堆栈内存溢出
  简体   繁体   English

微服务 API 设计。 维护有状态的上下文

[英]Microservices API design. Maintain stateful context

 原文  2020-03-23 15:32:26       api/ microservices/ state/ stateless/ stateful

问题描述

Imagine password recovery process, which consist of three steps:想象一下密码恢复过程,它包括三个步骤:

  1. Send SMS.发简讯。 User enters the phone.用户输入电话。 Send sms with confirmation code.发送带有确认码的短信。 We must limit how many times in a period of time user can make this request.我们必须限制用户在一段时间内可以发出此请求的次数。
  2. Enter SMS code.输入短信代码。 User enters confirmation code.用户输入确认码。 We must limit the number of attempts.我们必须限制尝试的次数。
  3. Set a new password.设置新密码。

Also we must ensure correct order of this steps.此外,我们必须确保这些步骤的正确顺序。 Meaning user can not jump straight to step 3 without succeeding in first two steps.这意味着用户不能在前两步不成功的情况下直接跳到第 3 步。

Suppose we have simple architecture:假设我们有简单的架构:
Gateway and Login service which implements three API methods each of which corresponds to each password recovery step process.网关和登录服务实现了三个 API 方法,每个方法对应于每个密码恢复步骤过程。

Api 网关和登录服务

The question is: Which service must implement this kind of stateful restrictions ?问题是:哪个服务必须实现这种有状态的限制? Gateway or Login service ?网关或登录服务?

Should It be Gateway that will keep track number of failed attempts and other context.应该是网关来跟踪失败的尝试次数和其他上下文。 Which leaves Login service stateless.这使得登录服务无状态。
Or maybe Login service, so if architecture evolves and there will be another Gateway, there is no need to duplicate same code in another gateway.或者可能是登录服务,所以如果架构发展并且会有另一个网关,则无需在另一个网关中复制相同的代码。

1 个解决方案

解决方案1
 1 已采纳  2020-03-24 08:28:17

From my point of view, state shouldn't be stored neither in login nor gateway, both services must be stateless so they can be scaled out.在我看来,状态不应该存储在登录名和网关中,这两个服务都必须是无状态的,以便它们可以扩展。 This information must be in a datastore that has to be queried by the login service.此信息必须位于登录服务必须查询的数据存储中。 Because this is a login process the responsible for all operations related to login must be the login service and it needs to keep track of where in the whole login process each user is by storing, for example, a login_status variable.因为这是一个登录过程,负责与登录相关的所有操作的必须是登录服务,它需要通过存储例如 login_status 变量来跟踪每个用户在整个登录过程中的位置。 This way you can know if a specific user is waiting to receive SMS, or to enter the code into the system or the number of attempts this user has made.通过这种方式,您可以知道特定用户是否正在等待接收 SMS,或正在等待将代码输入系统或该用户已进行的尝试次数。

The gateway instead must be completely ignorant of the business logic of the services behind it.相反,网关必须完全不知道其背后服务的业务逻辑。 Its responsibility is just to be a unique point of access它的责任只是成为一个独特的访问点

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 微服务通信设计 - Microservices Communication Design 微服务的API授权 - API Authorization with microservices 微服务架构中的API调用 - API calls in Microservices Architecture 微服务 API 网关与微服务机箱 - Microservices API gateway vs. Microservices Chassis Django 和微服务 - 如何在 django 中设计微服务 - Django & microservices - How can I design microservices in django 在微服务中配置下游 API 端点 - Configure downstream API endpoints in microservices OAuth 用于带有 API 网关的微服务 - 架构 - OAuth for Microservices with API Gateway - architecture 一种针对许多其他API微服务的身份验证API - One authentication API to many other API microservices Rails API,微服务,异步/延迟响应 - Rails API, microservices, async/deferred responses Java jar(API) 或微服务 - 适用于 java 和 python 项目 - Java jar(API) or microservices - for java and python projects
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM