使用魔法(我/自己)资源标识符是否违反 REST 原则? [英] Is using magic (me/self) resource identifiers going against REST principles?
问题描述
我见过支持已验证用户的魔术 ID 的 URI,如下所示:
I've seen URIs that support magic ids for the authenticated user like below:
GET /user/me - list my profile
GET /user/me/photos - list my photos
以下使用实际用户 ID 的地方
where the ones below use the actual user id
GET /user/742924
GET /user/742924/photos
我看到的问题是相同的资源 ID 指向不同的资源,具体取决于经过身份验证的用户.
The problem I see is that the same resource id points to a different resource depending on the authenticated user.
这是否违反了任何 REST 原则?
Is this going against any REST principles?
推荐答案
使用 /me 来命名与 经过身份验证的用户 相对应的资源在 REST 中完全没问题看法.根据 Roy Thomas Fielding 的论文,任何可以命名的信息都可以是资源:
Using /me to name a resource that corresponds to the authenticated user is perfectly fine from a REST perspective. According to Roy Thomas Fielding's dissertation, any information that can be named can be a resource:
REST 中信息的关键抽象是资源.任何可以命名的信息都可以是资源:文档或图像、时间服务(例如洛杉矶今天的天气")、其他资源的集合、非虚拟对象(例如人)等.换句话说,任何可能成为作者超文本引用目标的概念都必须符合资源的定义.资源是到一组实体的概念映射,而不是在任何特定时间点对应于映射的实体.[...]
The key abstraction of information in REST is a resource. Any information that can be named can be a resource: a document or image, a temporal service (e.g. "today's weather in Los Angeles"), a collection of other resources, a non-virtual object (e.g. a person), and so on. In other words, any concept that might be the target of an author's hypertext reference must fit within the definition of a resource. A resource is a conceptual mapping to a set of entities, not the entity that corresponds to the mapping at any particular point in time. [...]
当使用 /me 时,您有一个 已认证用户 的定位器,它将始终识别 已认证用户的概念用户,无论哪个用户已通过身份验证.
When using /me, you have a locator for the authenticated user and it will always identify the concept of an authenticated user, regardless of which user is authenticated.
这篇关于使用魔法(我/自己)资源标识符是否违反 REST 原则?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
