我应该根据当前的内部 api 创建公共 api [英] should I create Public api based on the current internal api
问题描述
我的项目有公共网站和内容管理系统(CMS).
我使用 Lambda 和 API Gateway 作为 API.
CMS 当前有一个 api GET 请求,用于获取下表中的所有数据.
My project is having public website and Content Management System(CMS).
I am using Lambda and API Gateway for the api.
The CMS currently has an api GET request to get ALL the data from the table below.
横幅"表
属性:
-id:字符串(主键/分区键)
-标题:字符串
-isActive:布尔值
...
attribute:
-id: string(primary key/partition key)
-title: string
-isActive: boolean
...
-----------------------------------------------
Id isActive title
1 true title1
2 false title2
3 true title3
4 true title4
----------------------------------------------
这是我的 lambda 函数:
getBanner.js
This is My lambda function:
getBanner.js
'use strict'
const AWS = require('aws-sdk');
exports.handler = async function (event, context, callback) {
const documentClient = new AWS.DynamoDB.DocumentClient();
let responseBody = "";
let statusCode = 0;
const params = {
TableName : "Banner",
};
try{
const data = await documentClient.scan(params).promise();
responseBody = JSON.stringify(data.Items);
statusCode = 200
}catch(err){
statusCode = 403
}
const response = {
statusCode: statusCode,
body: responseBody
}
return response
}
我需要一个 API 来获取所有 isActive = true 的横幅.
I need an api to get all banners with isActive = true.
我能想到的方法有两种
There are 2 approaches I can think of
1.修改现有的lambda函数
1.Modify the existing lambda function
我可以添加如下内容:
I can add something like below:
…
if(event.queryStringParameters.isActive === true){
// add filter or query to get all result
}
...
但是如果不使用queryStringParameters,每个人都可以获得所有数据(包括isActive = false的结果),
这是我想避免的,因为不应该看到isActive = false的数据由公众.
But everyone is able to get all the data(including the results with isActive = false) if they do not use the queryStringParameters,
which is what I want to avoid since the data with isActive = false should not be seen by the public.
2.创建新的 lambda 函数
2.Create new lambda function
这可能是保护数据的最佳方式.
但是我有很多API遇到同样的情况(有inActive"属性),这意味着我需要创建很多公共API.
我应该使用哪种方法?
This is probably the best way to protect the data.
But I have a lot of API encountering the same situation(having "inActive" attribute), it means I need to create a lot of public api.
Which method should I use?
推荐答案
您可以创建一个指向相同 Lambda 函数的公共 API 网关,并在 API 网关配置中让它始终传递 isActive=true
参数,以便公共 API 的用户无法覆盖它.
You could create a public API Gateway that points to the same Lambda functions, and in the API Gateway configuration have it always pass the isActive=true
parameter so that users of the public API wouldn't be able to override that.
这篇关于我应该根据当前的内部 api 创建公共 api的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!