<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Drf on Kuldeep Pisda</title><link>https://kdpisda.in/tag/drf/</link><description>Recent content in Drf on Kuldeep Pisda</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Sat, 21 Mar 2026 10:00:00 +0530</lastBuildDate><atom:link href="https://kdpisda.in/tag/drf/index.xml" rel="self" type="application/rss+xml"/><item><title>From 30 Seconds to 200ms: The Django Queries Nobody Asked For</title><link>https://kdpisda.in/dynamic-api-fields-and-query-optimization-django/</link><pubDate>Sat, 21 Mar 2026 10:00:00 +0530</pubDate><guid>https://kdpisda.in/dynamic-api-fields-and-query-optimization-django/</guid><description>&lt;p&gt;With the ERP&amp;rsquo;s permissions now defined from a screen instead of a deploy (chapter 9), the platform had crossed a line I could feel: the content team, the department heads, and the booking staff were all self-serving from the same Django backend without filing a ticket. It was doing real work for real people. And then, quietly, it started doing that work slowly.&lt;/p&gt;
&lt;p&gt;The complaints didn&amp;rsquo;t arrive as a crash. They arrived as a shrug. &amp;ldquo;The courses page takes a while to load.&amp;rdquo; &amp;ldquo;The admin list just spins.&amp;rdquo; On a good connection the course listing came back in three or four seconds — annoying but survivable. On a mid-range Android phone on 4G in a small town, which is &lt;em&gt;most&lt;/em&gt; of our users, the same endpoint could take &lt;strong&gt;twenty to thirty seconds&lt;/strong&gt; before the first byte. That is well past the point where a user assumes the app is broken and closes it. We were losing people not to a bug, but to a spinner.&lt;/p&gt;</description></item><item><title>OTP Phone Authentication for Indian Consumer Apps in Django</title><link>https://kdpisda.in/otp-phone-auth-django-drf/</link><pubDate>Fri, 20 Mar 2026 10:00:00 +0530</pubDate><guid>https://kdpisda.in/otp-phone-auth-django-drf/</guid><description>&lt;p&gt;The first real product decision I made on this veterinary clinic-management
platform — one I built solo for the Indian market back in 2019 — had nothing to do with
clinics. It was this: &lt;strong&gt;the login is a phone number and a six-digit code, not an
email and a password.&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;That sounds obvious now. It wasn&amp;rsquo;t the default I reached for. Django hands you
&lt;code&gt;username&lt;/code&gt; + &lt;code&gt;password&lt;/code&gt; out of the box, &lt;code&gt;djangorestframework-simplejwt&lt;/code&gt; assumes the
same, and every tutorial I&amp;rsquo;d read wired auth that way. But the users were pet owners
in Indian towns. A lot of them don&amp;rsquo;t have an email they check. All of them have a
phone number, and they already expect &amp;ldquo;enter your number, get an OTP&amp;rdquo; because that&amp;rsquo;s
how every app they use — payments, food, ride-hailing — logs them in. Phone &lt;em&gt;is&lt;/em&gt; the
identity here. Building email auth and bolting phone on later would have been solving
the wrong problem first.&lt;/p&gt;</description></item><item><title>Permissions as Data: The ERP the Org Rewires Without an Engineer</title><link>https://kdpisda.in/erp-dynamic-permissions-with-django-groups/</link><pubDate>Sat, 14 Mar 2026 10:00:00 +0530</pubDate><guid>https://kdpisda.in/erp-dynamic-permissions-with-django-groups/</guid><description>&lt;p&gt;The Ambarsthan booking engine from the last chapter put its foot down in exactly one place on purpose: the correctness of two people grabbing the same slot lives in the database — row locks, an exclusion constraint, the right isolation level — not in hopeful application code. Same Django backend, a very different neighbour app riding on it, and this time the hard part is not concurrency. It is change.&lt;/p&gt;</description></item><item><title>The Rebuild That Never Had a Cutover Day: Strangling Directus With Django</title><link>https://kdpisda.in/extending-directus-with-django-strangler-pattern/</link><pubDate>Sat, 07 Feb 2026 10:00:00 +0530</pubDate><guid>https://kdpisda.in/extending-directus-with-django-strangler-pattern/</guid><description>&lt;p&gt;By the time the paying-user number stopped being arguable, we had earned the right to build the real thing. Three months of the FastAPI proxy hack had turned &amp;ldquo;would anyone actually pay for a course?&amp;rdquo; into a hard number — roughly 6,000 users on the Happy Thoughts platform, about one in ten of them paying — and those same three months had turned the proxy itself into something I no longer trusted. The two facts arrived together, and that was the whole signal: demand was proven, and the thing holding it up was creaking exactly as a hack should.&lt;/p&gt;</description></item></channel></rss>