实现基于RESTful API的Web App。我需要服务器端框架吗?

时间:2021-02-13 01:49:06

I'm starting a project that basically is a single-page app that downloads and shows a bunch of stats (using d3.js). The data layer is Mongo-powered, served through a RESTful API, and the client app will be coded in Ember.js. We want all data to be exchanged through the API, since we also have some mobile apps in the back burner that will hook to the same API.

我正在开始一个项目,基本上是一个单页应用程序,下载并显示一堆统计信息(使用d3.js)。数据层由Mongo驱动,通过RESTful API提供,客户端应用程序将在Ember.js中编码。我们希望通过API交换所有数据,因为我们还有一些移动应用程序可以挂钩到相同的API。

I'm debating on whether write the API (using Express.js or other server-side MVC framework), or just serve the API use Deployd and not using a server-side framework at all, besides Deployd. I'll provide some hints about the project characteristics:

我正在讨论是否编写API(使用Express.js或其他服务器端MVC框架),或者仅使用Deployd而不是使用服务器端框架来提供API,除了Deployd之外。我将提供一些关于项目特征的提示:

  • The main feature is basically a dashboard that shows aggregated stats that are already computed and stored in the Mongo database.
  • 主要功能基本上是一个仪表板,显示已经计算并存储在Mongo数据库中的聚合统计信息。

  • User interaction is minimal, enough only to allow users to customize their dashboards, but users never upload data (other that customization preferences).
  • 用户交互很少,仅足以允许用户自定义其仪表板,但用户从不上传数据(其他自定义首选项)。

  • Most of the app is a lot of d3.js to create and render a bunch of graphs, which can customized in many ways.
  • 大多数应用程序都是很多d3.js来创建和渲染一堆图形,这些图形可以通过多种方式进行自定义。

  • It requires a very rich and responsive user interface.
  • 它需要非常丰富且响应迅速的用户界面。

I proposed skipping completely the server-side framework, and simply go with a bunch of static HTML+CSS and do all the heavy lifting with a client-side MVC such as Ember.js. Since all data download and upload can be handled by Deployd, a pure static site would load much faster and is also easier to scale. Also, (I think) all user-related data and validation can be done with Deployd itself.

我提议完全跳过服务器端框架,并简单地使用一堆静态HTML + CSS,并使用客户端MVC(例如Ember.js)完成所有繁重工作。由于Deployd可以处理所有数据下载和上传,因此纯静态站点加载速度更快,也更容易扩展。此外,(我认为)所有与用户相关的数据和验证都可以通过Deployd本身完成。

The thing is, some of my colleagues had a heart-stroke when I mentioned this idea. So I'd like a reality check: do I really need a server-side framework besides Deployd to cope with problems I cannot foresee yet? Are the benefits of having a pure static site a good enough tradeoff versus having, say, Express.js just in case?

问题是,当我提到这个想法时,我的一些同事心脏病。所以我想要一个现实检查:除了Deployd之外我真的需要一个服务器端框架来应对我无法预见的问题吗?有一个纯静态站点的好处是否足以与Express.js进行权衡,以防万一?

1 个解决方案

#1


I haven't worked with Deployd before, but from a quick skim of its docs, it is a server-side framework. It accepts requests and respond with json. It's just oriented to APIs and json and neglects html, unlike, say, default Ruby on Rails.

我以前没有和Deployd合作,但是从它的文档快速浏览,它是一个服务器端框架。它接受请求并使用json进行响应。它只是面向API和json而忽略了html,不像默认的Ruby on Rails。

The main issues I can think of that might arise due to a lack of a traditional server-side framework are things like auth, CORS, and XSS/CSRF/other common security issues. You could cater for this through Deployd if it's built in or easily added, but that may be difficult.

我可以想到的主要问题可能是由于缺乏传统的服务器端框架而导致的问题包括auth,CORS和XSS / CSRF /其他常见的安全问题。如果内置或轻松添加,您可以通过Deployd来满足这一需求,但这可能很难。

Looking further into Deployd's docs, I see there's a guide for users and CORS. I can't find anything about XSS or CSRF.

进一步研究Deployd的文档,我看到有一个用户和CORS的指南。我找不到任何关于XSS或CSRF的信息。

#1


I haven't worked with Deployd before, but from a quick skim of its docs, it is a server-side framework. It accepts requests and respond with json. It's just oriented to APIs and json and neglects html, unlike, say, default Ruby on Rails.

我以前没有和Deployd合作,但是从它的文档快速浏览,它是一个服务器端框架。它接受请求并使用json进行响应。它只是面向API和json而忽略了html,不像默认的Ruby on Rails。

The main issues I can think of that might arise due to a lack of a traditional server-side framework are things like auth, CORS, and XSS/CSRF/other common security issues. You could cater for this through Deployd if it's built in or easily added, but that may be difficult.

我可以想到的主要问题可能是由于缺乏传统的服务器端框架而导致的问题包括auth,CORS和XSS / CSRF /其他常见的安全问题。如果内置或轻松添加,您可以通过Deployd来满足这一需求,但这可能很难。

Looking further into Deployd's docs, I see there's a guide for users and CORS. I can't find anything about XSS or CSRF.

进一步研究Deployd的文档,我看到有一个用户和CORS的指南。我找不到任何关于XSS或CSRF的信息。