</span> <span class="py">MONGODB_NAME</span><span class="p">=</span><span class="s">taskmanager</span> </code></pre> </div> <h3> Task Model </h3> <p>To define the Task model, we'll include fields for title, description, status, priority, owner, an optional due date, and auto-managed timestamps. Status choices map to three columns on the Kanban board: To Do, In Progress, and Done.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1">#models.py </span> <span class="kn">from</span> <span class="n">django.conf</span> <span class="kn">import</span> <span class="n">settings</span> <span class="kn">from</span> <span class="n">django.db</span> <span class="kn">import</span> <span class="n">models</span> <span class="k">class</span> <span class="nc">Task</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Model</span><span class="p">):</span> <span class="k">class</span> <span class="nc">Status</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">TextChoices</span><span class="p">):</span> <span class="n">TODO</span> <span class="o">=</span> <span class="sh">'</span><span class="s">todo</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">To Do</span><span class="sh">'</span> <span class="n">IN_PROGRESS</span> <span class="o">=</span> <span class="sh">'</span><span class="s">in_progress</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">In Progress</span><span class="sh">'</span> <span class="n">DONE</span> <span class="o">=</span> <span class="sh">'</span><span class="s">done</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Done</span><span class="sh">'</span> <span class="k">class</span> <span class="nc">Priority</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">TextChoices</span><span class="p">):</span> <span class="n">LOW</span> <span class="o">=</span> <span class="sh">'</span><span class="s">low</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Low</span><span class="sh">'</span> <span class="n">MEDIUM</span> <span class="o">=</span> <span class="sh">'</span><span class="s">medium</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Medium</span><span class="sh">'</span> <span class="n">HIGH</span> <span class="o">=</span> <span class="sh">'</span><span class="s">high</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">High</span><span class="sh">'</span> <span class="n">title</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">255</span><span class="p">)</span> <span class="n">description</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">TextField</span><span class="p">(</span><span class="n">blank</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="sh">''</span><span class="p">)</span> <span class="n">status</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span> <span class="n">max_length</span><span class="o">=</span><span class="mi">20</span><span class="p">,</span> <span class="n">choices</span><span class="o">=</span><span class="n">Status</span><span class="p">.</span><span class="n">choices</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="n">Status</span><span class="p">.</span><span class="n">TODO</span><span class="p">,</span> <span class="p">)</span> <span class="n">priority</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span> <span class="n">max_length</span><span class="o">=</span><span class="mi">10</span><span class="p">,</span> <span class="n">choices</span><span class="o">=</span><span class="n">Priority</span><span class="p">.</span><span class="n">choices</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="n">Priority</span><span class="p">.</span><span class="n">MEDIUM</span><span class="p">,</span> <span class="p">)</span> <span class="n">owner</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">ForeignKey</span><span class="p">(</span> <span class="n">settings</span><span class="p">.</span><span class="n">AUTH_USER_MODEL</span><span class="p">,</span> <span class="n">on_delete</span><span class="o">=</span><span class="n">models</span><span class="p">.</span><span class="n">CASCADE</span><span class="p">,</span> <span class="n">related_name</span><span class="o">=</span><span class="sh">'</span><span class="s">tasks</span><span class="sh">'</span><span class="p">,</span> <span class="p">)</span> <span class="n">due_date</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">DateTimeField</span><span class="p">(</span><span class="n">null</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">blank</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">created_at</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">DateTimeField</span><span class="p">(</span><span class="n">auto_now_add</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">updated_at</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">DateTimeField</span><span class="p">(</span><span class="n">auto_now</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">class</span> <span class="nc">Meta</span><span class="p">:</span> <span class="n">ordering</span> <span class="o">=</span> <span class="p">[</span><span class="sh">'</span><span class="s">-created_at</span><span class="sh">'</span><span class="p">]</span> <span class="k">def</span> <span class="nf">__str__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="n">title</span> </code></pre> </div> <p>After creating our models, we will create and run migrations:<br> <code>python manage.py makemigrations tasks</code><br> <code>python manage.py migrate</code></p> <h3> Forms </h3> <p>Before we create views, create a TaskForm using Django's ModelForm, which will handle validation and rendering the creation and editing tasks, with fields for title, description, status, priority, and due date.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1">#forms.py </span> <span class="kn">from</span> <span class="n">django</span> <span class="kn">import</span> <span class="n">forms</span> <span class="kn">from</span> <span class="n">.models</span> <span class="kn">import</span> <span class="n">Task</span> <span class="k">class</span> <span class="nc">TaskForm</span><span class="p">(</span><span class="n">forms</span><span class="p">.</span><span class="n">ModelForm</span><span class="p">):</span> <span class="k">class</span> <span class="nc">Meta</span><span class="p">:</span> <span class="n">model</span> <span class="o">=</span> <span class="n">Task</span> <span class="n">fields</span> <span class="o">=</span> <span class="p">[</span><span class="sh">'</span><span class="s">title</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">description</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">status</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">priority</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">due_date</span><span class="sh">'</span><span class="p">]</span> <span class="n">widgets</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">due_date</span><span class="sh">'</span><span class="p">:</span> <span class="n">forms</span><span class="p">.</span><span class="nc">DateTimeInput</span><span class="p">(</span> <span class="n">attrs</span><span class="o">=</span><span class="p">{</span><span class="sh">'</span><span class="s">type</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">date</span><span class="sh">'</span><span class="p">},</span> <span class="nb">format</span><span class="o">=</span><span class="sh">'</span><span class="s">%Y-%m-%d</span><span class="sh">'</span><span class="p">,</span> <span class="p">),</span> <span class="p">}</span> </code></pre> </div> <h3> Authentication </h3> <p>For this project, we will use Django’s built-in authentication system, which provides user accounts, login, logout, and password handling out of the box.</p> <h3> Login/Logout Views </h3> <p>Regarding authentication when logging in and out, Django provides a LoginView and LogoutView right out of the box. After this, we will register the views in urls.py and point LOGIN_URL and LOGIN_REDIRECT_URL in settings.py so unauthenticated users are sent to the login page, and successful logins land on the task manager board.</p> <p>To protect the view, we use the @login_required decorator on every view to ensure only authenticated users can access the board, create tasks, or modify them. Each task is also scoped to its owner — users can only see and manage their own tasks.</p> <p>We will also add a login page at templates/registration/login.html, which is a form that requires username and password fields.</p> <p>Next, to get into the system and access the task manager, we need to create a superuser.</p> <p>Run <code>python manage.py createsuperuser</code> </p> <p>Follow the prompts and type out your name, email, and password, as we will use them to access the task manager board.</p> <h3> Add urls.py at the project and app level </h3> <p>Finally, we wire everything up in taskmanager/urls.py, which maps the root URL to the board view, /login/ and /logout/ to Django's built-in auth views, and task operations to their respective views. Each task URL uses the task's ID in the path for edit, delete, and move actions.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1">#taskmanager/urls.py </span> <span class="kn">from</span> <span class="n">django.contrib</span> <span class="kn">import</span> <span class="n">admin</span> <span class="kn">from</span> <span class="n">django.contrib.auth</span> <span class="kn">import</span> <span class="n">views</span> <span class="k">as</span> <span class="n">auth_views</span> <span class="kn">from</span> <span class="n">django.urls</span> <span class="kn">import</span> <span class="n">include</span><span class="p">,</span> <span class="n">path</span> <span class="n">urlpatterns</span> <span class="o">=</span> <span class="p">[</span> <span class="nf">path</span><span class="p">(</span><span class="sh">''</span><span class="p">,</span> <span class="nf">include</span><span class="p">(</span><span class="sh">'</span><span class="s">tasks.urls</span><span class="sh">'</span><span class="p">)),</span> <span class="nf">path</span><span class="p">(</span><span class="sh">'</span><span class="s">login/</span><span class="sh">'</span><span class="p">,</span> <span class="n">auth_views</span><span class="p">.</span><span class="n">LoginView</span><span class="p">.</span><span class="nf">as_view</span><span class="p">(),</span> <span class="n">name</span><span class="o">=</span><span class="sh">'</span><span class="s">login</span><span class="sh">'</span><span class="p">),</span> <span class="nf">path</span><span class="p">(</span><span class="sh">'</span><span class="s">logout/</span><span class="sh">'</span><span class="p">,</span> <span class="n">auth_views</span><span class="p">.</span><span class="n">LogoutView</span><span class="p">.</span><span class="nf">as_view</span><span class="p">(),</span> <span class="n">name</span><span class="o">=</span><span class="sh">'</span><span class="s">logout</span><span class="sh">'</span><span class="p">),</span> <span class="nf">path</span><span class="p">(</span><span class="sh">'</span><span class="s">admin/</span><span class="sh">'</span><span class="p">,</span> <span class="n">admin</span><span class="p">.</span><span class="n">site</span><span class="p">.</span><span class="n">urls</span><span class="p">),</span> <span class="p">]</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1">#tasks/urls.py </span> <span class="kn">from</span> <span class="n">django.urls</span> <span class="kn">import</span> <span class="n">path</span> <span class="kn">from</span> <span class="n">.</span> <span class="kn">import</span> <span class="n">views</span> <span class="n">urlpatterns</span> <span class="o">=</span> <span class="p">[</span> <span class="nf">path</span><span class="p">(</span><span class="sh">''</span><span class="p">,</span> <span class="n">views</span><span class="p">.</span><span class="n">board_view</span><span class="p">,</span> <span class="n">name</span><span class="o">=</span><span class="sh">'</span><span class="s">board</span><span class="sh">'</span><span class="p">),</span> <span class="nf">path</span><span class="p">(</span><span class="sh">'</span><span class="s">tasks/new/</span><span class="sh">'</span><span class="p">,</span> <span class="n">views</span><span class="p">.</span><span class="n">task_create_view</span><span class="p">,</span> <span class="n">name</span><span class="o">=</span><span class="sh">'</span><span class="s">task-create</span><span class="sh">'</span><span class="p">),</span> <span class="nf">path</span><span class="p">(</span> <span class="sh">'</span><span class="s">tasks/&lt;str:pk&gt;/edit/</span><span class="sh">'</span><span class="p">,</span> <span class="n">views</span><span class="p">.</span><span class="n">task_edit_view</span><span class="p">,</span> <span class="n">name</span><span class="o">=</span><span class="sh">'</span><span class="s">task-edit</span><span class="sh">'</span><span class="p">,</span> <span class="p">),</span> <span class="nf">path</span><span class="p">(</span> <span class="sh">'</span><span class="s">tasks/&lt;str:pk&gt;/delete/</span><span class="sh">'</span><span class="p">,</span> <span class="n">views</span><span class="p">.</span><span class="n">task_delete_view</span><span class="p">,</span> <span class="n">name</span><span class="o">=</span><span class="sh">'</span><span class="s">task-delete</span><span class="sh">'</span><span class="p">,</span> <span class="p">),</span> <span class="nf">path</span><span class="p">(</span> <span class="sh">'</span><span class="s">tasks/&lt;str:pk&gt;/move/</span><span class="sh">'</span><span class="p">,</span> <span class="n">views</span><span class="p">.</span><span class="n">task_move_view</span><span class="p">,</span> <span class="n">name</span><span class="o">=</span><span class="sh">'</span><span class="s">task-move</span><span class="sh">'</span><span class="p">,</span> <span class="p">),</span> <span class="p">]</span> </code></pre> </div> <h3> Building the Task Manager Board (Kanban Board) </h3> <p>To build the task manager board, we will need: <br> Logic for the board view — a view that queries the current user's tasks and groups them into three columns by status (To Do, In Progress, Done)<br> Templates — a base layout, the board page with its three-column grid, a reusable card partial for each task, and a form modal for creating and editing tasks<br> HTMX for interactivity — create, edit, and delete tasks without full page reloads using hx-get, hx-post, and hx-delete attributes</p> <p>Next, let’s create the views.py, which has a <code>board_view</code> function that filters tasks belonging to the logged-in user and splits them into columns. We also add a <code>COLUMNS constant</code> that defines the three statuses(TO-DO, IN PROGRESS, and DONE) so we can loop through them.</p> <p>Also, we will add a <code>@login_required</code> decorator that redirects unauthenticated users to /login/. Each column dict holds the status value, a display label, a CSS dot class for the colored indicator, and the filtered queryset of tasks for that status.</p> <h4> Create views </h4> <p>Now, we can go ahead and create views for our taskapp. The <code>board_view</code> queries the user's tasks, groups them by status into three columns, and displays the task manager board. In addition, we will create views for creating, editing, deleting, and moving tasks between columns — each protected with @login_required and scoped to the current user.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1">#views.py </span> <span class="kn">import</span> <span class="n">json</span> <span class="kn">from</span> <span class="n">django.contrib.auth.decorators</span> <span class="kn">import</span> <span class="n">login_required</span> <span class="kn">from</span> <span class="n">django.http</span> <span class="kn">import</span> <span class="n">HttpResponse</span><span class="p">,</span> <span class="n">JsonResponse</span> <span class="kn">from</span> <span class="n">django.shortcuts</span> <span class="kn">import</span> <span class="n">get_object_or_404</span><span class="p">,</span> <span class="n">render</span> <span class="kn">from</span> <span class="n">django.views.decorators.http</span> <span class="kn">import</span> <span class="n">require_POST</span> <span class="kn">from</span> <span class="n">.forms</span> <span class="kn">import</span> <span class="n">TaskForm</span> <span class="kn">from</span> <span class="n">.models</span> <span class="kn">import</span> <span class="n">Task</span> <span class="n">COLUMNS</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span><span class="sh">'</span><span class="s">status</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">todo</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">label</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">To Do</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">dot</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">todo</span><span class="sh">'</span><span class="p">},</span> <span class="p">{</span><span class="sh">'</span><span class="s">status</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">in_progress</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">label</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">In Progress</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">dot</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">progress</span><span class="sh">'</span><span class="p">},</span> <span class="p">{</span><span class="sh">'</span><span class="s">status</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">done</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">label</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Done</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">dot</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">done</span><span class="sh">'</span><span class="p">},</span> <span class="p">]</span> <span class="nd">@login_required</span> <span class="k">def</span> <span class="nf">board_view</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="n">tasks</span> <span class="o">=</span> <span class="n">Task</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">owner</span><span class="o">=</span><span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">)</span> <span class="n">columns</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">col</span> <span class="ow">in</span> <span class="n">COLUMNS</span><span class="p">:</span> <span class="n">columns</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span> <span class="o">**</span><span class="n">col</span><span class="p">,</span> <span class="sh">'</span><span class="s">tasks</span><span class="sh">'</span><span class="p">:</span> <span class="n">tasks</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">status</span><span class="o">=</span><span class="n">col</span><span class="p">[</span><span class="sh">'</span><span class="s">status</span><span class="sh">'</span><span class="p">]),</span> <span class="p">})</span> <span class="k">return</span> <span class="nf">render</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="sh">'</span><span class="s">tasks/board.html</span><span class="sh">'</span><span class="p">,</span> <span class="p">{</span><span class="sh">'</span><span class="s">columns</span><span class="sh">'</span><span class="p">:</span> <span class="n">columns</span><span class="p">})</span> <span class="nd">@login_required</span> <span class="k">def</span> <span class="nf">task_create_view</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="k">if</span> <span class="n">request</span><span class="p">.</span><span class="n">method</span> <span class="o">==</span> <span class="sh">'</span><span class="s">POST</span><span class="sh">'</span><span class="p">:</span> <span class="n">form</span> <span class="o">=</span> <span class="nc">TaskForm</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">POST</span><span class="p">)</span> <span class="k">if</span> <span class="n">form</span><span class="p">.</span><span class="nf">is_valid</span><span class="p">():</span> <span class="n">task</span> <span class="o">=</span> <span class="n">form</span><span class="p">.</span><span class="nf">save</span><span class="p">(</span><span class="n">commit</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">task</span><span class="p">.</span><span class="n">owner</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">user</span> <span class="n">task</span><span class="p">.</span><span class="nf">save</span><span class="p">()</span> <span class="k">return</span> <span class="nc">HttpResponse</span><span class="p">(</span><span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">'</span><span class="s">HX-Redirect</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">/</span><span class="sh">'</span><span class="p">})</span> <span class="k">else</span><span class="p">:</span> <span class="n">form</span> <span class="o">=</span> <span class="nc">TaskForm</span><span class="p">()</span> <span class="k">return</span> <span class="nf">render</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="sh">'</span><span class="s">tasks/_form_modal.html</span><span class="sh">'</span><span class="p">,</span> <span class="p">{</span> <span class="sh">'</span><span class="s">form</span><span class="sh">'</span><span class="p">:</span> <span class="n">form</span><span class="p">,</span> <span class="sh">'</span><span class="s">form_title</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">New Task</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">form_action</span><span class="sh">'</span><span class="p">:</span> <span class="n">request</span><span class="p">.</span><span class="n">path</span><span class="p">,</span> <span class="sh">'</span><span class="s">submit_label</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Create</span><span class="sh">'</span><span class="p">,</span> <span class="p">})</span> <span class="nd">@login_required</span> <span class="k">def</span> <span class="nf">task_edit_view</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="n">pk</span><span class="p">):</span> <span class="n">task</span> <span class="o">=</span> <span class="nf">get_object_or_404</span><span class="p">(</span><span class="n">Task</span><span class="p">,</span> <span class="n">pk</span><span class="o">=</span><span class="n">pk</span><span class="p">,</span> <span class="n">owner</span><span class="o">=</span><span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">)</span> <span class="k">if</span> <span class="n">request</span><span class="p">.</span><span class="n">method</span> <span class="o">==</span> <span class="sh">'</span><span class="s">POST</span><span class="sh">'</span><span class="p">:</span> <span class="n">form</span> <span class="o">=</span> <span class="nc">TaskForm</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">POST</span><span class="p">,</span> <span class="n">instance</span><span class="o">=</span><span class="n">task</span><span class="p">)</span> <span class="k">if</span> <span class="n">form</span><span class="p">.</span><span class="nf">is_valid</span><span class="p">():</span> <span class="n">form</span><span class="p">.</span><span class="nf">save</span><span class="p">()</span> <span class="k">return</span> <span class="nc">HttpResponse</span><span class="p">(</span><span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">'</span><span class="s">HX-Redirect</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">/</span><span class="sh">'</span><span class="p">})</span> <span class="k">else</span><span class="p">:</span> <span class="n">form</span> <span class="o">=</span> <span class="nc">TaskForm</span><span class="p">(</span><span class="n">instance</span><span class="o">=</span><span class="n">task</span><span class="p">)</span> <span class="k">return</span> <span class="nf">render</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="sh">'</span><span class="s">tasks/_form_modal.html</span><span class="sh">'</span><span class="p">,</span> <span class="p">{</span> <span class="sh">'</span><span class="s">form</span><span class="sh">'</span><span class="p">:</span> <span class="n">form</span><span class="p">,</span> <span class="sh">'</span><span class="s">form_title</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Edit Task</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">form_action</span><span class="sh">'</span><span class="p">:</span> <span class="n">request</span><span class="p">.</span><span class="n">path</span><span class="p">,</span> <span class="sh">'</span><span class="s">submit_label</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Save</span><span class="sh">'</span><span class="p">,</span> <span class="p">})</span> <span class="nd">@login_required</span> <span class="k">def</span> <span class="nf">task_delete_view</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="n">pk</span><span class="p">):</span> <span class="n">task</span> <span class="o">=</span> <span class="nf">get_object_or_404</span><span class="p">(</span><span class="n">Task</span><span class="p">,</span> <span class="n">pk</span><span class="o">=</span><span class="n">pk</span><span class="p">,</span> <span class="n">owner</span><span class="o">=</span><span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">)</span> <span class="n">task</span><span class="p">.</span><span class="nf">delete</span><span class="p">()</span> <span class="k">return</span> <span class="nc">HttpResponse</span><span class="p">(</span><span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">'</span><span class="s">HX-Redirect</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">/</span><span class="sh">'</span><span class="p">})</span> <span class="nd">@login_required</span> <span class="nd">@require_POST</span> <span class="k">def</span> <span class="nf">task_move_view</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="n">pk</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Update a task</span><span class="sh">'</span><span class="s">s status when dragged to a new column.</span><span class="sh">"""</span> <span class="n">task</span> <span class="o">=</span> <span class="nf">get_object_or_404</span><span class="p">(</span><span class="n">Task</span><span class="p">,</span> <span class="n">pk</span><span class="o">=</span><span class="n">pk</span><span class="p">,</span> <span class="n">owner</span><span class="o">=</span><span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">)</span> <span class="n">data</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">body</span><span class="p">)</span> <span class="n">new_status</span> <span class="o">=</span> <span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">status</span><span class="sh">'</span><span class="p">)</span> <span class="n">valid_statuses</span> <span class="o">=</span> <span class="p">[</span><span class="n">c</span><span class="p">[</span><span class="sh">'</span><span class="s">status</span><span class="sh">'</span><span class="p">]</span> <span class="k">for</span> <span class="n">c</span> <span class="ow">in</span> <span class="n">COLUMNS</span><span class="p">]</span> <span class="k">if</span> <span class="n">new_status</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">valid_statuses</span><span class="p">:</span> <span class="k">return</span> <span class="nc">JsonResponse</span><span class="p">({</span><span class="sh">'</span><span class="s">error</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Invalid status</span><span class="sh">'</span><span class="p">},</span> <span class="n">status</span><span class="o">=</span><span class="mi">400</span><span class="p">)</span> <span class="n">task</span><span class="p">.</span><span class="n">status</span> <span class="o">=</span> <span class="n">new_status</span> <span class="n">task</span><span class="p">.</span><span class="nf">save</span><span class="p">()</span> <span class="k">return</span> <span class="nc">JsonResponse</span><span class="p">({</span><span class="sh">'</span><span class="s">ok</span><span class="sh">'</span><span class="p">:</span> <span class="bp">True</span><span class="p">})</span> </code></pre> </div> <h4> Templates </h4> <p>Now, we move on to templates, which form how our UI is going to look. </p> <ul> <li>tasks/base.html — this loads the stylesheet, the HTMX and SortableJS CDN scripts, and sets a global CSRF token on the tag so every HTMX request is authenticated. