类似 Twitter 的 API 服务

这个示例演示如何使用 MongoDB,JWT 和 JSON 创建一个类似 Twitter 的 REST API 服务。

模型

user.go

  1. package model
  3. import "gopkg.in/mgo.v2/bson"
  5. type (
  6.     User struct {
  7.         ID        bson.ObjectId `json:"id" bson:"_id,omitempty"`
  8.         Email     string        `json:"email" bson:"email"`
  9.         Password  string        `json:"password,omitempty" bson:"password"`
  10.         Token     string        `json:"token,omitempty" bson:"-"`
  11.         Followers []string      `json:"followers,omitempty" bson:"followers,omitempty"`
  12.     }
  13. )

post.go

  1. package model
  3. import "gopkg.in/mgo.v2/bson"
  5. type (
  6.     Post struct {
  7.         ID      bson.ObjectId `json:"id" bson:"_id,omitempty"`
  8.         To      string        `json:"to" bson:"to"`
  9.         From    string        `json:"from" bson:"from"`
  10.         Message string        `json:"message" bson:"message"`
  11.     }
  12. )

控制器

handler.go

  1. package handler
  3. import mgo "gopkg.in/mgo.v2"
  5. type (
  6.     Handler struct {
  7.         DB *mgo.Session
  8.     }
  9. )
  11. const (
  12.     // Key (Should come from somewhere else).
  13.     Key = "secret"
  14. )

user.go

  1. package handler
  3. import (
  4.     "net/http"
  5.     "time"
  7.     jwt "github.com/dgrijalva/jwt-go"
  8.     "github.com/labstack/echo"
  9.     "github.com/labstack/echo/cookbook/twitter/model"
  10.     mgo "gopkg.in/mgo.v2"
  11.     "gopkg.in/mgo.v2/bson"
  12. )
  14. func (h *Handler) Signup(c echo.Context) (err error) {
  15.     // Bind
  16.     u := &model.User{ID: bson.NewObjectId()}
  17.     if err = c.Bind(u); err != nil {
  18.         return
  19.     }
  21.     // Validate
  22.     if u.Email == "" || u.Password == "" {
  23.         return &echo.HTTPError{Code: http.StatusBadRequest, Message: "invalid email or password"}
  24.     }
  26.     // Save user
  27.     db := h.DB.Clone()
  28.     defer db.Close()
  29.     if err = db.DB("twitter").C("users").Insert(u); err != nil {
  30.         return
  31.     }
  33.     return c.JSON(http.StatusCreated, u)
  34. }
  36. func (h *Handler) Login(c echo.Context) (err error) {
  37.     // Bind
  38.     u := new(model.User)
  39.     if err = c.Bind(u); err != nil {
  40.         return
  41.     }
  43.     // Find user
  44.     db := h.DB.Clone()
  45.     defer db.Close()
  46.     if err = db.DB("twitter").C("users").
  47.         Find(bson.M{"email": u.Email, "password": u.Password}).One(u); err != nil {
  48.         if err == mgo.ErrNotFound {
  49.             return &echo.HTTPError{Code: http.StatusUnauthorized, Message: "invalid email or password"}
  50.         }
  51.         return
  52.     }
  54.     //-----
  55.     // JWT
  56.     //-----
  58.     // Create token
  59.     token := jwt.New(jwt.SigningMethodHS256)
  61.     // Set claims
  62.     claims := token.Claims.(jwt.MapClaims)
  63.     claims["id"] = u.ID
  64.     claims["exp"] = time.Now().Add(time.Hour * 72).Unix()
  66.     // Generate encoded token and send it as response
  67.     u.Token, err = token.SignedString([]byte(Key))
  68.     if err != nil {
  69.         return err
  70.     }
  72.     u.Password = "" // Don't send password
  73.     return c.JSON(http.StatusOK, u)
  74. }
  76. func (h *Handler) Follow(c echo.Context) (err error) {
  77.     userID := userIDFromToken(c)
  78.     id := c.Param("id")
  80.     // Add a follower to user
  81.     db := h.DB.Clone()
  82.     defer db.Close()
  83.     if err = db.DB("twitter").C("users").
  84.         UpdateId(bson.ObjectIdHex(id), bson.M{"$addToSet": bson.M{"followers": userID}}); err != nil {
  85.         if err == mgo.ErrNotFound {
  86.             return echo.ErrNotFound
  87.         }
  88.     }
  90.     return
  91. }
  93. func userIDFromToken(c echo.Context) string {
  94.     user := c.Get("user").(*jwt.Token)
  95.     claims := user.Claims.(jwt.MapClaims)
  96.     return claims["id"].(string)
  97. }

