Merge branch 'pvw-3097-demo-rp-cache-headers-2' into 'main'

Set cache-control to no-store for JS and CSS files served by the demo RP, except wallet_web.iife.js See merge request wallet/nl-wallet!1127
MinBZK · Aug 9, 2024 · 80cee90 · 80cee90
2 parents 496f029 + 9cf5fe2
commit 80cee90
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 3 deletions.
diff --git a/wallet_core/Cargo.lock b/wallet_core/Cargo.lock
diff --git a/wallet_core/mock_relying_party/Cargo.toml b/wallet_core/mock_relying_party/Cargo.toml
@@ -40,6 +40,7 @@ serde_json.workspace = true
 serde_urlencoded.workspace = true
 strum = { workspace = true, features = ["derive"] }
 tokio = { workspace = true, features = ["parking_lot", "rt-multi-thread", "net"] }
+tower.workspace = true
 tower-http = { workspace = true, features = ["trace", "fs"] }
 tracing.workspace = true
 tracing-subscriber = { workspace = true, features = [
@@ -50,7 +51,7 @@ tracing-subscriber = { workspace = true, features = [
     "ansi",
     "smallvec",
     "tracing-log",
-    "parking_lot"
+    "parking_lot",
 ] }
 url = { workspace = true, features = ["serde"] }
 

diff --git a/wallet_core/mock_relying_party/src/app.rs b/wallet_core/mock_relying_party/src/app.rs
@@ -8,15 +8,18 @@ use std::{
 
 use askama::Template;
 use axum::{
-    extract::{Path, Query, State},
+    extract::{Path, Query, Request, State},
     handler::HandlerWithoutStateExt,
     http::{Method, StatusCode},
+    middleware::{self, Next},
     response::{IntoResponse, Response},
     routing::{get, post},
     Json, Router,
 };
 use base64::prelude::*;
+use http::{header::CACHE_CONTROL, HeaderValue};
 use serde::{Deserialize, Serialize};
+use tower::ServiceBuilder;
 use tower_http::{
     cors::{Any, CorsLayer},
     services::ServeDir,
@@ -83,6 +86,19 @@ fn cors_layer(allow_origins: Vec<Origin>) -> Option<CorsLayer> {
     Some(layer)
 }
 
+async fn set_static_cache_control(request: Request, next: Next) -> Response {
+    // only cache images and fonts, not CSS and JS (except wallet_web, as that is suffixed with a hash)
+    let set_no_store = !request.uri().path().ends_with(".iife.js")
+        && [".css", ".js"].iter().any(|ext| request.uri().path().ends_with(ext));
+    let mut response = next.run(request).await;
+    if set_no_store {
+        response
+            .headers_mut()
+            .insert(CACHE_CONTROL, HeaderValue::from_static("no-store"));
+    }
+    response
+}
+
 pub fn create_router(settings: Settings) -> Router {
     let application_state = Arc::new(ApplicationState {
         client: WalletServerClient::new(settings.internal_wallet_server_url.clone()),
@@ -99,7 +115,11 @@ pub fn create_router(settings: Settings) -> Router {
         .route("/:usecase/", get(usecase))
         .route(&format!("/:usecase/{}", RETURN_URL_SEGMENT), get(disclosed_attributes))
         .fallback_service(
-            ServeDir::new(root_dir.join("assets")).not_found_service({ StatusCode::NOT_FOUND }.into_service()),
+            ServiceBuilder::new()
+                .layer(middleware::from_fn(set_static_cache_control))
+                .service(
+                    ServeDir::new(root_dir.join("assets")).not_found_service({ StatusCode::NOT_FOUND }.into_service()),
+                ),
         )
         .with_state(application_state)
         .layer(TraceLayer::new_for_http());