pstaender/silverstripe-restful-api 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

pstaender/silverstripe-restful-api

Composer 安装命令:

composer require pstaender/silverstripe-restful-api

包简介

Restul API helpers for SilverStripe

README 文档

README

This module provides an basic API controller with helpers to manage (underscore based) JSON data for i/o. Additionally there are some helpful methods on DataObjects, forApi() for instance. To authenticate the API controller is using the SilverStripe build security system but provides an Auth controller to authenticate in a restful way.

Motivation

Build fast and easy API's without writing the same helper methods over and over again. Currently it's in a development state, so some (design) decision might change to provide the convenient tools with at least surprising behaviour.

Configuration

The following attributes can be configured:

---
Name: RestfulApiConfig
---
ApiController:
  underscoreFields: true
  useAccesstokenAuth: true
  accessTokenPropertyName: 'X-Accesstoken'
  useDataProperty: false
AuthSession:
  validInMinutesFromNow: 10080
  adminAccessToken: null
  requiredGroup: null
  requiredPermission: null
  urlSegment: 'auth'
ApiSchemaController:
  allowedModels:
    - Member
DataObject:
  jsonDateFormat: 'D M d Y H:i:s O'
  underscoreFields: true
  castDataObjectFields: true
  resolveHasOneRelations: true
  resolveHasManyRelations: true

To avoid unnecessary authentication during development you can use the adminAccessToken (default is 84c44b7ee63a9919aa272673eecfc7f9b7424e47 in dev mode).

How to use

Authentication

Login

POST:http://localhost/auth/session with (json) body:

  {
    "email":"your@email.com",
    "password":"yourpassword"
  }

Returns (with StatusCode 200):

  {
    "session":{
      "accesstoken":"8d69f3f127a9ddc4f73d75c5803c846696bb10ff",
      "valid_until":"Mon Sep 28 2015 03:01:06 +0200",
      "valid_until_timestamp":1443402066,
      "user":{
        "id":2,
        
      },
      "uri":"http://localhost/auth/session/"
    }
  }

Now you can use the accesstoken to perform actions.

Session info

GET:http://localhost/auth/session with header X-Accesstoken: 8d69f3f127a9ddc4f73d75c5803c846696bb10ff (you always have to attach the Accesstoken this way to get authenticated!) returns (with StatusCode 200):

  {
    "session":{
      "accesstoken":"8d69f3f127a9ddc4f73d75c5803c846696bb10ff",
      "valid_until":"Mon Sep 28 2015 03:28:06 +0200",
      "valid_until_timestamp":1443403686,
      "user":{
        "id":2,
        
      },
      "uri":"http://localhost/auth/session/"
    }
  }

Logout (delete Session)

DELETE:http://localhost/auth/session/8d69f3f127a9ddc4f73d75c5803c846696bb10ff with header X-Accesstoken: 8d69f3f127a9ddc4f73d75c5803c846696bb10ff returns (with StatusCode 202):

  {
    "message":"resource deleted successfully"
  }

Use in your project

You can also (check out this more detailed example)[https://github.com/pstaender/silverstripe-restful-api/blob/master/code/examples/Country.php].

Data model(s)

You may apply some extra definitions on your models to prepare them for API use:

  class Client extends DataObject {

    private static $db = [
      "Email" => "Varchar",
      "FirstName" => "Varchar",
      "Surname" => "Varchar",
      "Note" => "Text",
    ];

    // these fields be made available by default through `forApi`
    private static $api_fields = [
      "Email", "Name",
    ];

    // example method
    function Name() {
      return trim($this->FirstName. " " .$this->Surname);
    }

    // can be defined optional
    function forApi() {
      $data = parent::forApi(); // will contain s.th. like [ "Email" => "…", "Name" => "…" ]
      // do s.th. with the data if you want to …
      return $data;
    }

  }

Controller for Schema Definition

To provide a suitable schema definition of your models you can explicit allow them in your config.yml via:

ApiSchemaController:
  allowedModels:
    - Country
    - Member

So that schema/Member will display s.th. like:

{
  "schema": {
    "first_name": "Varchar",
    "surname": "Varchar",
    "email": "Varchar(256)",
    "password": "Varchar(160)",
    "remember_login_token": "Varchar(160)",
    "num_visit": "Int",
    "last_visited": "SS_Datetime",
    "auto_login_hash": "Varchar(160)",
    "auto_login_expired": "SS_Datetime",
    "password_encryption": "Varchar(50)",
    "salt": "Varchar(50)",
    "password_expiry": "Date",
    "locked_out_until": "SS_Datetime",
    "locale": "Varchar(6)",
    "failed_login_count": "Int",
    "date_format": "Varchar(30)",
    "time_format": "Varchar(30)",
  }
}

