Skip to content

Commit

Permalink
[bugfix] Set Vary header correctly on cache-control (#1988)
Browse files Browse the repository at this point in the history
* [bugfix] Set Vary header correctly on cache-control

* Prefer activitypub types on AP endpoints

* use immutable on file server, vary by range

* vary auth on Accept
  • Loading branch information
tsmethurst authored Jul 13, 2023
1 parent 8868889 commit 12b6cdc
Show file tree
Hide file tree
Showing 19 changed files with 131 additions and 40 deletions.
19 changes: 15 additions & 4 deletions internal/api/activitypub.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,20 +41,31 @@ func (a *ActivityPub) Route(r router.Router, m ...gin.HandlerFunc) {
usersGroup := r.AttachGroup("users")

// attach shared, non-global middlewares to both of these groups
cacheControlMiddleware := middleware.CacheControl("no-store")
ccMiddleware := middleware.CacheControl(middleware.CacheControlConfig{
Directives: []string{"no-store"},
})
emojiGroup.Use(m...)
usersGroup.Use(m...)
emojiGroup.Use(a.signatureCheckMiddleware, cacheControlMiddleware)
usersGroup.Use(a.signatureCheckMiddleware, cacheControlMiddleware)
emojiGroup.Use(a.signatureCheckMiddleware, ccMiddleware)
usersGroup.Use(a.signatureCheckMiddleware, ccMiddleware)

a.emoji.Route(emojiGroup.Handle)
a.users.Route(usersGroup.Handle)
}

// Public key endpoint requires different middleware + cache policies from other AP endpoints.
func (a *ActivityPub) RoutePublicKey(r router.Router, m ...gin.HandlerFunc) {
// Create grouping for the 'users/[username]/main-key' prefix.
publicKeyGroup := r.AttachGroup(publickey.PublicKeyPath)
publicKeyGroup.Use(a.signatureCheckMiddleware, middleware.CacheControl("public,max-age=604800"))

// Attach middleware allowing public cacheing of main-key.
ccMiddleware := middleware.CacheControl(middleware.CacheControlConfig{
Directives: []string{"public", "max-age=604800"},
Vary: []string{"Accept", "Accept-Encoding"},
})
publicKeyGroup.Use(m...)
publicKeyGroup.Use(a.signatureCheckMiddleware, ccMiddleware)

a.publicKey.Route(publicKeyGroup.Handle)
}

Expand Down
2 changes: 1 addition & 1 deletion internal/api/activitypub/emoji/emojiget.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ func (m *Module) EmojiGetHandler(c *gin.Context) {
return
}

format, err := apiutil.NegotiateAccept(c, apiutil.ActivityPubAcceptHeaders...)
format, err := apiutil.NegotiateAccept(c, apiutil.ActivityPubHeaders...)
if err != nil {
apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
return
Expand Down
2 changes: 1 addition & 1 deletion internal/api/activitypub/publickey/publickeyget.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ func (m *Module) PublicKeyGETHandler(c *gin.Context) {
return
}

format, err := apiutil.NegotiateAccept(c, apiutil.HTMLOrActivityPubHeaders...)
format, err := apiutil.NegotiateAccept(c, apiutil.ActivityPubOrHTMLHeaders...)
if err != nil {
apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
return
Expand Down
2 changes: 1 addition & 1 deletion internal/api/activitypub/users/featured.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ func (m *Module) FeaturedCollectionGETHandler(c *gin.Context) {
return
}

format, err := apiutil.NegotiateAccept(c, apiutil.HTMLOrActivityPubHeaders...)
format, err := apiutil.NegotiateAccept(c, apiutil.ActivityPubOrHTMLHeaders...)
if err != nil {
apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
return
Expand Down
2 changes: 1 addition & 1 deletion internal/api/activitypub/users/followers.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ func (m *Module) FollowersGETHandler(c *gin.Context) {
return
}

