如何设置Web API外观模式 [英] How to setup a Web API Facade pattern
问题描述
我一直在阅读有关立面模式的文章,并且试图了解如何实现这一点。这就是我理解如何实现的方式:
I've been reading about the Facade Pattern and I'm trying to get an idea on how to implement this. This is how I understand how it can be implemented:
-------------------------------------------------------------
| (Facade layer) API Exposure |
-------------------------------------------------------------
| DMZ |
| (Auth API) (Application Web API) |
-------------------------------------------------------------
所以有两层。因此,基本上有两个Web API端点。居住在 DMZ
中的一个,外界无法访问。它包含以下端点:
So there are two layers. So basically two Web API end points. One that lives in the DMZ
, which is not accessible to the outside world. It contains endpoints like:
internal/User Get/Put/Post/Del
internal/Order Get/Put/Post/Del
internal/Product Get/Put/Post/Del
internal/Address Get/Put/Post/Del
etc.
然后是公用Web服务器,它将Web API端点公开给外界。该层将具有以下端点:
And then there is the public Web server that exposes a Web API endpoint to the outside world. That layer will have endpoints like:
api/user - POST
这将接受JSON对象,例如:
This accepts a JSON object like:
User: {
username: 'john doe'
addresses: [{
street: 'something 1001'
}, {
straat: 'company 300'
}]
}
然后 api /用户
端点将返回两个调用。一个进入内部/用户
,另一个进入内部/地址
。
Then the api/user
endpoint will in return make two calls. One goes to internal/User
and one to internal/Address
.
因此,使用用户仅需进行一次API调用即可保存带有地址信息的用户对象。但是 Facade
层将进行两个单独的调用。
So the consuming user only had to make one API call to save a user object with address information. But the Facade
layer will make two separate calls.
我的理解对Web API的Facade模式正确吗?
Is my understanding correct of the Facade Pattern for Web APIs?
第二个问题是,当使用者尝试使用API时,应该在哪里进行身份验证检查?我应该在DMZ层还是Facade层上这样做?
Second question I have is, where should I do the auth checking when a consumer tries to use an API? Should I do that on the DMZ layer, or the Facade layer?
我感觉在这个示例中我错过了一些重要的东西。任何细节都会有所帮助。
I have the feeling that I miss some important things in this example. Any details are helpful.
推荐答案
我认为您很严厉。与网关模式相同。
I think you're rigth. It's the same as gateway pattern.
http://microservices.io/patterns/ apigateway.html
在网关中,您可以添加授权验证,然后仅调用允许的服务。
In the gateway you can add the authorization verification, and then invoke only the allowed service.
这篇关于如何设置Web API外观模式的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!