如何在我的应用程序中限制对 API 子集的访问?
[英]How can I restrict access to a subset of APIs in my application?
问题描述
Let's say I have app.js file which exposes 5 operations (mix of GET & POST): /op1, /op2, /op3, /op4 & /op5.
假设我有一个 app.js 文件,它公开了 5 个操作(GET 和 POST 的混合):/op1、/op2、/op3、/op4 和/op5。 I want to run same app.js file on 2 different servers wherein I want /op1, /op2, /op3 services to be accessible on server running on port# 3000 and /op4 and /op5 services to be accessible from port# 500. Is there anyway I can achieve this without creating separate app.js files for each server with relevant services?我想在 2 个不同的服务器上运行相同的 app.js 文件,其中我希望 /op1、/op2、/op3 服务可以在端口#3000 上运行的服务器上访问,/op4 和/op5 服务可以从端口#500 访问。无论如何,我可以在不为每个具有相关服务的服务器创建单独的 app.js 文件的情况下实现这一目标吗?
2 个解决方案
解决方案1
0 2019-11-28 08:20:37
You can create conditional code that registers certain routes only under some conditions.您可以创建仅在某些条件下注册某些路由的条件代码。
Assuming the desired port to run the server on is either passed as a command line argument or in an environment variable and you've read that into a local variable port , you can then just conditionally check that port value and decide which routes to register:假设运行服务器所需的端口作为命令行参数传递或在环境变量中传递,并且您已将其读入局部变量port ,然后您可以有条件地检查该端口值并决定注册哪些路由:
if (port === 3000) {
app.get("/op1", ...)
app.get("/op2", ...)
app.get("/op3", ...)
} else {
app.get("/op4", ...)
app.get("/op5", ...)
}
It may be cleaner to break the separate groups of routes into their own modules and then conditionally import only the routes files that are appropriate for a given situation.将单独的路由组分解成它们自己的模块,然后有条件地仅导入适合给定情况的路由文件可能会更清晰。
if (port === 3000) {
require('routesA')(app);
} else {
require('routesB')(app);
}
Each of those modules would export a function that gets called here with the app object as an argument so each module can then register it's routes as appropriate.这些模块中的每一个都将导出一个函数,该函数在此处以app对象作为参数调用,因此每个模块都可以根据需要注册它的路由。
My personal opinion is somewhat in line with some of what was expressed in the comments that you shouldn't really need to do it this way.我个人的意见与评论中表达的一些内容有些一致,您实际上不需要这样做。 If you have two separate servers with different routes on different ports, then you should probably have two separate main server files that each establish the configuration of one of the servers.如果您有两个独立的服务器,在不同的端口上有不同的路由,那么您可能应该有两个独立的主服务器文件,每个文件都建立了其中一个服务器的配置。
With appropriate use of modules, you can share as much code as you want between the two servers (as much as 99.99% if you want).通过适当使用模块,您可以在两个服务器之间共享任意多的代码(如果需要,可以共享多达 99.99%)。
But, it does make some logical sense that the main server file would be separate for the two servers since they are intended to be different servers.但是,从逻辑上讲,两台服务器的主服务器文件是分开的,因为它们是不同的服务器。 It could literally just be a tiny shell that establishes the port and which route modules it wants to load.从字面上看,它可能只是一个小外壳,用于建立端口以及它要加载的路由模块。
解决方案2
0 2019-11-28 16:02:55
A simple solution to your question would be to use an api gateway setup.This api gateway/load balancer has to be run as a separate server and the single endpoint exposed to client apps.您的问题的一个简单解决方案是使用 api 网关设置。此 api 网关/负载平衡器必须作为单独的服务器运行,并且单个端点暴露给客户端应用程序。 U can use nginx to forward your requests to specific servers based on the endpoint .你可以使用nginx 将你的请求转发到基于端点的特定服务器。 So /op1,/op2,/op3 forward request to server1 /op4,/op5 forward request to server2 .所以/op1,/op2,/op3 将请求转发到 server1 /op4,/op5 将请求转发到 server2 。
https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/
But as mentioned in comments, you can get an eye on the microservices architecture which seems to more elegant and efficient way to go about this problem.但是正如评论中提到的,您可以关注微服务架构,这似乎是解决此问题的更优雅和有效的方法。
https://microservices.io/patterns/microservices.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.