简体繁体 English

客户端服务器数据交换持久性 - 气味

[英]Client Server Data Exchange Persistence - Smells

原文 2020-03-20 20:02:52 2 1 web/ caching/ architecture/ client-server/ cqrs

Suppose I have a client that sends some RunLogicCommand with input to a server.假设我有一个客户端将一些带有输入的 RunLogicCommand 发送到服务器。 The server responds with some output which is a report for the user to verify.服务器以一些输出作为响应，该输出是供用户验证的报告。 At this point, the server has not persisted anything.此时，服务器还没有持久化任何东西。 The client then sends back the entire report in a separate SaveCommand which will then persist the report data.然后客户端在单独的 SaveCommand 中发回整个报告，然后保存报告数据。

To me, certain parts of this exchange seem unnecessary.对我来说，这种交流的某些部分似乎没有必要。 That is, once the user has verified the report, it seems unnecessary for them to send the entire report back to the server for persistence.也就是说，一旦用户验证了报告，他们似乎就没有必要将整个报告发送回服务器进行持久化。 Perhaps there is a chance some sensitive data could exposed here as well?也许一些敏感数据也有可能在这里暴露？

What is the typical approach in this case?在这种情况下，典型的方法是什么？

I can see two options:我可以看到两个选项：

The user just sends the RunLogicCommand with Input AGAIN with some flag specifying it should be persisted.用户只需发送带有 Input AGAIN 的 RunLogicCommand 并带有一些指定它应该被持久化的标志。 I don't really like this option since the logic could be complex and take some time to compute.我不太喜欢这个选项，因为逻辑可能很复杂并且需要一些时间来计算。
cache the report on the server (or different service or even db), then just have the client send back the SaveCommand with the ID of the report to save.在服务器（或不同的服务甚至数据库）上缓存报告，然后让客户端发回带有报告 ID 的 SaveCommand 进行保存。

Are there any problems with either of these approaches?这些方法中的任何一种都有问题吗？ Is there a better, more typical approach?有没有更好、更典型的方法？

Thanks!谢谢！

1 个解决方案

There is no single best solution here:这里没有单一的最佳解决方案：

The cons for the approach you mentioned firsts are:您首先提到的方法的缺点是：

Increased network traffic,potentially increasing costs and giving slower response times网络流量增加，可能增加成本并降低响应时间
Can you be sure that the document you sent is the same one that has been received.您能确定您发送的文件与收到的文件相同吗？ You can but it would require extra work.你可以，但这需要额外的工作。
As you mentioned, there is an increased risk that sensitive data is exposed.正如您所提到的，敏感数据暴露的风险增加了。 However, you are sending it to the client.但是，您将其发送给客户端。

The cons for the first of your two options are:您的两个选项中第一个的缺点是：

Running the report twice would increase the load on the server, giving an extra cost due to the need for more processing capacity.两次运行报告会增加服务器的负载，由于需要更多的处理能力而产生额外的成本。
If the underlying data has changed between the two requests.如果基础数据在两个请求之间发生了变化。 Then the report that was verified by the user and the report stored in the database may not be the same.那么用户验证过的报告和数据库中存储的报告可能就不一样了。

I would use a variation of your second option:我会使用您的第二个选项的变体：

Store the report in the database as soon as it has been generated, with status "waiting for user verification"报告生成后立即存储在数据库中，状态为“等待用户验证”
When the user verifies the report, update the status as verified.当用户验证报告时，将状态更新为已验证。
To avoid having many unverified reports in the database, you could have a batch job that checks for and deletes all unverified reports that are older than x days.为避免数据库中有许多未经验证的报告，您可以有一个批处理作业来检查并删除所有早于 x 天的未经验证的报告。