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight html"><code>{% load static %} <span class="cp">&lt;!DOCTYPE html&gt;</span> <span class="nt">&lt;html</span> <span class="na">lang=</span><span class="s">"en"</span><span class="nt">&gt;</span> <span class="nt">&lt;head&gt;</span> <span class="nt">&lt;meta</span> <span class="na">charset=</span><span class="s">"UTF-8"</span><span class="nt">&gt;</span> <span class="nt">&lt;meta</span> <span class="na">name=</span><span class="s">"viewport"</span> <span class="na">content=</span><span class="s">"width=device-width, initial-scale=1.0"</span><span class="nt">&gt;</span> <span class="nt">&lt;title&gt;</span>{% block title %}Get Going{% endblock %}<span class="nt">&lt;/title&gt;</span> <span class="nt">&lt;link</span> <span class="na">rel=</span><span class="s">"stylesheet"</span> <span class="na">href=</span><span class="s">"{% static 'css/style.css' %}"</span><span class="nt">&gt;</span> <span class="nt">&lt;script </span><span class="na">src=</span><span class="s">"https://unpkg.com/htmx.org@2.0.4"</span><span class="nt">&gt;&lt;/script&gt;</span> <span class="nt">&lt;script </span><span class="na">src=</span><span class="s">"https://cdn.jsdelivr.net/npm/sortablejs@1.15.6/Sortable.min.js"</span><span class="nt">&gt;&lt;/script&gt;</span> <span class="nt">&lt;/head&gt;</span> <span class="nt">&lt;body</span> <span class="na">hx-headers=</span><span class="s">'{"X-CSRFToken": "{{ csrf_token }}"}'</span><span class="nt">&gt;</span> {% block body %}{% endblock %} <span class="nt">&lt;/body&gt;</span> <span class="nt">&lt;/html&gt;</span> </code></pre> </div> <ul> <li>registration/login.html - for signing into the task manager board </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight html"><code>{% extends "base.html" %} {% block title %}Login — Get Going{% endblock %} {% block body %} <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"login-page"</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"login-card"</span><span class="nt">&gt;</span> <span class="nt">&lt;h1&gt;</span>Get <span class="nt">&lt;span</span> <span class="na">style=</span><span class="s">"color:var(--green)"</span><span class="nt">&gt;</span>Going<span class="nt">&lt;/span&gt;&lt;/h1&gt;</span> <span class="nt">&lt;p</span> <span class="na">class=</span><span class="s">"subtitle"</span><span class="nt">&gt;</span>Sign in to manage your tasks<span class="nt">&lt;/p&gt;</span> {% if form.errors %} <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"error-msg"</span><span class="nt">&gt;</span>Invalid username or password.<span class="nt">&lt;/div&gt;</span> {% endif %} <span class="nt">&lt;form</span> <span class="na">method=</span><span class="s">"post"</span><span class="nt">&gt;</span> {% csrf_token %} <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"form-group"</span><span class="nt">&gt;</span> <span class="nt">&lt;label</span> <span class="na">for=</span><span class="s">"id_username"</span><span class="nt">&gt;</span>Username<span class="nt">&lt;/label&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"text"</span> <span class="na">name=</span><span class="s">"username"</span> <span class="na">id=</span><span class="s">"id_username"</span> <span class="na">autofocus</span> <span class="na">required</span><span class="nt">&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"form-group"</span><span class="nt">&gt;</span> <span class="nt">&lt;label</span> <span class="na">for=</span><span class="s">"id_password"</span><span class="nt">&gt;</span>Password<span class="nt">&lt;/label&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"password"</span> <span class="na">name=</span><span class="s">"password"</span> <span class="na">id=</span><span class="s">"id_password"</span> <span class="na">required</span><span class="nt">&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;button</span> <span class="na">type=</span><span class="s">"submit"</span> <span class="na">class=</span><span class="s">"btn btn-primary"</span><span class="nt">&gt;</span>Sign In<span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;/form&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;footer</span> <span class="na">class=</span><span class="s">"app-footer"</span> <span class="na">style=</span><span class="s">"color:var(--sidebar-muted)"</span><span class="nt">&gt;</span>Get Going 2026 <span class="ni">&amp;trade;</span><span class="nt">&lt;/footer&gt;</span> <span class="nt">&lt;/div&gt;</span> {% endblock %} </code></pre> </div> <ul> <li>tasks/board.html — extends base.html and contains the sidebar with navigation and the "+ New Task" button, a three-column grid that loops over columns, and an empty #modal-container div where modals get injected. Each column renders its header (colored dot, label, task count badge) and loops through its tasks using the card partial. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight html"><code>{% extends "base.html" %} {% block title %}Board — Get Going{% endblock %} {% block body %} <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"app-layout"</span><span class="nt">&gt;</span> <span class="c">&lt;!-- Sidebar --&gt;</span> <span class="nt">&lt;aside</span> <span class="na">class=</span><span class="s">"sidebar"</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"logo"</span><span class="nt">&gt;</span>Get <span class="nt">&lt;span&gt;</span>Going<span class="nt">&lt;/span&gt;&lt;/div&gt;</span> <span class="nt">&lt;button</span> <span class="na">class=</span><span class="s">"new-task-btn"</span> <span class="na">hx-get=</span><span class="s">"{% url 'task-create' %}"</span> <span class="na">hx-target=</span><span class="s">"#modal-container"</span> <span class="na">hx-swap=</span><span class="s">"innerHTML"</span><span class="nt">&gt;</span> + New Task <span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"sidebar-section"</span><span class="nt">&gt;</span>Menu<span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;nav</span> <span class="na">class=</span><span class="s">"sidebar-nav"</span><span class="nt">&gt;</span> <span class="nt">&lt;a</span> <span class="na">href=</span><span class="s">"{% url 'board' %}"</span> <span class="na">class=</span><span class="s">"active"</span><span class="nt">&gt;</span>📋 My Tasks<span class="nt">&lt;/a&gt;</span> <span class="nt">&lt;/nav&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"sidebar-bottom"</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"user-info"</span><span class="nt">&gt;</span> <span class="nt">&lt;span&gt;</span>{{ request.user.username }}<span class="nt">&lt;/span&gt;</span> <span class="nt">&lt;a</span> <span class="na">href=</span><span class="s">"{% url 'logout' %}"</span> <span class="na">class=</span><span class="s">"btn btn-ghost btn-small"</span><span class="nt">&gt;</span>Sign Out<span class="nt">&lt;/a&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/aside&gt;</span> <span class="c">&lt;!-- Main --&gt;</span> <span class="nt">&lt;main</span> <span class="na">class=</span><span class="s">"main-content"</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"main-header"</span><span class="nt">&gt;</span> <span class="nt">&lt;h2&gt;</span>My Tasks<span class="nt">&lt;/h2&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"board"</span><span class="nt">&gt;</span> {% for col in columns %} <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"column"</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"column-header"</span><span class="nt">&gt;</span> <span class="nt">&lt;span</span> <span class="na">class=</span><span class="s">"column-title"</span><span class="nt">&gt;</span> <span class="nt">&lt;span</span> <span class="na">class=</span><span class="s">"dot dot-{{ col.dot }}"</span><span class="nt">&gt;&lt;/span&gt;</span> {{ col.label }} <span class="nt">&lt;/span&gt;</span> <span class="nt">&lt;span</span> <span class="na">class=</span><span class="s">"column-count"</span><span class="nt">&gt;</span>{{ col.tasks|length }}<span class="nt">&lt;/span&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"card-list"</span> <span class="na">id=</span><span class="s">"col-{{ col.status }}"</span> <span class="na">data-status=</span><span class="s">"{{ col.status }}"</span><span class="nt">&gt;</span> {% for task in col.tasks %} {% include "tasks/_card.html" %} {% endfor %} <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/div&gt;</span> {% endfor %} <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;footer</span> <span class="na">class=</span><span class="s">"app-footer"</span><span class="nt">&gt;</span>Get Going 2026 <span class="ni">&amp;trade;</span><span class="nt">&lt;/footer&gt;</span> <span class="nt">&lt;/main&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div</span> <span class="na">id=</span><span class="s">"modal-container"</span><span class="nt">&gt;&lt;/div&gt;</span> <span class="nt">&lt;script&gt;</span> <span class="nb">document</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">DOMContentLoaded</span><span class="dl">'</span><span class="p">,</span> <span class="kd">function</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">csrfToken</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">querySelector</span><span class="p">(</span><span class="dl">'</span><span class="s1">[name=csrfmiddlewaretoken]</span><span class="dl">'</span><span class="p">)?.</span><span class="nx">value</span> <span class="o">||</span> <span class="nb">document</span><span class="p">.</span><span class="nf">querySelector</span><span class="p">(</span><span class="dl">'</span><span class="s1">body</span><span class="dl">'</span><span class="p">).</span><span class="nf">getAttribute</span><span class="p">(</span><span class="dl">'</span><span class="s1">hx-headers</span><span class="dl">'</span><span class="p">)</span> <span class="o">&amp;&amp;</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nb">document</span><span class="p">.</span><span class="nf">querySelector</span><span class="p">(</span><span class="dl">'</span><span class="s1">body</span><span class="dl">'</span><span class="p">).</span><span class="nf">getAttribute</span><span class="p">(</span><span class="dl">'</span><span class="s1">hx-headers</span><span class="dl">'</span><span class="p">))[</span><span class="dl">'</span><span class="s1">X-CSRFToken</span><span class="dl">'</span><span class="p">];</span> <span class="nb">document</span><span class="p">.</span><span class="nf">querySelectorAll</span><span class="p">(</span><span class="dl">'</span><span class="s1">.card-list</span><span class="dl">'</span><span class="p">).</span><span class="nf">forEach</span><span class="p">(</span><span class="kd">function</span><span class="p">(</span><span class="nx">list</span><span class="p">)</span> <span class="p">{</span> <span class="k">new</span> <span class="nc">Sortable</span><span class="p">(</span><span class="nx">list</span><span class="p">,</span> <span class="p">{</span> <span class="na">group</span><span class="p">:</span> <span class="dl">'</span><span class="s1">board</span><span class="dl">'</span><span class="p">,</span> <span class="na">animation</span><span class="p">:</span> <span class="mi">150</span><span class="p">,</span> <span class="na">ghostClass</span><span class="p">:</span> <span class="dl">'</span><span class="s1">drag-ghost</span><span class="dl">'</span><span class="p">,</span> <span class="na">dragClass</span><span class="p">:</span> <span class="dl">'</span><span class="s1">drag-active</span><span class="dl">'</span><span class="p">,</span> <span class="na">onEnd</span><span class="p">:</span> <span class="kd">function</span><span class="p">(</span><span class="nx">evt</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">taskId</span> <span class="o">=</span> <span class="nx">evt</span><span class="p">.</span><span class="nx">item</span><span class="p">.</span><span class="nx">dataset</span><span class="p">.</span><span class="nx">id</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">newStatus</span> <span class="o">=</span> <span class="nx">evt</span><span class="p">.</span><span class="nx">to</span><span class="p">.</span><span class="nx">dataset</span><span class="p">.</span><span class="nx">status</span><span class="p">;</span> <span class="c1">// Update column counts</span> <span class="nf">updateCounts</span><span class="p">();</span> <span class="c1">// Persist to server</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/tasks/</span><span class="dl">'</span> <span class="o">+</span> <span class="nx">taskId</span> <span class="o">+</span> <span class="dl">'</span><span class="s1">/move/</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">X-CSRFToken</span><span class="dl">'</span><span class="p">:</span> <span class="nx">csrfToken</span><span class="p">,</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">status</span><span class="p">:</span> <span class="nx">newStatus</span> <span class="p">}),</span> <span class="p">}).</span><span class="nf">then</span><span class="p">(</span><span class="kd">function</span><span class="p">(</span><span class="nx">res</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">res</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="nx">evt</span><span class="p">.</span><span class="k">from</span><span class="p">.</span><span class="nf">insertBefore</span><span class="p">(</span><span class="nx">evt</span><span class="p">.</span><span class="nx">item</span><span class="p">,</span> <span class="nx">evt</span><span class="p">.</span><span class="k">from</span><span class="p">.</span><span class="nx">children</span><span class="p">[</span><span class="nx">evt</span><span class="p">.</span><span class="nx">oldIndex</span><span class="p">]);</span> <span class="nf">updateCounts</span><span class="p">();</span> <span class="p">}</span> <span class="p">});</span> <span class="p">}</span> <span class="p">});</span> <span class="p">});</span> <span class="kd">function</span> <span class="nf">updateCounts</span><span class="p">()</span> <span class="p">{</span> <span class="nb">document</span><span class="p">.</span><span class="nf">querySelectorAll</span><span class="p">(</span><span class="dl">'</span><span class="s1">.column</span><span class="dl">'</span><span class="p">).</span><span class="nf">forEach</span><span class="p">(</span><span class="kd">function</span><span class="p">(</span><span class="nx">col</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">count</span> <span class="o">=</span> <span class="nx">col</span><span class="p">.</span><span class="nf">querySelector</span><span class="p">(</span><span class="dl">'</span><span class="s1">.card-list</span><span class="dl">'</span><span class="p">).</span><span class="nx">children</span><span class="p">.</span><span class="nx">length</span><span class="p">;</span> <span class="nx">col</span><span class="p">.</span><span class="nf">querySelector</span><span class="p">(</span><span class="dl">'</span><span class="s1">.column-count</span><span class="dl">'</span><span class="p">).</span><span class="nx">textContent</span> <span class="o">=</span> <span class="nx">count</span><span class="p">;</span> <span class="p">});</span> <span class="p">}</span> <span class="p">});</span> <span class="nt">&lt;/script&gt;</span> {% endblock %} </code></pre> </div> <ul> <li>tasks/_card.html — a partial template for a single task card. It displays the title, description (clamped to two lines), due date, a color-coded priority badge, and edit/delete action buttons. Each card has a data-id="{{ task.id }}" attribute that SortableJS uses later for drag-and-drop. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"task-card"</span> <span class="na">id=</span><span class="s">"task-{{ task.id }}"</span> <span class="na">data-id=</span><span class="s">"{{ task.id }}"</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"task-card-title"</span><span class="nt">&gt;</span>{{ task.title }}<span class="nt">&lt;/div&gt;</span> {% if task.description %} <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"task-card-desc"</span><span class="nt">&gt;</span>{{ task.description }}<span class="nt">&lt;/div&gt;</span> {% endif %} {% if task.due_date %} <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"task-card-due"</span><span class="nt">&gt;</span>{{ task.due_date|date:'M d, Y' }}<span class="nt">&lt;/div&gt;</span> {% endif %} <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"task-card-footer"</span><span class="nt">&gt;</span> <span class="nt">&lt;span</span> <span class="na">class=</span><span class="s">"priority-badge priority-{{ task.priority }}"</span><span class="nt">&gt;</span>{{ task.get_priority_display }}<span class="nt">&lt;/span&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"task-actions"</span><span class="nt">&gt;</span> <span class="nt">&lt;button</span> <span class="na">title=</span><span class="s">"Edit"</span> <span class="na">hx-get=</span><span class="s">"{% url 'task-edit' task.id %}"</span> <span class="na">hx-target=</span><span class="s">"#modal-container"</span> <span class="na">hx-swap=</span><span class="s">"innerHTML"</span><span class="nt">&gt;</span>✎<span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;button</span> <span class="na">title=</span><span class="s">"Delete"</span> <span class="na">class=</span><span class="s">"delete-btn"</span> <span class="na">hx-delete=</span><span class="s">"{% url 'task-delete' task.id %}"</span> <span class="na">hx-target=</span><span class="s">"#task-{{ task.id }}"</span> <span class="na">hx-swap=</span><span class="s">"outerHTML"</span> <span class="na">hx-confirm=</span><span class="s">"Delete this task?"</span><span class="nt">&gt;</span>✕<span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/div&gt;</span> </code></pre> </div> <ul> <li>tasks/_form_modal.html — a reusable modal for both creating and editing tasks. It receives form_title, form_action, and submit_label through the template context, so the same template can be rendered as "New Task" with a "Create" button or "Edit Task" with a "Save" button. Clicking the backdrop dismisses the modal. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"modal-backdrop"</span> <span class="na">onclick=</span><span class="s">"if(event.target===this)this.remove()"</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"modal"</span><span class="nt">&gt;</span> <span class="nt">&lt;h3&gt;</span>{{ form_title }}<span class="nt">&lt;/h3&gt;</span> <span class="nt">&lt;form</span> <span class="na">hx-post=</span><span class="s">"{{ form_action }}"</span> <span class="na">hx-target=</span><span class="s">"body"</span> <span class="na">hx-swap=</span><span class="s">"innerHTML"</span> <span class="na">hx-push-url=</span><span class="s">"false"</span><span class="nt">&gt;</span> {% csrf_token %} <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"form-group"</span><span class="nt">&gt;</span> <span class="nt">&lt;label</span> <span class="na">for=</span><span class="s">"id_title"</span><span class="nt">&gt;</span>Title<span class="nt">&lt;/label&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"text"</span> <span class="na">name=</span><span class="s">"title"</span> <span class="na">id=</span><span class="s">"id_title"</span> <span class="na">value=</span><span class="s">"{{ form.title.value|default:'' }}"</span> <span class="na">required</span><span class="nt">&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"form-group"</span><span class="nt">&gt;</span> <span class="nt">&lt;label</span> <span class="na">for=</span><span class="s">"id_description"</span><span class="nt">&gt;</span>Description<span class="nt">&lt;/label&gt;</span> <span class="nt">&lt;textarea</span> <span class="na">name=</span><span class="s">"description"</span> <span class="na">id=</span><span class="s">"id_description"</span><span class="nt">&gt;</span>{{ form.description.value|default:'' }}<span class="nt">&lt;/textarea&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"form-group"</span><span class="nt">&gt;</span> <span class="nt">&lt;label</span> <span class="na">for=</span><span class="s">"id_status"</span><span class="nt">&gt;</span>Status<span class="nt">&lt;/label&gt;</span> <span class="nt">&lt;select</span> <span class="na">name=</span><span class="s">"status"</span> <span class="na">id=</span><span class="s">"id_status"</span><span class="nt">&gt;</span> {% for value, label in form.fields.status.choices %} <span class="nt">&lt;option</span> <span class="na">value=</span><span class="s">"{{ value }}"</span> <span class="err">{%</span> <span class="na">if</span> <span class="na">form.status.value =</span><span class="s">=</span> <span class="na">value</span> <span class="err">%}</span><span class="na">selected</span><span class="err">{%</span> <span class="na">endif</span> <span class="err">%}</span><span class="nt">&gt;</span>{{ label }}<span class="nt">&lt;/option&gt;</span> {% endfor %} <span class="nt">&lt;/select&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"form-group"</span><span class="nt">&gt;</span> <span class="nt">&lt;label</span> <span class="na">for=</span><span class="s">"id_priority"</span><span class="nt">&gt;</span>Priority<span class="nt">&lt;/label&gt;</span> <span class="nt">&lt;select</span> <span class="na">name=</span><span class="s">"priority"</span> <span class="na">id=</span><span class="s">"id_priority"</span><span class="nt">&gt;</span> {% for value, label in form.fields.priority.choices %} <span class="nt">&lt;option</span> <span class="na">value=</span><span class="s">"{{ value }}"</span> <span class="err">{%</span> <span class="na">if</span> <span class="na">form.priority.value =</span><span class="s">=</span> <span class="na">value</span> <span class="err">%}</span><span class="na">selected</span><span class="err">{%</span> <span class="na">endif</span> <span class="err">%}</span><span class="nt">&gt;</span>{{ label }}<span class="nt">&lt;/option&gt;</span> {% endfor %} <span class="nt">&lt;/select&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"form-group"</span><span class="nt">&gt;</span> <span class="nt">&lt;label</span> <span class="na">for=</span><span class="s">"id_due_date"</span><span class="nt">&gt;</span>Due Date<span class="nt">&lt;/label&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"date"</span> <span class="na">name=</span><span class="s">"due_date"</span> <span class="na">id=</span><span class="s">"id_due_date"</span> <span class="na">value=</span><span class="s">"{{ form.due_date.value|date:'Y-m-d'|default:'' }}"</span><span class="nt">&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"modal-actions"</span><span class="nt">&gt;</span> <span class="nt">&lt;button</span> <span class="na">type=</span><span class="s">"button"</span> <span class="na">class=</span><span class="s">"btn btn-ghost"</span> <span class="na">onclick=</span><span class="s">"this.closest('.modal-backdrop').remove()"</span><span class="nt">&gt;</span>Cancel<span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;button</span> <span class="na">type=</span><span class="s">"submit"</span> <span class="na">class=</span><span class="s">"btn btn-primary"</span><span class="nt">&gt;</span>{{ submit_label }}<span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/form&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;/div&gt;</span> </code></pre> </div> <p>NB: for the CRUD methods:</p> <ul> <li>Create method — The "+ New Task" button in the sidebar uses hx-get to fetch the empty form modal from the server and inject it into #modal-container. When the form is submitted, hx-post sends the data to the create endpoint.</li> <li>Edit method — The edit button on each card uses hx-get to fetch the form modal pre-filled with that task's data.</li> <li>Delete method— The delete button (✕) uses hx-delete with hx-confirm="Delete this task?" for browser-native confirmation. It targets only the specific card element using hx-target="#task-{{ task.id }}" and hx-swap="outerHTML" to remove just that card from the DOM.</li> </ul> <h4> Drag &amp; Drop </h4> <p>To bring some flexibility into the task manager, we will add <code>drag and drop</code> functionality. To achieve this, we will use SortableJS to handle the drag interaction in the browser and a dedicated endpoint to persist the status change to MongoDB.</p> <h4> SortableJS Setup </h4> <ul> <li>CDN load in base.html: SortableJS is loaded as a global script from the jsDelivr CDN, making the Sortable constructor available on every page that extends the base template (with this line <code>&lt;script src="https://cdn.jsdelivr.net/npm/sortablejs@1.15.6/Sortable.min.js"&gt;&lt;/script&gt;</code> )</li> <li>Initialization + drag handler in board.html: On DOMContentLoaded, each .card-list element gets a Sortable instance with group: 'board' so cards can cross columns. The onEnd callback reads data-id and data-status to POST the new status to the move endpoint, with rollback on failure.</li> <li>Drag feedback styles in style.css: .drag-ghost renders the drop placeholder with a dashed green border and reduced opacity, while .drag-active gives the card being dragged an elevated shadow and slight rotation for depth.</li> </ul> <h4> Styling </h4> <p>For styling, we keep it simple and use a MongoDB-inspired color palette defined as CSS custom properties; a dark sidebar layout, and a responsive breakpoint for mobile. Colors used for status indicator dots: gray for To Do, amber for In Progress, forest green for Done; priority badges: teal for Low, gold for Medium, red for High, and interactive elements like buttons and card hover states.</p> <h4> Responsiveness - CSS </h4> <p>To keep the board usable on smaller screens, we specify a single breakpoint at 768px to restructure the layout:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight css"><code><span class="k">@media</span> <span class="p">(</span><span class="n">max-width</span><span class="p">:</span> <span class="m">768px</span><span class="p">)</span> <span class="p">{</span> <span class="nc">.sidebar</span> <span class="p">{</span> <span class="nl">width</span><span class="p">:</span> <span class="m">100%</span><span class="p">;</span> <span class="nl">position</span><span class="p">:</span> <span class="nb">relative</span><span class="p">;</span> <span class="nl">flex-direction</span><span class="p">:</span> <span class="n">row</span><span class="p">;</span> <span class="nl">padding</span><span class="p">:</span> <span class="m">.75rem</span> <span class="m">1rem</span><span class="p">;</span> <span class="p">}</span> <span class="nc">.sidebar-nav</span><span class="o">,</span> <span class="nc">.sidebar-section</span> <span class="p">{</span> <span class="nl">display</span><span class="p">:</span> <span class="nb">none</span><span class="p">;</span> <span class="p">}</span> <span class="nc">.main-content</span> <span class="p">{</span> <span class="nl">margin-left</span><span class="p">:</span> <span class="m">0</span><span class="p">;</span> <span class="p">}</span> <span class="nc">.board</span> <span class="p">{</span> <span class="py">grid-template-columns</span><span class="p">:</span> <span class="m">1</span><span class="n">fr</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>On mobile, the fixed sidebar collapses into a horizontal top bar with the logo and "+ New Task" button inline, hiding the nav links to save space. The main content drops its left margin, and the board switches from a three-column grid to a single stacked column.</p> <h3> Final Look at Task Manager </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4zc6nx8gojewbqi6xxhl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4zc6nx8gojewbqi6xxhl.png" alt="Get Going Task Manager Landing Page"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmwysex8qh9s41ducw0jj.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmwysex8qh9s41ducw0jj.png" alt="Plain task manager dashboard"></a></p> <h4> Adding tasks for display </h4> <p>We can create, read, update, and delete tasks via the website or Python Shell; however, we will add tasks via the <code>Add Task</code> button on the Task Manager board.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhq5u69gpo1qurbmxb7ss.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhq5u69gpo1qurbmxb7ss.png" alt="Add new task pop-up form"></a></p> <p>After adding sample tasks, </p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy7qkbxh9ochv75dwzwaz.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy7qkbxh9ochv75dwzwaz.png" alt="Task manager kanban board filled with tasks"></a></p> <p>The same data is displayed under the task collection of the MongoDB cluster tier that was initially created. Example shown below.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fea8hfgku7vdgbiaaxkoy.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fea8hfgku7vdgbiaaxkoy.png" alt="MongoDB Atlas cluster page showing added tasks"></a></p> <p>This brings us to the end of this tutorial using Django MongoDB Backend to create a Task Manager with MongoDB Atlas Free Tier. To download the project, kindly access this <a href="https://github.com/mongodb-developer/taskmanager" rel="noopener noreferrer">link to project</a>. If you liked this tutorial, kindly like this tutorial and share your thoughts and/or contributions in the comments section.</p> <p>Thank you, and see you in the next one.</p> <h3> References </h3> <ul> <li><a href="https://github.com/mongodb-developer/taskmanager" rel="noopener noreferrer">Link to Project</a></li> <li><a href="https://learn.mongodb.com/courses/mongodb-overview?team=devrel-content" rel="noopener noreferrer">MongoDB Overview Skill Badge</a></li> <li> <a href="https://www.mongodb.com/docs/languages/python/django-mongodb/current/get-started/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=django-task-manager&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">Get started Django MongoDB Backend</a> </li> <li><a href="https://docs.djangoproject.com/en/6.0/topics/auth/default/#using-the-django-authentication-system" rel="noopener noreferrer">Django Auth System</a></li> <li><a href="https://sortablejs.github.io/Sortable/" rel="noopener noreferrer">Sortable JS</a></li> </ul> django mongodb backend python Abigail Afi Gbadago Thu, 19 Mar 2026 18:08:58 +0000 https://forem.com/mongodb/queryable-encryption-with-django-mongodb-backend-1a9f https://forem.com/mongodb/queryable-encryption-with-django-mongodb-backend-1a9f <h1> Build a Secure Risk Assessment API with MongoDB Queryable Encryption in Django </h1> <p>In this tutorial, we will build a Risk Assessment API with encrypted fields using the Django MongoDB Backend. This tutorial targets anyone working with sensitive data that needs to be protected. In this case, we will focus on assessing risk, which is fundamental in sectors such as finance or wealth asset management.