用户的鉴别一个REST API的无国籍 [英] Statelessness of a REST api with authenticated users
问题描述
我目前正在设计一个REST HTTP API。 (有HATEOAS的东西,使客户更简单,避免客户做复杂的事情,而不是让API告诉他们该怎么做......)
I'm currently designing a REST Http api. (With HATEOAS stuff, to make clients "simpler", and avoid clients to do complicated things, instead of letting the api tell them what to do ...)
由于该应用的社会特性的,为了与应用程序交互,用户需要被验证,每个用户将具有数据的略低不同的视图。
我们将Twitter作为一个例子,这将是对每个人都更容易。
Because of the social characteristic of the app, in order to interact with the application, users need to be authenticated, and each user will have a slighty different "view" of the data. We'll take twitter as an example, it will be easier for everyone.
要进行身份验证的用户,我们将使用OAuth,方便。
To authenticate users, we'll use OAuth, easy.
所以,在客户端(iOS应用...),随机用户将看到可能的用户的列表应该看到:
So, in the client (ios app...), a random user would maybe seeing a list of users should see:
Adrien: Following
John: Not Following
Rambo: Not Following
和其他用户可能会看到:
And another user would maybe see:
Adrien: Following
John: Not Following
Rambo: Following
要实现这一目标,第一个解决方案是为客户端(在OAuth的来看,iphone /网络/等应用程序),让所有的认证用户按照用户的列表,每一次客户端显示一个列表,比较后面的用户列表中的每个用户知道是否应该显示不按或继
To achieve this, the first solution would be for the client (in oauth term, the iphone/web/etc app), to get a list of all the users the authenticated user follow, and each time the client displays a list, compare each user with the list of followed users to know if it should display "Not Following" or "Following".
的请求/响应将是:
GET /users
Authorization: OAuth token...
[
{"id": 1, "name": "Adrien"},
{"id": 2, "name": "John"},
{"id": 3, "name": "Rambo"}
]
和
GET /users/{myid}/following
Authorization: OAuth token...
[1, 3, 25, 1210, 9]
这似乎是相当的,无状态。不错。
This seems to be quite, stateless. Good.
现在如果我想使客户端开发人员的生活更轻松,并直接在用户列表响应嵌入,每个用户相对于验证的用户之间的关系,
Now what if i want to make client developers life easier, and embed directly in the user list response, the relationship of each user, relative to the authenticated user:
GET /users
Authorization: OAuth token...
[
{"id": 1, "name": "Adrien", "relationship": "Following"},
{"id": 2, "name": "John", "relationship": "Not Following"},
{"id": 3, "name": "Rambo", "relationship": "Following"}
]
所以,问题:
- 这似乎打破了无状态的东西,它真的破 REST 无国籍限制?
- 接下来,你认为它是一个API来做到这一点的好不好的做法?
- It seems to break the "stateless" thing, does it really break the REST stateless constraint ?
- Next, do you think it is a good or bad practice for an api to do this ?
推荐答案
您一定要嵌入在用户列表响应的关系。这将是不好的做法,迫使客户计算。
You should definitely embed the relationship in the user list response. It would be bad practice to force the clients calculate it.
因为它是无状态的交互,而不是系统这不打破REST的无状态的约束实现的。服务器将几乎总是具有存储和保持状态。例如,服务器将需要保持谁是谁下的状态。
This does not break the stateless contraint of REST as it's the interactions that are stateless, not the systems. The server will almost always have to store and maintain state. For instance the server will need to maintain state of who is following who.
最后,我想你还没有完全得到超媒体的国家一部分发动机的应用的状态即可。基本上,资源状态机。当你 GET 的资源,有效状态转换是presented具有超媒体控件响应(链接和表单)。它是通过以下链接并提交形式的客户端可以改变这些资源的状态。
Finally, I think you are not fully getting the "State" part of Hypermedia As The Engine Of Application State. Basically, the resources are state machines. When you GET a resource, the valid state transitions are presented has hypermedia controls (links and forms) in the response. It's by following these links and submitting the forms that the client can change the state of these resources.
这篇关于用户的鉴别一个REST API的无国籍的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
