zitadel/internal/api/http/middleware/cache_interceptor.go

package middleware

import (
	"fmt"
	"net/http"
	"regexp"
	"strings"
	"time"

	http_utils "github.com/caos/zitadel/internal/api/http"
)

type Cache struct {
	Cacheability Cacheability
	NoCache      bool
	NoStore      bool
	MaxAge       time.Duration
	SharedMaxAge time.Duration
	NoTransform  bool
	Revalidation Revalidation
}

type Cacheability string

const (
	CacheabilityNotSet  Cacheability = ""
	CacheabilityPublic               = "public"
	CacheabilityPrivate              = "private"
)

type Revalidation string

const (
	RevalidationNotSet Revalidation = ""
	RevalidationMust                = "must-revalidate"
	RevalidationProxy               = "proxy-revalidate"
)

type CacheConfig struct {
	MaxAge       time.Duration
	SharedMaxAge time.Duration
}

var (
	NeverCacheOptions = &Cache{
		NoStore: true,
	}
	AssetOptions = func(maxAge, SharedMaxAge time.Duration) *Cache {
		return &Cache{
			Cacheability: CacheabilityPublic,
			MaxAge:       maxAge,
			SharedMaxAge: SharedMaxAge,
		}
	}
)

func DefaultCacheInterceptor(pattern string, maxAge, sharedMaxAge time.Duration) (func(http.Handler) http.Handler, error) {
	regex, err := regexp.Compile(pattern)
	if err != nil {
		return nil, err
	}
	return func(handler http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			if regex.MatchString(r.URL.Path) {
				AssetsCacheInterceptor(maxAge, sharedMaxAge, handler).ServeHTTP(w, r)
				return
			}
			NoCacheInterceptor(handler).ServeHTTP(w, r)
		})
	}, nil
}

func NoCacheInterceptor(h http.Handler) http.Handler {
	return CacheInterceptorOpts(h, NeverCacheOptions)
}

func AssetsCacheInterceptor(maxAge, sharedMaxAge time.Duration, h http.Handler) http.Handler {
	return CacheInterceptorOpts(h, AssetOptions(maxAge, sharedMaxAge))
}

func CacheInterceptorOpts(h http.Handler, cache *Cache) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
		cachingResponseWriter := &cachingResponseWriter{
			ResponseWriter: w,
			Cache:          cache,
		}
		h.ServeHTTP(cachingResponseWriter, req)
	})
}

type cachingResponseWriter struct {
	http.ResponseWriter
	*Cache
}

func (w *cachingResponseWriter) WriteHeader(code int) {
	if code >= 400 {
		NeverCacheOptions.serializeHeaders(w.ResponseWriter)
		w.ResponseWriter.WriteHeader(code)
		return
	}
	w.Cache.serializeHeaders(w.ResponseWriter)
	w.ResponseWriter.WriteHeader(code)
}

func (c *Cache) serializeHeaders(w http.ResponseWriter) {
	control := make([]string, 0, 6)
	pragma := false

	if c.Cacheability != CacheabilityNotSet {
		control = append(control, string(c.Cacheability))
		control = append(control, fmt.Sprintf("max-age=%v", c.MaxAge.Seconds()))
		if c.SharedMaxAge != c.MaxAge {
			control = append(control, fmt.Sprintf("s-maxage=%v", c.SharedMaxAge.Seconds()))
		}
	}
	maxAge := c.MaxAge
	if maxAge == 0 {
		maxAge = -time.Hour
	}
	expires := time.Now().UTC().Add(maxAge).Format(http.TimeFormat)

	if c.NoCache {
		control = append(control, fmt.Sprintf("no-cache"))
		pragma = true
	}

	if c.NoStore {
		control = append(control, fmt.Sprintf("no-store"))
		pragma = true
	}
	if c.NoTransform {
		control = append(control, fmt.Sprintf("no-transform"))
	}

	if c.Revalidation != RevalidationNotSet {
		control = append(control, string(c.Revalidation))
	}

	w.Header().Set(http_utils.CacheControl, strings.Join(control, ", "))
	w.Header().Set(http_utils.Expires, expires)
	if pragma {
		w.Header().Set(http_utils.Pragma, "no-cache")
	}
}
fix: improvements for login and oidc (#227) * add csrf * caching * caching * caching * caching * security headers * csp and security headers * error handler csp * select user with display name * csp * user selection styling * username to loginname * regenerate grpc * regenerate * change to login name 2020-06-17 06:06:40 +00:00			`package middleware`

