| Name | django-bolt JSON |
| Version |
0.2.0
JSON |
| download |
| home_page | None |
| Summary | High-performance API framework for Django with Rust-powered endpoints delivering 60k+ RPS |
| upload_time | 2025-10-22 19:38:30 |
| maintainer | None |
| docs_url | None |
| author | None |
| requires_python | >=3.10 |
| license | MIT |
| keywords |
django
api
rust
performance
actix
pyo3
async
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
<div align="center">
<img src="docs/logo.png" alt="Django-Bolt Logo" width="400"/>
[](mailto:farhanalirazaazeemi@gmail.com)
</div>
# High-Performance Fully Typed API Framework for Django
Your first question might be: why? Well, consider this: **Faster than _FastAPI_, but with Django ORM, Django Admin, and Django packages**. Thatβs exactly what this project achieves. Django-Bolt is a high-performance API framework for Django, providing Rust-powered API endpoints capable of 60k+ RPS. Similar to Django REST Framework or Django Ninja, it integrates seamlessly with existing Django projects while leveraging Actix Web for HTTP handling, PyO3 to bridge Python async handlers with Rust's async runtime, and msgspec for fast serialization. You can deploy it directlyβno gunicorn or uvicorn needed.
## π Quick Start
### Installation π
```bash
pip install django-bolt
```
**π Full Documentation:** (Coming Soon).
### Run Your First API
```python
# myproject/api.py
from django_bolt import BoltAPI
from django.contrib.auth.models import User
import msgspec
api = BoltAPI()
class UserSchema(msgspec.Struct):
id: str
username: str
@api.get("/users/{user_id}")
async def get_user(user_id: int) -> UserSchema: # π Reponse is type validated
user = await User.objects.aget(id=user_id) # π€― Yes and Django orm works without any setup
return {"id": user.id, "username": user.username} # or you could just return the queryset
```
```bash
# Start the server
python manage.py runbolt --dev # for development with reload enabled
[django-bolt] OpenAPI docs enabled at /docs
[django-bolt] Django admin enabled at http://0.0.0.0:8000/admin/ #django admin
[django-bolt] Static files serving enabled
[django-bolt] Found 94 routes
[django-bolt] Registered middleware for 83 handlers
[django-bolt] Starting server on http://0.0.0.0:8000
[django-bolt] Workers: 1, Processes: 1
[django-bolt] OpenAPI docs enabled at http://0.0.0.0:8000/docs/ #swagger docs builtin
# processes are python processes that handle request 1 actix worker
```
---
**Key Features:**
- π **High Performance** - Rust-powered HTTP server (Actix Web + Tokio + PyO3)
- π **Authentication in Rust** - JWT/API Key/Session validation without Python GIL
- π¦ **msgspec Serialization** - 5-10x faster than standard JSON
- π― **Django Integration** - Use your existing Django models and other django features you love (django admin, django packages)
- π **Async/Await** - Full async support with Python coroutines
- ποΈ **Middleware System** - CORS, rate limiting, compression (gzip/brotli/zstd)
- π **Guards & Permissions** - DRF and Litestar inspired route protection
- π **OpenAPI Support** - 7 render plugins (Swagger, ReDoc, Scalar, RapidDoc, Stoplight, JSON, YAML)
- π‘ **Streaming Responses** - SSE, long-polling, async generators
- π¨ **Class-Based Views** - ViewSet and ModelViewSet with DRF-style conventions
## π Performance Benchmarks
> **β οΈ Disclaimer:** Django-Bolt is a **feature-incomplete framework** currently in development. Benchmarks were run on a Ryzen 5600G with 16GB RAM (8 processes Γ 1 worker, C=100 N=10000) on localhost. Performance will vary significantly based on hardware, OS, configuration, and workload.
>
> **π Resources:** Example project available at [python/example/](python/example/). Run benchmarks with `make save-bench` or see [scripts/benchmark.sh](scripts/benchmark.sh).
| Endpoint Type | Requests/sec |
| -------------------------- | --------------- |
| Root endpoint | **~85,000 RPS** |
| JSON parsing/validation | **~80,000 RPS** |
| Path + Query params | **~83,500 RPS** |
| HTML/Redirect responses | **~86,000 RPS** |
| Form data handling | **~68,000 RPS** |
| ORM reads (SQLite, 10 rec) | **~15,000 RPS** |
**Why so fast?**
- HTTP Parsing and Reponse is handled Actix-rs framework(One of the fastest in the world)
- Request routing uses matchit (zero-copy path matching)
- JSON serialization with msgspec
---
## β
What's Complete
### Core Framework β
- β
**Rust HTTP Server** - Actix Web with tokio async runtime
- β
**Fast Routing** - matchit-based routing with path parameters (`/items/{id}`)
- β
**Async Handlers** - Full async/await support (enforced async handlers)
- β
**Request/Response** - msgspec-based validation and serialization
- β
**Multiple Response Types**:
- `JSON` - msgspec-serialized JSON responses
- `PlainText` - Plain text responses
- `HTML` - HTML responses
- `Redirect` - HTTP redirects
- `File` - File downloads (in-memory)
- `FileResponse` - Streaming file responses (handled in Rust)
- `StreamingResponse` - Async streaming for large payloads
- β
**Parameter Injection**:
- Path parameters (`/items/{id}`)
- Query parameters (`?page=1&limit=10`)
- Headers (`Annotated[str, Header("x-api-key")]`)
- Cookies (`Annotated[str, Cookie("session")]`)
- Form data (`Annotated[str, Form("username")]`)
- File uploads (`Annotated[bytes, File("upload")]`)
- Request body (msgspec.Struct)
- β
**Dependency Injection** - `Depends()` system for reusable dependencies
- β
**Django ORM Integration** - Full access to Django models (async methods)
- β
**Multi-Process Scaling** - SO_REUSEPORT for horizontal scaling
- β
**Auto-Discovery** - Finds `api.py` in project root and all installed apps
### Middleware System β
- β
**Global Middleware** - Apply to all routes via `BoltAPI(middleware=[...])`
- β
**Per-Route Middleware** - `@middleware`, `@rate_limit`, `@cors` decorators
- β
