aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJake Howard <[email protected]>2021-12-28 16:24:42 +0000
committerJake Howard <[email protected]>2021-12-28 16:24:47 +0000
commit4584cfe3c18820d8235628cdf629655abd601bc7 (patch)
treea518abaf8a9607c399b4320bd89a7fd0ccf6091b
parentcc646b15193cbb2bcc10dcde93416221e518cefb (diff)
downloadvaultwarden-4584cfe3c18820d8235628cdf629655abd601bc7.tar.gz
vaultwarden-4584cfe3c18820d8235628cdf629655abd601bc7.zip
Additionally set expires header when caching responses
Browsers are rather smart, but also dumb. This uses the `Expires` header alongside `cache-control` to better prompt the browser to actually cache. Unfortunately, firefox still tries to "race" its own cache, in an attempt to respond to requests faster, so still ends up making a bunch of requests which could have been cached. Doesn't appear there's any way around this.
-rw-r--r--Cargo.lock1
-rw-r--r--Cargo.toml1
-rw-r--r--src/api/icons.rs9
-rw-r--r--src/api/web.rs53
-rw-r--r--src/util.rs51
5 files changed, 75 insertions, 40 deletions
diff --git a/Cargo.lock b/Cargo.lock
index 8af4f0ea..1a048db5 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -3295,6 +3295,7 @@ dependencies = [
"governor",
"handlebars",
"html5ever",
+ "httpdate",
"idna 0.2.3",
"job_scheduler",
"jsonwebtoken",
diff --git a/Cargo.toml b/Cargo.toml
index f6ff7f68..82c96386 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -80,6 +80,7 @@ uuid = { version = "0.8.2", features = ["v4"] }
chrono = { version = "0.4.19", features = ["serde"] }
chrono-tz = "0.6.1"
time = "0.2.27"
+httpdate = "1.0"
# Job scheduler
job_scheduler = "1.2.1"
diff --git a/src/api/icons.rs b/src/api/icons.rs
index 8d87b10a..3d1de094 100644
--- a/src/api/icons.rs
+++ b/src/api/icons.rs
@@ -103,14 +103,19 @@ fn icon_internal(domain: String) -> Cached<Content<Vec<u8>>> {
return Cached::ttl(
Content(ContentType::new("image", "png"), FALLBACK_ICON.to_vec()),
CONFIG.icon_cache_negttl(),
+ true,
);
}
match get_icon(&domain) {
Some((icon, icon_type)) => {
- Cached::ttl(Content(ContentType::new("image", icon_type), icon), CONFIG.icon_cache_ttl())
+ Cached::ttl(Content(ContentType::new("image", icon_type), icon), CONFIG.icon_cache_ttl(), true)
}
- _ => Cached::ttl(Content(ContentType::new("image", "png"), FALLBACK_ICON.to_vec()), CONFIG.icon_cache_negttl()),
+ _ => Cached::ttl(
+ Content(ContentType::new("image", "png"), FALLBACK_ICON.to_vec()),
+ CONFIG.icon_cache_negttl(),
+ true,
+ ),
}
}
diff --git a/src/api/web.rs b/src/api/web.rs
index 9c960c27..154dc2cf 100644
--- a/src/api/web.rs
+++ b/src/api/web.rs
@@ -22,41 +22,44 @@ pub fn routes() -> Vec<Route> {
#[get("/")]
fn web_index() -> Cached<Option<NamedFile>> {
- Cached::short(NamedFile::open(Path::new(&CONFIG.web_vault_folder()).join("index.html")).ok())
+ Cached::short(NamedFile::open(Path::new(&CONFIG.web_vault_folder()).join("index.html")).ok(), false)
}
#[get("/app-id.json")]
fn app_id() -> Cached<Content<Json<Value>>> {
let content_type = ContentType::new("application", "fido.trusted-apps+json");
- Cached::long(Content(
- content_type,
- Json(json!({
- "trustedFacets": [
- {
- "version": { "major": 1, "minor": 0 },
- "ids": [
- // Per <https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-appid-and-facets-v2.0-id-20180227.html#determining-the-facetid-of-a-calling-application>:
- //
- // "In the Web case, the FacetID MUST be the Web Origin [RFC6454]
- // of the web page triggering the FIDO operation, written as
- // a URI with an empty path. Default ports are omitted and any
- // path component is ignored."
