RESTworld.AspNetCore
27.0.0
dotnet add package RESTworld.AspNetCore --version 27.0.0
NuGet\Install-Package RESTworld.AspNetCore -Version 27.0.0
<PackageReference Include="RESTworld.AspNetCore" Version="27.0.0" />
paket add RESTworld.AspNetCore --version 27.0.0
#r "nuget: RESTworld.AspNetCore, 27.0.0"
// Install RESTworld.AspNetCore as a Cake Addin #addin nuget:?package=RESTworld.AspNetCore&version=27.0.0 // Install RESTworld.AspNetCore as a Cake Tool #tool nuget:?package=RESTworld.AspNetCore&version=27.0.0
RESTworld
RESTworld is a framework which utilizes other common frameworks and patterns alltogether to enable easy and fast creation of a truly RESTful API.
Used frameworks and patterns
- Entity Framework Core for data access
- ASP.Net Core for hosting
- HAL and HAL-Forms for providing hyperlinks between resources
- OData for query support on list endpoints
- AutoMapper for mapping between Entities and DTOs
- Resource based authorization
- API Versioning through media types
- Open Telemetry for monitoring
Pipeline
The most basic pipeline has the following data flow for a request on a list endpoint:
- Request
- Controller selection through ASP.Net Core (optionally with versioning)
- Query parsing through OData
- Controller method calls business service method
- Authorization validates and modifies the request (both optional)
- Service validates that all migrations have been applied to the database, to protect from locks during migration.
- Service gets the data through Entity Framework Core
- Entity Framework Core translates the query into SQL and gets the data from the database
- Business service translates Entities into DTOs through Automapper
- Authorization validates and modifies the response (both optional)
- Controller wraps the result in a HAL response
- Result
Usage as API developer
Example
You can find a complete example which leverages all the features offered by RESTworld at https://github.com/wertzui/RESTworld/tree/main/src/Example/ExampleBlog.
Solution structure
If your API gets the name MyApi, structure your Solution with the following Projects:
- MyApi (ASP.Net Core Web API)
- References RESTworld.AspNetCore, MyApi.Business
- Contains your startup logic and your custom controllers
- MyApi.Business
- References RESTworld.Business, MyApi.Data
- Contains your AutoMapperConfiguration and your custom services
- MyApi.Data
- References RESTworld.EntityFrameworkCore, MyApi.Common
- Contains your Entity Framework Core Database Model including Entities and Migrations
- MyApi.Common
- References RESTworld.Common
- Contains your DTOs and Enums
- MyApi.Client.Angular (optional)
- References RESTworld.Client.AspNetCore
- The Angular application references @wertzui/ngx-restworld-client
- MyApi.Aspire.Apphost (optional)
- When adding a new empty Aspire project and calling it MyApi.Aspire, two projects will be created: MyApi.Aspire.AppHost and MyApi.Aspire.ServiceDefaults. You can delete the MyApi.Aspire.ServiceDefaults as these are already backed into RESTworld.
- References MyApi, MyApi.Client.Angular
- The API service needs to reference the database and the Frontend service needds to reference the API service using
.WithReference()
- Wires up everything for local testing.
Configuration
Add the following to your appsettings.json in MyApi
"RESTworld": {
"MaxNumberForListEndpoint": 10, // The maximum returned on a list endpoint
"Curie": "MyEx", // The curie used to reference all your actions
"CalculateTotalCountForListEndpoint": true, // If you set this to true, your clients may be able to get all pages faster as they can do more parallel requests by calculating everything themself
"DisableAuthorization": false, // For testing purposes you can set this to false
"Versioning": { // Add this is you want to opt into versioning
"AllowQueryParameterVersioning": false, // This will allow legacy clients who cannot version through the media-type to version through a query parameter. This is not considered REST, but here to also support such clients.
