From 76405b2d9063d852e8ea6af17cacd5db4c30bff6 Mon Sep 17 00:00:00 2001 From: rot1024 Date: Tue, 20 Sep 2022 20:31:17 +0900 Subject: [PATCH] fix(server): prevent API caching --- server/internal/app/app.go | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/server/internal/app/app.go b/server/internal/app/app.go index eb8e3b3221..b82ee7e8d9 100644 --- a/server/internal/app/app.go +++ b/server/internal/app/app.go @@ -90,17 +90,19 @@ func initEcho(ctx context.Context, cfg *ServerConfig) *echo.Echo { // apis api := e.Group("/api") - api.GET("/ping", Ping()) - api.POST("/graphql", GraphqlAPI(cfg.Config.GraphQL, gqldev)) + api.GET("/ping", Ping(), private) api.GET("/published/:name", PublishedMetadata()) api.GET("/published_data/:name", PublishedData()) - api.GET("/layers/:param", ExportLayer(), AuthRequiredMiddleware()) - api.POST("/signup", Signup()) + + apiPrivate := api.Group("", private) + apiPrivate.POST("/graphql", GraphqlAPI(cfg.Config.GraphQL, gqldev)) + apiPrivate.GET("/layers/:param", ExportLayer(), AuthRequiredMiddleware()) + apiPrivate.POST("/signup", Signup()) if !cfg.Config.AuthSrv.Disabled { - api.POST("/signup/verify", StartSignupVerify()) - api.POST("/signup/verify/:code", SignupVerify()) - api.POST("/password-reset", PasswordReset()) + apiPrivate.POST("/signup/verify", StartSignupVerify()) + apiPrivate.POST("/signup/verify/:code", SignupVerify()) + apiPrivate.POST("/password-reset", PasswordReset()) } published := e.Group("/p", PublishedAuthMiddleware()) @@ -169,3 +171,10 @@ func errorMessage(err error, log func(string, ...interface{})) (int, string) { return code, msg } + +func private(next echo.HandlerFunc) echo.HandlerFunc { + return func(c echo.Context) error { + c.Response().Header().Set(echo.HeaderCacheControl, "private, no-store, no-cache, must-revalidate") + return next(c) + } +}