Phoenix API与WebSocket通道开发指南：Elixir/BEAM实时应用构建

phoenix-api-channels by bobmatnyc/claude-mpm-skills

89 周安装量

27 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/bobmatnyc/claude-mpm-skills --skill phoenix-api-channels

函数式编程实时通信 API

🇨🇳中文介绍

Phoenix API、通道与在线状态（Elixir/BEAM）

Phoenix 擅长构建 REST/JSON API 和 WebSocket 通道，且样板代码极少，它利用 BEAM 实现容错、轻量级进程和受监管的 PubSub/在线状态功能。

核心支柱

控制器：用于 JSON API，支持插件、管道和版本管理。
上下文：拥有数据（Ecto 模式 + 查询），并向控制器/通道提供精简的 API。
通道 + PubSub：用于扇出式实时更新；在线状态用于追踪用户/设备。
身份验证：通过插件实现（浏览器使用会话/Cookie，API 使用令牌/Bearer），并支持签名参数。

项目设置

mix phx.new my_api --no-html --no-live
cd my_api
mix deps.get
mix ecto.create
mix phx.server

关键文件：

lib/my_api_web/endpoint.ex — 插件、套接字、仪表化
lib/my_api_web/router.ex — 管道、作用域、版本管理、套接字
lib/my_api_web/controllers/* — REST/JSON 控制器
lib/my_api/* — 上下文 + Ecto 模式（数据逻辑的所有权）
lib/my_api_web/channels/* — 通道模块

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

上下文与数据（Ecto）

上下文仅暴露控制器/通道所需的内容。

defmodule MyApi.Accounts do
  import Ecto.Query, warn: false
  alias MyApi.{Repo, Accounts.User}

  def list_users, do: Repo.all(User)
  def get_user!(id), do: Repo.get!(User, id)

  def register_user(attrs) do
    %User{}
    |> User.registration_changeset(attrs)
    |> Repo.insert()
  end
end

保持模式模块不包含控制器相关知识。
在变更集中进行验证；对于多步骤操作使用 Ecto.Multi。
对于大型列表，优先使用分页助手（Scrivener、Flop）。

通道、PubSub 与在线状态

通道模块示例：

defmodule MyApiWeb.RoomChannel do
  use Phoenix.Channel
  alias Phoenix.Presence

  def join("room:" <> room_id, _payload, socket) do
    send(self(), :after_join)
    {:ok, assign(socket, :room_id, room_id)}
  end

  def handle_info(:after_join, socket) do
    Presence.track(socket, socket.assigns.user_id, %{online_at: System.system_time(:second)})
    push(socket, "presence_state", Presence.list(socket))
    {:noreply, socket}
  end

  def handle_in("message:new", %{"body" => body}, socket) do
    broadcast!(socket, "message:new", %{user_id: socket.assigns.user_id, body: body})
    {:noreply, socket}
  end
end

从上下文进行 PubSub

def create_order(attrs) do
  with {:ok, order} <- %Order{} |> Order.changeset(attrs) |> Repo.insert() do
    Phoenix.PubSub.broadcast(MyApi.PubSub, "orders", {:order_created, order})
    {:ok, order}
  end
end

在 UserSocket.connect/3 中授权，然后再加入主题。
限制负载大小；验证传入的事件。
为多租户使用主题分区（"tenant:" <> tenant_id <> ":room:" <> room_id）。

API 令牌：接受 authorization: Bearer <token>；在插件中验证，分配 current_user。
签名参数：使用 Phoenix.Token.sign/verify 处理短期有效的加入参数。
速率限制：使用插件 + ETS/Cachex 或反向代理（NGINX/Cloudflare）。
CORS：在 Endpoint 中使用 cors_plug 进行配置。

使用生成的助手：

defmodule MyApiWeb.UserControllerTest do
  use MyApiWeb.ConnCase, async: true

  test "lists users", %{conn: conn} do
    conn = get(conn, ~p\"/api/v1/users\")
    assert json_response(conn, 200)["data"] == []
  end
end

defmodule MyApiWeb.RoomChannelTest do
  use MyApiWeb.ChannelCase, async: true

  test "broadcasts messages" do
    {:ok, _, socket} = connect(MyApiWeb.UserSocket, %{"token" => "abc"})
    {:ok, _, socket} = subscribe_and_join(socket, "room:123", %{})
    ref = push(socket, "message:new", %{"body" => "hi"})
    assert_reply ref, :ok
    assert_broadcast "message:new", %{body: "hi"}
  end
end

