django-ddp 0.8.0

Django/PostgreSQL implementation of the Meteor DDP service.

Django/PostgreSQL implementation of the Meteor DDP service, allowing Meteor to subscribe to changes on Django models. Released under the MIT license.

Requirements

The core concept is that events are dispatched asynchronously to browsers using WebSockets and server-side using a PostgreSQL extension to the SQL syntax called NOTIFY (and its bretheren, LISTEN and UNLISTEN). You must be using PostgreSQL with psycopg2 in your Django project for django-ddp to work. There is no requirement on any asynchronous framework such as Reddis or crossbar.io as they are simply not needed given the asynchronous support provided by PostgreSQL with psycopg2. As an added bonus, events dispatched using NOTIFY in a transaction are only emitted if the transaction is successfully committed.

Scalability

All database queries to support DDP events are done once by the server instance that has made changes via the Django ORM. Django DDP multiplexes messages for active subscriptions, broadcasting an aggregated change message on channels specific to each Django model that has been published.

Peer servers subscribe to aggregate broadcast events which are de-multiplexed and dispatched to individual client connections. No additional database queries are required for de-multiplexing or dispatch by peer servers.

Limitations

The current release series only supports DDP via WebSockets. Future development may resolve this by using SockJS, to support browsers that don’t have WebSockets.

Changes must be made via the Django ORM as django-ddp uses Django signals to receive model save/update signals.

Installation

Install the latest release from pypi (recommended):

pip install django-ddp

Clone and use development version direct from GitHub (to test pre-release code):

pip install -e git+https://github.com/commoncode/django-ddp@develop#egg=django-ddp

Example usage

Add ‘dddp’ to your settings.INSTALLED_APPS:

# settings.py
...
INSTALLED_APPS = list(INSTALLED_APPS) + ['dddp']

If you’d like support for the Meteor Accounts package (ie: login/logout with django.contrib.auth) consult the section on authentication below and use the following line instead:

# settings.py … INSTALLED_APPS = list(INSTALLED_APPS) + [‘dddp’, ‘dddp.accounts’]

Add ddp.py to your Django application:

# bookstore/ddp.py

from dddp.api import API, Collection, Publication
from bookstore import models

class Book(Collection):
    model = models.Book


class Author(Collection):
    model = models.Author


class AllBooks(Publication):
    queries = [
        models.Author.objects.all(),
        models.Book.objects.all(),
    ]


class BooksByAuthorEmail(Publication):
    def get_queries(self, author_email):
        return [
            models.Author.objects.filter(
                email=author_email,
            ),
            models.Book.objects.filter(
                author__email=author_email,
            ),
        ]


API.register(
    [Book, Author, AllBooks, BooksByAuthorEmail]
)

Connect your Meteor application to the Django DDP service:

// bookstore.js
if (Meteor.isClient) {
    // Connect to Django DDP service
    Django = DDP.connect('http://'+window.location.hostname+':8000/');
    // Create local collections for Django models received via DDP
    Authors = new Mongo.Collection("bookstore.author", {connection: Django});
    Books = new Mongo.Collection("bookstore.book", {connection: Django});
    // Subscribe to all books by Janet Evanovich
    Django.subscribe('BooksByAuthorEmail', 'janet@evanovich.com');
}

Start the Django DDP service:

DJANGO_SETTINGS_MODULE=myproject.settings dddp

In a separate terminal, start Meteor (from within your meteor application directory):

meteor

Adding API endpoints (server method definitions)

API endpoints can be added by calling register method of the dddp.api.API object from the ddp.py module of your Django app, on a subclass of dddp.api.APIMixin - both dddp.api.Collection and dddp.api.Publication are suitable, or you may define your own subclass of dddp.api.APIMixin. A good example of this can be seen in dddp/accounts/ddp.py in the source of django-ddp.

Authentication

Authentication is provided using the standard meteor accounts system, along with the accounts-secure package which turns off Meteor’s password hashing in favour of using TLS (HTTPS + WebSockets). This ensures strong protection for all data over the wire. Correctly using TLS/SSL also protects your site against man-in-the-middle and replay attacks - Meteor is vulnerable to both of these without using encryption.

Add dddp.accounts to your settings.INSTALLED_APPS as described in the example usage section above, then add tysonclugg:accounts-secure to your Meteor application (from within your meteor application directory):

meteor add tysonclugg:accounts-secure

Then follow the normal procedure to add login/logout views to your Meteor application.

Contributors

Tyson Clugg

• Author, conceptual design.

MEERQAT

• Project sponsor - many thanks for allowing this to be released under an open source license!

David Burles

• Expert guidance on how DDP works in Meteor.

Brenton Cleeland

• Great conversations around how collections and publications can limit visibility of published documents to specific users.

Muhammed Thanish

• Making the DDP Test Suite available.