**CORS Middleware** - Full CORS support with preflight
- β
**Rate Limiting** - Token bucket algorithm (in Rust, no GIL)
- β
**Compression** - Automatic gzip/brotli/zstd compression (client-negotiated)
- β
**Skip Middleware** - `@skip_middleware("cors", "rate_limit", "compression")`
- β
**Middleware Config** - Dictionary-based configuration
### Authentication & Authorization β
- β
**JWT Authentication** - **Complete** (runs in Rust without GIL)
- Algorithms: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512
- Token validation in Rust (zero Python overhead)
- Expiration validation (`exp`) and not-before (`nbf`) checks
- Custom claims support with audience/issuer validation
- Django User integration helpers
- Token revocation support (optional: `InMemoryRevocation`, `DjangoCacheRevocation`, `DjangoORMRevocation`)
- β
**API Key Authentication** - **Complete** (runs in Rust without GIL)
- Header-based API keys (Bearer or ApiKey prefix)
- Per-key permissions
- Constant-time comparison (timing attack prevention)
- Fast validation in Rust
- β
**Session Authentication** - **Complete** (Django session integration)
- Django session backend integration
- Automatic user lookup from session
- Compatible with Django's session middleware
- Supports both cookie-based and custom session stores
- β
**Permission Guards** (all run in Rust):
- `AllowAny()` - Public access
- `IsAuthenticated()` - Requires valid auth
- `IsAdminUser()` - Requires admin/superuser
- `IsStaff()` - Requires staff status
- `HasPermission("perm")` - Single permission check
- `HasAnyPermission("p1", "p2")` - OR logic
- `HasAllPermissions("p1", "p2")` - AND logic
- β
**Auth Context** - Request-level auth context with user info, permissions, and backend details
- β
**Token Utilities**:
- `create_jwt_for_user(user, exp_hours=24)` - Generate JWT for Django User
- Custom claims and permissions support
**π See [docs/SECURITY.md](docs/SECURITY.md) for complete authentication documentation.**
### Developer Tools β
- β
**CLI** - `python -m django_bolt init` for project setup
- β
**Management Command** - `python manage.py runbolt` with auto-discovery
- β
**Auto-Discovery** - Finds `api.py` in project root and all Django apps
- β
**OpenAPI/Swagger** - 7 render plugins: Swagger UI, ReDoc, Scalar, RapidDoc, Stoplight Elements, JSON, YAML
- β
**Error Messages** - Clear, structured error messages with Django DEBUG integration
- β
**Type Hints** - Full type hint support with msgspec
- β
**Dependency Injection** - `Depends()` marker with per-request caching
**π See [docs/README.md](docs/README.md) for complete documentation index.**
---
### Request Flow
```
HTTP Request β Actix Web (Rust)
β
Route Matching (matchit)
β
Middleware Pipeline (Rust - no GIL)
- CORS
- Rate Limiting
β
Authentication (Rust - no GIL)
- JWT validation (HS256/384/512, RS256/384/512, ES256/384)
- API Key validation (constant-time comparison)
- Session validation (Django session integration)
β
Guards/Permissions (Rust - no GIL)
- IsAuthenticated
- IsAdminUser
- HasPermission
β
Python Handler (PyO3 bridge)
β
Parameter Extraction & Validation (msgspec)
β
Handler Execution (async Python)
- Django ORM access
- Business logic
β
Response Serialization (msgspec)
β
HTTP Response
```
---
## π Documentation (Coming Soon)
- **[Getting Started Guide](docs/GETTING_STARTED.md)** - Complete tutorial from installation to first API
- **[Security Guide](docs/SECURITY.md)** - Authentication, authorization, CORS, rate limiting
- **[Middleware Guide](docs/MIDDLEWARE.md)** - CORS, rate limiting, custom middleware
- **[Responses Guide](docs/RESPONSES.md)** - All response types and streaming
- **[Class-Based Views](docs/CLASS_BASED_VIEWS.md)** - ViewSet and ModelViewSet patterns
- **[OpenAPI Guide](docs/OPENAPI.md)** - Auto-generated API documentation
- **[Pagination Guide](docs/PAGINATION.md)** - PageNumber, LimitOffset, Cursor pagination
- **[Logging Guide](docs/LOGGING.md)** - Request/response logging and metrics
- **[Full Documentation Index](docs/README.md)** - Complete list of all documentation
---
## π Usage Examples
### Basic Routes
```python
from django_bolt import BoltAPI
import msgspec
from typing import Optional
api = BoltAPI()
# Simple GET
@api.get("/hello")
async def hello():
return {"message": "Hello, World!"}
# Path parameters
@api.get("/users/{user_id}")
async def get_user(user_id: int):
return {"user_id": user_id}
# Query parameters
@api.get("/search")
async def search(q: str, limit: int = 10):
return {"query": q, "limit": limit}
# Request body with validation
class CreateUserRequest(msgspec.Struct):
username: str
email: str
age: int
@api.post("/users", response_model=CreateUserRequest)
async def create_user(user: CreateUserRequest):
# Validated automatically
return user
```
### Authentication & Guards
```python
from django_bolt import BoltAPI
from django_bolt.auth import (
JWTAuthentication,
APIKeyAuthentication,
IsAuthenticated,
IsAdminUser,
HasPermission,
)
api = BoltAPI()
# JWT Authentication
@api.get(
"/protected",
auth=[JWTAuthentication()],
guards=[IsAuthenticated()]
)
async def protected_route(request):
auth = request.get("auth", {})
user_id = auth.get("user_id")
return {"message": f"Hello, user {user_id}"}
# API Key Authentication
@api.get(
"/api-data",
auth=[APIKeyAuthentication(api_keys={"key1", "key2"})],
guards=[IsAuthenticated()]
)
async def api_data(request):
return {"message": "API key authenticated"}
# Permission-based access
@api.post(
"/articles",
auth=[JWTAuthentication()],
guards=[HasPermission("articles.create")]
)
async def create_article(request):
return {"message": "Article created"}
# Create JWT token for Django user
from django_bolt.auth import create_jwt_for_user
from django.contrib.auth.models import User
@api.post("/login")
async def login(username: str, password: str):
user = await User.objects.aget(username=username)
