- Decoupling of the frontend and backend
- Scalability: We can later replace the frontend (e.g., switch from vanilla JS to React) without touching the backend.
- Cross-Platform: APIs can be consumed by multiple clients (web apps, mobile apps, etc.).
- Faster and simpler development
- Easier deployment
- No version management of APIs
- Simpler testing
- Django / Flask are build really for this architecture
Choosing Django because it is really made for building this kind of application. And since no frontend framework is required, we do not need a client server architecture.
Django has built-in support for DTL and it is suited for our simple use case.
Using SQLite is simpler and straightforward because there of built-in support in Python. We can later (if needed) switch to PostgreSQL easily with a few lines of code change. pgloader can help in those migrations. We can even use SQLite for development and PostgreSQL for production.
- Provides immediate feedback to users
- Reduces server load
- Improves user experience
- BUT can be bypassed by disabling JavaScript or using tools like Postman
- Provides actual security
- Cannot be bypassed
- Ensures data integrity
- Is the last line of defense
- Password strength checking
- Throttling of login attempts
- Authentication against third-parties (OAuth, for example)
- Object-level permissions
https://www.youtube.com/watch?v=8ZtInClXe1Q Computerphile(Tom Scoot) -> a Video warning developers about saving passwords
Challenge: Managing users, profiles, and connections Solution:
- Used Django's built-in authentication.
- Implemented custom user model with additional fields.
Challenge: Storing variable skills and interests Solution:
- Used JSON fields for flexibility
- Implemented custom form handling
- Added data validation for JSON fields
Challenge: Managing mentor-mentee relationships Solution:
- Created a Connection model with status tracking
- Implemented state machine for connection status
- Added validation for preventing duplicate connections
Challenge: Responsive profile filtering without page reload Solution:
- Implemented client-side filtering with JavaScript
- Used data attributes for efficient DOM querying
- Added debouncing for performance optimization