feat: set no cache headers

luizfonseca · Feb 4, 2023 · 316878f · 316878f
1 parent 3c01f5c
commit 316878f
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 0 deletions.
diff --git a/internal/app/traefik-github-oauth-server/router/oauth.go b/internal/app/traefik-github-oauth-server/router/oauth.go
@@ -23,6 +23,7 @@ var (
 
 func generateOAuthPageURL(app *server.App) gin.HandlerFunc {
 	return func(c *gin.Context) {
+		setNoCacheHeaders(c)
 		body := model.RequestGenerateOAuthPageURL{}
 		err := c.ShouldBindJSON(&body)
 		if err != nil {
@@ -69,6 +70,7 @@ func generateOAuthPageURL(app *server.App) gin.HandlerFunc {
 
 func redirect(app *server.App) gin.HandlerFunc {
 	return func(c *gin.Context) {
+		setNoCacheHeaders(c)
 		query := model.RequestRedirect{}
 		err := c.BindQuery(&query)
 		if err != nil {
@@ -120,6 +122,7 @@ func redirect(app *server.App) gin.HandlerFunc {
 
 func getAuthResult(app *server.App) gin.HandlerFunc {
 	return func(c *gin.Context) {
+		setNoCacheHeaders(c)
 		query := model.RequestGetAuthResult{}
 		err := c.ShouldBindQuery(&query)
 		if err != nil {
@@ -181,3 +184,9 @@ func buildRedirectURI(apiBaseUrl, rid string) (string, error) {
 	redirectURI.RawQuery = redirectURLQuery.Encode()
 	return redirectURI.String(), nil
 }
+
+func setNoCacheHeaders(c *gin.Context) {
+	c.Header(constant.HTTP_HEADER_CACHE_CONTROL, "no-cache, no-store, must-revalidate, private")
+	c.Header(constant.HTTP_HEADER_PRAGMA, "no-cache")
+	c.Header(constant.HTTP_HEADER_EXPIRES, "0")
+}
diff --git a/internal/pkg/constant/constant.go b/internal/pkg/constant/constant.go
@@ -15,6 +15,9 @@ const (
 	QUERY_KEY_REQUEST_ID   = "rid"
 
 	HTTP_HEADER_AUTHORIZATION = "Authorization"
+	HTTP_HEADER_CACHE_CONTROL = "Cache-Control"
+	HTTP_HEADER_PRAGMA        = "Pragma"
+	HTTP_HEADER_EXPIRES       = "Expires"
 
 	AUTHORIZATION_PREFIX_TOKEN = "token"
 )
diff --git a/middleware_plugin.go b/middleware_plugin.go
@@ -135,6 +135,7 @@ func (p *TraefikGithubOauthMiddleware) handleRequest(rw http.ResponseWriter, req
 		return
 	}
 	if !p.whitelistIdSet.Has(user.Id) && !p.whitelistLoginSet.Has(user.Login) {
+		setNoCacheHeaders(rw)
 		http.Error(rw, "not in whitelist", http.StatusForbidden)
 		return
 	}
@@ -143,6 +144,7 @@ func (p *TraefikGithubOauthMiddleware) handleRequest(rw http.ResponseWriter, req
 
 // handleAuthRequest
 func (p *TraefikGithubOauthMiddleware) handleAuthRequest(rw http.ResponseWriter, req *http.Request) {
+	setNoCacheHeaders(rw)
 	rid := req.URL.Query().Get(constant.QUERY_KEY_REQUEST_ID)
 	result, err := p.getAuthResult(rid)
 	if err != nil {
@@ -165,6 +167,7 @@ func (p *TraefikGithubOauthMiddleware) handleAuthRequest(rw http.ResponseWriter,
 }
 
 func (p *TraefikGithubOauthMiddleware) redirectToOAuthPage(rw http.ResponseWriter, req *http.Request) {
+	setNoCacheHeaders(rw)
 	oAuthPageURL, err := p.generateOAuthPageURL(getRawRequestUrl(req), p.getAuthURL(req))
 	if err != nil {
 		p.logger.Debugf("redirectToOAuthPage: generateOAuthPageURL: %s\n", err.Error())
@@ -243,6 +246,12 @@ func (p *TraefikGithubOauthMiddleware) getAuthURL(originalReq *http.Request) str
 	return builder.String()
 }
 
+func setNoCacheHeaders(rw http.ResponseWriter) {
+	rw.Header().Set(constant.HTTP_HEADER_CACHE_CONTROL, "no-cache, no-store, must-revalidate, private")
+	rw.Header().Set(constant.HTTP_HEADER_PRAGMA, "no-cache")
+	rw.Header().Set(constant.HTTP_HEADER_EXPIRES, "0")
+}
+
 func getRawRequestUrl(originalReq *http.Request) string {
 	var builder strings.Builder
 	scheme := "http"