# Verify password...
token = create_jwt_for_user(user, exp_hours=24)
return {"access_token": token, "token_type": "bearer"}
```
**π See [docs/SECURITY.md](docs/SECURITY.md) for complete authentication documentation.**
### Middleware
```python
from django_bolt import BoltAPI
from django_bolt.middleware import cors, rate_limit, skip_middleware
# Global middleware
api = BoltAPI(
middleware_config={
"cors": {
"origins": ["http://localhost:3000"],
"methods": ["GET", "POST", "PUT", "DELETE"],
"credentials": True,
}
}
)
# Per-route rate limiting (runs in Rust, no GIL)
@api.get("/limited")
@rate_limit(rps=100, burst=200, key="ip") # 100 req/s with burst of 200
async def limited_endpoint():
return {"message": "Rate limited"}
# Rate limiting by user ID
@api.get("/user-limited", auth=[JWTAuthentication()], guards=[IsAuthenticated()])
@rate_limit(rps=50, burst=100, key="user")
async def user_limited():
return {"message": "Per-user rate limiting"}
# Custom CORS for specific route
@api.get("/public")
@cors(origins=["https://example.com"], credentials=True, max_age=3600)
async def public_endpoint():
return {"message": "Public endpoint with CORS"}
# Skip global middleware
@api.get("/no-cors")
@skip_middleware("cors", "rate_limit")
async def no_cors():
return {"message": "Middleware skipped"}
```
**π See [docs/MIDDLEWARE.md](docs/MIDDLEWARE.md) for complete middleware documentation.**
### Django ORM Integration
```python
from django_bolt import BoltAPI
from django.contrib.auth.models import User
from myapp.models import Article
api = BoltAPI()
@api.get("/users/{user_id}")
async def get_user(user_id: int):
# Use Django's async ORM methods
user = await User.objects.aget(id=user_id)
return {
"id": user.id,
"username": user.username,
"email": user.email,
}
@api.get("/articles")
async def list_articles(limit: int = 10):
# Async query with select_related
articles = await Article.objects.select_related("author").all()[:limit]
return [
{
"id": a.id,
"title": a.title,
"author": a.author.username,
}
async for a in articles
]
```
### Response Types
```python
from django_bolt import BoltAPI
from django_bolt.responses import (
PlainText, HTML, Redirect, File, FileResponse, StreamingResponse
)
import asyncio
api = BoltAPI()
@api.get("/text")
async def text_response():
return PlainText("Hello, World!")
@api.get("/html")
async def html_response():
return HTML("<h1>Hello</h1>")
@api.get("/redirect")
async def redirect_response():
return Redirect("/new-location", status_code=302)
@api.get("/download-memory")
async def download_memory():
# In-memory file download
content = b"File contents here"
return File(content, filename="document.txt", media_type="text/plain")
@api.get("/download-disk")
async def download_disk():
# Streams file from disk (zero-copy in Rust)
return FileResponse("/path/to/file.pdf", filename="document.pdf")
@api.get("/stream-sse")
async def stream_sse():
# Server-Sent Events
async def generate():
for i in range(100):
yield f"data: {i}\n\n"
await asyncio.sleep(0.1)
return StreamingResponse(
generate(),
media_type="text/event-stream"
)
@api.get("/stream-json")
async def stream_json():
# Streaming JSON (sync generator)
def generate():
yield '{"items": ['
for i in range(1000):
yield f'{{"id": {i}}}'
if i < 999:
yield ','
yield ']}'
return StreamingResponse(generate(), media_type="application/json")
```
**π See [docs/RESPONSES.md](docs/RESPONSES.md) for complete response documentation.**
---
## π§ Development
### Setup
```bash
# Clone repository
git clone https://github.com/yourusername/django-bolt.git
cd django-bolt
# Install dependencies
pip install -r requirements-dev.txt
# Build Rust extension
make build # or: maturin develop --release
# Run tests
make test-py
```
### Commands
```bash
# Build
make build # Build Rust extension
make rebuild # Clean and rebuild
# Testing
make test-py # Run Python tests
# Benchmarking
make save-bench # Run and save results
# Server
```
---
## π€ Contributing
Contributions welcome! Here's how:
1. Fork the repository
2. Create a feature branch (`git checkout -b feature/amazing-feature`)
3. Make your changes
4. Run tests (`make test-py`)
5. Commit (`git commit -m 'Add amazing feature'`)
6. Push (`git push origin feature/amazing-feature`)
7. Open a Pull Request
### Areas That Need Help
- Testing utilities and test client
- WebSocket support
- OAuth2/OpenID Connect
- API versioning
- More examples and tutorials
---
## π Acknowledgments & Inspiration
Django-Bolt stands on the shoulders of giants. We're grateful to the following projects and communities that inspired our design and implementation:
### Core Inspirations
- **[Django REST Framework](https://github.com/encode/django-rest-framework)** - Our syntax, ViewSet patterns, and permission system are heavily inspired by DRF's elegant API design. The class-based views and guard system follow DRF's philosophy of making common patterns simple.
