为什么“do_GET”和“do_GET”之间没有中点?和成熟的导轨式路由?
我希望向网络公开一些服务。将会有带有基于 jQuery 的 JavaScript 代码的静态网页来访问这些服务,并且还会有各种可能访问这些服务的应用程序。 (或者没有人会关心;这也是很有可能的:-)
每个服务都将被明确定义为一组方法,这些方法作用于一定数量的输入参数,并返回一定数量的输出参数。大部分都是 REST,除了“身份”的概念——这些服务需要一些登录,而登录确实会为您设置权限,允许您使用哪些服务的哪些方法以及哪些特定实体您可以使用这些方法进行寻址。
理想情况下,我希望使用 JSONP 公开服务,以使服务易于以跨站点方式使用 - 这些静态 Web 应用程序不应全部由我的应用程序服务器的域提供服务。
数据类型集相当基本——varchar(255 个字符)、text(8191 个字符)、id(32 个字符,C 风格标识符约束)、double、long(在 JavaScript 中很难做到)、bool、datetime、email (varchar 匹配 reges) 和 url (varchar 匹配 regex) 可能足以满足很长一段时间。
如果可能的话,我希望使用可以在多线程核心上扩展的应用程序服务技术来实现这些服务——如今 24 线程是普通中端服务器的标准配置。坚持使用 Python 或 Node.js 会让我感到不安,因为它们缺乏线程支持。另外,我希望类型是静态的,因为我相信静态类型可以防止某些类型的错误,这些错误也针对 Python、Node.js、PHP 和 Ruby。
我也想在 Linux 上服务。这是一个相当困难的要求:-)
在静态语言世界中,实际上只有少数服务器框架或框架方法。 Mono 中有 HttpListener。有 Java 的 Jetty。还有其他几个。还有一些更深层次的框架,它们的开销比我想要的要多——J2EE、ASP.NET 等。(在动态世界中,有 Cake.PHP、Rails、Django 等)
所以,在世界上最好的,我希望 GET URL /foo/bar?arg1=2&arg2=xyzzy 映射到我编写的 foo 类型的对象,方法 bar,采用 int 和 string 类型的参数 arg1 和 arg2 (说)。我希望位于 HTTP GET 和对象方法之间的服务器胶水做两件事: 1)权限控制(每个方法可以有一个或多个所需的权限) 2) 类型检查(每个参数都应根据预期进行验证,并从 URL 字符串格式强制转换为本机类型) 一旦该方法返回一个或多个值(键/值对),胶水应该确保返回值也符合规范,转换为正确的 JSON,并且应该在抛出异常时返回适当的错误结果在代码内。
我一直在寻找这种解决方案,但我找到的所有解决方案都相去甚远。 JSP 和 ASP 都是从 HTML 假设开始的——我通常生成 JSON,它与语法的集成不太好(温和地说)。 JSPX 以及许多其他技术(HttpListener、CGI、Python Twisted 等)都停留在“do_GET”级别——不分派到对象、没有权限控制、没有类型检查。然而,所有更高级别的框架都在此基础上添加了更多内容,并且经常添加我不需要的复杂路由 - 而且通常仍然不进行权限检查,而是将其保留为您必须在每个函数实现中手动编写的内容。
我认为我能找到的最接近我想要的就是 Thrift。然而,它仍然不进行权限检查,并且它的“PHP 服务器”支持似乎是一个愚蠢的 PHP cli 进程,监听端口 80,而不是与 Apache 集成,并且它没有设置为支持 JSONP。
我错过了什么吗?是否有一些(最好是静态类型和多线程支持)服务器技术可以进行类型检查和权限检查以及简单的对象方法分派,而不会受到大量其他阻碍,并且可以从(并响应到)JSONP? 我应该延长节俭吗?在每个方法上添加权限限制将是一个相当大的扩展,但至少我会得到 Thrift 所拥有的其他支持。 (然后我必须添加 JSONP 支持,并且......)
I'm looking to expose a number of services to the web. There will be static web pages with jQuery based JavaScript code that accesses these services, and there will also be all kinds of applications that may access these services. (Or nobody will care; that's also quite possible :-)
Each service would be well defined as a collection of methods that act on some number of input parameters, and return some number of output parameters. Most of it is REST, except for the concept of "identity" -- these services requires some log-in, and logging in does set you up with permissions on which methods on which services you're allowed to use, and what particular entities you're allowed to address using those methods.
