fix(cache): explicitly disable caching for most api routes

2025-12-13 04:37:36 +01:00 · 2020-04-16 17:12:53 +02:00
parent cc7dac47c4
commit bf492933cc
4 changed files with 30 additions and 12 deletions
--- a/package.json
+++ b/package.json
@@ -52,6 +52,7 @@
    "morgan": "^1.10.0",
    "nconf": "^0.10.0",
    "node-gcm": "^1.0.2",
+    "on-headers": "^1.0.2",
    "passport": "^0.4.1",
    "passport-facebook": "^3.0.0",
    "passport-google-oauth2": "^0.2.0",
--- a/website/server/controllers/api-v4/faq.js
+++ b/website/server/controllers/api-v4/faq.js
@@ -1,5 +1,4 @@
 import _ from 'lodash';
-import { query } from 'express-validator/check';
 import { langCodes } from '../../libs/i18n';
 import apiError from '../../libs/apiError';
 import common from '../../../common';
@@ -55,12 +54,9 @@ function _deleteOtherPlatformsAnswers (faqObject, platform) {
 api.faq = {
  method: 'GET',
  url: '/faq',
-  middlewares: [
-    query('platform')
-      .optional()
-      .isIn(['web', 'android', 'ios']).withMessage(apiError('invalidPlatform')),
-  ],
  async handler (req, res) {
+    req.checkQuery('platform').optional().isIn(['web', 'android', 'ios'], apiError('guildsPaginateBooleanString'));
+
    const validationErrors = req.validationErrors();
    if (validationErrors) throw validationErrors;

--- a/website/server/libs/routes.js
+++ b/website/server/libs/routes.js
@@ -3,6 +3,9 @@ import _ from 'lodash';
 import {
  getUserLanguage,
 } from '../middlewares/language';
+import {
+  disableCache,
+} from '../middlewares/cache';

 // Wrapper function to handler `async` route handlers that return promises
 // It takes the async function, execute it and pass any error to next (args[2])
@@ -28,22 +31,26 @@ export function readController (router, controller, overrides = []) {
      return false;
    });

-    const middlewaresToAdd = [getUserLanguage];
+    method = method.toLowerCase();

-    if (action.noLanguage !== true) {
+    // all get routes with mandatory or optional authentication
+    if (method === 'get' && authMiddlewareIndex !== -1) {
+      middlewares.unshift(disableCache);
+    }
+
+    if (action.noLanguage !== true) { // unless getting the language is explictly disabled
      // the user will be authenticated, getUserLanguage after authentication
      if (authMiddlewareIndex !== -1) {
        if (authMiddlewareIndex === middlewares.length - 1) {
-          middlewares.push(...middlewaresToAdd);
+          middlewares.push(getUserLanguage);
        } else {
-          middlewares.splice(authMiddlewareIndex + 1, 0, ...middlewaresToAdd);
+          middlewares.splice(authMiddlewareIndex + 1, 0, getUserLanguage);
        }
      } else { // no auth, getUserLanguage as the first middleware
-        middlewares.unshift(...middlewaresToAdd);
+        middlewares.unshift(getUserLanguage);
      }
    }

-    method = method.toLowerCase();
    const fn = handler ? _wrapAsyncFn(handler) : noop;

    router[method](url, ...middlewares, fn);
--- a/website/server/middlewares/cache.js
+++ b/website/server/middlewares/cache.js
@@ -0,0 +1,14 @@
+import onHeaders from 'on-headers';
+
+export function disableCache (req, res, next) {
+  res.header('Cache-Control', 'no-store');
+
+  // Remove the etag header when caching is disabled
+  // Unfortunately it's not possible to prevent the creation right now
+  // See this issue https://github.com/expressjs/express/issues/2472
+  onHeaders(res, function removeEtag () {
+    this.removeHeader('ETag');
+  });
+
+  return next();
+}