- **[FastAPI](https://github.com/tivy520/fastapi)** - We drew extensive inspiration from FastAPI's dependency injection system, parameter extraction patterns, and modern Python type hints usage. The codebase structure and async patterns heavily influenced our implementation.
- **[Litestar](https://github.com/litestar-org/litestar)** - Our OpenAPI plugin system is adapted from Litestar's excellent architecture. Many architectural decisions around middleware, guards, and route handling were inspired by Litestar's design philosophy.
- **[Robyn](https://github.com/sparckles/Robyn)** - Robyn's Rust-Python integration patterns and performance-first approach influenced our decision to use PyO3 and showed us the potential of Rust-powered Python web frameworks.
### Additional Credits
- **[Actix Web](https://github.com/actix/actix-web)** - The Rust HTTP framework that powers our performance
- **[PyO3](https://github.com/PyO3/pyo3)** - For making Rust-Python interop seamless
- **[msgspec](https://github.com/jcrist/msgspec)** - For blazing-fast serialization
- **[matchit](https://github.com/ibraheemdev/matchit)** - For zero-copy routing
Thank you to all the maintainers, contributors, and communities behind these projects. Django-Bolt wouldn't exist without your incredible work.
---
## π License
Django-Bolt is open source and available under the MIT License.
---
For questions, issues, or feature requests, please visit our [GitHub repository](https://github.com/FarhanAliRaza/django-bolt).
Raw data
{
"_id": null,
"home_page": null,
"name": "django-bolt",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.10",
"maintainer_email": null,
"keywords": "django, api, rust, performance, actix, pyo3, async",
"author": null,
"author_email": "Farhan <farhanalirazaazeemi@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/ea/5c/aef7d8ff2d8260f999cd6437c20fac57f20812df11529bea12e095fa98b3/django_bolt-0.2.0.tar.gz",
"platform": null,
"description": "<div align=\"center\">\n <img src=\"docs/logo.png\" alt=\"Django-Bolt Logo\" width=\"400\"/>\n\n[](mailto:farhanalirazaazeemi@gmail.com)\n\n</div>\n\n# High-Performance Fully Typed API Framework for Django\n\nYour first question might be: why? Well, consider this: **Faster than _FastAPI_, but with Django ORM, Django Admin, and Django packages**. That\u2019s exactly what this project achieves. Django-Bolt is a high-performance API framework for Django, providing Rust-powered API endpoints capable of 60k+ RPS. Similar to Django REST Framework or Django Ninja, it integrates seamlessly with existing Django projects while leveraging Actix Web for HTTP handling, PyO3 to bridge Python async handlers with Rust's async runtime, and msgspec for fast serialization. You can deploy it directly\u2014no gunicorn or uvicorn needed.\n\n## \ud83d\ude80 Quick Start\n\n### Installation \ud83c\udf89\n\n```bash\npip install django-bolt\n```\n\n**\ud83d\udcd6 Full Documentation:** (Coming Soon).\n\n### Run Your First API\n\n```python\n# myproject/api.py\nfrom django_bolt import BoltAPI\nfrom django.contrib.auth.models import User\nimport msgspec\n\napi = BoltAPI()\n\nclass UserSchema(msgspec.Struct):\n id: str\n username: str\n\n\n@api.get(\"/users/{user_id}\")\nasync def get_user(user_id: int) -> UserSchema: # \ud83c\udf89 Reponse is type validated\n user = await User.objects.aget(id=user_id) # \ud83e\udd2f Yes and Django orm works without any setup\n return {\"id\": user.id, \"username\": user.username} # or you could just return the queryset\n\n```\n\n```bash\n# Start the server\npython manage.py runbolt --dev # for development with reload enabled\n[django-bolt] OpenAPI docs enabled at /docs\n[django-bolt] Django admin enabled at http://0.0.0.0:8000/admin/ #django admin\n[django-bolt] Static files serving enabled\n[django-bolt] Found 94 routes\n[django-bolt] Registered middleware for 83 handlers\n[django-bolt] Starting server on http://0.0.0.0:8000\n[django-bolt] Workers: 1, Processes: 1\n[django-bolt] OpenAPI docs enabled at http://0.0.0.0:8000/docs/ #swagger docs builtin\n\n# processes are python processes that handle request 1 actix worker\n```\n\n---\n\n**Key Features:**\n\n- \ud83d\ude80 **High Performance** - Rust-powered HTTP server (Actix Web + Tokio + PyO3)\n- \ud83d\udd10 **Authentication in Rust** - JWT/API Key/Session validation without Python GIL\n- \ud83d\udce6 **msgspec Serialization** - 5-10x faster than standard JSON\n- \ud83c\udfaf **Django Integration** - Use your existing Django models and other django features you love (django admin, django packages)\n- \ud83d\udd04 **Async/Await** - Full async support with Python coroutines\n- \ud83c\udf9b\ufe0f **Middleware System** - CORS, rate limiting, compression (gzip/brotli/zstd)\n- \ud83d\udd12 **Guards & Permissions** - DRF and Litestar inspired route protection\n- \ud83d\udcda **OpenAPI Support** - 7 render plugins (Swagger, ReDoc, Scalar, RapidDoc, Stoplight, JSON, YAML)\n- \ud83d\udce1 **Streaming Responses** - SSE, long-polling, async generators\n- \ud83c\udfa8 **Class-Based Views** - ViewSet and ModelViewSet with DRF-style conventions\n\n## \ud83d\udcca Performance Benchmarks\n\n> **\u26a0\ufe0f Disclaimer:** Django-Bolt is a **feature-incomplete framework** currently in development. Benchmarks were run on a Ryzen 5600G with 16GB RAM (8 processes \u00d7 1 worker, C=100 N=10000) on localhost. Performance will vary significantly based on hardware, OS, configuration, and workload.\n>\n> **\ud83d\udcc1 Resources:** Example project available at [python/example/](python/example/). Run benchmarks with `make save-bench` or see [scripts/benchmark.sh](scripts/benchmark.sh).\n\n| Endpoint Type | Requests/sec |\n| -------------------------- | --------------- |\n| Root endpoint | **~85,000 RPS** |\n| JSON parsing/validation | **~80,000 RPS** |\n| Path + Query params | **~83,500 RPS** |\n| HTML/Redirect responses | **~86,000 RPS** |\n| Form data handling | **~68,000 RPS** |\n| ORM reads (SQLite, 10 rec) | **~15,000 RPS** |\n\n**Why so fast?**\n\n- HTTP Parsing and Reponse is handled Actix-rs framework(One of the fastest in the world)\n- Request routing uses matchit (zero-copy path matching)\n- JSON serialization with msgspec\n\n---\n\n## \u2705 What's Complete\n\n### Core Framework \u2705\n\n- \u2705 **Rust HTTP Server** - Actix Web with tokio async runtime\n- \u2705 **Fast Routing** - matchit-based routing with path parameters (`/items/{id}`)\n- \u2705 **Async Handlers** - Full async/await support (enforced async handlers)\n- \u2705 **Request/Response** - msgspec-based validation and serialization\n- \u2705 **Multiple Response Types**:\n - `JSON` - msgspec-serialized JSON responses\n - `PlainText` - Plain text responses\n - `HTML` - HTML responses\n - `Redirect` - HTTP redirects\n - `File` - File downloads (in-memory)\n - `FileResponse` - Streaming file responses (handled in Rust)\n - `StreamingResponse` - Async streaming for large payloads\n- \u2705 **Parameter Injection**:\n - Path parameters (`/items/{id}`)\n - Query parameters (`?page=1&limit=10`)\n - Headers (`Annotated[str, Header(\"x-api-key\")]`)\n - Cookies (`Annotated[str, Cookie(\"session\")]`)\n - Form data (`Annotated[str, Form(\"username\")]`)\n - File uploads (`Annotated[bytes, File(\"upload\")]`)\n - Request body (msgspec.Struct)\n- \u2705 **Dependency Injection** - `Depends()` system for reusable dependencies\n- \u2705 **Django ORM Integration** - Full access to Django models (async methods)\n- \u2705 **Multi-Process Scaling** - SO_REUSEPORT for horizontal scaling\n- \u2705 **Auto-Discovery** - Finds `api.py` in project root and all installed apps\n\n### Middleware System \u2705\n\n- \u2705 **Global Middleware** - Apply to all routes via `BoltAPI(middleware=[...])`\n- \u2705 **Per-Route Middleware** - `@middleware`, `@rate_limit`, `@cors` decorators\n- \u2705 **CORS Middleware** - Full CORS support with preflight\n- \u2705 **Rate Limiting** - Token bucket algorithm (in Rust, no GIL)\n- \u2705 **Compression** - Automatic gzip/brotli/zstd compression (client-negotiated)\n- \u2705 **Skip Middleware** - `@skip_middleware(\"cors\", \"rate_limit\", \"compression\")`\n- \u2705 **Middleware Config** - Dictionary-based configuration\n\n### Authentication & Authorization \u2705\n\n- \u2705 **JWT Authentication** - **Complete** (runs in Rust without GIL)\n\n - Algorithms: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512\n - Token validation in Rust (zero Python overhead)\n - Expiration validation (`exp`) and not-before (`nbf`) checks\n - Custom claims support with audience/issuer validation\n - Django User integration helpers\n - Token revocation support (optional: `InMemoryRevocation`, `DjangoCacheRevocation`, `DjangoORMRevocation`)\n\n- \u2705 **API Key Authentication** - **Complete** (runs in Rust without GIL)\n\n - Header-based API keys (Bearer or ApiKey prefix)\n - Per-key permissions\n - Constant-time comparison (timing attack prevention)\n - Fast validation in Rust\n\n- \u2705 **Session Authentication** - **Complete** (Django session integration)\n\n - Django session backend integration\n - Automatic user lookup from session\n - Compatible with Django's session middleware\n - Supports both cookie-based and custom session stores\n\n- \u2705 **Permission Guards** (all run in Rust):\n\n - `AllowAny()` - Public access\n - `IsAuthenticated()` - Requires valid auth\n - `IsAdminUser()` - Requires admin/superuser\n - `IsStaff()` - Requires staff status\n - `HasPermission(\"perm\")` - Single permission check\n - `HasAnyPermission(\"p1\", \"p2\")` - OR logic\n - `HasAllPermissions(\"p1\", \"p2\")` - AND logic\n\n- \u2705 **Auth Context** - Request-level auth context with user info, permissions, and backend details\n- \u2705 **Token Utilities**:\n\n - `create_jwt_for_user(user, exp_hours=24)` - Generate JWT for Django User\n - Custom claims and permissions support\n\n**\ud83d\udcd6 See [docs/SECURITY.md](docs/SECURITY.md) for complete authentication documentation.