format, err := apiutil.NegotiateAccept(c, apiutil.HTMLOrActivityPubHeaders...)
format, err := apiutil.NegotiateAccept(c, apiutil.ActivityPubOrHTMLHeaders...)
if err != nil {
apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
return
Expand Down
2 changes: 1 addition & 1 deletion internal/api/activitypub/users/following.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ func (m *Module) FollowingGETHandler(c *gin.Context) {
return
}

format, err := apiutil.NegotiateAccept(c, apiutil.HTMLOrActivityPubHeaders...)
format, err := apiutil.NegotiateAccept(c, apiutil.ActivityPubOrHTMLHeaders...)
if err != nil {
apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
return
Expand Down
2 changes: 1 addition & 1 deletion internal/api/activitypub/users/outboxget.go
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ func (m *Module) OutboxGETHandler(c *gin.Context) {
return
}

format, err := apiutil.NegotiateAccept(c, apiutil.HTMLOrActivityPubHeaders...)
format, err := apiutil.NegotiateAccept(c, apiutil.ActivityPubOrHTMLHeaders...)
if err != nil {
apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
return
Expand Down
2 changes: 1 addition & 1 deletion internal/api/activitypub/users/repliesget.go
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ func (m *Module) StatusRepliesGETHandler(c *gin.Context) {
return
}

format, err := apiutil.NegotiateAccept(c, apiutil.HTMLOrActivityPubHeaders...)
format, err := apiutil.NegotiateAccept(c, apiutil.ActivityPubOrHTMLHeaders...)
if err != nil {
apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
return
Expand Down
2 changes: 1 addition & 1 deletion internal/api/activitypub/users/statusget.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ func (m *Module) StatusGETHandler(c *gin.Context) {
return
}

format, err := apiutil.NegotiateAccept(c, apiutil.HTMLOrActivityPubHeaders...)
format, err := apiutil.NegotiateAccept(c, apiutil.ActivityPubOrHTMLHeaders...)
if err != nil {
apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
return
Expand Down
2 changes: 1 addition & 1 deletion internal/api/activitypub/users/userget.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ func (m *Module) UsersGETHandler(c *gin.Context) {
return
}

format, err := apiutil.NegotiateAccept(c, apiutil.HTMLOrActivityPubHeaders...)
format, err := apiutil.NegotiateAccept(c, apiutil.ActivityPubOrHTMLHeaders...)
if err != nil {
apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
return
Expand Down
11 changes: 7 additions & 4 deletions internal/api/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,13 +43,16 @@ func (a *Auth) Route(r router.Router, m ...gin.HandlerFunc) {

// instantiate + attach shared, non-global middlewares to both of these groups
var (
cacheControlMiddleware = middleware.CacheControl("private", "max-age=120")
sessionMiddleware = middleware.Session(a.sessionName, a.routerSession.Auth, a.routerSession.Crypt)
ccMiddleware = middleware.CacheControl(middleware.CacheControlConfig{
Directives: []string{"private", "max-age=120"},
Vary: []string{"Accept", "Accept-Encoding"},
})
sessionMiddleware = middleware.Session(a.sessionName, a.routerSession.Auth, a.routerSession.Crypt)
)
authGroup.Use(m...)
oauthGroup.Use(m...)
authGroup.Use(cacheControlMiddleware, sessionMiddleware)
oauthGroup.Use(cacheControlMiddleware, sessionMiddleware)
authGroup.Use(ccMiddleware, sessionMiddleware)
oauthGroup.Use(ccMiddleware, sessionMiddleware)

a.auth.RouteAuth(authGroup.Handle)
a.auth.RouteOauth(oauthGroup.Handle)
Expand Down
5 changes: 4 additions & 1 deletion internal/api/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,10 @@ func (c *Client) Route(r router.Router, m ...gin.HandlerFunc) {
apiGroup.Use(m...)
apiGroup.Use(
middleware.TokenCheck(c.db, c.processor.OAuthValidateBearerToken),
middleware.CacheControl("no-store"), // never cache api responses
middleware.CacheControl(middleware.CacheControlConfig{
// Never cache client api responses.
Directives: []string{"no-store"},
}),
)

