| 注册
请输入搜索内容

热门搜索

Java Linux MySQL PHP JavaScript Hibernate jQuery Nginx
jopen
9年前发布

PostgREST: 把任意PostgreSQL数据库封装成REST API

qq截图20150723154729.png
PostgREST提供从任何现有的PostgreSQL数据库转成完整的RESTful API 。它提供了一个更清洁,更符合标准的,更快的API比你有可能从头开始编写的。

Demo postgrest.herokuapp.com | Watch Video | GUI Demo

Try making requests to the live demo server with an HTTP client such as postman. The structure of the demo database is defined by begriffs/postgrest-example. You can use it as inspiration for test-driven server migrations in your own projects.

Usage

Download the binary (latest release) and invoke like so:

postgrest  --db-host localhost  --db-port 5432     \             --db-name my_db      --db-user postgres \             --db-pass foobar     --db-pool 200      \             --anonymous postgres --port 3000        \             --v1schema public

In production include the--secureoption which redirects all requests to HTTPS. Note that PostgREST does not handle the SSL internally and must be put behind another server that does (such as nginx or the Heroku load balancer).

Performance

TLDR; subsecond response times for up to 2000 requests/sec on Heroku free tier. (see the load test)

If you're used to servers written in interpreted languages (or named after precious gems), prepare to be pleasantly surprised by PostgREST performance.

Three factors contribute to the speed. First the server is written in Haskell using the Warp HTTP server (aka a compiled language with lightweight threads). Next it delegates as much calculation as possible to the database including

  • Serializing JSON responses directly in SQL
  • Data validation
  • Authorization
  • Combined row counting and retrieval
  • Data post in single command (returning *)

Finally it uses the database efficiently with the Hasql library by

  • Reusing prepared statements
  • Keeping a pool of db connections
  • Using the Postgres binary protocol
  • Being stateless to allow horizontal scaling

Ultimately the server (when load balanced) is constrained by database performance. This may make it inappropriate for very large traffic load. To learn more about scaling with Heroku and Amazon RDS see the performance guide.

Other optimizations are possible, and some are outlined in the Future Features.

Security

PostgREST handles authentication (HTTP Basic over SSL or JSON Web Tokens) and delegates authorization to the role information defined in the database. This ensures there is a single declarative source of truth for security. When dealing with the database the server assumes the identity of the currently authenticated user, and for the duration of the connection cannot do anything the user themselves couldn't.

Postgres 9.5 will soon support true row-level security. In the meantime what isn't yet implemented can be simulated with triggers and security-barrier views. Because the possible queries to the database are limited to certain templates using leakproof functions, the trigger workaround does not compromise row-level security.

For example security patterns see the security guide.

Versioning

A robust long-lived API needs the freedom to exist in multiple versions. PostgREST supports versioning through HTTP content negotiation. Requests for a certain version translate into switching which database schema to search for tables. PostgreSQL schema search paths allow tables from earlier versions to be reused verbatim in later versions.

To learn more, see the guide to versioning.

Self-documention

Rather than writing and maintaining separate docs yourself let the API explain its own affordances using HTTP. All PostgREST endpoints respond to the OPTIONS verb and explain what they support as well as the data format of their JSON payload.

The number of rows returned by an endpoint is reported by - and limited with - range headers. More about that.

There are more opportunities for self-documentation listed in Future Features.

Data Integrity

Rather than relying on an Object Relational Mapper and custom imperative coding, this system requires you put declarative constraints directly into your database. Hence no application can corrupt your data (including your API server).

The PostgREST exposes HTTP interface with safeguards to prevent surprises, such as enforcing idempotent PUT requests, and

See examples of Postgres constraints and the guide to routing.

Future Features

  • Watching endpoint changes with sockets and Postgres pubsub
  • Specifying per-view HTTP caching
  • Inferring good default caching policies from the Postgres stats collector
  • Generating mock data for test clients
  • Maintaining separate connection pools per role to avoid "set/reset role" performance penalty
  • Describe more relationships with Link headers
  • Depending on accept headers, render OPTIONS as RAML or a relational diagram
  • Add two-legged auth with OAuth 1.0a(?)
  • ... the other issues

项目主页:http://www.open-open.com/lib/view/home/1437637416131

 本文由用户 jopen 自行上传分享,仅供网友学习交流。所有权归原作者,若您的权利被侵害,请联系管理员。
 转载本站原创文章,请注明出处,并保留原始链接、图片水印。
 本站是一个以用户分享为主的开源技术平台,欢迎各类分享!
 本文地址:https://www.open-open.com/lib/view/open1437637416131.html
PostgREST PostgreSQL 数据库服务器