colymba/silverstripe-restfulapi
Composer 安装命令:
composer require colymba/silverstripe-restfulapi
包简介
SilverStripe RESTful API with a default JSON serializer.
关键字:
README 文档
README
⚠️ I haven't been able to give as much love as I would like to these repos as they deserve. If you have time and are interested to help maintain them, give me a shout. 🚨
SilverStripe RESTful API
This module implements a RESTful API for read/write access to your SilverStripe Models. It comes bundled with a default Token Authenticator, Query Handler and JSON Serializers, and can be extended to your need and to return XML or other content type via custom components.
API URL structure
| Action | HTTP Verb | URL |
|---|---|---|
| Find 1 record | GET |
api/Model/ID |
| Find multiple records | GET |
api/Model?param=val&__rand=1234 |
| Update a record | PUT |
api/Model/ID |
| Create a record | POST |
api/Model |
| Delete a record | DELETE |
api/Model/ID |
| - | - | - |
| Login & get token | n/a | api/auth/login?email=***&pwd=*** |
| Logout | n/a | api/auth/logout |
| Password reset email | n/a | api/auth/lostPassword?email=*** |
| - | - | - |
| Custom ACL methods | n/a | api/acl/YOURMETHOD |
Model being the class name of the model you are querying (name formatting may vary depending on DeSerializer used). For example with a model class named Book URLs would look like:
api/Book/33api/Book?title=Henryapi/Book?title__StartsWith=Henryapi/Book?title__StartsWith=Henry&__rand=123456&__limit=1api/Book?title__StartsWith=Henry&__rand=123456&__limit[]=10&__limit[]=5
The allowed /auth/$Action must be defined on the used Authenticator class via the $allowed_actions config.
Requirements
Quick features highlight
- Configurable components
- CORS enabled
- Embedded records
- Sideloaded records (EmberDataSerializer)
- Authentication
- DataObject & Config level api access control
- Search filter modifiers
What's all this?
RESTfulAPI
This is the main API Controller that receives all the requests, checks if authentication is needed and passing control to the authenticator if true, the resquest is then passed on to the QueryHandler, which uses the DeSerializer to figure out model & column names and decode the eventual payload from the client, the query result is then passed to the Serializer to be formatted and then returned to the client.
If CORS are enabled (true by default), the right headers are taken care of too.
Components
The RESTfulAPI uses 4 types of components, each implementing a different interface:
- Authetication (
Authenticator) - Permission Management (
PermissionManager) - Query Handler (
QueryHandler) - Serializer (
Serializer)
Default components
This API comes with defaults for each of those components:
TokenAuthenticatorhandles authentication via a token in an HTTP header or variableDefaultPermissionManagerhandles DataObject permission checks depending on the HTTP requestDefaultQueryHandlerhandles all find, edit, create or delete for modelsDefaultSerializer/DefaultDeSerializerserialize query results into JSON and deserialize client payloadsEmberDataSerializer/EmberDataDeSerializersame as theDefaultversion but with specific fomatting fo Ember Data.
You can create you own classes by implementing the right interface or extending the existing components. When creating you own components, any error should be return as a RESTfulAPIError object to the RESTfulAPI.
Token Authentication Extension
When using TokenAuthenticator you must add the TokenAuthExtension DataExtension to a DataObject and setup TokenAuthenticator with the right config.
By default, API authentication is disabled.
Permissions management
DataObject API access control can be managed in 2 ways. Through the api_access YML config allowing for simple configurations, or via DataObject permissions through a PermissionManager component.
A sample Group extension GroupExtension is also available with a basic set of dedicated API permissions. This can be enabled via config or you can create your own.
By default, the API only performs access control against the api_access YML config.
Config
See individual component configuration file for mode details
- RESTfulAPI the root of the api
- TokenAuthenticator handles query authentication via token
- DefaultPermissionManager handles DataObject level permissions check
- DefaultQueryHandler where most of the logic happens
- DefaultSerializer DefaultSerializer and DeSerializer for everyday use
- EmberDataSerializer EmberDataSerializer and DeSerializer speicifrcally design for use with Ember Data and application/vnd.api+json
Here is what a site's config.yml file could look like:
--- Name: mysite After: - 'framework/*' - 'cms/*' --- # API access Artwork: api_access: true Author: api_access: true Category: api_access: true Magazine: api_access: true Tag: api_access: 'GET,POST' Visual: api_access: true Image: api_access: true File: api_access: true Page: api_access: false # RestfulAPI config Colymba\RESTfulAPI\RESTfulAPI: authentication_policy: true access_control_policy: 'ACL_CHECK_CONFIG_AND_MODEL' dependencies: authenticator: '%$Colymba\RESTfulAPI\Authenticators\TokenAuthenticator' authority: '%$Colymba\RESTfulAPI\PermissionManagers\DefaultPermissionManager' queryHandler: '%$Colymba\RESTfulAPI\QueryHandlers\DefaultQueryHandler' serializer: '%$Colymba\RESTfulAPI\Serializers\EmberData\EmberDataSerializer' cors: Enabled: true Allow-Origin: 'http://mydomain.com' Allow-Headers: '*' Allow-Methods: 'OPTIONS, GET' Max-Age: 86400 # Components config Colymba\RESTfulAPI\QueryHandlers\DefaultQueryHandler\DefaultQueryHandler: dependencies: deSerializer: '%$Colymba\RESTfulAPI\Serializers\EmberData\EmberDataDeSerializer' Colymba\RESTfulAPI\Serializers\EmberData\EmberDataSerializer: sideloaded_records: Artwork: - 'Visuals' - 'Authors'
Todo
- API access IP throttling (limit request per minute for each IP or token)
- Check components interface implementation
License
Copyright (c) 2018, Thierry Francois (colymba) All rights reserved.
colymba/silverstripe-restfulapi 适用场景与选型建议
colymba/silverstripe-restfulapi 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 28.92k 次下载、GitHub Stars 达 63, 最近一次更新时间为 2013 年 10 月 19 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「rest」 「api」 「restful」 「silverstripe」 「REST API」 「json api」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 colymba/silverstripe-restfulapi 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 colymba/silverstripe-restfulapi 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 colymba/silverstripe-restfulapi 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
A PSR-7 compatible library for making CRUD API endpoints
Api bundle
This is a restful api to onesignal.
A RESTful API package for the Laravel and Lumen frameworks.
Simple and lightweight HTTP client based cURL
A Flickr wrapper to allow you to call the Flickr api with Guzzle as the backend.Goal is to have 100% Flickr api coverage rather than just upload/display photos (currently at 23%).
统计信息
- 总下载量: 28.92k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 63
- 点击次数: 19
- 依赖项目数: 1
- 推荐数: 0
其他信息
- 授权协议: BSD-3-Clause
- 更新时间: 2013-10-19