Lumenで堅牢なAPIを設計する。

by Futoshi Endo

Slide 1

Slide 1 text

ԕ౻ଠಙ(.01FQBCP *OD 1)1FS,BJHJ -VNFOͰݎ࿚ͳ"1*Λઃܭ͢Δ

Slide 2

Slide 2 text

ԕ౻ଠಙ ͑ΜͲ͎ʔ !'FOEP 4)ࣄۀ෦άʔϖ8FCΤϯδχΞ

Slide 3

Slide 3 text

୭ -BSBWFMͷνϡʔτϦΞϧΛ࡞ͬͯΈͨɻ ςετۦಈ։ൃೖ໳

Slide 4

Slide 4 text

࿩͞ͳ͍ࣄ͓࿳ͼ

Slide 5

Slide 5 text

ςετͷ࿩

Slide 6

Slide 6 text

ςετͷ࿩ ઃܭͷ࿩

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

ςετͷ࿩ ઃܭͷ࿩ 3&45GVMͷ࿩

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

ʮ8FC"1*(PPE1BSUTʯ Λಡ΋͏

Slide 11

Slide 11 text

ݎ࿚ͱ͸

Slide 12

Slide 12 text

ݎ࿚ͱ͸ 8FC"1*Ͱ͸௨ৗͷ΢ΣϒΞϓϦέʔγϣϯͱಉ༷ʹ)551Λ௨͡ ͯެ։͞ΕαʔϏεͰ͔͢Βɺಉ༷ʹ҆ఆੑ΍ηΩϡϦςΟ͕ཁٻ ͞Ε·͢ɻ l8FC"1*5IF(PPE1BSUTୈষΑΓ Q z

Slide 13

Slide 13 text

ηΩϡΞͰ҆ఆͨ͠"1*Λߏங͢Δ

Slide 14

Slide 14 text

ݎ࿚ͳ"1*Λઃܭ͢Δ 3FRVFTU Middleware 3PVUF $POUSPMMFS "QQMJDBUJPO .PEFM 3FTQPOT

Slide 15

Slide 15 text

ݎ࿚ͳ"1*Λઃܭ͢Δ ɾ08"414FDVSF)FBEFSTͷઃఆ ɾϒϥ΢βܦ༝Ͱͷ"1*ΞΫηεʹΑΔ߈ܸରࡦ ɾ5ISPUUMFΛ࢖ͬͨΞΫηε੍ݶͷઃఆ ɾ%P4߈ܸରࡦ wϥΠϒϥϦΛ࢖ͬͨೝূ ɾKXUBVUI ࣌ؒͷ౎߹্঺հͰ͖ͳ͔ͬͨ෦෼-VNFOͰग़དྷΔηΩϡϦςʔରԠʹؔ͢Δ5JQT

Slide 16

Slide 16 text

08"414FDVSF)FBEFSTͷઃఆ

Slide 17

Slide 17 text

08"414FDVSF)FBEFSTͷઃఆ ΞϓϦέʔγϣϯͷηΩϡϦςΟΛڧԽ͢Δҝʹ࢖༻Ͱ͖Δ)551Ϩεϙϯεϔο μʔͷ஋Λ08"4"1͕ఆΊ͍ͯΔ஋ʹઃఆ͢ΔࣄͰ944΍+40/ϋΠδϟοΫͳ Ͳͷϒϥ΢β͔ΒͷΞΫηεΛ૝ఆͨ͠৔߹ͷ੬ऑੑΛར༻ͨ͠߈ܸʹ༗ޮͰ͢ɻ

Slide 18

Slide 18 text

08"414FDVSF)FBEFSTͷઃఆ .JEEMFXBSFʹ௥Ճ͢Δɻ

Slide 19

Slide 19 text

CPPUTUSBQBQQQIQʹొ࿥͢Δɻ $app->routeMiddleware([ 'security' => App\Http\Middleware\SecurityHeaders::class, ]); SPVUFTXFCQIQͰݺͼग़͢ɻ $router->group(['prefix' => 'api', 'middleware'=>'security'], function() use ($router){ $router->get('hoges', ['uses' => 'HogesController@showAllHoges']); }); 08"414FDVSF)FBEFSTͷઃఆ

Slide 20

Slide 20 text

5ISPUUMFΛ࢖ͬͨΞΫηε੍ݶͷઃఆ

Slide 21

Slide 21 text

5ISPUUMFΛ࢖ͬͨΞΫηε੍ݶͷઃఆ ΞΫηεʹϨʔτϛϦοτΛ͔͚Δࣄ͕Ͱ͖Δ.JEEMFXBSFɻ %P4߈ܸͳͷͲͷେྔΞΫηεΛ๷͛Δɻ ˞-VNFOʹ͸ඪ४ͰඋΘͬͯͳ͍ͷͰɺ(JUIVC͔Β௚઀औಘͯ͠ -VNFO༻ʹΧελϚΠζ͢Δɻ ‘throttleɿ3,1’ 1෼ؒʹ3ճͷϦΫΤετΛڐՄ͢Δɻ ‘throttleɿ300,1’1෼ؒʹ300ճͷϦΫΤετΛڐՄ͢Δɻ

Slide 22

Slide 22 text

5ISPUUMFΛ࢖ͬͨΞΫηε੍ݶͷઃఆ 3PVUF XFCQIQ Ͱࢦఆ͢Δɻ $curl localhost:8010 {"status":429,"message":"Too Many Attempts."} ઃఆ਺Ҏ্ʹϦΫΤετ͢ΔͱͱΤϥʔϝοηʔδΛฦ͢ $router->group(['middleware' => 'throttle:3,1'], function () use ($router) { $router->get('/', function () use ($router) { return view('index'); }); });

