From 32063a5794676e0d4683761850bc2bc8b9418c3e Mon Sep 17 00:00:00 2001 From: Nutomic Date: Wed, 28 Jun 2023 22:32:07 +0200 Subject: [PATCH] Set cache-control headers to reduce server load (fixes #412) (#1641) * Set cache-control headers to reduce server load (fixes #412) * add missing file * remove old middleware folder * use let --------- Co-authored-by: SleeplessOne1917 --- src/server/index.tsx | 3 +- src/server/middleware.ts | 42 ++++++++++++++++++++++++ src/server/middleware/set-default-csp.ts | 10 ------ 3 files changed, 44 insertions(+), 11 deletions(-) create mode 100644 src/server/middleware.ts delete mode 100644 src/server/middleware/set-default-csp.ts diff --git a/src/server/index.tsx b/src/server/index.tsx index 25a1be644..aed8bca7c 100644 --- a/src/server/index.tsx +++ b/src/server/index.tsx @@ -8,7 +8,7 @@ import RobotsHandler from "./handlers/robots-handler"; import ServiceWorkerHandler from "./handlers/service-worker-handler"; import ThemeHandler from "./handlers/theme-handler"; import ThemesListHandler from "./handlers/themes-list-handler"; -import setDefaultCsp from "./middleware/set-default-csp"; +import { setCacheControl, setDefaultCsp } from "./middleware"; const server = express(); @@ -19,6 +19,7 @@ const [hostname, port] = process.env["LEMMY_UI_HOST"] server.use(express.json()); server.use(express.urlencoded({ extended: false })); server.use("/static", express.static(path.resolve("./dist"))); +server.use(setCacheControl); if (!process.env["LEMMY_UI_DISABLE_CSP"] && !process.env["LEMMY_UI_DEBUG"]) { server.use(setDefaultCsp); diff --git a/src/server/middleware.ts b/src/server/middleware.ts new file mode 100644 index 000000000..a7cc6f2bc --- /dev/null +++ b/src/server/middleware.ts @@ -0,0 +1,42 @@ +import type { NextFunction, Response } from "express"; +import { UserService } from "../shared/services"; + +export function setDefaultCsp({ + res, + next, +}: { + res: Response; + next: NextFunction; +}) { + res.setHeader( + "Content-Security-Policy", + `default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src *` + ); + + next(); +} + +// Set cache-control headers. If user is logged in, set `private` to prevent storing data in +// shared caches (eg nginx) and leaking of private data. If user is not logged in, allow caching +// all responses for 60 seconds to reduce load on backend and database. The specific cache +// interval is rather arbitrary and could be set higher (less server load) or lower (fresher data). +// +// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control +export function setCacheControl({ + res, + next, +}: { + res: Response; + next: NextFunction; +}) { + const user = UserService.Instance; + let caching; + if (user.auth()) { + caching = "private"; + } else { + caching = "public, max-age=60"; + } + res.setHeader("Cache-Control", caching); + + next(); +} diff --git a/src/server/middleware/set-default-csp.ts b/src/server/middleware/set-default-csp.ts deleted file mode 100644 index fd776ab6d..000000000 --- a/src/server/middleware/set-default-csp.ts +++ /dev/null @@ -1,10 +0,0 @@ -import type { NextFunction, Response } from "express"; - -export default function ({ res, next }: { res: Response; next: NextFunction }) { - res.setHeader( - "Content-Security-Policy", - `default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data:` - ); - - next(); -}