</p> <h2> The Problem </h2> <p>Encryption plays a crucial role in mitigating potential threats to investments and ensuring regulatory compliance and long-term profitability of organizations. The major problem arises when sensitive data, such as Personal Identifiable Information (PII), financial, and health records, is stored in plain text in databases, which are vulnerable to exposure in the case of a database breach.</p> <p>Under the EU’s Digital Operational Resilience Act (DORA), which became effective in January 2025, financial institutions are explicitly mandated to implement robust Information and Communications Technology (ICT) risk management frameworks, which include strict requirements for encryption of data—both at rest, in transit, and in use for operating in European markets, with similar requirements emerging globally.</p> <h2> Why MongoDB Queryable Encryption </h2> <p>MongoDB's Queryable Encryption solves this by encrypting data on the client side before it reaches the server, meaning the database can process queries on encrypted fields without ever seeing the plaintext. With Django MongoDB Backend's Queryable Encryption support, Django developers can protect their data. The fields are encrypted on write, decrypted on read, and the MongoDB server never has access to the raw data, even if compromised.</p> <p>Queryable Encryption is supported on MongoDB versions as early as MongoDB 7.0 with new query operators for range, prefix, suffix, and substring queries that come with each versioned release. MongoDB 8.0 adds support for range queries on encrypted fields. More advanced text-style queries are being introduced in preview releases prior to general availability and are expected to become fully supported in a future release. To see the full range of supported operations, check <a href="https://www.mongodb.com/docs/v8.0/core/queryable-encryption/reference/supported-operations/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=djanog-mongodb-queryable&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">here</a>.</p> <h2> Design the Data Model </h2> <p>When deciding the data model for the risk assessment, let’s take a minute to think about the fields in our model.</p> <ul> <li>Things we will encrypt: names, titles, descriptions that contain PII, and sensitive text.</li> <li>Things we won’t encrypt: Scores, dates, Foreign keys, and anything you need to perform a sort or index on.</li> </ul> <p>The relationship is visualized in the ERD below:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff46bvjnnl1mdw9c4e4vc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff46bvjnnl1mdw9c4e4vc.png" alt="Entity Relationship Diagram showing embedded documents for Risk, RiskCategory, and RiskOwner" width="800" height="422"></a></p> <h2> Overview of the Process </h2> <p>When a user makes a request, for example, a write request (POST /api/categories/) with "name": "Financial"} in the request body, Django receives the plaintext "Financial", the EncryptedCharField uses Queryable Encryption to encrypt sensitive data before storing or retrieving it as binary.</p> <h2> Prerequisites </h2> <ul> <li>Platform used: MacOS Tahoe 26.3</li> <li>Python 3.13+</li> <li>MongoDB Atlas account (free tier works)</li> <li>Download mongo_crypt_shared library <ul> <li>You can choose from MongoDB Enterprise Downloads or choose the current release:</li> <li>Select your OS; macOS ARM64 / Linux / Windows <a href="https://www.mongodb.com/try/download/enterprise-advanced/releases/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=djanog-mongodb-queryable&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">here</a> </li> <li>Extract and note the path to <code>mongo_crypt_v1.dylib</code> (macOS) or <code>mongo_crypt_v1.so</code> (Linux)</li> <li>Reference the path in crypt_shared_lib_path in <code>settings.py</code> </li> </ul> </li> </ul> <p>Next, create a requirements.txt file with the following content:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Django&gt;=6.0 djangorestframework==3.16.1 # For encryption(depends on corresponding Django version, &gt;=6.0) django-mongodb-backend[encryption] # For the API Documentation(Swagger) drf-spectacular # For environment variables Django-environ </code></pre> </div> <p>Then run the following command in your terminal:<br> <code>pip install -r requirements.txt</code></p> <h2> Project Setup </h2> <h3> Create your Django project and app: </h3> <ul> <li>mkdir querysafe &amp;&amp; cd querysafe</li> <li>python -m venv venv</li> <li>source venv/bin/activate</li> <li>pip install -r requirements.txt</li> <li>django-admin startproject querysafe --template <a href="https://github.com/mongodb-labs/django-mongodb-project/archive/refs/heads/6.0.x.zip" rel="noopener noreferrer">https://github.com/mongodb-labs/django-mongodb-project/archive/refs/heads/6.0.x.zip</a> </li> <li>python manage.py startapp riskapp</li> </ul> <h3> Add apps to settings.py </h3> <p>It is ideal to use [MONGODB_USERNAME], [PASSWORD] in an .env file<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">INSTALLED_APPS</span> <span class="o">=</span> <span class="p">[</span> <span class="bp">...</span> <span class="sh">"</span><span class="s">rest_framework</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">drf_spectacular</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">riskapp</span><span class="sh">"</span><span class="p">,</span> <span class="p">]</span> </code></pre> </div> <h3> Configure encrypted database </h3> <p>For the (encrypted) database, let's set up a few things first.</p> <h4> Download mongo_crypt_shared </h4> <ul> <li>Download from MongoDB Enterprise Downloads or choose the current release <a href="https://www.mongodb.com/try/download/enterprise/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=djanog-mongodb-queryable&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">here</a> </li> <li>Extract and note the path to the library file</li> <li>Reference the path in crypt_shared_lib_path in settings.py (usually looks like <code>Crypt_shared_lib_path: /Users/path/mongo_crypt_shared_v1-macos-arm64-enterprise-8.2.5/lib/mongo_crypt_v1.dylib</code>)</li> <li>For more information, check <a href="https://mongodb.com/docs/manual/core/queryable-encryption/install-library/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=djanog-mongodb-queryable&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">here</a> </li> </ul> <p>Now add the encrypted database to your settings.py file under the default database:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">#</span><span class="w"> </span><span class="err">(default)</span><span class="w"> </span><span class="err">`</span><span class="w"> </span><span class="nl">"default"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ENGINE"</span><span class="p">:</span><span class="w"> </span><span class="s2">"django_mongodb_backend"</span><span class="p">,</span><span class="w"> </span><span class="nl">"HOST"</span><span class="p">:</span><span class="w"> </span><span class="s2">"MONGO_URI"</span><span class="p">,</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="s2">"mongodb+srv://[username]:[password]@cluster0.hpljptt.mongodb.net/?appName=devrel-tutorial-python-qe-medium"</span><span class="p">,</span><span class="w"> </span><span class="nl">"NAME"</span><span class="p">:</span><span class="w"> </span><span class="s2">"querysafe"</span><span class="p">,</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">#</span><span class="w"> </span><span class="err">(encrypted)</span><span class="w"> </span><span class="nl">"encrypted"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"ENGINE"</span><span class="p">:</span><span class="w"> </span><span class="s2">"django_mongodb_backend"</span><span class="p">,</span><span class="w"> </span><span class="nl">"HOST"</span><span class="p">:</span><span class="w"> </span><span class="s2">"mongodb+srv://[username]:[password]@cluster0.hpljptt.mongodb.net/?appName=devrel-tutorial-python-qe-medium"</span><span class="p">,</span><span class="w"> </span><span class="nl">"NAME"</span><span class="p">:</span><span class="w"> </span><span class="s2">"encrypted_db"</span><span class="p">,</span><span class="w"> </span><span class="nl">"OPTIONS"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"auto_encryption_opts"</span><span class="p">:</span><span class="w"> </span><span class="err">AutoEncryptionOpts(</span><span class="w"> </span><span class="err">key_vault_namespace=</span><span class="s2">"encrypted_db.__keyVault"</span><span class="p">,</span><span class="w"> </span><span class="err">kms_providers=</span><span class="p">{</span><span class="w"> </span><span class="nl">"local"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="err">Generated</span><span class="w"> </span><span class="err">by</span><span class="w"> </span><span class="err">os.urandom(</span><span class="mi">96</span><span class="err">)</span><span class="w"> </span><span class="nl">"key"</span><span class="p">:</span><span class="w"> </span><span class="err">(</span><span class="w"> </span><span class="err">b'-\xc</span><span class="mi">3</span><span class="err">\x</span><span class="mi">0</span><span class="err">c\xe</span><span class="mi">3</span><span class="err">\x</span><span class="mi">93</span><span class="err">\xc</span><span class="mi">3</span><span class="err">\x</span><span class="mi">8</span><span class="err">b\xc</span><span class="mi">0</span><span class="err">\xf</span><span class="mi">8</span><span class="err">\x</span><span class="mi">12</span><span class="err">\xc</span><span class="mi">5</span><span class="err">#b'</span><span class="w"> </span><span class="err">b'\x</span><span class="mi">19</span><span class="err">\xf</span><span class="mi">3</span><span class="err">\xbc\xccR\xc</span><span class="mi">8</span><span class="err">\xedI\xda\\</span><span class="w"> </span><span class="err">\xfb\x</span><span class="mi">9</span><span class="err">cB'</span><span class="w"> </span><span class="err">b'\x</span><span class="mi">7</span><span class="err">f\xab</span><span class="mi">5</span><span class="err">\xe</span><span class="mi">7</span><span class="err">\xb</span><span class="mi">5</span><span class="err">\xc</span><span class="mi">9</span><span class="err">x\xb</span><span class="mi">8</span><span class="err">\xd</span><span class="mi">4</span><span class="err">d\xba\xdc\x</span><span class="mi">9</span><span class="err">c'</span><span class="w"> </span><span class="err">b'\x</span><span class="mi">9</span><span class="err">a\xdb</span><span class="mi">9</span><span class="err">J]\xe</span><span class="mi">6</span><span class="err">\xce\x</span><span class="mi">104</span><span class="err">p\x</span><span class="mi">079</span><span class="err">q.=\xeb\x</span><span class="mi">9</span><span class="err">dK*'</span><span class="w"> </span><span class="err">b'\x</span><span class="mi">97</span><span class="err">\xea\xf</span><span class="mi">8</span><span class="err">\x</span><span class="mi">1</span><span class="err">e\xc</span><span class="mi">3</span><span class="err">\xd</span><span class="mi">49</span><span class="err">K\x</span><span class="mi">18</span><span class="err">\x</span><span class="mi">81</span><span class="err">\xc</span><span class="mi">3</span><span class="err">\x</span><span class="mi">1</span><span class="err">a</span><span class="s2">"' b'</span><span class="se">\x</span><span class="s2">dc</span><span class="se">\x</span><span class="s2">00U</span><span class="se">\x</span><span class="s2">c4u"</span><span class="err">X\xe</span><span class="mi">7</span><span class="err">xy\xa</span><span class="mi">5</span><span class="err">\xb</span><span class="mi">2</span><span class="err">\x</span><span class="mi">0</span><span class="err">e\xbc\xd</span><span class="mi">6</span><span class="err">+-'</span><span class="w"> </span><span class="err">b'\x</span><span class="mi">80</span><span class="err">\x</span><span class="mi">03</span><span class="err">\xef\xc</span><span class="mi">2</span><span class="err">\xc</span><span class="mi">4</span><span class="err">\x</span><span class="mi">9</span><span class="err">bU'</span><span class="w"> </span><span class="err">)</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="err">crypt_shared_lib_path=</span><span class="s2">"[PATH/TO/mongo_crypt_v1.dylib]"</span><span class="p">,</span><span class="w"> </span><span class="err">#for</span><span class="w"> </span><span class="err">macOS</span><span class="w"> </span><span class="err">crypt_shared_lib_required=True</span><span class="p">,</span><span class="w"> </span><span class="err">)</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">}</span><span class="err">,</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Now, to visualize the encryption process for our risk data, we will first route operations to the encrypted database by creating a router, define our models, perform migrations, seed the db and then take a look at the encrypted fields in the db.</p> <h3> Create a router </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># riskapp/routers.py </span> <span class="k">class</span> <span class="nc">EncryptedRouter</span><span class="p">:</span> <span class="k">def</span> <span class="nf">allow_migrate</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db</span><span class="p">,</span> <span class="n">app_label</span><span class="p">,</span> <span class="n">model_name</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="o">**</span><span class="n">hints</span><span class="p">):</span> <span class="k">if</span> <span class="n">app_label</span> <span class="o">==</span> <span class="sh">"</span><span class="s">riskapp</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="n">db</span> <span class="o">==</span> <span class="sh">"</span><span class="s">encrypted</span><span class="sh">"</span> <span class="k">if</span> <span class="n">db</span> <span class="o">==</span> <span class="sh">"</span><span class="s">encrypted</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="bp">False</span> <span class="k">return</span> <span class="bp">None</span> <span class="k">def</span> <span class="nf">db_for_read</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">model</span><span class="p">,</span> <span class="o">**</span><span class="n">hints</span><span class="p">):</span> <span class="k">if</span> <span class="n">model</span><span class="p">.</span><span class="n">_meta</span><span class="p">.</span><span class="n">app_label</span> <span class="o">==</span> <span class="sh">"</span><span class="s">riskapp</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="sh">"</span><span class="s">encrypted</span><span class="sh">"</span> <span class="k">return</span> <span class="bp">None</span> <span class="n">db_for_write</span> <span class="o">=</span> <span class="n">db_for_read</span> </code></pre> </div> <h3> Define models </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">django.db</span> <span class="kn">import</span> <span class="n">models</span> <span class="kn">from</span> <span class="n">django.conf</span> <span class="kn">import</span> <span class="n">settings</span> <span class="kn">from</span> <span class="n">django_mongodb_backend.models</span> <span class="kn">import</span> <span class="n">EmbeddedModel</span> <span class="kn">from</span> <span class="n">django_mongodb_backend.fields</span> <span class="kn">import</span> <span class="p">(</span> <span class="n">EncryptedCharField</span><span class="p">,</span> <span class="n">EmbeddedModelField</span><span class="p">,</span> <span class="p">)</span> <span class="k">class</span> <span class="nc">RiskCategory</span><span class="p">(</span><span class="n">EmbeddedModel</span><span class="p">):</span> <span class="n">name</span> <span class="o">=</span> <span class="nc">EncryptedCharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">100</span><span class="p">)</span> <span class="n">description</span> <span class="o">=</span> <span class="nc">EncryptedCharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">500</span><span class="p">,</span> <span class="n">blank</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">def</span> <span class="nf">__str__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="nf">str</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">name</span><span class="p">)</span> <span class="k">class</span> <span class="nc">RiskOwner</span><span class="p">(</span><span class="n">EmbeddedModel</span><span class="p">):</span> <span class="n">username</span> <span class="o">=</span> <span class="nc">EncryptedCharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">150</span><span class="p">)</span> <span class="n">email</span> <span class="o">=</span> <span class="nc">EncryptedCharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">254</span><span class="p">,</span> <span class="n">blank</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">role</span> <span class="o">=</span> <span class="nc">EncryptedCharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">100</span><span class="p">,</span> <span class="n">blank</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">def</span> <span class="nf">__str__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">username</span><span class="si">}</span><span class="s"> (</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">role</span><span class="si">}</span><span class="s">)</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">Risk</span><span class="p">(</span><span class="n">EmbeddedModel</span><span class="p">):</span> <span class="n">title</span> <span class="o">=</span> <span class="nc">EncryptedCharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">200</span><span class="p">)</span> <span class="n">description</span> <span class="o">=</span> <span class="nc">EncryptedCharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">500</span><span class="p">,</span> <span class="n">blank</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="sh">""</span><span class="p">)</span> <span class="n">category</span> <span class="o">=</span> <span class="nc">EmbeddedModelField</span><span class="p">(</span><span class="n">RiskCategory</span><span class="p">)</span> <span class="k">def</span> <span class="nf">__str__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="nf">str</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">title</span><span class="p">)</span> <span class="k">class</span> <span class="nc">RiskAssessment</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Model</span><span class="p">):</span> <span class="n">RISK_LEVEL_CHOICES</span> <span class="o">=</span> <span class="p">[</span> <span class="p">(</span><span class="sh">"</span><span class="s">Low</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Low</span><span class="sh">"</span><span class="p">),</span> <span class="p">(</span><span class="sh">"</span><span class="s">Medium</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Medium</span><span class="sh">"</span><span class="p">),</span> <span class="p">(</span><span class="sh">"</span><span class="s">High</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">High</span><span class="sh">"</span><span class="p">),</span> <span class="p">]</span> <span class="n">risk</span> <span class="o">=</span> <span class="nc">EmbeddedModelField</span><span class="p">(</span><span class="n">Risk</span><span class="p">)</span> <span class="n">owner</span> <span class="o">=</span> <span class="nc">EmbeddedModelField</span><span class="p">(</span><span class="n">RiskOwner</span><span class="p">,</span> <span class="n">blank</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">null</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">likelihood</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">10</span><span class="p">,</span> <span class="n">choices</span><span class="o">=</span><span class="n">RISK_LEVEL_CHOICES</span><span class="p">)</span> <span class="n">impact</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">10</span><span class="p">,</span> <span class="n">choices</span><span class="o">=</span><span class="n">RISK_LEVEL_CHOICES</span><span class="p">)</span> <span class="n">score</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">PositiveSmallIntegerField</span><span class="p">()</span> <span class="n">assessed_on</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">DateField</span><span class="p">(</span><span class="n">auto_now_add</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">class</span> <span class="nc">Meta</span><span class="p">:</span> <span class="n">db_table</span> <span class="o">=</span> <span class="sh">"</span><span class="s">risk_assessments</span><span class="sh">"</span> <span class="n">ordering</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">-assessed_on</span><span class="sh">"</span><span class="p">]</span> <span class="n">indexes</span> <span class="o">=</span> <span class="p">[</span> <span class="n">models</span><span class="p">.</span><span class="nc">Index</span><span class="p">(</span><span class="n">fields</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">likelihood</span><span class="sh">"</span><span class="p">]),</span> <span class="n">models</span><span class="p">.</span><span class="nc">Index</span><span class="p">(</span><span class="n">fields</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">impact</span><span class="sh">"</span><span class="p">]),</span> <span class="n">models</span><span class="p">.</span><span class="nc">Index</span><span class="p">(</span><span class="n">fields</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">]),</span> <span class="p">]</span> <span class="k">def</span> <span class="nf">__str__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">risk</span><span class="p">.</span><span class="n">title</span><span class="si">}</span><span class="s"> (</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">likelihood</span><span class="si">}</span><span class="s">/</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">impact</span><span class="si">}</span><span class="s">)</span><span class="sh">"</span> </code></pre> </div> <h4> Run migrations </h4> <p><code>python manage.py makemigrations riskapp</code><br> <code>python manage.py migrate --database encrypted</code></p> <h3> Create serializers for request and response </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1">#serializers.py </span><span class="kn">from</span> <span class="n">rest_framework</span> <span class="kn">import</span> <span class="n">serializers</span> <span class="n">RISK_LEVEL_CHOICES</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">Low</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Medium</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">High</span><span class="sh">"</span><span class="p">]</span> <span class="k">class</span> <span class="nc">RiskCategorySerializer</span><span class="p">(</span><span class="n">serializers</span><span class="p">.</span><span class="n">Serializer</span><span class="p">):</span> <span class="n">name</span> <span class="o">=</span> <span class="n">serializers</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">100</span><span class="p">)</span> <span class="n">description</span> <span class="o">=</span> <span class="n">serializers</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span> <span class="n">max_length</span><span class="o">=</span><span class="mi">500</span><span class="p">,</span> <span class="n">required</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="sh">""</span> <span class="p">)</span> <span class="k">class</span> <span class="nc">RiskSerializer</span><span class="p">(</span><span class="n">serializers</span><span class="p">.</span><span class="n">Serializer</span><span class="p">):</span> <span class="n">title</span> <span class="o">=</span> <span class="n">serializers</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">200</span><span class="p">)</span> <span class="n">description</span> <span class="o">=</span> <span class="n">serializers</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span> <span class="n">max_length</span><span class="o">=</span><span class="mi">500</span><span class="p">,</span> <span class="n">required</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="sh">""</span> <span class="p">)</span> <span class="n">category</span> <span class="o">=</span> <span class="nc">RiskCategorySerializer</span><span class="p">()</span> <span class="k">class</span> <span class="nc">RiskOwnerSerializer</span><span class="p">(</span><span class="n">serializers</span><span class="p">.</span><span class="n">Serializer</span><span class="p">):</span> <span class="n">username</span> <span class="o">=</span> <span class="n">serializers</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">150</span><span class="p">)</span> <span class="n">email</span> <span class="o">=</span> <span class="n">serializers</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">254</span><span class="p">,</span> <span class="n">required</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="sh">""</span><span class="p">)</span> <span class="n">role</span> <span class="o">=</span> <span class="n">serializers</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">100</span><span class="p">,</span> <span class="n">required</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="sh">""</span><span class="p">)</span> <span class="k">class</span> <span class="nc">AssessmentSerializer</span><span class="p">(</span><span class="n">serializers</span><span class="p">.</span><span class="n">Serializer</span><span class="p">):</span> <span class="n">risk</span> <span class="o">=</span> <span class="nc">RiskSerializer</span><span class="p">()</span> <span class="n">owner</span> <span class="o">=</span> <span class="nc">RiskOwnerSerializer</span><span class="p">(</span><span class="n">required</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">likelihood</span> <span class="o">=</span> <span class="n">serializers</span><span class="p">.</span><span class="nc">ChoiceField</span><span class="p">(</span><span class="n">choices</span><span class="o">=</span><span class="n">RISK_LEVEL_CHOICES</span><span class="p">)</span> <span class="n">impact</span> <span class="o">=</span> <span class="n">serializers</span><span class="p">.</span><span class="nc">ChoiceField</span><span class="p">(</span><span class="n">choices</span><span class="o">=</span><span class="n">RISK_LEVEL_CHOICES</span><span class="p">)</span> <span class="n">score</span> <span class="o">=</span> <span class="n">serializers</span><span class="p">.</span><span class="nc">IntegerField</span><span class="p">(</span><span class="n">min_value</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span> <span class="n">max_value</span><span class="o">=</span><span class="mi">10</span><span class="p">)</span> <span class="k">class</span> <span class="nc">AssessmentResponseSerializer</span><span class="p">(</span><span class="n">serializers</span><span class="p">.</span><span class="n">Serializer</span><span class="p">):</span> <span class="nb">id</span> <span class="o">=</span> <span class="n">serializers</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span><span class="n">source</span><span class="o">=</span><span class="sh">'</span><span class="s">pk</span><span class="sh">'</span><span class="p">,</span> <span class="n">read_only</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">risk</span> <span class="o">=</span> <span class="nc">RiskSerializer</span><span class="p">()</span> <span class="n">owner</span> <span class="o">=</span> <span class="nc">RiskOwnerSerializer</span><span class="p">()</span> <span class="n">likelihood</span> <span class="o">=</span> <span class="n">serializers</span><span class="p">.</span><span class="nc">CharField</span><span class="p">()</span> <span class="n">impact</span> <span class="o">=</span> <span class="n">serializers</span><span class="p">.</span><span class="nc">CharField</span><span class="p">()</span> <span class="n">score</span> <span class="o">=</span> <span class="n">serializers</span><span class="p">.</span><span class="nc">IntegerField</span><span class="p">()</span> <span class="n">assessed_on</span> <span class="o">=</span> <span class="n">serializers</span><span class="p">.</span><span class="nc">DateField</span><span class="p">()</span> </code></pre> </div> <h3> Create class-based views with APIView </h3> <p>We will use <code>@extend_schema</code> to provide detailed, accurate documentation for each endpoint.