如何正确缓存我的Symfony2 API? [英] How to properly cache my Symfony2 APIs?
问题描述
我正在Symfony2上制作经典的无状态RESTfull API:用户/应用程序在authenticate API上获得身份验证令牌,并将其提供给所有其他API进行记录,并在其他API上发布数据/访问受保护/私有/个人数据.
I'm making classic stateless RESTfull APIs on Symfony2: users/apps gets an authentication token on the authenticate API and give it to all others APIs to be logged and post data / access protected/private/personal data on others APIs.
关于此工作流程和缓存,我现在有三个问题:
I've got now three concerns regarding this workflow and caching:
-
如何为我的静态" API(无论记录的用户及其令牌如何,始终提供相同的内容)使用HTTP缓存,假设不同的令牌将由不同的用户在同一API的URL中传递,因此url永远不会相同?那么如何使用HTTP共享缓存?
How to use HTTP cache for my 'static' APIs (that always deliver the same content, regardless the logged user and its token) assuming that different tokens would be passed in the url by different users for the same API, so that the url would never be the same? How to use HTTP shared cache then?
关于记录的用户权限,我有相同URL的API会产生不同的输出(我基本上有4种不同的权限级别).问题是:这是一个好模式吗?最好有4个不同的URL,每个URL对应一个,我可以缓存吗?如果没有,该如何在其上实现适当的缓存?
I've got APIs for the same url that produce a different output, regarding the logged user rights (I've basically 4 different rights levels). Question is: is it a good pattern? It is not better to have 4 different urls, one for each right, that I could cache? If not, how to implement a proper cache on that?
共享的HTTP缓存是否在HTTPS上运行?如果没有,我应该实现哪种类型的缓存?如何实现?
Is shared HTTP Cache working on HTTPS? If not, which type of caching should I implement, and how?
感谢您的回答,并对此表示感谢.
Thanks for your answers and lights on that.
推荐答案
我遇到了类似的问题(在所有3种情况下),并且已将以下策略与Symfony的内置反向代理缓存一起成功使用:
I have had a similar issue (with all 3 scenarios) and have used the following strategy successfully with Symfony's built-in reverse-proxy cache:
-
如果使用Apache,请更新
.htaccess以将应用程序的环境变量添加到http缓存中(注意:环境会自动将REDIRECT_添加到环境变量中):
If using Apache, update
.htaccessto add an environment variable for your application to the http cache off of (NOTE: environment automatically addsREDIRECT_to the environment variable):
# Add `REDIRECT_CACHE` if API subdomain
RewriteCond %{HTTP_HOST} ^api\.
RewriteRule .* - [E=CACHE:1]
# Add `REDIRECT_CACHE` if API subfolder
RewriteRule ^api(.*)$ - [E=CACHE:1]
在实例化AppKernel之后将其添加到app.php:
Add this to app.php after instantiating AppKernel:
// If environment instructs us to use cache, enable it
if (getenv('CACHE') || getenv('REDIRECT_CACHE')) {
require_once __DIR__.'/../app/AppCache.php';
$kernel = new AppCache($kernel);
}
对于您的静态" API,您所要做的就是获取响应对象并对其进行修改:
For your "static" APIs, all you have to do is take your response object and modify it:
$response->setPublic();
$response->setSharedMaxAge(6 * 60 * 60);
由于您拥有会话,用户或安全令牌,因此Symfony实际上默认为$response->setPrivate().
Because you have a session, user or security token, Symfony effectively defaults to $response->setPrivate().
关于第二点,REST约定(以及反向代理建议),GET& HEAD请求无意在请求之间进行更改.因此,如果内容根据登录的用户而更改,则应将响应设置为private&完全避免为反向代理缓存进行缓存.
Regarding your second point, REST conventions (as well as reverse-proxy recommendations), GET & HEAD requests aren't meant to change between requests. Because of this, if content changes based on the logged in user, you should set the response to private & prevent caching at all for the reverse-proxy cache.
如果需要高速缓存,则应在内部进行处理&不是通过反向代理.
因为我们不想基于每个用户角色引入URL,所以我们只是在内部按角色缓存了响应(使用Redis)&直接返回它,而不是让缓存(错误)处理它.
Because we didn't want to introduce URLs based on each user role, we simply cached the response by role internally (using Redis) & returned it directly rather than letting the cache (mis)handle it.
关于您的第三点,因为HTTP& HTTPS流量达到了相同的缓存&回应中包含公共/私人&高速缓存控制设置已明确设置,AppCache在安全和安全性方面均提供相同的响应不安全的流量.
As for your third point, because HTTP & HTTPS traffic are hitting the same cache & the responses are having public/private & cache-control settings explicitly set, the AppCache is serving the same response both secure & insecure traffic.
我希望这对我有帮助!
这篇关于如何正确缓存我的Symfony2 API?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