**\n\n### Developer Tools \u2705\n\n- \u2705 **CLI** - `python -m django_bolt init` for project setup\n- \u2705 **Management Command** - `python manage.py runbolt` with auto-discovery\n- \u2705 **Auto-Discovery** - Finds `api.py` in project root and all Django apps\n- \u2705 **OpenAPI/Swagger** - 7 render plugins: Swagger UI, ReDoc, Scalar, RapidDoc, Stoplight Elements, JSON, YAML\n- \u2705 **Error Messages** - Clear, structured error messages with Django DEBUG integration\n- \u2705 **Type Hints** - Full type hint support with msgspec\n- \u2705 **Dependency Injection** - `Depends()` marker with per-request caching\n\n**\ud83d\udcd6 See [docs/README.md](docs/README.md) for complete documentation index.**\n\n---\n\n### Request Flow\n\n```\nHTTP Request \u2192 Actix Web (Rust)\n \u2193\n Route Matching (matchit)\n \u2193\n Middleware Pipeline (Rust - no GIL)\n - CORS\n - Rate Limiting\n \u2193\n Authentication (Rust - no GIL)\n - JWT validation (HS256/384/512, RS256/384/512, ES256/384)\n - API Key validation (constant-time comparison)\n - Session validation (Django session integration)\n \u2193\n Guards/Permissions (Rust - no GIL)\n - IsAuthenticated\n - IsAdminUser\n - HasPermission\n \u2193\n Python Handler (PyO3 bridge)\n \u2193\n Parameter Extraction & Validation (msgspec)\n \u2193\n Handler Execution (async Python)\n - Django ORM access\n - Business logic\n \u2193\n Response Serialization (msgspec)\n \u2193\n HTTP Response\n```\n\n---\n\n## \ud83d\udcd6 Documentation (Coming Soon)\n\n- **[Getting Started Guide](docs/GETTING_STARTED.md)** - Complete tutorial from installation to first API\n- **[Security Guide](docs/SECURITY.md)** - Authentication, authorization, CORS, rate limiting\n- **[Middleware Guide](docs/MIDDLEWARE.md)** - CORS, rate limiting, custom middleware\n- **[Responses Guide](docs/RESPONSES.md)** - All response types and streaming\n- **[Class-Based Views](docs/CLASS_BASED_VIEWS.md)** - ViewSet and ModelViewSet patterns\n- **[OpenAPI Guide](docs/OPENAPI.md)** - Auto-generated API documentation\n- **[Pagination Guide](docs/PAGINATION.md)** - PageNumber, LimitOffset, Cursor pagination\n- **[Logging Guide](docs/LOGGING.md)** - Request/response logging and metrics\n- **[Full Documentation Index](docs/README.md)** - Complete list of all documentation\n\n---\n\n## \ud83d\udcd6 Usage Examples\n\n### Basic Routes\n\n```python\nfrom django_bolt import BoltAPI\nimport msgspec\nfrom typing import Optional\n\napi = BoltAPI()\n\n# Simple GET\n@api.get(\"/hello\")\nasync def hello():\n return {\"message\": \"Hello, World!\"}\n\n# Path parameters\n@api.get(\"/users/{user_id}\")\nasync def get_user(user_id: int):\n return {\"user_id\": user_id}\n\n# Query parameters\n@api.get(\"/search\")\nasync def search(q: str, limit: int = 10):\n return {\"query\": q, \"limit\": limit}\n\n# Request body with validation\nclass CreateUserRequest(msgspec.Struct):\n username: str\n email: str\n age: int\n\n@api.post(\"/users\", response_model=CreateUserRequest)\nasync def create_user(user: CreateUserRequest):\n # Validated automatically\n return user\n```\n\n### Authentication & Guards\n\n```python\nfrom django_bolt import BoltAPI\nfrom django_bolt.auth import (\n JWTAuthentication,\n APIKeyAuthentication,\n IsAuthenticated,\n IsAdminUser,\n HasPermission,\n)\n\napi = BoltAPI()\n\n# JWT Authentication\n@api.get(\n \"/protected\",\n auth=[JWTAuthentication()],\n guards=[IsAuthenticated()]\n)\nasync def protected_route(request):\n auth = request.get(\"auth\", {})\n user_id = auth.get(\"user_id\")\n return {\"message\": f\"Hello, user {user_id}\"}\n\n# API Key Authentication\n@api.get(\n \"/api-data\",\n auth=[APIKeyAuthentication(api_keys={\"key1\", \"key2\"})],\n guards=[IsAuthenticated()]\n)\nasync def api_data(request):\n return {\"message\": \"API key authenticated\"}\n\n# Permission-based access\n@api.post(\n \"/articles\",\n auth=[JWTAuthentication()],\n guards=[HasPermission(\"articles.create\")]\n)\nasync def create_article(request):\n return {\"message\": \"Article created\"}\n\n# Create JWT token for Django user\nfrom django_bolt.auth import create_jwt_for_user\nfrom django.contrib.auth.models import User\n\n@api.post(\"/login\")\nasync def login(username: str, password: str):\n user = await User.objects.aget(username=username)\n # Verify password...\n token = create_jwt_for_user(user, exp_hours=24)\n return {\"access_token\": token, \"token_type\": \"bearer\"}\n```\n\n**\ud83d\udcd6 See [docs/SECURITY.md](docs/SECURITY.md) for complete authentication documentation.