Using a slug in Django

 

Generating slugs automatically in Django without packages - Two easy and solid approaches

Slugs in Django
Image: Slugs in Django (License: CC-BY-SA Marcelo Canina)

Slug generation management

Overview

One important task when developing a Django website is to have pretty URLs, i.e.: human readable and SEO friendly URLs.

A site's URL structure should be as simple as possible. Consider organizing your content so that URLs are constructed logically and in a manner that is most intelligible to humans (when possible, readable words rather than long ID numbers)

Options

We will explore two approaches to have clean URLs, from having the typical Django’s URLs with the object/pk scheme, like /article/12345 to have one of these:

  1. pk and slugs: object/pk-slug like /article/12345-my-example-title where we add the object’s slug after the primary key.

  2. unique slug: generate a unique slugs without showing the primary key like /article/my-example-title

A slug is a short label for something, containing only letters, numbers, underscores or hyphens. They’re generally used in URLs..

Example app

The following app consisting of an Article model with a title will help to show how to use the pk-slug URL.

Example blog/views.py:

from django.views.generic.detail import DetailView

from blog.models import Article

class ArticleDetailView(DetailView):

    model = Article

Example blog/models.py:

from django.db import models

class Article(models.Model):
    title = models.CharField(max_length=100)

Example djangoslugs/urls.py:

from django.urls import path

from blog.views import ArticleDetailView

urlpatterns = [
   path('blog/<int:pk>/', ArticleDetailView.as_view(), name='article-detail'),
]

Demo and Repo

A working demo is available at https://django-slugs-example-app.herokuapp.com/ that shows how both approaches work.

And its repo at: https://github.com/marcanuy/django-slugs-example-app using the above scheme.

First approach: PK and Slug

Pros

This approach increases Web Application security by avoiding an authorization attack: Insecure Direct Object References (IDOR)

Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources in the system directly, for example database records or files.

This can be prevented by using both, an object primary key and the slug, as the Simple Object Mixin query_pk_and_slug docs states:

When applications allow access to individual objects by a sequential primary key, an attacker could brute-force guess all URLs; thereby obtaining a list of all objects in the application.

If users with access to individual objects should be prevented from obtaining this list, setting query_pk_and_slug to True will help prevent the guessing of URLs as each URL will require two correct, non-sequential arguments. Simply using a unique slug may serve the same purpose, but this scheme allows you to have non-unique slugs.

Note

Many apps dedicated to manage slugs comes with a max_length restriction for its size and they truncate the string according to that value.

We are gonna use the same length as the slugified field.

1. Use SlugField

There is a special model Field type in Django for slugs: SlugField.

Create a field named slug with type: SlugField.

in blog/models.py:

from django.conf import settings
from django.db import models
from django.urls import reverse
from django.utils.text import slugify

class ArticlePkAndSlug(models.Model):
    title = models.CharField(
        max_length=settings.BLOG_TITLE_MAX_LENGTH
    )
    slug = models.SlugField(
        default='',
        editable=False,
        max_length=settings.BLOG_TITLE_MAX_LENGTH,
    )

    def get_absolute_url(self):
        kwargs = {
            'pk': self.id,
            'slug': self.slug
        }
        return reverse('article-pk-slug-detail', kwargs=kwargs)

    def save(self, *args, **kwargs):
        value = self.title
        self.slug = slugify(value, allow_unicode=True)
        super().save(*args, **kwargs)

URLs in djangoslugs/urls.py:

    ...
    path('blog/<int:pk>-<str:slug>/', ArticleDetailView.as_view() , name='article-detail')

And in the view: blog/views.py

class Article(DetailView):
    model = Article
    query_pk_and_slug = True

Before saving the instance, we convert the title to a slug with the slugify Django command, that basically replaces spaces by hyphens.

As SlugField inherits from CharField, it comes with the attribute max_length which handles the maximum length of the string it contains at database level.

If we use a SlugField without specifying its max_length attribute, it gets the value of 50 by default, which can lead to problems when we generate the string from a bigger max_length field.

So the trick is to make them both use the same length.

Second approach: unique slugs

In this case title and slug don’t need to have the same max_length, but this brings two issues when generating the slug:

  1. Truncate the slug to respect max_length
  2. Control the slug uniqueness by adding a suffix if another slug with the same string exists1
  3. Avoid generating a new slug if it already has one when saving an existing instance

1. Truncate the slug

Before generating the slug, get the max_length value max_length = self._meta.get_field('slug').max_length and truncate at that position slug = slugify(self.title)[:max_length].

