Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
This Django app enables you to configure and render Chart.JS charts directly from your Django codebase. Charts can than either be rendered directly into your Django template or served asynchronously to the webbrowser.
install django-jchart
pip install django-jchart
Add django-jchart
to your installed apps.
INSTALLED_APPS = (
'...',
'jchart',
)
Enable template loading from app folders by adding the following property to your TEMPLATES django configuration:
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'APP_DIRS': True,
# ...
}]
For the charts to be rendered inside the browser you will
need to include the Chart.JS library. Add the following
HTML before your closing </body>
tag:
<script src="https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.4.0/Chart.bundle.min.js"></script>
If you want to make use of asynchronous loading charts you will also need to include jQuery:
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
At the heart of this charting library lies the Chart
class. This class describes a chart and defines which data it should display. The chart's 'class fields' map to Chart.JS options which describe how the chart should render and behave. By overriding the get_datasets
method on your Chart
instance you can define which data should be displayed.
To define which type of chart you want to render (e.g. a line or bar chart), your chart class should set its class field chart_type
to one of "line", "bar", "radar", "polarArea", "pie", or "bubble". A chart class without this field is invalid and initialization will result in an ImproperlyConfigured
exception.
from jchart import Chart
class LineChart(Chart):
chart_type = 'line'
The get_datasets
method should return a list of datasets this chart should display. Where a dataset is a dictionary with key/value configuration pairs (see the Chart.JS documentation).
from jchart import Chart
class LineChart(Chart):
chart_type = 'line'
def get_datasets(self, **kwargs):
return [{
'label': "My Dataset",
'data': [69, 30, 45, 60, 55]
}]
This method allows you to set the Chart.JS data.labels
parameter. Which allows you to configure categorical axes. For an example on how to use this feature see this pie chart.
from jchart import Chart
class PieChart(Chart):
chart_type = 'pie'
def get_labels(self, **kwargs):
return ['Red', 'Blue']
A chart can be configured through the following class fields:
scales
layout
title
legend
tooltips
hover
animation
elements
responsive
All of these fields map to the same key in the Chart.JS 'options' object. For instance, if you wanted to create a chart that does not render responsively you would set the responsive class field to false:
from jchart import Chart
class UnresponsiveLineChart(Chart):
chart_type = 'line'
responsive = False
# ...
Most of these class fields require either a list of dicitonaries or a dictionary. With the exception of responsive
which should be a boolean value. Be sure to read the Chart.JS documentation on how to use these configuration options.
For your convenience there are some methods located in jchart.config
which can be used to produce correct dictionaries to configure Chart.JS properties. Most of these methods only serve as a validation step for your input configuration but some can also transform their input. Let's take a look at an example, how would you configure the X-Axis so it is not to be displayed:
from jchart import Chart
from jchart.config import Axes
class LineChart(Chart):
chart_type = 'line'
scales = {
'xAxes': [Axes(display=False)],
}
jchart.config
also contains a method to create dataset configuration dictionaries. One of the advantages of using this method is that it includes a special property color
which can be used to automatically set the values for: 'backgroundColor', 'pointBackgroundColor', 'borderColor', 'pointBorderColor', and 'pointStrokeColor'.
from jchart import Chart
from jchart.config import Axes
class LineChart(Chart):
chart_type = 'line'
def get_datasets(self, **kwargs):
return [DataSet(color=(255, 255, 255), data=[])]
The jchart.config
module contains methods for the properties listed below. Keep in mind that you are in no way obligated to use these methods, you could also supply Python dictionaries in the place of these method calls.
