REST风格的设计/或登录/注册资源？ [英] RESTfully design /login or /register resources?

问题描述

我设计一个Web应用程序，然后停下来想想怎么我的API应该被设计成一个RESTful Web服务。现在，我的大部分的URI的是通用的，可以适用于各种网络应用程序：

  GET /注销//销毁会话和重定向到/
GET /登录//获取具有登录表​​单网页
POST /登录//对数据库进行身份验证凭证，要么有一个新的会话重定向的家庭或重定向到/登录
GET /注册//获取具有登记表的网页
POST /注册//记录输入的信息存入数据库作为新/用户/ XXX
GET /用户/ XXX //获取并在纵断面图中呈现当前的用户数据
POST /用户/ XXX //更新新的关于用户信息
 

我有一种感觉，我对SO和谷歌。

打交道了之后做了很多错在这里它可能是更合适 -

与 /注销，也许是因为我真的不 GET 什么开始 POST 来的请求 /注销，破坏会话，然后 GET 重定向。并应在 /注销短期入住？

什么 /登录和 /寄存器。我可以改变 /寄存器到 /注册但是，这并不改变我如何从根本上服务工作 - 如果它有更深的问题。

我现在发现，我从来没有暴露 /用户资源。或许可以以某种方式利用。例如，以用户 MYUSER ：

  foo.com/user/myUser
 

或

  foo.com/user
 

最终用户不需要在URI额外的详细程度。但是，哪一个更吸引人的视觉？

我在这里SO注意到一些其他问题，这个REST的业务，但我真的AP preciate什么我在这里如果可能的话奠定了一定的指导。

谢谢！

更新：

我也想上一些意见：

  /用户/ 1
 

VS

  /用户/ MyUserName输入
 

解决方案

有一件事情特别伸出不REST-FUL：使用用于记录了一个GET请求

（从<一个href=\"http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol#Safe_methods\">http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol#Safe_methods)

  

的一些方法（例如，HEAD，GET，OPTIONS和TRACE）被定义为安全的，这意味着它们仅用于信息检索和不应该改变的服务器的状态。换句话说，他们不应该有副作用，超越相对无害的效果，例如日志记录，缓存，横幅广告的服务或递增网页计数器。 [...]

  
  

[... H]由服务器andling [的GET请求]是不以任何方式在技术上的限制。因此，不小心或蓄意编程会导致服务器上不平凡的变化。这是气馁，因为这可能会导致Web缓存的问题，搜索引擎和其他自动化代理[...]

至于注销并重定向，你可以有一个张贴到您的注销URI给予303响应重定向到注销后的页面。

<一个href=\"http://en.wikipedia.org/wiki/Post/Redirect/Get\">http://en.wikipedia.org/wiki/Post/Redirect/Get

http://en.wikipedia.org/wiki/HTTP_303

编辑地址URL的设计要求：

我怎么设计我的资源？对我来说是一个重要的问题; 我怎么设计我的网址吗？是在两个方面考虑：

网址，用户将看到不应该是太丑陋了，如果可能有意义;
如果你想在请求一些资源，但不是别人发送的cookie，你要组织你的路径和Cookie路径。

如果 JRandomUser 想看看他自己的个人资料，你想要的网址为prettier比 foo.com/user/JRandomUser 或 foo.com/user/（JRandom的数字在这里用户ID），你可以做一个单独的URL只是用户看自己信息：

  GET foo.com/profile / *检查cookies来找出谁
                     *在（SomeUser的）记录，然后
                     *显示为相同的反应
                     *获取到foo.com/users/SomeUser。
                     * /
 

我会声称无知更容易比对这个问题的智慧，但这里有一些资源设计考虑：

1. 消费者：哪些资源意味着要在浏览器中直接观察，通过XHR加载，或通过其他类型的客户端访问


2. 访问/身份：是否响应取决于饼干或引荐

I was designing a web app and then stopped to think about how my api should be designed as a RESTful web service. For now, most of my URI's are generic and might apply to various web apps:

GET  /logout   // destroys session and redirects to /
GET  /login    // gets the webpage that has the login form
POST /login    // authenticates credentials against database and either redirects home with a new session or redirects back to /login
GET  /register // gets the webpage that has the registration form
POST /register // records the entered information into database as a new /user/xxx
GET  /user/xxx // gets and renders current user data in a profile view
POST /user/xxx // updates new information about user

I have a feeling I'm doing a lot wrong here after poking around on SO and google.

Starting with /logout, perhaps since I don't really GET anything - it may be more appropriate to POST a request to /logout, destroy the session, and then GET the redirect. And should the /logout term stay?

What about /login and /register. I could change /register to /registration but that doesn't alter how my service fundamentally works - if it has deeper issues.

I notice now that I never expose a /user resource. Perhaps that could be utilized somehow. For instance, take the user myUser:

foo.com/user/myUser

or

foo.com/user

The end user doesn't require that extra verbosity in the URI. However, which one is more appealing visually?

I noticed some other questions here on SO about this REST business, but I would really appreciate some guidance on what I've laid out here if possible.

Thanks!

UPDATE:

I would also like some opinions on:

/user/1

vs

/user/myUserName

解决方案

One thing sticks out in particular as not REST-ful: the use of a GET request for logging out.

(from http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol#Safe_methods)

Some methods (for example, HEAD, GET, OPTIONS and TRACE) are defined as safe, which means they are intended only for information retrieval and should not change the state of the server. In other words, they should not have side effects, beyond relatively harmless effects such as logging, caching, the serving of banner advertisements or incrementing a web counter. [...]

[... H]andling [of GET requests] by the server is not technically limited in any way. Therefore, careless or deliberate programming can cause non-trivial changes on the server. This is discouraged, because it can cause problems for Web caching, search engines and other automated agents [...]

As for logging out and redirecting, you could have a post to your logout URI give a 303 response redirecting to the post-logout page.

http://en.wikipedia.org/wiki/Post/Redirect/Get

http://en.wikipedia.org/wiki/HTTP_303

Edit to address URL design concerns:

"How do I design my resources?" is an important question to me; "how do I design my URLs?" is a consideration in two areas:

URLs that users will see should not be too ugly and meaningful if possible; if you want cookies to be sent in requests to some resource but not others, you'll want to structure your paths and cookie paths.

If JRandomUser wants to look at his own profile and you want the URL to be prettier than foo.com/user/JRandomUser or foo.com/user/(JRandom's numeric user id here), you could make a separate URL just for a user to look at their own information:

GET foo.com/profile /*examines cookies to figure out who 
                     * is logged in (SomeUser) and then 
                     * displays the same response as a
                     * GET to foo.com/users/SomeUser.
                     */

I would claim ignorance much more readily than wisdom on this subject, but here are a few resource design considerations:

1. Consumer: which resources are meant to be viewed directly in a browser, loaded via XHR, or accessed by some other kind of client?
2. Access / identity: does the response depend on cookies or referrers?

这篇关于REST风格的设计/或登录/注册资源？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！