fix(cache): explicitly disable caching for most api routes

package.json

@@ -52,6 +52,7 @@
     "morgan": "^1.10.0",
     "nconf": "^0.10.0",
     "node-gcm": "^1.0.2",
+    "on-headers": "^1.0.2",
     "passport": "^0.4.1",
     "passport-facebook": "^3.0.0",
     "passport-google-oauth2": "^0.2.0",

website/server/controllers/api-v4/faq.js

@@ -1,5 +1,4 @@
 import _ from 'lodash';
-import { query } from 'express-validator/check';
 import { langCodes } from '../../libs/i18n';
 import apiError from '../../libs/apiError';
 import common from '../../../common';
@@ -55,12 +54,9 @@ function _deleteOtherPlatformsAnswers (faqObject, platform) {
 api.faq = {
   method: 'GET',
   url: '/faq',
-  middlewares: [
-    query('platform')
-      .optional()
-      .isIn(['web', 'android', 'ios']).withMessage(apiError('invalidPlatform')),
-  ],
   async handler (req, res) {
+    req.checkQuery('platform').optional().isIn(['web', 'android', 'ios'], apiError('guildsPaginateBooleanString'));
+
     const validationErrors = req.validationErrors();
     if (validationErrors) throw validationErrors;
 

website/server/libs/routes.js

@@ -3,6 +3,9 @@ import _ from 'lodash';
 import {
   getUserLanguage,
 } from '../middlewares/language';
+import {
+  disableCache,
+} from '../middlewares/cache';
 
 // Wrapper function to handler `async` route handlers that return promises
 // It takes the async function, execute it and pass any error to next (args[2])
@@ -28,22 +31,26 @@ export function readController (router, controller, overrides = []) {
       return false;
     });
 
-    const middlewaresToAdd = [getUserLanguage];
+    method = method.toLowerCase();
 
-    if (action.noLanguage !== true) {
+    // all get routes with mandatory or optional authentication
+    if (method === 'get' && authMiddlewareIndex !== -1) {
+      middlewares.unshift(disableCache);
+    }
+
+    if (action.noLanguage !== true) { // unless getting the language is explictly disabled
       // the user will be authenticated, getUserLanguage after authentication
       if (authMiddlewareIndex !== -1) {
         if (authMiddlewareIndex === middlewares.length - 1) {
-          middlewares.push(...middlewaresToAdd);
+          middlewares.push(getUserLanguage);
         } else {
-          middlewares.splice(authMiddlewareIndex + 1, 0, ...middlewaresToAdd);
+          middlewares.splice(authMiddlewareIndex + 1, 0, getUserLanguage);
         }
       } else { // no auth, getUserLanguage as the first middleware
-        middlewares.unshift(...middlewaresToAdd);
+        middlewares.unshift(getUserLanguage);
       }
     }
 
-    method = method.toLowerCase();
     const fn = handler ? _wrapAsyncFn(handler) : noop;
 
     router[method](url, ...middlewares, fn);

website/server/middlewares/cache.js

@@ -0,0 +1,14 @@
+import onHeaders from 'on-headers';
+
+export function disableCache (req, res, next) {
+  res.header('Cache-Control', 'no-store');
+
+  // Remove the etag header when caching is disabled
+  // Unfortunately it's not possible to prevent the creation right now
+  // See this issue https://github.com/expressjs/express/issues/2472
+  onHeaders(res, function removeEtag () {
+    this.removeHeader('ETag');
+  });
+
+  return next();
+}