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1">#views.py </span> <span class="kn">from</span> <span class="n">rest_framework</span> <span class="kn">import</span> <span class="n">status</span> <span class="kn">from</span> <span class="n">rest_framework.response</span> <span class="kn">import</span> <span class="n">Response</span> <span class="kn">from</span> <span class="n">rest_framework.views</span> <span class="kn">import</span> <span class="n">APIView</span> <span class="kn">from</span> <span class="n">drf_spectacular.utils</span> <span class="kn">import</span> <span class="n">extend_schema</span> <span class="kn">from</span> <span class="n">riskapp.models</span> <span class="kn">import</span> <span class="p">(</span> <span class="n">RiskAssessment</span><span class="p">,</span> <span class="n">Risk</span><span class="p">,</span> <span class="n">RiskCategory</span><span class="p">,</span> <span class="n">RiskOwner</span><span class="p">,</span> <span class="p">)</span> <span class="kn">from</span> <span class="n">riskapp.serializers</span> <span class="kn">import</span> <span class="p">(</span> <span class="n">AssessmentSerializer</span><span class="p">,</span> <span class="n">AssessmentResponseSerializer</span><span class="p">,</span> <span class="p">)</span> <span class="n">DB</span> <span class="o">=</span> <span class="sh">'</span><span class="s">encrypted_db</span><span class="sh">'</span> <span class="k">class</span> <span class="nc">AssessmentView</span><span class="p">(</span><span class="n">APIView</span><span class="p">):</span> <span class="nd">@extend_schema</span><span class="p">(</span> <span class="n">responses</span><span class="o">=</span><span class="nc">AssessmentResponseSerializer</span><span class="p">(</span><span class="n">many</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="n">summary</span><span class="o">=</span><span class="sh">"</span><span class="s">List all assessments</span><span class="sh">"</span><span class="p">,</span> <span class="n">tags</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">Assessments</span><span class="sh">"</span><span class="p">],</span> <span class="p">)</span> <span class="k">def</span> <span class="nf">get</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">):</span> <span class="n">assessments</span> <span class="o">=</span> <span class="n">RiskAssessment</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">using</span><span class="p">(</span><span class="n">DB</span><span class="p">).</span><span class="nf">all</span><span class="p">()</span> <span class="n">serializer</span> <span class="o">=</span> <span class="nc">AssessmentResponseSerializer</span><span class="p">(</span><span class="n">assessments</span><span class="p">,</span> <span class="n">many</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">return</span> <span class="nc">Response</span><span class="p">(</span><span class="n">serializer</span><span class="p">.</span><span class="n">data</span><span class="p">)</span> <span class="nd">@extend_schema</span><span class="p">(</span> <span class="n">request</span><span class="o">=</span><span class="n">AssessmentSerializer</span><span class="p">,</span> <span class="n">responses</span><span class="o">=</span><span class="n">AssessmentResponseSerializer</span><span class="p">,</span> <span class="n">summary</span><span class="o">=</span><span class="sh">"</span><span class="s">Create an assessment</span><span class="sh">"</span><span class="p">,</span> <span class="n">tags</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">Assessments</span><span class="sh">"</span><span class="p">],</span> <span class="p">)</span> <span class="k">def</span> <span class="nf">post</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">):</span> <span class="n">serializer</span> <span class="o">=</span> <span class="nc">AssessmentSerializer</span><span class="p">(</span><span class="n">data</span><span class="o">=</span><span class="n">request</span><span class="p">.</span><span class="n">data</span><span class="p">)</span> <span class="n">serializer</span><span class="p">.</span><span class="nf">is_valid</span><span class="p">(</span><span class="n">raise_exception</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">data</span> <span class="o">=</span> <span class="n">serializer</span><span class="p">.</span><span class="n">validated_data</span> <span class="n">risk_data</span> <span class="o">=</span> <span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">risk</span><span class="sh">'</span><span class="p">]</span> <span class="n">category_data</span> <span class="o">=</span> <span class="n">risk_data</span><span class="p">[</span><span class="sh">'</span><span class="s">category</span><span class="sh">'</span><span class="p">]</span> <span class="n">assessment</span> <span class="o">=</span> <span class="nc">RiskAssessment</span><span class="p">(</span> <span class="n">risk</span><span class="o">=</span><span class="nc">Risk</span><span class="p">(</span> <span class="n">title</span><span class="o">=</span><span class="n">risk_data</span><span class="p">[</span><span class="sh">'</span><span class="s">title</span><span class="sh">'</span><span class="p">],</span> <span class="n">description</span><span class="o">=</span><span class="n">risk_data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">description</span><span class="sh">'</span><span class="p">,</span> <span class="sh">''</span><span class="p">),</span> <span class="n">category</span><span class="o">=</span><span class="nc">RiskCategory</span><span class="p">(</span> <span class="n">name</span><span class="o">=</span><span class="n">category_data</span><span class="p">[</span><span class="sh">'</span><span class="s">name</span><span class="sh">'</span><span class="p">],</span> <span class="n">description</span><span class="o">=</span><span class="n">category_data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">description</span><span class="sh">'</span><span class="p">,</span> <span class="sh">''</span><span class="p">),</span> <span class="p">),</span> <span class="p">),</span> <span class="n">likelihood</span><span class="o">=</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">likelihood</span><span class="sh">'</span><span class="p">],</span> <span class="n">impact</span><span class="o">=</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">impact</span><span class="sh">'</span><span class="p">],</span> <span class="n">score</span><span class="o">=</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">score</span><span class="sh">'</span><span class="p">],</span> <span class="p">)</span> <span class="k">if</span> <span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">owner</span><span class="sh">'</span><span class="p">):</span> <span class="n">owner_data</span> <span class="o">=</span> <span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">owner</span><span class="sh">'</span><span class="p">]</span> <span class="n">assessment</span><span class="p">.</span><span class="n">owner</span> <span class="o">=</span> <span class="nc">RiskOwner</span><span class="p">(</span> <span class="n">username</span><span class="o">=</span><span class="n">owner_data</span><span class="p">[</span><span class="sh">'</span><span class="s">username</span><span class="sh">'</span><span class="p">],</span> <span class="n">email</span><span class="o">=</span><span class="n">owner_data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">email</span><span class="sh">'</span><span class="p">,</span> <span class="sh">''</span><span class="p">),</span> <span class="n">role</span><span class="o">=</span><span class="n">owner_data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">role</span><span class="sh">'</span><span class="p">,</span> <span class="sh">''</span><span class="p">),</span> <span class="p">)</span> <span class="n">assessment</span><span class="p">.</span><span class="nf">save</span><span class="p">(</span><span class="n">using</span><span class="o">=</span><span class="n">DB</span><span class="p">)</span> <span class="k">return</span> <span class="nc">Response</span><span class="p">(</span> <span class="nc">AssessmentResponseSerializer</span><span class="p">(</span><span class="n">assessment</span><span class="p">).</span><span class="n">data</span><span class="p">,</span> <span class="n">status</span><span class="o">=</span><span class="n">status</span><span class="p">.</span><span class="n">HTTP_201_CREATED</span><span class="p">,</span> <span class="p">)</span> </code></pre> </div> <h3> Add urls.py at the project and app level. </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1">#querysafe/urls.py </span> <span class="kn">from</span> <span class="n">django.contrib</span> <span class="kn">import</span> <span class="n">admin</span> <span class="kn">from</span> <span class="n">django.urls</span> <span class="kn">import</span> <span class="n">path</span><span class="p">,</span> <span class="n">include</span> <span class="kn">from</span> <span class="n">drf_spectacular.views</span> <span class="kn">import</span> <span class="n">SpectacularAPIView</span><span class="p">,</span> <span class="n">SpectacularSwaggerView</span> <span class="n">urlpatterns</span> <span class="o">=</span> <span class="p">[</span> <span class="nf">path</span><span class="p">(</span><span class="sh">'</span><span class="s">admin/</span><span class="sh">'</span><span class="p">,</span> <span class="n">admin</span><span class="p">.</span><span class="n">site</span><span class="p">.</span><span class="n">urls</span><span class="p">),</span> <span class="nf">path</span><span class="p">(</span><span class="sh">'</span><span class="s">api/</span><span class="sh">'</span><span class="p">,</span> <span class="nf">include</span><span class="p">(</span><span class="sh">'</span><span class="s">riskapp.urls</span><span class="sh">'</span><span class="p">)),</span> <span class="nf">path</span><span class="p">(</span><span class="sh">'</span><span class="s">api/schema/</span><span class="sh">'</span><span class="p">,</span> <span class="n">SpectacularAPIView</span><span class="p">.</span><span class="nf">as_view</span><span class="p">(),</span> <span class="n">name</span><span class="o">=</span><span class="sh">'</span><span class="s">schema</span><span class="sh">'</span><span class="p">),</span> <span class="c1">#for swagger-ui </span> <span class="nf">path</span><span class="p">(</span><span class="sh">'</span><span class="s">api/docs/</span><span class="sh">'</span><span class="p">,</span> <span class="n">SpectacularSwaggerView</span><span class="p">.</span><span class="nf">as_view</span><span class="p">(</span><span class="n">url_name</span><span class="o">=</span><span class="sh">'</span><span class="s">schema</span><span class="sh">'</span><span class="p">),</span> <span class="n">name</span><span class="o">=</span><span class="sh">'</span><span class="s">swagger-ui</span><span class="sh">'</span><span class="p">),</span> <span class="c1">#for swagger-ui </span><span class="p">]</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1">#riskapp/urls.py </span> <span class="kn">from</span> <span class="n">django.urls</span> <span class="kn">import</span> <span class="n">path</span> <span class="kn">from</span> <span class="n">riskapp.views</span> <span class="kn">import</span> <span class="n">AssessmentView</span> <span class="n">urlpatterns</span> <span class="o">=</span> <span class="p">[</span> <span class="nf">path</span><span class="p">(</span><span class="sh">'</span><span class="s">assessments/</span><span class="sh">'</span><span class="p">,</span> <span class="n">AssessmentView</span><span class="p">.</span><span class="nf">as_view</span><span class="p">(),</span> <span class="n">name</span><span class="o">=</span><span class="sh">'</span><span class="s">assessments</span><span class="sh">'</span><span class="p">),</span> <span class="p">]</span> </code></pre> </div> <p>Next, we will create a management command structure for custom management commands by: </p> <ul> <li>Creating a folder called management in the riskapp and a folder called commands, which is where we will add a Python script to seed the data. This can be achieved either via the GUI or by running <code>mkdir -p riskapp/management/commands</code>.</li> <li>Then creating <strong>init</strong>.py(empty) files in each directory to make them Python packages by <code>touch riskapp/management/__init__.py</code> and <code>touch riskapp/management/commands/__init__.py</code> or by creating them via GUI.</li> </ul> <h3> Seed data with the seed_data.py, which contains mock data below. </h3> <p>NB: Because encrypted fields can't be queried, the seed script uses create() with in-memory references and a --target flush flag to stay rerunnable.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1">#seed_data.py </span> <span class="kn">from</span> <span class="n">django.core.management.base</span> <span class="kn">import</span> <span class="n">BaseCommand</span> <span class="kn">from</span> <span class="n">django.db</span> <span class="kn">import</span> <span class="n">transaction</span> <span class="kn">from</span> <span class="n">riskapp.models</span> <span class="kn">import</span> <span class="p">(</span> <span class="n">RiskAssessment</span><span class="p">,</span> <span class="n">Risk</span><span class="p">,</span> <span class="n">RiskCategory</span><span class="p">,</span> <span class="n">RiskOwner</span><span class="p">,</span> <span class="p">)</span> <span class="n">ASSESSMENTS</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">risk_title</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">NoSQL Injection</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">risk_description</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Potential NoSQL injection via unsanitised operators</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">category</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Security</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">cat_desc</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Security and authentication data</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">likelihood</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">High</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">impact</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">High</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">:</span> <span class="mi">9</span><span class="p">,</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">"</span><span class="s">risk_title</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Data Exposure</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">risk_description</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Sensitive data returned without field projection</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">category</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Personal</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">cat_desc</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Personal identifiable information (PII)</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">likelihood</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Medium</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">impact</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">High</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">:</span> <span class="mi">7</span><span class="p">,</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">"</span><span class="s">risk_title</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Privilege Escalation</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">risk_description</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Attempt to modify roles or permissions</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">category</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Security</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">cat_desc</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Security and authentication data</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">likelihood</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Low</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">impact</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">High</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">:</span> <span class="mi">6</span><span class="p">,</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">"</span><span class="s">risk_title</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">GDPR Violation</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">risk_description</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Query accesses EU citizen data without consent check</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">category</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Compliance</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">cat_desc</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Regulatory and compliance data</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">likelihood</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Medium</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">impact</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Medium</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">:</span> <span class="mi">5</span><span class="p">,</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">"</span><span class="s">risk_title</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">PHI Exposure</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">risk_description</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Protected health information returned in query</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">category</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Healthcare</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">cat_desc</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Medical and health records (PHI)</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">likelihood</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">High</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">impact</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">High</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">:</span> <span class="mi">9</span><span class="p">,</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">"</span><span class="s">risk_title</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Credit Card Leak</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">risk_description</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Payment card data queried without masking</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">category</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Financial</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">cat_desc</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Financial data and transactions</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">likelihood</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Medium</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">impact</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">High</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">:</span> <span class="mi">8</span><span class="p">,</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">"</span><span class="s">risk_title</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Mass Data Export</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">risk_description</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Query fetches excessive number of documents</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">category</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Compliance</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">cat_desc</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Regulatory and compliance data</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">likelihood</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Low</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">impact</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Medium</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">:</span> <span class="mi">4</span><span class="p">,</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">"</span><span class="s">risk_title</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Unindexed Scan</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">risk_description</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Collection scan on sensitive collection</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">category</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Financial</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">cat_desc</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Financial data and transactions</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">likelihood</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">High</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">impact</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Low</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span> <span class="p">},</span> <span class="p">]</span> <span class="k">class</span> <span class="nc">Command</span><span class="p">(</span><span class="n">BaseCommand</span><span class="p">):</span> <span class="sh">"""</span><span class="s"> Seed the database with sample risk assessment data. Use --target flush to clear data before reseeding. </span><span class="sh">"""</span> <span class="n">help</span> <span class="o">=</span> <span class="sh">"</span><span class="s">Seed the database with sample risk assessment data</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">add_arguments</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">parser</span><span class="p">):</span> <span class="n">parser</span><span class="p">.</span><span class="nf">add_argument</span><span class="p">(</span> <span class="sh">'</span><span class="s">--target</span><span class="sh">'</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="sh">'</span><span class="s">all</span><span class="sh">'</span><span class="p">,</span> <span class="n">choices</span><span class="o">=</span><span class="p">[</span><span class="sh">'</span><span class="s">all</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">default</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">encrypted</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">flush</span><span class="sh">'</span><span class="p">],</span> <span class="n">help</span><span class="o">=</span><span class="sh">"'</span><span class="s">flush</span><span class="sh">'</span><span class="s"> to clear data, </span><span class="sh">'</span><span class="s">all</span><span class="sh">'</span><span class="s"> to seed both, or specify a database</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="k">def</span> <span class="nf">handle</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">options</span><span class="p">):</span> <span class="n">target</span> <span class="o">=</span> <span class="n">options</span><span class="p">[</span><span class="sh">'</span><span class="s">target</span><span class="sh">'</span><span class="p">]</span> <span class="k">if</span> <span class="n">target</span> <span class="o">==</span> <span class="sh">'</span><span class="s">flush</span><span class="sh">'</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="nf">_flush</span><span class="p">(</span><span class="sh">'</span><span class="s">default</span><span class="sh">'</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="nf">_flush</span><span class="p">(</span><span class="sh">'</span><span class="s">encrypted</span><span class="sh">'</span><span class="p">)</span> <span class="k">return</span> <span class="k">if</span> <span class="n">target</span> <span class="o">==</span> <span class="sh">'</span><span class="s">all</span><span class="sh">'</span><span class="p">:</span> <span class="n">databases</span> <span class="o">=</span> <span class="p">[</span><span class="sh">'</span><span class="s">default</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">encrypted</span><span class="sh">'</span><span class="p">]</span> <span class="k">else</span><span class="p">:</span> <span class="n">databases</span> <span class="o">=</span> <span class="p">[</span><span class="n">target</span><span class="p">]</span> <span class="k">try</span><span class="p">:</span> <span class="k">for</span> <span class="n">db</span> <span class="ow">in</span> <span class="n">databases</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">db</span> <span class="o">=</span> <span class="n">db</span> <span class="n">self</span><span class="p">.</span><span class="n">stdout</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="se">\n</span><span class="s">Seeding into: </span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">db</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">with</span> <span class="n">transaction</span><span class="p">.</span><span class="nf">atomic</span><span class="p">(</span><span class="n">using</span><span class="o">=</span><span class="n">self</span><span class="p">.</span><span class="n">db</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="nf">_seed_assessments</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="n">stdout</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">style</span><span class="p">.</span><span class="nc">SUCCESS</span><span class="p">(</span><span class="sh">"</span><span class="se">\n</span><span class="s">All data seeded successfully!</span><span class="sh">"</span><span class="p">))</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">stdout</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">style</span><span class="p">.</span><span class="nc">ERROR</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="se">\n</span><span class="s">Seeding failed: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">))</span> <span class="k">def</span> <span class="nf">_flush</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db</span><span class="p">):</span> <span class="n">RiskAssessment</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">using</span><span class="p">(</span><span class="n">db</span><span class="p">).</span><span class="nf">all</span><span class="p">().</span><span class="nf">delete</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="n">stdout</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">style</span><span class="p">.</span><span class="nc">WARNING</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Flushed data from: </span><span class="si">{</span><span class="n">db</span><span class="si">}</span><span class="sh">"</span><span class="p">))</span> <span class="k">def</span> <span class="nf">_seed_assessments</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">stdout</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="sh">"</span><span class="se">\n</span><span class="s">--- Seeding Risk Assessments ---</span><span class="sh">"</span><span class="p">)</span> <span class="n">owner</span> <span class="o">=</span> <span class="nc">RiskOwner</span><span class="p">(</span> <span class="n">username</span><span class="o">=</span><span class="sh">"</span><span class="s">assessor</span><span class="sh">"</span><span class="p">,</span> <span class="n">email</span><span class="o">=</span><span class="sh">"</span><span class="s">assessor@querysafe.com</span><span class="sh">"</span><span class="p">,</span> <span class="n">role</span><span class="o">=</span><span class="sh">"</span><span class="s">Analyst</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="k">for</span> <span class="n">item</span> <span class="ow">in</span> <span class="n">ASSESSMENTS</span><span class="p">:</span> <span class="n">assessment</span> <span class="o">=</span> <span class="nc">RiskAssessment</span><span class="p">(</span> <span class="n">risk</span><span class="o">=</span><span class="nc">Risk</span><span class="p">(</span> <span class="n">title</span><span class="o">=</span><span class="n">item</span><span class="p">[</span><span class="sh">"</span><span class="s">risk_title</span><span class="sh">"</span><span class="p">],</span> <span class="n">description</span><span class="o">=</span><span class="n">item</span><span class="p">[</span><span class="sh">"</span><span class="s">risk_description</span><span class="sh">"</span><span class="p">],</span> <span class="n">category</span><span class="o">=</span><span class="nc">RiskCategory</span><span class="p">(</span> <span class="n">name</span><span class="o">=</span><span class="n">item</span><span class="p">[</span><span class="sh">"</span><span class="s">category</span><span class="sh">"</span><span class="p">],</span> <span class="n">description</span><span class="o">=</span><span class="n">item</span><span class="p">[</span><span class="sh">"</span><span class="s">cat_desc</span><span class="sh">"</span><span class="p">],</span> <span class="p">),</span> <span class="p">),</span> <span class="n">owner</span><span class="o">=</span><span class="n">owner</span><span class="p">,</span> <span class="n">likelihood</span><span class="o">=</span><span class="n">item</span><span class="p">[</span><span class="sh">"</span><span class="s">likelihood</span><span class="sh">"</span><span class="p">],</span> <span class="n">impact</span><span class="o">=</span><span class="n">item</span><span class="p">[</span><span class="sh">"</span><span class="s">impact</span><span class="sh">"</span><span class="p">],</span> <span class="n">score</span><span class="o">=</span><span class="n">item</span><span class="p">[</span><span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">],</span> <span class="p">)</span> <span class="n">assessment</span><span class="p">.