API Controller(s)

How to define your own API Controller including some methods (we assume that you've added s.th. like "client//$Action/$ID": "ClientController" to your routes.yml):

  class ClientController extends APIController {

    private static $api_parameters = [
      "GET:client" => [
        '$ID' => "int",
      ],
      "POST:client" => [
        'email' => "/^[^@]+@[^@]+$/",
      ],
    ];

    private static $api_allowed_actions = [
      "GET:client"    => true,                // everyone can read here
      "DELETE:client" => 'ADMIN',             // only admins can delete
      "POST:client"   => '->isBasicApiUser',  // method `isBasicApiUser` checks permission
    ];

    private static $api_model = "Client"; // this is to connect this controller to a specific model (important for field matching)

    /**
     * Will respond with a JSON object and 200 if found
     * with a 404 and a JSON msg object otherwise
     */
    function clientGET() {
      return $this->sendData(
        Client::get()->byID($this->request->param("ID"))
      );
    }

    function clientPOST() {
      $client = Client::create();
      $data = $this->requestDataAsArray('Client');
      $populateOnlyTheseseFields = [ "Email", "FirstName", "Surname" ];
      $country->populateWithData($data, $populateOnlyTheseseFields);
      $country->write();
      return $this->sendSuccesfulPost($country->URL());
    }

    function clientDELETE() {
      $client = Client::get()->byID($this->request->param("ID");
      if (!$client)
        return $this->sendNotFound();
      $client->delete();
      return $this->sendSuccessfulDelete();
    }

    protected function isBasicApiUser() {
      return Permission::check('BASIC_API') || Permission::check('EXTERNAL_API');
    }

  }

Interesting Controller helpers:

  • getAccessTokenFromRequest
    • Returns the accesstoken from the header
  • getSessionFromRequest
    • The session DataObject (if existing)
  • sendData($data = null, $code = null)
    • Send a DataList, DataObject or an Array; will be rendered as JSON by default
  • sendJSON($data = null, $code = null)
    • Same as sendData, except to force JSON
  • sendError($errMsg, $code = 500)
    • Use to send comprehensible error messages for the API user
  • sendNotFound($msg = 'resource not found', $code = 404)
    • Helper to send a default "Resource not found" error message
  • sendSuccessfulDelete($msg = 'resource deleted successfully', $code = 202)
    • Helper to send a default "Resource deleted successfully" message after a DELETE
  • sendSuccessfulPut($msg = 'resource updated successfully', $code = 202)
    • Helper to send a default "Resource updated successfully" message after a PUT
  • sendSuccessfulPost($uriOrData = null, $msg = 'resource created succesfully', $code = 201)
    • Helper to redirect to new resource (if $uriOrData is a string) or send a default "Resource created successfully" message after a POST

To keep it simple: the arguments order of $msg and $code is arbitrary.

Tests

  $ sake dev/tests/module/silverstripe-restful-api flush=1

or

  $ sake /dev/tests/AuthControllerTest

to run specific tests.

Ensure that you have defined $_FILE_TO_URL_MAPPING in _ss_environment.php to run controller tests correctly (otherwise redirects will throw an user error for instance).

Better performance

By deactivating blocking sessions, you can decrease the response time.

Beware that none across request session will work anymore on your SilverStripe project because persistent session storage is deactivated in that scenario (not needed in pure restful services anyway).

To activate this feature, add to your _config.php or _ss_environment.php:

  define('RESTFUL_API_MODULE_NON_BLOCKING_SESSION', true);

Licence

MIT License

pstaender/silverstripe-restful-api 适用场景与选型建议

pstaender/silverstripe-restful-api 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1.35k 次下载、GitHub Stars 达 7, 最近一次更新时间为 2014 年 08 月 20 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「json」 「api」 「restful」 「silverstripe」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 pstaender/silverstripe-restful-api 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 pstaender/silverstripe-restful-api 我们能提供哪些服务?
定制开发 / 二次开发

基于 pstaender/silverstripe-restful-api 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 1.35k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 7
  • 点击次数: 1
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 7
  • Watchers: 4
  • Forks: 2
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2014-08-20