"DefaultVersion": "2.0", // Can either be a version or "latest"
"ParameterName": "v" // The name of the parameter in the media-type headers and the query "Accept: application/hal+json; v=2.0" or "http://localhost/Author/42?v=2.0"
}
}
When referencing an API, either through RESTworld.Client.Net, or @wertzui/ngx-restworld-client, add the following to your appsettings.json too
"RESTworld": {
"ClientSettings": {
"ApiUrls": [
{
"Name": "MyApi",
"Url": "https://myapi.example.com/",
"Version": 42
}
]
}
Change your Program.cs to the following
using Microsoft.AspNetCore.Builder;
var builder = WebApplication.CreateBuilder(args);
var rwBuilder = rwBuilder.AddRestWorld();
var services = rwBuilder.Services;
// Have a static class AutoMapperConfiguration in your MyApi.Business project
services.AddAutoMapper(AutoMapperConfiguration.ConfigureAutomapper);
// Database
services.AddDbContextFactoryWithDefaults<TDbContext>(builder.Configuration);
rwBuilder.AddODataModelForDbContext<TDbContext>();
// Optionally migrate your database to the latest version during startup
services.MigrateDatabaseDuringStartup<TDbContext>();
// Default pipeline
services.AddCrudPipeline<TContext, TEntity, TCreateDto, TGetListDto, TGetFullDto, TUpdateDto>();
// Optionally you can also add versioned pipelines
services.AddCrudPipeline<TContext, TEntity, TCreateDtoV1, TGetListDtoV1, TGetFullDtoV1, TUpdateDtoV1>(new ApiVersion(1, 0), true);
services.AddCrudPipeline<TContext, TEntity, TCreateDto, TGetListDto, TGetFullDto, TUpdateDto>(new ApiVersion(2, 0));
// With custom service
services.AddCrudPipelineWithCustomService<TContext, TEntity, TCreateDto, TGetListDto, TGetFullDto, TUpdateDto, TService>();
// Optionally add extra validation which can run before or after saving changes
services.AddValidator<TValidator, TCreateDto, TUpdateDto, TEntity>();
// Custom controllers will automatically be picked up by the pipeline so there is no need to register them.
var app = rwBuilder.Build();
app.UseRestWorld();
await app.RunAsync();
When creating MyApi.Client.Angular, change your Program.cs to the following
using Microsoft.AspNetCore.Builder;
var builder = WebApplication.CreateBuilder(args);
var rwBuilder = builder.AddRestWorldWithSpaFrontend();
var app = rwBuilder.Build();
app.UseRestWorldWithSpaFrontend();
await app.RunAsync();
Automapper
Add an AutoMapperConfiguration to your MyApi.Business project
using AutoMapper;
using MyApi.Common.Dtos;
using MyApi.Common.Enums;
using MyApi.Data.Models;
namespace MyApi.Business;
public class AutoMapperConfiguration
{
public void ConfigureAutomapper(IMapperConfigurationExpression config)
{
// A simple mapping
config
.CreateMap<TEntity, TDto>()
.ReverseMap();
// If you are using versioning, you probably need to add different mappings for different DTO versions here
config
.CreateMap<MyEntity, MyDto>()
.ReverseMap();
config
.CreateMap<MyEntity, MyDtoV1>()
.ForMember(dst => dst.Name, opt => opt.MapFrom(src => src.FirstName + " " + src.LastName))
.ReverseMap()
.ForMember(dst => dst.FirstName, opt => opt.MapFrom(src => src.Name.Split(new[] { ' ' }, 2)[0]))
.ForMember(dst => dst.LastName, opt => opt.MapFrom(src => src.Name.Split(new[] { ' ' }, 2)[1]));
// Add more mappings
}
}
Authorization
If you want to use the inbuilt authorization logic, you must implement the interface ICrudAuthorizationHandler<TEntity, TCreateDto, TGetListDto, TGetFullDto, TUpdateDto>
in a class to handle your own authorization logic. You can then register it during startup in your Program.cs.