**\n\n### Middleware\n\n```python\nfrom django_bolt import BoltAPI\nfrom django_bolt.middleware import cors, rate_limit, skip_middleware\n\n# Global middleware\napi = BoltAPI(\n middleware_config={\n \"cors\": {\n \"origins\": [\"http://localhost:3000\"],\n \"methods\": [\"GET\", \"POST\", \"PUT\", \"DELETE\"],\n \"credentials\": True,\n }\n }\n)\n\n# Per-route rate limiting (runs in Rust, no GIL)\n@api.get(\"/limited\")\n@rate_limit(rps=100, burst=200, key=\"ip\") # 100 req/s with burst of 200\nasync def limited_endpoint():\n return {\"message\": \"Rate limited\"}\n\n# Rate limiting by user ID\n@api.get(\"/user-limited\", auth=[JWTAuthentication()], guards=[IsAuthenticated()])\n@rate_limit(rps=50, burst=100, key=\"user\")\nasync def user_limited():\n return {\"message\": \"Per-user rate limiting\"}\n\n# Custom CORS for specific route\n@api.get(\"/public\")\n@cors(origins=[\"https://example.com\"], credentials=True, max_age=3600)\nasync def public_endpoint():\n return {\"message\": \"Public endpoint with CORS\"}\n\n# Skip global middleware\n@api.get(\"/no-cors\")\n@skip_middleware(\"cors\", \"rate_limit\")\nasync def no_cors():\n return {\"message\": \"Middleware skipped\"}\n```\n\n**\ud83d\udcd6 See [docs/MIDDLEWARE.md](docs/MIDDLEWARE.md) for complete middleware documentation.**\n\n### Django ORM Integration\n\n```python\nfrom django_bolt import BoltAPI\nfrom django.contrib.auth.models import User\nfrom myapp.models import Article\n\napi = BoltAPI()\n\n@api.get(\"/users/{user_id}\")\nasync def get_user(user_id: int):\n # Use Django's async ORM methods\n user = await User.objects.aget(id=user_id)\n return {\n \"id\": user.id,\n \"username\": user.username,\n \"email\": user.email,\n }\n\n@api.get(\"/articles\")\nasync def list_articles(limit: int = 10):\n # Async query with select_related\n articles = await Article.objects.select_related(\"author\").all()[:limit]\n return [\n {\n \"id\": a.id,\n \"title\": a.title,\n \"author\": a.author.username,\n }\n async for a in articles\n ]\n```\n\n### Response Types\n\n```python\nfrom django_bolt import BoltAPI\nfrom django_bolt.responses import (\n PlainText, HTML, Redirect, File, FileResponse, StreamingResponse\n)\nimport asyncio\n\napi = BoltAPI()\n\n@api.get(\"/text\")\nasync def text_response():\n return PlainText(\"Hello, World!\")\n\n@api.get(\"/html\")\nasync def html_response():\n return HTML(\"<h1>Hello</h1>\")\n\n@api.get(\"/redirect\")\nasync def redirect_response():\n return Redirect(\"/new-location\", status_code=302)\n\n@api.get(\"/download-memory\")\nasync def download_memory():\n # In-memory file download\n content = b\"File contents here\"\n return File(content, filename=\"document.txt\", media_type=\"text/plain\")\n\n@api.get(\"/download-disk\")\nasync def download_disk():\n # Streams file from disk (zero-copy in Rust)\n return FileResponse(\"/path/to/file.pdf\", filename=\"document.pdf\")\n\n@api.get(\"/stream-sse\")\nasync def stream_sse():\n # Server-Sent Events\n async def generate():\n for i in range(100):\n yield f\"data: {i}\\n\\n\"\n await asyncio.sleep(0.1)\n\n return StreamingResponse(\n generate(),\n media_type=\"text/event-stream\"\n )\n\n@api.get(\"/stream-json\")\nasync def stream_json():\n # Streaming JSON (sync generator)\n def generate():\n yield '{\"items\": ['\n for i in range(1000):\n yield f'{{\"id\": {i}}}'\n if i < 999:\n yield ','\n yield ']}'\n\n return StreamingResponse(generate(), media_type=\"application/json\")\n```\n\n**\ud83d\udcd6 See [docs/RESPONSES.md](docs/RESPONSES.md) for complete response documentation.**\n\n---\n\n## \ud83d\udd27 Development\n\n### Setup\n\n```bash\n# Clone repository\ngit clone https://github.com/yourusername/django-bolt.git\ncd django-bolt\n\n# Install dependencies\npip install -r requirements-dev.txt\n\n# Build Rust extension\nmake build # or: maturin develop --release\n\n# Run tests\nmake test-py\n```\n\n### Commands\n\n```bash\n# Build\nmake build # Build Rust extension\nmake rebuild # Clean and rebuild\n\n# Testing\nmake test-py # Run Python tests\n\n# Benchmarking\nmake save-bench # Run and save results\n\n# Server\n```\n\n---\n\n## \ud83e\udd1d Contributing\n\nContributions welcome! Here's how:\n\n1. Fork the repository\n2. Create a feature branch (`git checkout -b feature/amazing-feature`)\n3. Make your changes\n4. Run tests (`make test-py`)\n5. Commit (`git commit -m 'Add amazing feature'`)\n6. Push (`git push origin feature/amazing-feature`)\n7. Open a Pull Request\n\n### Areas That Need Help\n\n- Testing utilities and test client\n- WebSocket support\n- OAuth2/OpenID Connect\n- API versioning\n- More examples and tutorials\n\n---\n\n## \ud83d\ude4f Acknowledgments & Inspiration\n\nDjango-Bolt stands on the shoulders of giants. We're grateful to the following projects and communities that inspired our design and implementation:\n\n### Core Inspirations\n\n- **[Django REST Framework](https://github.com/encode/django-rest-framework)** - Our syntax, ViewSet patterns, and permission system are heavily inspired by DRF's elegant API design. The class-based views and guard system follow DRF's philosophy of making common patterns simple.\n\n- **[FastAPI](https://github.com/tivy520/fastapi)** - We drew extensive inspiration from FastAPI's dependency injection system, parameter extraction patterns, and modern Python type hints usage. The codebase structure and async patterns heavily influenced our implementation.