Slide 23

Slide 23 text

ϥΠϒϥϦΛ࢖ͬͨೝূ

Slide 24

Slide 24 text

ϥΠϒϥϦΛ࢖ͬͨೝূ ϥΠϒϥϦແ͠Ͱͷ-VNFOͰͷೝূ͸ਏ͍ʜ

Slide 25

Slide 25 text

ϥΠϒϥϦΛ࢖ͬͨೝূ -VNFO͸-BSBWFMͷެࣜύοέʔδͰ͋Δ1BTTQPSU ೝূύοέʔδ Λ αϙʔτͯ͠ͳ͍ɻ ˞ඇެࣜͰͳΒଘࡏ͢Δ͕ෆ҆ఆ 0"VUIͳͲΛ࠷ॳ͔Β૊΋͏ͱ͢Δͱগ͠େมɻ ϥΠϒϥϦແ͠Ͱͷ-VNFOͰͷೝূ͸ਏ͍ʜ

Slide 26

Slide 26 text

ϥΠϒϥϦΛ࢖ͬͨೝূ

Slide 27

Slide 27 text

͜Εͩ

Slide 28

Slide 28 text

υΩϡϝϯτ͸Ͳͩ͜

Slide 29

Slide 29 text

ϥΠϒϥϦΛ࢖ͬͨೝূ ৄࡉ(VJEFGPSTFUUJOHVQXJUI-VNFO

Slide 30

Slide 30 text

ϥΠϒϥϦΛ࢖ͬͨೝূ

Slide 31

Slide 31 text

ಈ͔Ͷ͐

Slide 32

Slide 32 text

-VNFOͷ৔߹͸KXUPBVUI !EFW PSMBUFTUΛΠϯετʔϧ͢Δ $composer require tymon/jwt-auth:"^1.0@dev" ϥΠϒϥϦΛ࢖ͬͨೝূ

Slide 33

Slide 33 text

ಈ͍ͨ

Slide 34

Slide 34 text

ͨͩʜ

Slide 35

Slide 35 text

ϥΠϒϥϦΛ࢖ͬͨೝূ

Slide 36

Slide 36 text

ϥΠϒϥϦΛ࢖ͬͨೝূ

Slide 37

Slide 37 text

ϥΠϒϥϦΛ࢖ͬͨೝূ

Slide 38

Slide 38 text

҆ఆͯ͠ͳ͍ʜ

Slide 39

Slide 39 text

·ͱΊ

Slide 40

Slide 40 text

ɾηΩϡϦςΟʔʹ͍ͭͯ༨Γ஌͕ࣝͳ͔͕ͬͨ .JEEMFXBF΍ϥΠϒϥϦʔΛ௥Ճ͢Ε͹ָʹରࡦ͕Ͱ͖Δ ·ͱΊ

Slide 41

Slide 41 text

ɾηΩϡϦςΟʔʹ͍ͭͯ༨Γ஌͕ࣝͳ͔͕ͬͨ .JEEMFXBF΍ϥΠϒϥϦʔΛ௥Ճ͢Ε͹ָʹରࡦ͕Ͱ͖Δ ɾೝূपΓ͸-BSBWFMͱൺ΂Δͱ-VNFO͸ਏ͍ɻ ·ͱΊ

Slide 42

Slide 42 text

͓΍ ·ͱΊ

Slide 43

Slide 43 text

Slide 44

Slide 44 text

ݎ࿚ͳ"1*Λઃܭ͢Δ ɾ08"414FDVSF)FBEFSTͷઃఆ ɾϒϥ΢βܦ༝Ͱͷ"1*ΞΫηεʹΑΔ߈ܸରࡦ ɾ5ISPUUMFΛ࢖ͬͨΞΫηε੍ݶͷઃఆ ɾ%P4߈ܸରࡦ wϥΠϒϥϦΛ࢖ͬͨೝূ ɾKXUBVUI ࣌ؒͷ౎߹্঺հͰ͖ͳ͔ͬͨ෦෼-VNFOͰग़དྷΔηΩϡϦςʔରԠʹؔ͢Δ5JQT ͦΕ-BSBWFMͰ΋Ͱ͖ΔΑ

Slide 45

Slide 45 text

Slide 46

Slide 46 text

Slide 47

Slide 47 text

·ͱΊ ͋

Slide 48

Slide 48 text

ԕ౻ଠಙ(.01FQBCP *OD 1)1FS,BJHJ -VNFOͰݎ࿚ͳ"1*Λઃܭ͢Δ

Slide 49

Slide 49 text

ԕ౻ଠಙ(.01FQBCP *OD 1)1FS,BJHJ -VNFOͰݎ࿚ͳ"1*Λઃܭ͢Δ

Slide 50

Slide 50 text

ԕ౻ଠಙ(.01FQBCP *OD 1)1FS,BJHJ -VNFOͰݎ࿚ͳ"1*Λઃܭ͢Δ -BSBWFMͳΒΑΓݎ࿚ͳ"1*ΛઃܭͰ͖Δ

Slide 51

Slide 51 text

No content

Slide 52

Slide 52 text

·ͱΊ -BSBWFMͰݎ࿚ͳ"1*Λ࡞Ζ͏

Slide 53

Slide 53 text

ͦΕͰ΋-VNFOͰݎ࿚ͳ"1*Λ࡞Γ͍ͨํ΁ -VNFOͰग़དྷΔηΩϡϦςΟରࡦʹؔ͢Δ5JQT

Slide 54

Slide 54 text

͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ɻ ϓϩϑΟʔϧGFOEP1SPpMF