<h5>Available configuration methods:</h5>
<code>Axes</code>, <code>ScaleLabel</code>, <code>Tick</code>, <code>DataSet</code>, <code>Tooltips</code>, <code>Legend</code>, <code>LegendLabel</code>, <code>Title</code>, <code>Hover</code>, <code>InteractionModes</code>, <code>Animation</code>, <code>Element</code>, <code>ElementArc</code>, <code>ElementLine</code>, <code>ElementPoint</code>, <code>ElementRectangle</code>
options
this has to be set to a dictionary and can be used to set any other Chart.JS configuration values that are not configurable through a predefined class field (e.g. maintainAspectRatio
). The class fields have precedence over any configuration applied through the options
dictionary.
from jchart import Chart
class OptionsChart(Chart):
chart_type = 'line'
options = {
'maintainAspectRatio': True
}
# ...
Chart instances can be passed to your Django template context. Inside the template you can invoke the method `as_html` on the chart instance to render the chart.
# LineChart is a class inheriting from jchart.Chart
def some_view(request):
render(request, 'template.html', {
'line_chart': LineChart(),
})
The following code is an example of how to render this line chart inside your html template:
{{ line_chart.as_html }}
When rendering the chart directly into your HTML template, all the data needed for the chart is transmitted on the page's HTTP request. It is also possible to load the chart (and its required data) asynchronous.
To do this we need to setup a url endpoint from which to load the chart's data. There is a classmethod available on jchart.views.ChartView
to automatically create a view which exposes the chart's configuration data as JSON on a HTTP get request:
from jchart.views import ChartView
# LineChart is a class inheriting from jchart.Chart
line_chart = LineChart()
urlpatterns = [
url(r'^charts/line_chart/$', ChartView.from_chart(line_chart), name='line_chart'),
]
You can use a custom templatetag inside your Django template to load this chart asynchronously. The custom tag behaves like the Django url templatetag and any positional or keyword arguments supplied to it are used to resolve the url for the given url name. In this example the url does not require any url parameters to be resolved:
{% load jchart %}
{% render_chart 'line_chart' %}
This tag will be expanded into the following JS/HTML code:
<canvas class="chart" id="unique-chart-id">
</canvas>
<script type="text/javascript">
window.addEventListener("DOMContentLoaded", function() {
$.get('/charts/line_chart/', function(configuration) {
var ctx = document.getElementById("unique-chart-id").getContext("2d");
new Chart(ctx, configuration);
});
});
</script>
It can often be useful to reuse the same chart for different datasets. This can either be done by subclassing an existing chart class and overriding its get_datasets
method. But there is another way to do this. Any arguments given to the as_html
method are supplied to your get_datasets
method. This makes it possible to parameterize the output of get_datasets
Let's have a look at an example. Imagine we have price point data stored in a model called Price
and this model has a field called currency_type
. We could render the chart for different currency types by accepting the value for this field as a parameter to get_datasets
.
from jchart import Chart
from core.models import Price
class PriceChart(Chart):
chart_type = 'line'
def get_datasets(self, currency_type):
prices = Price.objects.filter(currency_type=currency_type)
data = [{'x': price.date, 'y': price.point} for price in prices]
return [DataSet(data=data)]
If we supply an instance of this chart to the context of our template, we could use this to render two different charts. This is done by using the render_chart
template tag to supply additional parameters to the get_datasets
method:
{% render_chart price_chart 'euro' %}
{% render_chart price_chart 'dollar' %}
For asynchronous charts any url parameters are passed to the get_datasets
method.
from jchart.views import ChartView
from .charts import PriceChart
price_chart = PriceChart()
urlpatterns = [
url(r'^currency_chart/(?P<>\w+)/$',
ChartView.from_chart(price_chart))
]
To render this chart asynchronously we have to supply the url parameter as a second argument to the render_chart
template tag, like so:
{% load jchart %}
{% render_chart 'price_chart' 'euro' %}
{% render_chart 'price_chart' 'dollar' %}
setup.py
.CHANGELOG.md
.python setup.py sdist bdist_wheel --universal
twine upload dist/*
FAQs
A Django App to plot charts using the excellent Chart.JS library.
We found that django-jchart demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.