ServiceStack 自定义路由变量占位符没有任何约束验证?
ServiceStack custom route variable placeholder doesn't have any constraint validation?
我有 2 个由 ServiceStack 服务构建的端点:
DELETE: /parents/{parentId} 删除一个 parent,连同其所有 childrenDELETE: /parents/{parentId}/children/{childId} 为所选 parent
删除parent: /parents/{parentId}
[Api("Delete a parent")]
[Tag("Parent")]
[Route("/parents/{parentId}", HttpMethods.Delete)]
public class DeleteParentRequest : IReturnVoid
{
[ApiMember(ParameterType = "path", IsRequired = true)]
public int ParentId { get; set; }
}
[Authenticate]
public class ParentService : Service
{
...
public void Delete(DeleteParentRequest request)
{
// Logic to delete parent, along with all its children
}
}
删除ParentChild:/parents/{parentId}/children/{childId}
[Api("Delete a parent child")]
[Tag("Parent Child")]
[Route("/parents/{parentId}/children/{childId}", HttpMethods.Delete)]
public class DeleteParentChildRequest : IReturnVoid
{
[ApiMember(ParamterType = "path", IsRequired = true)]
public int ParentId { get; set; }
[ApiMember(ParameterType = "path", IsRequired = true)]
public int ChildId { get; set; }
}
[Authenticate]
public class ParentChildService : Service
{
...
public void Delete(DeleteParentChildRequest request)
{
// Delete the parent child
}
}
这 2 个端点按预期工作。
不幸的是(或者实际上是幸运的),我们的 QA 在测试删除 child 端点时传递了错误的端点。他放在Postman上的是DELETE: /parents/children?parentId=1&other=rndString.
当我们调用错误的端点时,我期望的是我们应该得到一个 404 not found,因为它与我们的任何端点都不匹配。但令人惊讶的是,它实际上调用了 delete-parent 端点 DELETE: /parents/{parentId}.
那怎么会发生,即使我已经在请求 DTO 中有一个匹配的 integer 属性 调用 ParentId 告诉 ServiceStack 我期待一个来自路线的整数? ServiceStack 有自己的路由约束吗?还是我必须自己实施?
路由路径本身没有约束,即这个定义:
[Route("/parents/{parentId}", HttpMethods.Delete)]
将匹配每个 DELETE 与路由匹配的请求,即:
DELETE /parents/1
DELETE /parents/foo
您可以使用 Custom Route Rule 应用路由约束,例如:
[Route("/parents/{parentId}", HttpMethods.Delete, Matches = "**/{int}")]
将应用 built-in **/{int} 路由规则以仅匹配最后一个段为整数的路由,即:
DELETE /parents/1
我有 2 个由 ServiceStack 服务构建的端点:
DELETE: /parents/{parentId}删除一个 parent,连同其所有 childrenDELETE: /parents/{parentId}/children/{childId}为所选 parent 删除一个 child
删除parent: /parents/{parentId}
[Api("Delete a parent")]
[Tag("Parent")]
[Route("/parents/{parentId}", HttpMethods.Delete)]
public class DeleteParentRequest : IReturnVoid
{
[ApiMember(ParameterType = "path", IsRequired = true)]
public int ParentId { get; set; }
}
[Authenticate]
public class ParentService : Service
{
...
public void Delete(DeleteParentRequest request)
{
// Logic to delete parent, along with all its children
}
}
删除ParentChild:/parents/{parentId}/children/{childId}
[Api("Delete a parent child")]
[Tag("Parent Child")]
[Route("/parents/{parentId}/children/{childId}", HttpMethods.Delete)]
public class DeleteParentChildRequest : IReturnVoid
{
[ApiMember(ParamterType = "path", IsRequired = true)]
public int ParentId { get; set; }
[ApiMember(ParameterType = "path", IsRequired = true)]
public int ChildId { get; set; }
}
[Authenticate]
public class ParentChildService : Service
{
...
public void Delete(DeleteParentChildRequest request)
{
// Delete the parent child
}
}
这 2 个端点按预期工作。
不幸的是(或者实际上是幸运的),我们的 QA 在测试删除 child 端点时传递了错误的端点。他放在Postman上的是DELETE: /parents/children?parentId=1&other=rndString.
当我们调用错误的端点时,我期望的是我们应该得到一个 404 not found,因为它与我们的任何端点都不匹配。但令人惊讶的是,它实际上调用了 delete-parent 端点 DELETE: /parents/{parentId}.
那怎么会发生,即使我已经在请求 DTO 中有一个匹配的 integer 属性 调用 ParentId 告诉 ServiceStack 我期待一个来自路线的整数? ServiceStack 有自己的路由约束吗?还是我必须自己实施?
路由路径本身没有约束,即这个定义:
[Route("/parents/{parentId}", HttpMethods.Delete)]
将匹配每个 DELETE 与路由匹配的请求,即:
DELETE /parents/1
DELETE /parents/foo
您可以使用 Custom Route Rule 应用路由约束,例如:
[Route("/parents/{parentId}", HttpMethods.Delete, Matches = "**/{int}")]
将应用 built-in **/{int} 路由规则以仅匹配最后一个段为整数的路由,即:
DELETE /parents/1