欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

RESTful API批量操作的实现

程序员文章站 2022-12-26 12:52:55
要解决的问题 RESTful API对于批量操作存在一定的缺陷。例如资源的删除接口: 如果我们要删除100条数据怎么搞?难道要调用100次接口吗? 比较容易想到的是下面两种方案: 1. 用逗号分割放进url里: 2. 将需要删除的资源的id放到请求体里面 对于方案1,由于浏览器对url的长度存在限制 ......

要解决的问题

restful api对于批量操作存在一定的缺陷。例如资源的删除接口:
delete /api/resourse/<id>/
如果我们要删除100条数据怎么搞?难道要调用100次接口吗?
比较容易想到的是下面两种方案:

  1. 用逗号分割放进url里:/api/resource/1,2,3...
  2. 将需要删除的资源的id放到请求体里面

对于方案1,由于浏览器对url的长度存在限制,如果操作的资源过多就无法实现。
对于方案2,这种处理方式存在一定的风险,因为根据rpc标准文档,delete的请求体在语义上没有意义,一些网关、代理、防火墙在收到delete请求后,会把请求的body直接剥离掉。

所以我参考,将批量处理的操作名称和数据全部放到请求体里,统一使用post请求发送:

post /api/resource/batch/
    body: {
                "method": "create",
                "data": [ { "name": "mr.bean" }, { "name": "chaplin" }, { "name": "jim carrey" } ]
            }

post /api/resource/batch/
    body: {
                "method": "update",
                "data": { "1": { "name": "mr.bean" }, "2": { "name": "chaplin" } }
            }

post /api/resource/batch/
    body: {
                "method": "delete",
                "data": [1, 2, 3]
            }

python实现

环境:python==3.6.5, django==2.2, djangorestframework==3.9.4

genericviewset中加入了一些自定义的分发逻辑,将相应的batch view放在mixin里实现可重用。

class batchgenericviewset(genericviewset):
    batch_method_names = ('create', 'update', 'delete')
    def batch_method_not_allowed(self, request, *args, **kwargs):
        method = request.batch_method
        raise exceptions.methodnotallowed(method, detail=f'batch method {method.upper()} not allowed.')
        
    def initialize_request(self, request, *args, **kwargs):
        request = super().initialize_request(request, *args, **kwargs)
        # 将batch_method从请求体中提取出来,方便后面使用 
        batch_method = request.data.get('method', none)
        if batch_method is not none:
            request.batch_method = batch_method.lower()
        else:
            request.batch_method = none
        return request
        
    def dispatch(self, request, *args, **kwargs):
           self.args = args
           self.kwargs = kwargs
           request = self.initialize_request(request, *args, **kwargs)
           self.request = request
           self.headers = self.default_response_headers
           try:
                self.initial(request, *args, **kwargs)
                # 首先识别batch_method并进行分发
                if request.batch_method in self.batch_method_names:
                    method_name = 'batch_' + request.batch_method.lower()
                    handler = getattr(self, method_name, self.batch_method_not_allowed)
                elif request.method.lower() in self.http_method_names:
                handler = getattr(self, request.method.lower(), self.http_method_not_allowed)
                else:
                    handler = self.http_method_not_allowed
                    
                response = handler(request, *args, **kwargs)
            except exception as exc:
                response = self.handle_exception(exc)
            
            self.response = self.finalize_response(request, response, *args, **kwargs)
            return self.response

下面是mixin,因为懒所以放在了一个里面:

class batchmixin:

    def batch_create(self, request, *args, **kwargs):
        """
        create a batch of model instance

        request body like this:
        {
            "method": "create",
            "data": [
                        {
                            "name": "mr.liu",
                            "age": 27
                        },
                        {
                            "name": "chaplin",
                            "age": 88
                        }
                    ]
        }
        """
        data = request.data.get('data', none)
        if not isinstance(data, list):
            raise exceptions.validationerror({'data': 'data must be a list.'})
        serializer = self.get_serializer(data=data, many=true)
        serializer.is_valid(raise_exception=true)
        with transaction.atomic():
            self.perform_create(serializer)
        headers = self.get_success_headers(serializer.data)
        return response(serializer.data, status=status.http_201_created, headers=headers)

    def batch_update(self, request, *args, **kwargs):
        """
        update a batch of model instance

        request body like this:
        {
            "method": "update",
            "data": {
                        1: { "name": "mr.liu" },
                        2: { "name": "jim carrey" }
                    }
        }
        """
        data = request.data.get('data', none)
        if not isinstance(data, dict):
            raise exceptions.validationerror({'data': 'data must be a object.'})
        ids = [int(id) for id in data]
        queryset = self.get_queryset().filter(id__in=ids)
        results = []
        for obj in queryset:
            serializer = self.get_serializer(obj, data=data[str(obj.id)], partial=true)
            serializer.is_valid(raise_exception=true)
            with transaction.atomic():
                self.perform_update(serializer)
            results.append(serializer.data)
        return response(results)

    def batch_delete(self, request, *args, **kwargs):
        """
        delete a batch of model instance

        request body like this:
        {
            "method": "delete",
            "data": [1, 2]
        }
        """
        data = request.data.get('data', none)
        if not isinstance(data, list):
            raise exceptions.validationerror({'data': 'data must be a list.'})
        queryset = self.get_queryset().filter(id__in=data)
        with transaction.atomic():
            self.perform_destroy(queryset)
        return response(status=status.http_204_no_content)

这样实现对于restframework框架的modelpermission权限判定会出现问题,因为所有请求都是通过post实现的,默认情况下无法对model的增、删、改权限进行有效的判断。稍微修改下djangomodelpermissions就可以了:

class batchmodelpermissions(djangomodelpermissions):
    batch_method_map = {
        'create': 'post',
        'update': 'patch',
        'delete': 'delete'
    }

    def has_permission(self, request, view):
        if getattr(view, '_ignore_model_permissions', false):
            return true

        if not request.user or (
                not request.user.is_authenticated and self.authenticated_users_only):
            return false

        queryset = self._queryset(view)
        # 这里,这里
        batch_method = getattr(request, 'batch_method', none)
        if batch_method is not none:
            perms = self.get_required_permissions(self.batch_method_map[batch_method], queryset.model)
        else:
            perms = self.get_required_permissions(request.method, queryset.model)

        return request.user.has_perms(perms)

参考: