带有管理视图的 REST API 设计
[英]REST API design with admin views
问题描述
I have API application with endpoints:
我有带有端点的 API 应用程序:
/api/v1/accounts
/api/v1/accounts/id
API have authorization with roles (user, admin). API 具有角色授权(用户、管理员)。 Users can mark accounts as visible or hidden.用户可以将帐户标记为可见或隐藏。 If account is hidden then it's not visible in search ( /api/v1/accounts ) but want to allow search for admin in "user mode" (where hidden are hidden) and "admin mode" (where hidden are visible too).如果帐户被隐藏,那么它在搜索( /api/v1/accounts )中不可见,但希望允许在“用户模式”(隐藏隐藏)和“管理模式”(隐藏也可见)下搜索管理员。 User can see their account even if its marked as hidden即使标记为隐藏,用户也可以看到他们的帐户
What is the best way to achieve it?实现它的最佳方法是什么? Add a parameter to detect if it's admin to every endpoint or create separated endpoints?添加一个参数来检测它是否是每个端点的管理员或创建单独的端点? (eg. /api/v1/accounts and /admin/api/v1/accounts ). (例如/api/v1/accounts和/admin/api/v1/accounts )。 If I'm using mediator pattern shoud make separate queries/commands for admin (single principle responsibility) or keep in one?如果我使用调解器模式,应该为管理员(单一原则责任)进行单独的查询/命令还是保持一个? I'm searching best solution form my problem我正在从我的问题中寻找最佳解决方案
1 个解决方案
解决方案1
1 2020-02-18 15:17:47
This is very opinionated question so no answer will be complete or single point of truth.这是一个非常自以为是的问题,因此没有答案是完整的或单一的事实。 I'm writing this, because the information is too much to fit into the comment section and I think I could provide you with some good guidelines in order to make the best decision for you.我写这篇文章是因为信息太多,无法放入评论部分,我想我可以为您提供一些很好的指导,以便为您做出最佳决定。
I will also express my own opinion so you should have this in mind as well.我也会表达我自己的意见,所以你也应该考虑到这一点。
That being said, first of all I see that you are using .NET-Core and C# which kind of outlines one of the options that you have.话虽如此,首先我看到您正在使用.NET-Core和C# ,它们概述了您拥有的选项之一。 Since at least ASP.NET MVC 3 we have the option to use areas which I feel will give you the behavior you want using the .NET way sort of speak.至少从ASP.NET MVC 3 开始,我们可以选择使用区域,我认为这些区域可以使用 .NET 方式为您提供所需的行为。 You can read about areas in .NET Core here and here is a short quote:你可以在这里阅读 .NET Core 中的区域,这里有一个简短的引用:
Consider using Areas in a project when:
- The app is made of multiple high-level functional components that can be logically separated.
- You want to partition the app so that each functional area can be worked on independently.
So the pros are that:所以优点是:
- You get out of the box routing in the form of /admin/accounts/...您以/admin/accounts/...的形式获得开箱即用的路由
- In the future if you need to add additional admin functionalities you can easily keep them separated which will make your code cleaner and easier to maintain将来如果您需要添加额外的管理功能,您可以轻松地将它们分开,这将使您的代码更清晰,更易于维护
However I personally am not big fan of this approach.然而,我个人并不是这种方法的忠实粉丝。 First it seems a little bit artificial to me.首先,它对我来说似乎有点人为。 Usually you end up with 95% duplicated code and some small adjustments and at the end it's very questionable if the extra code that you need to maintain is worth the benefits that you get from this extra separation.通常你最终会得到 95% 的重复代码和一些小的调整,最后你需要维护的额外代码是否值得你从这种额外的分离中获得的好处是非常值得怀疑的。
Maybe areas are viable options after all, but only if you have quite a lot of functionality that you can encapsulate inside it so that you get some real benefit.也许区域毕竟是可行的选择,但前提是您有相当多的功能可以封装在其中,以便您获得一些真正的好处。
Conclusion : You are able, and if you decide to resort to /admin/accounts/... solution I advice you to consider the area usage but I personally would not go there.结论:您可以,如果您决定求助于/admin/accounts/...解决方案,我建议您考虑区域使用情况,但我个人不会去那里。
Second option You may not complicate the project that much and just provide some extra routes to handle your specific needs.第二种选择您可能不会将项目复杂化太多,只需提供一些额外的路线来处理您的特定需求。 The problems with that are several I will outline those:与此有关的问题有几个,我将概述这些问题:
- Very often the exception became the norm.很多时候,例外变成了常态。 Now you need some extra functionality for the admins, after some time you will need something for the managers..现在您需要为管理员提供一些额外的功能,一段时间后您将需要为管理人员提供一些功能。
- Your resource identifiers will become very inconsistent, and even though it's not very professional I think it would be somewhat ugly to have such routes in your app.你的资源标识符会变得非常不一致,即使它不是很专业,我认为在你的应用程序中有这样的路由会有些难看。
Event though you are not obliged to make your services RESTful it would help if you follow some of the constraint that REST apply.事件虽然您没有义务使您的服务成为 RESTful,但如果您遵循 REST 应用的一些约束,它会有所帮助。
First, request should be stateless:首先,请求应该是无状态的:
Each request from client to server must contain all of the information necessary to understand the request
In other words all that logic, that you are describing in your question, the request should contain the data that the server will need to return the correct response.换句话说,您在问题中描述的所有逻辑,请求应包含服务器返回正确响应所需的数据。 In more practical terms I'm speaking about something like JWT where you can the Claims to pass that additional information about the user so the server can fetch you the correct data.在更实际的术语中,我说的是JWT 之类的东西,您可以在其中声明传递有关用户的附加信息,以便服务器可以获取正确的数据。
Second, Uniform interface :二、统一接口:
REST is defined by four interface constraints: identification of resources;
In your case, I think this is the most important constraint identification of resources To get the desired resource you don't actually need the admin part, it's part of the business logic of your application who can see what and all the information that the server need to fetch the correct data should be inside the request and not the URI.在您的情况下,我认为这是最重要的资源约束识别要获得所需的资源,您实际上并不需要管理部分,它是您的应用程序业务逻辑的一部分,可以查看服务器提供的内容和所有信息需要获取正确的数据应该在请求中而不是 URI。
Conclusion : I think that you should extend your request with some additional data in order to let the server perform the business logic and keep the routes as they are now.结论:我认为您应该使用一些额外的数据扩展您的请求,以便让服务器执行业务逻辑并保持路由现在的状态。
HOWEVER As you can see, things like areas exist and the people in Microsoft are much better API designers than me and you so there is no black/white answer here.然而正如你所见,像区域这样的事情是存在的,而且微软的人是比我和你更好的 API 设计师,所以这里没有非黑即白的答案。
Hope at least I managed to give you some food for thought.希望至少我设法让你深思熟虑。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.