DataCase：每个测试隔离数据库；使用夹具/工厂进行设置。

遥测、可观测性与运维

:telemetry 事件来自端点、控制器、通道和 Ecto 查询；通过 OpentelemetryPhoenix 和 OpentelemetryEcto 导出。
使用 Plug.Telemetry 获取请求指标；添加日志元数据（request_id、user_id）。
发布版本：MIX_ENV=prod mix release；在 config/runtime.exs 中配置运行时。
集群：libcluster + 分布式 PubSub 用于多节点在线状态。
无资源 API：对于纯 API 应用，禁用未使用的监视器（esbuild/tailwind）。

控制器直接执行查询，而不是委托给上下文。
未在 UserSocket.connect/3 中授权，导致主题暴露。
缺少 action_fallback → 错误格式不一致。
忘记限制事件负载大小；大消息可能压垮通道。
未使用时仍启用长轮询；禁用以减少攻击面。

当上下文拥有数据、控制器保持精简、通道使用 PubSub/在线状态并配合严格授权和遥测时，Phoenix API + 通道表现出色。BEAM 处理并发和容错；专注于清晰的边界和实时体验。

🇺🇸English

Phoenix APIs, Channels, and Presence (Elixir/BEAM)

Phoenix excels at REST/JSON APIs and WebSocket Channels with minimal boilerplate, leveraging the BEAM for fault tolerance, lightweight processes, and supervised PubSub/Presence.

Core pillars

Controllers for JSON APIs with plugs, pipelines, and versioning.
Contexts own data (Ecto schemas + queries) and expose a narrow API to controllers/channels.
Channels + PubSub for fan-out real-time updates; Presence for tracking users/devices.
Auth via plugs (session/cookie for browser, token/Bearer for APIs), with signed params.

Project Setup

mix phx.new my_api --no-html --no-live
cd my_api
mix deps.get
mix ecto.create
mix phx.server

Key files:

lib/my_api_web/endpoint.ex — plugs, sockets, instrumentation
lib/my_api_web/router.ex — pipelines, scopes, versioning, sockets
lib/my_api_web/controllers/* — REST/JSON controllers
lib/my_api/* — contexts + Ecto schemas (ownership of data logic)
lib/my_api_web/channels/* — Channel modules

Routing and Pipelines

Separate browser vs API pipelines; version APIs with scopes.

defmodule MyApiWeb.Router do
  use MyApiWeb, :router

  pipeline :api do
    plug :accepts, ["json"]
    plug :fetch_session
    plug :protect_from_forgery
    plug MyApiWeb.Plugs.RequireAuth
  end

  scope "/api", MyApiWeb do
    pipe_through :api

    scope "/v1", V1, as: :v1 do
      resources "/users", UserController, except: [:new, :edit]
      post "/sessions", SessionController, :create
    end
  end

  socket "/socket", MyApiWeb.UserSocket,
    websocket: [connect_info: [:peer_data, :x_headers]],
    longpoll: false
end

Tips

Keep pipelines short; push auth/guards into plugs.
Expose socket "/socket" for Channels; restrict transports as needed.

Controllers and Plugs

Controllers stay thin; contexts own the logic.

defmodule MyApiWeb.V1.UserController do
  use MyApiWeb, :controller
  alias MyApi.Accounts

  action_fallback MyApiWeb.FallbackController

  def index(conn, _params) do
    users = Accounts.list_users()
    render(conn, :index, users: users)
  end

  def create(conn, params) do
    with {:ok, user} <- Accounts.register_user(params) do
      conn
      |> put_status(:created)
      |> put_resp_header("location", ~p\"/api/v1/users/#{user.id}\")
      |> render(:show, user: user)
    end
  end
end

FallbackController centralizes error translation ({:error, :not_found} → 404 JSON).

Plugs

RequireAuth verifies bearer/session tokens, sets current_user.
Use plug :scrub_params-style transforms in pipelines, not controllers.
Avoid heavy work in plugs; they run per-request.