// for each client api module, pass it the Handle function
Expand Down
17 changes: 13 additions & 4 deletions internal/api/fileserver.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,18 +36,27 @@ func (f *Fileserver) Route(r router.Router, m ...gin.HandlerFunc) {
// Attach middlewares appropriate for this group.
fileserverGroup.Use(m...)
// If we're using local storage or proxying s3, we can set a
// long max-age on all file requests to reflect that we
// never host different files at the same URL (since
// long max-age + immutable on all file requests to reflect
// that we never host different files at the same URL (since
// ULIDs are generated per piece of media), so we can
// easily prevent clients having to fetch files repeatedly.
//
// If we *are* using non-proxying s3, however, the max age
// must be set dynamically within the request handler,
// based on how long the signed URL has left to live before
// it expires. This ensures that clients won't cache expired
// links. This is done within fileserver/servefile.go.
// links. This is done within fileserver/servefile.go, so we
// should not set the middleware here in that case.
//
// See:
//
// - https://developer.mozilla.org/en-US/docs/Web/HTTP/Caching#avoiding_revalidation
// - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control#immutable
if config.GetStorageBackend() == "local" || config.GetStorageS3Proxy() {
fileserverGroup.Use(middleware.CacheControl("private", "max-age=604800")) // 7d
fileserverGroup.Use(middleware.CacheControl(middleware.CacheControlConfig{
Directives: []string{"private", "max-age=604800", "immutable"},
Vary: []string{"Range"}, // Cache partial ranges separately.
}))
}

f.fileserver.Route(fileserverGroup.Handle)
Expand Down
2 changes: 1 addition & 1 deletion internal/api/fileserver/servefile.go
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ func (m *Module) ServeFile(c *gin.Context) {
// Derive the max-age value from how long the link has left until
// it expires.
maxAge := int(time.Until(content.URL.Expiry).Seconds())
c.Header("Cache-Control", "private,max-age="+strconv.Itoa(maxAge))
c.Header("Cache-Control", "private, max-age="+strconv.Itoa(maxAge)+", immutable")
c.Redirect(http.StatusFound, content.URL.String())
return
}
Expand Down
7 changes: 5 additions & 2 deletions internal/api/nodeinfo.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,11 @@ func (w *NodeInfo) Route(r router.Router, m ...gin.HandlerFunc) {
// attach middlewares appropriate for this group
nodeInfoGroup.Use(m...)
nodeInfoGroup.Use(
// allow cache for 2 minutes
middleware.CacheControl("public", "max-age=120"),
// Allow public cache for 2 minutes.
middleware.CacheControl(middleware.CacheControlConfig{
Directives: []string{"public", "max-age=120"},
Vary: []string{"Accept-Encoding"},
}),
)

w.nodeInfo.Route(nodeInfoGroup.Handle)
Expand Down
30 changes: 23 additions & 7 deletions internal/api/util/negotiate.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,6 @@ import (
"github.com/gin-gonic/gin"
)

// ActivityPubAcceptHeaders represents the Accept headers mentioned here:
var ActivityPubAcceptHeaders = []MIME{
AppActivityJSON,
AppActivityLDJSON,
}

// JSONAcceptHeaders is a slice of offers that just contains application/json types.
var JSONAcceptHeaders = []MIME{
AppJSON,
Expand Down Expand Up @@ -59,12 +53,34 @@ var HTMLAcceptHeaders = []MIME{
}

// HTMLOrActivityPubHeaders matches text/html first, then activitypub types.
// This is useful for user URLs that a user might go to in their browser.
// This is useful for user URLs that a user might go to in their browser,
// but which should also be able to serve ActivityPub as a fallback.
//
// https://www.w3.org/TR/activitypub/#retrieving-objects
var HTMLOrActivityPubHeaders = []MIME{
TextHTML,
AppActivityLDJSON,
AppActivityJSON,
}

