django-expert

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Django Expert

Django 开发专家

Overview

概述

This skill provides expert guidance for Django backend development with comprehensive coverage of models, views, Django REST Framework, forms, authentication, testing, and performance optimization. It follows official Django best practices and modern Python conventions to help you build robust, maintainable applications.

Key Capabilities:

Model design with optimal ORM patterns
View implementation (FBV, CBV, DRF viewsets)
Django REST Framework API development
Query optimization and performance tuning
Authentication and permissions
Testing strategies and patterns
Security best practices

本技能为Django后端开发提供专业指导，全面覆盖模型、视图、Django REST Framework、表单、身份验证、测试及性能优化等内容。遵循Django官方最佳实践和现代Python规范，帮助你构建健壮、可维护的应用程序。

核心功能：

采用最优ORM模式的模型设计
视图实现（FBV、CBV、DRF视图集）
Django REST Framework API开发
查询优化与性能调优
身份验证与权限管理
测试策略与模式
安全最佳实践

When to Use

适用场景

Invoke this skill when you encounter these triggers:

Model & Database Work:

"Create a Django model for..."
"Optimize this queryset/database query"
"Generate migrations for..."
"Design database schema for..."
"Fix N+1 query problem"

View & API Development:

"Create an API endpoint for..."
"Build a Django view that..."
"Implement DRF serializer/viewset"
"Add filtering/pagination to API"

Authentication & Security:

"Implement authentication/permissions"
"Create custom user model"
"Secure this endpoint/view"

Testing & Quality:

"Write tests for this Django app"
"Debug this Django error/issue"
"Review Django code for issues"

Performance & Optimization:

"This Django view is slow"
"Optimize database queries"
"Add caching to..."

Production Deployment:

"Deploy Django to production"
"Configure Django for production"
"Set up HTTPS/SSL for Django"
"Production settings checklist"
"Configure production database/cache"

当你遇到以下场景时，可调用本技能：

模型与数据库相关工作：

"为……创建Django模型"
"优化这个查询集/数据库查询"
"为……生成迁移文件"
"为……设计数据库架构"
"修复N+1查询问题"

视图与API开发：

"为……创建API端点"
"构建一个实现……功能的Django视图"
"实现DRF序列化器/视图集"
"为API添加过滤/分页功能"

身份验证与安全：

"实现身份验证/权限控制"
"创建自定义用户模型"
"保护这个端点/视图"

测试与质量保障：

"为这个Django应用编写测试"
"调试这个Django错误/问题"
"审查Django代码中的问题"

性能与优化：

"这个Django视图运行缓慢"
"优化数据库查询"
"为……添加缓存"

生产部署：

"将Django部署到生产环境"
"配置Django生产环境"
"为Django设置HTTPS/SSL"
"生产环境配置检查清单"
"配置生产环境数据库/缓存"

Instructions

操作流程

Follow this workflow when handling Django development requests:

处理Django开发请求时，请遵循以下工作流程：

1. Analyze the Request and Gather Context

1. 分析请求并收集上下文

Identify the task type:

Model design (database schema, relationships, migrations)
View/API development (FBV, CBV, DRF viewsets, serializers)
Query optimization (N+1 problems, database performance)
Authentication/permissions (user models, access control)
Testing (unit tests, integration tests, fixtures)
Security review (CSRF, XSS, SQL injection, permissions)
Production deployment (settings, HTTPS, database, caching, monitoring)
Template rendering (Django templates, context processors)

Leverage available context:

If
```
django-ai-boost
```
MCP server is available, use it to understand project structure and existing patterns
Read relevant existing code to understand conventions
Check Django version for compatibility considerations

识别任务类型：

模型设计（数据库架构、关系、迁移）
视图/API开发（FBV、CBV、DRF视图集、序列化器）
查询优化（N+1问题、数据库性能）
身份验证/权限（用户模型、访问控制）
测试（单元测试、集成测试、测试数据）
安全审查（CSRF、XSS、SQL注入、权限）
生产部署（配置、HTTPS、数据库、缓存、监控）
模板渲染（Django模板、上下文处理器）

利用可用上下文：

如果
```
django-ai-boost
```
MCP服务器可用，使用它了解项目结构和现有模式
阅读相关现有代码以理解编码规范
检查Django版本以确保兼容性

2. Load Relevant Reference Documentation

2. 加载相关参考文档

Based on the task type, reference the appropriate bundled documentation:

