auth-fetch: ask to never cache responses

I could have factored out all the lines that set cache headers, but
that would have made future merges even more complicated ☹

thanks ShittyCopper for reporting the problem!
This commit is contained in:
dakkar 2023-12-31 13:27:38 +00:00
parent 97dea59e49
commit 6d5d3d9ea1

View file

@ -129,6 +129,13 @@ export class ActivityPubServerService {
this is also inspired by FireFish's `checkFetch`
*/
/* tell any caching proxy that they should not cache these
responses: we wouldn't want the proxy to return a 403 to
someone presenting a valid signature, or return a cached
response body to someone we've blocked!
*/
reply.header('Cache-Control', 'private, max-age=0, must-revalidate');
/* we always allow requests about our instance actor, because when
a remote instance needs to check our signature on a request we
sent, it will need to fetch information about the user that
@ -322,10 +329,12 @@ export class ActivityPubServerService {
if (profile.followersVisibility === 'private') {
reply.code(403);
if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=30');
return;
} else if (profile.followersVisibility === 'followers') {
reply.code(403);
if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=30');
return;
}
@ -378,6 +387,7 @@ export class ActivityPubServerService {
user.followersCount,
`${partOf}?page=true`,
);
if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(rendered));
@ -416,10 +426,12 @@ export class ActivityPubServerService {
if (profile.followingVisibility === 'private') {
reply.code(403);
if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=30');
return;
} else if (profile.followingVisibility === 'followers') {
reply.code(403);
if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=30');
return;
}
@ -472,6 +484,7 @@ export class ActivityPubServerService {
user.followingCount,
`${partOf}?page=true`,
);
if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(rendered));
@ -513,6 +526,7 @@ export class ActivityPubServerService {
renderedNotes,
);
if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(rendered));
@ -604,6 +618,7 @@ export class ActivityPubServerService {
`${partOf}?page=true`,
`${partOf}?page=true&since_id=000000000000000000000000`,
);
if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(rendered));
@ -617,6 +632,7 @@ export class ActivityPubServerService {
return;
}
if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(await this.apRendererService.renderPerson(user as MiLocalUser)));
@ -707,6 +723,7 @@ export class ActivityPubServerService {
return;
}
if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return this.apRendererService.addContext(await this.apRendererService.renderNote(note, false));
@ -730,6 +747,7 @@ export class ActivityPubServerService {
return;
}
if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(await this.packActivity(note)));
@ -775,6 +793,7 @@ export class ActivityPubServerService {
const keypair = await this.userKeypairService.getUserKeypair(user.id);
if (this.userEntityService.isLocalUser(user)) {
if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(this.apRendererService.renderKey(user, keypair)));
@ -825,6 +844,7 @@ export class ActivityPubServerService {
return;
}
if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(await this.apRendererService.renderEmoji(emoji)));
@ -848,6 +868,7 @@ export class ActivityPubServerService {
return;
}
if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(await this.apRendererService.renderLike(reaction, note)));
@ -876,6 +897,7 @@ export class ActivityPubServerService {
return;
}
if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(this.apRendererService.renderFollow(follower, followee)));
@ -913,6 +935,7 @@ export class ActivityPubServerService {
return;
}
if (!this.config.checkActivityPubGetSignature)
reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(this.apRendererService.renderFollow(follower, followee)));