如何设置Web API外观模式 [英] How to setup a Web API Facade pattern

问题描述

我一直在阅读有关立面模式的文章，并且试图了解如何实现这一点。这就是我理解如何实现的方式：

I've been reading about the Facade Pattern and I'm trying to get an idea on how to implement this. This is how I understand how it can be implemented:

-------------------------------------------------------------
|               (Facade layer) API Exposure                 |
-------------------------------------------------------------
|                           DMZ                             |
|              (Auth API)         (Application Web API)     |
-------------------------------------------------------------

所以有两层。因此，基本上有两个Web API端点。居住在 DMZ 中的一个，外界无法访问。它包含以下端点：

So there are two layers. So basically two Web API end points. One that lives in the DMZ, which is not accessible to the outside world. It contains endpoints like:

internal/User Get/Put/Post/Del
internal/Order Get/Put/Post/Del
internal/Product Get/Put/Post/Del
internal/Address Get/Put/Post/Del
etc.

然后是公用Web服务器，它将Web API端点公开给外界。该层将具有以下端点：

And then there is the public Web server that exposes a Web API endpoint to the outside world. That layer will have endpoints like:

api/user - POST

这将接受JSON对象，例如：

This accepts a JSON object like:

User: {
  username: 'john doe'
  addresses: [{
     street: 'something 1001'
  }, {
     straat: 'company 300'
  }]
}

然后 api /用户端点将返回两个调用。一个进入内部/用户，另一个进入内部/地址。

Then the api/user endpoint will in return make two calls. One goes to internal/User and one to internal/Address.

因此，使用用户仅需进行一次API调用即可保存带有地址信息的用户对象。但是 Facade 层将进行两个单独的调用。

So the consuming user only had to make one API call to save a user object with address information. But the Facade layer will make two separate calls.

我的理解对Web API的Facade模式正确吗？

Is my understanding correct of the Facade Pattern for Web APIs?

第二个问题是，当使用者尝试使用API​​时，应该在哪里进行身份验证检查？我应该在DMZ层还是Facade层上这样做？

Second question I have is, where should I do the auth checking when a consumer tries to use an API? Should I do that on the DMZ layer, or the Facade layer?

我感觉在这个示例中我错过了一些重要的东西。任何细节都会有所帮助。

I have the feeling that I miss some important things in this example. Any details are helpful.

推荐答案

我认为您很严厉。与网关模式相同。

I think you're rigth. It's the same as gateway pattern.

http://microservices.io/patterns/ apigateway.html

在网关中，您可以添加授权验证，然后仅调用允许的服务。

In the gateway you can add the authorization verification, and then invoke only the allowed service.

这篇关于如何设置Web API外观模式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！