gitea/modules/httpcache/httpcache.go

// Copyright 2020 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package httpcache

import (
	"fmt"
	"net/http"
	"strconv"
	"strings"
	"time"

	"code.gitea.io/gitea/modules/setting"
	"code.gitea.io/gitea/modules/util"
)

type CacheControlOptions struct {
	IsPublic    bool
	MaxAge      time.Duration
	NoTransform bool
}

// SetCacheControlInHeader sets suitable cache-control headers in the response
func SetCacheControlInHeader(h http.Header, opts *CacheControlOptions) {
	directives := make([]string, 0, 4)

	// "max-age=0 + must-revalidate" (aka "no-cache") is preferred instead of "no-store"
	// because browsers may restore some input fields after navigate-back / reload a page.
	publicPrivate := util.Iif(opts.IsPublic, "public", "private")
	if setting.IsProd {
		if opts.MaxAge == 0 {
			directives = append(directives, "max-age=0", "private", "must-revalidate")
		} else {
			directives = append(directives, publicPrivate, "max-age="+strconv.Itoa(int(opts.MaxAge.Seconds())))
		}
	} else {
		// use dev-related controls, and remind users they are using non-prod setting.
		directives = append(directives, "max-age=0", publicPrivate, "must-revalidate")
		h.Set("X-Gitea-Debug", fmt.Sprintf("RUN_MODE=%v, MaxAge=%s", setting.RunMode, opts.MaxAge))
	}

	if opts.NoTransform {
		directives = append(directives, "no-transform")
	}
	h.Set("Cache-Control", strings.Join(directives, ", "))
}

func CacheControlForPublicStatic() *CacheControlOptions {
	return &CacheControlOptions{
		IsPublic:    true,
		MaxAge:      setting.StaticCacheTime,
		NoTransform: true,
	}
}

func CacheControlForPrivateStatic() *CacheControlOptions {
	return &CacheControlOptions{
		MaxAge:      setting.StaticCacheTime,
		NoTransform: true,
	}
}

// HandleGenericETagCache handles ETag-based caching for a HTTP request.
// It returns true if the request was handled.
func HandleGenericETagCache(req *http.Request, w http.ResponseWriter, etag string) (handled bool) {
	if len(etag) > 0 {
		w.Header().Set("Etag", etag)
		if checkIfNoneMatchIsValid(req, etag) {
			w.WriteHeader(http.StatusNotModified)
			return true
		}
	}
	// not sure whether it is a public content, so just use "private" (old behavior)
	SetCacheControlInHeader(w.Header(), CacheControlForPrivateStatic())
	return false
}

// checkIfNoneMatchIsValid tests if the header If-None-Match matches the ETag
func checkIfNoneMatchIsValid(req *http.Request, etag string) bool {
	ifNoneMatch := req.Header.Get("If-None-Match")
	if len(ifNoneMatch) > 0 {
		for item := range strings.SplitSeq(ifNoneMatch, ",") {
			item = strings.TrimPrefix(strings.TrimSpace(item), "W/") // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag#directives
			if item == etag {
				return true
			}
		}
	}
	return false
}

// HandleGenericETagTimeCache handles ETag-based caching with Last-Modified caching for a HTTP request.
// It returns true if the request was handled.
func HandleGenericETagTimeCache(req *http.Request, w http.ResponseWriter, etag string, lastModified *time.Time) (handled bool) {
	if len(etag) > 0 {
		w.Header().Set("Etag", etag)
	}
	if lastModified != nil && !lastModified.IsZero() {
		// http.TimeFormat required a UTC time, refer to https://pkg.go.dev/net/http#TimeFormat
		w.Header().Set("Last-Modified", lastModified.UTC().Format(http.TimeFormat))
	}

	if len(etag) > 0 {
		if checkIfNoneMatchIsValid(req, etag) {
			w.WriteHeader(http.StatusNotModified)
			return true
		}
	}
	if lastModified != nil && !lastModified.IsZero() {
		ifModifiedSince := req.Header.Get("If-Modified-Since")
		if ifModifiedSince != "" {
			t, err := time.Parse(http.TimeFormat, ifModifiedSince)
			if err == nil && lastModified.Unix() <= t.Unix() {
				w.WriteHeader(http.StatusNotModified)
				return true
			}
		}
	}

	// not sure whether it is a public content, so just use "private" (old behavior)
	SetCacheControlInHeader(w.Header(), CacheControlForPrivateStatic())
	return false
}