			`import (`
			`"fmt"`
			`"net/http"`
			`"regexp"`
			`"strings"`
			`"time"`

feat: port reduction (#323) * move mgmt pkg * begin package restructure * rename auth package to authz * begin start api * move auth * move admin * fix merge * configs and interceptors * interceptor * revert generate-grpc.sh * some cleanups * console * move console * fix tests and merging * js linting * merge * merging and configs * change k8s base to current ports * fixes * cleanup * regenerate proto * remove unnecessary whitespace * missing param * go mod tidy * fix merging * move login pkg * cleanup * move api pkgs again * fix pkg naming * fix generate-static.sh for login * update workflow * fixes * logging * remove duplicate * comment for optional gateway interfaces * regenerate protos * fix proto imports for grpc web * protos * grpc web generate * grpc web generate * fix changes * add translation interceptor * fix merging * regenerate mgmt proto 2020-07-08 11:56:37 +00:00			`http_utils "github.com/caos/zitadel/internal/api/http"`
fix: improvements for login and oidc (#227) * add csrf * caching * caching * caching * caching * security headers * csp and security headers * error handler csp * select user with display name * csp * user selection styling * username to loginname * regenerate grpc * regenerate * change to login name 2020-06-17 06:06:40 +00:00			`)`

			`type Cache struct {`
			`Cacheability Cacheability`
			`NoCache bool`
			`NoStore bool`
			`MaxAge time.Duration`
			`SharedMaxAge time.Duration`
			`NoTransform bool`
			`Revalidation Revalidation`
			`}`

			`type Cacheability string`

			`const (`
			`CacheabilityNotSet Cacheability = ""`
			`CacheabilityPublic = "public"`
			`CacheabilityPrivate = "private"`
			`)`

			`type Revalidation string`

			`const (`
			`RevalidationNotSet Revalidation = ""`
			`RevalidationMust = "must-revalidate"`
			`RevalidationProxy = "proxy-revalidate"`
			`)`

			`type CacheConfig struct {`
feat: run on a single port (#3163) * start v2 * start * run * some cleanup * remove v2 pkg again * simplify * webauthn * remove unused config * fix login path in Dockerfile * fix asset_generator.go * health handler * fix grpc web * refactor * merge * build new main.go * run new main.go * update logging pkg * fix error msg * update logging * cleanup * cleanup * go mod tidy * change localDevMode * fix customEndpoints * update logging * comments * change local flag to external configs * fix location generated go code * fix Co-authored-by: fforootd <florian@caos.ch> 2022-02-14 16:22:30 +00:00			`MaxAge time.Duration`
			`SharedMaxAge time.Duration`
fix: improvements for login and oidc (#227) * add csrf * caching * caching * caching * caching * security headers * csp and security headers * error handler csp * select user with display name * csp * user selection styling * username to loginname * regenerate grpc * regenerate * change to login name 2020-06-17 06:06:40 +00:00			`}`

			`var (`
			`NeverCacheOptions = &Cache{`
			`NoStore: true,`
			`}`
			`AssetOptions = func(maxAge, SharedMaxAge time.Duration) *Cache {`
			`return &Cache{`
			`Cacheability: CacheabilityPublic,`
			`MaxAge: maxAge,`
			`SharedMaxAge: SharedMaxAge,`
			`}`
			`}`
			`)`

			`func DefaultCacheInterceptor(pattern string, maxAge, sharedMaxAge time.Duration) (func(http.Handler) http.Handler, error) {`
			`regex, err := regexp.Compile(pattern)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return func(handler http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`if regex.MatchString(r.URL.Path) {`
			`AssetsCacheInterceptor(maxAge, sharedMaxAge, handler).ServeHTTP(w, r)`
			`return`
			`}`
			`NoCacheInterceptor(handler).ServeHTTP(w, r)`
			`})`
			`}, nil`
			`}`

			`func NoCacheInterceptor(h http.Handler) http.Handler {`
			`return CacheInterceptorOpts(h, NeverCacheOptions)`
			`}`

			`func AssetsCacheInterceptor(maxAge, sharedMaxAge time.Duration, h http.Handler) http.Handler {`
			`return CacheInterceptorOpts(h, AssetOptions(maxAge, sharedMaxAge))`
			`}`

			`func CacheInterceptorOpts(h http.Handler, cache *Cache) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {`
fix: do not cache api (incl. grpc) and http errors (#2088) * fix: add cache-control headers (no-store, no-cache) on grpc (for grpc-web) * fix: do not cache api response (incl. grpc) and http errors 2021-07-28 11:19:44 +00:00			`cachingResponseWriter := &cachingResponseWriter{`
			`ResponseWriter: w,`
			`Cache: cache,`
			`}`
			`h.ServeHTTP(cachingResponseWriter, req)`
fix: improvements for login and oidc (#227) * add csrf * caching * caching * caching * caching * security headers * csp and security headers * error handler csp * select user with display name * csp * user selection styling * username to loginname * regenerate grpc * regenerate * change to login name 2020-06-17 06:06:40 +00:00			`})`
			`}`

fix: do not cache api (incl. grpc) and http errors (#2088) * fix: add cache-control headers (no-store, no-cache) on grpc (for grpc-web) * fix: do not cache api response (incl. grpc) and http errors 2021-07-28 11:19:44 +00:00			`type cachingResponseWriter struct {`
			`http.ResponseWriter`
			`*Cache`
			`}`