// ActivityPubOrHTMLHeaders matches activitypub types first, then text/html.
// This is useful for URLs that should serve ActivityPub by default, but
// which a user might also go to in their browser sometimes.
//
// https://www.w3.org/TR/activitypub/#retrieving-objects
var ActivityPubOrHTMLHeaders = []MIME{
AppActivityLDJSON,
AppActivityJSON,
TextHTML,
}

// ActivityPubHeaders matches only activitypub Accept headers.
// This is useful for URLs should only serve ActivityPub.
//
// https://www.w3.org/TR/activitypub/#retrieving-objects
var ActivityPubHeaders = []MIME{
AppActivityLDJSON,
AppActivityJSON,
}

var HostMetaHeaders = []MIME{
Expand Down
7 changes: 5 additions & 2 deletions internal/api/wellknown.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,11 @@ func (w *WellKnown) Route(r router.Router, m ...gin.HandlerFunc) {
// attach middlewares appropriate for this group
wellKnownGroup.Use(m...)
wellKnownGroup.Use(
// allow .well-known responses to be cached for 2 minutes
middleware.CacheControl("public", "max-age=120"),
// Allow public cache for 2 minutes.
middleware.CacheControl(middleware.CacheControlConfig{
Directives: []string{"public", "max-age=120"},
Vary: []string{"Accept-Encoding"},
}),
)

w.nodeInfo.Route(wellKnownGroup.Handle)
Expand Down
51 changes: 46 additions & 5 deletions internal/middleware/cachecontrol.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,53 @@ import (
"github.com/gin-gonic/gin"
)

// CacheControl returns a new gin middleware which allows callers to control cache settings on response headers.
//
// For directives, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
func CacheControl(directives ...string) gin.HandlerFunc {
ccHeader := strings.Join(directives, ", ")
type CacheControlConfig struct {
// Slice of Cache-Control directives, which will be
// joined comma-separated and served as the value of
// the Cache-Control header.
//
// If no directives are set, the Cache-Control header
// will not be sent in the response at all.
//
// For possible Cache-Control directive values, see:
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
Directives []string

// Slice of Vary header values, which will be joined
// comma-separated and served as the value of the Vary
// header in the response.
//
// If no Vary header values are supplied, then the
// Vary header will be omitted in the response.
//
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Vary
Vary []string
}

// CacheControl returns a new gin middleware which allows
// routes to control cache settings on response headers.
func CacheControl(config CacheControlConfig) gin.HandlerFunc {
if len(config.Directives) == 0 {
// No Cache-Control directives provided,
// return empty/stub function.
return func(c *gin.Context) {}
}

// Cache control is usually done on hot paths so
// parse vars outside of the returned function.
var (
ccHeader = strings.Join(config.Directives, ", ")
varyHeader = strings.Join(config.Vary, ", ")
)

if varyHeader == "" {
return func(c *gin.Context) {
c.Header("Cache-Control", ccHeader)
}
}

return func(c *gin.Context) {
c.Header("Cache-Control", ccHeader)
c.Header("Vary", varyHeader)
}
}
4 changes: 3 additions & 1 deletion internal/web/web.go
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,9 @@ func (m *Module) Route(r router.Router, mi ...gin.HandlerFunc) {
// can still be served
profileGroup := r.AttachGroup(profileGroupPath)
profileGroup.Use(mi...)
profileGroup.Use(middleware.SignatureCheck(m.isURIBlocked), middleware.CacheControl("no-store"))
profileGroup.Use(middleware.SignatureCheck(m.isURIBlocked), middleware.CacheControl(middleware.CacheControlConfig{
Directives: []string{"no-store"},
}))
profileGroup.Handle(http.MethodGet, "", m.profileGETHandler) // use empty path here since it's the base of the group
profileGroup.Handle(http.MethodGet, statusPath, m.threadGETHandler)

Expand Down

0 comments on commit 12b6cdc

Please sign in to comment.