\n\n- **[Litestar](https://github.com/litestar-org/litestar)** - Our OpenAPI plugin system is adapted from Litestar's excellent architecture. Many architectural decisions around middleware, guards, and route handling were inspired by Litestar's design philosophy.\n\n- **[Robyn](https://github.com/sparckles/Robyn)** - Robyn's Rust-Python integration patterns and performance-first approach influenced our decision to use PyO3 and showed us the potential of Rust-powered Python web frameworks.\n\n### Additional Credits\n\n- **[Actix Web](https://github.com/actix/actix-web)** - The Rust HTTP framework that powers our performance\n- **[PyO3](https://github.com/PyO3/pyo3)** - For making Rust-Python interop seamless\n- **[msgspec](https://github.com/jcrist/msgspec)** - For blazing-fast serialization\n- **[matchit](https://github.com/ibraheemdev/matchit)** - For zero-copy routing\n\nThank you to all the maintainers, contributors, and communities behind these projects. Django-Bolt wouldn't exist without your incredible work.\n\n---\n\n## \ud83d\udcc4 License\n\nDjango-Bolt is open source and available under the MIT License.\n\n---\n\nFor questions, issues, or feature requests, please visit our [GitHub repository](https://github.com/FarhanAliRaza/django-bolt).\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "High-performance API framework for Django with Rust-powered endpoints delivering 60k+ RPS",
"version": "0.2.0",
"project_urls": {
"Bug Tracker": "https://github.com/FarhanAliRaza/django-bolt/issues",
"Documentation": "https://github.com/FarhanAliRaza/django-bolt#readme",
"Homepage": "https://github.com/FarhanAliRaza/django-bolt",
"Repository": "https://github.com/FarhanAliRaza/django-bolt"
},
"split_keywords": [
"django",
" api",
" rust",
" performance",
" actix",
" pyo3",
" async"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "3f2a6b71dda0e3ef8c5cb189062d921d86f0e8af37e4079fce72d2d66bc05e5b",
"md5": "94d93e2c19040751ce714fe621e06643",
"sha256": "7b573ff0b738c6f1dd67572c41660ad24168926016aed89257e351bc1fd3ed73"
},
"downloads": -1,
"filename": "django_bolt-0.2.0-cp310-abi3-macosx_10_12_x86_64.macosx_11_0_arm64.macosx_10_12_universal2.whl",
"has_sig": false,
"md5_digest": "94d93e2c19040751ce714fe621e06643",
"packagetype": "bdist_wheel",
"python_version": "cp310",
"requires_python": ">=3.10",
"size": 7888307,
"upload_time": "2025-10-22T19:38:23",
"upload_time_iso_8601": "2025-10-22T19:38:23.397057Z",
"url": "https://files.pythonhosted.org/packages/3f/2a/6b71dda0e3ef8c5cb189062d921d86f0e8af37e4079fce72d2d66bc05e5b/django_bolt-0.2.0-cp310-abi3-macosx_10_12_x86_64.macosx_11_0_arm64.macosx_10_12_universal2.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "d1f57e07c9fa479d2893fbeced07b70773065dc65818b88eb39b42ab5d96927d",
"md5": "5f8dc2a564beb70f6114a0497924a921",
"sha256": "13f89b30a237f953bf12a994875ba6b01fe4af06554615a9ff1545e0aae80840"
},
"downloads": -1,
"filename": "django_bolt-0.2.0-cp310-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
"has_sig": false,
"md5_digest": "5f8dc2a564beb70f6114a0497924a921",
"packagetype": "bdist_wheel",
"python_version": "cp310",
"requires_python": ">=3.10",
"size": 4428970,
"upload_time": "2025-10-22T19:38:25",
"upload_time_iso_8601": "2025-10-22T19:38:25.562957Z",
"url": "https://files.pythonhosted.org/packages/d1/f5/7e07c9fa479d2893fbeced07b70773065dc65818b88eb39b42ab5d96927d/django_bolt-0.2.0-cp310-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "30a570bae9c4c5d2e39df9d0223bfcd97412a9bcba0deb0a80739ee392a4b001",
"md5": "c15c3f06eecfd70d6dce64c3dff6cb7e",
"sha256": "74620729ed73c951961a6c329e62dde3716e1e1de2fac04f3fe7fb8c6ed5125e"
},
"downloads": -1,
"filename": "django_bolt-0.2.0-cp310-abi3-win_amd64.whl",
"has_sig": false,
"md5_digest": "c15c3f06eecfd70d6dce64c3dff6cb7e",
"packagetype": "bdist_wheel",
"python_version": "cp310",
"requires_python": ">=3.10",
"size": 3636051,
"upload_time": "2025-10-22T19:38:27",
"upload_time_iso_8601": "2025-10-22T19:38:27.036795Z",
"url": "https://files.pythonhosted.org/packages/30/a5/70bae9c4c5d2e39df9d0223bfcd97412a9bcba0deb0a80739ee392a4b001/django_bolt-0.2.0-cp310-abi3-win_amd64.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "ea5caef7d8ff2d8260f999cd6437c20fac57f20812df11529bea12e095fa98b3",
"md5": "2cb310ed2bc0560c8fa595ecd8a2ca74",
"sha256": "e4acaf0cb0734e87f193851b79bfbbe8778940d5dc7f0b728d0b3a1aad0b4e4b"
},
"downloads": -1,
"filename": "django_bolt-0.2.0.tar.gz",
"has_sig": false,
"md5_digest": "2cb310ed2bc0560c8fa595ecd8a2ca74",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10",
"size": 14807536,
"upload_time": "2025-10-22T19:38:30",
"upload_time_iso_8601": "2025-10-22T19:38:30.209783Z",
"url": "https://files.pythonhosted.org/packages/ea/5c/aef7d8ff2d8260f999cd6437c20fac57f20812df11529bea12e095fa98b3/django_bolt-0.2.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-10-22 19:38:30",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "FarhanAliRaza",
"github_project": "django-bolt",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "django-bolt"
}