			`func (w *cachingResponseWriter) WriteHeader(code int) {`
			`if code >= 400 {`
			`NeverCacheOptions.serializeHeaders(w.ResponseWriter)`
			`w.ResponseWriter.WriteHeader(code)`
			`return`
			`}`
			`w.Cache.serializeHeaders(w.ResponseWriter)`
			`w.ResponseWriter.WriteHeader(code)`
			`}`

fix: improvements for login and oidc (#227) * add csrf * caching * caching * caching * caching * security headers * csp and security headers * error handler csp * select user with display name * csp * user selection styling * username to loginname * regenerate grpc * regenerate * change to login name 2020-06-17 06:06:40 +00:00			`func (c *Cache) serializeHeaders(w http.ResponseWriter) {`
			`control := make([]string, 0, 6)`
			`pragma := false`

			`if c.Cacheability != CacheabilityNotSet {`
			`control = append(control, string(c.Cacheability))`
			`control = append(control, fmt.Sprintf("max-age=%v", c.MaxAge.Seconds()))`
			`if c.SharedMaxAge != c.MaxAge {`
			`control = append(control, fmt.Sprintf("s-maxage=%v", c.SharedMaxAge.Seconds()))`
			`}`
			`}`
			`maxAge := c.MaxAge`
			`if maxAge == 0 {`
			`maxAge = -time.Hour`
			`}`
			`expires := time.Now().UTC().Add(maxAge).Format(http.TimeFormat)`

			`if c.NoCache {`
			`control = append(control, fmt.Sprintf("no-cache"))`
			`pragma = true`
			`}`

			`if c.NoStore {`
			`control = append(control, fmt.Sprintf("no-store"))`
			`pragma = true`
			`}`
			`if c.NoTransform {`
			`control = append(control, fmt.Sprintf("no-transform"))`
			`}`

			`if c.Revalidation != RevalidationNotSet {`
			`control = append(control, string(c.Revalidation))`
			`}`

feat: port reduction (#323) * move mgmt pkg * begin package restructure * rename auth package to authz * begin start api * move auth * move admin * fix merge * configs and interceptors * interceptor * revert generate-grpc.sh * some cleanups * console * move console * fix tests and merging * js linting * merge * merging and configs * change k8s base to current ports * fixes * cleanup * regenerate proto * remove unnecessary whitespace * missing param * go mod tidy * fix merging * move login pkg * cleanup * move api pkgs again * fix pkg naming * fix generate-static.sh for login * update workflow * fixes * logging * remove duplicate * comment for optional gateway interfaces * regenerate protos * fix proto imports for grpc web * protos * grpc web generate * grpc web generate * fix changes * add translation interceptor * fix merging * regenerate mgmt proto 2020-07-08 11:56:37 +00:00			`w.Header().Set(http_utils.CacheControl, strings.Join(control, ", "))`
			`w.Header().Set(http_utils.Expires, expires)`
fix: improvements for login and oidc (#227) * add csrf * caching * caching * caching * caching * security headers * csp and security headers * error handler csp * select user with display name * csp * user selection styling * username to loginname * regenerate grpc * regenerate * change to login name 2020-06-17 06:06:40 +00:00			`if pragma {`
feat: port reduction (#323) * move mgmt pkg * begin package restructure * rename auth package to authz * begin start api * move auth * move admin * fix merge * configs and interceptors * interceptor * revert generate-grpc.sh * some cleanups * console * move console * fix tests and merging * js linting * merge * merging and configs * change k8s base to current ports * fixes * cleanup * regenerate proto * remove unnecessary whitespace * missing param * go mod tidy * fix merging * move login pkg * cleanup * move api pkgs again * fix pkg naming * fix generate-static.sh for login * update workflow * fixes * logging * remove duplicate * comment for optional gateway interfaces * regenerate protos * fix proto imports for grpc web * protos * grpc web generate * grpc web generate * fix changes * add translation interceptor * fix merging * regenerate mgmt proto 2020-07-08 11:56:37 +00:00			`w.Header().Set(http_utils.Pragma, "no-cache")`
fix: improvements for login and oidc (#227) * add csrf * caching * caching * caching * caching * security headers * csp and security headers * error handler csp * select user with display name * csp * user selection styling * username to loginname * regenerate grpc * regenerate * change to login name 2020-06-17 06:06:40 +00:00			`}`
			`}`