堆栈内存溢出
  简体   繁体   English

CRUD RESTful API中的业务逻辑

[英]Business Logic in CRUD RESTful API

 原文  2015-11-10 17:08:27       validation/ api/ rest/ architecture

问题描述

Summary 摘要

I want to prevent users who have been flagged as spammers from sending messages on my application. 我想防止被标记为垃圾邮件发送者的用户在我的应用程序上发送消息。 Should the Messaging API validate that the sending User is not a spammer (thereby returning a 400)? Messaging API是否应该验证发送用户不是垃圾邮件发送者(从而返回400)? Or is it the responsibility of the caller? 还是来电者的责任?

The architecture: 架构:

建筑

Details 细节

There are a couple apps and a website consuming CRUD RESTful API's of which there are two, one for Users and one for Messaging. 有几个应用程序和一个使用CRUD RESTful API的网站,其中有两个,一个用于“用户”,一个用于“消息传递”。

The debate is whether the caller of the Messaging API is responsible for validating the spamming status of the User. 争论的焦点是消息传递API的调用者是否负责验证用户的垃圾邮件状态。

Pros of Messaging API doing the validation: 使用Messaging API进行验证的优点:

  • Business logic is uniformly enforced. 统一执行业务逻辑。 Future consumers won't forget to enforce it. 未来的消费者不会忘记执行它。
  • Maintenance is also easier, one place not three. 维护也更容易,一处不三处。

Cons of Messaging API doing the validation: 进行验证的Messaging API的缺点:

  • Downside is that validation will require a call from the Messaging API to the User API which is smelly. 缺点是验证需要从Messaging API调用到有臭味的User API。
  • This is also slow and added overhead for every POST to the Messaging API. 这也很慢,并且每次向Messaging API发送POST都会增加开销。 The caller often already has the user profile available. 呼叫者通常已经具有可用的用户配置文件。
  • Also dirties what thus far has been a very simple and clean implementation of the API's. 同样,到目前为止,API的实现非常简单,干净。

Thoughts? 有什么想法吗?

2 个解决方案

解决方案1
 1 已采纳  2015-11-10 21:01:49

You could consider a third option. 您可以考虑第三个选择。 You wrote: 你写了:

The caller often already has the user profile available. 呼叫者通常已经具有可用的用户配置文件。

You could demand each Message API request to include the user profile. 您可以要求每个Message API请求都包括用户个人资料。 Then, the Message API can detect spammers without calling the User API. 然后,Message API可以检测垃圾邮件发送者而无需调用User API。

Pros: 优点:

  • Business logic is uniformly enforced. 统一执行业务逻辑。
  • Maintenance is easier: one place, not three. 维护更容易:一个地方,而不是三个地方。
  • Message API and User API remain disconnected. 消息API和用户API保持断开连接。
  • Message API performance is not significantly affected. Message API的性能不会受到明显影响。

Cons: 缺点:

  • Clients must always send the user profile in each request to the Message API (more complex to implement, message API requests are polluted by data not directly related to the purpose of the request) 客户端必须始终将每个请求中的用户配置文件发送给Message API(实现起来比较复杂,Message API请求被与请求目的不直接相关的数据污染)
  • Clients that do not have the user profile yet, must perform an extra request to the User API. 尚无用户配置文件的客户端,必须对用户API执行额外的请求。

I'm not saying that this option is the best, it is just another candidate to consider. 我并不是说这个选项是最好的,这只是要考虑的另一种选择。 Which option is the best depends on the weights of each pro and con argument. 最佳选择取决于每个赞成和反对论点的权重。 You and your team members should judge which aspects are most important in your organization and your specific situation. 您和您的团队成员应判断哪些方面对您的组织和具体情况最重要。

解决方案2
 0  2015-11-10 18:48:40

Business logic always clutters up services. 业务逻辑总是使服务混乱。 Some people get around this by separating business services from infrastructure/data services. 有些人通过将业务服务与基础架构/数据服务分开来解决此问题。 This unfortunately just seems to make things more complicated down the road when a single infrastructure data service causes many business services to change. 不幸的是,当单个基础结构数据服务导致许多业务服务发生变化时,这似乎会使事情变得更加复杂。

Don't distribute your business logic. 不要分发您的业务逻辑。 It's not worth it to keep a service "clean". 保持服务“干净”是不值得的。 This "clean" implementation is a fiction. 这种“干净”的实现是虚构的。 You already have lots of coupling to other services, you just aren't thinking of them that way. 您已经与其他服务建立了很多联系,只是您并没有那样想。 I guarantee you are relying on a SMTP or MQ service for your messaging. 我保证您依靠SMTP或MQ服务进行消息传递。 They just aren't services you have written. 它们不是您编写的服务。

I would encapsulate your access to your user service like you would any other data access (like a database). 我将封装对用户服务的访问,就像对其他任何数据访问(如数据库)一样。 Wrap it in a DAO or a Repository pattern. 将其包装为DAO或存储库模式。 At that point, you can evaluate whether you are hitting a performance issue, and if so, implement a caching layer for your users to resolve it. 届时,您可以评估是否遇到性能问题,如果是,请为用户实现一个缓存层以解决该问题。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 重构业务逻辑验证 - Refactoring business logic validation 模型中的业务逻辑和验证 - business logic and validation in model 业务逻辑验证模式和建议 - Business logic validation patterns & advices 使用Java XML解析器进行业务逻辑验证 - Business logic validation with a Java XML parser 在挂毯页面中调用业务逻辑的最佳“场所”? - the best “place” to invoke business logic in a Tapestry page? 数据库约束是否应映射到业务逻辑 - Should database constraints map to the business logic MVC3 IsValid 和业务逻辑层 - MVC3 IsValid and Business Logic Layer 在Crud API中显示验证错误 - Show validation errors in crud api 在业务逻辑中验证后为输入字段着色 - Colorize input-fields after validating in business-logic ViewModel嵌套,并使用IValidatableObject进行业务逻辑相关的验证 - ViewModel nesting and having business logic dependant validation using IValidatableObject
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM