From da45ffb46b3cabc6513535b8d44cafe59add6068 Mon Sep 17 00:00:00 2001 From: Alec Armbruster <35377827+alectrocute@users.noreply.github.com> Date: Fri, 30 Jun 2023 09:42:09 -0400 Subject: [PATCH 1/4] fix cache auth method --- src/server/middleware.ts | 29 ++++++++++++-------- src/server/utils/is-request-authenticated.ts | 9 ++++++ 2 files changed, 27 insertions(+), 11 deletions(-) create mode 100644 src/server/utils/is-request-authenticated.ts diff --git a/src/server/middleware.ts b/src/server/middleware.ts index 235f0729..7505d650 100644 --- a/src/server/middleware.ts +++ b/src/server/middleware.ts @@ -1,5 +1,5 @@ import type { NextFunction, Request, Response } from "express"; -import { UserService } from "../shared/services"; +import { isRequestAuthenticated } from "./utils/is-request-authenticated"; export function setDefaultCsp({ res, @@ -22,23 +22,30 @@ export function setDefaultCsp({ // interval is rather arbitrary and could be set higher (less server load) or lower (fresher data). // // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control -export function setCacheControl( - req: Request, - res: Response, - next: NextFunction -) { - const user = UserService.Instance; +export function setCacheControl({ + res, + req, + next, +}: { + res: Response; + req: Request; + next: NextFunction; +}) { let caching: string; + // Avoid any sort of caching in development + if (process.env.NODE_ENV !== "production") { + return next(); + } + if ( - process.env.NODE_ENV === "production" && - (req.path.match(/\.(js|css|txt|manifest\.webmanifest)\/?$/) || - req.path.includes("/css/themelist")) + req.path.match(/\.(js|css|txt|manifest\.webmanifest)\/?$/) || + req.path.includes("/css/themelist") ) { // Static content gets cached publicly for a day caching = "public, max-age=86400"; } else { - if (user.auth()) { + if (isRequestAuthenticated(req)) { caching = "private"; } else { caching = "public, max-age=5"; diff --git a/src/server/utils/is-request-authenticated.ts b/src/server/utils/is-request-authenticated.ts new file mode 100644 index 00000000..7b9fb224 --- /dev/null +++ b/src/server/utils/is-request-authenticated.ts @@ -0,0 +1,9 @@ +import type { Request } from "express"; + +export function isRequestAuthenticated(req: Request): boolean { + if (!req.headers.cookie) { + return false; + } + + return req.headers.cookie?.split("; ").some(c => c.startsWith("jwt")); +} From 1b7a9dcb8b35950844bc6ef8a811b782255079ca Mon Sep 17 00:00:00 2001 From: Alec Armbruster <35377827+alectrocute@users.noreply.github.com> Date: Fri, 30 Jun 2023 09:50:19 -0400 Subject: [PATCH 2/4] fix service worker path --- webpack.config.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/webpack.config.js b/webpack.config.js index 0c9806dd..a67ed2ec 100644 --- a/webpack.config.js +++ b/webpack.config.js @@ -111,9 +111,6 @@ const createClientConfig = (env, mode) => { new ServiceWorkerPlugin({ enableInDevelopment: mode !== "development", // this may seem counterintuitive, but it is correct workbox: { - modifyURLPrefix: { - "/": `/static/${env.COMMIT_HASH}/`, - }, cacheId: "lemmy", include: [/(assets|styles|js)\/.+\..+$/g], inlineWorkboxRuntime: true, From 7743fa98b995e28778f7eb8afc4622cfffd19db3 Mon Sep 17 00:00:00 2001 From: Alec Armbruster <35377827+alectrocute@users.noreply.github.com> Date: Fri, 30 Jun 2023 10:04:01 -0400 Subject: [PATCH 3/4] wip --- src/server/middleware.ts | 19 +++++++------------ src/server/utils/has-jwt-cookie.ts | 6 ++++++ src/server/utils/is-request-authenticated.ts | 9 --------- 3 files changed, 13 insertions(+), 21 deletions(-) create mode 100644 src/server/utils/has-jwt-cookie.ts delete mode 100644 src/server/utils/is-request-authenticated.ts diff --git a/src/server/middleware.ts b/src/server/middleware.ts index 7505d650..24ae1b95 100644 --- a/src/server/middleware.ts +++ b/src/server/middleware.ts @@ -1,5 +1,5 @@ import type { NextFunction, Request, Response } from "express"; -import { isRequestAuthenticated } from "./utils/is-request-authenticated"; +import { hasJwtCookie } from "./utils/has-jwt-cookie"; export function setDefaultCsp({ res, @@ -22,18 +22,13 @@ export function setDefaultCsp({ // interval is rather arbitrary and could be set higher (less server load) or lower (fresher data). // // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control -export function setCacheControl({ - res, - req, - next, -}: { - res: Response; - req: Request; - next: NextFunction; -}) { +export function setCacheControl( + req: Request, + res: Response, + next: NextFunction +) { let caching: string; - // Avoid any sort of caching in development if (process.env.NODE_ENV !== "production") { return next(); } @@ -45,7 +40,7 @@ export function setCacheControl({ // Static content gets cached publicly for a day caching = "public, max-age=86400"; } else { - if (isRequestAuthenticated(req)) { + if (hasJwtCookie(req)) { caching = "private"; } else { caching = "public, max-age=5"; diff --git a/src/server/utils/has-jwt-cookie.ts b/src/server/utils/has-jwt-cookie.ts new file mode 100644 index 00000000..ea558ffa --- /dev/null +++ b/src/server/utils/has-jwt-cookie.ts @@ -0,0 +1,6 @@ +import * as cookie from "cookie"; +import type { Request } from "express"; + +export function hasJwtCookie(req: Request): boolean { + return Boolean(cookie.parse(req.headers.cookie ?? "").jwt?.length); +} diff --git a/src/server/utils/is-request-authenticated.ts b/src/server/utils/is-request-authenticated.ts deleted file mode 100644 index 7b9fb224..00000000 --- a/src/server/utils/is-request-authenticated.ts +++ /dev/null @@ -1,9 +0,0 @@ -import type { Request } from "express"; - -export function isRequestAuthenticated(req: Request): boolean { - if (!req.headers.cookie) { - return false; - } - - return req.headers.cookie?.split("; ").some(c => c.startsWith("jwt")); -} From 0bcb2d77beac12e3b67e8c544ab73e4e16b17bb9 Mon Sep 17 00:00:00 2001 From: Alec Armbruster <35377827+alectrocute@users.noreply.github.com> Date: Fri, 30 Jun 2023 10:04:19 -0400 Subject: [PATCH 4/4] wip --- src/server/middleware.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/server/middleware.ts b/src/server/middleware.ts index 24ae1b95..0420e47e 100644 --- a/src/server/middleware.ts +++ b/src/server/middleware.ts @@ -27,12 +27,12 @@ export function setCacheControl( res: Response, next: NextFunction ) { - let caching: string; - if (process.env.NODE_ENV !== "production") { return next(); } + let caching: string; + if ( req.path.match(/\.(js|css|txt|manifest\.webmanifest)\/?$/) || req.path.includes("/css/themelist")