</span><span class="nf">save</span><span class="p">(</span><span class="n">using</span><span class="o">=</span><span class="n">self</span><span class="p">.</span><span class="n">db</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">stdout</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="s"> Created: </span><span class="si">{</span><span class="n">item</span><span class="p">[</span><span class="sh">'</span><span class="s">risk_title</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> (</span><span class="si">{</span><span class="n">item</span><span class="p">[</span><span class="sh">'</span><span class="s">likelihood</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">/</span><span class="si">{</span><span class="n">item</span><span class="p">[</span><span class="sh">'</span><span class="s">impact</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">)</span><span class="sh">"</span> <span class="p">)</span> </code></pre> </div> <p>Run the script file in the terminal<br> <code>python manage.py seed_data</code></p> <h2> Swagger Documentation </h2> <p>Next, we add Swagger UI to create a presentation layer for our API.</p> <p>Install drf-spectacular<br> <code>pip install drf-spectacular</code></p> <p>Next, add it to your <strong>INSTALLED_APPS</strong> and configure it in settings.py:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">INSTALLED_APPS</span> <span class="o">=</span> <span class="p">[</span> <span class="sh">'</span><span class="s">querysafe.apps.MongoAdminConfig</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">querysafe.apps.MongoAuthConfig</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">querysafe.apps.MongoContentTypesConfig</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">django.contrib.sessions</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">django.contrib.messages</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">django.contrib.staticfiles</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">django_mongodb_backend</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">drf_spectacular</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">riskapp</span><span class="sh">'</span><span class="p">,</span> <span class="p">]</span> <span class="n">REST_FRAMEWORK</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">DEFAULT_SCHEMA_CLASS</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">drf_spectacular.openapi.AutoSchema</span><span class="sh">"</span><span class="p">,</span> <span class="p">}</span> <span class="n">SPECTACULAR_SETTINGS</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">TITLE</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">QuerySafe API</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">DESCRIPTION</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">API for Risk Assessment using Queryable Encryption</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">VERSION</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">1.0.0</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">SERVE_INCLUDE_SCHEMA</span><span class="sh">"</span><span class="p">:</span> <span class="bp">False</span><span class="p">,</span> <span class="p">}</span> </code></pre> </div> <p>Next, run the server to access the Swagger UI at <a href="http://localhost:8000/api/docs/" rel="noopener noreferrer">http://localhost:8000/api/docs/</a></p> <h2> Results </h2> <h3> Encrypted Data in MongoDB Atlas </h3> <p>The following screenshots show how sensitive data appears as encrypted binary data when viewed directly in MongoDB Atlas, while the Swagger interface displays the decrypted plaintext for authorized users.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6ww9iv7ywrptio2mvgwe.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6ww9iv7ywrptio2mvgwe.png" alt="MongoDB Atlas view showing risk assessment documents with encrypted fields displayed as binary data" width="800" height="207"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmfwt60n0bc86zolxh6z2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmfwt60n0bc86zolxh6z2.png" alt="MongoDB Atlas view showing encrypted embedded models and their fields" width="800" height="536"></a></p> <h3> Swagger UI (Auto-Decrypted) </h3> <p>The Swagger UI at <code>http://127.0.0.1:8000/api/docs/</code> automatically decrypts and displays the data in plaintext for API consumers.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu8qhoao02x08kpkkifu5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu8qhoao02x08kpkkifu5.png" alt="Swagger UI displaying the GET method response with decrypted risk assessment data" width="800" height="481"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F65k53bdx9qpupxj2v6ir.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F65k53bdx9qpupxj2v6ir.png" alt="Swagger UI showing the POST method request payload for creating a new assessment" width="800" height="473"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzcee7qwe5spqvjvx3v23.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzcee7qwe5spqvjvx3v23.png" alt="Swagger UI showing the POST method response with the newly created assessment" width="800" height="473"></a></p> <h3> Terminal Query </h3> <p>When querying the database directly from the terminal using <code>find_one()</code>, the data appears as encrypted binary, demonstrating that the database server never has access to the plaintext.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7fm7nsm3cfh9kl9piwea.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7fm7nsm3cfh9kl9piwea.png" alt="Terminal screenshot showing encrypted binary data returned from a MongoDB query" width="800" height="475"></a></p> <h2> Limitations </h2> <ul> <li>With Django MongoDB Backend’s encrypted model fields, you cannot use <code>get_or_create()</code> or <code>filter()</code> — each encryption produces a different ciphertext, so WHERE lookups never match.</li> <li>Performance cost of client-side encryption/decryption - A read and write to an encrypted field requires client-side encryption/decryption on raw values directly. After fetching the data, your application server must individually decrypt each field for every record. This means that listing 1000 records requires 1000 decryption operations, which adds CPU overhead and slows down response times.</li> <li>Why you can't encrypt everything: <ul> <li>Dates — <code>auto_now_add</code>, <code>ordering</code>, and <code>date filtering</code> won't work on encrypted fields, else you can’t auto-populate timestamps <code>(auto_now_add)</code>, order results <code>(order_by('-created_at'))</code> or filter by date ranges <code>(filter(created_at__gte=last_week))</code>.</li> <li>Scores/numbers — you can't sort or aggregate encrypted values / The database can't perform <code>ORDER BY</code>, <code>SUM()</code>, <code>AVG()</code>, <code>MIN()</code>, <code>MAX()</code>, or range queries <code>(filter(risk_score__gte=80))</code> on encrypted values because it just sees random ciphertext.</li> <li>Indexed fields — CharField with choices like likelihood and impact need to remain queryable, so they can’t be encrypted.</li> </ul> </li> </ul> <h2> Key Takeaways </h2> <ul> <li>Only encrypt fields that hold sensitive data and that you never need to search, sort, or filter by at the database level.</li> <li>In the event of a database breach, the binary data won't be of any use to attackers, which keeps the integrity of your data safe (MongoDB never sees your plaintext data).</li> </ul> <p>If you liked this tutorial, kindly comment and give me an emoji.</p> <p>Thank you.</p> <h2> References </h2> <ul> <li><a href="https://www.eiopa.europa.eu/digital-operational-resilience-act-dora_en" rel="noopener noreferrer">Digital Operational Resilience Act (DORA)</a></li> <li><a href="https://www.mongodb.com/docs/languages/python/django-mongodb/current/queryable-encryption/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=djanog-mongodb-queryable&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">Queryable Encryption with Django MongoDB Backend</a></li> <li><a href="https://github.com/mongodb-developer/django-mongodb-qe" rel="noopener noreferrer">GitHub Project Link</a></li> </ul> django mongodb encryption Abigail Afi Gbadago Mon, 08 Dec 2025 17:02:51 +0000 https://forem.com/mongodb/build-a-rag-app-with-django-mongodb-backend-in-30-minutes-59ao https://forem.com/mongodb/build-a-rag-app-with-django-mongodb-backend-in-30-minutes-59ao <p>The festive holidays are upon us. This is the time for deep reflections, catching up with family and friends, and enjoying life in general as the year comes to a close. This period is also a great time to rewatch old movie classics as we slide into the new year.</p> <p>Today, we will build a retrieval-augmented generation (RAG) app to give us holiday movie recommendations. We will go through it step by step so that you fully understand how you can create one on your own.</p> <h2> What we will build </h2> <p>A RAG app in 30 minutes using:</p> <ul> <li><p><a href="https://www.mongodb.com/docs/languages/python/django-mongodb/current/get-started/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=django+mdb+rag+app&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">Django MongoDB Backend</a>. <br> Django MongoDB Backend is a Django database backend that uses PyMongo to connect to MongoDB.</p></li> <li><p><a href="https://docs.voyageai.com/docs/introduction" rel="noopener noreferrer">Voyage AI</a>. <br> Voyage AI (part of MongoDB) is a platform that provides the tools to build state-of-the-art AI models, semantic search, RAG, and agentic applications.</p></li> <li><p><a href="https://docs.langchain.com/oss/python/langchain/rag" rel="noopener noreferrer">LangChain</a>. <br> LangChain is an orchestration framework that simplifies and streamlines the development of agentic and RAG apps by providing pre-built tooling for defining your agentic or RAG application, an element of which includes data ingestion (in this case, from a JSON file), preprocessing, creation of embeddings, retrieval, and generation.</p></li> </ul> <h2> What you need </h2> <ul> <li>An IDE (this tutorial uses VSCode)</li> <li><a href="https://www.python.org/downloads/" rel="noopener noreferrer">Python 3.10 or later</a></li> <li>A MongoDB Atlas account (if you haven’t already, <a href="https://www.mongodb.com/cloud/atlas/register/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=django+mdb+rag+app&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">create an account</a>)</li> <li>A MongoDB Atlas cluster—the free tier is okay</li> <li>A MongoDB connection string (with the username, password, and database included in the string)</li> <li>A Voyage AI API key—create an account, and create and save an API key</li> <li>Dataset—this is a JSON file with twenty(20) classic holiday movies; please <a href="https://www.kaggle.com/datasets/afimaame/holiday-movies" rel="noopener noreferrer">download the file</a> and add it to the root of your project directory; I created this by analyzing the structure of the sample_mflix dataset and creating a JSON document based on that</li> </ul> <h2> Dependencies </h2> <p>Create a requirements.txt to contain the: </p> <ul> <li> <code>python-dotenv</code> package (version at the time of this tutorial is 1.1.1).</li> <li> <code>voyageai</code> package (version at the time of this tutorial is 0.3.5).</li> <li> <code>langchain-voyageai</code> package (version at the time of this tutorial is 0.1.7).</li> <li> <code>langchain-mongodb</code> package (version at the time of this tutorial is 0.7.1).</li> </ul> <p>Next, we will split the building process into the following steps:</p> <ul> <li>Download the JSON file.</li> <li>Follow the Django MongoDB Backend Quickstart.</li> <li>Add dependencies and set environment variables.</li> <li>Create models.</li> <li>Embed with Voyage AI.</li> <li>Insert data into the MongoDB Atlas cluster.</li> <li>Integrate MongoDB Atlas Vector Search with LangChain.</li> <li>Render data.</li> </ul> <h2> Download the JSON file </h2> <p>Based on the sample_mflix model, this is how we will model the objects in the JSON file.</p> <p>The JSON file, <strong><code>holiday_movies.json</code></strong>, has twenty (20) classic holiday movie objects.</p> <p>Example of object in document format:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>{ "_id": 1, "title": "It’s a Wonderful Life", "plot": "An angel is sent from Heaven to help a desperately frustrated businessman by showing him what life would have been like if he had never existed.", "runtime": 130, "released": "1946-12-20T00:00:00Z", "genres": ["Drama", "Family", "Fantasy"], "awards": { "wins": 0, "nominations": 5, "text": "Nominated for 5 Oscars" }, "plot_embedding_voyage_3_large": null, "plot_embedding": null } </code></pre> </div> <h2> Follow the Django MongoDB Backend Quickstart </h2> <p>This will lay the foundation and ensure you have all the necessary utilities bootstrapped to create a scaffold Django project. After that, you’ll be able to:<br> Create a Django project—in this case, I called it <code>django_rag_app</code>.<br> Ensure your database settings in your settings.py file are accurate. It should look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>DATABASES = { "default": { "ENGINE": "django_mongodb_backend", "HOST": "&lt;connection string URI&gt;", "NAME": "sample_mflix", }, } </code></pre> </div> <p>After, test if everything is working well by running your server with the command <br> <code>python manage.py runserver</code>. Then, access this url: <a href="http://127.0.0.1:8000/" rel="noopener noreferrer">http://127.0.0.1:8000/</a>. </p> <p>You should see a page displaying a <strong>"Congratulations!" message</strong> and an <strong>image of a rocket</strong>.</p> <h3> Set Environment Variables </h3> <p>To set environment variables, create an .env file at the root of your directory to hold the <code>MONGODB_URI</code> and <code>VOYAGE_API_KEY</code> values.<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq70vht1y7huabopj0qls.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq70vht1y7huabopj0qls.png" alt="dot env file with environment variables"></a></p> <p>This is how the <code>MONGODB_URI</code> looks like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>MONGODB_URI="mongodb+srv://[username]:[password]@[cluster_name].hpljptt.mongodb.net/?retryWrites=true&amp;w=majority&amp;appName=[cluster_name]" </code></pre> </div> <h3> Set dependencies </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiz49mttghq3tauv3bi7p.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiz49mttghq3tauv3bi7p.png" alt="requirements.txt file showing python-dotenv, voyageai, langchain-voyageai, and langchain-mongodb dependencies"></a></p> <p>Run <code>pip install requirements.txt</code> to install the packages.</p> <h2> Create Django app </h2> <p>To create a new Django app (in this case, <code>festive_flix</code>), run<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>python manage.py startapp [festive_flix] --template https://github.com/mongodb-labs/django-mongodb-app/archive/refs/heads/5.2.x.zip </code></pre> </div> <p>Add the app <code>festive_flix</code> to <code>INSTALLED APPS</code>.</p> <h2> Create models </h2> <p>In our <code>models.py</code> file, we will add the fields we need as seen in the <code>sample_mflix</code> dataset.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>from django.db import models from django_mongodb_backend.fields import EmbeddedModelField, ArrayField from django_mongodb_backend.models import EmbeddedModel class Award(EmbeddedModel): wins = models.IntegerField(default=0) nominations = models.IntegerField(default=0) text = models.CharField(max_length=100) class Movie(models.Model): title = models.CharField(max_length=200) plot = models.TextField(blank=True) runtime = models.IntegerField(default=0) released = models.DateTimeField("release date", null=True, blank=True) awards = EmbeddedModelField(Award, null=True, blank=True) genres = ArrayField(models.CharField(max_length=100), null=True, blank=True) def __str__(self): return self.title </code></pre> </div> <h2> Embed with Voyage AI </h2> <p>Create a new file called <code>plot_embedding.py</code> where we can put the script we will use to embed the reviews field of our <code>holiday_movies.json</code> file.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>import json from dotenv import load_dotenv import voyageai import os load_dotenv() #using API key from environment variables in .env file VOYAGE_API_KEY = os.environ.get("VOYAGE_API_KEY") vo = voyageai.Client(VOYAGE_API_KEY) with open("holiday_movies.json", "r") as f: data = json.load(f) #focusing on "plot" field since that's what we are embedding movies_list = [movie.get("plot", "") for movie in data.get("movies", [])] #get embeddings for the plots using "voyage-3-lite" result = vo.embed(movies_list, model="voyage-3-lite", input_type="document") #new field to hold the embeddings for movie, embedding in zip(data.get("movies", []), result.embeddings): movie["embedding"] = embedding #write embeddings to a new file: embeddings_holiday_movies.json with open("embeddings_holiday_movies.json", "w") as f: json.dump(data, f, indent=2) </code></pre> </div> <p>From the <code>plot_embedding.py</code> script, we are:</p> <ul> <li>Setting our key which is stored in the .env file at the root of the Django project.</li> <li>Opening up our JSON file that’s already in our project.</li> <li>Embedding the reviews field using Voyage AI’s “voyage-3-lite” embedding model.</li> <li>Creating a new field (<code>result</code>) to hold the embedding (that has the same name as what we clarified when creating our models.py file).</li> <li>Creating a new JSON file to hold the embeddings.</li> </ul> <p>Next, run the script using <code>python plot_embedding.py</code>. Once it’s done, we see a new JSON file with our generated embeddings.<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcoykeuhuuaupjc476tdl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcoykeuhuuaupjc476tdl.png" alt="embeddings_holiday_movies.json file with generated embeddings"></a></p> <p>At this point, we can go ahead and insert our documents into our MongoDB cluster. </p> <h2> Insert data into the MongoDB cluster </h2> <p>Next, let’s create a new file at the root of the project named <code>json_upload.py</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#json_upload.py import json import os from pymongo import MongoClient from dotenv import load_dotenv load_dotenv() #get the environment variable and connect connection_string = os.getenv("MONGODB_URI") client = MongoClient(connection_string) #specify the database and collection database = client["festive_flix_db"] collection = database["holiday_movies_collection"] #load json file with embeddings with open("embeddings_holiday_movies.json", "r") as file: data = json.load(file) if isinstance(data,dict) and "movies" in data: movies = data["movies"] #clear existing collection and insert new data with embeddings collection.delete_many({}) #use insert_many to insert multiple documents result = collection.insert_many(movies) print(f"Successfully inserted {len(result.inserted_ids)} documents") </code></pre> </div> <p>After running the <code>json_upload.py</code> file, you will see a new collection of movies in your MongoDB Atlas cluster.<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2bpiekuo4i4lughesgw3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2bpiekuo4i4lughesgw3.png" alt="Page showing embeddings in the holiday_movies_collection"></a></p> <p>As we can see, our data is saved in our cluster with our Voyage AI embeddings.</p> <p>Now that we have successfully stored our data in the MongoDB Atlas cluster, we will write a script using the langchain-mongodb package to do semantic search.</p> <h2> Integrate MongoDB Atlas Vector Search with LangChain </h2> <p>At this point, we need to integrate MongoDB Atlas Vector Search with LangChain, so we will create a vector search index, perform a semantic search based on the vector store, retrieve relevant documents based on embedding similarity, and finally, pass the output as a context to LangChain’s prompts to generate responses.</p> <h3> Create a vector search </h3> <p>To create the semantic search, we first need to create an Atlas Vector Search index. <br> To do this, click on the “Search &amp; Vector Search” tab on the left sidebar. In the Atlas Search tab, click on the green “Create Search Index” button.<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu2e69n1xthhikqj3k13a.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu2e69n1xthhikqj3k13a.png" alt="Page showing search and vector search options"></a></p> <p>Next, click on the “Create Search Index” button as shown below.<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzmjajld9wtfrewmzopku.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzmjajld9wtfrewmzopku.png" alt="Vector search page"></a></p> <p>Next, select “Vector Search,” fill in the details, and select the database and collection that the vector search will be based on.<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff3sow66s4c491stuo72p.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff3sow66s4c491stuo72p.png" alt="Vector field creation page"></a></p> <p>After, choose the path that contains the array of vector embeddings—it should be <code>embedding</code>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm0evjxiew8051k2ephpo.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm0evjxiew8051k2ephpo.png" alt="Vector field creation page"></a></p> <p>The number of dimensions is 512 because we used Voyage AI’s voyage-3-lite. If choosing a different model, please read up on Voyage AI’s <a href="https://docs.voyageai.com/docs/embeddings" rel="noopener noreferrer">text embeddings documentation</a> to ensure you’re choosing the correct dimensions. For the similarity method, we are using cosine.</p> <p>Click “Next,” review all the entered information, and click “Create Vector Search.”<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxwq96t1gjic6f9yewaqh.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxwq96t1gjic6f9yewaqh.png" alt="Page showing newly_created vector index"></a></p> <p>Now, let’s create a new file in your project’s root and name it langchain_integration.py.<br> We are using an embeddings object from the Voyage AI documentation.</p> <p>NB: <code>VectorSearchIndex</code> is now <a href="https://django-mongodb-backend.readthedocs.io/en/latest/ref/models/indexes/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=django+mdb+rag+app&amp;utm_term=abigail.gbadago#vectorsearchindex" rel="noopener noreferrer">supported as a Django Index</a>.</p> <h3> Query from the MongoDB vector store, retrieval, and answer generation to prompts </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#langchain_integration.py from langchain_voyageai import VoyageAIEmbeddings from langchain_mongodb.vectorstores import MongoDBAtlasVectorSearch from pymongo import MongoClient from dotenv import load_dotenv import os load_dotenv() voyage_api_key = os.getenv("VOYAGE_API_KEY") connection_string = os.getenv("MONGO_URI") #Check if environment variables are loaded assert voyage_api_key, "ERROR: VOYAGE_API_KEY not found in .env file" assert connection_string, "ERROR: MONGODB_URI not found in .env file" #Connect to the Atlas cluster try: client = MongoClient(os.getenv("MONGO_URI")) collection = client["festive_flix_db"]["holiday_movies_collection"] except Exception as e: print(f"ERROR: Failed to connect to MongoDB: {e}") exit(1) embedding = VoyageAIEmbeddings( voyage_api_key=os.getenv("VOYAGE_API_KEY"), model="voyage-3-lite" ) #Instantiate the vector store with LangChain configuration vector_store = MongoDBAtlasVectorSearch( collection=collection, embedding=embedding, index_name="vector_index", text_key="plot", embedding_key="embedding" ) #Similarity search query = "Santa Claus" print(f"\nSearching for: '{query}'") try: # LangChain handles embedding the query results = vector_store.similarity_search_with_score(query, k=3) print(f"Found {len(results)} results") except Exception as e: print(f"Error occurred: {e}") results = [] #Display results if results: print("\n=== Search Results for the query ===") for i, (doc, score) in enumerate(results, 1): # Extract metadata from the document title = doc.metadata.get("title", "Unknown") runtime = doc.metadata.get("runtime", "Unknown") genres = doc.metadata.get("genres", []) released = doc.metadata.get("released", "Unknown") awards = doc.metadata.get("awards", {}) plot = doc.page_content print(f"\nResult {i} (Score: {score:.4f}):") print(f"Title: {title}") print(f"Plot: {plot}") print(f"Runtime: {runtime} minutes") print(f"Genres: {', '.join(genres) if isinstance(genres, list) else genres}") print(f"Released: {released[:4] if released != 'Unknown' else 'Unknown'}") if awards and awards.get("text"): print(f"Awards: {awards['text']}") print("-" * 50) else: print("No results found.") </code></pre> </div> <p>Now, when we run the script with the <code>query = "Santa Claus"</code>, a similarity search is executed and we see the results in the terminal.<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwh343juxcifjrpdjfoxj.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwh343juxcifjrpdjfoxj.png" alt="Search results for the query “Santa Clause”"></a></p> <p>But we need to render it in our browser and make it prettier, so let’s do that.</p> <h2> Render data </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#views.py from django.shortcuts import render import os from dotenv import load_dotenv from langchain_voyageai.embeddings import VoyageAIEmbeddings from langchain_mongodb.vectorstores import MongoDBAtlasVectorSearch from langchain_voyageai import VoyageAIEmbeddings from pymongo import MongoClient load_dotenv() def search_holiday_movies(request): query = request.GET.get("q", "") results = [] if query: # use API keys voyage_api_key = os.getenv("VOYAGE_API_KEY") connection_string = os.getenv("MONGO_URI") # Check if environment variables are loaded assert voyage_api_key, "ERROR: VOYAGE_API_KEY not found in .env file" assert connection_string, "ERROR: MONGO_URI not found in .env file" #This is the embedding object. embeddings = VoyageAIEmbeddings( voyage_api_key=voyage_api_key, model="voyage-3-lite" ) #Specify our database and collection client = MongoClient(os.getenv("MONGO_URI")) database = client["festive_flix_db"] collection = database["holiday_movies_collection"] #Vector store with the embeddings model vector_store = MongoDBAtlasVectorSearch( collection=collection, embedding_key="embedding", index_name="vector_index", text_key="plot", embedding=embeddings ) #Similarity search with the user's actual query print(f"\nSearching for: '{query}'") try: search_results = vector_store.similarity_search_with_score(query, k=3) print(f"Found {len(search_results)} results") #Format results for the template results = [] for doc, score in search_results: result = { 'title': doc.metadata.get("title", "Unknown"), 'plot': doc.page_content, 'runtime': doc.metadata.get("runtime", "Unknown"), 'genres': doc.metadata.get("genres", []), 'released': doc.metadata.get("released", "Unknown"), 'awards': doc.metadata.get("awards", {}), 'score': score } results.append(result) except Exception as e: print(f"Error occurred: {e}") results = [] #Print output to console if results: print(f"\n=== Search Results for '{query}' ===") for i, result in enumerate(results, 1): print(f"\nResult {i} (Score: {result['score']:.4f}):") print(f"Title: {result['title']}") print(f"Plot: {result['plot'][:100]}...") print("-" * 50) else: print(f"No results found for query: '{query}'") return render(request, "search_results.html", {"results": results, "query": query}) </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#festive_flix/templates/search_results.html &lt;!DOCTYPE html&gt; &lt;html lang="en"&gt; &lt;head&gt; &lt;meta charset="UTF-8"&gt; &lt;meta name="viewport" content="width=device-width, initial-scale=1.0"&gt; &lt;title&gt;Holiday Movie Search 🎄&lt;/title&gt; &lt;style&gt; * { margin: 0; padding: 0; box-sizing: border-box; } body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: #f8f9fa; color: #333; line-height: 1.6; } .container { max-width: 800px; margin: 0 auto; padding: 40px 20px; } .header { text-align: center; margin-bottom: 40px; } .title { font-size: 2rem; color: #2c3e50; margin-bottom: 10px; } .subtitle { color: #6c757d; font-size: 1rem; } .search-form { background: white; padding: 30px; border-radius: 8px; box-shadow: 0 2px 10px rgba(156, 151, 151, 0.1); margin-bottom: 30px; } .search-input { width: 100%; padding: 12px 16px; font-size: 16px; border: 2px solid #e9ecef; border-radius: 6px; margin-bottom: 15px; transition: border-color 0.3s; } .search-input:focus { outline: none; border-color: #66986d; } .search-button { background: #66986d; color: white; padding: 12px 24px; border: none; border-radius: 6px; font-size: 16px; cursor: pointer; transition: background-color 0.3s; } .search-button:hover { background: #9da29e; } .results-section { margin-top: 30px; } .results-info { margin-bottom: 20px; padding: 15px; background: #d4e6d4; border-radius: 6px; border-left: 4px solid #66986d; } .movie-card { background: white; border-radius: 8px; padding: 20px; margin-bottom: 20px; box-shadow: 0 2px 8px rgba(0,0,0,0.1); border: 1px solid #e9ecef; } .movie-title { font-size: 1.3rem; color: #2c3e50; margin-bottom: 10px; font-weight: 600; } .movie-plot { color: #555; margin-bottom: 15px; line-height: 1.6; } .movie-details { display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 10px; padding-top: 15px; border-top: 1px solid #e9ecef; font-size: 0.9rem; color: #6c757d; } .detail-item { display: flex; align-items: center; gap: 5px; } .genres { grid-column: span 2; margin-top: 10px; } .genre-tag { display: inline-block; background: #f8f9fa; color: #495057; padding: 3px 8px; border-radius: 12px; font-size: 0.8rem; margin: 2px; border: 1px solid #dee2e6; } .similarity-score { background: #28a745; color: white; padding: 4px 8px; border-radius: 12px; font-size: 0.8rem; font-weight: 500; margin-left: auto; } .no-results { text-align: center; background: white; padding: 40px; border-radius: 8px; box-shadow: 0 2px 8px rgba(0,0,0,0.1); } .no-results-text { color: #6c757d; font-size: 1.1rem; } &lt;/style&gt; &lt;/head&gt; &lt;body&gt; &lt;div class="container"&gt; &lt;div class="header"&gt; &lt;h1 class="title"&gt;Holiday Movie Search 🎄&lt;/h1&gt; &lt;p class="subtitle"&gt;Search for holiday movies by plot, themes, or keywords&lt;/p&gt; &lt;/div&gt; &lt;div class="search-form"&gt; &lt;form method="get" action=""&gt; &lt;input type="text" name="q" class="search-input" placeholder="Enter keywords like 'elf', 'Santa Claus', 'Christmas magic'..." value="{{ query }}" &gt; &lt;button type="submit" class="search-button"&gt;Search Movies&lt;/button&gt; &lt;/form&gt; &lt;/div&gt; {% if query %} &lt;div class="results-section"&gt; {% if results %} &lt;div class="results-info"&gt; &lt;strong&gt;Search Query:&lt;/strong&gt; "{{ query }}"&lt;br&gt; &lt;strong&gt;Results Found:&lt;/strong&gt; {{ results|length }} movie(s) &lt;/div&gt; {% for result in results %} &lt;div class="movie-card"&gt; &lt;div style="display: flex; align-items: center; justify-content: space-between;"&gt; &lt;h3 class="movie-title"&gt;{{ result.title }}&lt;/h3&gt; &lt;span class="similarity-score"&gt;{{ result.score|floatformat:3 }}&lt;/span&gt; &lt;/div&gt; &lt;p class="movie-plot"&gt;{{ result.plot }}&lt;/p&gt; &lt;div class="movie-details"&gt; &lt;div class="detail-item"&gt; &lt;strong&gt;Runtime:&lt;/strong&gt; {{ result.runtime }} min &lt;/div&gt; &lt;div class="detail-item"&gt; &lt;strong&gt;Released:&lt;/strong&gt; {{ result.released|slice:":4" }} &lt;/div&gt; {% if result.genres %} &lt;div class="genres"&gt; &lt;strong&gt;Genres:&lt;/strong&gt; {% if result.genres|length &gt; 0 %} {% for genre in result.genres %} &lt;span class="genre-tag"&gt;{{ genre }}&lt;/span&gt; {% endfor %} {% else %} &lt;span class="genre-tag"&gt;{{ result.genres }}&lt;/span&gt; {% endif %} &lt;/div&gt; {% endif %} &lt;/div&gt; &lt;/div&gt; {% endfor %} {% else %} &lt;div class="no-results"&gt; &lt;h3 class="no-results-text"&gt;No movies found for "{{ query }}"&lt;/h3&gt; &lt;p&gt;Try different keywords like "Santa", "Christmas", "holiday", or "winter"&lt;/p&gt; &lt;/div&gt; {% endif %} &lt;/div&gt; {% endif %} &lt;/div&gt; &lt;/body&gt; &lt;/html&gt; </code></pre> </div> <p>Run <code>python manage.py runserver</code>. <br> Access the url <code>http://127.0.0.1:8000/</code> and check for movies based on keywords.