File uploads require careful validation for security. I validate file size using a custom validator and check content type. Using FileField or ImageField, Django handles storage automatically. I configure MEDIA_ROOT and MEDIA_URL for development. For

Nested routers create hierarchical URL structures for related resources. I use drf-nested-routers to define parent-child relationships in URLs like /posts/1/comments/. This makes APIs more RESTful and intuitive. I filter child resources by parent ID i

A command palette feels like a SPA feature, but you can do it Hotwire-first: place a turbo_frame_tag 'modal' in the layout and load the palette HTML into it. A small Stimulus controller listens for meta+k and navigates the modal frame to /palette. The

Return relations from query objects, not arrays. It keeps composition possible (additional filters, pagination, eager loading) and avoids loading huge result sets accidentally.

Bcrypt is fine, but Argon2 is the modern default with better resistance to GPU attacks. I store the full hash string (it includes parameters + salt) and keep verification in one utility so the rest of the app doesn’t grow its own auth helpers. The imp

Sometimes you just need ‘only one worker does this thing at a time’, and building distributed locks from scratch is risky. Postgres advisory locks are a pragmatic option when your DB is already the source of truth. I derive a deterministic lock key (l

After a POST, Turbo behaves best when you redirect with 303 See Other (Rails symbol :see_other). This avoids the browser trying to re-submit the POST when the user refreshes, and it plays nicely with Turbo Drive’s navigation semantics. I use it especi

Deploying Django to production requires many configuration changes. I set DEBUG=False and configure ALLOWED_HOSTS. Security settings include SECURE_SSL_REDIRECT, SESSION_COOKIE_SECURE, CSRF_COOKIE_SECURE. I use environment variables for secrets. Stati

Database routers direct queries to specific databases. I implement db_for_read(), db_for_write(), allow_relation(), and allow_migrate() methods. This enables read replicas, sharding by model, or separating analytics data. The router checks model label

Enqueueing jobs inside a transaction can create “ghost jobs” when the transaction rolls back. Use after_commit or after_create_commit to enqueue work only after the DB commit succeeds.

Callback chains become spooky action at a distance. A simple in-app event bus keeps side effects explicit and testable. This isn’t about Kafka—it’s about clarity and seams.

The N+1 query problem is Django's most common performance trap. I use select_related for foreign key and one-to-one relationships (performs SQL JOIN), and prefetch_related for many-to-many and reverse foreign keys (separate queries with Python join).