diff --git a/Cargo.lock b/Cargo.lock index 8af4f0ea..1a048db5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3295,6 +3295,7 @@ dependencies = [ "governor", "handlebars", "html5ever", + "httpdate", "idna 0.2.3", "job_scheduler", "jsonwebtoken", diff --git a/Cargo.toml b/Cargo.toml index f6ff7f68..82c96386 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -80,6 +80,7 @@ uuid = { version = "0.8.2", features = ["v4"] } chrono = { version = "0.4.19", features = ["serde"] } chrono-tz = "0.6.1" time = "0.2.27" +httpdate = "1.0" # Job scheduler job_scheduler = "1.2.1" diff --git a/src/api/icons.rs b/src/api/icons.rs index 8d87b10a..3d1de094 100644 --- a/src/api/icons.rs +++ b/src/api/icons.rs @@ -103,14 +103,19 @@ fn icon_internal(domain: String) -> Cached>> { return Cached::ttl( Content(ContentType::new("image", "png"), FALLBACK_ICON.to_vec()), CONFIG.icon_cache_negttl(), + true, ); } match get_icon(&domain) { Some((icon, icon_type)) => { - Cached::ttl(Content(ContentType::new("image", icon_type), icon), CONFIG.icon_cache_ttl()) + Cached::ttl(Content(ContentType::new("image", icon_type), icon), CONFIG.icon_cache_ttl(), true) } - _ => Cached::ttl(Content(ContentType::new("image", "png"), FALLBACK_ICON.to_vec()), CONFIG.icon_cache_negttl()), + _ => Cached::ttl( + Content(ContentType::new("image", "png"), FALLBACK_ICON.to_vec()), + CONFIG.icon_cache_negttl(), + true, + ), } } diff --git a/src/api/web.rs b/src/api/web.rs index 9c960c27..154dc2cf 100644 --- a/src/api/web.rs +++ b/src/api/web.rs @@ -22,41 +22,44 @@ pub fn routes() -> Vec { #[get("/")] fn web_index() -> Cached> { - Cached::short(NamedFile::open(Path::new(&CONFIG.web_vault_folder()).join("index.html")).ok()) + Cached::short(NamedFile::open(Path::new(&CONFIG.web_vault_folder()).join("index.html")).ok(), false) } #[get("/app-id.json")] fn app_id() -> Cached>> { let content_type = ContentType::new("application", "fido.trusted-apps+json"); - Cached::long(Content( - content_type, - Json(json!({ - "trustedFacets": [ - { - "version": { "major": 1, "minor": 0 }, - "ids": [ - // Per : - // - // "In the Web case, the FacetID MUST be the Web Origin [RFC6454] - // of the web page triggering the FIDO operation, written as - // a URI with an empty path. Default ports are omitted and any - // path component is ignored." - // - // This leaves it unclear as to whether the path must be empty, - // or whether it can be non-empty and will be ignored. To be on - // the safe side, use a proper web origin (with empty path). - &CONFIG.domain_origin(), - "ios:bundle-id:com.8bit.bitwarden", - "android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI" ] - }] - })), - )) + Cached::long( + Content( + content_type, + Json(json!({ + "trustedFacets": [ + { + "version": { "major": 1, "minor": 0 }, + "ids": [ + // Per : + // + // "In the Web case, the FacetID MUST be the Web Origin [RFC6454] + // of the web page triggering the FIDO operation, written as + // a URI with an empty path. Default ports are omitted and any + // path component is ignored." + // + // This leaves it unclear as to whether the path must be empty, + // or whether it can be non-empty and will be ignored. To be on + // the safe side, use a proper web origin (with empty path). + &CONFIG.domain_origin(), + "ios:bundle-id:com.8bit.bitwarden", + "android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI" ] + }] + })), + ), + true, + ) } #[get("/", rank = 10)] // Only match this if the other routes don't match fn web_files(p: PathBuf) -> Cached> { - Cached::long(NamedFile::open(Path::new(&CONFIG.web_vault_folder()).join(p)).ok()) + Cached::long(NamedFile::open(Path::new(&CONFIG.web_vault_folder()).join(p)).ok(), true) } #[get("/attachments//")] diff --git a/src/util.rs b/src/util.rs index 2e47077b..aacdd868 100644 --- a/src/util.rs +++ b/src/util.rs @@ -11,6 +11,10 @@ use rocket::{ Data, Request, Response, Rocket, }; +use httpdate::HttpDate; +use std::thread::sleep; +use std::time::{Duration, SystemTime}; + use crate::CONFIG; pub struct AppHeaders(); @@ -99,29 +103,52 @@ impl Fairing for Cors { } } -pub struct Cached(R, String); +pub struct Cached { + response: R, + is_immutable: bool, + ttl: u64, +} impl Cached { - pub fn long(r: R) -> Cached { - // 7 days - Self::ttl(r, 604800) + pub fn long(response: R, is_immutable: bool) -> Cached { + Self { + response, + is_immutable, + ttl: 604800, // 7 days + } } - pub fn short(r: R) -> Cached { - // 10 minutes - Self(r, String::from("public, max-age=600")) + pub fn short(response: R, is_immutable: bool) -> Cached { + Self { + response, + is_immutable, + ttl: 600, // 10 minutes + } } - pub fn ttl(r: R, ttl: u64) -> Cached { - Self(r, format!("public, immutable, max-age={}", ttl)) + pub fn ttl(response: R, ttl: u64, is_immutable: bool) -> Cached { + Self { + response, + is_immutable, + ttl: ttl, + } } } impl<'r, R: Responder<'r>> Responder<'r> for Cached { fn respond_to(self, req: &Request) -> response::Result<'r> { - match self.0.respond_to(req) { + let cache_control_header = if self.is_immutable { + format!("public, immutable, max-age={}", self.ttl) + } else { + format!("public, max-age={}", self.ttl) + }; + + let time_now = SystemTime::now(); + + match self.response.respond_to(req) { Ok(mut res) => { - res.set_raw_header("Cache-Control", self.1); + res.set_raw_header("Cache-Control", cache_control_header); + res.set_raw_header("Expires", HttpDate::from(time_now + Duration::from_secs(self.ttl)).to_string()); Ok(res) } e @ Err(_) => e, @@ -551,8 +578,6 @@ where } } -use std::{thread::sleep, time::Duration}; - pub fn retry_db(func: F, max_tries: u32) -> Result where F: Fn() -> Result,