Set cache-control headers to reduce server load (fixes #412) (#1641)

* Set cache-control headers to reduce server load (fixes #412)

* add missing file

* remove old middleware folder

* use let

---------

Co-authored-by: SleeplessOne1917 <abias1122@gmail.com>

diff --git a/src/server/index.tsx b/src/server/index.tsx
index 25a1be6440597abc80aa39d8b9e44e4f036fa3ed..aed8bca7cca193f84a2dff6ed7546783534b5529 100644 (file)
--- a/src/server/index.tsx
+++ b/src/server/index.tsx
@@ -8,7 +8,7 @@ import RobotsHandler from "./handlers/robots-handler";
 import ServiceWorkerHandler from "./handlers/service-worker-handler";
 import ThemeHandler from "./handlers/theme-handler";
 import ThemesListHandler from "./handlers/themes-list-handler";
-import setDefaultCsp from "./middleware/set-default-csp";
+import { setCacheControl, setDefaultCsp } from "./middleware";
 
 const server = express();
 
@@ -19,6 +19,7 @@ const [hostname, port] = process.env["LEMMY_UI_HOST"]
 server.use(express.json());
 server.use(express.urlencoded({ extended: false }));
 server.use("/static", express.static(path.resolve("./dist")));
+server.use(setCacheControl);
 
 if (!process.env["LEMMY_UI_DISABLE_CSP"] && !process.env["LEMMY_UI_DEBUG"]) {
   server.use(setDefaultCsp);

diff --git a/src/server/middleware.ts b/src/server/middleware.ts
new file mode 100644 (file)
index 0000000..a7cc6f2
--- /dev/null
+++ b/src/server/middleware.ts
@@ -0,0 +1,42 @@
+import type { NextFunction, Response } from "express";
+import { UserService } from "../shared/services";
+
+export function setDefaultCsp({
+  res,
+  next,
+}: {
+  res: Response;
+  next: NextFunction;
+}) {
+  res.setHeader(
+    "Content-Security-Policy",
+    `default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src *`
+  );
+
+  next();
+}
+
+// Set cache-control headers. If user is logged in, set `private` to prevent storing data in
+// shared caches (eg nginx) and leaking of private data. If user is not logged in, allow caching
+// all responses for 60 seconds to reduce load on backend and database. The specific cache
+// interval is rather arbitrary and could be set higher (less server load) or lower (fresher data).
+//
+// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
+export function setCacheControl({
+  res,
+  next,
+}: {
+  res: Response;
+  next: NextFunction;
+}) {
+  const user = UserService.Instance;
+  let caching;
+  if (user.auth()) {
+    caching = "private";
+  } else {
+    caching = "public, max-age=60";
+  }
+  res.setHeader("Cache-Control", caching);
+
+  next();
+}

diff --git a/src/server/middleware/set-default-csp.ts b/src/server/middleware/set-default-csp.ts
deleted file mode 100644 (file)
index fd776ab..0000000
--- a/src/server/middleware/set-default-csp.ts
+++ /dev/null
@@ -1,10 +0,0 @@
-import type { NextFunction, Response } from "express";
-
-export default function ({ res, next }: { res: Response; next: NextFunction }) {
-  res.setHeader(
-    "Content-Security-Policy",
-    `default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data:`
-  );
-
-  next();
-}