<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffz9hql01nib97hx0r655.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffz9hql01nib97hx0r655.png" alt="Movie search page showing query results for the keyword “elf”"></a></p> <h2> Conclusion </h2> <p>Great job on following through this tutorial on building a RAG app that recommends holiday movies based on a similarity search with Django MongoDB Backend, Voyage API, and LangChain. </p> <p>In this tutorial, we started off by getting our movies dataset (JSON file), creating a scaffold Django project and virtual environment, creating models based on our sample data, adding embeddings with Voyage AI, uploading data into the MongoDB Atlas cluster, adding our MongoDB Atlas Vector Search index with LangChain, and finally, we rendered and visualized query results with a simple template. </p> <p>You can <a href="https://github.com/AfiMaameDufie/django-rag" rel="noopener noreferrer">clone the GitHub repo for this project</a>.</p> <p>Check out another <a href="https://dev.to/mongodb/grab-a-pint-with-django-mongodb-backend-voyage-ai-and-langchain-170n">use case of Django MongoDB Backend, Voyage AI, and LangChain</a>. </p> <p>If you liked this tutorial or have questions or feedback, kindly leave a comment and give this tutorial a reaction at the top! Thank you and happy holidays in advance!</p> django python rag webdev Abigail Afi Gbadago Tue, 23 Sep 2025 15:47:11 +0000 https://forem.com/mongodb/building-a-rest-api-with-the-django-rest-framework-and-mongodb-48en https://forem.com/mongodb/building-a-rest-api-with-the-django-rest-framework-and-mongodb-48en <p>REpresentational State Transfer (REST) APIs are fundamental in building software applications and services because they support efficient scaling and optimization of client-server interactions. REST is a software architectural style that retrieves and transmits user’s requests on the client side and information rendered on the server end in JavaScript Object Notation (JSON) or some other format.</p> <p>Client requests are executed through Hypertext Transfer Protocol (HTTP) with HTTP verbs (methods):</p> <ul> <li>GET: retrieve data sent by the server</li> <li>POST: send and publish information to the server </li> <li>PUT: update the server information</li> <li>PATCH: partially modify an existing resource</li> <li>DELETE: delete information from the server</li> </ul> <p>REST APIs conform to:</p> <ul> <li>Client-server architecture.</li> <li>Statelessness.</li> <li>Cacheable data.</li> <li>Uniformity between systems.</li> <li>A layered architecture that structures types of server.</li> </ul> <p>REST APIs are heavily used in mobile and web app development since mobile applications can access them in the background and web apps can benefit from dynamic content that does not require a page reload. Also, third-party integrations such as payment gateways and microservices use REST APIs to interact with different services in larger systems.</p> <p>Modern software applications using microservices rely on REST APIs that glue everything together. Instead of one application performing various concurrent tasks, which may not be optimal for high performance and scalability, REST APIs can be used with many smaller independent services like payment gateways, authentication, analytics, inventory and the like, with each service following the <a href="https://en.wikipedia.org/wiki/Single-responsibility_principle" rel="noopener noreferrer">single-responsibility principle</a>, executing tasks and communicating with each other.</p> <p>This enables you to build, deploy, and scale each service separately without bringing the entire system down. Without REST APIs, services will be isolated with no means of interaction to execute tasks, and every application will exist in silos and system integrations may be difficult. </p> <h2> What is the Django REST framework? </h2> <p>Django developers have several options for building REST APIs, one of which is the <a href="https://www.django-rest-framework.org/" rel="noopener noreferrer">Django REST framework (DRF)</a>—a powerful and flexible toolkit for building web application programming interfaces (APIs). The Django REST framework OAuth package provides both OAuth1 and OAuth2 support, serialization support for both ORM and non-ORM data sources, extensive documentation, and other cool, customizable features.</p> <p>In this tutorial, we will cover how to build a RESTful API using the official Django MongoDB Backend while highlighting the available features.</p> <h2> Prerequisites </h2> <ul> <li>MongoDB Atlas cluster which comes with the <a href="https://www.mongodb.com/docs/atlas/sample-data/sample-geospatial/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=rest+apis+with+django+mongodb+backend&amp;utm_term=abigail.gbadago#sample-geospatial-dataset" rel="noopener noreferrer"><code>sample_geospatial</code></a>dataset by default—learn how to <a href="https://www.mongodb.com/docs/languages/python/django-mongodb/v5.1/get-started/create-deployment/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=rest+apis+with+django+mongodb+backend&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">create a deployment</a> </li> <li>Download <a href="https://www.python.org/downloads/" rel="noopener noreferrer">Python 3.10 or later</a> </li> </ul> <h2> Installation and setup </h2> <ul> <li>Set up a <a href="https://www.mongodb.com/docs/languages/python/django-mongodb/v5.1/get-started/install/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=rest+apis+with+django+mongodb+backend&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">virtual environment</a> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> python -m venv venv source venv/bin/activate </code></pre> </div> <ul> <li>Install Django MongoDB Backend and DRF</li> </ul> <p><code>pip install django-mongodb-backend djangorestframework</code></p> <h2> Configuration </h2> <ul> <li><a href="https://www.mongodb.com/docs/languages/python/django-mongodb/v5.1/get-started/connect-mongodb/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=rest+apis+with+django+mongodb+backend&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">Configure your MongoDB connection</a></li> </ul> <h2> Project structure </h2> <p>After creating your virtual environment (venv) in the previous step: </p> <ul> <li>Create a Django project with the <a>Django MongoDB Backend project template</a>.</li> </ul> <p>The <a href="https://www.mongodb.com/docs/languages/python/django-mongodb/current/get-started/connect-mongodb/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=rest+apis+with+django+mongodb+backend&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">django-mongodb-project template</a> is similar to the default Django project template but it includes MongoDB-specific migrations and modifies the settings.py file to configure Django to use an ObjectId as each model's primary key.</p> <p>After, the directory structure should look like this:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftfpunt12da1vkpcgrkdu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftfpunt12da1vkpcgrkdu.png" alt="Expected Django project directory structure in VS Code" width="800" height="1285"></a></p> <p>[Expected Django project directory structure in VS Code ]</p> <ul> <li>Create the <code>shipwrecks_api</code> app by running this command: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>python manage.py startapp shipwrecks_api --template https://github.com/mongodb-labs/django-mongodb-app/archive/refs/heads/5.1.x.zip </code></pre> </div> <p>The django-mongodb-app template ensures that your app.py file includes the line<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>"default_auto_field = 'django_mongodb_backend.fields.ObjectIdAutoField'" </code></pre> </div> <ul> <li>Then, add the name of the app (<code>shipwrecks_api</code>) , <code>rest framework</code>, and <code>django_filters</code> to the settings.py under the <code>INSTALLED APPS</code> section.</li> </ul> <p>It should look like this:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F02tp27eohop0vgvu64du.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F02tp27eohop0vgvu64du.png" alt="Installed apps under settings.py" width="800" height="459"></a><br> [Installed apps under settings.py]</p> <p>The final directory structure should look like this:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbe4ykdubfga7gch4a9qw.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbe4ykdubfga7gch4a9qw.png" alt="Directory structure showing Django project and app" width="638" height="1676"></a><br> [Directory structure showing Django project and app]</p> <h2> Django’s MVC pattern overview </h2> <p>Now, let’s take a step back to understand the architecture pattern of Django which will be useful in the creation of the <code>shipwrecks_api</code>.</p> <p>The Django project architecture follows the Model View Controller architectural pattern but has a slight variation where you have Models, Templates, and Views (MTV). The MVC pattern in Django consist of:</p> <ul> <li>A model: The model is the data layer which defines how data will be structured, enforces validation, and handles interactions with the MongoDB database.</li> <li>A view: The view describes the data that gets presented to the user. It’s not necessarily how the data looks, but which data is presented. The view describes which data you see, not how you see it.</li> <li>A template: The template is the presentation layer and consists of HTML files that define how data should appear to users.</li> </ul> <p>Next, let’s define how our data will be structured based on the <a href="https://www.mongodb.com/docs/atlas/sample-data/sample-geospatial/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=rest+apis+with+django+mongodb+backend&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">sample geospatial dataset</a>. Kindly take a look at the fields within the sample document on that page as we will be data modeling using them in the next step when creating our Django model. This dataset contains fields which hold GeoJSON data.</p> <h2> Defining models </h2> <p>With Django MongoDB Backend, the MongoDB <code>_id</code> field is mapped to Django’s traditional id field—meaning you won’t have both <code>_id</code> and <code>id</code> simultaneously. </p> <p>This is achieved by the <code>DEFAULT_AUTO_FIELD =django_mongodb_backend.fields.ObjectIdAutoField</code> line in the settings.py file in the django project.</p> <p>Based on the sample document in the sample geospatial database, our model will look like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#models.py from django.db import models from django_mongodb_backend.fields import ArrayField from django_mongodb_backend.managers import MongoManager class ShipwreckFeature(models.Model): recrd = models.CharField(max_length=200, blank=True) vesslterms = models.CharField(max_length=200, blank=True) feature_type = models.CharField(max_length=200, blank=True) chart = models.CharField(max_length=200, blank=True) latdec = models.FloatField(null=True, blank=True) londec = models.FloatField(null=True, blank=True) gp_quality = models.CharField(max_length=200, blank=True) depth = models.CharField(max_length=200, blank=True) sounding_type = models.CharField(max_length=200, blank=True) history = models.TextField(blank=True) quasou = models.CharField(max_length=200, blank=True) watlev = models.CharField(max_length=200, blank=True) coordinates = ArrayField( base_field=models.FloatField(), null=True, blank=True ) objects = MongoManager() class Meta: db_table = "shipwrecks_api" managed = False def __str__(self): return f"{self.feature_type} at ({self.latdec}, {self.londec})" </code></pre> </div> <p>Learn more about <a href="https://dev.to/mongodb/document-modeling-with-the-django-mongodb-backend-3jck">document modeling with Django MongoDB Backend</a>.</p> <h2> Serializers </h2> <h3> Introduction to DRF serializers </h3> <p>Serializers allow complex data, such as querysets and model instances, to be converted to native Python datatypes that can then be easily rendered into JSON, XML, or other content types. Serializers also provide deserialization, allowing parsed data to be converted back into complex types, after first validating the incoming data.</p> <p>The serializers in the REST framework work similarly to Django's Form and ModelForm classes. The DRF provides a serializer class which gives you a powerful and generic way to control the output of your responses, as well as a ModelSerializer class which provides a useful shortcut for creating serializers that deal with model instances and querysets.</p> <p>In the serializer class below, we use two serializer fields. </p> <ul> <li>The <strong>SerializerMethodField</strong> is a read-only field which gets its value by calling a method on the serializer class it is attached to. </li> <li>The <strong>HyperlinkedIdentityField</strong> can be applied as an identity relationship, such as the <code>url</code> field on a HyperlinkedModelSerializer (introduces the use of a hyperlinked style between entities). It can also be used for an attribute on the object.</li> </ul> <h4> Create serializers </h4> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#serializers.py from rest_framework import serializers from .models import ShipwreckFeature class ShipwreckFeatureSerializer(serializers.ModelSerializer): id = serializers.SerializerMethodField(read_only=True) url = serializers.HyperlinkedIdentityField( view_name='shipwreck-detail' ) def get_id(self, obj): """Convert ObjectId to string for API response""" return str(obj.pk) if obj.pk else None class Meta: model = ShipwreckFeature fields = [ 'id', 'url', 'recrd', 'vesslterms', 'feature_type', 'chart', 'latdec', 'londec', 'gp_quality', 'depth', 'sounding_type', 'history', 'quasou', 'watlev', 'coordinates' ] read_only_fields = ['id'] </code></pre> </div> <h2> Views and URL configuration </h2> <p>Now, let’s create function-based views to display the shipwreck data.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#views.py from rest_framework import viewsets, filters, permissions from rest_framework.response import Response from rest_framework import status from django.shortcuts import get_object_or_404 from bson import ObjectId from bson.errors import InvalidId from .models import ShipwreckFeature from .serializers import ShipwreckFeatureSerializer from django_filters.rest_framework import DjangoFilterBackend class ShipwreckFeatureViewSet(viewsets.ModelViewSet): queryset = ShipwreckFeature.objects.all() serializer_class = ShipwreckFeatureSerializer permission_classes = [permissions.AllowAny] filter_backends = [DjangoFilterBackend, filters.OrderingFilter] lookup_field = 'pk' filterset_fields = ['recrd', 'vesslterms', 'feature_type', 'latdec', 'londec'] ordering_fields = ['latdec', 'londec'] ordering = ['latdec'] http_method_names = ['get', 'post', 'put', 'patch', 'delete', 'head', 'options'] def get_object(self): """ Override get_object to handle ObjectId validation """ lookup_value = self.kwargs[self.lookup_field] # Validate ObjectId try: if not ObjectId.is_valid(lookup_value): raise InvalidId("Invalid ObjectId format") object_id = ObjectId(lookup_value) except (InvalidId, ValueError): from django.http import Http404 raise Http404("Invalid ObjectId format") # Get the object queryset = self.filter_queryset(self.get_queryset()) obj = get_object_or_404(queryset, pk=object_id) self.check_object_permissions(self.request, obj) return obj def destroy(self, request, *args, **kwargs): """ Override destroy to add better error handling """ try: instance = self.get_object() self.perform_destroy(instance) return Response(status=status.HTTP_204_NO_CONTENT) except Exception as e: return Response( {'error': f'Failed to delete shipwreck: {str(e)}'}, status=status.HTTP_500_INTERNAL_SERVER_ERROR ) </code></pre> </div> <ul> <li>Url configuration to map views in the shipwrecks_api </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#urls.py - shipwrecks_api from django.urls import path, include from rest_framework.routers import DefaultRouter from .views import ShipwreckFeatureViewSet router = DefaultRouter() router.register(r'shipwrecks', ShipwreckFeatureViewSet, basename='shipwreck') urlpatterns = [ path('', include(router.urls)), ] </code></pre> </div> <ul> <li>Url configuration to map views in the <code>djangoproject</code> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#urls.py - shipwrecks_api from django.contrib import admin from django.urls import path, include from drf_spectacular.views import SpectacularAPIView, SpectacularSwaggerView urlpatterns = [ path('admin/', admin.site.urls), path('', include('shipwrecks_api.urls')), # Swagger Docs path('api/schema/', SpectacularAPIView.as_view(), name='schema'), path('api/docs/', SpectacularSwaggerView.as_view(url_name='schema'), name='swagger-ui'), ] </code></pre> </div> <h3> Using the Python shell to create objects </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#sw1 = ShipwreckFeature object for testing sw1 = ShipwreckFeature.objects.create( recrd="R001", vesslterms="RMS Titanic", feature_type="Wrecks - Submerged, not dangerous", chart="US,U1,graph,DNC H140984", latdec=10.123456, londec=-80.654321, gp_quality="A", depth="3840 meters", sounding_type="approximate", history="The RMS Titanic sank on April 15, 1912, after hitting an iceberg, and its wreck lies in the North Atlantic Ocean about 400 nautical miles southeast of the coast of Newfoundland, Canada.", quasou="depth known", watlev="always under water/submerged", coordinates=[-80.654321, 10.123456] ) </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#sw2 = ShipwreckFeature object for testing sw2 = ShipwreckFeature.objects.create( recrd="R002", vesslterms="MV Explorer", feature_type="Wrecks - Submerged, navigational hazard", chart="US,U2,graph,DNC H1409880", latdec=-5.987654, londec=150.4321, gp_quality="B", depth="45 meters", sounding_type="sonar", history="Collided with reef in 1955", quasou="depth approximate", watlev="always under water/submerged", coordinates=[150.4321, -5.987654] ) </code></pre> </div> <ul> <li>Using the Python shell <code>python manage.py shell</code> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fki0s0ylem7sp3rk5jy9e.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fki0s0ylem7sp3rk5jy9e.png" alt="Creating a shipwreck object via the Python shell" width="800" height="487"></a><br> [Creating a shipwreck object via the Python shell]</p> <h3> Using the Django REST framework web browsable API </h3> <ul> <li>Run <code>python manage.py runserver</code> and fill the fields of the object via the raw data tab or HTML form.</li> </ul> <p>Examples of raw JSON data to create an object via the raw data option on the DRF web browsable API :</p> <p>Example 1:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>{ "recrd": "R001", "vesslterms": "RMS Titanic", "feature_type": "Wrecks - Submerged, not dangerous", "chart": "US,U1,graph,DNC H140984", "latdec": 10.123456, "londec": -80.654321, "gp_quality": "A", "depth": "3840 meters", "sounding_type": "approximate", "history": "The RMS Titanic sank on April 15, 1912, after hitting an iceberg, and its wreck lies in the North Atlantic Ocean about 400 nautical miles southeast of the coast of Newfoundland, Canada.", "quasou": "depth known", "watlev": "always under water/submerged", "coordinates": "[-80.654321, 10.123456]" } </code></pre> </div> <p>Example 2:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>{ "recrd": "R002", "vesslterms": "MV Explorer", "feature_type": "Wrecks - Submerged, navigational hazard", "chart": "US,U2,graph,DNC H1409880", "latdec": -5.987654, "Londec": 150.4321, "gp_quality": "B", "depth": "45 meters", "sounding_type": "sonar", "history": "Collided with reef in 1955", "quasou": "depth approximate", "watlev": "always under water/submerged", "coordinates": "[150.4321, -5.987654]" } </code></pre> </div> <h3> CRUD operations: </h3> <p>The CRUD methods — <strong>CREATE, GET/RETRIEVE, UPDATE, and DELETE</strong>—can be executed via the DRF web browsable API, Postman, and via the Python shell. Since this tutorial covers the DRF, the examples shown will be done via the DRF web browsable API.</p> <ul> <li> <strong>List</strong> all shipwrecks - <a href="http://127.0.0.1:8000/shipwrecks/" rel="noopener noreferrer">http://127.0.0.1:8000/shipwrecks/</a> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgkf8vexj2iitd02idxg9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgkf8vexj2iitd02idxg9.png" alt="DRF web browsable API page listing all shipwreck features" width="800" height="426"></a><br> [DRF web browsable API page listing all shipwreck features]</p> <ul> <li> <strong>GET</strong> via query parameter /api/shipwrecks/{id}/ - Example: <a href="http://127.0.0.1:8000/shipwrecks/?%7Bid%7D/" rel="noopener noreferrer">http://127.0.0.1:8000/shipwrecks/?{id}/</a> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6ci58ht09dkbhy4u2lrj.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6ci58ht09dkbhy4u2lrj.png" alt="DRF web browsable API page listing a shipwreck feature by an id" width="800" height="401"></a><br> [DRF web browsable API page listing a shipwreck feature by an id]</p> <ul> <li> <strong>POST</strong> /api/shipwrecks/ - <a href="http://127.0.0.1:8000/shipwrecks/" rel="noopener noreferrer">http://127.0.0.1:8000/shipwrecks/</a> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj9cf0704yk63otwdrkku.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj9cf0704yk63otwdrkku.png" alt="Filling the fields to create a shipwreck object" width="800" height="401"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxewul9yd8jz62rj7p3hp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxewul9yd8jz62rj7p3hp.png" alt="DRF web browsable API page after successfully creating a shipwreck" width="800" height="401"></a><br> [DRF web browsable API page after successfully creating a shipwreck]</p> <ul> <li> <strong>PUT/PATCH</strong>: /api/shipwrecks/{id}/</li> </ul> <p><a href="http://127.0.0.1:8000/shipwrecks/" rel="noopener noreferrer">http://127.0.0.1:8000/shipwrecks/</a></p> <blockquote> <p>In this example, the <code>gp_quality</code> of changed from "A" to "C" and the <code>latdec</code> is changed to 20.83546.</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkag2xwt32thnnt3nc66w.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkag2xwt32thnnt3nc66w.png" alt="Creating an Shipwreck Feature that will be updated via a PUT/PATCH method" width="800" height="401"></a><br> [Updating a Shipwreck Feature via a PATCH method]</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwb5jmeiw7779cmxq8b1e.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwb5jmeiw7779cmxq8b1e.png" alt="Successfully updated the Shipwreck object via PATCH request" width="800" height="401"></a><br> [Successfully updated the Shipwreck object via PATCH request]</p> <ul> <li> <strong>DELETE</strong> /api/shipwrecks/{id}/</li> </ul> <p>(Bulk delete is possible by adding it as a custom operation)</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7tzsxaufpgzj46ilugza.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7tzsxaufpgzj46ilugza.png" alt="DRF web browsable API page deleting a shipwreck feature based on an id" width="800" height="401"></a><br> [Deleting a shipwreck feature via an id on the DRF web browsable API]</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjdwo6ja8760968d4ccod.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjdwo6ja8760968d4ccod.png" alt="After clicking the DELETE button on the DRF web browsable API" width="800" height="401"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm6ngctks61h6g609zg8m.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm6ngctks61h6g609zg8m.png" alt="Successfully deleted object via id on the DRF web browsable API" width="800" height="401"></a><br> [Successfully deleted object via id on the DRF web browsable API]</p> <h2> Pagination </h2> <p>Pagination allows you to modify how large result sets are split into individual pages of data to improve readability and performance. To use the default pagination class, add the following lines of code to your <code>settings.py</code>, indicating that you want to display twenty(20) results per page.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>REST_FRAMEWORK = { 'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination', 'PAGE_SIZE': 20 } </code></pre> </div> <h2> Django Admin </h2> <p><a href="https://www.mongodb.com/docs/languages/python/django-mongodb/v5.1/get-started/create-admin/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=rest+apis+with+django+mongodb+backend&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">Create an admin user</a> via the Django Admin interface.</p> <h2> Testing </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>from django.test import TestCase from rest_framework.test import APITestCase from rest_framework import status from django.urls import reverse from .models import ShipwreckFeature class ShipwreckFeatureModelTest(TestCase): def setUp(self): self.shipwreck = ShipwreckFeature.objects.create( record="R001", vesslterms="test_vessel", feature_type="wreck", chart="test_chart", latdec=40.7128, londec=-74.0060, history="Test shipwreck for testing", coordinates=[-74.0060, 40.7128] ) def test_shipwreck_creation(self): """Test that a shipwreck can be created""" self.assertEqual(self.shipwreck.recrd, "R001") self.assertEqual(self.shipwreck.vesslterms, "test_vessel") self.assertEqual(self.shipwreck.feature_type, "wreck") def test_shipwreck_str_method(self): """Test the string representation of shipwreck""" expected = "wreck at (40.7128, -74.006)" self.assertEqual(str(self.shipwreck), expected) class ShipwreckFeatureAPITest(APITestCase): """Simple tests for the ShipwreckFeature API""" def setUp(self): self.shipwreck = ShipwreckFeature.objects.create( recrd="R002", vesslterms="api_test_vessel", feature_type="wreck", latdec=41.0, londec=-75.0, history="API test shipwreck" ) self.list_url = reverse('shipwreck-list') def test_get_shipwreck_list(self): """Test retrieving list of shipwrecks""" response = self.client.get(self.list_url) self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(len(response.data['results']), 1) def test_create_shipwreck(self): """Test creating a new shipwreck""" data = { 'recrd': 'R003', 'vesslterms': 'new_vessel', 'feature_type': 'wreck', 'latdec': 42.0, 'londec': -76.0, 'history': 'Newly created test shipwreck' } response = self.client.post(self.list_url, data, format='json') self.assertEqual(response.status_code, status.HTTP_201_CREATED) self.assertEqual(ShipwreckFeature.objects.count(), 2) def test_get_single_shipwreck(self): """Test retrieving a single shipwreck""" detail_url = reverse('shipwreck-detail', kwargs={'pk': self.shipwreck.pk}) response = self.client.get(detail_url) self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(response.data['recrd'], 'R002') </code></pre> </div> <h2> Documentation </h2> <p>With REST APIs, we can document the endpoints with tools such as Swagger UI, Postman, OpenAPI Generator, and the like. With Django, a popular go-to is Swagger which describes the structure of your APIs so that machines can read them.