post.go

  1. package handler
  3. import (
  4.     "net/http"
  5.     "strconv"
  7.     "github.com/labstack/echo"
  8.     "github.com/labstack/echo/cookbook/twitter/model"
  9.     mgo "gopkg.in/mgo.v2"
  10.     "gopkg.in/mgo.v2/bson"
  11. )
  13. func (h *Handler) CreatePost(c echo.Context) (err error) {
  14.     u := &model.User{
  15.         ID: bson.ObjectIdHex(userIDFromToken(c)),
  16.     }
  17.     p := &model.Post{
  18.         ID:   bson.NewObjectId(),
  19.         From: u.ID.Hex(),
  20.     }
  21.     if err = c.Bind(p); err != nil {
  22.         return
  23.     }
  25.     // Validation
  26.     if p.To == "" || p.Message == "" {
  27.         return &echo.HTTPError{Code: http.StatusBadRequest, Message: "invalid to or message fields"}
  28.     }
  30.     // Find user from database
  31.     db := h.DB.Clone()
  32.     defer db.Close()
  33.     if err = db.DB("twitter").C("users").FindId(u.ID).One(u); err != nil {
  34.         if err == mgo.ErrNotFound {
  35.             return echo.ErrNotFound
  36.         }
  37.         return
  38.     }
  40.     // Save post in database
  41.     if err = db.DB("twitter").C("posts").Insert(p); err != nil {
  42.         return
  43.     }
  44.     return c.JSON(http.StatusCreated, p)
  45. }
  47. func (h *Handler) FetchPost(c echo.Context) (err error) {
  48.     userID := userIDFromToken(c)
  49.     page, _ := strconv.Atoi(c.QueryParam("page"))
  50.     limit, _ := strconv.Atoi(c.QueryParam("limit"))
  52.     // Defaults
  53.     if page == 0 {
  54.         page = 1
  55.     }
  56.     if limit == 0 {
  57.         limit = 100
  58.     }
  60.     // Retrieve posts from database
  61.     posts := []*model.Post{}
  62.     db := h.DB.Clone()
  63.     if err = db.DB("twitter").C("posts").
  64.         Find(bson.M{"to": userID}).
  65.         Skip((page - 1) * limit).
  66.         Limit(limit).
  67.         All(&posts); err != nil {
  68.         return
  69.     }
  70.     defer db.Close()
  72.     return c.JSON(http.StatusOK, posts)
  73. }

API

注册

用户注册

  • 用请求里取出用户信息验证合法性。
  • 不合法的邮箱和密码,返回 400 - Bad Request
  • 合法的邮箱和密码,保存数据到数据库并返回 201 - Created

请求

  1. curl \
  2.   -X POST \
  3.   http://localhost:1323/signup \
  4.   -H "Content-Type: application/json" \
  5.   -d '{"email":"jon@labstack.com","password":"shhh!"}'

响应

201 - Created

  1. {
  2.   "id": "58465b4ea6fe886d3215c6df",
  3.   "email": "jon@labstack.com",
  4.   "password": "shhh!"
  5. }

Login

User login

  • Retrieve user credentials from the body and validate against database.
  • For invalid credentials, send 401 - Unauthorized response.
  • For valid credentials, send 200 - OK response:
    • Generate JWT for the user and send it as response.
    • Each subsequent request must include JWT in the Authorization header.

Method: POST

Path: /login

Request

  1. curl \
  2.   -X POST \
  3.   http://localhost:1323/login \
  4.   -H "Content-Type: application/json" \
  5.   -d '{"email":"jon@labstack.com","password":"shhh!"}'

Response

200 - OK

  1. {
  2.   "id": "58465b4ea6fe886d3215c6df",
  3.   "email": "jon@labstack.com",
  4.   "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0ODEyNjUxMjgsImlkIjoiNTg0NjViNGVhNmZlODg2ZDMyMTVjNmRmIn0.1IsGGxko1qMCsKkJDQ1NfmrZ945XVC9uZpcvDnKwpL0"
  5. }

Client should store the token, for browsers, you may use local storage.

Follow

Follow a user

  • For invalid token, send 400 - Bad Request response.
  • For valid token:
    • If user is not found, send 404 - Not Found response.
    • Add a follower to the specified user in the path parameter and send 200 - OK response.

Method: POST

Path: /follow/:id

Request

  1. curl \
  2.   -X POST \
  3.   http://localhost:1323/follow/58465b4ea6fe886d3215c6df \
  4.   -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0ODEyNjUxMjgsImlkIjoiNTg0NjViNGVhNmZlODg2ZDMyMTVjNmRmIn0.1IsGGxko1qMCsKkJDQ1NfmrZ945XVC9uZpcvDnKwpL0"

Response

200 - OK

Post

Post a message to specified user

  • For invalid request payload, send 400 - Bad Request response.
  • If user is not found, send 404 - Not Found response.
  • Otherwise save post in the database and return it via 201 - Created response.

Method: POST

Path: /posts

Request

  1. curl \
  2.   -X POST \
  3.   http://localhost:1323/posts \
  4.   -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0ODEyNjUxMjgsImlkIjoiNTg0NjViNGVhNmZlODg2ZDMyMTVjNmRmIn0.1IsGGxko1qMCsKkJDQ1NfmrZ945XVC9uZpcvDnKwpL0" \
  5.   -H "Content-Type: application/json" \
  6.   -d '{"to":"58465b4ea6fe886d3215c6df","message":"hello"}'

Response

201 - Created

  1. {
  2.   "id": "584661b9a6fe8871a3804cba",
  3.   "to": "58465b4ea6fe886d3215c6df",
  4.   "from": "58465b4ea6fe886d3215c6df",
  5.   "message": "hello"
  6. }

Feed

List most recent messages based on optional page and limit query parameters

Method: GET

Path: /feed?page=1&limit=5

Request

  1. curl \
  2.   -X GET \
  3.   http://localhost:1323/feed \
  4.   -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0ODEyNjUxMjgsImlkIjoiNTg0NjViNGVhNmZlODg2ZDMyMTVjNmRmIn0.1IsGGxko1qMCsKkJDQ1NfmrZ945XVC9uZpcvDnKwpL0"

Response

200 - OK

  1. [
  2.   {
  3.     "id": "584661b9a6fe8871a3804cba",
  4.     "to": "58465b4ea6fe886d3215c6df",
  5.     "from": "58465b4ea6fe886d3215c6df",
  6.     "message": "hello"
  7.   }
  8. ]