// Concrete implementation for one service
services.AddAuthorizationHandler<MyAuthorizationHandler, TEntity, TCreateDto, TGetListDto, TGetFullDto, TUpdateDto>();
// Generic implementation which can be used for all services
services.AddAuthorizationHandler<MyGenericAuthorizationHandler<TEntity, TCreateDto, TGetListDto, TGetFullDto, TUpdateDto>, TEntity, TCreateDto, TGetListDto, TGetFullDto, TUpdateDto>();
// Register a pipeline together with concrete authorization handler
services.AddRestPipelineWithAuthorization<TContext, TEntity, TCreateDto, TGetListDto, TGetFullDto, TUpdateDto, MyAuthorizationHandler>();
// Register a pipeline together with generic authorization handler
services.AddRestPipelineWithAuthorization<TContext, TEntity, TCreateDto, TGetListDto, TGetFullDto, TUpdateDto, MyGenericAuthorizationHandler<TEntity, TCreateDto, TGetListDto, TGetFullDto, TUpdateDto>>();
// With a custom service implementation and concrete authorization handler
services.AddRestPipelineWithCustomServiceAndAuthorization<TContext, TEntity, TCreateDto, TGetListDto, TGetFullDto, TUpdateDto, TService, MyAuthorizationHandler>();
// With a custom service implementation and generic authorization handler
services.AddRestPipelineWithCustomServiceAndAuthorization<TContext, TEntity, TCreateDto, TGetListDto, TGetFullDto, TUpdateDto, TService, MyGenericAuthorizationHandler<TEntity, TCreateDto, TGetListDto, TGetFullDto, TUpdateDto>>();
To get the current user, an IUserAccessor
is provided, which you may want to inject into your authorization handler implementation. It is automatically populated from the HttpContext
. However no method is provided to read the user from a token, a cookie, or something else as libraries for that are already existing. In addition no login functionality is provided, as RESTworld is meant to be a framework for APIs and the API itself should relay the login functionality to any login service (like an OAuth service or something else).
Versioning
If you want or need to version your API, this is done through the media-type headers Accept
and Content-Type
. The API will parse the version from the Accept
header and always return the used version in the Content-Type
header. It will also advertise supported versions in the api-supported-versions
header and advertise deprecated versions in the api-deprecated-versions
header. So if you implement a client for the API, you should always look at the api-deprecated-versions
header and give a warning to the user of the client if a deprecated version is used.
You can configure versioning in your appsettings as shown above. If possible, I suggest that you handle versioning in your AutomapperConfiguration
as this is the easiest place and does not require special service implementations.
However if you cannot do this, there is also the possibility to use a REST pipeline with a custom service. That way you will need to provide one service for each version, but can also do more complex logic and database access to support multiple versions.
Health checks
Three endpoints for health checks are provided:
/health/startup
- This one reports healthy once every database which you have added through
services.AddDbContextFactoryWithDefaults<TContext>(Configuration)
has migrated to the latest version.
- This one reports healthy once every database which you have added through
/health/live
- This one reports healthy as soon as the application has started. It has no checks configured upfront.
/health/ready
- This one reports healthy if a connection to every database which you have added through
services.AddDbContextFactoryWithDefaults<TContext>(Configuration)
can be established.
- This one reports healthy if a connection to every database which you have added through
These three endpoints have been choosen to play nicely with the three Kubernetes probes startupProbe
, livenessProbe
and readinessProbe
. For more information have a look at the Kubernetes documentation https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes.
You can add your own health checks to these endpoints by tagging them with either "startup"
, "live"
or "ready"
.
Aspire
If you want to get a nice local environment where you can see your services and database, you can use Aspire.
Simply add references to your MyApi
and MyApi.Client.Angular
projects and wire everything up in your Program.cs
using Projects;
var builder = DistributedApplication.CreateBuilder(args);
// This will read the connection string from the appsettings.json or secrets.json file or get it from an environment variable
// In this example it is stored in appsettings.json, because it just connects to lodaldb without a password.
var database = builder.AddConnectionString("MyDatabase");
// Instead of using localDb, you can also use a SQL Server instance which is automatically created and started in a docker container.
//var database = builder.AddSqlServer("SQL-Server")
// .AddDatabase("MyDatabase");
// Add the backend API as a service
var apiService = builder.AddProject<MyApi>("MyApi")
// Add a reference to the database
// because the database has the name "MyDatabase", this will inject an environment variable ConnectionStrings__MyDatabase=Server=localhost;Database=MyDatabase;Integrated Security=True
.WithReference(database);
// Add the Frontend which hosts the Angular client
// Note that OTLP in Angular does not work with Aspire at the moment, because Aspire only accepts OTLP through gRPC
// Until this PR is merged: https://github.com/dotnet/aspire/pull/4197
var frontendService = builder.AddProject<MyApi_Client_Angular>("MyApi-Client-Angular")
// Add a reference to the backend API
// This will inject an environment variable services__MyApi__https__0=https://localhost:5432
// The SettingsController from RestWorld.Client.AspNetCore will read this environment variable and replace the API URLs with the value,
// so that the Angular client can call the API
.WithReference(apiService);
var app = builder.Build();
await app.RunAsync();
Done
That's it. Now you can start your API and use a HAL browser like https://chatty42.herokuapp.com/hal-explorer/index.html#uri=https://localhost:5001 to browse your API.
If you are using a launchSettings.json
, I suggest to use this as your "launchUrl"
.
Usage as client developer
When developing an Angular SPA, you can use the @wertzui/ngx-restworld-client
npm package for your Angular application and the RESTworld.Client.AspNetCore
NuGet package for hosting.
Here are some guidelines when developing your own client:
Make use of HAL
Write your client in such a way that it will always connect to the home-endpoint (/
) first to discover all the other endpoints. You can cache the routes to the controller enpoints for quite some time (maybe a day or for the duration of a session), but do not hardcode them! There are also a couple of libraries for different programming languages out there which support HAL. The specification can be found at https://stateless.group/hal_specification.html.
Link templating
Link templating is defined in the IETF RFC 6570 at https://datatracker.ietf.org/doc/html/rfc6570 and there are also libraries for that. Use it together with HAL.
OData queries for list endpoints
To filter data on the List-endpoint, you can use the OData syntax. It is very powerfull and you can find a basic tutorial on the sytax at https://www.odata.org/getting-started/basic-tutorial/#queryData.
Use the /new endpoint to get sensible default data
If you want you client to be able to create new objects, you might want to query the /new
endpoint and present that data to your user so he is guided a little bit.
Batch operations for POST and PUT
The POST (Create) and PUT (Update) endpoints both accept either a single object or an array of objects. If you need to create or modify a huge number of objects, you should send them as an array as this will ensure the atomicity of such an operation and might also give you a huge performance gain as it will save a lot of roundtrips.
Versioning from the client perpective
Always send your supported version(s) in the Accept
header to ensure you always get a response that you can handle and watch for the api-deprecated-versions
header to quickly get notified if you need to change your client before it breaks. The format of the Accept
header should always be application/hal+json; v=42
(or whatever version you need and is offered by the server).
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net9.0 is compatible. |
-
net9.0
- Asp.Versioning.OData.ApiExplorer (>= 8.1.0)
- AutoFixture (>= 4.18.1)
- AutoMapper.AspNetCore.OData.EFCore (>= 5.0.2)
- CsvHelper (>= 33.0.1)
- HAL.AspNetCore.OData (>= 18.0.0)
- Microsoft.AspNetCore.Authentication.JwtBearer (>= 9.0.0)
- Microsoft.AspNetCore.OpenApi (>= 9.0.0)
- Microsoft.Extensions.Http.Resilience (>= 9.0.0)
- Microsoft.Extensions.ServiceDiscovery (>= 9.0.0)
- OpenTelemetry.Exporter.OpenTelemetryProtocol (>= 1.10.0)
- OpenTelemetry.Extensions.Hosting (>= 1.10.0)
- OpenTelemetry.Instrumentation.AspNetCore (>= 1.9.0)
- OpenTelemetry.Instrumentation.EntityFrameworkCore (>= 1.0.0-beta.12)
- OpenTelemetry.Instrumentation.Http (>= 1.9.0)
- OpenTelemetry.Instrumentation.Runtime (>= 1.9.0)
- OpenTelemetry.Instrumentation.SqlClient (>= 1.9.0-beta.1)
- RESTworld.Business (>= 18.0.0)
- Swashbuckle.AspNetCore (>= 7.0.0)
NuGet packages (1)
Showing the top 1 NuGet packages that depend on RESTworld.AspNetCore:
Package | Downloads |
---|---|
RESTworld.Client.AspNetCore
Package Description |
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
27.0.0 | 51 | 11/20/2024 |
26.3.3 | 117 | 11/7/2024 |
26.3.2 | 51 | 11/6/2024 |
26.3.1 | 76 | 10/30/2024 |
26.3.0 | 57 | 10/30/2024 |
26.2.0 | 290 | 10/11/2024 |
26.1.2 | 137 | 10/1/2024 |
26.1.1 | 69 | 10/1/2024 |
26.1.0 | 82 | 9/27/2024 |
26.0.0 | 75 | 9/20/2024 |
25.2.0 | 272 | 7/30/2024 |
25.1.2 | 102 | 7/18/2024 |
25.1.1 | 63 | 7/12/2024 |
25.1.0 | 225 | 7/10/2024 |
25.0.0 | 78 | 7/3/2024 |
24.1.0 | 112 | 6/10/2024 |
24.0.0 | 98 | 6/4/2024 |
23.0.0 | 66 | 6/4/2024 |
22.2.0 | 668 | 1/9/2024 |
22.0.0 | 151 | 12/22/2023 |
21.1.0 | 340 | 11/27/2023 |
21.0.1 | 130 | 11/27/2023 |
21.0.0 | 187 | 11/15/2023 |
20.1.0 | 313 | 10/23/2023 |
20.0.0 | 311 | 9/27/2023 |
19.2.2 | 204 | 9/11/2023 |
19.2.1 | 416 | 7/17/2023 |
19.2.0 | 248 | 7/3/2023 |
19.1.0 | 165 | 6/29/2023 |
19.0.0 | 192 | 6/28/2023 |
18.1.0 | 438 | 6/14/2023 |
18.0.2 | 379 | 5/25/2023 |
18.0.1 | 236 | 5/16/2023 |
18.0.0 | 276 | 5/10/2023 |
17.1.1 | 216 | 5/2/2023 |
17.1.0 | 228 | 4/30/2023 |
17.0.0 | 239 | 4/19/2023 |
16.0.0 | 280 | 3/12/2023 |
15.1.1 | 585 | 2/22/2023 |
15.1.0 | 306 | 2/9/2023 |
15.0.0 | 461 | 1/24/2023 |
14.1.0 | 359 | 1/24/2023 |
14.0.2 | 496 | 1/5/2023 |
14.0.1 | 310 | 1/5/2023 |
14.0.0 | 414 | 12/21/2022 |
13.0.0 | 539 | 11/9/2022 |
12.1.0 | 639 | 10/20/2022 |
12.0.0 | 528 | 10/20/2022 |
11.10.0 | 644 | 9/27/2022 |
11.9.0 | 827 | 6/28/2022 |
11.8.0 | 685 | 6/27/2022 |
11.7.0 | 638 | 6/23/2022 |
11.6.1 | 667 | 6/8/2022 |
11.6.0 | 636 | 6/7/2022 |
11.5.1 | 728 | 5/13/2022 |
11.5.0 | 984 | 4/1/2022 |
11.4.0 | 710 | 3/30/2022 |
11.3.1 | 833 | 3/16/2022 |
11.3.0 | 764 | 3/15/2022 |
11.2.4 | 778 | 3/13/2022 |
11.2.3 | 736 | 3/10/2022 |
11.2.2 | 752 | 3/9/2022 |
11.2.1 | 743 | 3/8/2022 |
11.1.3 | 916 | 3/7/2022 |
11.1.2 | 778 | 2/24/2022 |
11.1.1 | 748 | 2/22/2022 |
11.1.0 | 735 | 2/22/2022 |
11.0.0 | 758 | 2/21/2022 |
10.0.0 | 636 | 1/14/2022 |
9.0.4 | 402 | 1/6/2022 |
9.0.3 | 448 | 12/16/2021 |
9.0.2 | 427 | 12/9/2021 |
9.0.1 | 465 | 12/9/2021 |
9.0.0 | 332 | 12/3/2021 |
8.2.0 | 3,014 | 11/25/2021 |
8.1.1 | 576 | 11/4/2021 |
8.1.0 | 592 | 11/4/2021 |
8.0.0 | 644 | 10/28/2021 |
7.0.1 | 427 | 10/12/2021 |
7.0.0 | 450 | 10/6/2021 |
6.0.1 | 480 | 10/6/2021 |
6.0.0 | 434 | 10/6/2021 |
5.2.0 | 474 | 9/29/2021 |
5.1.0 | 423 | 9/27/2021 |
5.0.2 | 427 | 9/13/2021 |
5.0.1 | 407 | 9/8/2021 |
5.0.0 | 455 | 9/7/2021 |
4.1.0 | 396 | 8/18/2021 |
4.0.0 | 432 | 7/7/2021 |
3.0.0 | 449 | 7/5/2021 |
2.0.0 | 463 | 6/29/2021 |
1.2.0 | 425 | 5/11/2021 |
1.1.0 | 449 | 4/22/2021 |
1.0.3 | 417 | 4/1/2021 |
1.0.2 | 429 | 4/1/2021 |
1.0.1 | 387 | 4/1/2021 |
1.0.0 | 376 | 3/31/2021 |