Ideally, I want to expose the services using JSONP to make the services easy to consume in a cross-site way -- those static web applications shouldn't all have to be be served from the domain of my application servers.
The set of data types is fairly basic -- varchar (255 chars), text (8191 chars), id (32 chars, C-style identifier constraint), double, long (hard to do in JavaScript), bool, datetime, email (varchar matching a reges) and url (varchar matching a regex) would probably suffice for a very long time.
I want, if possible, to implement these services using an application service technology that can scale on multi-threaded cores -- 24 threads is standard on plain mid-range servers these days. Sticking with Python or Node.js would make me uneasy, because of their lack of threading support. Also, I would like for typing to be static, because I believe static typing prevents a certain class of bugs, which also talks against Python, Node.js, PHP and Ruby.
I also want to serve on Linux. That's a pretty hard requirement :-)
In the static language world, there are really only a few server frameworks or framework approaches. There's HttpListener with Mono. There's Jetty with Java. There's a few others. There are also a few much deeper frameworks, that have more overhead than I'd like -- J2EE, ASP.NET, etc. (In the dynamic world, you have Cake.PHP, Rails, Django, etc etc)
So, in the best of worlds, I'd like the GET URL /foo/bar?arg1=2&arg2=xyzzy to map to an object that I write of type foo, method bar, taking arguments arg1 and arg2 of type int and string (say). I want the server glue that sits between the HTTP GET and the object method to do two things:
1) Permission control (each method could have one or more required permissions)
2) Type checking (each argument should be verified against expected and coerced from the URL string format to the native typ)
Once the method returns one or more values (key/value pairs), the glue should make sure that the return values are also according to spec, convert to proper JSON, and should take care of returning an appropriate error result if an exception was thrown within the code.
I've been looking high and low for this kind of solution, but all solutions I find are pretty far off. JSP and ASP all start out with a HTML assumption -- I'm generally generating JSON, which doesn't integrate as well with the syntax (to put it mildly). JSPX, as well as a number of other technologies (HttpListener, CGI, Python Twisted, ...) all stop at the "do_GET" level -- no dispatch into objects, no permission control, no type checking. All the higher-level frameworks, however, add a lot more on top of that, and often adds complex routing that's not something I need -- and as often as not, still don't do permission checking, but instead leaves that as something you have to write manually in each function implementation.
I think the closest I could find to what I want is Thrift. However, it still doesn't do permission checking, and the "PHP server" support it has seems to be a dumb PHP cli process listening on port 80 instead of integrating with Apache, and it's not set up to support JSONP.
Have I missed something? Is there some (preferrably statically typed and multi-thread-supporting) server technology that will do type checking and permission checking and simple object-method dispatch, without tons of other cruft to get in the way, and can be called from (and respond to) JSONP?
Should I extend Thrift? Adding permission constraints on each method would be a fairly substantial extension, but at least I'd get the other support that Thrift has. (And then I'd have to add JSONP support, and ...)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
Scala(静态,用于线程/并发和调度的参与者,无任何缺陷)+ Thrift。
我相信最新的 thrift 有 javascript 支持(不确定 JSONP)。
至于身份验证,请参阅我对此问题的回答。
Scala (static, actors for threading/concurrency & dispatch, no cruft) + Thrift.
I believe the latest thrift has javascript support (not sure about JSONP).
As for authentication, see my answer to this question.
确实不存在任何合适级别的良好框架。现有框架要么级别太低(例如 boost::asio),要么级别太高(例如 cake、rails 等)。最接近的选项可能是 Erlang/WebMachine。我想原因是大多数 Web 应用程序最终都会有一组通用的更高级别的要求,然后最终迁移到任何 Web 框架中,从而将其提升到我想要的水平之外。
There really doesn't exist any good framework at the right level for this. Existing frameworks are either too low level (think boost::asio), or too high level (think cake, rails, etc). The closest option is probably Erlang/WebMachine. I guess the reason for this is that most web apps end up having a common set of higher-level requirements that then end up migrating into whatever the web framework is, thus lifting it out of the level where I'm looking to go.