2. Ensure uniqueness

For each slug candidate we make sure it is unique by testing against the database until we have a non existing one.

import itertools

...

slug_candidate = slug_original = slugify(self.title)

for i in itertools.count(1):
	if not Article.objects.filter(slug=slug_candidate).exists():
		break
	slug_candidate = '{}-{}'.format(slug_original, i)

3. Avoid regenerating slug

To avoid generating the slug each time you save an existing model, detect if it is an update of the model on each call of model’s save() method.

def _generate_slug(self):
	...

def save(self, *args, **kwargs):
	if not self.pk:
		self._generate_slug()

	super().save(*args, **kwargs)

All together

In save method:

import itertools
...

class ArticleUniqueSlug(Article):

    def _generate_slug(self):
        max_length = self._meta.get_field('slug').max_length
        value = self.title
        slug_candidate = slug_original = slugify(value, allow_unicode=True)
        for i in itertools.count(1):
            if not ArticleUniqueSlug.objects.filter(slug=slug_candidate).exists():
                break
            slug_candidate = '{}-{}'.format(slug_original, i)

        self.slug = slug_candidate

    def save(self, *args, **kwargs):
        if not self.pk:
            self._generate_slug()

        super().save(*args, **kwargs)

In view blog/views.py:

class Article(DetailView):
    model = ArticlePkAndSlug
    query_pk_and_slug = False

Looking like:

infolinks script]

References

  1. Slug Uniqueness Code based in https://keyerror.com/blog/automatically-generating-unique-slugs-in-django . ↩︎

Comments

Post a Comment

Popular posts from this blog

Everything you need to know when developing an on demand service app

Image
On Demand Services App Remember Richie Rich, the animated show that we used to watch? It had an Robot maid named Irona. We all wished we had someone like her who could complete all our household chores in seconds. Well, that dream still seems to be far from us for at least a century; however, there is a substitute to it which is as effective as Irona.  on-demand apps  for Home Services is that substitute. We all know how on-demand apps have disrupted majority of traditional industries. From the way we travel, eat, shop, and even date, all has undergone a tremendous change. So, why not our household chores and errands? After all we all need an Irona in our lives who can complete our household chores and run our errands in a jiffy. Before we understand the nitty gritty of  on-demand home services apps , let us start from the basic at what exact services that it provides. As the name suggests it serves as a platform where you can hire professionals for all your household ch
Read more

Documentation is Very vital before you develop any system or app

Image
Technical documentation in software engineering is the umbrella term that encompasses all written documents and materials dealing with software product development. All software development products, whether created by a small team or a large corporation, require some related documentation. And different types of documents are created through the whole  software development lifecycle  (SDLC). Documentation exists to explain product functionality, unify project-related information, and allow for discussing all significant questions arising between stakeholders and developers. Project documentation by stages and purpose On top of that, documentation errors can set gaps between the visions of stakeholders and engineers and, as a result, a proposed solution won’t meet stakeholders expectations. Consequently, managers should pay a lot of attention to documentation quality. Agile and waterfall approaches The documentation types that the team produces and its scope depending on the s
Read more

How to use Django Bootstrap Modal Forms

Image
Installation Install  django-bootstrap-modal-forms : $ pip install django-bootstrap-modal-forms Add  bootstrap_modal_forms  to your INSTALLED_APPS in settings.py: INSTALLED_APPS = [ ... 'bootstrap_modal_forms', ... ] Include Bootstrap, jQuery and  jquery.bootstrap.modal.forms.js  on every page where you would like to set up the AJAX driven Django forms in Bootstrap modal. IMPORTANT: Adjust Bootstrap and jQuery file paths to match yours, but include  jquery.bootstrap.modal.forms.js  exactly as in code bellow. < head > < link rel = " stylesheet " href = " {% static 'assets/css/bootstrap.css' %} " > </ head > < body > < script src = " {% static 'assets/js/bootstrap.js' %} " ></ script > < script src = " {% static 'assets/js/jquery.js' %} " ></ script > < script src = " {% static 'js/jquery.bootstrap.mo
Read more