</p> <p>To implement documentation with Swagger UI: </p> <ul> <li>Run <code>pip install drf-spectacular</code> in your terminal.</li> <li>Add <strong>'drf_spectacular'</strong> under INSTALLED_APPS in settings.py . </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>SPECTACULAR_SETTINGS = { 'TITLE': 'Shipwrecks API', 'DESCRIPTION': 'API for managing shipwreck data with MongoDB backend', 'VERSION': '1.0.0', 'SERVE_INCLUDE_SCHEMA': False, 'COMPONENT_SPLIT_REQUEST': True, 'SCHEMA_PATH_PREFIX': '/api/', } </code></pre> </div> <ul> <li>Add the following to <code>urls.py</code>: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>from drf_spectacular.views import SpectacularAPIView, SpectacularSwaggerView, path('api/schema/', SpectacularAPIView.as_view(), name='schema'), path('api/docs/', SpectacularSwaggerView.as_view(url_name='schema'), name='swagger-ui'), </code></pre> </div> <p>Now, we can access the Shipwreck API docs by running the following command <code>http://127.0.0.1:8000/api/docs/</code>. This gives a visualization of the CRUD endpoints which we can interact with just as with the DRF web browsable API.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftfu4vo7afad3ep6d28hm.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftfu4vo7afad3ep6d28hm.png" alt="Swagger API page listing all CRUD methods for the Shipwreck API" width="800" height="422"></a><br> [Swagger API page listing all CRUD methods for the Shipwreck API]</p> <p>Example: Read method to retrieve all ShipwreckFeature objects.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4c3if4b7pypl1sh5wol1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4c3if4b7pypl1sh5wol1.png" alt="Swagger API page listing ShipwreckFeature objects" width="800" height="422"></a><br> [Swagger API page listing ShipwreckFeature objects]</p> <p><strong>Example</strong> <br> Creating a Shipwreck Feature object via Swagger.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmwlrk6q1qn8js08mbw7c.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmwlrk6q1qn8js08mbw7c.png" alt="Swagger API page showing the fields to create a ShipwreckFeature object" width="800" height="422"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg0ls717g84ckd49peci5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg0ls717g84ckd49peci5.png" alt="Swagger API page showing the created ShipwreckFeature object" width="800" height="422"></a></p> <p>[Swagger API page showing the created ShipwreckFeature object]</p> <h2> Wrap-up and further resources </h2> <p>In this tutorial, we looked at REST API architecture, HTTP methods/verbs, the Django REST framework (DRF), how to set up and install dependencies for the API, configuration, structuring the Django project, Django’s MTV pattern, creating the Django app, defining models, URLS, views, tests, CRUD examples with the Shipwreck feature database, and documenting the Shipwreck API using Swagger.</p> <p>At this point, you have the essentials to create a REST API with the Django REST framework and Django MongoDB Backend. Give it a shot and comment on your experience—looking forward to it!</p> <p>If you liked this tutorial or have questions or feedback, kindly leave a comment and give this tutorial a reaction up top!</p> <h2> References </h2> <ul> <li><a href="https://www.django-rest-framework.org/" rel="noopener noreferrer">https://www.django-rest-framework.org/</a></li> <li> <a href="https://forum.djangoproject.com/t/mvc-or-mvt-architecture/3496" rel="noopener noreferrer">https://forum.djangoproject.com/t/mvc-or-mvt-architecture/3496</a> </li> <li> <a href="https://www.redhat.com/en/topics/api/what-is-a-rest-api" rel="noopener noreferrer">https://www.redhat.com/en/topics/api/what-is-a-rest-api</a> </li> <li> <a href="https://about.gitlab.com/blog/guide-to-rest-api/" rel="noopener noreferrer">https://about.gitlab.com/blog/guide-to-rest-api/</a> </li> </ul> django mongodb restapi Abigail Afi Gbadago Mon, 18 Aug 2025 17:53:54 +0000 https://forem.com/mongodb/document-modeling-with-the-django-mongodb-backend-3jck https://forem.com/mongodb/document-modeling-with-the-django-mongodb-backend-3jck <p>In this tutorial, we will cover how the document model works using the Django MongoDB Backend with examples of data modeling, embedding and referencing, query designs, and design patterns. </p> <p>A document database stores information in documents that are fast and easy for developers to work with. Document databases have flexible schema that allows the data model to evolve as the application changes and to horizontally scale out.</p> <p>While Django was originally built for the RDMS structure, MongoDB provides a flexible solution of modeling data that suits applications that implement nested and/or dynamic data. It is a great option for applications that require quick read performance, fast iteration, and JSON-like handling. Thus, it’s a great fit for when your data model is dynamic, flexible, and nested.</p> <h2> Setting up the Django MongoDB Backend </h2> <p>Follow the steps outlined in the <a href="https://www.mongodb.com/docs/languages/python/django-mongodb/current/get-started/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=using+document+model+with+django+mongodb&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">Getting Started section for the Django MongoDB Backend</a>. This covers:</p> <ul> <li>Installing the Django MongoDB Backend.</li> <li>Configuring MongoDB as your database in settings.py.</li> <li>Creating a sample project and app</li> </ul> <h2> Data modeling in Django </h2> <p>In Django, data is modeled in the form of objects, called models, which represent tables in a relational database or collections in MongoDB. A Django model is the single, definitive source of information about your data. It contains the essential fields and behaviors of the data you’re storing. Generally, each model maps to a single database table.</p> <p>Example:</p> <p>This example model defines a Human, which has a first_name and last_name:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>from django.db import models class Human(models.Model): first_name = models.CharField(max_length=30) last_name = models.CharField(max_length=30) </code></pre> </div> <h2> Designing document models in MongoDB </h2> <p>In MongoDB, <a href="https://www.mongodb.com/docs/manual/data-modeling/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=using+document+model+with+django&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">data modeling</a> is organizing data (could consist of key-value pairs, relational, objects, graph, and geospatial data) flexibly within collections in a database and its related entities. Document modeling supports a flexible schema for data, making it easily adaptable to your application’s needs. Restructuring your schema can help you optimize your queries and can be done as many times as necessary.</p> <p>A document stores data records that share a similar structure within collections.</p> <h3> Key differences to note when modeling data in RDMS and MongoDB </h3> <h4> Tables and collections </h4> <p>A collection in MongoDB is a group of data stored in documents and a table. In RDMS, it’s a collection of related data and it consists of columns and rows.</p> <h4> Rows and documents </h4> <p>Documents in MongoDB group related data together in a collection, and rows store data in relational databases.</p> <h4> Predefined schema and schema-less but structured </h4> <p>With RDBMS, data is strictly stored according to a predefined schema, and as such, the data must be in the required structure. In MongoDB, data is stored in a schema-less but structured format. This means that there is no strict <a href="https://www.mongodb.com/docs/manual/core/schema-validation/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=using+document+model+with+django&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">schema validation</a>. However, schema validation rules can be created in order to ensure that all documents in a collection share a similar structure. </p> <p>Due to the flexible nature of data models in MongoDB, there are various ways to map relationships between different entities in your schema. </p> <p>Main options when modeling data:</p> <ul> <li>Embedding data in the same collection</li> <li>Referencing to connect related data that exists in separate collections</li> </ul> <h3> Relationships between documents in MongoDB </h3> <ul> <li>A one-to-one embedded relationship is modeled by embedding documents within a document, demonstrating documents embedded within the same document.</li> <li>A one-to-many embedded document relationship is modeled by embedded documents, demonstrating one document linked to many documents.</li> <li>A one-to-many relationship is modeled by referencing documents, demonstrating one document linked to many documents.</li> <li>A many-to-many relationship is modeled by referencing documents, demonstrating many documents linked to other related documents.</li> </ul> <p>MongoDB supports flexible data modeling by organizing data within documents with the links between related entities in a database.</p> <h3> The document design process </h3> <p>The document design process consists of the following steps:</p> <ul> <li><p><a href="https://www.mongodb.com/docs/manual/data-modeling/schema-design-process/identify-workload/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=using+document+model+with+django&amp;utm_term=abigail.gbadago#identify-application-workload" rel="noopener noreferrer">Identify your workload</a>: This helps determine the application that runs most frequently which aids in creating effective indexes and minimizes the number of calls the application makes to the database.</p></li> <li><p><a href="https://www.mongodb.com/docs/manual/data-modeling/schema-design-process/map-relationships/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=using+document+model+with+django&amp;utm_term=abigail.gbadago#map-schema-relationships" rel="noopener noreferrer">Map relationships</a>: Mapping relationships is crucial because it determines the relationships of data stored in your documents which is instrumental for faster performance and querying using indexes.</p></li> <li><p><a href="https://www.mongodb.com/docs/manual/data-modeling/schema-design-process/apply-patterns/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=using+document+model+with+django&amp;utm_term=abigail.gbadago#apply-design-patterns" rel="noopener noreferrer">Apply design patterns</a>: Schema design patterns help to optimize your data model based on your application's access patterns. This improves application performance and reduces schema complexity. </p></li> <li><p><a href="https://www.mongodb.com/docs/manual/data-modeling/schema-design-process/create-indexes/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=using+document+model+with+django&amp;utm_term=abigail.gbadago#create-indexes-to-support-your-queries" rel="noopener noreferrer">Create indexes</a>: An index is a data structure that stores the value of a field or specific sets of fields. It supports query patterns and covers a query when the index contains all of the fields scanned and improves query performance.</p></li> </ul> <h3> Define a model </h3> <p>To create a model in a MongoDB collection with the Django MongoDB Backend: <br> Add your model class definitions to your application's models.py file by specifying the fields you want to store and include any model metadata in an inner Meta class. You can also use the <strong>str</strong>() method to define the string representation of your model.</p> <h4> Syntax to define a model </h4> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>class &lt;Model name&gt;(models.Model): &lt;field name&gt; = &lt;data type&gt; # Include additional fields here class Meta: # Include metadata here def __str__(self): </code></pre> </div> <p>For example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>from django.db import models class Human(models.Model): first_name = models.CharField(max_length=50) last_name = models.CharField(max_length=50) age = models.PositiveIntegerField() class Meta: db_table = "human" managed = False def __str__(self): return f"{self.first_name} {self.last_name}" </code></pre> </div> <h2> Knowing when to embed vs reference </h2> <p>When designing your data models, it’s essential to know the relationships between them in order to determine whether to embed or reference while mapping relationships.</p> <p>When related data needs to be retrieved in a single database operation, we generally embed sub-documents or arrays whilst we reference when relationships between data need to be stored using links, from one document to another.</p> <h3> When to embed documents </h3> <p>Embedded documents store related data in a single document structure. A document can contain arrays and sub-documents with related data. These denormalized data models allow applications to retrieve related data in a single database operation.</p> <h4> Why embed? </h4> <p>It helps in denormalization for read performance, thereby reducing duplicated data and the number of joins needed during read operations/$lookup operations.</p> <p>Example: A product catalog where category is embedded into product and types are embedded as an array.</p> <p>Using the Django MongoDB Backend, this translates to:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>from django.db import models from django_mongodb_backend.models import EmbeddedModel from django_mongodb_backend.fields import EmbeddedModelField, EmbeddedModelArrayField class Category(EmbeddedModel): name = models.CharField(max_length=100) class TypeOption(EmbeddedModel): color = models.CharField(max_length=50) size = models.CharField(max_length=10) class Product(models.Model): name = models.CharField(max_length=200) price = models.FloatField() category = EmbeddedModelField(Category) types = EmbeddedModelArrayField(TypeOption) def __str__(self): return self.name </code></pre> </div> <p>An example of the product object in Django:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Embedded models category = Category(name="Clothing") types = [ TypeOption(color="Black", size="L"), TypeOption(color="White", size="XL") ] #Creating the object product = Product.objects.create( _id="p1", name="T‑Shirt", price=15.99, category=category, types=types ) </code></pre> </div> <h3> When to reference documents </h3> <p>References store relationships between data by including links, called references, from one document to another. For example, a customerId field in an orders collection indicates a reference to a document in the customers collection.</p> <p>Applications can resolve these references to access the related data. Broadly, these are normalized data models.</p> <h4> Why reference? </h4> <p>Referencing allows you to reuse data and avoid overbloated documents and nested arrays.</p> <p>Example (one-to-many): <br> Consider we have a customer collection with the following fields:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Create embedded instances customer = CustomerInfo( name="Alice", email="alice@example.com", address="123 Main St" ) items = [ OrderItem(product="T‑Shirt", quantity=2, price=19.99), OrderItem(product="Jeans", quantity=1, price=39.99) ] # Create and save the order order = Order.objects.create( _id="o1001", customer=customer, items=items, total=79.97, orderDate=timezone.make_aware(datetime(2025, 6, 11, 11, 0)) ) print(order) </code></pre> </div> <p>Considering an instance when our data increases or needs to be updated, it will overbloat the document. Hence, we can reference the customerId in the orders collection, making it easier to update our collection as the data keeps increasing and changing, and reduce data duplication. </p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Create Customer instance customer = Customer.objects.create( _id="a123", name="Afi", email="afi@example.com", address="123 MongoDB Street" ) # Create Order instance order = Order.objects.create( _id="o1001", customerId="a123", items=[ OrderItem(product="Tracksuit", quantity=1, price=29.99), OrderItem(product="MongoDB Beanie", quantity=1, price=9.99) ], total=39.99, orderDate=timezone.make_aware(datetime(2025, 8, 11, 10, 0)) ) </code></pre> </div> <h2> Design patterns in the document model </h2> <p>Schema design patterns optimize reads and writes for the document model. We will discuss the:</p> <ul> <li>Bucket Pattern.</li> <li>Outlier Pattern.</li> <li>Subset Pattern.</li> </ul> <h3> Bucket Pattern </h3> <p>The <a href="https://www.mongodb.com/company/blog/building-with-patterns-the-bucket-pattern/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=using+document+model+with+django&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">Bucket Pattern</a> is used to bucket data (time-series or analytics) together. Data is organized into specific groups, increasing the ability to discover historical trends, provide future forecasting, and optimize our use of storage.</p> <p>Example where a bank groups monthly transactions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Embedded transaction instances transactions = [ Transaction(date=date(2025, 8, 1), amount=-50.0, description="Grocery"), Transaction(date=date(2025, 8, 3), amount=-120.0, description="E Energy"), Transaction(date=date(2025, 8, 5), amount=1000.0, description="Paycheck"), ] # MonthlyStatement document bank_statement = MonthlyStatement.objects.create( _id="a123", userId="a123", month="2025-08", transactions=transactions ) </code></pre> </div> <h3> Outlier Pattern </h3> <p>The <a href="https://www.mongodb.com/company/blog/building-with-patterns-the-outlier-pattern/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=using+document+model+with+django&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">Outlier Pattern</a> is useful for data that falls outside the "normal" pattern and needs to be tracked. The significant thing to note is that the outliers show a lot of difference in their data which isn’t considered "normal" and tweaking the application design to accommodate these edge cases can degrade performance for the more typical queries and documents.</p> <p>Example:<br> Let’s say for a normal book entry, we have the following document:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>book = Book.objects.create( _id="a123", title="Some Crime Novel", author="Jane Doe", copiesSold=1500 ) </code></pre> </div> <p>Then, consider this outlier example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>outlier_book = OutlierBook.objects.create( _id="b123", title="Goblet of Fire", author="John Doe", copiesSold=180000000, outlier=True ) </code></pre> </div> <p>We see that the “copiesSold” is very high as compared to the previous entry and as such, the “outlier” field is added to track if it’s an outlier or not.</p> <h3> Subset Pattern </h3> <p>The <a href="https://www.mongodb.com/company/blog/building-with-patterns-the-subset-pattern/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=using+document+model+with+django&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">Subset Pattern</a> addresses the issues that arise when the working set (frequently accessed data) and indexes grow beyond the physical RAM allotted, which can result in information being removed from memory.</p> <p>Example:<br> Let’s use the previous book example (from the Outlier Pattern) but let’s add an embedded array for reviews, where a book can have multiple reviews but a review can belong to only one book. In the case, where the copies sold is 180,000,000, the reviews will be exponentially high and will create a bloated document which affects querying and performance.</p> <p>As such, we can only display the latest reviews per book and put the reviews in a separate collection, as seen below.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#imports # Create review instances reviews = [ Review(reviewId=8212, author="Jess", text="Amazing read for a Potter Head!", date=date(2025, 8, 12)), Review(reviewId=8211, author="Alice", text="Same feeling as the movie!", date=date(2025, 8, 12)) ] # Create the book instance book = Book.objects.create( _id="b123", title="Goblet of Fire", author="John Doe", copiesSold=180000000, outlier=True, recentReviews=reviews ) </code></pre> </div> <p>Separate collection for reviews:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Create review instances reviews = [ Review(reviewId=8212, author="Afi", text="Amazing read for a Potter Head!", date=date(2025, 8, 12)), Review(reviewId=8211, author="Jane", text="Same feeling as the movie!", date=date(2025, 8, 12)) ] # Create the product instance product = Product.objects.create( _id="b123", title="Goblet of Fire", author="John Doe", copiesSold=180000000, outlier=True, recentReviews=reviews ) </code></pre> </div> <h2> Using Django ORM equivalents with the document model </h2> <p>The document model used with Django doesn’t have an ORM. Rather, it integrates directly with Django's model layer and ORM, so your Django <code>models.Model</code> classes map to MongoDB collections and documents, rather than SQL tables.</p> <p>ORM operations—like filtering, lookups, and joins—are converted into MongoDB operations, such as lookups using optimized MongoDB aggregations, JOINs performed with $lookup, index definitions, and other schema-level operations.</p> <p>In the next step, we will be looking at examples of ORM equivalent queries with sample data from the <a href="https://www.mongodb.com/docs/atlas/sample-data/sample-guides/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=using+document+model+with+django&amp;utm_term=abigail.gbadago#std-label-sample-guides" rel="noopener noreferrer">sample_guide dataset</a> that contains documents that represent a planet in our solar system.</p> <p>First, we have to model the data based on the document showed in the sample_samplies dataset to match what we want to use in our models.py file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>from django.db import models from django_mongodb_backend.models import EmbeddedModel from django_mongodb_backend.managers import MongoManager from django_mongodb_backend.fields import ( ArrayField, EmbeddedModelArrayField, EmbeddedModelField ) class Item(EmbeddedModel): name = models.CharField(max_length=100) tags = ArrayField( models.CharField(max_length=50), null=True, blank=True ) price = models.DecimalField(max_digits=10, decimal_places=2) quantity = models.IntegerField() class CustomerInfo(EmbeddedModel): gender = models.CharField(max_length=1) age = models.IntegerField() email = models.EmailField() satisfaction_score = models.IntegerField(null=True, blank=True) class Sale(models.Model): sale_date = models.DateTimeField() items = EmbeddedModelArrayField(Item, null=True, blank=True) store_location = models.CharField(max_length=100) customer = EmbeddedModelField(CustomerInfo) coupon_used = models.BooleanField() purchase_method = models.CharField(max_length=50) objects = MongoManager() class Meta: db_table = "sales" managed = False def __str__(self): return f"Sale at {self.store_location} on {self.sale_date}" </code></pre> </div> <p>After saving this in our models.py, run migrations and insert objects in order to query from the sample_supplies database.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#Imports from sample_supplies.models import Sale, Item, CustomerInfo from django.utils import timezone from datetime import datetime from django_mongodb_backend.managers import MongoManager from django.db.models import Q </code></pre> </div> <p>Example of an item object inserted:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>items = [ Item(name="notepad", tags=["office", "writing", "school"], price=35.29, quantity=2), Item(name="pens", tags=["writing", "office", "school", "stationary"], price=56.12, quantity=5), Item(name="envelopes", tags=["stationary", "office", "general"], price=19.95, quantity=8), Item(name="binder", tags=["school", "general", "organization"], price=14.16, quantity=3), ] </code></pre> </div> <p>Example of a customer object inserted:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>customer = CustomerInfo(gender="F", age=32, email="janedoe@fakemail.com", satisfaction_score=4) </code></pre> </div> <p>Example of a sale object inserted:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sale = Sale.objects.create( _id=ObjectId(), sale_date=timezone.now(), items=items, store_location="Accra", customer=customer, coupon_used=True, purchase_method="Online" ) </code></pre> </div> <h3> Specifying A database query </h3> <p>To query the sample_guide database equivalent to Django ORM queries, we use the <code>QuerySet</code> methods (all(), filter(), get(), exclude(), and raw_aggregate()) on the <code>Sale</code> model manager in a query filter. </p> <p>Examples:</p> <h4> all() </h4> <p>To retrieve all documents from a collection, call the all() method on your model's manager.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Sale.objects.all() </code></pre> </div> <p>Output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;QuerySet [&lt;Sale: Sale at Accra on 2025-08-12 14:50:33.600000+00:00&gt;, &lt;Sale: Sale at London on 2025-08-12 14:51:01.244000+00:00&gt;, &lt;Sale: Sale at Paris on 2025-08-12 14:51:08.573000+00:00&gt;]&gt; </code></pre> </div> <h4> filter() </h4> <p>To query a collection for documents that match a set of criteria, user filter().<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Sale.objects.filter(coupon_used=True) </code></pre> </div> <p>Output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;QuerySet [&lt;Sale: Sale at Accra on 2025-08-12 14:50:33.600000+00:00&gt;, &lt;Sale: Sale at Paris on 2025-08-12 14:51:08.573000+00:00&gt;]&gt; </code></pre> </div> <h4> get() </h4> <p>To retrieve a document that matches a query, use the get() method.<br> You can also use the filter() method and first().<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Sale.objects.filter(purchase_method="Online").first() </code></pre> </div> <p>Output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;Sale: Sale at Accra on 2025-08-12 14:50:33.600000+00:00&gt; </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Sale.objects.get(store_location="Accra") </code></pre> </div> <p>Output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;Sale: Sale at Accra on 2025-08-12 14:50:33.600000+00:00&gt; </code></pre> </div> <h4> exclude() </h4> <p>To query a collection for documents that do not meet your search criteria, call the exclude() method on your model's manager. Pass the exclusion criteria as an argument to the exclude() method.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Sale.objects.exclude(coupon_used="True") </code></pre> </div> <p>Output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;QuerySet [&lt;Sale: Sale at London on 2025-08-12 14:51:01.244000+00:00&gt;]&gt; </code></pre> </div> <h4> $Lookups within EmbeddedModelArray field </h4> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Sale.objects.filter(items__price__gt=30.00) </code></pre> </div> <p>Output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;QuerySet [&lt;Sale: Sale at Accra on 2025-08-09 08:50:33.600000+00:00&gt;, &lt;Sale: Sale at London on 2025-08-10 14:51:01.244000+00:00&gt;, &lt;Sale: Sale at Paris on 2025-08-10 10:51:08.573000+00:00&gt;, &lt;Sale: Sale at Paris on 2025-08-10 17:47:13.089000+00:00&gt;, &lt;Sale: Sale at Lisbon on 2025-08-10 17:47:40.027000+00:00&gt;]&gt; </code></pre> </div> <h4> Query a primary key field </h4> <p>You can use the pk lookup shortcut to query primary key values, which MongoDB stores as ObjectId values.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Sale.objects.get(pk=ObjectId("593a1394f29313caabce0d37")) </code></pre> </div> <p>Output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;Sale: Sale at Sao Tome on 2025-08-12 17:53:11.343000+00:00&gt; </code></pre> </div> <h4> Q object </h4> <p>You can use Q objects to run queries with multiple sets of matching criteria. To create a Q object, pass your query filter to the Q() method. You can pass multiple Q objects as arguments to your query method and separate each Q object by an OR (|), AND (&amp;), or XOR (^) operator.