summaryrefslogtreecommitdiff
path: root/packages/backend/src/server
diff options
context:
space:
mode:
authordakkar <dakkar@thenautilus.net>2023-12-31 13:27:38 +0000
committerdakkar <dakkar@thenautilus.net>2023-12-31 13:27:38 +0000
commit6d5d3d9ea18ba348d67af9af7e60d268ebe981e0 (patch)
tree4ad4eb3c8d2600c0f5f323ea3890108ce9285b86 /packages/backend/src/server
parentmerge: enhance module player hide pattern when not needed (#282) (diff)
downloadsharkey-6d5d3d9ea18ba348d67af9af7e60d268ebe981e0.tar.gz
sharkey-6d5d3d9ea18ba348d67af9af7e60d268ebe981e0.tar.bz2
sharkey-6d5d3d9ea18ba348d67af9af7e60d268ebe981e0.zip
auth-fetch: ask to never cache responses
I could have factored out all the lines that set cache headers, but that would have made future merges even more complicated ☹ thanks ShittyCopper for reporting the problem!
Diffstat (limited to 'packages/backend/src/server')
-rw-r--r--packages/backend/src/server/ActivityPubServerService.ts55
1 files changed, 39 insertions, 16 deletions
diff --git a/packages/backend/src/server/ActivityPubServerService.ts b/packages/backend/src/server/ActivityPubServerService.ts
index 68de738238..c3992eac80 100644
--- a/packages/backend/src/server/ActivityPubServerService.ts
+++ b/packages/backend/src/server/ActivityPubServerService.ts
@@ -129,6 +129,13 @@ export class ActivityPubServerService {
this is also inspired by FireFish's `checkFetch`
*/
+ /* tell any caching proxy that they should not cache these
+ responses: we wouldn't want the proxy to return a 403 to
+ someone presenting a valid signature, or return a cached
+ response body to someone we've blocked!
+ */
+ reply.header('Cache-Control', 'private, max-age=0, must-revalidate');
+
/* we always allow requests about our instance actor, because when
a remote instance needs to check our signature on a request we
sent, it will need to fetch information about the user that
@@ -322,11 +329,13 @@ export class ActivityPubServerService {
if (profile.followersVisibility === 'private') {
reply.code(403);
- reply.header('Cache-Control', 'public, max-age=30');
+ if (!this.config.checkActivityPubGetSignature)
+ reply.header('Cache-Control', 'public, max-age=30');
return;
} else if (profile.followersVisibility === 'followers') {
reply.code(403);
- reply.header('Cache-Control', 'public, max-age=30');
+ if (!this.config.checkActivityPubGetSignature)
+ reply.header('Cache-Control', 'public, max-age=30');
return;
}
//#endregion
@@ -378,7 +387,8 @@ export class ActivityPubServerService {
user.followersCount,
`${partOf}?page=true`,
);
- reply.header('Cache-Control', 'public, max-age=180');
+ if (!this.config.checkActivityPubGetSignature)
+ reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(rendered));
}
@@ -416,11 +426,13 @@ export class ActivityPubServerService {
if (profile.followingVisibility === 'private') {
reply.code(403);
- reply.header('Cache-Control', 'public, max-age=30');
+ if (!this.config.checkActivityPubGetSignature)
+ reply.header('Cache-Control', 'public, max-age=30');
return;
} else if (profile.followingVisibility === 'followers') {
reply.code(403);
- reply.header('Cache-Control', 'public, max-age=30');
+ if (!this.config.checkActivityPubGetSignature)
+ reply.header('Cache-Control', 'public, max-age=30');
return;
}
//#endregion
@@ -472,7 +484,8 @@ export class ActivityPubServerService {
user.followingCount,
`${partOf}?page=true`,
);
- reply.header('Cache-Control', 'public, max-age=180');
+ if (!this.config.checkActivityPubGetSignature)
+ reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(rendered));
}
@@ -513,7 +526,8 @@ export class ActivityPubServerService {
renderedNotes,
);
- reply.header('Cache-Control', 'public, max-age=180');
+ if (!this.config.checkActivityPubGetSignature)
+ reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(rendered));
}
@@ -604,7 +618,8 @@ export class ActivityPubServerService {
`${partOf}?page=true`,
`${partOf}?page=true&since_id=000000000000000000000000`,
);
- reply.header('Cache-Control', 'public, max-age=180');
+ if (!this.config.checkActivityPubGetSignature)
+ reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(rendered));
}
@@ -617,7 +632,8 @@ export class ActivityPubServerService {
return;
}
- reply.header('Cache-Control', 'public, max-age=180');
+ if (!this.config.checkActivityPubGetSignature)
+ reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(await this.apRendererService.renderPerson(user as MiLocalUser)));
}
@@ -707,7 +723,8 @@ export class ActivityPubServerService {
return;
}
- reply.header('Cache-Control', 'public, max-age=180');
+ if (!this.config.checkActivityPubGetSignature)
+ reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return this.apRendererService.addContext(await this.apRendererService.renderNote(note, false));
});
@@ -730,7 +747,8 @@ export class ActivityPubServerService {
return;
}
- reply.header('Cache-Control', 'public, max-age=180');
+ if (!this.config.checkActivityPubGetSignature)
+ reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(await this.packActivity(note)));
});
@@ -775,7 +793,8 @@ export class ActivityPubServerService {
const keypair = await this.userKeypairService.getUserKeypair(user.id);
if (this.userEntityService.isLocalUser(user)) {
- reply.header('Cache-Control', 'public, max-age=180');
+ if (!this.config.checkActivityPubGetSignature)
+ reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(this.apRendererService.renderKey(user, keypair)));
} else {
@@ -825,7 +844,8 @@ export class ActivityPubServerService {
return;
}
- reply.header('Cache-Control', 'public, max-age=180');
+ if (!this.config.checkActivityPubGetSignature)
+ reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(await this.apRendererService.renderEmoji(emoji)));
});
@@ -848,7 +868,8 @@ export class ActivityPubServerService {
return;
}
- reply.header('Cache-Control', 'public, max-age=180');
+ if (!this.config.checkActivityPubGetSignature)
+ reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(await this.apRendererService.renderLike(reaction, note)));
});
@@ -876,7 +897,8 @@ export class ActivityPubServerService {
return;
}
- reply.header('Cache-Control', 'public, max-age=180');
+ if (!this.config.checkActivityPubGetSignature)
+ reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(this.apRendererService.renderFollow(follower, followee)));
});
@@ -913,7 +935,8 @@ export class ActivityPubServerService {
return;
}
- reply.header('Cache-Control', 'public, max-age=180');
+ if (!this.config.checkActivityPubGetSignature)
+ reply.header('Cache-Control', 'public, max-age=180');
this.setResponseType(request, reply);
return (this.apRendererService.addContext(this.apRendererService.renderFollow(follower, followee)));
});
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-03 18:05:05 +0000