- //
- // This leaves it unclear as to whether the path must be empty,
- // or whether it can be non-empty and will be ignored. To be on
- // the safe side, use a proper web origin (with empty path).
- &CONFIG.domain_origin(),
- "ios:bundle-id:com.8bit.bitwarden",
- "android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI" ]
- }]
- })),
- ))
+ Cached::long(
+ Content(
+ content_type,
+ Json(json!({
+ "trustedFacets": [
+ {
+ "version": { "major": 1, "minor": 0 },
+ "ids": [
+ // Per <https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-appid-and-facets-v2.0-id-20180227.html#determining-the-facetid-of-a-calling-application>:
+ //
+ // "In the Web case, the FacetID MUST be the Web Origin [RFC6454]
+ // of the web page triggering the FIDO operation, written as
+ // a URI with an empty path. Default ports are omitted and any
+ // path component is ignored."
+ //
+ // This leaves it unclear as to whether the path must be empty,
+ // or whether it can be non-empty and will be ignored. To be on
+ // the safe side, use a proper web origin (with empty path).
+ &CONFIG.domain_origin(),
+ "ios:bundle-id:com.8bit.bitwarden",
+ "android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI" ]
+ }]
+ })),
+ ),
+ true,
+ )
}
#[get("/<p..>", rank = 10)] // Only match this if the other routes don't match
fn web_files(p: PathBuf) -> Cached<Option<NamedFile>> {
- Cached::long(NamedFile::open(Path::new(&CONFIG.web_vault_folder()).join(p)).ok())
+ Cached::long(NamedFile::open(Path::new(&CONFIG.web_vault_folder()).join(p)).ok(), true)
}
#[get("/attachments/<uuid>/<file_id>")]
diff --git a/src/util.rs b/src/util.rs
index 2e47077b..aacdd868 100644
--- a/src/util.rs
+++ b/src/util.rs
@@ -11,6 +11,10 @@ use rocket::{
Data, Request, Response, Rocket,
};
+use httpdate::HttpDate;
+use std::thread::sleep;
+use std::time::{Duration, SystemTime};
+
use crate::CONFIG;
pub struct AppHeaders();
@@ -99,29 +103,52 @@ impl Fairing for Cors {
}
}
-pub struct Cached<R>(R, String);
+pub struct Cached<R> {
+ response: R,
+ is_immutable: bool,
+ ttl: u64,
+}
impl<R> Cached<R> {
- pub fn long(r: R) -> Cached<R> {
- // 7 days
- Self::ttl(r, 604800)
+ pub fn long(response: R, is_immutable: bool) -> Cached<R> {
+ Self {
+ response,
+ is_immutable,
+ ttl: 604800, // 7 days
+ }
}
- pub fn short(r: R) -> Cached<R> {
- // 10 minutes
- Self(r, String::from("public, max-age=600"))
+ pub fn short(response: R, is_immutable: bool) -> Cached<R> {
+ Self {
+ response,
+ is_immutable,
+ ttl: 600, // 10 minutes
+ }
}
- pub fn ttl(r: R, ttl: u64) -> Cached<R> {
- Self(r, format!("public, immutable, max-age={}", ttl))
+ pub fn ttl(response: R, ttl: u64, is_immutable: bool) -> Cached<R> {
+ Self {
+ response,
+ is_immutable,
+ ttl: ttl,
+ }
}
}
impl<'r, R: Responder<'r>> Responder<'r> for Cached<R> {
fn respond_to(self, req: &Request) -> response::Result<'r> {
- match self.0.respond_to(req) {
+ let cache_control_header = if self.is_immutable {
+ format!("public, immutable, max-age={}", self.ttl)
+ } else {
+ format!("public, max-age={}", self.ttl)
+ };
+
+ let time_now = SystemTime::now();
+
+ match self.response.respond_to(req) {
Ok(mut res) => {
- res.set_raw_header("Cache-Control", self.1);
+ res.set_raw_header("Cache-Control", cache_control_header);
+ res.set_raw_header("Expires", HttpDate::from(time_now + Duration::from_secs(self.ttl)).to_string());
Ok(res)
}
e @ Err(_) => e,
@@ -551,8 +578,6 @@ where
}
}
-use std::{thread::sleep, time::Duration};
-
pub fn retry_db<F, T, E>(func: F, max_tries: u32) -> Result<T, E>
where
F: Fn() -> Result<T, E>,