我应该基于当前内部api创建Public api吗 [英] should I create Public api based on the current internal api
问题描述
我的项目有公共网站和内容管理系统(CMS).
我正在针对API使用Lambda和API网关.
CMS当前有一个api GET请求,用于从下表中获取所有数据.
My project is having public website and Content Management System(CMS).
I am using Lambda and API Gateway for the api.
The CMS currently has an api GET request to get ALL the data from the table below.
横幅"表
属性:
-id:字符串(主键/分区键)
-title:字符串
-isActive:布尔值
...
attribute:
-id: string(primary key/partition key)
-title: string
-isActive: boolean
...
-----------------------------------------------
Id isActive title
1 true title1
2 false title2
3 true title3
4 true title4
----------------------------------------------
这是我的lambda函数:
getBanner.js
This is My lambda function:
getBanner.js
'use strict'
const AWS = require('aws-sdk');
exports.handler = async function (event, context, callback) {
const documentClient = new AWS.DynamoDB.DocumentClient();
let responseBody = "";
let statusCode = 0;
const params = {
TableName : "Banner",
};
try{
const data = await documentClient.scan(params).promise();
responseBody = JSON.stringify(data.Items);
statusCode = 200
}catch(err){
statusCode = 403
}
const response = {
statusCode: statusCode,
body: responseBody
}
return response
}
我需要一个API来获取所有带有isActive = true的横幅.
I need an api to get all banners with isActive = true.
我可以想到2种方法
There are 2 approaches I can think of
1.修改现有的lambda函数
1.Modify the existing lambda function
我可以添加如下内容:
I can add something like below:
…
if(event.queryStringParameters.isActive === true){
// add filter or query to get all result
}
...
但是如果每个人不使用queryStringParameters,每个人都可以获取所有数据(包括使用isActive = false的结果),
我想避免这种情况,因为不应看到使用isActive = false的数据由公众.
But everyone is able to get all the data(including the results with isActive = false) if they do not use the queryStringParameters,
which is what I want to avoid since the data with isActive = false should not be seen by the public.
2.创建新的lambda函数
2.Create new lambda function
这可能是保护数据的最佳方法.
但是我有很多API遇到相同的情况(具有"inActive"属性),这意味着我需要创建很多公共api.
我应该使用哪种方法?
This is probably the best way to protect the data.
But I have a lot of API encountering the same situation(having "inActive" attribute), it means I need to create a lot of public api.
Which method should I use?
推荐答案
您可以创建一个指向相同Lambda函数的公共API网关,并且在API网关配置中,该网关始终通过 isActive = true
参数,这样公共API的用户将无法覆盖该参数.
You could create a public API Gateway that points to the same Lambda functions, and in the API Gateway configuration have it always pass the isActive=true
parameter so that users of the public API wouldn't be able to override that.
这篇关于我应该基于当前内部api创建Public api吗的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!