Models/ORM work ->
```
references/models-and-orm.md
```
- Model design patterns and field choices
- Relationship configurations (ForeignKey, ManyToMany)
- Custom managers and QuerySet methods
- Migration strategies
View/API development ->
```
references/views-and-urls.md
```
+
```
references/drf-guidelines.md
```
- FBV vs CBV decision criteria
- DRF serializers, viewsets, and routers
- URL configuration patterns
- Middleware and request/response handling
Performance issues ->
```
references/performance-optimization.md
```
- Query optimization techniques (select_related, prefetch_related)
- Caching strategies (Redis, Memcached, database caching)
- Database indexing and query profiling
- Connection pooling and async patterns
Production deployment ->
```
references/production-deployment.md
```
- Critical settings (DEBUG, SECRET_KEY, ALLOWED_HOSTS)
- HTTPS and SSL/TLS configuration
- Database and cache configuration
- Static/media file serving
- Error monitoring and logging
- Deployment process and health checks
Security concerns ->
```
references/security-checklist.md
```
- CSRF/XSS/SQL injection prevention
- Authentication and authorization patterns
- Secure configuration practices
- Input validation and sanitization
Testing tasks ->
```
references/testing-strategies.md
```
- Test structure and organization
- Fixtures and factories
- Mocking external dependencies
- Coverage and CI/CD integration

根据任务类型，参考相应的内置文档：

模型/ORM相关工作 ->
```
references/models-and-orm.md
```
- 模型设计模式与字段选择
- 关系配置（ForeignKey、ManyToMany）
- 自定义管理器与QuerySet方法
- 迁移策略
视图/API开发 ->
```
references/views-and-urls.md
```
+
```
references/drf-guidelines.md
```
- FBV与CBV的选择标准
- DRF序列化器、视图集与路由
- URL配置模式
- 中间件与请求/响应处理
性能问题 ->
```
references/performance-optimization.md
```
- 查询优化技巧（select_related、prefetch_related）
- 缓存策略（Redis、Memcached、数据库缓存）
- 数据库索引与查询分析
- 连接池与异步模式
生产部署 ->
```
references/production-deployment.md
```
- 关键配置（DEBUG、SECRET_KEY、ALLOWED_HOSTS）
- HTTPS与SSL/TLS配置
- 数据库与缓存配置
- 静态/媒体文件服务
- 错误监控与日志
- 部署流程与健康检查
安全相关问题 ->
```
references/security-checklist.md
```
- CSRF/XSS/SQL注入防护
- 身份验证与授权模式
- 安全配置实践
- 输入验证与清理
测试任务 ->
```
references/testing-strategies.md
```
- 测试结构与组织
- 测试数据与工厂模式
- 模拟外部依赖
- 测试覆盖率与CI/CD集成

3. Implement Following Django Best Practices

3. 遵循Django最佳实践实现

Code quality standards:

Follow PEP 8 and Django coding style
Use Django built-ins over third-party packages when possible
Keep views thin, use services/managers for business logic
Write descriptive variable names and add docstrings for complex logic
Handle errors gracefully with appropriate exceptions

Django-specific patterns:

Use
```
select_related()
```
for FK/OneToOne,
```
prefetch_related()
```
for reverse FK/M2M
Leverage class-based views and mixins for code reuse
Use Django forms/serializers for validation
Follow Django's migration workflow (never edit applied migrations)
Use Django's built-in security features (CSRF tokens, auth decorators)

API development (DRF):

Use ModelSerializer for standard CRUD operations
Implement proper pagination and filtering
Use appropriate permission classes
Follow RESTful conventions for endpoints
Version APIs when making breaking changes

代码质量标准：

遵循PEP 8与Django编码风格
尽可能使用Django内置功能而非第三方包
保持视图轻量化，使用服务/管理器处理业务逻辑
使用描述性变量名，并为复杂逻辑添加文档字符串
通过适当的异常优雅处理错误

Django特定模式：

对FK/OneToOne关系使用
```
select_related()
```
，对反向FK/M2M关系使用
```
prefetch_related()
```
利用基于类的视图与混合类实现代码复用
使用Django表单/序列化器进行验证
遵循Django迁移工作流（切勿编辑已应用的迁移文件）
使用Django内置安全功能（CSRF令牌、身份验证装饰器）

API开发（DRF）：

针对标准CRUD操作使用ModelSerializer
实现适当的分页与过滤
使用合适的权限类
遵循RESTful端点规范
进行破坏性更改时为API添加版本控制

4. Validate and Test

4. 验证与测试

Before presenting the solution:

Code review:

Check for N+1 query problems (use Django Debug Toolbar mentally)
Verify proper error handling and edge cases
Ensure security best practices are followed
Confirm migrations are clean and reversible

Testing considerations:

Suggest or write appropriate tests for new functionality
Verify test coverage for critical paths
Check that fixtures/factories are maintainable

Performance check:

Review database queries for efficiency
Consider caching opportunities
Verify proper use of database indexes

在提供解决方案之前：

代码审查：

检查是否存在N+1查询问题（可在脑中模拟使用Django Debug Toolbar）
验证错误处理与边界情况是否得当
确保遵循安全最佳实践
确认迁移文件干净且可回滚