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Sale.objects.filter( (Q(store_location__startswith="Sao Tome") | Q(store_location__startswith="Accra")) ) </code></pre> </div> <p>Output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;QuerySet [&lt;Sale: Sale at Accra on 2025-08-12 14:50:33.600000+00:00&gt;, &lt;Sale: Sale at Sao Tome on 2025-08-12 17:53:11.343000+00:00&gt;, &lt;Sale: Sale at Accra on 2025-08-12 17:58:41.477000+00:00&gt;]&gt; </code></pre> </div> <h2> Grouping and aggregations </h2> <p>An <a href="https://www.mongodb.com/docs/manual/core/aggregation-pipeline/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=using+document+model+with+django&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">aggregation pipeline</a> consists of one or more stages that process documents. Each stage performs an operation on the input documents. For example, a stage can filter documents, group documents, calculate values, and output documents from one stage to the next. For example, return the total, average, maximum, and minimum values.</p> <h3> Performing raw aggregate on a QuerySet </h3> <p>If you want to run complex queries that Django's query API does not support, you can use the raw_aggregate() method. This method allows you to specify your query criteria in a MongoDB aggregation pipeline, which you pass as an argument to raw_aggregate().</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sales= Sale.objects.raw_aggregate([ {"$match": {"store_location": "Accra"}}, {"$project": { "title": 1, "released": 1 } }]) for s in sales: print(f"Sales at the store location in {s.store_location} on the date: {s.sale_date}\n") </code></pre> </div> <p>Output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Sales at the store location in Accra on the date: 2025-08-12 14:50:33.600000+00:00 Sales at the store location in Accra on the date: 2025-08-12 17:58:41.477000+00:00 Sales at the store location in Accra on the date: 2025-08-12 20:00:50.157000+00:00 </code></pre> </div> <h2> Best practices when modeling data in MongoDB </h2> <ul> <li>Avoid deeply nested documents—know when to embed or reference.</li> <li>Understand your data and try to think ahead in terms of scaling so that your queries work efficiently using indexes.</li> <li>Use pagination when working with large data to avoid unnecessary scrolling.</li> </ul> <h2> Conclusion </h2> <p>The document model provides an efficient way of flexibly structuring your data and helps improve query responses and efficiency when done correctly. Keep in mind that embedding isn’t always bad (it depends on the use case), and referencing isn’t always the bad guy just because you want to swerve JOINS or $lookups. They all serve a purpose to fit your application needs—that’s why you need to understand your data in order to model data efficiently. Have you tried the document model yet? If yes, how was the experience? If no, give it a try and let’s discuss. Check the resources below for more information.</p> <h2> Resources </h2> <ul> <li> <a href="https://www.mongodb.com/docs/manual/data-modeling/concepts/embedding-vs-references/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=using+document+model+with+django&amp;utm_term=abigail.gbadago#std-label-data-modeling-referencing" rel="noopener noreferrer">Embedded Data Versus References</a> </li> <li><a href="https://www.mongodb.com/docs/languages/python/django-mongodb/current/model-data/models/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=using+document+model+with+django&amp;utm_term=abigail.gbadago#define-a-model" rel="noopener noreferrer">Defining models: Django MongoDB Backend</a></li> <li> <a href="https://www.mongodb.com/docs/manual/data-modeling/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=using+document+model+with+django&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">Data modeling in MongoDB</a> </li> <li><a href="https://www.mongodb.com/docs/languages/python/django-mongodb/v5.1/interact-data/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=using+document+model+with+django&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">Interact with Data</a></li> </ul> Abigail Afi Gbadago Thu, 07 Aug 2025 13:44:30 +0000 https://forem.com/mongodb/accessing-data-with-django-mongodb-backend-queries-to-aggregation-pipelines-3m32 https://forem.com/mongodb/accessing-data-with-django-mongodb-backend-queries-to-aggregation-pipelines-3m32 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9kxd1u5paf6i92y77xau.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9kxd1u5paf6i92y77xau.png" alt="Image showing accessing data"></a></p> <h2> Why use MongoDB with Django? </h2> <p>The MongoDB document model goes well with Django's mission to “encourage rapid development and clean, pragmatic design.” The concept of MongoDB’s document model reflects how developers think about and structure their data in code when it comes to a Django model and a MongoDB document. MongoDB allows Django developers to create their models in a whole different way, especially in modern applications, which include hierarchical, semi-structured, and rapidly evolving data structures. As such, developers won’t need to use too many JOINs in various use cases, as data that is accessed together should be stored together.</p> <p>While Django was built for RDMS, using non-relational databases such as MongoDB provides advantages such as schema flexibility, aggregation pipelines, dynamic/nested data structures, high speed I/O operations, and easier scaling options since it’s designed to scale horizontally with shards with less overhead. </p> <p>In this tutorial, we will be accessing and aggregating data using the Django MongoDB Backend.</p> <h2> Setting up Django with MongoDB </h2> <h3> Connecting Django to MongoDB </h3> <p>There are different ways of using Python/Django with MongoDB, such as:</p> <ul> <li>PyMongo—the native python driver for MongoDB (not an ORM).</li> <li>MongoEngine—a community-backed Object Document Mapper (ODM) for MongoDB which leverages PyMongo.</li> <li>Django MongoDB Backend.</li> </ul> <h3> Prerequisites </h3> <ul> <li>Python &gt;= 3.10</li> <li><a href="https://docs.djangoproject.com/en/5.2/topics/install/#installing-an-official-release-with-pip" rel="noopener noreferrer">Django</a></li> <li>A virtual environment—(Example: <code>python3.13 -m venv venv</code>)</li> <li><a href="https://www.mongodb.com/docs/languages/python/django-mongodb/current/get-started/install/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=accessing+data+django&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">Django MongoDB Backend</a></li> </ul> <h3> Installation and setup </h3> <p>To set up and connect to a MongoDB instance using the Django MongoDB Backend, kindly <a href="https://www.mongodb.com/docs/languages/python/django-mongodb/current/get-started/install/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=accessing+data+django&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">visit the docs</a> and follow through to <a href="https://www.mongodb.com/docs/languages/python/django-mongodb/current/get-started/connect-mongodb/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=accessing+data+django&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">create a Django project</a>. </p> <p>After creating your Django project, you should see the “Congratulations!” message and an image of a rocket when you access <a href="http://127.0.0.1:8000/" rel="noopener noreferrer">http://127.0.0.1:8000/</a> after starting your server.</p> <p>You should see the quickstart directory, along with a venv folder, mongo_migrations, manage.py, and the README file.</p> <h3> Creating the application in the Django project </h3> <p>In this section, we will:</p> <ul> <li>Create an application in our Django project using the <a href="https://www.mongodb.com/docs/atlas/sample-data/sample-mflix/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=accessing+data+django&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">sample_mflix</a> database. Take a few minutes to analyze the data in the collection because that will be used to create documents in our Django MongoDB models.py file. </li> <li>Look at a use-case of creating a movie model with embedded awards.</li> <li>Perform CRUD operations: create, query, update nested documents on the model.</li> </ul> <h4> Creating the Django app with the custom MongoDB template </h4> <ul> <li>From the root directory in your Django project, run the following command to create a new Django app (in this case, called cine_flix) based on a custom Django MongoDB template: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>python manage.py startapp cine_flix --template </code></pre> </div> <ul> <li>The django-mongodb-app template ensures that your app.py file includes the line </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>default_auto_field = 'django_mongodb_backend.fields.ObjectIdAutoField' </code></pre> </div> <p>because Django natively uses default integer, id whilst MongoDB natively uses ObjectId, _id. As such, if we skip that, we may end up with misaligned primary key types, which will affect the migrations applied or Django admin-related operations. If you did not use the template, make sure you’ve followed the steps in configuring a project to use Django MongoDB Backend. </p> <ul> <li>After executing the command, you will see your cine_flix app nested in the root directory.</li> </ul> <h4> Look at a use-case using the Movie model which has an embedded array (Genres) as a MongoDB Django model example </h4> <p>We will model our data based on the sample_mflix data. </p> <p>To do this, open the models.py file in the cine_flix directory and replace its contents with the following code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>from django.db import models from django.conf import settings from django_mongodb_backend.fields import EmbeddedModelField, ArrayField from django_mongodb_backend.models import EmbeddedModel class Award(EmbeddedModel): wins = models.IntegerField(default=0) nominations = models.IntegerField(default=0) text = models.CharField(max_length=100) class Movie(models.Model): title = models.CharField(max_length=200) plot = models.TextField(blank=True) runtime = models.IntegerField(default=0) released = models.DateTimeField("release date", null=True, blank=True) awards = EmbeddedModelField(Award, null=True, blank=True) genres = ArrayField(models.CharField(max_length=100), null=True, blank=True) class Meta: db_table = "movies" managed = False def __str__(self): return self.title class Viewer(models.Model): name = models.CharField(max_length=100) email = models.CharField(max_length=200) class Meta: db_table = "users" managed = False def __str__(self): return self.name </code></pre> </div> <p>The model contains:</p> <ul> <li>An embedded model field named awards, which stores an Award object.</li> <li>An array field named genres, which stores a list of genres that describe the movie.</li> <li>A Viewer model which stores account information for movie viewers.</li> <li>The Award model represents embedded document values stored in the Movie model.</li> </ul> <p>Now, save the models.py file and let’s go populate our views.py file.</p> <h4> Django views </h4> <p>A Django view is a Python function or class that takes an HTTP request and returns an HTTP response—typically rendering data (e.g., from our models.py file) via a template or returning other responses like JSON. Views enable us with data via endpoints that perform CRUD operations (create, read/query, update, and delete nested documents).</p> <p>In the views.py file in the cine_flix directory, add the following lines of code to create views that display data:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>from django.http import HttpResponse from django.shortcuts import render from .models import Movie, Viewer def index(request): return HttpResponse("Hello, world.") def recent_movies(request): movies = Movie.objects.order_by("-released")[:5] return render(request, "recent_movies.html", {"movies": movies}) def viewers_list(request): viewers = Viewer.objects.order_by("name")[:5] return render(request, "viewers_list.html", {"viewers": viewers}) </code></pre> </div> <p>These views display a landing page message and information about your Movie and Viewer models.</p> <h4> Configuring URLs for Django views </h4> <p>Create a new file called urls.py file in the root of your cine_flix directory. To connect the views we created in the previous step to URLs, paste the following code into urls.py.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>from django.urls import path from . import views urlpatterns = [ path("recent_movies/", views.recent_movies, name="recent_movies"), path("viewers_list/", views.viewers_list, name="viewers_list"), path("", views.index, name="index"), ] </code></pre> </div> <p>After that, find the other urls.py file in the project folder—which, in this case, is quickstart, so the path will be the quickstart/urls.py file. Then, add this line of code and save the file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>path("", include("cine_flix.urls")), </code></pre> </div> <p>And the final urls.py will look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>from django.contrib import admin from django.urls import include, path urlpatterns = [ path("admin/", admin.site.urls), path("", include("cine_flix.urls")), ] </code></pre> </div> <h4> Django templates </h4> <p>Templates act as a separation between your Django application logic and presentation of data. They render data in the form of UI for users to interact with.</p> <p>In your cine_flix app directory, create a subdirectory called templates, which will store all data which will be rendered via HTML files. </p> <p>Then, create a file called recent_movies.html, paste the following code, and save:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;!-- templates/recent_movies.html --&gt; &lt;!DOCTYPE html&gt; &lt;html lang="en"&gt; &lt;head&gt; &lt;meta charset="UTF-8"&gt; &lt;meta name="viewport" content="width=device-width, initial-scale=1.0"&gt; &lt;title&gt;Recent Movies&lt;/title&gt; &lt;/head&gt; &lt;body&gt; &lt;h1&gt;Five Most Recent Movies&lt;/h1&gt; &lt;ul&gt; {% for movie in movies %} &lt;li&gt; &lt;strong&gt;{{ movie.title }}&lt;/strong&gt; (Released: {{ movie.released }}) &lt;/li&gt; {% empty %} &lt;li&gt;No movies found.&lt;/li&gt; {% endfor %} &lt;/ul&gt; &lt;/body&gt; &lt;/html&gt; </code></pre> </div> <p>This template formats the movie data requested by the recent_movies view.</p> <p>After, create another file in the cine_flix/templates directory called viewers_list.html, paste the following code, and save:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;!-- templates/viewers_list.html --&gt; &lt;!DOCTYPE html&gt; &lt;html lang="en"&gt; &lt;head&gt; &lt;meta charset="UTF-8"&gt; &lt;meta name="viewport" content="width=device-width, initial-scale=1.0"&gt; &lt;title&gt;Viewers List&lt;/title&gt; &lt;/head&gt; &lt;body&gt; &lt;h1&gt;Alphabetical Viewers List&lt;/h1&gt; &lt;table&gt; &lt;thead&gt; &lt;tr&gt; &lt;th&gt;Name&lt;/th&gt; &lt;th&gt;Email&lt;/th&gt; &lt;/tr&gt; &lt;/thead&gt; &lt;tbody&gt; {% for viewer in viewers %} &lt;tr&gt; &lt;td&gt;{{ viewer.name }}&lt;/td&gt; &lt;td&gt;{{ viewer.email }}&lt;/td&gt; &lt;/tr&gt; {% empty %} &lt;tr&gt; &lt;td colspan="2"&gt;No viewer found.&lt;/td&gt; &lt;/tr&gt; {% endfor %} &lt;/tbody&gt; &lt;/table&gt; &lt;/body&gt; &lt;/html&gt; </code></pre> </div> <p>This template formats the user data requested by the viewers_list view.</p> <h4> Register the cine_flix app </h4> <p>At this point, we need to tell Django to register the cine_flix app, from models and migrations to templates and admin. To do that, open the settings.py file in the quickstart project and add this line of code to the top of the INSTALLED_APPS setting to resemble the following code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>INSTALLED_APPS = [ ''cine_flix.apps.CineFlixConfig', 'quickstart.apps.MongoAdminConfig', 'quickstart.apps.MongoAuthConfig', 'quickstart.apps.MongoContentTypesConfig', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', ] </code></pre> </div> <h3> Run migrations </h3> <p>From your project root (in your terminal, you should run these commands in the project directory), create migrations for the Movie, Award, and Viewer models and apply the changes to the database:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>python manage.py makemigrations cine_flix python manage.py migrate </code></pre> </div> <p>After, you should see the migrations applied with OK statuses.</p> <p>At this point, we have a basic Django MongoDB Backend app that can access the sample_mflix MongoDB Atlas database.</p> <p>Now, let’s create and interact with data via CRUD operations.</p> <h3> Perform CRUD operations: create, read/query, update, delete nested documents </h3> <p>To perform CRUD operations, we need to use the Python interactive shell on our model objects.</p> <p>To start the Python shell, run the following command in the terminal:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>python manage.py shell </code></pre> </div> <p>Then import the required classes and modules with the following lines of code from your Python shell:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>from cine_flix.models import Movie, Award, Viewer from django.utils import timezone from datetime import datetime </code></pre> </div> <h4> Create a Movie object </h4> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>movie_awards = Award(wins=9, nominations=11, text="Won 7 Oscars") movie = Movie.objects.create( title="Everything Everywhere All at Once", plot="Evelyn Wang, a Chinese‑American laundromat owner, finds herself swept into a multiversal adventure to prevent the collapse of existence, exploring alternate lives she could’ve led—all while dealing with family dysfunction and mid‑life malaise", runtime=132, released=timezone.make_aware(datetime(2024, 6, 22)), awards=movie_awards, genres=["Adventure", "Comedy"] ) movie_awards = Award(wins=14, nominations=6, text="Won 8 Oscars") movie2 = Movie.objects.create( title="Mad Max: Fury Road", plot="In a brutal post‑apocalyptic wasteland, Imperator Furiosa helps five women escape from a tyrant; she joins forces with Max Rockatansky in a high-octane chase across the desert in the armored War Rig", runtime=120, released=timezone.make_aware(datetime(2015, 5, 15)), awards=movie_awards, genres=["Action", "Adventure"] ) </code></pre> </div> <h4> Insert a Viewer object into the database </h4> <p>You can also use your Viewer model to insert documents into the sample_mflix.users collection. Run the following code to create a Viewer object that stores data about a movie viewer named "Alex Carter":<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>viewer = Viewer.objects.create( name="Alex Carter", email="Alex Carter@fakegmail.com" ) viewer = Viewer.objects.create( name="Solomon Cruz", email="solomoncruz@fakegmail.com" ) </code></pre> </div> <h4> Query (Read) </h4> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Viewer.objects.filter(email="alexcarter@fakegmail.com").first() </code></pre> </div> <h4> Update </h4> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>movie.runtime = 117 movie.save() We can verify the update by running: &gt;&gt;&gt; query = Movie.objects.filter(runtime=117) &gt;&gt;&gt; print(query) </code></pre> </div> <p>This returns ]&gt; as the result since the movie Everything Everywhere All at Once had its runtime updated from 132 to 117.</p> <h4> Delete </h4> <p>One movie viewer named "Solomon Cruz" no longer uses the movie streaming site. To remove this viewer's corresponding document from the database, run the following code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>old_viewer = Viewer.objects.filter(name="Solomon Cruz").first() old_viewer.delete() </code></pre> </div> <h4> Exiting the Python Shell </h4> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>exit() </code></pre> </div> <h4> Running your server </h4> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>python manage.py runserver </code></pre> </div> <h4> Render your new objects </h4> <p>To ensure that you inserted a Movie object into the database, visit <a href="http://127.0.0.1:8000/recent_movies/" rel="noopener noreferrer">http://127.0.0.1:8000/recent_movies/</a>. You can see the two movies we added via the shell.</p> <p>Then, ensure that you inserted a Viewer object into the database by visiting <a href="http://127.0.0.1:8000/viewers_list/" rel="noopener noreferrer">http://127.0.0.1:8000/viewers_list/</a>. You can see the one viewer name because we deleted one in the previous step.</p> <h3> Querying embedded models and arrays </h3> <ul> <li>Filter with the dot notation on an embedded model. Dot notation example: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt;&gt;&gt; selected_movie = Movie.objects.filter(awards__wins__gt=7) &gt;&gt;&gt; print(selected_movie) &gt;&gt;&gt; &lt;QuerySet [&lt;Movie: Everything Everywhere All at Once&gt;, &lt;Movie: Mad Max: Fury Road&gt;]&gt; </code></pre> </div> <p>The output is Mad Max: Fury Road since it has an award win of 14. The double underscores act just like dot notation internally with Django.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fes9x321gvl01rim3e0rl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fes9x321gvl01rim3e0rl.png" alt="Image showing querying via the dot notation/double underscores"></a></p> <ul> <li>Find the specific genre within the Genres array. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt;&gt;&gt; Movie.objects.filter(genres__contains=["Action"]) &gt;&gt;&gt; &lt;MongoQuerySet [&lt;Movie: Mad Max: Fury Road&gt;]&gt; </code></pre> </div> <p>The output is <code>MongoQuerySet [&lt;Movie: Mad Max: Fury Road&gt;]</code> since it matches the Movie object containing the value of Action in the Genres array.</p> <ul> <li>Find more than one genre within a movie object. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt;&gt;&gt; Movie.objects.filter(genres__contains=["Comedy", "Adventure"]) &gt;&gt;&gt; &lt;MongoQuerySet [&lt;Movie: Everything Everywhere All at Once&gt;]&gt; The output is &lt;MongoQuerySet [&lt;Movie: Everything Everywhere All at Once&gt;]&gt; </code></pre> </div> <ul> <li>Update the movie object with a specific genre. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt;&gt;&gt; updated_genre = Movie.objects.filter(title="Everything Everywhere All at Once").update(genres=["Thriller"]) </code></pre> </div> <p>To verify, run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Movie.objects.filter(title="Everything Everywhere All at Once").values('title', 'genres').first() </code></pre> </div> <p>The output is {'title': 'Everything Everywhere All at Once', 'genres': ['Thriller']}.</p> <h4> Challenges </h4> <p>As the data grows, there may be challenges in filtering, sorting, or aggregating data within <a href="https://www.mongodb.com/docs/atlas/schema-suggestions/avoid-unbounded-arrays/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=accessing+data+django&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">large arrays</a>. As such, try to restructure large arrays by separating or capping them, and specific subfields should be indexed to enable faster lookups to reduce slower queries.</p> <h4> Overview of MongoDB’s aggregation pipeline </h4> <p>MongoDB’s aggregation pipeline consists of one or more stages that process documents. Each stage performs an operation on the input documents. For example, a stage can filter documents, group documents, and calculate values. The documents that are output from a stage are passed to the next stage.</p> <p>You may be familiar with the aggregation pipeline, however, that has been included on the Django MongoDB Backend now. This allows you to use our MongoDB specific operations outside of the constraints of typical Django lookup queries.</p> <p>Examples of such cases are:</p> <ul> <li><p>Performing lookups using the <a href="https://www.mongodb.com/docs/atlas/atlas-search/near/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=accessing+data+django&amp;utm_term=abigail.gbadago#near-operator" rel="noopener noreferrer">$near geospatial Operator</a> in MongoDB, but it’s not available in Django. </p></li> <li><p><a href="https://www.mongodb.com/docs/atlas/schema-suggestions/avoid-unbounded-arrays/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=accessing+data+django&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">Hybrid Search</a> which couples the precision of text search with the semantic understanding of vector search to deliver the most relevant answers to end users.</p></li> <li><p>Hyper-optimized queries which use MongoDB native operators to improve the efficiency of read operations by reducing the amount of data that query operations need to process.</p></li> </ul> <h4> Raw MongoDB Django aggregation example </h4> <p>Let’s run an aggregation pipeline to determine the average runtime of the movies in our collection.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>from cine_flix.models import Movie pipeline = [ {"$match": {"genres": "Adventure"}}, {"$group": {"_id": None, "avg_runtime": {"$avg": "$runtime"}}} ] agg_query = Movie.objects.raw_aggregate(pipeline) for result in agg_query: print("Average runtime:", result.avg_runtime) </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fodaw11qzv8rhrln80ryz.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fodaw11qzv8rhrln80ryz.png" alt="Image showing querying via an aggregation pipeline"></a></p> <p>Using the Django MongoDB Backend views, you can also implement the pipeline inside your views.py by adding these lines of code to your views.py:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>def avg_runtime_view(request): pipeline = [ {"$match": {"genres": "Adventure"}}, {"$group": {"_id": None, "avg_runtime": {"$avg": "$runtime"}}} ] agg_query = Movie.objects.raw_aggregate(pipeline) avg = agg_query[0].avg_runtime if agg_query else None return render(request, "average_runtime.html", {"avg_runtime": avg}) </code></pre> </div> <p>After, create an average_runtime.html template in the Templates folder and add these lines of code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;!DOCTYPE html&gt; &lt;html lang="en"&gt; &lt;head&gt; &lt;meta charset="UTF-8"&gt; &lt;meta name="viewport" content="width=device-width, initial-scale=1.0"&gt; &lt;title&gt;Recent Movies&lt;/title&gt; &lt;/head&gt; &lt;body&gt; &lt;h1&gt;Average Runtime for Adventure Movies&lt;/h1&gt; {% if avg_runtime is not None %} &lt;p&gt;The average runtime is &lt;strong&gt;{{ avg_runtime }}&lt;/strong&gt; minutes.&lt;/p&gt; {% else %} &lt;p&gt;No data found.&lt;/p&gt; {% endif %} &lt;/body&gt; &lt;/html&gt; </code></pre> </div> <p>Lastly, I added the URL to the app’s urls.py file.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> path("avg-runtime/", views.avg_runtime_view, name="avg_runtime"), </code></pre> </div> <p>Then, run the server using Python manage.py runserver. We see the output displayed in the image below of the average runtime result from the pipeline.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkqd0cnxp5isz3gbybp9u.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkqd0cnxp5isz3gbybp9u.png" alt="Image showing average runtime for adventure movies"></a></p> <h2> Best practices when working with data </h2> <ul> <li>Endeavor to keep embedded arrays in a manageable size to avoid bloated documents.</li> <li>Model your data properly to suit your query patterns so that aggregation or pipeline stages work efficiently.</li> <li>Use caching and pagination for aggregated data to reduce server load and increase performance with large datasets.</li> </ul> <h2> Conclusion </h2> <p>In this tutorial, we looked at accessing data with the Django MongoDB Backend, setting up and installation of the Django MongoDB Backend, creating an application within a Django project, CRUD methods on the Movie object, challenges, raw aggregation and best practices when working with data.</p> <p>Using the Django MongoDB Backend to access data is an efficient way to work with data—related data is stored together (even with varying document structures)—so try it out and let me know.</p> <p>If you have any questions, feel free to reach out to our community: <a href="https://www.mongodb.com/community/forums/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=accessing+data+django&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">MongoDB Community Forum</a>.</p> <h2> Resources </h2> <ul> <li> <a href="https://dev.to/mongodb/django-mongodb-backend-quickstart-4o89">Django MongoDB Quickstart Tutorial</a> </li> <li><a href="https://docs.djangoproject.com/en/5.2/topics/install/#installing-an-official-release-with-pip" rel="noopener noreferrer">How to install Django</a></li> <li> <a href="https://www.mongodb.com/docs/atlas/sample-data/sample-mflix/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=accessing+data+django&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">Sample Mflix Dataset</a> </li> <li><a href="https://www.mongodb.com/docs/languages/python/django-mongodb/current/get-started/connect-mongodb/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=accessing+data+django&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">Configure Your MongoDB Connection</a></li> <li><a href="https://www.mongodb.com/docs/manual/tutorial/query-array-of-documents/?utm_campaign=devrel&amp;utm_source=third-party-content&amp;utm_medium=cta&amp;utm_content=accessing+data+django&amp;utm_term=abigail.gbadago" rel="noopener noreferrer">Query an Array of Embedded Documents</a></li> </ul> django mongodb data queries