oscarychen

CREATE EXTENSION ltree;

CREATE TABLE test (path ltree);


--                         Top
--                      /   |  \
--              Science Hobbies Collections
--                  /       |              \
--         Astronomy   Amateurs_Astronomy Pictures

oscarychen

Go commands

go mod init: start new module, this will put a "go.mod" file in the current directory

go get <package>: install dependency

go run <module_name>: Run

go build <module_name>: compile executable

Language basics

oscarychen

Cargo commands

cargo new <project_name>: start new project

cargo run: compile and run project

cargo build: build executable

Language basics

Primitive types

bool: boolean

oscarychen

Exception Handling in Django REST Framework

In Django REST Framework views (this includes anything that might be called from a view), anytime when an exception occurs it will get handled by the framework.

• If the Exception is DRF APIException, or Django PermissionDenied, the View will return the appropriate HTTP response with a HTTP status code and detail about the error.
• If the Exception is other types of Django or Python Exceptions, HTTP 500 response will be returned.

To provide more customized error response with the appropriate status code, you will want to raise a subclass of APIException:

from rest_framework.exceptions import ValidationError

oscarychen

Content Security Policy (CSP)

CSP limits our site from making requests to other sites, controls what resources the page is allowed to load. It limits the damage even if malicious code is running in a user's browser within our site's context.

Common examples

• Content-Security-Policy: default-src ‘self’ Prevents loading resources from other domains. Prevents inline scripts, such as <script>alert('hello')</script>.

• Content-Security-Policy: default-src ‘self’ *.trusted.com

oscarychen

Cross-site scripting (XSS)

What is XSS?

• Unexpected JavaScript code running in an HTML document
• Unexpected code in SQL query
• Any code that combines a command with user data is susceptible

Attacker may:

oscarychen

Cross Site Request Forgery (CSRF)

Session Hijacking

Cookie sent over unencrypted HTTP connection

Mitigation

Use Secure attribute on cookie to prevent it from being sent over unencrypted connection: Set-Cookie: key=value; Secure

oscarychen

Cookies and Same Origin Policy

Origin

_Origin_ is defined as the protocol-host-port tuple

Same Origin Policy

Ensures host document can only be accessed by JavaScript execution context from the same origin.

oscarychen

Working with hierarchical / tree data structure in PostgresSQL and Django

There are two typical models for dealing with tree data structure in SQL databases: adjacency list model and nested set model. There are several packages for Django that implements these models such as django-mptt, django-tree-queries, and django-treebeard.

In this article, I want to explain a different approach I took in a project for storing hierachichal data, as well as search and retrieval of sub-trees. This approach is similar in principle to materialzed path, which django-treebeard package also provides an implementation. This article will show you how I achieved this without any of the specific packages, and using on

oscarychen

Django Custom Lookups

This article is based on my Stackoverflow answer - Django query lookup 'startswith' on table fields.

Let's say you have a table of partial postal codes:

| codes  |
----------
| A1A |