测试考量：

建议或为新功能编写适当的测试
验证关键路径的测试覆盖率
确保测试数据/工厂模式可维护

性能检查：

审查数据库查询的效率
考虑缓存机会
验证数据库索引的正确使用

Bundled Resources

内置资源

references/ - Comprehensive Django documentation loaded into context as needed

These reference files provide detailed guidance beyond this SKILL.md overview:

references/models-and-orm.md
(~11k words)
- Model field types and best practices
- Relationship configurations (ForeignKey, OneToOne, ManyToMany)
- Custom managers and QuerySet methods
- Migration patterns and common pitfalls
- Database-level constraints and indexes
references/views-and-urls.md
(~17k words)
- Function-based vs class-based view trade-offs
- CBV mixins and inheritance patterns
- URL routing and reverse resolution
- Middleware implementation
- Request/response lifecycle
references/drf-guidelines.md
(~18k words)
- Serializer patterns (ModelSerializer, nested serializers)
- ViewSet and router configurations
- Pagination, filtering, and search
- Authentication and permission classes
- API versioning strategies
- Performance optimization for APIs
references/testing-strategies.md
(~18k words)
- Test organization and structure
- Factory patterns vs fixtures
- Testing views, models, and serializers
- Mocking external services
- Test database optimization
- CI/CD integration
references/security-checklist.md
(~12k words)
- CSRF protection implementation
- XSS prevention techniques
- SQL injection defense
- Authentication best practices
- Permission and authorization patterns
- Secure settings configuration
references/performance-optimization.md
(~14k words)
- Query optimization (select_related, prefetch_related, only, defer)
- Database indexing strategies
- Caching layers (Redis, Memcached, database cache)
- Database connection pooling
- Profiling and monitoring tools
- Async views and background tasks
references/production-deployment.md
(~20k words)
- Critical settings (DEBUG, SECRET_KEY, ALLOWED_HOSTS)
- Database configuration and connection pooling
- HTTPS/SSL configuration and security headers
- Static and media file serving
- Caching with Redis/Memcached
- Email configuration for production
- Error monitoring with Sentry
- Logging and health checks
- Zero-downtime deployment strategies
references/examples.md
- Practical implementation examples
- Model design with custom managers
- N+1 query optimization
- DRF API endpoint implementation
- Writing Django tests

references/ - 根据需要加载到上下文中的全面Django文档

这些参考文件提供了超出本SKILL.md概述的详细指导：

references/models-and-orm.md
（约11000字）
- 模型字段类型与最佳实践
- 关系配置（ForeignKey、OneToOne、ManyToMany）
- 自定义管理器与QuerySet方法
- 迁移模式与常见陷阱
- 数据库级约束与索引
references/views-and-urls.md
（约17000字）
- 函数视图与类视图的权衡
- CBV混合类与继承模式
- URL路由与反向解析
- 中间件实现
- 请求/响应生命周期
references/drf-guidelines.md
（约18000字）
- 序列化器模式（ModelSerializer、嵌套序列化器）
- 视图集与路由配置
- 分页、过滤与搜索
- 身份验证与权限类
- API版本控制策略
- API性能优化
references/testing-strategies.md
（约18000字）
- 测试组织与结构
- 工厂模式vs测试数据
- 视图、模型与序列化器测试
- 模拟外部服务
- 测试数据库优化
- CI/CD集成
references/security-checklist.md
（约12000字）
- CSRF防护实现
- XSS预防技术
- SQL注入防御
- 身份验证最佳实践
- 权限与授权模式
- 安全配置
references/performance-optimization.md
（约14000字）
- 查询优化（select_related、prefetch_related、only、defer）
- 数据库索引策略
- 缓存层（Redis、Memcached、数据库缓存）
- 数据库连接池
- 性能分析与监控工具
- 异步视图与后台任务
references/production-deployment.md
（约20000字）
- 关键配置（DEBUG、SECRET_KEY、ALLOWED_HOSTS）
- 数据库配置与连接池
- HTTPS/SSL配置与安全头
- 静态与媒体文件服务
- Redis/Memcached缓存配置
- 生产环境邮件配置
- Sentry错误监控
- 日志与健康检查
- 零停机部署策略
references/examples.md
- 实际实现示例
- 带自定义管理器的模型设计
- N+1查询优化
- DRF API端点实现
- 编写Django测试

Additional Notes

补充说明

Django Version Compatibility:

Consider LTS releases (4.2, 5.2) for production
Check deprecation warnings when upgrading
Use
```
django-upgrade
```
tool for automated migration

Common Pitfalls to Avoid:

Circular imports (use lazy references)
Missing
```
related_name
```
on relationships
Forgetting database indexes on frequently queried fields
Using
```
get()
```
without exception handling
N+1 queries in templates and serializers

Django版本兼容性：

生产环境优先考虑LTS版本（4.2、5.2）
升级时检查弃用警告
使用
```
django-upgrade
```
工具进行自动化迁移

需避免的常见陷阱：

循环导入（使用延迟引用）
关系中缺少
```
related_name
```
忘记为频繁查询的字段添加数据库索引
使用
```
get()
```
时未处理异常
模板与序列化器中的N+1查询