使用魔法 (me/self) 资源标识符是否违反 REST 原则?
Is using magic (me/self) resource identifiers going against REST principles?
我看到 URI 支持经过身份验证的用户的魔术 ID,如下所示:
GET /user/me - list my profile
GET /user/me/photos - list my photos
以下使用实际用户 ID 的地方
GET /user/742924
GET /user/742924/photos
我看到的问题是相同的资源 ID 根据经过身份验证的用户指向不同的资源。
这是否违反任何 REST 原则?
很好。
是否是数据库中的同一个实体无关紧要,更正确的描述应该是每个概念都需要有一个URI。 "current user"和"user 742924"的概念不同,所以没问题
甚至可能更糟,"current user"、"last logged in user"、"user with name starting with A"、"oldest user" 等。所有这些都可能不同 资源 ,即使它们可能指向相同的 "user".
使用 /me 命名与 已验证用户 相对应的资源,从 REST 的角度来看完全没问题。根据 Roy Thomas Fielding 的论文,任何可以命名的信息都可以是资源:
5.2.1.1 Resources and Resource Identifiers
The key abstraction of information in REST is a resource. Any information that can be named can be a resource: a document or image, a temporal service (e.g. "today's weather in Los Angeles"), a collection of other resources, a non-virtual object (e.g. a person), and so on. In other words, any concept that might be the target of an author's hypertext reference must fit within the definition of a resource. A resource is a conceptual mapping to a set of entities, not the entity that corresponds to the mapping at any particular point in time. [...]
当使用 /me 时,您有一个针对 已验证用户 的定位器,它将始终识别 概念 经过身份验证的用户,无论哪个用户经过身份验证。
虽然我同意 Cassio 的观点,但我认为他没有 select 论文中最好的引述,因为这是一个更具体的标识符的部分:
The definition of resource in REST is based on a simple premise: identifiers should change as infrequently as possible. Because the Web uses embedded identifiers rather than link servers, authors need an identifier that closely matches the semantics they intend by a hypermedia reference, allowing the reference to remain static even though the result of accessing that reference may change over time. REST accomplishes this by defining a resource to be the semantics of what the author intends to identify, rather than the value corresponding to those semantics at the time the reference is created. It is then left to the author to ensure that the identifier chosen for a reference does indeed identify the intended semantics.
如果您将这些点连接起来,登录用户就是这种情况 - 相同的引用对不同的结果内容。
我看到 URI 支持经过身份验证的用户的魔术 ID,如下所示:
GET /user/me - list my profile
GET /user/me/photos - list my photos
以下使用实际用户 ID 的地方
GET /user/742924
GET /user/742924/photos
我看到的问题是相同的资源 ID 根据经过身份验证的用户指向不同的资源。
这是否违反任何 REST 原则?
很好。
是否是数据库中的同一个实体无关紧要,更正确的描述应该是每个概念都需要有一个URI。 "current user"和"user 742924"的概念不同,所以没问题
甚至可能更糟,"current user"、"last logged in user"、"user with name starting with A"、"oldest user" 等。所有这些都可能不同 资源 ,即使它们可能指向相同的 "user".
使用 /me 命名与 已验证用户 相对应的资源,从 REST 的角度来看完全没问题。根据 Roy Thomas Fielding 的论文,任何可以命名的信息都可以是资源:
5.2.1.1 Resources and Resource Identifiers
The key abstraction of information in REST is a resource. Any information that can be named can be a resource: a document or image, a temporal service (e.g. "today's weather in Los Angeles"), a collection of other resources, a non-virtual object (e.g. a person), and so on. In other words, any concept that might be the target of an author's hypertext reference must fit within the definition of a resource. A resource is a conceptual mapping to a set of entities, not the entity that corresponds to the mapping at any particular point in time. [...]
当使用 /me 时,您有一个针对 已验证用户 的定位器,它将始终识别 概念 经过身份验证的用户,无论哪个用户经过身份验证。
虽然我同意 Cassio 的观点,但我认为他没有 select 论文中最好的引述,因为这是一个更具体的标识符的部分:
The definition of resource in REST is based on a simple premise: identifiers should change as infrequently as possible. Because the Web uses embedded identifiers rather than link servers, authors need an identifier that closely matches the semantics they intend by a hypermedia reference, allowing the reference to remain static even though the result of accessing that reference may change over time. REST accomplishes this by defining a resource to be the semantics of what the author intends to identify, rather than the value corresponding to those semantics at the time the reference is created. It is then left to the author to ensure that the identifier chosen for a reference does indeed identify the intended semantics.
如果您将这些点连接起来,登录用户就是这种情况 - 相同的引用对不同的结果内容。