mirror of
https://github.com/pocket-id/pocket-id.git
synced 2025-12-17 01:11:38 +03:00
feat: add Cache-Control: private, no-store to all API routes per default (#1126)
This commit is contained in:
Elias Schneider
@@ -63,6 +63,7 @@ func initRouterInternal(db *gorm.DB, svc *services) (utils.Service, error) {
|
|||||||
rateLimitMiddleware := middleware.NewRateLimitMiddleware().Add(rate.Every(time.Second), 60)
|
rateLimitMiddleware := middleware.NewRateLimitMiddleware().Add(rate.Every(time.Second), 60)
|
||||||
|
|
||||||
// Setup global middleware
|
// Setup global middleware
|
||||||
|
r.Use(middleware.NewCacheControlMiddleware().Add())
|
||||||
r.Use(middleware.NewCorsMiddleware().Add())
|
r.Use(middleware.NewCorsMiddleware().Add())
|
||||||
r.Use(middleware.NewCspMiddleware().Add())
|
r.Use(middleware.NewCspMiddleware().Add())
|
||||||
r.Use(middleware.NewErrorHandlerMiddleware().Add())
|
r.Use(middleware.NewErrorHandlerMiddleware().Add())
|
||||||
|
|||||||
26
backend/internal/middleware/cache_control.go
Normal file
26
backend/internal/middleware/cache_control.go
Normal file
@@ -0,0 +1,26 @@
|
|||||||
|
package middleware
|
||||||
|
|
||||||
|
import "github.com/gin-gonic/gin"
|
||||||
|
|
||||||
|
// CacheControlMiddleware sets a safe default Cache-Control header on responses
|
||||||
|
// that do not already specify one. This prevents proxies from caching
|
||||||
|
// authenticated responses that might contain private data.
|
||||||
|
type CacheControlMiddleware struct {
|
||||||
|
headerValue string
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewCacheControlMiddleware() *CacheControlMiddleware {
|
||||||
|
return &CacheControlMiddleware{
|
||||||
|
headerValue: "private, no-store",
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *CacheControlMiddleware) Add() gin.HandlerFunc {
|
||||||
|
return func(c *gin.Context) {
|
||||||
|
if c.Writer.Header().Get("Cache-Control") == "" {
|
||||||
|
c.Header("Cache-Control", m.headerValue)
|
||||||
|
}
|
||||||
|
|
||||||
|
c.Next()
|
||||||
|
}
|
||||||
|
}
|
||||||
45
backend/internal/middleware/cache_control_test.go
Normal file
45
backend/internal/middleware/cache_control_test.go
Normal file
@@ -0,0 +1,45 @@
|
|||||||
|
package middleware
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
"net/http/httptest"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestCacheControlMiddlewareSetsDefault(t *testing.T) {
|
||||||
|
gin.SetMode(gin.TestMode)
|
||||||
|
router := gin.New()
|
||||||
|
router.Use(NewCacheControlMiddleware().Add())
|
||||||
|
|
||||||
|
router.GET("/test", func(c *gin.Context) {
|
||||||
|
c.Status(http.StatusOK)
|
||||||
|
})
|
||||||
|
|
||||||
|
req := httptest.NewRequest(http.MethodGet, "/test", http.NoBody)
|
||||||
|
w := httptest.NewRecorder()
|
||||||
|
|
||||||
|
router.ServeHTTP(w, req)
|
||||||
|
|
||||||
|
require.Equal(t, "private, no-store", w.Header().Get("Cache-Control"))
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestCacheControlMiddlewarePreservesExistingHeader(t *testing.T) {
|
||||||
|
gin.SetMode(gin.TestMode)
|
||||||
|
router := gin.New()
|
||||||
|
router.Use(NewCacheControlMiddleware().Add())
|
||||||
|
|
||||||
|
router.GET("/custom", func(c *gin.Context) {
|
||||||
|
c.Header("Cache-Control", "public, max-age=60")
|
||||||
|
c.Status(http.StatusOK)
|
||||||
|
})
|
||||||
|
|
||||||
|
req := httptest.NewRequest(http.MethodGet, "/custom", http.NoBody)
|
||||||
|
w := httptest.NewRecorder()
|
||||||
|
|
||||||
|
router.ServeHTTP(w, req)
|
||||||
|
|
||||||
|
require.Equal(t, "public, max-age=60", w.Header().Get("Cache-Control"))
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user