From 316878f0d3f2e8fa04a8eb6697c3a924eecd66c5 Mon Sep 17 00:00:00 2001 From: MuXiu1997 Date: Sat, 4 Feb 2023 19:09:00 +0800 Subject: [PATCH] feat: set no cache headers --- internal/app/traefik-github-oauth-server/router/oauth.go | 9 +++++++++ internal/pkg/constant/constant.go | 3 +++ middleware_plugin.go | 9 +++++++++ 3 files changed, 21 insertions(+) diff --git a/internal/app/traefik-github-oauth-server/router/oauth.go b/internal/app/traefik-github-oauth-server/router/oauth.go index e5dfdc8..ea28cb1 100644 --- a/internal/app/traefik-github-oauth-server/router/oauth.go +++ b/internal/app/traefik-github-oauth-server/router/oauth.go @@ -23,6 +23,7 @@ var ( func generateOAuthPageURL(app *server.App) gin.HandlerFunc { return func(c *gin.Context) { + setNoCacheHeaders(c) body := model.RequestGenerateOAuthPageURL{} err := c.ShouldBindJSON(&body) if err != nil { @@ -69,6 +70,7 @@ func generateOAuthPageURL(app *server.App) gin.HandlerFunc { func redirect(app *server.App) gin.HandlerFunc { return func(c *gin.Context) { + setNoCacheHeaders(c) query := model.RequestRedirect{} err := c.BindQuery(&query) if err != nil { @@ -120,6 +122,7 @@ func redirect(app *server.App) gin.HandlerFunc { func getAuthResult(app *server.App) gin.HandlerFunc { return func(c *gin.Context) { + setNoCacheHeaders(c) query := model.RequestGetAuthResult{} err := c.ShouldBindQuery(&query) if err != nil { @@ -181,3 +184,9 @@ func buildRedirectURI(apiBaseUrl, rid string) (string, error) { redirectURI.RawQuery = redirectURLQuery.Encode() return redirectURI.String(), nil } + +func setNoCacheHeaders(c *gin.Context) { + c.Header(constant.HTTP_HEADER_CACHE_CONTROL, "no-cache, no-store, must-revalidate, private") + c.Header(constant.HTTP_HEADER_PRAGMA, "no-cache") + c.Header(constant.HTTP_HEADER_EXPIRES, "0") +} diff --git a/internal/pkg/constant/constant.go b/internal/pkg/constant/constant.go index 90a2aee..580e69e 100644 --- a/internal/pkg/constant/constant.go +++ b/internal/pkg/constant/constant.go @@ -15,6 +15,9 @@ const ( QUERY_KEY_REQUEST_ID = "rid" HTTP_HEADER_AUTHORIZATION = "Authorization" + HTTP_HEADER_CACHE_CONTROL = "Cache-Control" + HTTP_HEADER_PRAGMA = "Pragma" + HTTP_HEADER_EXPIRES = "Expires" AUTHORIZATION_PREFIX_TOKEN = "token" ) diff --git a/middleware_plugin.go b/middleware_plugin.go index fe608ff..6979c97 100644 --- a/middleware_plugin.go +++ b/middleware_plugin.go @@ -135,6 +135,7 @@ func (p *TraefikGithubOauthMiddleware) handleRequest(rw http.ResponseWriter, req return } if !p.whitelistIdSet.Has(user.Id) && !p.whitelistLoginSet.Has(user.Login) { + setNoCacheHeaders(rw) http.Error(rw, "not in whitelist", http.StatusForbidden) return } @@ -143,6 +144,7 @@ func (p *TraefikGithubOauthMiddleware) handleRequest(rw http.ResponseWriter, req // handleAuthRequest func (p *TraefikGithubOauthMiddleware) handleAuthRequest(rw http.ResponseWriter, req *http.Request) { + setNoCacheHeaders(rw) rid := req.URL.Query().Get(constant.QUERY_KEY_REQUEST_ID) result, err := p.getAuthResult(rid) if err != nil { @@ -165,6 +167,7 @@ func (p *TraefikGithubOauthMiddleware) handleAuthRequest(rw http.ResponseWriter, } func (p *TraefikGithubOauthMiddleware) redirectToOAuthPage(rw http.ResponseWriter, req *http.Request) { + setNoCacheHeaders(rw) oAuthPageURL, err := p.generateOAuthPageURL(getRawRequestUrl(req), p.getAuthURL(req)) if err != nil { p.logger.Debugf("redirectToOAuthPage: generateOAuthPageURL: %s\n", err.Error()) @@ -243,6 +246,12 @@ func (p *TraefikGithubOauthMiddleware) getAuthURL(originalReq *http.Request) str return builder.String() } +func setNoCacheHeaders(rw http.ResponseWriter) { + rw.Header().Set(constant.HTTP_HEADER_CACHE_CONTROL, "no-cache, no-store, must-revalidate, private") + rw.Header().Set(constant.HTTP_HEADER_PRAGMA, "no-cache") + rw.Header().Set(constant.HTTP_HEADER_EXPIRES, "0") +} + func getRawRequestUrl(originalReq *http.Request) string { var builder strings.Builder scheme := "http"