[英]Business Logic in CRUD RESTful API
I want to prevent users who have been flagged as spammers from sending messages on my application. 我想防止被标记为垃圾邮件发送者的用户在我的应用程序上发送消息。 Should the Messaging API validate that the sending User is not a spammer (thereby returning a 400)?
Messaging API是否应该验证发送用户不是垃圾邮件发送者(从而返回400)? Or is it the responsibility of the caller?
还是来电者的责任?
There are a couple apps and a website consuming CRUD RESTful API's of which there are two, one for Users and one for Messaging. 有几个应用程序和一个使用CRUD RESTful API的网站,其中有两个,一个用于“用户”,一个用于“消息传递”。
The debate is whether the caller of the Messaging API is responsible for validating the spamming status of the User. 争论的焦点是消息传递API的调用者是否负责验证用户的垃圾邮件状态。
Thoughts? 有什么想法吗?
You could consider a third option. 您可以考虑第三个选择。 You wrote:
你写了:
The caller often already has the user profile available.
呼叫者通常已经具有可用的用户配置文件。
You could demand each Message API request to include the user profile. 您可以要求每个Message API请求都包括用户个人资料。 Then, the Message API can detect spammers without calling the User API.
然后,Message API可以检测垃圾邮件发送者而无需调用User API。
Pros: 优点:
Cons: 缺点:
I'm not saying that this option is the best, it is just another candidate to consider. 我并不是说这个选项是最好的,这只是要考虑的另一种选择。 Which option is the best depends on the weights of each pro and con argument.
最佳选择取决于每个赞成和反对论点的权重。 You and your team members should judge which aspects are most important in your organization and your specific situation.
您和您的团队成员应判断哪些方面对您的组织和具体情况最重要。
Business logic always clutters up services. 业务逻辑总是使服务混乱。 Some people get around this by separating business services from infrastructure/data services.
有些人通过将业务服务与基础架构/数据服务分开来解决此问题。 This unfortunately just seems to make things more complicated down the road when a single infrastructure data service causes many business services to change.
不幸的是,当单个基础结构数据服务导致许多业务服务发生变化时,这似乎会使事情变得更加复杂。
Don't distribute your business logic. 不要分发您的业务逻辑。 It's not worth it to keep a service "clean".
保持服务“干净”是不值得的。 This "clean" implementation is a fiction.
这种“干净”的实现是虚构的。 You already have lots of coupling to other services, you just aren't thinking of them that way.
您已经与其他服务建立了很多联系,只是您并没有那样想。 I guarantee you are relying on a SMTP or MQ service for your messaging.
我保证您依靠SMTP或MQ服务进行消息传递。 They just aren't services you have written.
它们不是您编写的服务。
I would encapsulate your access to your user service like you would any other data access (like a database). 我将封装对用户服务的访问,就像对其他任何数据访问(如数据库)一样。 Wrap it in a DAO or a Repository pattern.
将其包装为DAO或存储库模式。 At that point, you can evaluate whether you are hitting a performance issue, and if so, implement a caching layer for your users to resolve it.
届时,您可以评估是否遇到性能问题,如果是,请为用户实现一个缓存层以解决该问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.