Contexts and Data (Ecto)

Contexts expose only what controllers/channels need.

defmodule MyApi.Accounts do
  import Ecto.Query, warn: false
  alias MyApi.{Repo, Accounts.User}

  def list_users, do: Repo.all(User)
  def get_user!(id), do: Repo.get!(User, id)

  def register_user(attrs) do
    %User{}
    |> User.registration_changeset(attrs)
    |> Repo.insert()
  end
end

Guidelines

Keep schema modules free of controller knowledge.
Validate at the changeset; use Ecto.Multi for multi-step operations.
Prefer pagination helpers (Scrivener, Flop) for large lists.

Channels, PubSub, and Presence

Channel module example:

defmodule MyApiWeb.RoomChannel do
  use Phoenix.Channel
  alias Phoenix.Presence

  def join("room:" <> room_id, _payload, socket) do
    send(self(), :after_join)
    {:ok, assign(socket, :room_id, room_id)}
  end

  def handle_info(:after_join, socket) do
    Presence.track(socket, socket.assigns.user_id, %{online_at: System.system_time(:second)})
    push(socket, "presence_state", Presence.list(socket))
    {:noreply, socket}
  end

  def handle_in("message:new", %{"body" => body}, socket) do
    broadcast!(socket, "message:new", %{user_id: socket.assigns.user_id, body: body})
    {:noreply, socket}
  end
end

PubSub from contexts

def create_order(attrs) do
  with {:ok, order} <- %Order{} |> Order.changeset(attrs) |> Repo.insert() do
    Phoenix.PubSub.broadcast(MyApi.PubSub, "orders", {:order_created, order})
    {:ok, order}
  end
end

Best practices

Authorize in UserSocket.connect/3 before joining topics.
Limit payload sizes; validate incoming events.
Use topic partitioning for tenancy ("tenant:" <> tenant_id <> ":room:" <> room_id).

Authentication Patterns

API tokens : Accept authorization: Bearer <token>; verify in plug, assign current_user.
Signed params : Phoenix.Token.sign/verify for short-lived join params.
Rate limiting : Use plugs + ETS/Cachex or reverse proxy (NGINX/Cloudflare).
CORS : Configure in Endpoint with cors_plug.

Testing

Use generated helpers:

defmodule MyApiWeb.UserControllerTest do
  use MyApiWeb.ConnCase, async: true

  test "lists users", %{conn: conn} do
    conn = get(conn, ~p\"/api/v1/users\")
    assert json_response(conn, 200)["data"] == []
  end
end

Channel tests:

defmodule MyApiWeb.RoomChannelTest do
  use MyApiWeb.ChannelCase, async: true

  test "broadcasts messages" do
    {:ok, _, socket} = connect(MyApiWeb.UserSocket, %{"token" => "abc"})
    {:ok, _, socket} = subscribe_and_join(socket, "room:123", %{})
    ref = push(socket, "message:new", %{"body" => "hi"})
    assert_reply ref, :ok
    assert_broadcast "message:new", %{body: "hi"}
  end
end

DataCase : isolates DB per test; use fixtures/factories for setup.

Telemetry, Observability, and Ops

:telemetry events from endpoint, controller, channel, and Ecto queries; export via OpentelemetryPhoenix and OpentelemetryEcto.
Use Plug.Telemetry for request metrics; add logging metadata (request_id, user_id).
Releases: MIX_ENV=prod mix release; configure runtime in config/runtime.exs.
Clustering: libcluster + distributed PubSub for multi-node Presence.
Assetless APIs: disable unused watchers (esbuild/tailwind) for API-only apps.

Common Pitfalls

Controllers doing queries directly instead of delegating to contexts.
Not authorizing in UserSocket.connect/3, leading to topic exposure.
Missing action_fallback → inconsistent error shapes.
Forgetting to limit event payloads; large messages can overwhelm channels.
Leaving longpoll enabled when unused; disable to reduce surface area.

Phoenix API + Channels shine when contexts own data, controllers stay thin, and Channels use PubSub/Presence with strict authorization and telemetry. The BEAM handles concurrency and fault tolerance; focus on clear boundaries and real-time experiences.

Weekly Installs

Repository

bobmatnyc/claud…m-skills

GitHub Stars

First Seen

Jan 23, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykWarn

Installed on

opencode57

gemini-cli57

codex56

claude-code55

github-copilot53

cursor52

Lark CLI IM 即时消息管理工具：机器人/用户身份操作聊天、消息、文件下载

32,700 周安装