Skip to content

Grit One SDK

Overview

Grit One SDK is a full stack framework that enables rapid development of secure and maintainable web applications. It provides a comprehensive set of tools and abstractions for common web development tasks.

Open on Github

Deployment

Key Features

  • Rapid Development: Pre-built components and conventions reduce boilerplate code
  • Security First: Built-in protection against OWASP top vulnerabilities
  • ORM: Object-relational mapping for database operations without raw SQL
  • Admin Interface: Auto-generated administration panel for content management
  • Authentication System: Complete user management with sessions and permissions
  • Scalable Architecture: Supports both monolithic and microservice patterns
  • REST API Support: Built-in serialization and API development tools
  • Middleware System: Extensible request/response processing pipeline

Core Backend Features

Authentication

The system provides: - User registration with email - Secure login/logout functionality - Session management via cookies - Password storage as salted hashes using PBKDF2 algorithm with SHA256

Role-Based Access Control

User permissions are managed through group-based permission system: - Each user is assigned to appropriate groups - Permission inheritance is implemented through groups - Predefined role categories: - Superuser (unrestricted access) - Internal employee - B2C customer - B2B customer

Additional Features (Available Upon Request)

Payment Processing

  • Stripe integration supports multiple pricing models:
  • Fixed monthly subscription (e.g., $20/month)
    • Usage-based billing with minimum charge threshold
    • Usage below certain amount triggers automatic account charge (for example, if usage is below $5, it will auto charge $10 to the account)

Quick Start

Create a simple web application:

# views.py
class HomeView(View):
    def get(self, request):
        return render(request, 'home.html', {'title': 'Welcome'})

# urls.py
from .views import HomeView

urlpatterns = [
    path('', HomeView.as_view(), name='home'),
]

Architecture

Core Components

  • Request/Response Cycle: HTTP request processing through middleware layers
  • URL Dispatcher: Maps URLs to view functions or classes
  • Template Engine: Server-side rendering with template inheritance
  • Database Layer: Abstract database operations through models
  • Static Files: Efficient handling of CSS, JavaScript, and media files

Project Structure

myproject/
├── manage.py           # Command-line utility
├── myproject/          # Project configuration
│   ├── settings.py     # Project settings
│   ├── urls.py         # URL declarations
│   └── wsgi.py         # WSGI entry point
└── apps/               # Application modules
    └── myapp/
        ├── models.py   # Data models
        ├── views.py    # View logic
        ├── urls.py     # App URLs
        └── templates/  # HTML templates

Core Modules

Authentication & Authorization

@login_required
def protected_view(request):
    # Only authenticated users can access
    return HttpResponse(f"Welcome, {request.user.username}")

Database Models

class Product(models.Model):
    name = models.CharField(max_length=200)
    price = models.DecimalField(max_digits=10, decimal_places=2)
    created_at = models.DateTimeField(auto_now_add=True)

    class Meta:
        ordering = ['-created_at']

Admin Interface

from .models import Product

@admin.register(Product)
class ProductAdmin(admin.ModelAdmin):
    list_display = ['name', 'price', 'created_at']
    search_fields = ['name']
    list_filter = ['created_at']

Security Features

Built-in Protections

  • SQL Injection: Parameterized queries prevent injection attacks
  • XSS Prevention: Automatic HTML escaping in templates
  • CSRF Protection: Token-based protection for state-changing operations
  • Clickjacking: X-Frame-Options header support
  • HTTPS Support: Secure cookies and HSTS enforcement
  • Password Security: PBKDF2 hashing with SHA256

Example: Building a REST API

# serializers.py
from .models import Product

class ProductSerializer(serializers.ModelSerializer):
    class Meta:
        model = Product
        fields = ['id', 'name', 'price', 'created_at']

# views.py
from .models import Product
from .serializers import ProductSerializer

class ProductViewSet(viewsets.ModelViewSet):
    queryset = Product.objects.all()
    serializer_class = ProductSerializer

# urls.py
from .views import ProductViewSet

router = DefaultRouter()
router.register('products', ProductViewSet)
urlpatterns = router.urls