The document discusses Websauna, a web development framework that integrates design patterns for maintainability, security, and extensibility, primarily targeting Python developers. It highlights its user-friendly design goals, including easy setup, straightforward documentation, and built-in security features, while also providing examples of its functionalities like social login and automatic content generation. Additionally, it mentions the active Websauna community and resources available for users.

1. websauna.org
Mikko Ohtamaa, Massachusetts Institution of Technology, 2016
@websauna9000

2. About myself
Web 1995
Python 2003
Plone 2004
CTO in few startups
@moo9000

3. Zope, Plone and Pyramid
community has come up with
some of the most productive
web development design
patterns.

4. Maintainability
Security
Extensibility
Lines of code ➡

5. Pyramid is for a
computer scientist -
"framework of
frameworks".
The patterns are not
accessible to wide
audience.
Session?
Migration?
CSS?
Form?
Sign up?Login?
Caching?
Theming?

6. Learnability ➡
Approachability ➡
Simplicity ➡
Marketing ➡

7. MAKE WEB DEVELOPMENT
GREAT AGAIN

8. FROM SAUNA WITH LOVE

9. Public sites: https://tokenmarket.net
First Websauna deployed in production May 2015,
Active community: https://gitter.im/websauna/websauna
Hugely popular in Twitter: https://twitter.com/websaunaa9000

10. C
rafta
fishing
rod
Lobster on
a
plate

11. Design goals
Easy to approach ➙ useful out of the box, popular components
Easy to understand ➙ documentation with type hinting
Simplicity ➙ standard package layout and workflow
Secure ➙ ACID, login, throttling, OWASP TOP 10
Create ecosystems ➙ Standard package layout, add-on architecture

12. Like Django without
too much Django in it

13. Integrated Websauna value
Standard package layout
Documentation
Sign up / sign in
Social auth
Admin
Layout

15. Core
Config files
HTTP 404, 403, 500
Session
View configuration
Traversal
Template engine
filters, variables

16. Admin
Automatic generation
for SQLAlchemy
models
Show, add, edit,
delete
Permissioned
Users and groups
Traversal -
breadcrumbs

17. Sign up and
social login
Single click sign up
Facebook, Google, Twitter
Passwordless magic link
Old school email +
password

18. Branding
Bootstrap 3 theming
Drop in CSS to scaffold
Configurable branding variables
Site name, logo, slogan, footer

19. Forms
Colander and Deform
CRUD
Automatic generation
from SQLAlchemy
models
Throttling
CSRF

20. Tasking
Celery 4.0
Delayed tasks
E.g. send SMS after
successful commit
Scheduled tasks
E.g. sync data from third
party service every 4 hours
HTTP request imitation

21. Email
HTML templated email
CSS styling
Base HTML template

22. Static media
Cache busting
Asset preprocess step
Generate MD5 stamped
static media copies
Forever stable URLs for CDN

23. Security
Passwordless
OWASP TOP-10
SQL injection protection
XSS injection proteciton
Race condition protection
Optimistic concurrency control
Secure deployment

24. Configuration
Includable INI files
Separate secrets file

25. Documentation
Type hinting
Sphinx
Automatic
Template reference
Template var reference
Template filter reference
Playbook variables

26. Deployment
Default playbook
Ubuntu 14.04
SSH
PostgreSQL
Redis
Nginx
uWSGI

27. See you in the sauna
@websauna9000
websauna.org
gitter.im/websauna/websauna
(also IRC)